Here we go again...
-
Hence "in principle".
But all of that is still just splitting nostril hairs. The fact remains that most of what gets installed into most Linux installations has been vetted to at least some extent by the repo maintainers, that this has been the case with Linux distros for long enough to establish it as part of the culture, and that this would be sufficient to reduce a typical Linux user's risk of acquiring foistware below that of a typical Windows user even if both systems had similar market share.
-
servers
Why would botnet operators be after servers, which are generally reasonably secured? If you want to steala bunch of copper pipes for scrap, you don't break into FBI headquarters, you break into Average Joe's shack secured with a $5 padlock.
Hell, as it is, Average Joe's computer is likely a better target if your botnet does something computationally intensive, since it likely has a much better GPU.
-
To bolster this point: I installed Linux for a bunch of "regular" users during the years. I always pointed them towards some kind of simple package manager that was included on the distro and told them to call me if they can't find what they need there. I barely ever got any calls, and people in fact did install software when they needed it.
So yeah, that model works for many people. It doesn't work for most of us here because we like to tinker and/or require relatively obscure pieces of software.
-
this has been the case with Linux distros for long enough to establish it as part of the culture
It originally arose because in the days before Linux switched to ELF, every shared library had to have a system-global unique address for every function and variable within it. The distributors were the people who could solve this horrible global allocation problem (this evolved because it turned out that the distributors were also the people who could also figure out how to configure various bits of software to work together rather than fighting each other). Not that that is relevant any more; ELF is massively superior to the old a.out format, and anyone sticking with the old shit stuff must have their belt around their ankles from the weight of onions on it.
The downside of the distributor model is that it's done a lot to constrain the development of a commercial market in software for Linux.
-
The downside of the distributor model is that it's done a lot to constrain the development of a commercial market in software for Linux.
Which is why they sell support contracts instead ;)
-
ever since the GNOME devs took up smoking crack
Ever tried GNOME 3.18? It's changed a lot since 3.0
-
they downloaded botnet.exe and ran it and then
gave it UAC elevationit ran successfully because they disabled UAC (clicking Yes or No is sooooooo inconvenient).FTFY.
-
So you might be at risk if you find that someone who already has root (to install the magic code) has installed something that causes your machine to scream away at 100% CPU usage for a couple of hours until the counter wraps.
So... don't let your wife/girlfriend/family/friend/pet on your computer?
The number of times I've heard "I don't know where they come from". I know exactly where they come from, given that I saw somebody download a torrent client because their brother said it was ok, and it had adware. I said to them to always google for the software name and site and the word "malware". So next time they "searched" and it was "ok" and somehow still ended up with malware, which was funny because when I searched, nothing was ok.
At least when you can see the source code, white hats can fix it. There seem to be more white hats than black hats. I'm not sure the state of the technology is at fault here.
social engineering
Oh yeah, I guess we covered that.
Linux is not ready for popularity.
Assuming true (although I think we've established the article doesn't justify this comment), that's because it's made by devs for devs.
To be popular in the mainstream it would need to be able to run things like games.
And don't bother telling me about Wine. You and I both know Wine is a joke.
-
We run stable because we don't need anything more fancy
I like Testing because it's a mostly-rolling release where packages (notably kernels) are usually within cooee of the latest available; it's generally way closer to current than any of the Ubuntus. So far the bug rate I've encountered has been more than acceptable. If I recall correctly, I've had to compile source packages from Unstable less than ten times in five years of use in order to fix annoying bugs still present in the Testing versions. Even so, the fact that I can do that is really, really nice.
-
I installed Linux for a bunch of "regular" users during the years. I always pointed them towards some kind of simple package manager that was included on the distro and told them to call me if they can't find what they need there. I barely ever got any calls, and people in fact did install software when they needed it.
Are you me?
-
I like Testing
I'm on testing at home, and yeah, works well 99% of the time. The problems I had were mostly "we're moving everything to gcc5" so some dependencies for packages break, and running
aptitude dist-upgradewants to remove half of my desktop. Usually everything catches up within a few days though.Are you me?
Not last time I checked. Should I? Is that a subject to change?
-
Ever tried GNOME 3.18? It's changed a lot since 3.0
(a) No and (b) it would fucking need to.
At this point I really don't much care how much of GNOME 2.x they've successfully managed to re-implement; I just don't trust them not to get bored, switch from crack to heroin, roll out something even more bizarre and broken and parochial and call it GNOME 4.
