Originally posted by elvenbone
View Post
Announcement
Collapse
No announcement yet.
Microsoft Announces Linux-Powered "Azure Sphere" IoT Platform
Collapse
X
-
-
Originally posted by ssokolow View PostHardening possibilities, yes. I'm honestly wondering how many of Microsoft's enhancements are copies of things grsecurity and/or PaX do which haven't reached mainline.
* AppArmor and SELinux - ok, Windows has WIC, that's one.
* SecComp - AFAIK there is nothing similar for Windows
* Built-in filesystem encryption support with LUKS and ecryptfs - Windows has BitLocker, so that makes two as far as full disk encryption goes. I don't know of any way to implement transparent encryption of individual folders or files on top of any filesystem like what ecryptfs allows.
* Kernel keyring - I don't know if Windows has anything like that.
* Custom namespaces - Windows 2016 introduced containers and can finally support Docker, but it's still very primitive compared to the confinement and containerisation possibilities in Linux.
* LSM - Windows has the Reference Monitor, but AFAIK that's not extensible like LSM and can't be used by admins or developers to devise and implement virtually arbitrary access control policies.
* Cgroups - again, I don't know of anything comparable on Windows
* Kernel module signature verification - Windows has that, but it can only check that drivers are signed by Microsoft, full stop. It's not possible for someone to use his or her own keys to have actual control of what the kernel can load, instead it gives that control to Microsoft only. Fail!
To be fair, there are two things on the Windows side too:
* ACLs as mentioned above - Linux's ACL implementation sucks and it doesn't seem to care enough about it. Windows' ACLs have their problems, but Linux is worse.
* User privileges - Linux has them ("capabilities") but for some reason they are never used in distros, instead we always rely on sudo. I don't know the details of the Windows implementation to be able to judge if it's better or worse than Linux, but at least Windows uses them.
Comment
-
Originally posted by elvenbone View Post
I get why ACLs are so important on servers, but MS' implementation on at least the desktop versions of Windows is a nightmare from end-user perspective.
Recently I set up a Windows 10 system for a relative, with the OS installed on a new SSD. The old HDD which previously hosted a Windows OS is now intended as data drive. However i couldn't figure out how to delete the 20GB Windows folder from there. I granted full read-write permissions to the relevant system-owned users and user-owned user accounts. Still no chance to delete that folder. Formatting the drive was not an option for practical reasons concerning user data.
Not to mention how long applying altered ACL permissions to many files can take.
1) Take ownership
2) Grant full access (that is, really full, not just read+write) to your specific account
3) Delete file
The system may prevent you from giving yourself sufficient permissions even as admin unless you take ownership first
Comment
-
Originally posted by ssokolow View PostMicrosoft has actually leap-frogged Linux in various ways (The one that people tend to think of most is the ability to recover from a graphics driver crash or change graphics drivers without a restart)
The "recoverable" crashes of the GPU drivers in windows are comparable to Mesa or Xorg crashes, they don't usually pull down the whole system. While there still are quite a bit of hard crashing that causes a bluescreen in Windows (which is equivalent as when the kernel component crashes in Linux).
As for installing drivers without reboot... I mean really? Linux had that far before Windows. You can load and unload modules at will.
Comment
-
Originally posted by R41N3R View PostOn Linux I had several crashes of the hole system as of some OpenGL or Vulkan applications/games, I would would say they pull the system down quite easily.
I don't know how NVIDIA blob driver deals with this, if it does have this separation or if any driver crash locks up the kernel.
Comment
-
Microsoft can easily cause confusion and threaten long drawn out costly court battles to intimidate other Linux OSes into folding. Remember Xenix? Long before Linus made his variation on Unix they had Xenix. And it was used. It became SCO. So where do you draw the lines to say anything put there is GPL or not?
Comment
-
Originally posted by indepe View Post
By taking over key customer groups, of course, and then slowly moving them to a “better” place. For example those looking fo “security innovations”.
The message: Linux better get its security story straight.
*Shady, nefarious MS takeover guy*: Hey, Linus! I heard you got some cool tech there. How about I pay you and your core group of hackers 1 Billion dollars and you all relocate to Redmond? Sound good?
What would YOU do?
Comment
-
Originally posted by Mercyful Fate View Post
How to take over? Money...
*Shady, nefarious MS takeover guy*: Hey, Linus! I heard you got some cool tech there. How about I pay you and your core group of hackers 1 Billion dollars and you all relocate to Redmond? Sound good?
What would YOU do?
And apart from that, only fools accept these kinds of deals "you betray everyone for this money I give you" as this type of offers make well known that your new "employer" is ready to betray you at a moment's notice.
Selling off is fine, (aka Minecraft) as there is no relation over the long term.
Last edited by starshipeleven; 18 April 2018, 04:13 PM.
Comment
Comment