 |
|
|
|
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Jim Henderson wrote:
>
> OK - probably won't have time to look much until the weekend anyways. :-)
BTW, there's no installer nor install instructions, but luckily the
directory structure of the package is pretty simple ;). Diff files
before overwriting your old ones (ie. apaches httpd.conf), if you're
running anything else on that machine.
>> 64-bit, running Gentoo Linux (surprisingly).
>
> Why surprisingly? ;-)
SaoIP (Sarcasm-over-IP).
> That's true enough. Now I just need to convert from PDF to Framemaker
> and we've got the original files to work with again. :-)
Heh, conversion tunnel ;).
> Jim
-Aero
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Darren New wrote:
> Well, it asks once per process you invoke with admin rights, just like
> sudo. No, sudo doesn't ask for the password every time, but it makes you
> type "sudo" every time, which was kind of what I was saying.
BTW, what prevents a program from trying to run sudo, just to see if
your sudo hasn't expired yet, and thereby taking over your machine? I
mean, if I don't have to actively confirm every request, why can't a
program just occasionally try to trojan its way in?
And, for the record:
1) SP1 apparently vastly improved how rarely you needed to UAC.
2) You can turn off UAC confirmations for administrators.
3) You can set administrators to needing to provide the password too.
4) There's a mildly hacky way (equivalent to setuid) to set up specific
programs to run as administrator without any prompting.
So it's pretty flexible. If you want a root account, log in as
administrator and turn off the UAC for administrators only. :-)
--
Darren New / San Diego, CA, USA (PST)
Post a reply to this message
|
|
| |
| |
|
|
From: Jim Henderson
Subject: Re: Linux really costs a _lot_ more than $40
Date: 11 Nov 2008 19:26:21
Message: <491a22ad@news.povray.org>
|
|
|
| |
| |
|
|
On Thu, 06 Nov 2008 18:53:22 +0200, Eero Ahonen wrote:
> Jim Henderson wrote:
>>
>> OK - probably won't have time to look much until the weekend anyways.
>> :-)
>
> BTW, there's no installer nor install instructions, but luckily the
> directory structure of the package is pretty simple ;). Diff files
> before overwriting your old ones (ie. apaches httpd.conf), if you're
> running anything else on that machine.
Will do. Thought I'd have time this weekend, but ended up busier than I
thought...
>>> 64-bit, running Gentoo Linux (surprisingly).
>>
>> Why surprisingly? ;-)
>
> SaoIP (Sarcasm-over-IP).
Ah, I get it. :-)
>> That's true enough. Now I just need to convert from PDF to Framemaker
>> and we've got the original files to work with again. :-)
>
> Heh, conversion tunnel ;).
More or less, yes. ;-)
Jim
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
On Thu, 06 Nov 2008 09:53:09 -0800, Darren New wrote:
> Darren New wrote:
>> Well, it asks once per process you invoke with admin rights, just like
>> sudo. No, sudo doesn't ask for the password every time, but it makes
>> you type "sudo" every time, which was kind of what I was saying.
>
> BTW, what prevents a program from trying to run sudo, just to see if
> your sudo hasn't expired yet, and thereby taking over your machine? I
> mean, if I don't have to actively confirm every request, why can't a
> program just occasionally try to trojan its way in?
A proper sudo configuration. Which arguably I don't have. ;-)
> And, for the record:
> 1) SP1 apparently vastly improved how rarely you needed to UAC. 2) You
> can turn off UAC confirmations for administrators. 3) You can set
> administrators to needing to provide the password too. 4) There's a
> mildly hacky way (equivalent to setuid) to set up specific programs to
> run as administrator without any prompting.
>
> So it's pretty flexible. If you want a root account, log in as
> administrator and turn off the UAC for administrators only. :-)
It's good to know they've fixed a few things, should I ever have a need
to go back. :-)
Jim
Post a reply to this message
|
|
| |
| |
|
|
From: Darren New
Subject: Re: Linux really costs a _lot_ more than $40
Date: 11 Nov 2008 20:09:26
Message: <491a2cc6@news.povray.org>
|
|
|
| |
| |
|
|
Jim Henderson wrote:
> A proper sudo configuration. Which arguably I don't have. ;-)
What would be a proper sudo configuration? What would you have it do,
other than (say) require the human to check sudo failure logs regularly
or something?