Xfce does everything I need a desktop environment to do, and its devs have a far better track record of not fucking their users over in pursuit of change for change's sake.
-
don't let your wife/girlfriend/family/friend/pet on your computer?
Give everybody their own user account, and don't tell anybody else the admin credentials. Job done. Same advice goes for every modern desktop OS.
-
To be popular in the mainstream it would need to be able to run things like games.
And don't bother telling me about Wine. You and I both know Wine is a joke.
How do you feel about SteamOS?
-
At this point I really don't much care how much of GNOME 2.x they've successfully managed to re-implement
Making it look and behave like GNOME 2 was possible from the beginning. The "Window list" and "Applications menu" shell extensions were always bundled and work perfectly fine. Which is basically what Mint used as the foundation for Cinnamon. (I'm still not convinced that Cinnamon contains a lot of non-GNOME code, the GNOME shell can easily be configured to look and behave like Cinnamon. They did the typical Mint thing: Fork the repo, slap their own branding on it and pretend they built it themselves.)
I was talking about different improvements (notifications are sane now, the window decorations are not huge anymore, the applications became a lot more usable and prettier).
-
I'd really like it if we could get something like Windows signing
RPM and Debian package repositories have had PGP signing for decades.
-
Meanwhile, I didn't even bother installing Linux on my new PC I have since December ...
-
running aptitude dist-upgrade wants to remove half of my desktop
I used to use aptitude for everything, but I've found apt-get works way, way better than aptitude for dist-upgrades. Aptitude seems to want to resolve conflicts by deleting things; apt-get is better at working out an upgrade path that leaves as much existing functionality in place as possible. It just seems to be smarter about dealing with packages that supersede older ones and have new names.
-
I had the opposite experience - I actually switched to aptitude because apt-get seemed more hazardous. Don't remember the incident, if any, that convinced me to do it though, so...
-
Well, the attempts at resolution are usually insane in both during transitions, but in aptitude one can actually manually fix it up.
-
Making it look and behave like GNOME 2 was possible from the beginning.
Making it look like a crippled, fugly and almost completely non-customizable GNOME 2 was just about possible from the beginning, unless mutter didn't like the cut of your graphics card's jib.
notifications are sane now
Got no problem with the Xfce panel's notification area applet. Works fine. In fact the Xfce panel has always been more robust than the GNOME panel.
the window decorations are not huge anymore
That's just theming, though, not something that's down to the underlying window manager. And the main reason you can't have large window decorations any more, even if you prefer them (as I do), is because GNOME keeps breaking the GTK3 theming API which kills the long tail of available themes stone dead.
the applications became a lot more usable and prettier
Dunno. I got enraged enough by the removal and/or tucking away of stuff I used to rely on that I walked away from most of my GNOME-specific applications and found generic ones that look even nicer and work even better. Have you tried qpdfview? It's really nice. I have /usr/local/bin/evince symlinked to it.
Some of the GNOME stuff is indeed quite smooth though. I like Simple Scan.
-
Don't remember the incident, if any, that convinced me to do it though, so...
Neither of them much likes being interrupted or (worse) rebooted halfway through a dist-upgrade. They both need a fair bit of jollying along to recover from that insult.
-
Making it look like a [...] fugly [...] GNOME 2 was just about possible from the beginning
GNOME 2 itself was already fugly.
-
Because nowadays it's all social engineering; people aren't in these botnets because of a worm or the like, they're in the botnet because they downloaded botnet.exe and ran it and then gave it UAC elevation.
I would love if somebody implemented functionality that all binaries in user writable locations were sandboxed.
By default each binary would get its own sandbox that would only see system, read-only, its own /tmp and its own home; plus binaries that would be grouped via some kind of package would share the sandbox. And the user could define leaner rules by location or something (but the thing shouldn't really ever switch off completely).
Linux seems to have all the infrastructure to build this in place with control groups and selinux, but as far as I know there is no ready-made solution that would start sandboxing everything out of the box. Even sandboxing a single binary explicitly is not really simple yet.
-
GNOME 2 itself was already fugly.
Since my eyes didn't bleed when looking at it's defaults, I'll survive.
As long as it isn't Athena, CDE or that blecherous mess that was IRIX, I'll be OK.
-
but motif you forgot motif
-
you forgot motif
I did not.
What do you think CDE was implemented using?Motif was the toolkit, CDE was the desktop built using it. I used them for years, and never got the hang of making Motif work right. It was something to do with the way that they implemented an object system with complex inheritance in C. It was something to do with the massively underwhelming documentation. It was something to do with the fact that it was slow on hardware of the time. It was something to do with the horrible complexity inside that can of
wormstentacles.
