| Author |
Message |
    
Case
Citizen
Username: Case
Post Number: 1181
Registered: 2-2005
| | Posted on Monday, February 27, 2006 - 4:16 pm: | 
|
I don't follow Mac stuff, but this one was pretty interesting:
http://www.networkworld.com/news/2006/022406-apple-mac-security.html?nlhtsec=022 706securityalert1 |
Tom Reingold
Supporter
Username: Noglider
Post Number: 12650
Registered: 1-2003
| | Posted on Monday, February 27, 2006 - 4:26 pm: |
|
As Dave has pointed out, Mac users don't typically run things as "root" or the superuser account, so arbitrary code is not as harmful on the mac as it is on a PC, where users typically run as administrator. But if an application prompts a user for the administrator password and the user is complacent and complicit, then bad stuff happens.
I wonder about the designers of Windows NT through XP. Why have an non-administrator login at all if it's not useful? It's useless enough (or hard enough to use) that you end up running everything as administrator.
I understand Windows Vista now allows you to do administrative things while logged in as a regular, unprivileged user. Good. Now Windows will be more secure than ever, equivalent to unix in the 1970's. That's progress, but it took 40 years to catch up.
|
AlleyGater
Citizen
Username: Alleygater
Post Number: 1204
Registered: 10-2004
| | Posted on Monday, February 27, 2006 - 5:10 pm: |
|
Any article that convinces people to be more secure is great in my mind. Having said that, the article struck me as not being very informative and relatively alarmist.
The major difference IMO about OSX and any MS based OS is that Apple is much more proactive AND REGULAR with their security updates, and they are also more apt to admit a security risk, and to do something about it.
This article reminds me of not that long ago when everyone found out that Firefox has vulnerbilities. Sure, any software can be exploited, but take a look at the Firefox team. As soon as it was pointed out that there were flaws, they recognized it, admitted it, and did something about it INSTANTLY. So the issue isn't that Firefox and OSX is more secure than Internet Explorer or Windows but rather that both the Firefox and Mac teams are responsible for their products something that is WOEFULLY lacking from the MS team. Not all that long ago it was found out that MS knew about a bunch of big security issues for a VERY long time and they didn't advertise the fact because they claimed they didn't want the "bad guys" exploiting the problems. This was irresponsible because the "good guys" didn't even know that a problem existed. The point as I saw it to that story was that MS wasn't able to fix the problem quickly so they tried to dodge the bad press, which of course led to them getting EVEN MORE bad press. I'm sorry but that company is so shoddy, they deserve the bad reputation they have. |
TarPit Coder
Citizen
Username: Tarpitcoder
Post Number: 38
Registered: 12-2004
| | Posted on Monday, February 27, 2006 - 7:48 pm: |
|
The out-of-box configuration of NT/2000/XP is pretty horrible. The whole administrator thing is pretty sad - and it shows the 'Oh hell no this isn't multiuser'. MS did this purposely - sell more boxes. About 10 or more years ago I needed to see if we could do a real multiuser NT box. Citrix winframe was what we settled on. It was much better than regular NT and helped lots but it was still a little weird.
I'm not sure if OSX is designed 'multiuser' from the get-go - can anyone else comment on that?
Of course, once you say Unix is multiuser all the TENEX and mainframe people standup and laugh - they point to shared memory crappiness - Hell the Pick box they used to run back at my dads work supported something like 60 people with 4 MB ram on a 68020.
--Tarp |
Tom Reingold
Supporter
Username: Noglider
Post Number: 12658
Registered: 1-2003
| | Posted on Monday, February 27, 2006 - 10:06 pm: |
|
MacOS is built on unix, so yeah, it's multi-user in the same way. It's not like tenex or mainframes, though, with totally separate memory spaces.
MacOS and Windows XP have a feature of letting one person use the console at a time and everyone is logged in at the same time. When you switch user, your programs -- and the states they are in -- are preserved.
|
TarPit Coder
Citizen
Username: Tarpitcoder
Post Number: 39
Registered: 12-2004
| | Posted on Tuesday, February 28, 2006 - 7:18 am: |
|
2000/XP has this too - runas - although it's rarely used. Out of the box it has 'fast user switching' - which allows one user to effectively 'logout' but leave all their processes running - whilst another logs in.
