Posts by eulampios
887 posts • joined Wednesday 10th August 2011 16:40 GMT
@Suburban Inmate
Although I have no problem watching flash videos in Firefox or Chromium and html5 performance is better than that of flashplayer, 720/1080p on both the older and low end hardware. I'd still recommend watching videos with a video player. I use mplayer or vlc. Try watching youtube videos in vlc.
@The BigYin
Let's make it much easier:
1. Use GNU Linux or *BSD, always check for and install updates whenever those are available (just click on that red button!)
2. Make sure to have flashclock, adblock plugins and turn off java plugin on the browser (not only it is a matter of security but also a threat of getting annoyed by stupid ads)
3. I prefer Firefox, it has a noscript plugin. Elinks, w3m, lynx and other text browsers still make a lot of sense.
Re: Not so sure
So you wanna kill 10,000 people employed by Microsoft, Adobe and others? This is too blood thirsty, amigo. Please see a doctor!!
@sisk
Eadon, your argument about hiding extensions is just plain stupid given that a file in Linux can carry any extension, even .txt, and still be executable).
Eadon's suggestion was not about hiding or not the file extensions but the outrageous fact that Windows OS (at least, up until Windows 7) would base its file recognition on the extension solely. NTFS fs might support the POSIX file permissions, this is irrelevant when you are in Windows Explorer.
Funny thing, I so many times seen a sight of a "Windows geek" changing the file extension (to .txt) to view it in the Notepad.
On a *nix system, mailcap or the file, test utilities etc help automate the process of file recognition. Even though, if I change the file extension of a file, most GUI file managers (like caja/nautilus or kde-thingy) won't be fooled.
As far as *BSD is concerned, why do you generalize? OpenBSD is what you prehaps mean.
Microsoft have not yet come to neither secure repositories/BSD ports nor to a sophisticated apps uid isolation and permissions transparency similar to Android's Microsoft have nevertheless amended the Windows EULA to withhold the users of their right to decline it.
Hence, Redmond FAILS once again in security!
@WatAWorld
...bugs routinely creep into open source without being noticed
Yes, as a contrast, with proprietary software bugs don't creep into the code ... until they get spotted actively exploited in the wild.
Re: @AC, I beg to differ
Google pay other people to find their bugs for them...
Google pay other people if they find their bugs. #now fixed
I don't know why you choose to look at this fact from this strange angle? Most vulnerabilities found with MS products are done by non-MS people, more so when those are being exploited in the wild (Compare this to when exploits are being published).
In my view, we-don't-owe-anything-to-anyone attitude is of atavistic, very peculiar MS feature. Another possible explanation is the fear to go bankrupt.
@AC, I beg to differ
1 second of searching. 1st Hit
how many seconds do you need to search to see a tasty remote code execution being already exploited in the wild? Hint: closed source.
BTW, did you notice this ...eight high and medium severity holes saw nearly $10,000 being paid out. Is MS willing to pay for every or most discovered vulnerability. I don't think so.
pgp encryption
Perhaps you should have given NSA or whoever allegedly eavesdrops there a hard job. Encrypt all your messages with some nice pgp/gpg 2048-bit RSA key. That is Pretty Good Privacy after all.
@Frank 14
they do it for some very good reasons
Is this reason called incompetence phenomenon or just they are a Microsoft shop? My sympathies in the latter case, though it doesn't necessarily contradict the former.
Re: I'm confused
I still am very sure that it is much easier to teach a user to avoid non-google sources and apps with excessive permissions than to find a really smart scanner . Like that game that will have an access to your text messages, emails, can place phone calls and can cost you money,
Re: Eadon?
WTF?? You still have to install yourself even the most sophisticated Linux trojan and explicitly grant the admin privileges???
LINUX FAIL
@DougS
Are you claiming Android has no known exploits?
Does you question relate to all versions of Android throughout the whole time it is developed? Then -- no, even though Android hasn't yet given a single remote code execution vulnerability.
