Tracy R Reed wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
I have been pretty actively spreading the word of Linux lately and one
of the questions people ask me is "What makes it more secure than
Windows?" It seems Linux already has a pretty good reputation for
security. And I explain the usual stuff about least privilege, security
designed in through a system of separate users and discretionary access
controls (and now mandatory access controls with SE Linux), some of the
unix philosophies (many small programs talking to each other, do one
thing and do it well) etc. And people always seem to get it.
I read the article. Where specifically in the article does it state that Linspire is out to damage Linux's reputation for great security?I would hate for someone to come along and damage Linux's reputation for great security. But that seems to be what Lindows is out to do.
Remember the earlier thread where I said I was suspicious of anything that came from Lindows? Here's another good reason why. They used to run everything as root but then I thought they got away from it?
Did you and I read different stories? The article said:
/"Jo/: On the security front, I noticed during the presentation <http://www.hexus.net/content/reviews/review.php?dXJsX3Jldmlld19JRD0xMTIxJnVybF9wYWdlPTQ=#> that you were running everything as root."
The interviewer was commenting that Robertson was running everything as Root. What is there in any distribution of Linux which prevents anyone with root access from running as Root? Robertson went on to defend his decision as to why he runs his computer with Linspire (which is based on Debian Gnu/Linux) as Root.
I can understand if you reject his reasoning. I, myself, agree with you that running as Root is not a good idea. But he also says in the interview:
*"Michael*: I know the hardcore geeks feel differently, that's fine. When somebody installs Linspire, we say "do you want to set up users, yes or no", we give them the choice, right there when they start up for the first time. If they want to set up multiple users, they're welcome to do that, but we don't force them to. That's the difference we have."
And you know what? You get the same damn opportunity when you set up Redhat, Debian, SuSE/Novell, Mandrake/Mandriva, ad nauseum. The only difference is that with the other distributions they make sure that you know that you are setting up a Root Account and that you "should" set up non-root user accounts. It is 'best practices" that dictates that you should not run as Root but there is nothing in any other distribution that forces you not to run as Root. Nor are you forced to run Linspire as Root. It is a choice, just like with all the other distributions.
Well itNo, it is not an executive decision that people running Linspire have to run it as Root. It is Michael Robertson's position that he does not feel that security on HIS desktop machine is as important as being able to use his computer without having to hassle with all of the security which Linux inherited because it is based on the multi-user unix security model. That is my paraphrasing of his argument in the article.
seems they are back to running everything as root now and it seems to be
an executive decision.
You have already stated your disdain for Michael Robertson based on your experience(s) with him and MP3.com and his non-tech/geek status. To you he is just a businessman making a buck off of Linux. What is there about him and Linspire that makes it difficult for you to see the two as separate issues?
If it will make a difference and help you see the product separate from the CEO I will give you a copy of Linspire 5.0 for free and you can tear it apart to your hearts desire to prove, or disprove, what you think of it. But right now you sound like all the hacks who pan a movie or a book by saying "I haven't seen it (or read it) but I know it is crap."
I think we can be assured of one day havingIf what you mean is that that might happen if others adopt Robertson's view of not needing to have multiple accounts on a single user PC then I agree with you. But, if you think people trying out Linux aren't going to run into people like you to straighten them out and teach them the importance of non-root user accounts, then you haven't looked in any Linux books or read any Linux related articles for the past 10+ years and you sure as hell haven't been listening to anybody on any Linux news groups.
armies of Linux based DDoS networks if other people adopt this way of
thinking. That would be quite sad.
The message is out there. It gets shouted loud and clear quite often.
What I would like to hear is you acknowledge from first hand experience that Linspire CAN BE set up to be just as secure as any other distribution that has been set up by someone of your experience.
Hell, for that matter, the person setting up Linspire doesn't even have to be up to par with your expertise. All they have to do is listen to all the experts out there that say you should set up a Root password and a user account that does not have Root privileges, su into the Root account whenever you have to make a system wide adjustment, and run as a regular user the rest of the time.
From:
http://www.hexus.net/content/reviews/review.php?dXJsX3Jldmlld19JRD0xMTIxJnVybF9wYWdlPTE=
Rick [EMAIL PROTECTED]
-- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
