Lecturing linux guru slapped into place



  • Don't you just hate it when you go to a forum or SO looking for a solution to your problem, but instead get a lecture from some self-righteous prick about the way you do things?

    So did this guy:


    OP:

    I'm using 64 bit Ubuntu 12.04 LTS. Recently, I've been experiencing occasional pop-ups saying "Enter password to unlock your keyring. The login keyring did not get unlocked when you logged into your computer." After I enter my password, things seem normal, although I didn't notice anything abnormal prior to the box popping up.

    Can anyone tell me what this is telling me? I presume I need to "fix" something, but I have no idea where to look.

    Thanks.


    Guru:

    Are you using auto login?


    OP:

    Thanks for the reply ...

    Yes, I am using auto login.

    But - I have been using auto login for a long time (standalone machine at home) and hadn't experienced this behavior until very recently.


    Guru:

    You should have.

    The keyring is where your permission information, for the elevation of privelegs, are stored. You can see that there really should be a password protecting this.

    Auto login is very nice if you admire the security of monolithic operating systems such as Windows.

    GNU/Linux is a Unix like system and intended to be a multi user system. You can have a linux system with hundreds of users, each with a separate account that is secure from all the other users.

    Auto login does not fit this model at all. While it can be implimented it will be fragile at the best. The more this is worked on to make it less fragile the less secure the system will become.

    The easy way to get rid of this problem is to learn basic security procedures that even smart Windows users use and log in with a password.

    The common acceptance of auto login gives rise to people that are willing to use compromised GNU/Linux distros that, for instance will give you a root prompt with no need for a password if you simply boot to recovery mode.


    OP:

    Hi Widget:

    Well, thanks much for the Lecture, Mom, but it would be more helpful if you could provide some explanation of why the behavior only began recently occuring so that I can (shudder) FIX IT.

    I'm pretty well aware of the security issues, having first used Unix (AT&T's very own) in the early days, as well as lots of variants along the way (including Microsoft's Xenix), and before graphical user interfaces became de riguer. And I wrote my first (albeit rather simple) "program" in the late 1960s on a Univac. And, just incidentally, I also used Microsoft Windows in our lab BEFORE version 3.0 came out to run some test equipment control software whose name escapes me at the moment.

    But, I'm old and cranky. And I'm somewhat lazy. And, although I still enjoy playing with computers, I actually use my machine (my own private machine) as a "tool" rather than a hobby. And I have pretty decent physical security (a lot more reliable IMHO than any password scheme I've seen implemented to date) and only connect to the internet when I need to (like asking about some behavioral quirk I haven't run into before).

    In spite of your patronizing blather, by the way, you seem to be blissfully unaware that Unix was originally designed as a SINGLE USER operating system (hence the "uni" in the name if you have any etymological curiosity), mainly because of the annoying security overhead in Multics (the "x" in Unix was a play on the "ics" in Multics) that was related to the fact that it supported multiple users. Unix's conversion to a multi-user operating system, ironic as that was, only came later. So, my solution to the particular security issue you refer to - a perfectly adequate one for my needs - is simply to do away with the other users.

    By the way, your comment "Auto login is very nice if you admire the security of monolithic operating systems such as Windows." is technically known as a non-sequitur.

    So, again, thanks for the advice. Hopefully, someone else who actually knows something can actually answer my question or provide some suggestions.

    BUUUURRRNNN!


  • :belt_onion:

    Wow. Shots fired, we have a civilan down over here...

    He shut him down so hard the guy didn't even come back. Damn.



  • That's a pretty decent burn.

    BTW, there's some major time-pod-ery going on for someone making a "Windows is based on a single-user OS" crack in 2015. Jesus. What decade is it at that guy's keyboard?



  • "Guru":

    ... implimented ...

    *twitch*



  • Well given the 9x security, you'd think it was a zero-user system...

    But yeah, it had its shit straight for quite a while now, at least if you set it up right.


  • area_pol

    He may be guru, but in addition to the rude nature of his rant, the things he says are actually wrong.

    @cartman82 said:

    The keyring is where your permission information, for the elevation of privelegs, are stored. You can see that there really should be a password protecting this.

    No, the keyring stores credentials for various places (for example the WIFI password), similar to how browsers remember passwords, but not your OS account password or root account password.
    In the context of the OS, it would be natural to understand "elevation of privileges" as sudo and the keyring does not store the password to that.
    (At least I get the pop-up mentioned by the OP when I connect to WIFI)

    @cartman82 said:

    Auto login is very nice if you admire the security of monolithic operating systems such as Windows.

