Windows Update is a broken-ass buggy piece of shit



  • Filed under: I hate Windows! It makes it so hard to do things that make absolutely no sense and nobody actually does to regular users, but frequently need to be done by power users, administrators and developers

    FTFY

    It wouldn't be too hard for someone to actually implement a text editor that spawns off an elevated process to save a file if it found that it needed to. However, no editor I know of does this. I'd find it useful, for sure.



  • @MiffTheFox said:

    Didn't work for me. When the connection came back up it was the same old cached IP.
    It may have looked like that to you.  Did you read the dialog?

    Internet Systems Consortium DHCP Client 4.1.1-P1
    Copyright 2004-2010 Internet Systems Consortium.
    All rights reserved.
    For info, please visit https://www.isc.org/software/dhcp/

    Listening on LPF/eth0/00:50:56🆎6d:4d
    Sending on   LPF/eth0/00:50:56🆎6d:4d
    Sending on   Socket/fallback
    DHCPRELEASE on eth0 to 10.15.22.148 port 67
    Internet Systems Consortium DHCP Client 4.1.1-P1
    Copyright 2004-2010 Internet Systems Consortium.
    All rights reserved.
    For info, please visit https://www.isc.org/software/dhcp/

    Listening on LPF/eth0/00:50:56🆎6d:4d
    Sending on   LPF/eth0/00:50:56🆎6d:4d
    Sending on   Socket/fallback
    DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 5
    DHCPOFFER from 10.76.224.66
    DHCPREQUEST on eth0 to 255.255.255.255 port 67
    DHCPACK from 10.76.224.66
    bound to 10.76.224.94 -- renewal in 83076 seconds.

    If it output the standard dialog you see above, then the DHCP server is what gave you the same address back; Debian had nothing to do with it.

    @MiffTheFox said:

    Also Debian doesn't use su, it uses sudo.
    Tell that to my Debian box.

    @MiffTheFox said:

    the diaspora of fundamentally different OS's being treated as a single unified one.
    It is a problem.  I think it's because people who refer to "Linux" either don't know or don't understand the distinction that "Linux" is the kernel underpinning the OS.  One of our UNIX admins complained about this; I told him that it's similar to referring to Solaris and HP-UX and AIX (etc.) as "UNIX".  They're technically all "UNIX" but they have different ways of doing things.  Such is the same with all of these Linux distributions.  Debian and Ubuntu are related; RedHat and CentOS are related.  But they're still different.

    Nevertheless, you can't tell me that Windows is a unified system either.  To change network settings, click on the Start button (Windows 7 doesn't have it -- it has that circle with the Windows logo), go to Control Panel, click on Network Settings (oops, it's Network and Sharing Center in Windows 7), right-click on the Local Area Connection icon (nope, gotta click on Change adapter settings first in Windows 7) . . . etc.  As my specialty is Cisco IOS, it's not unified either.  The config organization changes between versions.  They change configuration commands -- sometimes by a single character.  What was once a default changes from one version to another within the same train.

    Linux distributions are not unified.  UNIX implementations are not unified.  Windows versions aren't unified.  Get over it.  Welcome to IT.



  • @blakeyrat said:

    Instead you'll try running "whoop there-it --is" and it'll say "file not found" or "no permissions" or "don't work, fuck you". Because the system's too fucking stupid to realize the command needs other permissions and prompt you for it at the time you run the command. Like, you know, every other OS has done for like 7-8 years now.

    I do like Linux, but I totally agree. Apache is a nice example. You want to restart it, and you get a bunch of shitty error messages that explain nothing. Then when you put sudo in front of it, it suddenly works. How come Apache can't figure out the user that tried to restart it, doesn't have the right permissions? Blakey probably has a good answer to that: I'm toon for TDWTFTV, back to you Blakey.



  • @blakeyrat said:

    @joe.edwards said:
    So, how is this different from launching a non-administrator command prompt in Windows and running an administrative command (let's say iisreset)?