I am claiming that Android managed to avoid the issues of the MS Windows where sometimes (much more often in the past) you don't have to install a malware yourself. A user-friendly system, an ingenious OS feature or a vulnerability would do it for you when you
-- open an email
-- click on a link
-- visit a webpage
-- insert a media
-- open a document
It would often get spiced up by the fact that quite a few people had to run the system as administrator since so many apps wanted them to. In the meantime, Microsoft and all army of AV vendors urge you to never stop running antivirus software.
Re: Conspiracy theory
But anyhow. how come Android has exploitable security bugs?
Which are they, please name them along with exploits.
Re: I'm confused
On a more serious note, any recommended AV applications for an Android tablet?
With all seriousness, AC, I recommend to use your brain application!
Re: Couple of questions
There are a lot of ways for malware to spread beyond downloading dodgy apps.
These ways are good for MS Windows mostly. With the allegedly huge amounts of Android malware (that very few people have ever seen) none gets on a device by automatically and without user explicitly installing it.
Re: What Security?
1) You need to install it in the first place (with all the permissions to donate all your bases to the app)
2) You need to specifically grant it the administrative privileges when it asks from you
So if you both you totally deserve it.
To have a resemblance with the windows malware one might want no work done on the behalf of the user, so that the trojan,/virus install on the machine by itself.
Vinum Boreum Romanum
You say "Romans made and drank good wine a couple millennia ago", I say "Polar Bear managed to survive for a couple million years through a dozen of ice ages might get extinct due to the unprecedented loss of the arctic ice and dwindling their habitat in the industrial era".
Warmer weather in the Northern and Middle Europe depends heavily on the oceanic currents. Compare the climate of Paris, France latitude across the globe, the 49th parallel North that is. Nowhere can you grow such (tasty) vineyard crops, except in Europe. I might be wrong and Canadians in Manitoba, Russians in Sakhalin do it too :)
@Omgwtfbbqtime
Scientists don't "create" complex machines, engineers build complex machines.
You can get further by stating " Engineers don't build complex machines, construction workers build complex machines."
Did you realize, that colliders were designed by the experimental physicists first long time ago (yet I am sure that even back then they were helped by both engineers and workers to build them). It sure wasn't some engineer offering a physicist to construct a thing that the latter might find useful for ... something.
to suit current funding fashions,
"funding fashion" vs. "industrial lobby" -- guess who's got more funds to back?
My question is if you're alright with the images made by the Hubble satellite and how those are interpreted by NASA (and other) scientists to allegedly drive more funding by that, why do you get so skeptical when they switch to satellites monitoring the Earth and interpret those in addition to the glaciologists', geologists' and paleoclimotologists' job -- all hoping for more funds as well?
Re: And Eric Schmidt's climatological background is ... What, exactly?
To date I haven't seen conclusive evidence that humans are playing a roll in climate change ...
I am being curious, which evidence would you consider conclusive enough?
Here's what I see as quite conclusive evidence:
1. CO_2 levels 30% above the maximum for over hall million years -> check?
2. Quite rapid melting glaciers, Arctic ice (30-50% w/r to the estimated averages) , oceanic ice as well, receding permafrost -> check?
Losing Arctic ice causes a chain of devastating reactions, such as:
- making many species of Arctic fauna and flora extinct; Polar Bear that was able cope with many ups and downs of the last ice ages might not make it into the next century
--decreasing the Arctic albedo (a factor to be reckoned with)
--thawing of methane clathrates in permafrost
--oceanic methane hydrates capable of multiplying the effects many times
Since methane is a much more greenhouse friendly gas than carbon dioxide is.
3. warming, acidifying oceans triggering mass extinction of some marine species (and making flourish of some other ones) -> check?
4. temperature and ocean levels rise -> check?
...and more
Yes, and there's so much pollution everywhere, deforestation and fishing etc.
@AC
how does it read / write 'root only' access files,
A user can start many processes that have to run as root. If you try to logout-login, for example, why? What else should be responsible for such an important and vulnerable task? If on Windows the same logout-login process, runas are not not controlled by the system and the password hashes are accessible to every user, so worse for Windows.
Linux has an even more broken security model than the above already exposes?
