From owner-freebsd-questions Thu Nov 1 19:58:18 2001 Delivered-To: freebsd-questions@freebsd.org Received: from guru.mired.org (okc-65-31-203-60.mmcable.com [65.31.203.60]) by hub.freebsd.org (Postfix) with SMTP id 58FF937B406 for ; Thu, 1 Nov 2001 19:58:12 -0800 (PST) Received: (qmail 42554 invoked by uid 100); 2 Nov 2001 03:58:06 -0000 From: Mike Meyer MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <15330.6606.417524.41024@guru.mired.org> Date: Thu, 1 Nov 2001 21:58:06 -0600 To: "Anthony Atkielski" Cc: questions@freebsd.org Subject: Re: Re[2]: Tiny starter configuration for FreeBSD In-Reply-To: <64293877@toto.iv> X-Mailer: VM 6.90 under 21.1 (patch 14) "Cuyahoga Valley" XEmacs Lucid X-face: "5Mnwy%?j>IIV\)A=):rjWL~NB2aH[}Yq8Z=u~vJ`"(,&SiLvbbz2W`;h9L,Yg`+vb1>RG% *h+%X^n0EZd>TM8_IB;a8F?(Fb"lw'IgCoyM.[Lg#r\ Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Anthony Atkielski types: > At the moment, I'm not sure that I see the value to having an X Server at all. > What are people running under X that makes it so much more useful than a plain > tty interface? Gimp. Xsane. Gkrellm. Applixware Office. Pretty much the same kinds of things that you run on a Windows box, only with different names. > I'm surprised that any explanation is required. The security problems with UNIX > are legion, but the two that generally spring to mind instantly are the > all-or-nothing privilege structure of the system (you're either root, and master > of the world, or someone else, and master of nothing), and the absence of any > real granularity in access controls (you can control owner, group, and world > permissions, and nothing else). Having a minimal security mechanism - which is how Thompson and Ritchie described the Unix security mechanism - is *not* the same thing as being insecure. It may make some security policies impossible or difficult to implement, but that's a different issue. At this point in time, I'd trust your typical Unix system over your typical Windows NT system for two reasons: 1) Unix has a long history of security testing in hostile environments. 2) One of the selling points of Windows NT is that you don't have to hire experts to administer it. I'd expect the machine installed and secured by experts to be more secure, even if the security mechanisms on it are less flexible than those available on the system installed by untrained monkeys. Actually, *defaults* have a lot more to do with how secure any given system is. For instance, I'd expect an OpenBSD system to be more secure than a FreeBSD system, because OpenBSD defaults to the secure option more often than FreeBSD. An expert installing both systems would probably make them equally secure, though. I don't know how NT's defaults are chosen, but MS's historical choices have been for ease of use over security, so I'd expect the NT defaults to be insecure. So make that three reasons. > This sort of lightweight security was fairly common forty years ago when UNIX > was developed, but today it is considered massively insecure. By who? And note that "massively inadequate" is *not* the same thing as "massively insecure". > And the big brother of UNIX had exactly the opposite type of > security, i.e., some of the best that any operating system has ever > had. At the time, however, good security ate up lots of expensive > machine resources, and the thought of strangers banging against a > system from computers around the world virtually never entered > anyone's mind. Actually, the *design* of Multics was some of the best ever done. As far as I know, nobody ever implemented the complete design. That was partly because multics ate *lots* of machine resources, and for lots of reasons other than security. It was also partly because the mechanisms that were implemented were sufficient for everybody who used the thing anyway. Anthony Atkielski types: > Unfortunately, no existing OS, including UNIX, can really compete with the > Windows desktop realistically. Mac OS X exists mainly because the resources to > write a new OS from scratch specifically for the destkop were not available. I refuse to believe that Apple has fewer programmers than Be, to name just one example. Of course, Apple had people working on some non-zero number of new OS and desktop designs along the way as well - the names Darwin and Pink both come to mind. Not being an insider, I can't say for certain what the reasons for adopting Mach and BSD for Mac OS X were. I can say for certain that the licensing terms on it are better than they are on BeOS. > UNIX is a poor choice for a desktop OS, although it can be made to work--even > the original versions of Windows NT had to be shifted away from true multiuser > designs in order to better adapt them to the desktop. It sounds like you're claiming that multiuser systems are inherently incapable of being good desktop systems. The Software Tools project went a long way towards showing that the OS and UI are pretty much independent; the only real question is whether or not the underlying OS has all the facilities needed by the UI. Unless "good desktop system" means running legacy MS software, as implied by your last comment about Windows NT. Then again, Windows is a pretty miserable desktop system, so that hardly counts. Anthony Atkielski types: > Ted writes: > > There IS NO UNIX UI!!! > UI = user interface. All operating systems have a UI. In the case of UNIX, the > default UI is the system console, a simple alphanumeric display with keyboard > entry of command lines. All operating systems have AT LEAST one UI. Many have more than one. Unix has many. There are "unix" systems that can't be installed without installing a desktop. > > UNIX is designed so that any UI you run on it, > > whether a shell or a graphical one that looks like Windows, > > or a graphical one that looks like KDE, is basically > > what you would term an "application" in Windows-world. > See above. Most operating systems do this to some extent. True. if you don't get that separation, what you have is more a program loader than an operating system. > > Since UNIX has no "defined" UI, it's impossible for > > Windows to have a superior UI ... > When I installed UNIX, it came up with a command-line interface. Looks pretty > defined to me. It still does that every time it boots. So you've found the default UI for the UNIX version you installed. That doesn't mean it's the default for every Unix version. You can talk about "the default UI for Unix XXXXXX" and make sense. You can't talk about "the default UI for Unix" any more than you can talk about "the default number of cylinders for cars" and make sense. http://www.mired.org/home/mwm/ Q: How do you make the gods laugh? A: Tell them your plans. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message