    Linux kernel is also monolithic, so this comparison is pointless. Maybe you should switch to Minix?

    @cartman82 said:

    Auto login does not fit this model at all. While it can be implimented it will be fragile at the best. The more this is worked on to make it less fragile the less secure the system will become.

    Fragile? Is he talking about software or glass?

    This guy has probably not used Linux or a computer at all, just read about those things on wikipedia and regurgitated some nonsense.



  • @Adynathos said:

    This guy has probably not used Linux or a computer at all, just read about those things on wikipedia and regurgitated some nonsense.

    Anyway, I suppose he's a Linux evangelistcrusader born into the "passwords == security" faction.


  • Grade A Premium Asshole

    @blakeyrat said:

    BTW, there's some major time-pod-ery going on for someone making a "Windows is based on a single-user OS" crack in 2015. Jesus. What decade is it at that guy's keyboard?

    Well...Windows is a single-user operating system...



  • Welcome to 1994, please keep your hands and feet inside the guiderails until your time pod comes to a complete stop. Microsoft and Citrix are proud to announce Windows NT 4.0, Terminal Server Edition, a computer where up to 128 users can all log in and have their own profile, with their own documents and personal preferences. You just need to deploy a Citrix Thin Client and they're good to go. Plus, upgrading an application once upgrades it for each and every user!



  • @TwelveBaud said:

    Terminal Server Edition

    Can't you even have 2 users logged into base Windows?


  • Grade A Premium Asshole

    @TwelveBaud said:

    Welcome to 1994, please keep your hands and feet inside the guiderails until your time pod comes to a complete stop. Microsoft and Citrix are proud to announce Windows NT 4.0, Terminal Server Edition, a computer where up to 128 users can all log in and have their own profile, with their own documents and personal preferences. You just need to deploy a Citrix Thin Client and they're good to go. Plus, upgrading an application once upgrades it for each and every user!

    Yeah...try having two people use a Windows desktop at the same time.

    Windows Server allows multiple simultaneous sessions, but the desktop version of the OS does not. It is single-user.



  • From Windows XP through Windows 8.1 (don't know about 10, but I assume so), yes, you can have two or more users "logged into" Home editions of Windows, using Fast User Switching. It works locally or remotely. But you can only have one of those sessions active; the rest are locked, because licensing.



  • No*.

    *It's disabled in non-server versions. You can enable it, though. I've done it to allow me to remote into my desktop with a different account while I was away. Microsoft would rather you didn't, though. The server versions are better at it.

    EDIT:

    @TwelveBaud said:

    From Windows XP through Windows 8.1 (don't know about 10, but I assume so), yes, you can have two users "logged into" Home editions of Windows, using Fast User Switching. It works locally or remotely. But you can only have one of those sessions active; the rest are locked, because licensing.

    Yeah, that. It can be worked around, though.



  • I remember some Linux distros didn't just force you to have a password, it had to be 8 characters long with symbols, not contain your username, and all that stuff. It's this kind of "my way is the only right way" stupidity that kept people away from Linux for decades.


  • BINNED

    This is interesting because anti-Linux trolls usually complain about:

    • Too many choices. "Why are there 15 text editors?"
    • Lack of hardware support. "Why doesn't my sound card work?"
    • Cryptic command line programs
    • Difficulty of installing software


  • @antiquarian said:

    Why are there 15 text editors?

    There are three: vim, emacs, and whatever the kids are calling pico/nano these days.

    @antiquarian said:

    Difficulty of installing software

    Yeah, it's really hard to type sudo apt-get install git or to do the equivalent in the GUI that ships with Ubuntu Desktop.



  • My Linux password doesn't matter. I have everything except public key authentication for a single username disabled in sshd, so anyone who wants to do a password-based attack would need to be physically at my house, plug a mouse and keyboard into the server, and manually type their passwords they want to attack with, and at that point, they could just steal the server's hard drive.

    I guess someone could theoretically try to brute-force my 8192-bit SSH keys, but given that sshd locks you out after a few failed attempts, that would take quite a while.


  • I survived the hour long Uno hand

    @ben_lubar said:

    it's really hard to type sudo apt-get install git or to do the equivalent in the GUI that ships with Ubuntu Desktop.