    Nobody actually does that. CMD has been deprecated for years.

    In a previous thread, you said:

    @blakeyrat said:

    What is "the" Windows CLI? Windows doesn't have a "the" CLI.

    I do prefer PowerShell to Bash, if that's what you mean. If you're talking about CMD, that's... not quite accurate.

    And yet you knew exactly what he was talking about when he talked about "launching a non-administrator command prompt in Windows".  CMD is the de facto CLI for Windows.

     



  • @toon said:

    How come Apache can't figure out the user that tried to restart it, doesn't have the right permissions?
     

    It's hoping you could deduce that from the content of the error messages, or made the assumption that the user knew what they were doing. @toon said:

    Then when you put sudo in front of it, it suddenly works.

    Have you understood the reason why "it suddenly works"? I know in the days of Win2000, running some games in the Administrator context meant they "suddenly worked" but as my logged-in user kept barfing with some strange dialogues.

     



  • @blakeyrat said:

    CMD has been deprecated for years.
     

    That's funny, someone must have forgot to tell Microsoft, because custom build events in Visual Studio (pre-build, pre-link and post-build steps) are basically CMD scripts. Visual Studio 2010 installs no less than 4 links to CMD.EXE batch files (with different environment settings) in the start menu.  Notice that it doesn't install any links to PowerShell.  When you create a web application deployment package in Visual Studio, it creates a custom CMD.EXE script file for you to run.

    Yes, I realize many administrators and developers can get by without ever using CMD.EXE, I realize CMD.EXE has a lot of legacy issues (*), and I realize PowerShell is supposed to replace CMD.EXE, but that doesn't mean it isn't useful.

    I would also guess that most people who want to use ping (for example) in Windows would open up CMD.EXE and not PowerShell.  Not everyone needs scripting and not everyone needs a command line, but CMD.EXE, despite its issues, still does the job for many people.

    Also, for hardware drivers to be certified for Windows Server OS's (including 2008, 2008 R2 and 2012), developers must provide a console application for configuration.  So anyone who thinks the command line itself is obsolete is wrong.  (I realize you didn't say that, but many people, especially end users, believe that it is.)

    (*) Even the script file that Visual Studio creates for deploying a web application has one of these issues: you can't run it from a path that has a parenthesis in it.  (e.g. "\program files (x86)\..."  To be clear, I didn't want to run it from a path like that, but someone else did.)



  • @blakeyrat said:

    Nobody actually does that. CMD has been deprecated for years.
    OK, then PowerShell (except that commands sometimes fail silently when you run them from non-elevated PS; other times you get several lines of red text that very verbosely tell you which parts of the thing you were trying to do failed - but not why).
    @blakeyrat said:
    Nobody actually does that. Why would you need to elevate to save a text document?
    You never ever had to edit the hosts file?



  • @ender said:

    @blakeyrat said:
    Nobody actually does that. Why would you need to elevate to save a text document?
    You never ever had to edit the hosts file?

    One good example, IMO, is to test an application's internet auto-update functionality without making any changes to your company's live website.  I've had to do this, and I realize there's other ways, but I didn't feel like setting up a DNS server in the test lab just to direct one host name to an internal IP.  

    (It's a small company, so we don't use DNS internally in the test lab.  And even if we did, I probably wouldn't want to change DNS server that everybody's using to just for my own testing.)


  • Considered Harmful

    I usually create a fooapplication.localhost.myemployer.com hosts entry whenever I'm developing another web application (our single sign-on depends on a cookie assigned to .myemployer.com).



  • @PJH said:

    @blakeyrat said:
    Why would you need to elevate to save a text document? Are you saving it in the System32 folder or something? Fuck.
    To edit hosts, services, networks or any of the other files in that folder?
     

     

    Well, maybe Blakeyrat never have heard of the concept of configuration file.

     If he do, maybe he think it's a good idea to let them be edited without any privilege check.

