carfac
Sep 12, 06:02 PM
I do not see the point... What does this do that anyone could possiblky need???
300 bones for a glorified wi-fi widget is way off base. It is going to have a LOT more added to be worth that. Of course, we are talking about Apple, so overcharge is the rule, not the exception.
For my money, it's gonna have to be a REAL media center, and there is no way THAT ios gonna happen for 3 bills. Tivo today announced a HD-PVR for 8- that price range is acceptible, but it's gonna have to be HD, PVR, tunner, alkl that stuff. This box, worthless to me.
300 bones for a glorified wi-fi widget is way off base. It is going to have a LOT more added to be worth that. Of course, we are talking about Apple, so overcharge is the rule, not the exception.
For my money, it's gonna have to be a REAL media center, and there is no way THAT ios gonna happen for 3 bills. Tivo today announced a HD-PVR for 8- that price range is acceptible, but it's gonna have to be HD, PVR, tunner, alkl that stuff. This box, worthless to me.
slinger1968
Nov 2, 06:28 PM
I'm back where I was to begin with, ready to buy the 2.66GHz release I hope will happen Tuesday November 14. The lower power ones will also be slower with a slower FSB as well. I forgot to remember that.I wouldn't expect the Clovertowns to be a BTO option right away. Sure they are pin compatable but Apple will need to make sure that they can cool these chips well enough to be very stable. Maybe Apple has already been testing the clovertown config, but we haven't heard any rumors and who knows if they need additional cooling.
I expect Apple to be more conservative than guys like Anand and Tom's hardware. Hopefully there's enough cooling "headroom" already built into the Mac Pro.
Also, who knows if the chip yield is high enough to trickle down to Apple? I honestly haven't heard much on their expected ship numbers.
I expect Apple to be more conservative than guys like Anand and Tom's hardware. Hopefully there's enough cooling "headroom" already built into the Mac Pro.
Also, who knows if the chip yield is high enough to trickle down to Apple? I honestly haven't heard much on their expected ship numbers.
jaguarx
Oct 31, 02:24 AM
I've always found UBS2 HDs to be on average a little slower than FW400 but then FW800 kicks the **** out of it. If you needs the IO it's SATA through.
munkery
May 2, 06:16 PM
UAC is simply a gui front-end to the runas command. Heck, shift-right-click already had the "Run As" option. It's a glorified sudo. It uses RDP (since Vista, user sessions are really local RDP sessions) to prevent being able to "fake it", by showing up on the "console" session while the user's display resides on a RDP session.
There, you did it, you made me go on a defensive rant for Microsoft. I hate you now.
Here is a list of privilege escalation (UAC bypass) vulnerabilities just related to Stuxnet (win32k.sys) in Windows in 2011:
http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=win32k.sys+2011
Here is a list of all of the privilege escalation vulnerabilities in Mac OS X in 2011:
http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=Mac+OS+X+privileges+2011
These days, malware authors and users are much more interested in your data than your system. That's where the money is. Identity theft, phishing, they mean big bucks.
Provide an example of malware that only includes user level access being used in the wild as per your description that can not be prevented with user knowledge?
There, you did it, you made me go on a defensive rant for Microsoft. I hate you now.
Here is a list of privilege escalation (UAC bypass) vulnerabilities just related to Stuxnet (win32k.sys) in Windows in 2011:
http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=win32k.sys+2011
Here is a list of all of the privilege escalation vulnerabilities in Mac OS X in 2011:
http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=Mac+OS+X+privileges+2011
These days, malware authors and users are much more interested in your data than your system. That's where the money is. Identity theft, phishing, they mean big bucks.
Provide an example of malware that only includes user level access being used in the wild as per your description that can not be prevented with user knowledge?
Clive At Five
Sep 21, 04:12 PM
p.s. as for a name, how about the "Apple Jack"? Rhymes with Apple Mac, and implies "jacking" all your content into your TV? Whaddya think?
(I've posted this before but since you brought it up, I thought I'd share my theory again...)
There's a MUCH more systematic way that Apple could name this product.
"AirPort" is derrived from "Air" (being the medium through which the device works) and "Port" (gateway/portal to aforementioned medium)
So this iTV box:
The medium through which the device works is Television and the device is a gateway/portal to the Television so add "port" to the end. Thus...
"TelePort."
-Clive
(I've posted this before but since you brought it up, I thought I'd share my theory again...)
There's a MUCH more systematic way that Apple could name this product.