    If there's a package. Did you see my rant about installing Ruby the other day? WTF.



  • \curl -sSL https://get.rvm.io | bash -s stable --ruby --rails



  • @cartman82 said:

    Hi Widget:
    Well, thanks much for the Lecture, Mom, but it would be more helpful if you could provide some explanation of why the behavior only began recently occuring so that I can (shudder) FIX IT.
    I'm pretty well aware of the security issues, having first used Unix (AT&T's very own) in the early days, as well as lots of variants along the way (including Microsoft's Xenix), and before graphical user interfaces became de riguer. And I wrote my first (albeit rather simple) "program" in the late 1960s on a Univac. And, just incidentally, I also used Microsoft Windows in our lab BEFORE version 3.0 came out to run some test equipment control software whose name escapes me at the moment.
    But, I'm old and cranky. And I'm somewhat lazy. And, although I still enjoy playing with computers, I actually use my machine (my own private machine) as a "tool" rather than a hobby. And I have pretty decent physical security (a lot more reliable IMHO than any password scheme I've seen implemented to date) and only connect to the internet when I need to (like asking about some behavioral quirk I haven't run into before).
    In spite of your patronizing blather, by the way, you seem to be blissfully unaware that Unix was originally designed as a SINGLE USER operating system (hence the "uni" in the name if you have any etymological curiosity), mainly because of the annoying security overhead in Multics (the "x" in Unix was a play on the "ics" in Multics) that was related to the fact that it supported multiple users. Unix's conversion to a multi-user operating system, ironic as that was, only came later. So, my solution to the particular security issue you refer to - a perfectly adequate one for my needs - is simply to do away with the other users.
    By the way, your comment "Auto login is very nice if you admire the security of monolithic operating systems such as Windows." is technically known as a non-sequitur.
    So, again, thanks for the advice. Hopefully, someone else who actually knows something can actually answer my question or provide some suggestions.

    This .... so much this! I aspire to someday be able to do this, hopefully making the pedantic little snot cry on their way out the door. 😃



  • @Polygeekery said:

    Well...Windows is a single-user operating system...

    Are you being a pedantic dickweed and referring to Windows 1.0? Or what is this?



  • He and I chatted via PM; he's talking about how non-Server editions of Windows can only have one user session active at a time. He knows that non-DOS Windows is technologically multi-user, but since the copies he can buy off the shelf don't permit multiple active sessions, they're single-user, at least in his view.



  • @TwelveBaud said:

    He and I chatted via PM; he's talking about how non-Server editions of Windows can only have one user session active at a time.

    Except that's wrong.

    @TwelveBaud said:

    He knows that non-DOS Windows is technologically multi-user, but since the copies he can buy off the shelf don't permit multiple active sessions, they're single-user, at least in his view.

    I don't think you can buy a copy of Windows that doesn't permit multiple active sessions, not since Windows 2000 Pro was the hot shit.

    You can buy copies of Windows where only one session can be interactively logged-in at a time, because some disable RDP serving. But still allow X (5? Unlimited? I dunno) sessions to be simultaneously be active



  • If "you can have multiple users, just not at the same time" counts as "multi-user", then by that definition, all operating systems that have ever existed have been "multi-user".



  • @Maciejasjmj said:

    Well given the 9x security, you'd think it was a zero-user system...

    I would not say zero-user but zero-security.
    Proof of that : The login screen contained a "Cancel" button, and if you clicked on it, you would get the desktop anyway with full privileges.



  • @ben_lubar said:

    If "you can have multiple users, just not at the same time" counts as "multi-user", then by that definition, all operating systems that have ever existed have been "multi-user" 🚎.

    FTFY



  • @blakeyrat said:

    But still allow X (5? Unlimited? I dunno) sessions to be simultaneously be active
    One active session. Infinite disconnected sessions.


  • ♿ (Parody)

    @ben_lubar said:

    Yeah, it's really hard to type sudo apt-get install git or to do the equivalent in the GUI that ships with Ubuntu Desktop.

    Right, but note that, for instance, blakey still doesn't understand that bit.


  • I survived the hour long Uno hand

    @blakeyrat said:

    But still allow X (5? Unlimited? I dunno) sessions to be simultaneously be active

    This lovely screen indicates I get only one:


  • ♿ (Parody)

    @blakeyrat said:

    You can buy copies of Windows where only one session can be interactively logged-in at a time, because some disable RDP serving. But still allow X (5? Unlimited? I dunno) sessions to be simultaneously be active

    I remember when RDPing into an XP machine would log out or deactivate or whatever my current session on that box.





