Messages

I'd prefer people not sending out arbitrary ICMP from my system.  I allow them to use ping and traceroute, but using other tools they can do a ping-of-death attack, smurf attack, and other stuff.  I'd prefer not allowing that. 

Agreed ... but I believe there should be some facility to do echoing at least.  Darwin, for example, has a restricted ICMP extension with SODK_DGRAM.

Non-privileged ICMP
     ICMP sockets can be opened with the SOCK_DGRAM socket type without
     requiring root privileges. The synopsis is the following:

     socket(AF_INET, SOCK_DGRAM, IPPROTO_ICMP)

     This can be used by non root privileged processes to send ICMP echo
     requests to gauge the quality of the connectivity to a host, to receive
     ICMP destination unreachable message for path MTU discovery, or to
     receveive time exceeded message for traceroute.

The proper solution is to make your program SetUID.  Fork a process that stays as root, and put it to sleep.  Then drop privs on the parent process.  If you need to do ICMP stuff, wake up the child and tell him to do it.  That's the best solution, and that's what's typically done. 

Suppose you want to run the software on a shell or anohter Unix system that isn't yours.  Then it's likely you will not be given a SetUID bit.  That's not good enough.

First of all, I agree with the decision to make ICMP require root. 

Seocnd, that's not sticky, that's SetUID.  If you look up SetUID and SetGID, you can find more information.  But to summarize, a SetUID program executes in the context of the owner (root) and a SetGID program runs in the context of the group owner (wheel). 

Oh, my mistake, I meant "sticky bit" for special modes in general.  That still doesn't tell me how to systematically get the latency to a remote host.  That's lame that Unix systems do not have under priviledged facilities that Windows and Apple have to handle this.
Executing "ping" is lame.  I am already aware of that solution.

Well, this serves as an example of Unix lameness

I know of no way to bypass root privileges to send ICMP echo packets ... in fact, I believe there isn't a way.
You have to do lame things like execute "ping".  If anybody has a secret to using ICMP without root privileges, please share.

Linux and Darwin solutions don't count as these two systems are non-standard.

Darwin has added ICMP support to SOCK_DGRAM for restricted ICMP usage.  All other Unix systems only have ICMP support with SOCK_RAW (which requires root privileges).

How does ping work?  Notice the sticky bit.

-r-sr-xr-x  1 root  wheel  23008 Jan 18 07:41 /sbin/ping

You can get a UNIX license plate too :)

http://www.opengroup.org/bookstore/catalog/n900.htm

Cool.  I've tried almost every dockapp there at some point, but I never really used them much.  I'm currently using a fairly new installation, so I haven't got as many as I'd like, but I have enough to make me happy. 

I personally like the simple look.  Here it is.  I used to use different backgrounds and stuff, but I just didn't like it.  So I stick with the default settings, or very nearly default. :)

Whatever works.  I particularly like the XKB status button on Window Maker...very handy.

Windows is consistent, agreed.  KDE and Gnome are not the only window managers available.  I personally love Window Maker.

If I had to say one thing about Glove, the man knows style.  Window Maker for life :)

Calls for showing off :D


XMMS and the dockapps on the clip are running off of a remote machine (my jukebox/misc machine).

[4)]

Most people cannot properly comment because either they are still partially dependent on Windows or have never used anything else.  Please, if you fit either criteria, don't comment.

(someone who might use XP all the time will not notice due to Microsoft's conditioning).

4) Bad documentation - Wait!  There is no useful documentation!  Please, don't start on MSDN ...

Please, don't post the typical responses  ... like I said, if you've never used anything else then you shouldn't even be replying in this topic. The typical windows user has computing tunnel vision ... its a sad thing.

Now, I know you're vehemently anti-Windows, but c'mon, this is loaded language.  Now, I'll step back and admit, Glove's responses to what I said definitely are making me re-evaluate how I thought he was approaching the topic (I thought he was going to be a Warrior for Unix, and by Warrior, I mean the member).  We'll see as time moves forward, but I think you're just being silly.

No, I truthfully think the BSD man pages are much more readable than MSDN.  I also experienced the sluggishness of Windows XP after not touching anything Windows related for a year ... I thought to myself, "This is the most popular OS?"  I was shocked beyond belief.  Because windows users are so accustomed to the Microsoft way of doing things and the speed of these tasks, it is a wonder that people don't complain...they have been conditioned to this sort of computing.