Yes, Linux has broken security model, Windows security model is great, forget all the malware you constantly scan your system for, look online how to get rid of this annoying virus, reinstall Microsoft Windows system. Forget on XP when many games and apps were to be run as root, because the the great model was not comprehended by the developers.
kudos to Mozilla
and Firefox OS. Good job, I'd love to try it someday. Well written article. But ... I am really scared. Those devices are rectangular and they ... they have rounded corners! ;)
are you serious?
but in 2007 there were only a few complete desktop environments – KDE and GNOME being the main contenders.
Let's see here LXDE 2006, XFCE (started in 1997, using gtk+ since 99),fluxbox was forked from blackbox in 2001, enlightenment started in 1997. So, what was the point of such misinformation?
So let's consider what they have in common: windows, obviously, with a menu bar inside each one.
So. let's consider windows or a window, did MS pioneer that? Who holds the patent and can subsequently sue MS?
Everything that unified GNOME 2, KDE, Xfce and pretty much every other desktop GUI in the world originally comes from Windows 95.
Are you suggesting that a Unix based kernel with a POSIX userland, multi-user paradigm, privileges, file permissions on fs, efficient multitasking etc came from Windows 95? This is a joke in response to yours ;-)
@dz-015 Re: Choices choices...
Or you have a dozen of developers and thousands of managers working on the NT kernel, while you find thousands of developers and a dozen of managers working on the Linux kernel. A small permutation indeed.
Re: 235 patents & laches
Foxconn, the biggest hardware manufacturer in the world, just signed a licensing agreement to pay Microsoft?
So, who is paying who and how much, what is covered? Until you successfully found all solutions of an equation you can't claim you solved it.
Re: @Uffe Seerup
It has EVERYTHING to do with setuid root of sudo!
No, it has to do with authentication only. My example about setuid daemon command at will never let you be a daemon. Look at the example where a user is not in the sudo group and is never allowed to be root. I am sure that "delegating privileges" on Windows requires some very important system action that is hidden from you like in the POSIX suid bit.
BTW, if you think that anyone can set the time on the system and it is very safe, you're very wrong. Why not letting your user set his own time instead via gui or in the .bashrc file by setting TZ variable with
export TZ="/usr/share/zoneinfo/region/place"
Yes, you could put in the sudoers something like this:
someuser ALL=(ALL) /sbin/hwclock
Only one command hwclock to set machine time maybe run as root (not date BTW), no other one. This might be scary if hwclock has a vulnerability or some other feature you didn't consider, yet letting a non-root user set time is already scary enough. Better example is managing printers. It's done without sudo by making all physical users join a group lpadmin to be able to set up printer for their account (you can also mandate authentication through sudo setting). You do a similar thing with mounted media.
Then you're trying to tell me that vulnerabilities stem from this. Name them please. How many viruses, strains of malware have exploited it? What about the super secure MS approach?
The entity that just very recently removed Autorun/Autoplay functionality from they default action, started offering headless systems (after 15 years of bashing idea of a minimal system), that still needs AV scanning and AV "cleaning" . This very entity can certainly lecture on security...no, it better not.
@Gav
You're trying to make a very untrue claim.
If you go online, by just googling the error message or formulating (only roughly sometimes) what is not working or how you want it work for, you almost always find a solution, if someone has it already. Moreover, the fact that never had to sign in for a forum to ask questions but only profited from other people having done this job for me proves this point. Yes, there are differences in the *nix world, say with FreeBSD, you might be politely pointed at the pertinent chapter of the "FBSD Handbook". On Linux forums you get both: solution/recipe and a reference for (further) education. Along with the recipe if you'd like to receive a simple explanation of why it works, you can get it. Never does it get "dumbed down" for you.
Compare it with what you might get yourself with a Windows problem. First, it usually harder to troubleshoot it, like this enigmatic message: "Windows has encountered a system error f3-f100-0010 and will have to shut down" What the hell that hex number is? The devs or MS should know right? Since they are expert? What do you get? Nothing from both MS and OEM. They politely play football using you as their ball. Along with this you get the usual Windows panacea to reinstall the whole system. You might never get anyone to tell what the hell your problem was. Usually, it has very little to do IT knowledge: in 50% or more will tell you that it is virus (malware), so scan, delete some files, clean registry etc. If it doesn't help, get another AV scanner, and did you get told to reinstall Windows? It's like trying to understand the Kepler's Laws, their derivation from the Newtonian Mechanics by asking questions on astrological forums.
