[NTLUG:Discuss] DistroWatch 10 Most Popular Linux Distros

Leroy Tennison leroy_tennison at prodigy.net
Sat Apr 4 21:20:31 CDT 2009 

Kenneth Loafman wrote:
> terry wrote:
>> 2009/3/29 Ted Gould <ted at gould.cx>
>>
>>> On Wed, 2009-03-25 at 14:23 -0500, Ted Gould wrote:
>>>>> All in all, they're trying to duplicate the "friendliness"
>>>>> of Windows.  And that's just SOOOO wrong.  People who think
>>>>> Linux distros are "hard"... just don't understand the
>>>>> complexity of being on a shared network.... Windows makes
>>>>> 1001 assumptions... and has a myriad of security issues.
>>>>> We don't need to emulate them.
>>>> Could you give some examples of Ubuntu security flaws that are created
>>>> through this "duplication of Windows"?  I'm not aware of any.  In fact,
>>>> I can largely only think of security enhancements.  The hiding of the
>>>> root user.  Apparmor by default.  No external services enabled by
>>>> default.
>> It is a good thing that ssh is not installed by default on a Ubuntu system
>> because "hiding the root user" is not a security enhancement.  Not setting a
>> password for root and therefore not having access to it and giving all admin
>> rights to the user can not be a security enhancement, it could only be
>> called a breach of security.  It may make the system simpler and easier to
>> install and negotiate by the novice user but I see no way we can construe it
>> as a security enhancement.
> 
> Contrary to popular misconception, root on Ubuntu *is* configured with a
> strong password, generated but not provided to the user.  Their goal was
> to force the user to use sudo or one of the alternatives, rather than do
> what users quite often do, sign on as root and stay there.
> 
> The first user does have 'admin' rights, but not all the rights of root
> by a long shot.  After the first user, additional users get normal
> rights.  This may be a security breach to you, but for the most part,
> the first user is almost always the one that runs the machine and having
> admin rights is needed.  It's a nice balance of power, but may not play
> well with fascist IT departments.
> 
> ...Ken
> 
> _______________________________________________
> http://www.ntlug.org/mailman/listinfo/discuss
> 
I beg to differ with only one statement: "fascist IT departments."  I'll 
be the first to grant that there are control freaks within the IT 
community and those whose views are so strident that they make religion 
pale by comparison.  However, what I see is "fascist COMPLIANCE 
officers" - those who aren't technical but make up for it in obstinance 
(why doesn't either Thunderbird or OpenOffice recognize this word?).

More information about the Discuss mailing list