The whole focus of fastuser switching is from the displaystaition point of view. To an average home user - if they have the control of the displaystation then they are 'using' the computer.
Microsoft could have put a shell just like XP on Unix, and designed similar user apps on unix and it would be just as much of a security nightmare.
What's the OSX viewpoint? Can an OSX box serve multiple aqua desktops to multiple users over the network? Does it have any 'too many connections' type limitations? Is it as simple as doing the equivalent of a:
set DISPLAY=spaceweasel:0.0
my_sexy_desktop_aqua_or_whatever_its_called&
from the shell?
I guess what I am wondering is how does OSX behave with X?
--Tarp |
Tom Reingold
Supporter
Username: Noglider
Post Number: 12664
Registered: 1-2003
| | Posted on Tuesday, February 28, 2006 - 7:26 am: |
|
Oh. No, OSX doesn't have remote display. X is not the native window system. You have to install it as an extra, and no one does. The window system is called Aqua. Well, maybe it does remote display, but I doubt it.
There's always VNC. And I think you can log in over VNC as userA while someone else is on the console as userB. This is not possible with XP.
I've been planning to install X but haven't gotten around to it yet.
So yeah, the mac is still more singleuser than unix, but that's mostly because people are sitting in front of clients that are already full featured, i.e. don't need a remote server. I'd love to see the world move to thin clients, but I don't expect that to happen any time soon.
|
TarPit Coder
Citizen
Username: Tarpitcoder
Post Number: 41
Registered: 12-2004
| | Posted on Tuesday, February 28, 2006 - 7:42 am: |
|
First off ere's the 2000/XP runas link I forgot to include:
http://support.microsoft.com/default.aspx?scid=kb;en-us;294676&sd=tech
I wish the world would go back to thinclients too. Anyone who has spent any serious time sysadmin for a bunch of PC's knows the hell that it is.
My preference is:
>Spend enough money on the network and server infrastructure that the experience is good for users.
>Give users backed up network storage that isn't small or slow.
>Allow users to customize their desktop / preferences as much as they want - but the preferences are on the server.
Mainframes got a bad rap - because the managers often didn't keep pace with user requirements and they had a 'I'm god bow to me' complex. Why the hell would I want to run my compile on a PC when I could have a 32 processor backend server that is 93% idle and has way more memory disk and compute?
Why would I want to try and backup GIGs of data on my PC when it could be safely looked after for me?
MS of course was totally against this philosophy. We ran WFWG extremely well off netware servers but when 95 came out we jumped thru all kinds of hoops to try and get it working sanely and remote booting. We tried dedicated 100 base TX to a server and it didn't behave. We gave it more RAM and it didnt behave. Total PITA. At the same time OS/2 would remote boot quite happily. As did our Sparcstation 1's. I asked my sysadmin friends and they all ended up doing the same thing - You load a fresh 95 OS - zap everything either over the network or via CD / a portable backup.
My favorite read about stateless workstations was those terminals they developed at (Bell Labs?) which were a piece of glass to the display actually running the framebuffer I think. That was really kinda coooool.
--Tarp |
Tom Reingold
Supporter
Username: Noglider
Post Number: 12668
Registered: 1-2003
| | Posted on Tuesday, February 28, 2006 - 11:05 am: |
|
I don't know what you're talking about, but maybe it's Plan 9. I worked as a sysadmin at Bell Labs Research from 1992 through 2002. I wasn't in the Plan 9 area and I don't know much about it, but it was an interesting hybrid between workstations and server-centered computing. The inventors didn't like workstations much and liked thin-ish clients but not as thin as X-terminals.
I loved X-terminals. A minority of our users had them in their heyday, but they were very happy. The idea was very promising, until the web browser came out. Obviously, that should run locally. We had some people cling to their X terminals long after they were obsolete, because they were maintenance free and silent. One of the last holdout users had a black and white X terminal because it was so easy on his eyes. I disagreed that it was worth the sacrifice of color, but I don't blame him, either.