  • @ben_lubar said:

    If "you can have multiple users, just not at the same time" counts as "multi-user", then by that definition, all operating systems that have ever existed have been "multi-user".

    Whatever you like, Ben. I'm not going to debate with an insane person.


  • ♿ (Parody)

    It just depends on whether you care about having simultaneous sessions or not. If not, then yes, Windows has been multi-user for a long time. If so, then there are all sorts of ways that Windows hasn't been multi-user over the years.



  • Why the hell do you use 8192-bit keys? That's...uselessly stupid. "bigger must be better ha ha" mentality and all that. Use 384-bit ECC if you're worried about security and want something hard to crack enjoy having overkill for the sake of having overkill.



  • Can Windows (Super Server Version or whatever is called) have two or more users logged into two/more sessions at the same time? Both playing around with their own mouse and stuff?



  • Because I like the number 8192. Got a problem with that?



  • I think the OP was a bit of a cunt tbh. Sure, the "guru" wasn't all to clever, but never made it personal.

    Also, the OP missed a valid point he did have: NOT having the prompt for the password is something you shouldn't have, imho.



  • @blakeyrat said:

    Whatever you like, Ben. I'm not going to debate with an insane person.

    You never debate with yourself then 😉


  • BINNED

    @ben_lubar said:

    There are three: vim, emacs, and whatever the kids are calling pico/nano these days.

    In practice true, but the type of person who raises that objection will say that three is still too many.



  • That's RDP; we're talking about keyboard/mouse sessions.

    🍏 📙



  • Windows comes with two text editors pre-installed and most people install at least a third one.

    [spoiler]Notepad, Wordpad, Word[/spoiler]



  • Yeah. That's pretty much how it goes.

    They don't even really support concurrent users in Enterprise. It's a server thing. But like I said, if you're up for hax and replacing important system files, it can be done!


  • BINNED

    @ben_lubar said:

    Windows comes with two text editors pre-installed and most people install at least a third one.

    The blatant double standard is one of the things that makes anti-Linux trolling so effective. 😉


  • ♿ (Parody)

    @blakeyrat said:

    That's RDP; we're talking about keyboard/mouse sessions.

        🍏 📙     :moving_goal_post:  

    MGPTFY



  • When someone talks to me about having an oversized RSA key, like a 8192-bit key "just to be safe", I see it as if he was talking about buying a SUV to demonstrate his manhood (in your case, you are advocating buying an aircraft carrier).

    Just my view on what you're doing there. Operations involving an 8192-bit key are going to be very, very slow. Sure, probably not a concern for you on your home server, but then again, neither should whatever thing you're worried about breaking a 4096-bit or 2048-bit key...



  • Whatever.

    Yami's also missing that a "disconnected" session isn't logged-out. It's still active.


  • ♿ (Parody)

    @blakeyrat said:

    It's still active.

    Not in the sense that you can do something with it. For a guy who's usually so interested in what users perceive and do with their computers, you're quite the pedantic dickweed right now.



  • @boomzilla said:

    Not in the sense that you can do something with it.

    Ok?

    @boomzilla said:

    For a guy who's usually so interested in what users perceive and do with their computers, you're quite the pedantic dickweed right now.

    That's because we've already settled the "debate": Windows is multi-user and has been for decades. Duh. You'd have to be a retard to say otherwise.

    What we're talking about now is what the "Home" (or equivalent) allows you to do, restrictions that don't exist because of technical limitations, but only because of licensing terms.

    And that discussion is far less interesting and also completely irrelevant to the original claim that Doctor Linuxjerk there came out of a timepod from at least 15 years ago.



  • @blakeyrat said:

    "Home" (or equivalent)

    TIL Home == Enterprise.


  • ♿ (Parody)

    @blakeyrat said:

    That's because we've already settled the "debate": Windows is multi-user and has been for decades. Duh. You'd have to be a retard to say otherwise.

    Yes, keep denying the obvious. I guess it's interesting to see that devotion to MS won the cognitive dissonance battle over user experience today.

    @blakeyrat said:

    And that discussion is far less interesting and also completely irrelevant to the original claim that Doctor Linuxjerk there came out of a timepod from at least 15 years ago.

    Evidence says no.


Log in to reply