Man pages are great and they usually list indepth examples.  I learned a lot about network programming in Unix just from the man pages.  They also have "intro" man pages for topics.  See, for example, netintro

Unfortunately I cannot come up with man pages that I have found woefully inadequate, but particularly when I was *brand new* to Linux, some of the operating system features themselves were not well-documented (although I suppose that could have been due to the distro itself).  The experience pretty much tainted man pages for me.

MSDN is very frequently a fantastic resource that you dismissed out of hand.

I'm not sure about Linux documentation, but BSD documentation is usually excellent.

[1)]

x86] link=topic=5112.msg58906#msg58906 date=1141791578]
I'm going to take apart your argument item by item, even though we both know that, no matter what I say in contradiction, I'm going to be labelled a "windoze n00b" and unworthy of posting.

I used to talk like this until I tried and used something else.

Lists of reasons Windows sucks:
1) Not very flexible - you can only use one GUI and you're forced to use it and the tools built in.  The tools are not very flexible (for example, try making RRAS do NAT on one nic something a Unix firewall can handle).  Repair tools are poorly designed, a clever trojan could name itself with characters that recovery console will refuse to delete (I have personally seen this).  Most people cannot properly comment because either they are still partially dependent on Windows or have never used anything else.  Please, if you fit either criteria, don't comment.

Inflexibility in using a windowing system is not a reason that Windows sucks.  It's the reason people buy it.  Windows is consistent, and it's interesting how both Gnome and KDE use Windows mneumonics.

You may be right about the trojan issue, but it's not something I've ever seen.  I'm also not familiar with RRAS performing NAT -- nor am I familiar with its applications.  I would wager with a proper driver it's possible.

Windows is consistent, agreed.  KDE and Gnome are not the only window managers available.  I personally love Window Maker.
RRAS likes handles rules on a per nic basis ... I haven't found a way to do NAT on one nic in Windows 2000 ADV Server.

2) Requires higher end hardware to run - It's no secret, even old machines are useful ... but for example XP will tear apart an older 400-500MHz machine.  Windows grows fatter and requires more, this is no secret.  Most Unix flavors can run off of a diskette.  Try running a Unix for a whole year without exposure to Windows, then try Windows ... you'll see, then you'll wonder why and how anybody could accept this as the computing standard.  I couldn't believe that a coworker's brand new 3 day old laptop was extremely sluggish running XP (someone who might use XP all the time will not notice due to Microsoft's conditioning).

I'm not quite sure how well it does, but I know that a friend of mine runs XP on a 433MHz Pentium III.  With proper maintenance, Windows does not grow "fatter" -- but the catch is exactly that -- with proper maintenance.  I have bought two laptops in the last four years -- as soon as I get them, I wipe them clean and do a completely fresh install.  Dangerous, you say?  Hardly!  I know how to set up my system securely.

Yes, you have to strip XP of its eye candy features for it to run nicely on those systems.  But its still noticeably sluggish until you get used to it.
Please see: http://www.securityoffice.net/mssecrets/hotmail.html

5)      Image size. The team was unable to reduce the size of the image below 900MB; Windows contains many complex relationships between pieces, and the team was not able to determine with safety how much could be left out of the image. Although disk space on each server was not an issue, the time taken to image thousands of servers across the internal network was significant. By comparison, the equivalent FreeBSD image size is a few tens of MB.

It is very fat and it continues to grow.

Cuddos to you for wiping your laptops clean.  That's exactly what I do.

3) Lack of control and verbosity - No boot diagnostics, error messages are useless or limited.  I'll be very brief ... try manually setting your CPU's speed.  Exactly, you can't.  You also have no control over what drivers and modules load.

You certainly have control over what drivers and modules load through hardware configuration.  It seems you don't know what you're talking about in that vein.  Proper administrators will set up hardware configurations prior to that being an issue.

You are correct though, in asserting you cannot set your CPU speed.

Please see: kldload, kldunload, kldstat and my favorite, securelevel

I can forcefully load, unload, and even view loaded kernel modules with builtin system tools.  With securelevels, I can prevent modules, firewall rules, and certain device nodes from being loaded, modified, and written to during system run time.  No other OS I know of has such a feature ... very handy.  Unfortunately X likes to write to /dev/io and so I cannot even run the system at securelevel 1. These securelevels cannot be lowered during multi user run time.  I do not know of any ways to do this in Windows...Sysinternals has some tools like Process Explorer but thats the best I can think of.