Yes, citrix seems a bad example of this model, and it has done a disservice to the model. I have administered environments with hundreds of unix workstations where home directories and applications all sat on servers and workstations were generic. A workstation could crash or die; I would slip in a replacement, and with no reconfiguration whatsoever, the user was up and running with no adjustment, either. All workstations were essentially alike. MS has seen to it that applications cannot be fed from a file server over the network. Argh.
But I'm talking about large environments. I think thin clients are less likely to catch on (soon) in the personal computing arena.
|
TarPit Coder
Citizen
Username: Tarpitcoder
Post Number: 56
Registered: 12-2004
| | Posted on Friday, March 3, 2006 - 8:41 am: |
|
Tom,
Did you ever do any fiddling with NeWS? I remember thinking 'weird and groovy'. It seemed like an idea wayyy ahead of its time.
--Tarp |
Tom Reingold
Supporter
Username: Noglider
Post Number: 12717
Registered: 1-2003
| | Posted on Friday, March 3, 2006 - 9:30 am: |
|
Yeah, I used it in 1989 for a while. They published a paper which explained why it's faster than everything else, which took a lot of nerve, because it was slower than both Sunview and X. But it was amazing, the stuff you could do. My cow-orker became a postscript hacker and kept amazing the rest of us. It was ahead of its time. Or maybe Sun is just the worst at introducing window systems. I can't count how many times they said, "OK, this is the real standard, and it will stick" only to see that they were wrong. Sunview, NeWS, OpenWindows, CDE, what else? I see they've given into Gnome, which looks like an admission of defeat, which is about time.
The truth is, I didn't have much patience for NeWS. I went back to Sunview for the speed.
|
TarPit Coder
Citizen
Username: Tarpitcoder
Post Number: 57
Registered: 12-2004
| | Posted on Friday, March 3, 2006 - 9:45 am: |
|
I remember seeing a couple of Sunview apps on my Sparcstation 1+ - I also remember OpenWindows and thinking it was really sexy at the time. CDE I don't like much I have to admit.
I messed about doing some development in Java several years back on Linux and I ended up choosing Afterstep. I liked the way it behaved and found it pretty refreshing. I also liked the virtual desktops and being able to switch a desktop with CTRL Arrowkey, I could have my App running fullscreen on a different desktop and a fullscreen editor desktop and a full-screen xterm.
When I had an SGI I used Indigo Magic which seemed quite usable. What do you think of Aqua? I've never really used it.
--Tarp |
Tom Reingold
Supporter
Username: Noglider
Post Number: 12722
Registered: 1-2003
| | Posted on Friday, March 3, 2006 - 9:54 am: |
|
After seeing Sun change its mind so many times, I decided not to get emotionally attached to window systems. I liked openwindows and used it heavily. But then I messed with other window managers and decided to learn only enough to get the job done and stop tinkering. I don't care any more.
So I use Aqua at home. I think it's better than MS Windows, for sure. Oops, I don't mean the praise to sound that faint, but actually, I think the Windows task bar. I like the Aqua dock better. (There is tons about the MS Windows window management system that deserves severe criticism.) I didn't like the way on the mac you have to click to switch apps, but I see the advantage and have learned to like it. This way, there are no accidental clicks. Nothing is perfect, and Aqua makes a lot of reasonable compromises. It's also reasonably fast, and it's extremely reliable. Mind you, I'm just a user of these things. I don't program windows or graphics.
SGI's were very cool. We had a lot of them at Bell Labs.
|
TarPit Coder
Citizen
Username: Tarpitcoder
Post Number: 59
Registered: 12-2004
| | Posted on Friday, March 3, 2006 - 10:02 am: |
|
Yeah I loved my Indy. Sad to see em go. Latest news I've read is that SGI is gonna get chopped up. Apparently MS has bought heaps of their patents. Also I read NVIDIA is looking at their graphics stuff. Dunno what Silicon Graphics OOPS I mean SGI is without graphics.
If Intel had managed to ship Itanium in at all of a timely fashion they would be in much better shape today. Wouldn't have stopped the 'attack of the killer PC's eating the graphics business out from under them with 3D accelerator cards but we know how it goes.