> It's good to know they've fixed a few things, should I ever have a need
> to go back. :-)
Yes. Almost all (but certainly not all) of the complaining I've seen was
either about beta versions of the stuff, or just plain wrong (such as
complaining "they should have left an advanced way to do X" when they
already did, and the review just wasn't advanced enough to find it).
I must admit, this is the first time Windows has "improved" that I've
immediately liked the new version better than the old, just in terms of
look and functionality and such. Altho it does seem to be even more
dumbed down, lacking (for example) progress bars for many things you'd
think would have progress bars. And omitting useful functionality (like
backups? Come on...) unless you pay for the full packages and more.
Mine worked much better once I scraped all the proprietary ad-ware off
the thing, and put on only the device drivers it didn't already have
signed copies of from Microsoft.
Of course, I haven't used it for real work yet, so maybe it's a lot
flakier. But as a concept, it works for me. :-)
--
Darren New / San Diego, CA, USA (PST)
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
On Tue, 11 Nov 2008 17:09:27 -0800, Darren New wrote:
> Jim Henderson wrote:
>> A proper sudo configuration. Which arguably I don't have. ;-)
>
> What would be a proper sudo configuration? What would you have it do,
> other than (say) require the human to check sudo failure logs regularly
> or something?
Not use the NOPASSWD keyword, primarily. On a critical system, I
wouldn't allow that in the file at all. That would prevent a trojan such
as you describe from successfully using sudo to act as root.
On such a system, I'd also do other things, too, like require public key
authentication via SSH and disable root's remote access via SSH.
>> It's good to know they've fixed a few things, should I ever have a need
>> to go back. :-)
>
> Yes. Almost all (but certainly not all) of the complaining I've seen was
> either about beta versions of the stuff, or just plain wrong (such as
> complaining "they should have left an advanced way to do X" when they
> already did, and the review just wasn't advanced enough to find it).
>
> I must admit, this is the first time Windows has "improved" that I've
> immediately liked the new version better than the old, just in terms of
> look and functionality and such. Altho it does seem to be even more
> dumbed down, lacking (for example) progress bars for many things you'd
> think would have progress bars. And omitting useful functionality (like
> backups? Come on...) unless you pay for the full packages and more.
>
> Mine worked much better once I scraped all the proprietary ad-ware off
> the thing, and put on only the device drivers it didn't already have
> signed copies of from Microsoft.
>
> Of course, I haven't used it for real work yet, so maybe it's a lot
> flakier. But as a concept, it works for me. :-)
Whereas for me, I used it for about 15 minutes and then rebooted the
machine into openSUSE 11.0 and left it there. Vista's still there, but
pretty much all of my apps are Linux-based now, so I don't have a need
for it, really.
Jim
Post a reply to this message
|
|
| |
| |
|
|
From: Darren New
Subject: Re: Linux really costs a _lot_ more than $40
Date: 11 Nov 2008 21:58:58
Message: <491a4672@news.povray.org>
|
|
|
| |
| |
|
|
Jim Henderson wrote:
> Not use the NOPASSWD keyword, primarily.
Oh, well, yes. Then you get what UAC does. That was kind of my point. I
mean, people were complaining that UAC asks for a password for every
process that need root privs. I was just wondering why this isn't a good
thing.
> Whereas for me, I used it for about 15 minutes and then rebooted the
> machine into openSUSE 11.0 and left it there. Vista's still there, but
> pretty much all of my apps are Linux-based now, so I don't have a need
> for it, really.
Yep. To each his own. :-) I already had to reinstall OpenSuSE 11 twice
due to it doing f'ed up things I couldn't figure out how to undo. Like,
taking the "start button" off the "task bar", or screwing up the package
management system so that attempts to update crash out.
(BTW, I *hate* the new package update thingie in SuSE 11. Confusing as
hell, and doesn't work nice at all. Warp talks about rearranging menus
- how about an "accept" button that doesn't actually install the listed
updates until you push another button that reveals the magic button that
says "Yes, this is what I want to accept". Sheesh.)
--
Darren New / San Diego, CA, USA (PST)
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
On Tue, 11 Nov 2008 18:58:57 -0800, Darren New wrote:
> Jim Henderson wrote:
>> Not use the NOPASSWD keyword, primarily.