If you do get a qualified help (from MS or others) very rarely it will explain you what it is. It just takes you for a dumb person and goes to where to click, to press buttons and to select menus. While the Linux gurus would be happy to explain you their recipe, if you're interested.
Re: @Uffe Seerup
sudo whoami, sudo id
That is justthe default behavior!!! BTW, It has nothing to do with the setuid root of sudo! If you're not specifying, who you want to be , sudo thinks it is root, i.e., "sudo whoami"="sudo -u root whoami". From the man sudo:
The -u (user) option causes sudo to run the specified command as a user other than root.
The same goes with su. As well, "su"="su root", "su johnny" !="su" (asks for johnny's password, not root or your own). However, when you run "sudo -u postgres whoami" produces "postgres". Never does it let you be a root or anything else of you ask and what you're allowed to be. Moreover, the default sudoers would usually list the group that is allowed to be a superuser (wheel, admin or sudo).
A setuid tool runs with the owner of the file as the effective user of the process. You may restrict *who* can call sudo in the sudoers file, but you *cannot* change the fact that sudo starts as root.
Okay, than tell us how to effectively exploit this "vulnerability"? A lot of user actions might trigger starting a few root/system processes, say rsyslog, dmesg, kernel events etc Userland and system must communicate somehow. Your misinterpretation of setuid bits and the default options of sudo and su makes you believe your own argument.
If on your system you have two regular users and know passwords for each one you can jump from one user to the other via "su anotheruser". Notice, you never become a root here. If you don't know the root password running su won't let you be root, if root is locked it won't let you be one as well. Similar with sudo, if you are not a member of the group sudo on my Debian machine, but sudoers has this
uffe mydebian = (postgres) /usr/bin/psql
you'll be allowed to run "sudo -u postgres" only on mydebian machine, with your own password and would be able to become superuser of the postgresql database, not the whole system, as far as the psql shell is concerned, nothing else beyond that shell. You won't be able to stop or start the daemon/server of postgresql, nor anything else besides that. It's not "sudo", moreover you can get yourself in trouble, since sudo will tell on you to the administrator, so you gotta run "sudo -l" to see what you can and can't. That would give some statistics for you in the sudo system without the ability to see the complete sudoers file, BTW.
In that case, notice that never did sudo start as root!!!
Here's another example to explain the -s- bits. Consider the at utility of scheduling jobs at specified time (non on the regular basis, otherwise, it is similar to crontab):
ls -l $(which at)
-rwsr-sr-x 1 daemon daemon 55456 Jun 9 2012 /usr/bin/at
As you can see it does have the setuid for daemon, both group and user. However, when you run (as user eulampios):
at 12:00
warning: commands will be executed using /bin/sh
at> /usr/bin/id | /usr/bin/mutt -F /home/eulampios/.mutt/muttrc4 eulampios@localhost
at> <EOT>
You'll get a mail with "uid=1000(eulampios) gid=1000(eulampios)...." not "uid=1(daemon) gid=1(daemon) groups=1(daemon)", like the output "sudo -u daemon" would produce. Despite the daemon setuid and setgid bits, never does it let you be daemon. Is it clear now?
So again, you're confusing the default setup and the setuid bits concept, making baseless conclusions therein.
Proving my point.
And what is your point? MS devised a more secure system than any Linux or Unix ever did. Are you sure? What about all that malware that runs on MS Windows systems without the user's consent (and that is apart from the insecure repository models or the lack of thereof). What about XP, where many user apps could not even run without the admin rights? BTW, the homogeneous approach is always much an easier target than a heterogeneous one. So having many complementary (sometimes overlapping) highly customizable things is better than a single one.
Re: I'm not sure Microsoft *has* won.
Mate seems to be as stable as Gnome2x has ever been, if not more. Try it out for yourself.
@TheVogon
So SUDO runs as root as was stated then otherwise it can't do the above.