For example:

Code Select Expand

%kldstat
Id Refs Address    Size     Name
1   14 0xc0400000 4033b4   kernel
3    2 0xc080a000 20448    sound.ko
4    1 0xc082b000 3f44     acpi_ibm.ko
5   17 0xc082f000 6057c    acpi.ko
6    1 0xc0890000 41c4     wlan_tkip.ko
7    1 0xc0895000 6fe4     wlan_ccmp.ko
8    1 0xc1ef5000 18000    linux.ko
9    1 0xc4079000 5000     snd_ich.ko


4) Bad documentation - Wait!  There is no useful documentation!  Please, don't start on MSDN ...

That's... dumb.  Yeah -- MAN pages are *great*.  Okay.  I have never not been able to find what I was looking for on MSDN.  As it turns out, once you get an idea for how the Win32 API functions and how it's generally ordered, it's quite easy to find things.

Man pages are great and they usually list indepth examples.  I learned a lot about network programming in Unix just from the man pages.  They also have "intro" man pages for topics.  See, for example, netintro

5) Easy to run, easy to break - Even windows can break on the most experienced users...but what I find most ironic is that Windows is designed for the faint of heart, but it also breaks most frequently for these types of people.  Ever try fixing Windows?  Right...usually you just format and reinstall.  Even if you know how to manually remove malware, you can never be sure its gone (and don't kid yourself, virus scanners and spyware removers don't always work).

Actually, yesterday I discovered a nice little piece of malware (adware) had tunneled into my winlogon and explorer processes.  First, I forbade it from loading through COM, which stopped it from loading into Explorer, but it was still there in winlogon.  I loaded up Process Explorer, killed winlogon, and deleted the file before I BSOD'd.  Guess what -- all gone!  Fixed!

Are you sure its all gone?  Might popup again one day :)

6) Mercy of Microsoft - Microsoft does NOT have to fix their software ... and in fact there are problems they do not fix, for example, the DSO exploit in IE.  As a Windows user, you rely on Microsoft to find problems and patch them.  Patches are not always released immediately either.

Well yeah, this *is* the problem, isn't it?  I was looking today at the WMF vulnerability -- do you know I have *never* seen a WMF used anywhere except clipart?  I'm not really sure what the relevance for these things is.

Doesn't make it alright for Microsoft to ignore vulnerabilities. 
What amazes me is a project like OpenBSD, totally volunteer driven, has a team of code auditers that look for bugs and security vulnerabilities.  That's not even the beginning to security in OpenBSD.  I invite you to read their security policy: http://www.openbsd.org/security.html
Does Microsoft have a team of code auditers?  I'd wager not...they seem to only respond to problems.

[1)]

Lists of reasons Windows sucks:
1) Not very flexible - you can only use one GUI and you're forced to use it and the tools built in.  The tools are not very flexible (for example, try making RRAS do NAT on one nic something a Unix firewall can handle).  Repair tools are poorly designed, a clever trojan could name itself with characters that recovery console will refuse to delete (I have personally seen this).  Most people cannot properly comment because either they are still partially dependent on Windows or have never used anything else.  Please, if you fit either criteria, don't comment.
2) Requires higher end hardware to run - It's no secret, even old machines are useful ... but for example XP will tear apart an older 400-500MHz machine.  Windows grows fatter and requires more, this is no secret.  Most Unix flavors can run off of a diskette.  Try running a Unix for a whole year without exposure to Windows, then try Windows ... you'll see, then you'll wonder why and how anybody could accept this as the computing standard.  I couldn't believe that a coworker's brand new 3 day old laptop was extremely sluggish running XP (someone who might use XP all the time will not notice due to Microsoft's conditioning).
3) Lack of control and verbosity - No boot diagnostics, error messages are useless or limited.  I'll be very brief ... try manually setting your CPU's speed.  Exactly, you can't.  You also have no control over what drivers and modules load.
4) Bad documentation - Wait!  There is no useful documentation!  Please, don't start on MSDN ...
5) Easy to run, easy to break - Even windows can break on the most experienced users...but what I find most ironic is that Windows is designed for the faint of heart, but it also breaks most frequently for these types of people.  Ever try fixing Windows?  Right...usually you just format and reinstall.  Even if you know how to manually remove malware, you can never be sure its gone (and don't kid yourself, virus scanners and spyware removers don't always work).
6) Mercy of Microsoft - Microsoft does NOT have to fix their software ... and in fact there are problems they do not fix, for example, the DSO exploit in IE.  As a Windows user, you rely on Microsoft to find problems and patch them.  Patches are not always released immediately either.

Please, don't post the typical responses  ... like I said, if you've never used anything else then you shouldn't even be replying in this topic. The typical windows user has computing tunnel vision ... its a sad thing.