Andrew Baudouin wrote: > How usable would you say OpenBSD is? I can't even vouch for it. Do > they have Gnome/KDE?
I know those items are available via ports but haven't used OpenBSD graphically so I don't know how recent they are. On the whole, ports are pretty easy to use, though FreeBSD is much nicer from a usability perspective (there's no 'portupgrade' on OpenBSD). I've only ever deployed OBSD as servers and most often as firewalls. It is second to none as a firewall, in my book. > Maybe it is just me, but I understand assigning DOMAIN\user change > access to $DIR more than I can figure out the equivalent unix commands > to do the same thing. I find myself 'man chmod' every time I want to > do something. I still do not really understand how to assign > permissions under unix correctly.... Funny. I have some co-workers who come from windows to *nix with a similar experience. While I wouldn't expect "chmod 600" to be apparent,however, "chmod u+rw,go-rwx file" fairly straightforward. Probably just a personal preference and background experience thing. The first time I encountered a detail description of GPO, object permissions and inheritance, I thought, "that's just convoluted and downright messy". It seems to me like their concept for this has gone through a couple of iterations and they've left older, less-capable methods available to preserve backwards-compatability. It just seems clumsy and they tried to do too much at once instead of moving forward from a simple base. > We are going to have to disagree here. All of the complexity is > visible in the GUI. Not only that, but in XP now there is an > "effective permissions" dialog, which given a username, shows the > effective permissions it will have on the current resources after all > of the group are applied. that sounds nice, actually. It was never apparent in earlier revs of Windows and I just kept an O'Reilly reference handy to understand how things are going to propagate and retain permssions settings. Thankfully I'm not adminning Windows all that often now and can delegate that work to my Windows admin co-workers while I stick to Cisco and *nix tasks.(2) > They propagate if you check the "propagate" option! :) Same thing > when you use chmod -R vs without... What if you change permissions under a directory with permissions inheritance? Does it stay that way through reboots and/or application of a domain policy? Of course as an admin, you should know that, but I find it rather opaque and too easy to screw up. Maybe it's just me :). In *nix, I know that if I do a chmod -R and I want one subdir underneath to have different permissions, I have to navigate in and execute another chmod. Nothing automated is going to wipe that out unless I create the cron job myself. The "effective permissions" button you describe above sounds pretty helpful in this regard, though. Obviously, I have a deeper understanding of Unix methodologies. But I also think *nix encourages this and Windows does not. Stopping to skim a man page doesn't _feel_ like a bother to me.(I have to do this almost every time I edit a crontab if it doesn't have a comment marking minute, hour, second etc. fields) I have a hatred of the 'registry' concept that may or may not be irrational. Give me /etc/ and plaintext any day, thank you. And I think MS sucks for messing around with "/" and "\" delimeters :):):). I think there's a lot to be said for *nix's 30 year heritage and evolution over that time frame. It's got some icky cruft for sure, but once you "get it", you "get it". Windows -- while inheriting much from VMS -- still has some evolving of it's own to do before it's really an apple to apples comparison. Perhaps in the future the design decisions that underly Windows today will exhibit the kind of longevity and extensibility that *nix has, but I'm not holding my breath.(1) > This is a tradeoff. Users will continue to use what gives them the > most benefits. I don't personally believe that tight user integration > correlates directly to insecurity, I just think the corporate > attitudes need to change to "Release something after it's secure" > rather than promising software on X date and pushing everything out of > the way to release on that date. I think that the way tight integration has been done in Windows contributes to the security problems. I don't know for certain that such tight integration is inherently insecure, but I know that it is very hard to secure correctly. Of course, making security factor into the bottom line would go a long, long way. If you're really interested in thinking about security, you should subscribe to Bruce Schneier's Crypt-o-gram newsletter. http://www.schneier.com/crypto-gram-back.html . This article on SP2 is pretty interesting http://www.schneier.com/crypto-gram-0406.html#4 (1) the first chapter of Eric Raymond's "Art of Unix programming" has some interesting thoughts on the unix mindset. Starts about here: http://www.catb.org/~esr/writings/taoup/html/ch01s01.html Also related.... http://www.camalott.com/~jtpolk/unix/unixtenets.html http://hebb.cis.uoguelph.ca/~dave/27320/new/unixphil.html (2) Things get a little better on Windows when I can add cygwin, Perl, etc. to the environment though sometimes it feels a little wierd sshing into a Windows box :) -- Scott Harney <[EMAIL PROTECTED]> "Asking the wrong questions is the leading cause of wrong answers" gpg key fingerprint=7125 0BD3 8EC4 08D7 321D CEE9 F024 7DA6 0BC7 94E5
