The best Linux for a Macbook



  • So Linus Torvalds posts a bit of a rant about OpenSUSE:

    @Linux Torvalds said:

    I first spent weeks arguing on bugzilla that the security policy of requiring the root password for changing the timezone and adding a new wireless network was moronic and wrong.   I think the wireless network thing finally did get fixed, but the timezone never did - it still asks for the admin password.

    And today Daniela calls me from school, because she can't add the school printer without the admin password.

    Whoever moron thought that it's "good security" to require the root password for everyday things like this is mentally diseased.

    So here's a plea: if you have anything to do with security in a distro, and think that my kids (replace "my kids" with "sales people on the road" if you think your main customers are businesses) need to have the root password to access some wireless network, or to be able to print out a paper, or to change the date-and-time settings, please just kill yourself now. The world will be a better place.

    .. and now I need to find a new distro that actually works on the Macbook Air.
    Although I agree completely with his remarks, I only mention it because of a comment I found on another forum:

    @Some Anon guy said:

    He should pickup the distribution that really works on a Macbook Air....... It's called OS X.
    So he buys a computer that comes with a perfectly gay fine operating system already installed and replaces it with something inferior and then bitches that it doesn't work.  WTF.



  • @El_Heffe said:

    @Some Anon guy said:
    He should pickup the distribution that really works on a Macbook Air....... It's called OS X.
    So he buys a computer that comes with a perfectly gay fine operating system already installed and replaces it with something inferior and then bitches that it doesn't work.  WTF.

    Meh, OSX is a piece of shit, but Linux is pretty awful, too. But his problem wasn't with Linux not working with the hardware, but the fact that OpenSUSE has really dumb security settings.

    Then again, I prefer to run everything as root anyway. I'm sick of packages and distros that bitch about me running as root. Running as a user just means I have to fuck around with permissions on my own goddamn computer which makes no fucking sense. The only program I can think of that actually makes sense to run as non-root is Chrome because it's easier to break out of the browser sandbox as root. But for everything else? There's no point.



  • @Linux Torvalds said:


    And today Daniela calls me from school, because she can't add the school printer without the admin password.

    Whoever moron thought that it's "good security" to require escalated priviledge to make functional changes to that operating system that can affect all users of that system has understood the importance of change control.

    FTFLinus.

    Since when is "adding a school printer" an everyday task? I don't recall doing that every day, and I can forsee the issues that would happen at that school if just anyone was permitted to administer printers.

    (Yep, I did spot the OSX stuff lower down, I didn't miss the original point. I'm just railing at people that find security measures inconvenient and don't consider the bigger picture of no security at all)

    By the way.. I thought with PolicyKit you didn't actually need root privs to make changes like this - the point was that you could group together related access levels then bestow that enhanced level upon mortal users.


  • ♿ (Parody)

    @Cassidy said:

    Since when is "adding a school printer" an everyday task? I don't recall doing that every day, and I can forsee the issues that would happen at that school if just anyone was permitted to administer printers.

    It sounded like she wanted to use her computer to print on a printer at school. Apparently, she was allowed to bring her computer in and attach it to their network / printer. What's the security risk of printing to a particular printer?

    I would think that adding new printers to laptops might be a common thing, since one of the great advantages of the laptop is that you can easily take it to many places. Places that don't all share printers. It sounds like he's got his daughter set up as a normal user, and hasn't shared the root password with her, which is how I have my kids' computers set up, too.

    @Cassidy said:
    By the way.. I thought with PolicyKit you didn't actually need root privs to make changes like this - the point was that you could group together related access levels then bestow that enhanced level upon mortal users.

    That may be (I'm not familiar with PolicyKit), but I think the point is that the default is to have stuff like adding a printer require root, which I would agree seems dumb. The problem isn't the security model, but the default settings (assuming that a more reasonable setting could be made).



  • @boomzilla said:

    What's the security risk of printing to a particular printer?