"AirPort" is derrived from "Air" (being the medium through which the device works) and "Port" (gateway/portal to aforementioned medium)
So this iTV box:
The medium through which the device works is Television and the device is a gateway/portal to the Television so add "port" to the end. Thus...
"TelePort."
-Clive
D4F
Apr 28, 08:36 AM
We are currently witnessing the melding of the two, with the mobile side emerging as the favoured platform.
Yes, you'll see content creation on tablet and pad devices. It's inevitable as they get more powerful and easier to use.
I agree but they will never match real desktops. Technology advances. Something you can do today let's say in 2 hours you will do in 1 next year on new equipement. Thing is that next year you will ramp up the quality of the final product still getting same 2 hour work period. It's like that for ages and will never stop :)
Yes, you'll see content creation on tablet and pad devices. It's inevitable as they get more powerful and easier to use.
I agree but they will never match real desktops. Technology advances. Something you can do today let's say in 2 hours you will do in 1 next year on new equipement. Thing is that next year you will ramp up the quality of the final product still getting same 2 hour work period. It's like that for ages and will never stop :)
latergator116
Mar 18, 09:26 PM
I think this program is great. It will make it a lot more convenient for people to play their music anywhere they like. DRM is one of the reasons (in addition the the crummy AAC format) I don't buy music from the iTunes music store. I like being able to play my music where *I* want; I don't want Apple/RIAA putting any restrictions on that.
Gelfin
Mar 26, 01:50 AM
However it isn't tyranny because the government isn't actually depriving them of liberty, merely not supporting them.
You will say anything to rationalize your prejudice, won't you? I have trouble believing anyone is as dense as you pretend here.
Just in case, though, the government offers legal concessions to men and women who legally (not religiously) commit to a marriage. It refuses to extend those same concessions to same-sex couples, and can demonstrate no legitimate state interest in this discrimination. That is denial of equal treatment under the law, and is unconstitutional.
You will say anything to rationalize your prejudice, won't you? I have trouble believing anyone is as dense as you pretend here.
Just in case, though, the government offers legal concessions to men and women who legally (not religiously) commit to a marriage. It refuses to extend those same concessions to same-sex couples, and can demonstrate no legitimate state interest in this discrimination. That is denial of equal treatment under the law, and is unconstitutional.
UnixMac
Oct 9, 07:53 PM
Originally posted by jefhatfield
that alone is enough reason for me to buy mac ;)
it's not way more expensive for what you get, but i would like to see ibooks be $999 us and tibooks $1999 for starters
towers can come down a couple hundred and emac could stand to be $999 and imac at $1099
crt imac can go for $599 and os x can go for $99 dollars
but i still prefer the mac os and mac hardware over windows and pc boxes/laptops
Amen Brother!
that alone is enough reason for me to buy mac ;)
it's not way more expensive for what you get, but i would like to see ibooks be $999 us and tibooks $1999 for starters
towers can come down a couple hundred and emac could stand to be $999 and imac at $1099
crt imac can go for $599 and os x can go for $99 dollars
but i still prefer the mac os and mac hardware over windows and pc boxes/laptops
Amen Brother!
AppliedVisual
Oct 12, 11:11 AM
Did you just get the 2007 model? If so how do you like it? Can't you lobby sales to give you the credit? You bought while the coupon was in effect - just overlooked it. It's another $96 off man. Worth asking about. Get one first then call sales.
The one I ordered the other day shipped yesterday and I'm expecting delivery on monday. I requested the forum coupon and will see if they will credit me. But I don't know. i'm not planning on going through the brain damage of ordering another monitor with the coupon and sending one back just to save ~$100.
I currently have a 30" Dell that I bought last year when Dell first introduced them. I love the thing... My only gripe is 1 stuck pixel, but Dell requires like 7 or more to replace and I didn't swap the monitor within my 30-day window because the pixel didn't show up until after nearly 3 months. :(
I have an Apple 30" on my other G5 quad and I've never had the two side by side, but I think I like the Dell one better. I use a Gefen 4x1 DVI-DL switcher and have the G5 and two PC systems connected to the Dell with an extra cable for my MBP or whatnot if I want to connect that. I ordered the second 30" because I'm going to expand my desktop to dual 30" displays. :D I had to order another Gefen switcher for the second monitor too since the G5 and one of my PC boxes both support dual-link DVI out of both DVI ports as will the Mac Pro I'm planning to buy in the near future.