     Now, the most likely option is that he didn't try to think if the scenario he were talking about was plausible or not. It's Blakeyrat. If it does not conforme to his habit, then  it's both outlandish and stupid, and an unworkable mess.



  • @joe.edwards said:

    Or opening a file in Notepad, start editing, and realize that you didn't elevate when you launched Notepad so now you can't save the file. Actually, neither OS seems to handle this scenario.
     

    This is something that really needs to be handled at the application level, unfortunately.  For example in autoruns (from the Microsoft Sysinternals tools), if you make a change that requires elevation, it will ask you if you want it to restart with elevated privileges.  The 3rd-party application TreeSize does something similar (it gives you a menu option to restart as elevated).



  • @PJH said:

    @tdb said:

    Actually, they're very nearly the same thing. [...] The differences are:


    <significant differences omitted>
    So you're in violent agreement with what I said then?

    I disagree with the "entirely different things" part you said. They do the same thing (run a command as some other user, usually root) but they have different ways for verifying that the user actually has the privileges to do that. I guess from a non-developer's point of view they might seem more different than they really are.



  • @nonpartisan said:

    It may have looked like that to you.  Did you read the dialog?

    Dialog? There was one line at most. Isn't that the "Unix way" to not give the user any indication that their tools are working because "output is slow"?

    Also, the flamewar over trying to help me only proves my point that not even "Linux experts" know the best way to do sometihng.

    For the record, I knew the IP would change because I do control the DHCP server and I set it to always assign the same IP to the system's MAC address. (Easier then giving it a static IP.) I also knew it would change because when I gave up the ghost and rebooted it changed. It's a headless box, so it doesn't have X, let alone GNOME or NetworkManager.

    Debian does have su, yes, but it also has an installer option to disable login as root, one I've been told should always be used. I guess that's my wtf on not mentioning that's how my system's configured.

    @nonpartisan said:
    Nevertheless, you can't tell me that Windows is a unified system either.  To change network settings, click on the Start button (Windows 7 doesn't have it -- it has that circle with the Windows logo), go to Control Panel, click on Network Settings (oops, it's Network and Sharing Center in Windows 7), right-click on the Local Area Connection icon (nope, gotta click on Change adapter settings first in Windows 7) . . . etc.

    ipconfig /release
    ipconfig /renew

    That's how you did it since at least Windows 2000, probably older. I wouldn't be surprised if it went all the way back to NT 3.1.



  • @flabdablet said:

    If you could alert me to something baked into Windows that's similarly concise and replaces shutdown -s -f -t 0 I'd appreciate it.

    `shutdown /p` in 6.0 and later.

    But at least on Windows, shutdown is `shutdown -s -t 0` and reboot is `shutdown -r -t 0`.

     

    Btw, what does the Linux people think of the way I originally learned to shut down or reboot a Linux system from the command line: `init 0` and `init 6`?

    *grabs some marshmallows*



  • @ender said:

    @blakeyrat said:
    Nobody actually does that. Why would you need to elevate to save a text document?
    You never ever had to edit the hosts file?

    I think I did it once maybe, about 7-8 years ago. IIRC.



  • BTW it this is something you do frequently, it sounds like an opportunity. Make an app to do it, aware of all the permissions snags involved.


  • Considered Harmful

    @blakeyrat said:

    BTW it this is something you do frequently, it sounds like an opportunity. Make an app to do it, aware of all the permissions snags involved.

    What I was envisioning was that whenever an application (any application) tried to do something and failed with a permissions error, the user would get a chance to UAC elevate for the single operation. It might be tricky if the operation consists of many smaller operations that each require elevation, but perhaps the application could group them all into some kind of transaction, and the elevation would last for the duration of the transaction.



  • @blakeyrat said:

    But make sure you don't hsl the DHSQ when you P098b the FDLLAM or you might have a problem where your LHJ doesn't frob UTXX in time.
     

    I laughed

    @joe.edwards said:

    Actually, neither OS seems to handle this scenario.