I do wonder where that deep how to do NUMA big knowledge will end up.
--Tarp |
AlleyGater
Citizen
Username: Alleygater
Post Number: 1218
Registered: 10-2004
| | Posted on Friday, March 3, 2006 - 1:26 pm: |
|
Tom, what do you mean when you say you have to click to switch apps? Do you mean the keyboard or the mouse?
You know that you can press Command + Tab to switch apps right? While the Command key is depressed you can keep pressing the Tab (or Shift+Tab) to cycle through apps. What is EVEN SHNAZZIER is if you keep the Command key down, you can move your move right over top the list of apps and choose which one you want to jump to and just depress the Command key to go to it.
So essentially OSX does EVERYTHING that Windoze does but much more and much more elegantly in that regard. |
Tom Reingold
Supporter
Username: Noglider
Post Number: 12729
Registered: 1-2003
| | Posted on Friday, March 3, 2006 - 2:24 pm: |
|
Sorry I was not clear. Yes, I know about Command-Tab, and I use it a lot.
There's an X windows feature I like, which most people have never seen, called focus-follows-mouse. When the mouse cursor is in a window, it is "in focus" and lets me type, even if it's not the window on top! I find that I like to read one window and type in another, and I'm often typing on the bottom window, with just a small portion exposed. There is a way to enable this for MS Windows, which I do. But this is impossible with MacOS. If I am going to use the mouse to switch apps, I must click on a window of the app. This is both good and bad. It's good because that click-to-switch does not amount to a click in the app, so I don't inadvertently somewhere such as a hyperlink. It's bad because it's extra clicking, and it brings the new app to the top. I know I'm weird in that I like to type on a window that's not on top.
|
TarPit Coder
Citizen
Username: Tarpitcoder
Post Number: 61
Registered: 12-2004
| | Posted on Friday, March 3, 2006 - 2:46 pm: |
|
Tom,
Nope your not weird - I think all longtime X users used to do that - and it was funny reading it, because I just kinda went uh-huh. Hovering over a window for focus was kinda groovy. In afterstep you could program a predelayed 'autoraise' so if you hovered over a window for say a second it would autoraise. Never got used to that myself... Kinda weird. I liked being able to hover over a window which was mostly hidden so I could type in my little esoteric command.
|
monster
Supporter
Username: Monster
Post Number: 2307
Registered: 7-2002
| | Posted on Friday, March 3, 2006 - 5:32 pm: |
|
Tom,
In X11 'Focus Follows Mouse' is active, with the X11 windows.
If it's not working than enter this into a terminal window
defaults write com.apple.x11 wm_ffm true
then quit and restart X11
To turn it off, enter defaults write com.apple.x11 wm_ffm false
You can enable FFM for Terminal windows by entering the following in a Terminal window,
defaults write com.apple.Terminal FocusFollowsMouse -string YES
To turn it off enter defaults write com.apple.Terminal FocusFollowsMouse -string NO
I haven't used either of these options so I can't offer as to how well it works.
You might also look into CodeTek's Virtual Desktop , http://www.codetek.com/ctvd/
From the example they give of FFM it shows the window coming to the front, but they state
Focus-Follows-Mouse
We took a good feature and made it better. Now you can focus a window without raising the window. Also, you can turn off focus follows mouse with a HotKey giving you more control than ever.
|
Eponymous
Citizen
Username: Eponymous
Post Number: 126
Registered: 6-2004
| | Posted on Saturday, March 4, 2006 - 7:14 pm: |
|
Tom,
There used to be an extension for this in OS 9. I never liked it, but maybe there's something for OS X too. |
Tom Reingold
Supporter
Username: Noglider
Post Number: 12739
Registered: 1-2003
| | Posted on Sunday, March 5, 2006 - 11:19 pm: |
|
Thanks, monster and Eponymous. I have a feeling when I try it, it might not be "appropriate" for Mac OS.
And I tried autoraise in X windows and was on the verge of screaming within a few minutes.
One day, I would like a camera to track my eyes so that the computer's focus follows them!
|
Closed: New threads not accepted on this page