The one I ordered the other day shipped yesterday and I'm expecting delivery on monday. I requested the forum coupon and will see if they will credit me. But I don't know. i'm not planning on going through the brain damage of ordering another monitor with the coupon and sending one back just to save ~$100.
I currently have a 30" Dell that I bought last year when Dell first introduced them. I love the thing... My only gripe is 1 stuck pixel, but Dell requires like 7 or more to replace and I didn't swap the monitor within my 30-day window because the pixel didn't show up until after nearly 3 months. :(
I have an Apple 30" on my other G5 quad and I've never had the two side by side, but I think I like the Dell one better. I use a Gefen 4x1 DVI-DL switcher and have the G5 and two PC systems connected to the Dell with an extra cable for my MBP or whatnot if I want to connect that. I ordered the second 30" because I'm going to expand my desktop to dual 30" displays. :D I had to order another Gefen switcher for the second monitor too since the G5 and one of my PC boxes both support dual-link DVI out of both DVI ports as will the Mac Pro I'm planning to buy in the near future.
Mr.Gadget
Sep 25, 11:35 PM
Exactly... Now I have to wait even longer to jump into the Mac foray... I'm holding on until these 8-ways come out... I hope it is soon!
I know there isn't much point as I won't need that horsepower, but the bang for buck is what keeps me holding on just a little longer. No way am I waiting until Christmas though! :-)
I know there isn't much point as I won't need that horsepower, but the bang for buck is what keeps me holding on just a little longer. No way am I waiting until Christmas though! :-)
Multimedia
Oct 26, 01:21 AM
MacOSX scales very poorly compared to (say) Linux, Irix, or AIX, owing to its Mach underpinnings. 8 cpus won't get you much over 4 until Apple rips out the Mach guts and replaces it.I don't believe you. I use applications that want 3-4 cores EACH. And I need to run 2-4 of them simultaneously. No way is Apple going to ship dual Clovertowns if they provide no benefit. I think AppliedVisual also does not believe you. In other words:
You may be mistaken.
You may be mistaken.
iJohnHenry
Mar 15, 07:49 AM
true but still it's way more than is acceptable for nuclear station personal.. or otherwise they wouldn't have evacuated wouldn't they ? ;)
These people are being sacrificed, as were the workers/fireman/army at Chernobyl.
If you knew the full extent, from the get go, would you have hung around to 'man the pumps'??
These people are being sacrificed, as were the workers/fireman/army at Chernobyl.
If you knew the full extent, from the get go, would you have hung around to 'man the pumps'??
beaster
Sep 12, 04:16 PM
But at what quality??? Q1 2007 is as late as end of March. HD-DVD came out in April and BluRay in -- what -- May? So almost a year later Apple introduces a device that will play *near* (i.e. lower than) DVD-quality when the market is finally warming up to HD quality disks.
Regular DVD is 480i. Say that near-dvd quality is 420i. It will look like crap on that "big screen plasma" Jobs talked about.
He's marketing it to someone who will plug it into a $5K+ TV. At that price point, give us HD playback, both optical and streaming/downloaded, legally. I'd be happy to pay double or triple for a box that does it smoothly.
Agreed. If it can't do HD, I'll pass.
-Sean
Regular DVD is 480i. Say that near-dvd quality is 420i. It will look like crap on that "big screen plasma" Jobs talked about.
He's marketing it to someone who will plug it into a $5K+ TV. At that price point, give us HD playback, both optical and streaming/downloaded, legally. I'd be happy to pay double or triple for a box that does it smoothly.
Agreed. If it can't do HD, I'll pass.
-Sean
skottichan
Apr 15, 12:49 PM
Not if you believe HBO! All Roman women were raging lesbians (or at least bi-sexual).
The hunky men, not so much� *sigh*
:p
Shhhh... don't let them know that...
Lucy Lawless *swoon*
Screw you people, I'm allowed to have my one stereotypical crush (yes, and I'm a raging Xena/Gabby shipper... Don't judge me :()
The hunky men, not so much� *sigh*
:p
Shhhh... don't let them know that...
Lucy Lawless *swoon*
Screw you people, I'm allowed to have my one stereotypical crush (yes, and I'm a raging Xena/Gabby shipper... Don't judge me :()
AppliedVisual
Oct 26, 10:42 PM
[B][COLOR="DarkOrange"]Noone has mentioned the FSB concerns yet, which is weird.
Well I've mentioned it... In the other 8-cor Mac Pro thread. And I've brought it up more than once.