    Incorrect. For all of Windows' oddball problems and lack of useful help/support documentation, in every single case where permissions are an issue, the error message almost always indicates something to that effect (or more commonly, I'm prompted to elevate permissions on the fly). Linux was not as helpful back when I tried using it, and according to other current users on this thread, it still has that problem.

    @blakeyrat said:

    Why the fuck are you even USING Notepad in 2013? Are you from a time-warp? CMD, Notepad... it's Windows 2000 all over again! Aaaaa!

    I frequently agree with you, but this... In a lot of cases, you don't have the luxury of installing whatever text editor your want, so Notepad becomes the default, and in especially secure environments you frequently need admin permissions to change critical config files. And never underestimate CMD, it's a server admin's best friend for automating and scheduling processes or performing some mind-numbing task (like disabling accounts) en masse.

     


  • ♿ (Parody)

    @blakeyrat said:

    BTW it this is something you do frequently, it sounds like an opportunity. Make an app to do it, aware of all the permissions snags involved.

    Yes! We need another wheel! Actually, I write lots of simple shell scripts to automate lots of little common tasks, but never "sudo nano /etc/hosts". On the occasion that I forget the sudo (and did a significant amount of editing), I just do a save as and then copy over the old file with the new.



  • @blakeyrat said:

    BTW it this is something you do frequently, it sounds like an opportunity. Make an app to do it, aware of all the permissions snags involved.
     

     

    If anyone needs the ability to elevate from a batch file (or an explorer shortcut), I've found this utility useful:

    http://www.winability.com/info/elevate/

     


  • Considered Harmful

    @Manni_reloaded said:

    @joe.edwards said:

    Actually, neither OS seems to handle this scenario.

    Incorrect. For all of Windows' oddball problems and lack of useful help/support documentation, in every single case where permissions are an issue, the error message almost always indicates something to that effect (or more commonly, I'm prompted to elevate permissions on the fly). Linux was not as helpful back when I tried using it, and according to other current users on this thread, it still has that problem.

    I don't consider an informative error message handling the scenario. As a user, my goal is to save the file, if the file is not saved, I have not accomplished my goal. Sure, it helps to know how I can troubleshoot the issue, but actually allowing me to elevate and save is endlessly preferable to manually spawning a new elevated process and copying the text over to it.



  • @CodeSimian said:

    If anyone needs the ability to elevate from a batch file (or an explorer shortcut), I've found this utility useful:
    Here's one that doesn't require you to enter an e-mail address to get it: http://code.kliu.org/misc/elevate/.



  • @joe.edwards said:

    I don't consider an informative error message handling the scenario. As a user, my goal is to save the file, if the file is not saved, I have not accomplished my goal. Sure, it helps to know how I can troubleshoot the issue, but actually allowing me to elevate and save is endlessly preferable to manually spawning a new elevated process and copying the text over to it.
     

    I agree this sucks from a user POV, but neither the Windows nor *nux architects thought it's a good idea to let running processes elevate themselves.  I think this is more for security reasons than technical constraints.  As another example of where security trumps usability, you cannot drag-and-drop from a non-elevated Explorer window to an elevated application and vice-versa.



  • @ender said:

    @CodeSimian said:
    If anyone needs the ability to elevate from a batch file (or an explorer shortcut), I've found this utility useful:
    Here's one that doesn't require you to enter an e-mail address to get it: http://code.kliu.org/misc/elevate/.

    Sorry about that.  I forgot about the e-mail requirement.  (I usually use a disposable email address for that kind of thing.)

    Here's a direct link (no idea how long this'll keep working):

    http://www.winability.com/d/?t=27210534

    I think the reason I picked the winability tool out of a few other alternatives was that it was the least quirky in terms of handling command line parameters.  But the one you linked looks even better.

     



  • @nonpartisan said:

    Linux distributions are not unified.  UNIX implementations are not unified.  Windows versions aren't unified.  Get over it.  Welcome to IT.
     