-
To be fair, its fundamental design flaws were almost completely hidden by its superficial design flaws.
-
Because nowadays it's all social engineering; people aren't in these botnets because of a worm or the like, they're in the botnet because they downloaded botnet.exe and ran it and then gave it UAC elevation.
Elevation? What for? The botnet doesn't want to hurt the host computer; it just wants to do its thing, connect to the internet, and basically be left alone. It can live perfectly happily in user-land. Heck, it doesn't even need elevation to put its shortcut into
%userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup. In fact, some botnets can run inside a web browser, which adds another layer of sandboxing to them.Linux does at least have a small advantage in that non-root processes can't bind to ports under 1024, but that's still not necessarily going to stop a botnet from doing whatever it wants to do.
-
Elevation? What for?
To bury itself deep in the system and be as hard as possible to remove, obviously.
-
Or it could just also do something that the user likes and then they won't want to remove it.
-
It could do, but why would malware want to make itself easy to remove?
-
Because employing advanced tactics to make itself hard to remove would also raise red flags.
And because users are dumb; one person uninstalling the kitten calendar app is a very small drop in a large bucket.
-
users are dumb
And will therefore approve a UAC elevation without thinking, Or they'll have turned UAC off completely. And that's all the malware needs.
-
-
Sure, they might, but my point was that a botnet can do everything it really needs to do without any elevation at all.
-
Have you tried qpdfview? It's really nice. I have /usr/local/bin/evince symlinked to it.
What are its advantages to evince? Because ATM (after 5 GNOME updates including loads of bugfixes), I'm quite satisfied with it.
-
GNOME keeps breaking the GTK3 theming API
Yeah, that's a bit annoying indeed.
removal and/or tucking away of stuff I used to rely on
BTW: The situation has become a lot better. The GNOME developers have started listening to power users again and re-added quite a few features they had previously removed.
-
So the crack is wearing off a little? About time.
I still don't trust that crew not to fuck up my world just for shits and giggles, so I'm still inclined to avoid their products. The Everything Is A Phone brain worms are strong with those people.
-
What are its advantages to evince?
I am no longer familiar enough with the current state of evince to say for sure. I do know that for quite some while there I was striking loads of PDF files that evince refused to render properly, while qpdfview (which uses qt and libpoppler under the hood) Just Worked.
I like its page layout controls, too.
-
I'm sure if I started distributing a "manual virus" - an e-mail telling people to forward it to all their friends and then reformat their hard drive - there would be tons of people dumb enough to actually do it.
Replace formatting their hard drive with deleting/encrypting/compressing a suspiciously-named but essential file in your windows directory, and it's been done.
-
In fact, some botnets can run inside a web browser, which adds another layer of sandboxing to them.
So is that why
takes so much CPU?
-
GNOME keeps breaking the GTK3 theming API which kills the long tail of available themes stone dead.
And remember, to help make GNOME easily recognizable, by default the Appearance dialog only lets users choose between Ambiance and Radiance. Downstream has to patch it to allow additional themes, and they usually only add their pet theme.
-
Give everybody their own user account, and don't tell anybody else the admin credentials.
LOL. Most of my friends refuse to set up multiple accounts because:
- It's inconvenient
- I don't have anything to hide
- I trust my spouse
Those are all direct quotes.
-
Most of my friends refuse to set up multiple accounts because:
Clearly they've never been on the internet.
-
It sure is inconvenient, the other reasons are irrelevant, that's not what's about.
And remember, to help make GNOME easily recognizable, by default
Are you shitting me?
-
I'm not shitting you, that's the reason they gave. The authors of
gnome-tweak-toolwent "this is bullshit" and added it back in -- albeit requiring a plugin installation, though that adds~/.themes~/.local/share/themesas a place you can put them -- and the GNOME folks have blessed that as the official solution, though they do not support it and could break it at any time.
-
Are you shitting me?
The trouble with the GNOME folks is that they have apparently been listening to Blakey, and now they think GNOME is a product competing in a marketplace, which means it needs to be visibly different from anything else for brand recognition purposes.
Exactly who they think they are competing with, and for what, remains unclear.
-
Exactly who they think they are competing with, and for what, remains unclear.
GNOME2... And it's winning.
-
Exactly who they think they are competing with, and for what, remains unclear.
I thought they were competing with common senseβ¦