Yes, this should be a concern and those doing bandwidth-intense operations may find the FSB to be a bottleneck at times. Unless I've missed something along the way, the Mac Pro has an independent bus for each CPU, meaning that each quad core chip will get it's 1333MHz of data flow. I'll have to go check on this... If Apple is indeed stuffing two CPUs onto a single 1333MHz FSB, then there will be a serious problem. Because if I start running into bandwidth issues feeding multiple cores streams of HD video or animation frames, I'm not going to be happy.
Well I've mentioned it... In the other 8-cor Mac Pro thread. And I've brought it up more than once.
Yes, this should be a concern and those doing bandwidth-intense operations may find the FSB to be a bottleneck at times. Unless I've missed something along the way, the Mac Pro has an independent bus for each CPU, meaning that each quad core chip will get it's 1333MHz of data flow. I'll have to go check on this... If Apple is indeed stuffing two CPUs onto a single 1333MHz FSB, then there will be a serious problem. Because if I start running into bandwidth issues feeding multiple cores streams of HD video or animation frames, I'm not going to be happy.
.Andy
Apr 24, 11:29 PM
The ACT test is like the SAT but for the middle of America. I got 36* and literally only studied the day before.
*weight my arguments posted on the Internet accordingly.
*weight my arguments posted on the Internet accordingly.
jettredmont
May 3, 03:44 PM
Of course, I don't know of any Linux distribution that doesn't require root to install system wide software either. Kind of negates your point there...
I wasn't specific enough there. I was talking about how "Unix security" has been applied to the overall OS X permissions system, not just "Unix security" in the abstract. I'll cede the point that this does mean that "Unix security" in the abstract is no better than NT security, as I can not refute the claim that Linux distributions share the same problem (the need to run as "root" to do day-to-day computer administration). I would point out, though, that unless things have changed significantly, most window managers for Linux et al refuse to run as root, so you can't end up with a full-fledged graphical environment running as root.
You could do the same as far back as Windows NT 3.1 in 1993. The fact that most software vendors wrote their applications for the non-secure DOS based versions of Windows is moot, that is not a problem of the OS's security model, it is a problem of the Application. This is not "Unix security" being better, it's "Software vendors for Windows" being dumber.
Yes and no. You are looking at "Unix security" as a set of controls. I'm looking at it as a pragmatic system. As a system, Apple's OS X model allowed users to run as standard users and non-root Administrators while XP's model made non-Administrator access incredibly cumbersome.
You can blame that on Windows developers just being dumber, or you can blame it on Microsoft not sufficiently cracking the whip, or you can blame it on Microsoft not making the "right way" easy enough. Wherever the blame goes, the practical effect is that Windows users tended to run as Administrator and locking them down to Standard user accounts was a slap in the face and serious drain on productivity.
Actually, the Administrator account (much less a standard user in the Administrators group) is not a root level account at all.
Notice how a root account on Unix can do everything, just by virtue of its 0 uid. It can write/delete/read files from filesystems it does not even have permissions on. It can kill any system process, no matter the owner.
Administrator on Windows NT is far more limited. Don't ever break your ACLs or don't try to kill processes owned by "System". SysInternals provided tools that let you do it, but Microsoft did not.
Interesting. I do remember being able to do some pretty damaging things with Administrator access in Windows XP such as replacing shared DLLs, formatting the hard drive, replacing any executable in c:\windows, etc, which OS X would not let me do without typing in a password (GUI) or sudo'ing to root (command line).
But, I stand corrected. NT "Administrator" is not equivalent to "root" on Unix. But it's a whole lot more "trusted" (and hence all apps it runs are a lot more trusted) than the equivalent OS X "Administrator" account.
UAC is simply a gui front-end to the runas command. Heck, shift-right-click already had the "Run As" option. It's a glorified sudo. It uses RDP (since Vista, user sessions are really local RDP sessions) to prevent being able to "fake it", by showing up on the "console" session while the user's display resides on a RDP session.
Again, the components are all there, but while the pragmatic effect was that a user needed to right-click, select "Run as Administrator", then type in their password to run something ... well, that wasn't going to happen. Hence, users tended to have Administrator access accounts.
There, you did it, you made me go on a defensive rant for Microsoft. I hate you now.
Sorry! I know; it burns!
...
Why bother, you're not "getting it". The only reason the user is aware of MACDefender is because it runs a GUI based installer. If the executable had had 0 GUI code and just run stuff in the background, you would have never known until you couldn't find your files or some chinese guy was buying goods with your CC info, fished right out of your "Bank stuff.xls" file.