    Thank god for webstanda-- oh.



  • @MiffTheFox said:

    Dialog? There was one line at most. Isn't that the "Unix way" to not give the user any indication that their tools are working because "output is slow"?
    My output shows that isn't the case.  The example output I posted was from a Debian 6.0 box.  DHCP client/configuration/output it presents has not been changed in any way from the default.

    @MiffTheFox said:

    Also, the flamewar over trying to help me only proves my point that not even "Linux experts" know the best way to do sometihng.
    You completely ignored my description of why it is a problem to just refer to it as "Linux".  You said you were using Debian.  I gave you my results from a Debian system.  Without further information I can't explain why your experience is different.

    @MiffTheFox said:

    For the record, I knew the IP would change because I do control the DHCP server and I set it to always assign the same IP to the system's MAC address. (Easier then giving it a static IP.) I also knew it would change because when I gave up the ghost and rebooted it changed. It's a headless box, so it doesn't have X, let alone GNOME or NetworkManager.
    You gave none of that background before.  On my Debian box, if I ifdown eth0;ifup eth0 and watch the DHCP output dialog, I see that it releases the IP address, then sends a DHCPREQUEST and goes through the standard DHCP process.  It grabs the same IP address which happens to be how our DHCP server works it.  There are obviously other factors, other differences, between your environment and mind.

    @MiffTheFox said:

    ipconfig /release
    ipconfig /renew
    Congratulations!  You've found the one thing that remained consistent between versions of Windows!  I already posted a counterexample, which is enough to disprove a mathematical proof.


  • Considered Harmful

    @dhromed said:

    @nonpartisan said:

    Linux distributions are not unified.  UNIX implementations are not unified.  Windows versions aren't unified.  Get over it.  Welcome to IT.
     

    Thank god for webstanda-- oh.

    -moz-thank -o-thank -webkit-thank -khtml-thank -ms-appreciate -moz-Vishnu -o-Allah -webkit-spaghetti-monster -ms-God for... ah screw it.



  • @joe.edwards said:

    @blakeyrat said:

    Because if you're reading a guide about how to do something on Linux, they always give you a long series of commands to run, some of which require sudo and some of which do not. If you're lucky, they'll actually bother to tell you which is which, but most of the time they will not. Instead you'll try running "whoop there-it --is" and it'll say "file not found" or "no permissions" or "don't work, fuck you". Because the system's too fucking stupid to realize the command needs other permissions and prompt you for it at the time you run the command.

    So, how is this different from launching a non-administrator command prompt in Windows and running an administrative command (let's say iisreset)? Oh, because in Linux you can just sudo but in Windows you have to launch a new command prompt with administrative privileges and try again.

    Or opening a file in Notepad, start editing, and realize that you didn't elevate when you launched Notepad so now you can't save the file. Actually, neither OS seems to handle this scenario.

     

    Does [url=http://technet.microsoft.com/en-us/library/cc771525%28v=ws.10%29.aspx]runas[/url] not work for you? It's been around since at least Windows 2000.

     


  • ♿ (Parody)

    @powerlord said:

    @joe.edwards said:

    @blakeyrat said:

    Because if you're reading a guide about how to do something on Linux, they always give you a long series of commands to run, some of which require sudo and some of which do not. If you're lucky, they'll actually bother to tell you which is which, but most of the time they will not. Instead you'll try running "whoop there-it --is" and it'll say "file not found" or "no permissions" or "don't work, fuck you". Because the system's too fucking stupid to realize the command needs other permissions and prompt you for it at the time you run the command.

    So, how is this different from launching a non-administrator command prompt in Windows and running an administrative command (let's say iisreset)? Oh, because in Linux you can just sudo but in Windows you have to launch a new command prompt with administrative privileges and try again.

    Or opening a file in Notepad, start editing, and realize that you didn't elevate when you launched Notepad so now you can't save the file. Actually, neither OS seems to handle this scenario.