No, it only reads some system files and writes logs into some system, files as root which is impossible to non root user. It doesn't grant you the root privileges, as mentioned above.
Re: @Uffe Seerup
The utilities run with sudo will run with root effective user and thus have privileges far beyond what is needed for the specific operation.
You keep repeating this, but this is wrong! There is no way you ever get uid=0 automatically by just running sudo. By some reason you think that the "setuid root bit" is equated to "becoming root" If this would be the case the setuid bits would never be invented by Dennis Ritchie ( the guy that was behind C, Unix and other great things) Why bother? No the -s- part for the root owner is needed because sudo should authenticate you (shadow) and verify if you are allowed to receive the privileges you're asking for. You can only "exploit" it by some virtual buffer overrun vulnerability, that barely had ever happened.
If Windows would allow an ordinary user to read shadow and sudoers bringing two much more imminent security threats to the table.
That is anything but simple
They are simple to me. BTW, as a rule the sudoers file looks even more simple than that. By default you just specify which group can be root. With sudo you can completely lock the root account (You can't do it with su).
file permissions
Extremely easy to handle and understand. First layer of Unix security. Say, unlike Windows you don't have to forbid execution on a directory you just make sure your potentially vuln. apps would strip the x permissions from a file.
apparmor or SELinux
MAC systems, they are competing products. AppArmor is actually an extension of the Unix file perms. SELinux uses a little different approach. You also forgot about the acl utility and different mount options (in fstab or via fuser, just like umask and similar).
You can make all or some of them to complement each other (most of the time sudo is used to lock root, e.g.) AppArmor would have some default profiles set up for web browser, document viewer and so on.
Tell me, how do I generate a report of the rights/privileges of a certain user?
Depends how much info you want. I'd suggest running id command :
uid=1000(eulampios) gid=1000(eulampios) groups=1000(eulampios),4(adm),20(dialout),24(cdrom),25(floppy),27(sudo),29(audio),30(dip),44(video),46(plugdev),113(lpadmin),120(sambashare)
You could take a look at /etc/passwd and groups. There is also a gui utility users-admin on mate, gnome and others. There might be more, I should look.
Re: @Uffe Seerup
As a matter of fact, mechanism or utility like sudo is absent on MS Windows. Runas is more of an su. So it will always ask you to authenticate yourself for a user you're trying to be, not for the user you currently are. Take a look at how simple yet sophisticated a permission system could be made with sudo.
Re: @Uffe Seerup
But "anotheruser" cannot invoke privileged syscalls.
anotheruser cannot invoke kernel privileged syscalls. And that is justified, this is security. What else do you mean by the "privileged syscalls"?
---s--x--x 1 root root 81644 Jan 14 15:36 /usr/bin/sudo
Strange policy, why root can't write on it?
On my Debian system:
-rwsr-sr-x 1 root root 116920 Jun 28 2012 /usr/bin/sudo
So sudo *will* run as root. Every time.
The reason it needs to have setuid root is that sudoers (and /etc/shadow) are only readable to root:
$ ls -l /etc/{sudoers,shadow}
-rw-r----- 1 root shadow 1270 Mar 30 18:08 /etc/shadow
-r--r----- 1 root root 669 Jan 30 2012 /etc/sudoers
This setuid thing is more subtle concept than you're trying to convey with it to be. No, sudo doesn't do anything else besides what it is supposed to. There is no security threat, unless a vulnerability gets there. Well, both sudo and su (polkit), especially the former is cleanly and simply designed, that is why vulnerabilities are rarely found.
Here is an example:
sudo -u postgres id
[sudo] password for eulampios:
uid=116(postgres) gid=126(postgres) groups=126(postgres),114(ssl-cert)
Nothing is done for root, except for reading the /etc/sudoers and maybe /etc/shadow
Re: @Uffe Seerup
Uffer, sorry, but this is not right.
First sudo can be executed "as another user" by an allowed user, not necessarily a root. BTW, both sudo and su when used with a username option ("sudo -u anotheruesr") don't get the uid=0 if that user is not root. Yes, you gotta provide the root password for su.