Well, unless you have more information on this than I do, I'm assuming that the .zip file was unarchived (into a sub-folder of ~/Downloads), a .dmg file with an "Internet Enabled" flag was found inside, then the user was prompted by the OS if they wanted to run this installer they downloaded, then the installer came up (keeping in mind that "installer" is a package structure potentially with some scripts, not a free-form executable, and that the only reason it came up was that the 'installer' app the OS has opened it up and recognized it). I believe the Installer also asks the user permission before running any of the preflight scripts.
Unless there is a bug here exposing a security hole, this could not be done without multiple user interactions. The "installer" only ran because it was a set of instructions for the built-in installer. The disk image was only opened because it was in the form Safari recognizes as an auto-open disk image. The first time "arbitrary code" could be run would be in the preflight script of the installer.
I wasn't specific enough there. I was talking about how "Unix security" has been applied to the overall OS X permissions system, not just "Unix security" in the abstract. I'll cede the point that this does mean that "Unix security" in the abstract is no better than NT security, as I can not refute the claim that Linux distributions share the same problem (the need to run as "root" to do day-to-day computer administration). I would point out, though, that unless things have changed significantly, most window managers for Linux et al refuse to run as root, so you can't end up with a full-fledged graphical environment running as root.
You could do the same as far back as Windows NT 3.1 in 1993. The fact that most software vendors wrote their applications for the non-secure DOS based versions of Windows is moot, that is not a problem of the OS's security model, it is a problem of the Application. This is not "Unix security" being better, it's "Software vendors for Windows" being dumber.
Yes and no. You are looking at "Unix security" as a set of controls. I'm looking at it as a pragmatic system. As a system, Apple's OS X model allowed users to run as standard users and non-root Administrators while XP's model made non-Administrator access incredibly cumbersome.
You can blame that on Windows developers just being dumber, or you can blame it on Microsoft not sufficiently cracking the whip, or you can blame it on Microsoft not making the "right way" easy enough. Wherever the blame goes, the practical effect is that Windows users tended to run as Administrator and locking them down to Standard user accounts was a slap in the face and serious drain on productivity.
Actually, the Administrator account (much less a standard user in the Administrators group) is not a root level account at all.
Notice how a root account on Unix can do everything, just by virtue of its 0 uid. It can write/delete/read files from filesystems it does not even have permissions on. It can kill any system process, no matter the owner.
Administrator on Windows NT is far more limited. Don't ever break your ACLs or don't try to kill processes owned by "System". SysInternals provided tools that let you do it, but Microsoft did not.
Interesting. I do remember being able to do some pretty damaging things with Administrator access in Windows XP such as replacing shared DLLs, formatting the hard drive, replacing any executable in c:\windows, etc, which OS X would not let me do without typing in a password (GUI) or sudo'ing to root (command line).
But, I stand corrected. NT "Administrator" is not equivalent to "root" on Unix. But it's a whole lot more "trusted" (and hence all apps it runs are a lot more trusted) than the equivalent OS X "Administrator" account.
UAC is simply a gui front-end to the runas command. Heck, shift-right-click already had the "Run As" option. It's a glorified sudo. It uses RDP (since Vista, user sessions are really local RDP sessions) to prevent being able to "fake it", by showing up on the "console" session while the user's display resides on a RDP session.
Again, the components are all there, but while the pragmatic effect was that a user needed to right-click, select "Run as Administrator", then type in their password to run something ... well, that wasn't going to happen. Hence, users tended to have Administrator access accounts.
There, you did it, you made me go on a defensive rant for Microsoft. I hate you now.
Sorry! I know; it burns!
...
Why bother, you're not "getting it". The only reason the user is aware of MACDefender is because it runs a GUI based installer. If the executable had had 0 GUI code and just run stuff in the background, you would have never known until you couldn't find your files or some chinese guy was buying goods with your CC info, fished right out of your "Bank stuff.xls" file.
Well, unless you have more information on this than I do, I'm assuming that the .zip file was unarchived (into a sub-folder of ~/Downloads), a .dmg file with an "Internet Enabled" flag was found inside, then the user was prompted by the OS if they wanted to run this installer they downloaded, then the installer came up (keeping in mind that "installer" is a package structure potentially with some scripts, not a free-form executable, and that the only reason it came up was that the 'installer' app the OS has opened it up and recognized it). I believe the Installer also asks the user permission before running any of the preflight scripts.