     

    Does runas not work for you? It's been around since at least Windows 2000.

     

    No, and I'm sure it doesn't work for you, either.



  • @boomzilla said:

    @powerlord said:

    @joe.edwards said:

    @blakeyrat said:

    Because if you're reading a guide about how to do something on Linux, they always give you a long series of commands to run, some of which require sudo and some of which do not. If you're lucky, they'll actually bother to tell you which is which, but most of the time they will not. Instead you'll try running "whoop there-it --is" and it'll say "file not found" or "no permissions" or "don't work, fuck you". Because the system's too fucking stupid to realize the command needs other permissions and prompt you for it at the time you run the command.

    So, how is this different from launching a non-administrator command prompt in Windows and running an administrative command (let's say iisreset)? Oh, because in Linux you can just sudo but in Windows you have to launch a new command prompt with administrative privileges and try again.

    Or opening a file in Notepad, start editing, and realize that you didn't elevate when you launched Notepad so now you can't save the file. Actually, neither OS seems to handle this scenario.

     

    Does runas not work for you? It's been around since at least Windows 2000.

     

    No, and I'm sure it doesn't work for you, either.

     

    Another reason I can't take Linux seriously is that the cheerleaders for it seem purposely obtuse. Exactly what do you mean by this? I tested it on my local Win7 box, as well as the Win2003 and Win2008 servers I support, it worked on all 3.

     



  • @Manni_reloaded said:

    Another reason I can't take Linux seriously is that the cheerleaders for it seem purposely obtuse. Exactly what do you mean by this? I tested it on my local Win7 box, as well as the Win2003 and Win2008 servers I support, it worked on all 3.

    He means you misunderstand the complaint.

    The complaint is he ALREADY TYPED THE DOCUMENT and then needs to elevate to save it. "Run As..." doesn't help in that situation. Unless you main you can "Run As..." another copy of the editor and copy-and-paste the text in, but in that case: duuuuh,



  • @blakeyrat said:

    @Manni_reloaded said:
    Another reason I can't take Linux seriously is that the cheerleaders for it seem purposely obtuse. Exactly what do you mean by this? I tested it on my local Win7 box, as well as the Win2003 and Win2008 servers I support, it worked on all 3.

    He means you misunderstand the complaint.

    The complaint is he ALREADY TYPED THE DOCUMENT and then needs to elevate to save it. "Run As..." doesn't help in that situation. Unless you main you can "Run As..." another copy of the editor and copy-and-paste the text in, but in that case: duuuuh,

     

    Oh, I assumed there was a more thought-provoking set of criteria being compared beyond "saving text files". This has officially become the most trivial argument I've ever read regarding the differences between two operating systems, congratulations to all involved.

     



  • @MiffTheFox said:

    Btw, what does the Linux people think of the way I originally learned to shut down or reboot a Linux system from the command line: `init 0` and `init 6`?
     

    I think you were told these commands and used them without researching into what they actually did.

    Personally, I don't think using the "init" command is particulary "wrong". All other commands (shutdown, reboot, halt etc) essentially finish with a call to the "init" command to change to that run-level... the additional parameters to "shutdown" simply perform some other stages before getting to that call. Leapfrog those stages at your peril, but there are times when using "init" is much quicker and far less anal than typing another command with options and parameters that are inappropriate (and unnecessary) to that particular situation[1].

     @MiffTheFox said:

    *grabs some marshmallows*

    Oi... that's my pack!

     [1] when in single-user, maintanence mode, etc.



  • @Cassidy said:

    It's hoping you could deduce that from the content of the error messages, or made the assumption that the user knew what they were doing.

    I have since tried it out at home and found that Apache is a bad example, since part of the error message reads: "This is most likely caused by the lack of administrative priviledges (sic) associated with your user account." Since I can't currently think of a better example, and the error message seems to come from bash and not Apache, I guess I stand corrected, not to mention extremely pwned.