You won't be allowed to become a superuser out of "ordinary" account with sudo if you're not in a certain group listed in sudoers.
But as was mentioned earlier, you can always make a user a member of a certain group containing the owner of a daemon/service/file and thus granting him/her the necessary rights. This mechanism is much simpler than "granular permissions" used by the Windows. KISS is a universal principle, not only a *nix thing. Linux and other *nixes do have a more sophisticated account control utility acl.
BTW, on Adroid every app runs under its own uid by a user without user being an admin, moreover, root is locked on devices that are not rooted.
@Uffe Seerup
In *nix you don't delegate privileges. The syscalls are not protected by a granular security model
I think you're confusing something here. Su and sudo do delegate the privileges if allowed. Actually, sudo does it more secure without changing the profile of the user.
What about groups and users, what about sudo (/etc/sudoers)?
Anyone who wants to call a privileged syscall has to become all-powerful root and gain privileges far beyond what is needed.
Not true. Many daemons are run under their own uid's and gid's (usually locked account). Root, or admin group can access them. If you think you can allow your users joe and kate to handle printers, you make them members of the lpadmin group. You can run your script with something like "sudo -g lpadmin" it won't have the root nor any other privileges.
Mint is a distro
not a DE. Both Mint (as well the Debian Edition which I prefer) and -buntus offer quite a selection of DEs. There is an exception for Unity on Mint and Cinnamon/Mate on Ubuntu. But that could be circumvented by installing additional repositories. I am very fond of the Mate DE, but won't advise against XFCE, (LXDE, fluxbox etc) Other options are KDE, Cinnamon. Those might need a little more resources though than XFCE and Cinnamon despite its esthetic appeal still lacks some useful applets, IMHO.
For the Mint based on Ubuntu later on there will be images with KDE and XFCE, like it had happened to Nadia, if I understand that correctly.
small files in caja
The Caja file manager locks up, falls over and eats CPU time and memory if you ask it to copy too many files, especially over a network...
I'd guess that your small files are image files caja (as any other gui file manager if set to) tries to preview. It will consume cpu to resize the pics. Just make view the list instead of icons.
As a matter of fact, when you google for cpu consumption and 'file manager' first thing that pops up is Windows 7 and VIsta ;-)
gvfs used to consume cpu when idle, however it has been fixed lately. Also may I suggest the orthodox file managers, like mc (using fish instead of gvfs) I myself find emacs dired and tramp to be quite nice (make sure use to use rsync for tranfering files in tramp). rsync (or mc) is what I use for recursive copy of the complicated directory and file structures.
'Normal people', who are used to Windows 7, etc, will not be impressed and will think it is..
Normal people are very well ware of the Windows problems of malfunctioning drivers, slow file manager, "slow Internet" and overall sluggishness due to the fragmented fs, dirty registry and aged OS (wtf is an aged OS??!!) Did we mention malware and AV bogging down the system?
@Trevor
But it still doesn't have a command-line text editor.
Have you thought of using the old ones? Vim and GNU Emacs, for instance? Here's one more link and I am sure that vim has a capability for it too. I'd recommend Emacs for it's immense power and the polyglot essence (bash, php, grep, Perl -- you name it).
BASH script that takes down a service, runs a PHP script to make whatever changes I need
I use a shell-on-steroids Perl if bash/awk/sed and friends code gets too complex to handle.
Re: The Yardstick By Which Linux Is Measured
While Apple and FreeBSD were more concerned about making a better OS...
I would agree about FreeBSD, although sometimes they get too political and get more concerned about other things than quality and performance, like in the case of gcc with GPL v3. Can't agree less about Apple that have been "waging thermonuclear war" for some time now about making more money on ludicrous patents and dirty campaigns, not on better OS.
Re: Yes and no.
Fanboi jealousy?
Jealousy of would-be-Linux, getting as much attention and support?
When Apple started using FreeBSD..
Was it before Apple declared to have invented the rounded corners and have become a derision of the civilized world?
"Tell me who your friends are and i will tell you who you are." If I were them, I'd be running away from this much more, rather from the ugly GPL-ed gcc 4.5 . Yeah BTW, did iTunes become finally available for FreeBSD by Apple?