    No risk of printing. Possible risk to the owner of the document when confidential information is sent to the wrong destination (I tihnk a minister once faxed something secret to a newspaper by mistake). However, the point wasn't about printing to a particular printer, it was more about allowing just any user to make changes to printing configuration.

    @boomzilla said:

    I would think that adding new printers to laptops might be a common thing, since one of the great advantages of the laptop is that you can easily take it to many places.

    Agreed - so if this is a common operation by a machine that has a single trusted user, then no reason not to make that individual root to allow them the freedom to make changes as they see fit?

    @boomzilla said:

    but I think the point is that the default is to have stuff like adding a printer require root, which I would agree seems dumb. The problem isn't the security model, but the default settings (assuming that a more reasonable setting could be made).

    No, the problem is that adding a printer by default on a multiuser operating system is a privileged operation, and ordinary users lack that right, so some procedure needs to be in place to grant necessary privileges beforehand - such as sudo/policykit/RBAC etc[1] - to permit named users access to that level of functionality. She didn't need root password, she needed the required level of access - same as in the Windows world, I don't need the Administrator's password to add a printer, I just needed someone with appropriate rights to add me into the "Print Operators" group so I could manage printers myself.

    Perhaps TRWTF is Linus himself: the policy is in place and he never thought of shaping that policy to suit Daniela's needs, but instead rants about how OpenSUSE isn't set up to his particular requirements out-of-the-box. How dare they! Next thing, you'll have coders blaming the language for their lack of... oh.. wait...


  • ♿ (Parody)

    @Cassidy said:

    Perhaps TRWTF is Linus himself: the policy is in place and he never thought of shaping that policy to suit Daniela's needs, but instead rants about how OpenSUSE isn't set up to his particular requirements out-of-the-box.

    That reminds me of someone...



  • @Cassidy said:

    No, the problem is that adding a printer by default on a multiuser operating system is a privileged operation, and ordinary users lack that right

    Actually, it's not. CUPS runs in user-mode. Any user can print without root access. Now, adding a printer so that all users see it? Sure.

    @Cassidy said:

    She didn't need root password, she needed the required level of access - same as in the Windows world, I don't need the Administrator's password to add a printer, I just needed someone with appropriate rights to add me into the "Print Operators" group so I could manage printers myself.

    She did need the root password, that's the entire point. A saner choice would be an "enter your password" dialog which passes through to sudo.



  • @morbiuswilters said:

    @Cassidy said:
    No, the problem is that adding a printer by default on a multiuser operating system is a privileged operation, and ordinary users lack that right
    Actually, it's not. CUPS runs in user-mode. Any user can print without root access. Now, adding a printer so that all users see it? Sure.

    Would that be 2 users, 1 cup? Or 2 users, 1 cup, 1 printer?



  • @morbiuswilters said:

    Actually, it's not. CUPS runs in user-mode. Any user can print without root access. Now, adding a printer so that all users see it? Sure.

    I'm not disputing that any user can print. And IIRC, not any user can make changes to the printing subsystem through CUPS without first being added to a list of authorised users. Or confirms what I mentioned earlier: root (or a similar-priv'd user) can grant an additional level of access to a user so that user doesn't need root access.

    (edit: I just re-read yours more closely, and figured you were saying the same thing... weren't you?)

    @morbiuswilters said:

    She did need the root password, that's the entire point. A saner choice would be an "enter your password" dialog which passes through to sudo.

    Which is how Fedora/CentOS/Scientific does it (via ConsoleHelper apps) and Ubuntu/Debian do it, via PolicyKit. So... am I TRWTF in presuming OpenSUSE also does it that way? Or, if CUPS works in the way you described, is ol Linus still TRWTF for not installing and configuring CUPS on her laptop to enable her to manage printers without root?

    Vote now, and you could win a holiday in Barbados.



  • @Sutherlands said:

    Would that be 2 users, 1 cup? Or 2 users, 1 cup, 1 printer, 1 hand, 1 joystick, 55 gallons of lubricant and 40 strokes?

    FTFY...


Log in to reply