  • @blakeyrat said:

    @joe.edwards said:
    Or opening a file in Notepad, start editing, and realize that you didn't elevate when you launched Notepad so now you can't save the file.

    Nobody actually does that. Why would you need to elevate to save a text document? Are you saving it in the System32 folder or something?


    Yes you fucking retard.



  • @CodeSimian said:

    I agree this sucks from a user POV, but neither the Windows nor *nux architects thought it's a good idea to let running processes elevate themselves. 
     

    Yup. Windows has UAC that jumps in to assist with priv elevation, Linux tries to use PolicyKit but it that seems to be a layer suited to graphical apps, where the clicky functionality can be wrapped in a priv enabler.

    CLI stuff requires premeditated directions, rather than some reactive helper wrapper that's event-bound. I've only seen AIX perform the latter, and even then that was with a very small set of commands.



  • @Cassidy said:

    @CodeSimian said:

    I agree this sucks from a user POV, but neither the Windows nor *nux architects thought it's a good idea to let running processes elevate themselves. 
     

    Yup. Windows has UAC that jumps in to assist with priv elevation, Linux tries to use PolicyKit but it that seems to be a layer suited to graphical apps, where the clicky functionality can be wrapped in a priv enabler.

    CLI stuff requires premeditated directions, rather than some reactive helper wrapper that's event-bound. I've only seen AIX perform the latter, and even then that was with a very small set of commands.

     

    To be clear, what I meant is that an already-running process (e.g. existing text editor, existing console window) cannot elevate privileges without launching a new process, which is what people are asking for when they say "I can't save a text file in a system location using an unelevated text editor".  I agree that the situation sucks from a user POV, because I've run into the exact same problem (although I should've known better).

    I agree with the CLI stuff comment.  Microsoft itself says that console programs which need admin rights should not request "run as administrator" execution privileges in the application manifest (which would cause the UAC prompt to come up), but they should detect when they are run with non-admin privileges and tell the user to re-run the command from an elevated command prompt.

     



  • @CodeSimian said:

    To be clear, what I meant is
     

    .. yeah.. I was agreeing with you.

    Launching a new process and delegating the desired action can be made transparent to the end-user via UAC and PolicyKit when in graphical desktop (trying to edit the windows hosts file in Notepad), but is more more convoluted in CLI and still somewhat hit-and-miss in GUI desktop: you launch a unpriv'd GUI task then try to escalate... computer says "no".

    I'm left wondering if it's such a niche audience that it's not worth the time and trouble to code some event-driven helpers to leap in and wipe your arse on demand provide assistance where necessary. It'd be damn helpful if ever it came about, mind.



  • @joe.edwards said:

    Actually, neither OS seems to handle this scenario.

    Actually, there is an OS that handle this scenario (by asking for username and password when trying to save a file that is not writable because of filesystem permissions); unfortunately, it lack a good editor, though.



  • @Cassidy said:

    .. yeah.. I was agreeing with you.
     

    Okay, I thought you might be, but I wasn't entirely sure (it's been a long day, sorry).


  • ♿ (Parody)

    @Manni_reloaded said:

    Oh, I assumed there was a more thought-provoking set of criteria being compared beyond "saving text files". This has officially become the most trivial argument I've ever read regarding the differences between two operating systems, congratulations to all involved.

    No, you just didn't read what was said very carefully. That's OK, but you should be man enough to admit it instead of trying to change the subject.



  • @Cassidy said:

    @alegr said:

    @flabdablet said:
    he clue was in my Squid proxy logs
    Maybe that (and you) is TRWTF?

    Expand....

    Google "squid windows update".

    A relevant quote from wiki.squid-cache.org:

    "Windows Update generally (but not always) uses HTTP Range-Offsets' (AKA file partial ranges) to grab pieces of the Microsoft Update archive in parallel or using a random-access algorithm trying to reduce the web traffic. Some versions of Squid do not handle or store Ranges very well yet."