>
> Oh, well, yes. Then you get what UAC does. That was kind of my point. I
> mean, people were complaining that UAC asks for a password for every
> process that need root privs. I was just wondering why this isn't a good
> thing.
I think it's largely a mindset - coming from a Windows background, one
typically is used to just being able to do things.
On *nix platforms with sudo, the mindset is a little different, but also
having the option to use NOPASSWD (which is ignored actually by kdesu and
gnomesu). When I installed VNC on Vista, UAC prompted me *several* times
during the installation, and that was a pain. With Linux, I get asked
once during a software installation.
>> Whereas for me, I used it for about 15 minutes and then rebooted the
>> machine into openSUSE 11.0 and left it there. Vista's still there, but
>> pretty much all of my apps are Linux-based now, so I don't have a need
>> for it, really.
>
> Yep. To each his own. :-) I already had to reinstall OpenSuSE 11 twice
> due to it doing f'ed up things I couldn't figure out how to undo. Like,
> taking the "start button" off the "task bar", or screwing up the package
> management system so that attempts to update crash out.
KDE or GNOME? I haven't had those issues as a GNOME user.
> (BTW, I *hate* the new package update thingie in SuSE 11. Confusing as
> hell, and doesn't work nice at all. Warp talks about rearranging menus
> - how about an "accept" button that doesn't actually install the listed
> updates until you push another button that reveals the magic button that
> says "Yes, this is what I want to accept". Sheesh.)
I've not had that problem - using KDE or GNOME? (I use GNOME, and found
the updater works very well and makes a lot of sense - the only thing I
don't like is that it only applies patches - security patches, for
example - and doesn't do application upgrades).
Jim
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Jim Henderson wrote:
> I think it's largely a mindset - coming from a Windows background, one
> typically is used to just being able to do things.
Yes. I was amused by one reviewer complaining he got a UAC prompt trying
to change the time.
Maybe MS could put UAC prompts in appropriate to the version of the OS.
Home users can change the time without a prompt, while enterprise
versions need a prompt, for example.
> On *nix platforms with sudo, the mindset is a little different, but also
> having the option to use NOPASSWD (which is ignored actually by kdesu and
> gnomesu).
Yah. You can do this just by logging in as administrator, for example.
Then you get no prompts at all.
> When I installed VNC on Vista, UAC prompted me *several* times
> during the installation, and that was a pain. With Linux, I get asked
> once during a software installation.
Yeah, they could obviously clear this up. Maybe you would have had
better results using "run as administrator" on the install script, as I
expect VNC was installing (for example) both the client and the server,
perhaps as launching separate executables.
>> Yep. To each his own. :-) I already had to reinstall OpenSuSE 11 twice
>> due to it doing f'ed up things I couldn't figure out how to undo. Like,
>> taking the "start button" off the "task bar", or screwing up the package
>> management system so that attempts to update crash out.
>
> KDE or GNOME? I haven't had those issues as a GNOME user.
GNOME. I didn't have them in KDE SuSE 10, either.
I think I'm just f'ing unlucky. I seem to run into every weird problem
that no other Linux user ever has trouble with. Must be my morphogenic
field or something.
> I've not had that problem - using KDE or GNOME?
GNOME, this time. I'm just picking "yast" off the system menu and going
to the "update" stuff.
It used to be YaST would say "Hey, there's three packages to install to
update the installer. Click "OK" to install them, and I'll restart."
Now it tells you there's three you ought to install, so go scroll thru
the list of 600 updates and find just those three, then click on each to
make the "install" button appear, then click on the "Install" button,
*then* accept it.
And don't just select all the packages and say "install", because then
we'll warn you that we're about to break stuff, even if we really aren't.
I just think the UI went really downhill there, even if it makes more
sense to someone more experienced. Or maybe there's a better way to get
to the same functionality now, or something.
> the updater works very well and makes a lot of sense
Except it locks the package manager for several minutes when I log in.
(Probably less annoying than in SuSE 10, where it downloaded the package
lists every time you logged in.) Assuming you're talking about the
automatic one that runs in the systray-equivalent.
That's what I *thought* I was turning off when I confirmed ditching the
"start menu" button, since it had crashed out repeatedly with bad
package repositories or something. And just *try* to figure out how to
get that button back when it's gone. ;-) Since I had *just* made a full
backup, it was easier to restore than to look up what I needed to know.