Unless there is a bug here exposing a security hole, this could not be done without multiple user interactions. The "installer" only ran because it was a set of instructions for the built-in installer. The disk image was only opened because it was in the form Safari recognizes as an auto-open disk image. The first time "arbitrary code" could be run would be in the preflight script of the installer.
sonnys
Oct 26, 02:34 PM
You won't see a Clovertown Mac Pro until after Adobe announces the ship date for CS3. The reasons are simple -- a) most would-be Mac Pro purchasers are holding off until the native version of Creative Suite; and b) marketing-wise changing from a dual dual 3 GHz high end to a dual quad 2.66 GHz high end would be seen as a downgrade.
Apple will wait for CS3, and by then there will be a 3+ GHz Clovertown available which will provide for an upgrade that would be much easier to market and sell.
Apple will wait for CS3, and by then there will be a 3+ GHz Clovertown available which will provide for an upgrade that would be much easier to market and sell.
thisisahughes
Apr 8, 10:15 PM
Wirelessly posted (Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_3_1 like Mac OS X; en-us) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8G4 Safari/6533.18.5)
I cannot wait. I've been waiting for this, for years.
I cannot wait. I've been waiting for this, for years.
Howdr
Mar 18, 01:10 PM
Look I'm not childish or demanding I just disagree with the way At&t has sucked many of us into the Unlimited plan from the beginning. After a time we all had it and they came out with the secrete 5GB idea. You want posts of me complaining back in 2008? Why ? I don't have to prove anything to anyone to state my opinion and dislike of the policy.
Don't point the finger at me and say I'm stealing, I paid for my internet use every month for over 3 years now.
I'll cut back on the righteous talk if the finger pointing stops.
I do not tether on a regular basis and have not for 6 months.
I do not Download with my phone except apps and docs.
I agree there can be abuse even with unlimited
(ie: the people who claim 90 and 120Gb a month DL)
You feel your right,
I feel I'm right,
we disagree, end of story :cool:
Also At&t will do this from time to time and unless something changes that stops them there is nothing we can do about it.
Don't point the finger at me and say I'm stealing, I paid for my internet use every month for over 3 years now.
I'll cut back on the righteous talk if the finger pointing stops.
I do not tether on a regular basis and have not for 6 months.
I do not Download with my phone except apps and docs.
I agree there can be abuse even with unlimited
(ie: the people who claim 90 and 120Gb a month DL)
You feel your right,
I feel I'm right,
we disagree, end of story :cool:
Also At&t will do this from time to time and unless something changes that stops them there is nothing we can do about it.
jettredmont
May 3, 03:44 PM
Of course, I don't know of any Linux distribution that doesn't require root to install system wide software either. Kind of negates your point there...
I wasn't specific enough there. I was talking about how "Unix security" has been applied to the overall OS X permissions system, not just "Unix security" in the abstract. I'll cede the point that this does mean that "Unix security" in the abstract is no better than NT security, as I can not refute the claim that Linux distributions share the same problem (the need to run as "root" to do day-to-day computer administration). I would point out, though, that unless things have changed significantly, most window managers for Linux et al refuse to run as root, so you can't end up with a full-fledged graphical environment running as root.
You could do the same as far back as Windows NT 3.1 in 1993. The fact that most software vendors wrote their applications for the non-secure DOS based versions of Windows is moot, that is not a problem of the OS's security model, it is a problem of the Application. This is not "Unix security" being better, it's "Software vendors for Windows" being dumber.
Yes and no. You are looking at "Unix security" as a set of controls. I'm looking at it as a pragmatic system. As a system, Apple's OS X model allowed users to run as standard users and non-root Administrators while XP's model made non-Administrator access incredibly cumbersome.
You can blame that on Windows developers just being dumber, or you can blame it on Microsoft not sufficiently cracking the whip, or you can blame it on Microsoft not making the "right way" easy enough. Wherever the blame goes, the practical effect is that Windows users tended to run as Administrator and locking them down to Standard user accounts was a slap in the face and serious drain on productivity.
Actually, the Administrator account (much less a standard user in the Administrators group) is not a root level account at all.
Notice how a root account on Unix can do everything, just by virtue of its 0 uid. It can write/delete/read files from filesystems it does not even have permissions on. It can kill any system process, no matter the owner.