     



  • @MiffTheFox said:

    what does the Linux people think of the way I originally learned to shut down or reboot a Linux system from the command line: init 0 and init 6?

    Yeah, those usually work.



  • @alegr said:

    Some versions of Squid do not handle or store Ranges very well yet.

    Thank you, that's a line of inquiry that will probably be worth pursuing. Windows Update via Squid has been working well on the rest of the fleet for the last few years, and I had actually forgotten that I'd originally needed to do range handling configuration tweaks to get it smooth. It may well be that the newer Windows Server versions are pulling updates from new places and that I need to revisit some ACLs.



  •  Allowing a running process to elevate itself (or any other currently running process) would be a major WTF from all sorts of security perspectives.


  • Discourse touched me in a no-no place

    @tdb said:

    They do the same thing (run a command as some other user, usually root)
    No. They don't. One runs it as some other user, the other doesn't.@tdb said:
    I guess from a non-developer's point of view they might seem more different than they really are.
    I presume from that comment that you see yourself as a 'developer'?



  • @TheCPUWizard said:

     Allowing a running process to elevate itself (or any other currently running process) would be a major WTF from all sorts of security perspectives.

    Process security is ultimately based on access controls enforced by the processor and memory manager, but neither MMU nor CPU has any notion of "process"; that's an OS-level abstraction. I can't see why providing a carefully designed self-elevation facility must be inherently less secure than allowing a running process to launch another, elevated process and then hand off work to that via IPC, which is already standard practice.

    Finding out whether the resulting system design would be any easier to code for than one with a traditional process-based security model could be an interesting research project; I'd personally expect any flexibility benefit to be completely swamped by additional complexity cost.



  • Of course you need to sign the scripts. They become much more secure this way. More secure as in: "Why are there so much AntiVirus tools for Windows again?"

     

    Funny signature you got yourself there: still iterating the age old "JAVA is slow" fairytale.


  • ♿ (Parody)

    @TheCPUWizard said:

    Allowing a running process to elevate itself (or any other currently running process) would be a major WTF from all sorts of security perspectives.

    I don't think anyone is asking for a process to simply elevate itself at its whim. The desire is to be able to choose to elevate the process (as a user) after it has begun. There are certainly applications that do this, such as update managers like KDE's Muon. I don't know (at a low level) what they do, and it's possible that they elevate a subsequent process and not themselves, but from the user's perspective, what's the difference? But this is application-specific functionality, and it's not a major use case of, e.g., text editors like it is for update managers.



  • @boomzilla said:

    @Manni_reloaded said:
    Oh, I assumed there was a more thought-provoking set of criteria being compared beyond "saving text files". This has officially become the most trivial argument I've ever read regarding the differences between two operating systems, congratulations to all involved.

    No, you just didn't read what was said very carefully. That's OK, but you should be man enough to admit it instead of trying to change the subject.

     

    Aww, attacking my manliness? Desperate move.

    Please learn the difference between changing the subject and bowing out of a pointless conversation. Then read back to what I commented on. Someone suggested using the built-in utility runas, you said it didn't work. No details, no qualifying what aspects of it didn't meet your expectations, just a blanket statement. It's quite easy to "carefully" read all 10 words you contributed. But perhaps you should be more clear when you try making vague little digs against an OS you clearly despise. Maybe something more like "That feature, while it functions much like sudo when spawning new processes, doesn't do anything to elevate an existing process." Nah, I guess a snarky one-liner is much more effective, followed by a snarky two-liner; I forgot that seems to be the de facto response on any messageboard.

    Or you can continue to compare a competent Linux user against my grandmother in front of her first PC. Anyone worth their salt would know to open Notepad as an administrator when it comes time to edit system-level config files. Worst case scenario, the 12 seconds it takes me to open a new Notepad (with elevated permissions) and copy/paste the data in is a far cry from a legitimate reason to declare one OS superior to another. They both have their strengths and weaknesses, and this is a nuance barely worth mentioning let alone debating page after page.

     


Log in to reply