Originally posted by Danny3
View Post
Originally posted by Danny3
View Post
Originally posted by Danny3
View Post
The reason for this design is that not all the spokes are mandatory. Most people don't actually have to change their network settings, or their keyboard layout. Many accept the default package set.
In the really radical original implementation, you didn't have to visit *any* of the spokes at all in order to complete an install. If there was only one disk attached to your system, you could just boot the installer, pick a language, then click Start Installation and it'd install with default settings into whatever free space was available on the disk.
Radical designs have a way of getting the edges sanded off, however, and it turned out this really freaked people out. Turns out if you don't force people through a step where we basically say 'yes, we know there's other stuff on your hard disk, don't worry, we're not going to wipe it' they'll kinda assume you're just going to eat the entire disk and wipe whatever else was there. So now we force everyone to complete at least the 'INSTALLATION DESTINATION' spoke. That's still the only spoke on the pre-install hub that's always mandatory, though: you can usually complete an install without visiting any of the others (and I frequently do, for testing). On the during-install hub, you have to *either* set a root password *or* create an admin user. Those are the only mandatory steps.
It *is* a bit of an uphill slog trying to explain all this over and over, especially when we are (as I mentioned) still an outlier. Working on Fedora's installer is also complicated by the fact that, as the upstream for RHEL's installer, it's kinda required to have a whole bunch of rather complex and exotic capabilities that 99% of Fedora users don't use, or even see.
Originally posted by Danny3
View Post
Originally posted by Danny3
View Post
Originally posted by Danny3
View Post
One interesting example here is that X11 is a huge security fail by default: any X app running in any X session can access all kinds of information about any *other* X app running in the same X session and there's just nothing much you can do about that, it's inherent to X's entire design. This is one of the major reasons we want Wayland in the first place - it solves that problem. So in a sense, Fedora 25 is a big step forward here. There's still an awful lot to work on.
I'd say Fedora satisifies your points 1, 2, 3 and 4 pretty well. Point 5, though, no, not really. As you say, I'm not sure any desktop operating system does that.
Originally posted by Danny3
View Post
The basic argument that Linux is 'more secure' hinges on a few things:
1) Some stuff that's kinda not terribly valid any more. Like how IE, Outlook and Office used to be absolute security disasters and the Linux equivalents were fundamentally more securely designed. This is really just no longer true, but the thought hangs around.
2) The fact that software from random third parties is just generally rarer and less widely used by desktop Linux users. This is the point I noted in my original message. It still does hold true, to a reasonable extent. If you stick to the 'old-school' system of only using F/OSS applications provided through distribution repositories, this *does* provide a meaningful enhancement to overall 'security' in some senses. It's in absolutely no way a 'perfect' system, though. For a start perfect security is impossible, and for a second thing, while the F/OSS development model does provide some help with inadvertent security issues and a decent measure of protection against actively malicious software, it's not perfect in either case.
3) Some specific elements of OS design like user privilege separation (which used to basically not exist on Windows especially; it now does but people are still kinda used to running all sorts of stuff 'as administrator') and systems like AppArmor and SELinux.
There is definitely a stronger argument that Linux as a *server* environment, with specific widely-followed usage patterns, is a reasonably secure environment than there is an argument that desktop Linux is a reasonably secure environment, however precisely you want to define 'secure' (again, this is a difficult thing to do in itself). I personally just would not consider any computer to be fundamentally secure, *especially* for desktop tasks. I don't put anything particularly sensitive on any computer (including cellphones) without taking specific steps to isolate and encrypt it. I think if you talk to anyone who's really seriously thought about security (including anyone who actually *works* on OS security - look up Josh Bressers, he's one of our security folks), they'd tell you the same thing. The more you think about it, the more you realize:
i) It's incredibly hard
ii) Everyone's fundamentally awful at it
iii) No computer is secure
I can't resist pointing out, though, that you have no way at all to know that what your 'proprietary firewall' is showing you is the truth. You might choose to believe it is, and trust the people who made it, but fundamentally you can't know.
Originally posted by Danny3
View Post
Originally posted by Danny3
View Post
I have a particular bugbear about "forced to do a thing only one way", so allow me to rant for a minute:
Software is *always* 'forcing' you to do things in certain ways. I mean, that's the whole point of software. If you don't want to be 'forced' to do things in certain ways, you can start from a breadboard and build things up from scratch to work exactly how you want them to. The entire job of any person who writes any piece of software is to say "OK, I want to design a system to achieve <some task> so that every other person in the world doesn't have to make their own decisions about precisely how to achieve <some task> and design it themselves." From the first line of code onwards, as a developer, you're constantly making decisions about how the software is going to work.
You say you were a web developer - well, you did this all the time. You made decisions about how the site would display stuff to the reader, you didn't give the reader infinite choice about that. You made decisions probably about how the site would store data and what data it would store, which have inevitable consequences for the reader, but you didn't give the reader infinite choice about that. Etc, etc.
To put it another way, if you took the philosophy of making software 'configurable' to its logical extreme, you wouldn't ever ship anyone a piece of software: you'd just give them an empty document and say "there you go, open it up in a text editor and write it however you want it to work. It's so flexible!"
Of course, if you take the opposite philosophy to its extreme, you don't ship people apps (or a computer) at all, you just tell them "I decided what you wanted to do and did it for you already". It's like being Apple! (rimshot please)
Basically what I'm saying is, absolutely all software falls in a pretty narrow area of a very wide spectrum. If you think about all the ways you theoretically could do something in any app, but which the app does not actually let you do, that list is essentially infinite. Why can't I rearrange all the buttons in my text editor, just because I want to? Why can't I make the text flow top to bottom, or bottom to top, or round in little circles? (Well, unless my editor is emacs, in which case I can probably do all of that...) Etc etc etc. It's kind of silly to 'complain' about software making choices for you about how to get the task done, because this is *fundamentally what software is for*.
So basically I'd say this: if you don't like the choices the designers of a particular piece of software made about how its users should use it to achieve the task it's meant for, then hey, that's entirely your right. It sounds like you don't like GNOME. Okay! That's fine. By all means, use something else. If you care deeply about it, you can even talk constructively to its designers about the decisions they made. But I personally think that basing your arguments on the premise that 'you're forcing me to do things a certain way and that's bad!' is a) silly and b) unlikely to get you anywhere.
Originally posted by Danny3
View Post
Suspend does work fine on most systems, these days. I use it all the time on my desktop and my laptops, and sometimes in VMs. Hibernate is still a disaster area, though.
Originally posted by Danny3
View Post
Comment