Administrator on Windows NT is far more limited. Don't ever break your ACLs or don't try to kill processes owned by "System". SysInternals provided tools that let you do it, but Microsoft did not.
Interesting. I do remember being able to do some pretty damaging things with Administrator access in Windows XP such as replacing shared DLLs, formatting the hard drive, replacing any executable in c:\windows, etc, which OS X would not let me do without typing in a password (GUI) or sudo'ing to root (command line).
But, I stand corrected. NT "Administrator" is not equivalent to "root" on Unix. But it's a whole lot more "trusted" (and hence all apps it runs are a lot more trusted) than the equivalent OS X "Administrator" account.
UAC is simply a gui front-end to the runas command. Heck, shift-right-click already had the "Run As" option. It's a glorified sudo. It uses RDP (since Vista, user sessions are really local RDP sessions) to prevent being able to "fake it", by showing up on the "console" session while the user's display resides on a RDP session.
Again, the components are all there, but while the pragmatic effect was that a user needed to right-click, select "Run as Administrator", then type in their password to run something ... well, that wasn't going to happen. Hence, users tended to have Administrator access accounts.
There, you did it, you made me go on a defensive rant for Microsoft. I hate you now.
Sorry! I know; it burns!
...
Why bother, you're not "getting it". The only reason the user is aware of MACDefender is because it runs a GUI based installer. If the executable had had 0 GUI code and just run stuff in the background, you would have never known until you couldn't find your files or some chinese guy was buying goods with your CC info, fished right out of your "Bank stuff.xls" file.
Well, unless you have more information on this than I do, I'm assuming that the .zip file was unarchived (into a sub-folder of ~/Downloads), a .dmg file with an "Internet Enabled" flag was found inside, then the user was prompted by the OS if they wanted to run this installer they downloaded, then the installer came up (keeping in mind that "installer" is a package structure potentially with some scripts, not a free-form executable, and that the only reason it came up was that the 'installer' app the OS has opened it up and recognized it). I believe the Installer also asks the user permission before running any of the preflight scripts.
Unless there is a bug here exposing a security hole, this could not be done without multiple user interactions. The "installer" only ran because it was a set of instructions for the built-in installer. The disk image was only opened because it was in the form Safari recognizes as an auto-open disk image. The first time "arbitrary code" could be run would be in the preflight script of the installer.
I wasn't specific enough there. I was talking about how "Unix security" has been applied to the overall OS X permissions system, not just "Unix security" in the abstract. I'll cede the point that this does mean that "Unix security" in the abstract is no better than NT security, as I can not refute the claim that Linux distributions share the same problem (the need to run as "root" to do day-to-day computer administration). I would point out, though, that unless things have changed significantly, most window managers for Linux et al refuse to run as root, so you can't end up with a full-fledged graphical environment running as root.
You could do the same as far back as Windows NT 3.1 in 1993. The fact that most software vendors wrote their applications for the non-secure DOS based versions of Windows is moot, that is not a problem of the OS's security model, it is a problem of the Application. This is not "Unix security" being better, it's "Software vendors for Windows" being dumber.
Yes and no. You are looking at "Unix security" as a set of controls. I'm looking at it as a pragmatic system. As a system, Apple's OS X model allowed users to run as standard users and non-root Administrators while XP's model made non-Administrator access incredibly cumbersome.
You can blame that on Windows developers just being dumber, or you can blame it on Microsoft not sufficiently cracking the whip, or you can blame it on Microsoft not making the "right way" easy enough. Wherever the blame goes, the practical effect is that Windows users tended to run as Administrator and locking them down to Standard user accounts was a slap in the face and serious drain on productivity.
Actually, the Administrator account (much less a standard user in the Administrators group) is not a root level account at all.
Notice how a root account on Unix can do everything, just by virtue of its 0 uid. It can write/delete/read files from filesystems it does not even have permissions on. It can kill any system process, no matter the owner.
Administrator on Windows NT is far more limited. Don't ever break your ACLs or don't try to kill processes owned by "System". SysInternals provided tools that let you do it, but Microsoft did not.
Interesting. I do remember being able to do some pretty damaging things with Administrator access in Windows XP such as replacing shared DLLs, formatting the hard drive, replacing any executable in c:\windows, etc, which OS X would not let me do without typing in a password (GUI) or sudo'ing to root (command line).
But, I stand corrected. NT "Administrator" is not equivalent to "root" on Unix. But it's a whole lot more "trusted" (and hence all apps it runs are a lot more trusted) than the equivalent OS X "Administrator" account.
