Because Shiny Things Are Fun - The New New Windows v Linux Thread

Quote:

Originally Posted by walterbyrd Sadly, with post-systemd Linux, that is no longer true. Everything has changed drastically. Forget everything you know about, it has changed, or will change.

Thanks for pointing that out, I'll try not to let it dampen my 'new toy' enthusiasm.

Quote:

Originally Posted by walterbyrd Sadly, with post-systemd Linux, that is no longer true. Everything has changed drastically. Forget everything you know about, it has changed, or will change.

Things that have changed for me with my switch to systemd:
- The configuration format, though systemd is not that different from OpenRC with this and having one configuration format for almost all cases (setting up a network interface uses the same file format as setting up a Samba server) and between distros (at least for those that use systemd) certainly can make things much easier
- The commands used to start/stop/enble/disable services and some other things, though, IMHO, consolidating commands from the same context into one command (everything regarding services is done with systemctl, everything related to logs with journalctl, everything time related with timedatectl, ...) also makes things easier.

Everything else is exactly like it was before, so in my opinion there were (from the point of view as a user and admin) no really big changes.

Obviously, systemd was inspired by many of the same massive-configuration-management issues that inspired, for instance, the Windows "distributed Registry." (And to a lesser extent, LDAP nee Open Directory.)

If you have literally thousands of computer systems to manage, you need to be able to manage them from one place. And, to this objective, "configuration files are no fun." In that scenario (which is very, very common in large businesses), those files (and the management thereof) are precisely what you do not want.

And, the amazing thing about Linux (and Open-Source) is that you have that choice. In fact, you have several competing choices.

Quote:

Originally Posted by sundialsvcs Obviously, systemd was inspired by many of the same massive-configuration-management issues that inspired, for instance, the Windows "distributed Registry." (And to a lesser extent, LDAP nee Open Directory.) If you have literally thousands of computer systems to manage, you need to be able to manage them from one place. And, to this objective, "configuration files are no fun." In that scenario (which is very, very common in large businesses), those files (and the management thereof) are precisely what you do not want. And, the amazing thing about Linux (and Open-Source) is that you have that choice. In fact, you have several competing choices.

I am not quite sure where you are getting at. systemd is entirely configured by plain text files (in .INI format) and symlinks, there is nothing like a registry in it.

Just a random thought, not really an argument for Linux vs windows: Joining a 'windowsquestions.org' group has as much appeal as joining a group of people that use the same toaster oven.

Have to admit that I do like my win xp, but never felt the need to join a group dedicated to it. Just use CC Cleaner regularly and don't open any fishy emails. Also gave up on the updates way before support was terminated, since their security strategy seemed to consist mainly of making your computer unusable.

Which reminds me of a video I came across a couple of days ago, regarding windows 7. Will post a link if I find it again, but it showed how to get into the OS without a password:

Apparently there's options to run certain programs while you are at the login screen. These programs run with admin privileges. One of the programs is an on screen keyboard.

The problem is that you can start the computer from usb, using any OS, change the command that starts the keyboard so that it starts a terminal window instead. Bingo, now you can restart windows7, at the login screen start the keyboard program, except now it will start a terminal window with admin access to the whole system.

Is this really true? I don't even have to verify to believe it. Admittedly any encrypted files will still be inaccessible, but still, that's like having to secure each blade of grass in a garden. The garden itself should be secure.

Quote:

Originally Posted by linux_walt The problem is that you can start the computer from usb, using any OS, change the command that starts the keyboard so that it starts a terminal window instead. Bingo, now you can restart windows7, at the login screen start the keyboard program, except now it will start a terminal window with admin access to the whole system. Is this really true? I don't even have to verify to believe it. Admittedly any encrypted files will still be inaccessible, but still, that's like having to secure each blade of grass in a garden. The garden itself should be secure.

The same attack vector is possible against Linux systems. Once an attacker has physical access to a machine you are pretty much lost. Anyone that can boot an OS from USB at your computer can do whatever he wants on the installed OS, regardless if Linux or Windows, unless you use enhanced security features like full disk encryption.

Quote:

Originally Posted by TobiSGD Anyone that can boot an OS from USB at your computer

Most firmwares have an option to password-protect the booting system making it impossible to boot from attached USB sticks or DVDs.

I have the turned on on the Dell, you get no options at boot other than entering the password.

Then you have to lock the case, too, to make it impossible to set the BIOS/UEFI back to default settings. At this point, however, Linux machines are not more secure than Windows machines.

Quote:

Originally Posted by TobiSGD The same attack vector is possible against Linux systems. Once an attacker has physical access to a machine you are pretty much lost. Anyone that can boot an OS from USB at your computer can do whatever he wants on the installed OS, regardless if Linux or Windows, unless you use enhanced security features like full disk encryption.

Yikes, I'm getting sucked into the Linux dark side. It's so subtle, slowly, a bit at a time... 'Linux good, windows bad'.

Thanks for pointing that fact out, it's obvious yet never crossed my mind. So, just as a self help exercise: LINUX SUCKS! . Now back to fixing the screen resolution on my new wheezy sd card image.

Quote:

Originally Posted by TobiSGD Then you have to lock the case, too, to make it impossible to set the BIOS/UEFI back to default settings. At this point, however, Linux machines are not more secure than Windows machines.

No I don't you can't reset anything because you cannot access anything to be able to reset it.

Quote:

Originally Posted by Germany_chris No I don't you can't reset anything because you cannot access anything to be able to reset it.

It is pretty easy to set the BIOS/UEFI to default, every motherboard has a simple jumper for that. So if there is physical access to the mainboard BIOS protection is mood, it simply won't protect you from anything.

Quote:

Originally Posted by TobiSGD It is pretty easy to set the BIOS/UEFI to default, every motherboard has a simple jumper for that. So if there is physical access to the mainboard BIOS protection is mood, it simply won't protect you from anything.

There is no jumper nor will removing the cmos battery, nor tpm setup. Been there done that got the t-shirt, ice cream cone, and cookie.

Skip all that and do full disk encryption.

If you are seriously worried someone will physically break into your computer, reset the BIOS to defaults so that they can boot any OS they want, it's honestly not worth the worry.
They'll just grab the HDD (less time) and book it.

i had an old desktop that needed to have the cmos battery replaced. after that the bios reset so i had to go back in and set usb as the first boot option again (i suppose if i had a bios password set it wouldve vanished as well).