--
Darren New / San Diego, CA, USA (PST)
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
On Wed, 12 Nov 2008 11:55:03 -0800, Darren New wrote:
> Jim Henderson wrote:
>> I think it's largely a mindset - coming from a Windows background, one
>> typically is used to just being able to do things.
>
> Yes. I was amused by one reviewer complaining he got a UAC prompt trying
> to change the time.
>
> Maybe MS could put UAC prompts in appropriate to the version of the OS.
> Home users can change the time without a prompt, while enterprise
> versions need a prompt, for example.
That would probably make more sense. Or make it configurable via a GPO
but have the defaults be sane for the home user.
>> On *nix platforms with sudo, the mindset is a little different, but
>> also having the option to use NOPASSWD (which is ignored actually by
>> kdesu and gnomesu).
>
> Yah. You can do this just by logging in as administrator, for example.
> Then you get no prompts at all.
On Vista? I ran the home version here, and was logged in as
administrator (hadn't created another user as of yet IIRC). But maybe
running the "Home" version was my problem. ;-) Certainly, pre-SP1.
>> When I installed VNC on Vista, UAC prompted me *several* times during
>> the installation, and that was a pain. With Linux, I get asked once
>> during a software installation.
>
> Yeah, they could obviously clear this up. Maybe you would have had
> better results using "run as administrator" on the install script, as I
> expect VNC was installing (for example) both the client and the server,
> perhaps as launching separate executables.
Maybe, but it was packaged as a single MSI.
>>> Yep. To each his own. :-) I already had to reinstall OpenSuSE 11 twice
>>> due to it doing f'ed up things I couldn't figure out how to undo.
>>> Like, taking the "start button" off the "task bar", or screwing up the
>>> package management system so that attempts to update crash out.
>>
>> KDE or GNOME? I haven't had those issues as a GNOME user.
>
> GNOME. I didn't have them in KDE SuSE 10, either.
Right click the panel and select "Add to panel" - then filter to
"Menu". :-)
> I think I'm just f'ing unlucky. I seem to run into every weird problem
> that no other Linux user ever has trouble with. Must be my morphogenic
> field or something.
LOL
>> I've not had that problem - using KDE or GNOME?
>
> GNOME, this time. I'm just picking "yast" off the system menu and going
> to the "update" stuff.
>
> It used to be YaST would say "Hey, there's three packages to install to
> update the installer. Click "OK" to install them, and I'll restart."
>
> Now it tells you there's three you ought to install, so go scroll thru
> the list of 600 updates and find just those three, then click on each to
> make the "install" button appear, then click on the "Install" button,
> *then* accept it.
>
> And don't just select all the packages and say "install", because then
> we'll warn you that we're about to break stuff, even if we really
> aren't.
>
> I just think the UI went really downhill there, even if it makes more
> sense to someone more experienced. Or maybe there's a better way to get
> to the same functionality now, or something.
You don't want to use YaST to do updates - I see what you're talking
about, and yes, that is confusing. I use the updater applet which is
really clear. The one thing I don't like, though, is that application
upgrades aren't included in the updater - you have to install those
separately for some reason. I'm hoping they've addressed that in 11.1.
>> the updater works very well and makes a lot of sense
>
> Except it locks the package manager for several minutes when I log in.
> (Probably less annoying than in SuSE 10, where it downloaded the package
> lists every time you logged in.) Assuming you're talking about the
> automatic one that runs in the systray-equivalent.
It shouldn't take that long - they got rid of the old zmd stuff from 10.x
(which was absolute garbage - they took Red Carpet from Ximian and ported
it to run as a Mono app; thing is, Mono wasn't ready for prime time yet,
and using your updater app to showcase a new technology is just mind-
bogglingly stupid IMNSHO) and replaced it with packagekit. I've found
that to be MUCH better.
> That's what I *thought* I was turning off when I confirmed ditching the
> "start menu" button, since it had crashed out repeatedly with bad
> package repositories or something. And just *try* to figure out how to
> get that button back when it's gone. ;-) Since I had *just* made a full
> backup, it was easier to restore than to look up what I needed to know.
:-)
Jim
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
|
|