UAC is simply a gui front-end to the runas command. Heck, shift-right-click already had the "Run As" option. It's a glorified sudo. It uses RDP (since Vista, user sessions are really local RDP sessions) to prevent being able to "fake it", by showing up on the "console" session while the user's display resides on a RDP session.
Again, the components are all there, but while the pragmatic effect was that a user needed to right-click, select "Run as Administrator", then type in their password to run something ... well, that wasn't going to happen. Hence, users tended to have Administrator access accounts.
There, you did it, you made me go on a defensive rant for Microsoft. I hate you now.
Sorry! I know; it burns!
...
Why bother, you're not "getting it". The only reason the user is aware of MACDefender is because it runs a GUI based installer. If the executable had had 0 GUI code and just run stuff in the background, you would have never known until you couldn't find your files or some chinese guy was buying goods with your CC info, fished right out of your "Bank stuff.xls" file.
Well, unless you have more information on this than I do, I'm assuming that the .zip file was unarchived (into a sub-folder of ~/Downloads), a .dmg file with an "Internet Enabled" flag was found inside, then the user was prompted by the OS if they wanted to run this installer they downloaded, then the installer came up (keeping in mind that "installer" is a package structure potentially with some scripts, not a free-form executable, and that the only reason it came up was that the 'installer' app the OS has opened it up and recognized it). I believe the Installer also asks the user permission before running any of the preflight scripts.
Unless there is a bug here exposing a security hole, this could not be done without multiple user interactions. The "installer" only ran because it was a set of instructions for the built-in installer. The disk image was only opened because it was in the form Safari recognizes as an auto-open disk image. The first time "arbitrary code" could be run would be in the preflight script of the installer.
DakotaGuy
Oct 9, 10:11 PM
I headed into the city after I was done teaching today and decided to go into the Gateway Country store and check out the new PC's. They are FAST and XP does seem just as nice as OSX. The guy quoted me some great prices as well. I want an all in one so I am looking at getting a new Profile. The guy told me that it is a lot faster then the iMac because the iMac has only 800MHz and even the cheapest Profile has a 1.7 Ghz processor. I use a computer at home for things like internet, email, digital photography, MP3's, etc. He showed me how great XP handles all of that stuff. I was impressed, before everyone slams the PC they really should go out and check out the new ones running XP.
Like I said before I never considered getting a PC, but after reading comments over and over by people on here I can see their point on what computer is becoming a better value for people like me who use a computer like I do.
It will probably be about a year until I get a new computer, I feel comfortable with the Mac and I do like OSX, but they seem like they are becoming poorer and poorer machines. My magical price point is around $1200-$1500 and I can't go over that. Like I said before it will probably be a year before I actually upgrade my desktop. I love my iBook and won't part with that, but I might try a Profile for a new desktop. I like the new eMac for the price, but by next year the eMac might be at 1 GHz but the Profile will probably be at 3Ghz and it just seems like a very poor value for the price.
Like I said before I never considered getting a PC, but after reading comments over and over by people on here I can see their point on what computer is becoming a better value for people like me who use a computer like I do.
It will probably be about a year until I get a new computer, I feel comfortable with the Mac and I do like OSX, but they seem like they are becoming poorer and poorer machines. My magical price point is around $1200-$1500 and I can't go over that. Like I said before it will probably be a year before I actually upgrade my desktop. I love my iBook and won't part with that, but I might try a Profile for a new desktop. I like the new eMac for the price, but by next year the eMac might be at 1 GHz but the Profile will probably be at 3Ghz and it just seems like a very poor value for the price.
CaoCao
Mar 24, 07:16 PM
"People are being attacked for taking positions that do not support sexual behaviour between people of the same sex," he told the current session of the Human Rights Council....
"These attacks are violations of fundamental human rights and cannot be justified under any circumstances," Tomasi said."
Is this not exactly what the Catholic Church has done to homosexuals? Do they not have "Fundamental human rights"?
Sounds like hate to me.
Not supporting actions is hate?
You do real that Tomasi is talking about the attacks on "People who criticise gay sexual relations..."
"These attacks are violations of fundamental human rights and cannot be justified under any circumstances," Tomasi said."
Is this not exactly what the Catholic Church has done to homosexuals? Do they not have "Fundamental human rights"?
Sounds like hate to me.
Not supporting actions is hate?
You do real that Tomasi is talking about the attacks on "People who criticise gay sexual relations..."