Idiot.
Nice to meet you, then.
Re: Yes and no.
FreeBSD people are just not so driven by fashion
Who knows what and who they're driven by. Apple, may I suggest?
Good reasons for using Windows aren't going to go away soon ..
Are you not approving the amended EULA with the decline option now being removed?
Re: More traction...
You don't know anything about, nor did you ever use GNU Linux. Or is it the honesty we're talking about?
Re: Good Idea
Dedicating so many resources to Windows bashing...
Not done quite professionally, I agree. Well, noway to afford expensive PR companies to do the bashing a la "droid rage" or "don't get scrooggled" , nor to possess the audacity to make up and twist things as in the "get the facts" saga. Finally, not being able to afford numerous NDAs, tweaking EULAs and more.
shells, configs, editors etc
A quite enjoyable style it is! Thanks, Trevor..
There is a few things that a non-MS person might notice here.
Why not having one or a few editable config files to accomplish all described tasks plus a million of other things? No, I am not talking about the abominable Windows registry or XML gibberish. It's a common practice for the *nix systems to have a human readable/editable file, or a directory residing in /etc/ or else. For this purpose, MS would need to come up with not only alternatives to a *nix shells, but also with a decent editor, like vi(m) or GNU Emacs. Yes, it also remains to teach, convince your users that it is a good thing to use, a mere trifle ... not!
Otherwise, the main idea of pretty much every article dedicated to PS is See, you can do it with PS as well, without any GUI really, Yaaaay!!!"
Re: Often overlooked about PowerShell
Is how it is so much more than just a shell. Unlike e.g. bash and other general CLI shells
Yeah, just like "IE, so can't completely remove it from the Windows OS, the latter won't simply run"
PS has been designed with a hostable engine.
What is it supposed to be? Host is an ancient root of Hindo-European origin and might mean many different things. hostable -- a derivative of host, hostage; hospitable or hostile, or is it a hospital?
the cmdlets operate directly on the application in-memory objects. I beg your pardon, if an app/process needs you to access it it has it's own interface for it. Have you heard of the server/client paradigm? A process is often listening to a specific port, you can send your commands/messages to. Alternatively, "ps -ex -o cmd,pid,ppid | grep 'my process' " will be your friend. Would you need to reinvent the MS wheel yet again?
Yes, everyone is happy that MS had finally got one Unix idea (after so many years of booing it). It dawned in Redmond as late as 2005, as I remember correctly (while GNU Bash was already bourn in 1989). So, what is so special about PS again, except for the ugliness of the command syntax and the fact that it is available on only one OS?
Re: Doesn't matter
All it will do is slow them down a bit.
For the rainbow table case, say, a password is salted with a variable length of 5 -10 chars made of digits, lower or upper English chars. The total number of possible salts would then be given by 62^5+62^6+..+62^10=62^5*(62^6-1)/61=853,058,371,851,163,296.
As for the "1234" and "passw0rd", let them be cracked. It would actually be pretty good.
Re: Windows Server 2012 un-competitiveness
Microsoft SQL Server runs only on the certain type of OS. So it is eventually an OS discussion.
find them yourself
At least a thousand or two of those? Find a single one exploitable on Android first.
Well, find them in Chrome and you might get yourself a pretty big sum of money. Google is not as cheap as Microsoft when it comes to discovering exploits of their products, after all.
Re: Pidor-a
Pronounce it 3.1415926535897932...dora (Пайдора) and you'll be fine! ;-)
Re: Adobe Reader
Display PDFs on the screen and maybe print them if you want to. If Adobe stripped away all the bloat they surround it with then would most of those disappear?
Exactly, however Adobe might be just particularly good at bad code.
I know alternatives like Foxit exist.
In the world without Windows...errr I mean without walls :-) there are quite a few of those. kpdf, xpdf, ocular, evince/atril, even gv. (Emacs can do it inside X , I don't use it for pdf viewing though.) They all seem to be much lighter and are capable of rendering more formats than A. Reader is. Say evince/atril support pdf,dvi,ps,djvu and more.
