It’s always the same story… I’ve written about it before, repeatedly, actually, and yesterday it happened yet again, right here on this blog. This time by self-proclaimed expert Jed Smith.
Apparently he thinks that he is an expert on security, for ALL OSes, just because he uses linux. He seems to think that linux is the blueprint for all OSes everywhere, so his limited knowledge of things such as Access Control Lists based on half-baked linux add-ons makes him an expert on Windows as well.
So, he comes off with the usual arrogant and pedantic rhetoric:
“You’re free to critique things but at least know your material beforehand”.
Sure… problem is, I did, he didn’t. Once I answered, and a technical discussion ensued, it quickly became obvious that he has no idea what he is talking about. He is locked into the linux mindset (“everything is a file”, “ACLs only exist in the filesystem” etc), and has little or no grasp of how Windows works (newsflash: Windows is not based on *nix. Although it may borrow some ideas from the *nix-world, in other areas it is nothing like *nix in any way). So it quickly becomes very painful when you have to explain some very basic features of the Win32API (which has been that way since 1993, unlike the ACL patches and other things such as SELinux and AppArmor, which were introduced to hack similar security features into linux as an afterthought).
Even though limited ACL support exists for linux and similar *nix-like OSes, it is not quite a mature solution yet, as linux developers will tell you: http://www.suse.de/~agruen/acl/linux-acls/online/
I just wonder: what is it with linux that makes people like Jed Smith think they know everything about every OS? Why do they try to tell others that they don’t know what they’re talking about, while they don’t know the facts themselves?
Not that I consider myself an expert in the least, I merely try to know the facts before I speak. It does help however that I have quite a bit of experience of developing on Windows and various *nix-like OSes, and that I have studied the OS internals of Windows and linux at university (with the great book “Operating System Concepts” by Silberschatz and Galvin). It also helps that I was hired by a university to develop an efficient ACL-based security system for their Typo3-based CMS, as the size of the organization gave them trouble managing the security with just the built-in *nix-like owner/group/world security bits, or with existing ACL-plugins.
Jed Smith, you are an idiot! Of the arrogance-through-ignorance kind! And there are so many of you! It’s like the linux idiot army!
Your university failed you by introducing you to Silberschatz instead of Tanenbaum (far superior) or Stallings. They also did a pretty poor job of preparing you for the real world — particularly the IT real world — where people will respectfully disagree with you, often. I perhaps wasn’t the most respectful, but I didn’t lash out like a tool, either.
Most importantly, I use Windows 7 every day, as I think it’s the best out of the batch. I use UNIX on servers, where it belongs — and that’s a split between Linux at my day job and FreeBSD elsewhere. I’m not a proponent of the Linux desktop and never have been. As a sane, reasonable IT professional I am aware of the weaknesses of all of my tools and I spend my time improving things rather than arguing which is better.
To be honest, this security debate is even more pointless than a language debate. A true IT professional knows how to use both, knows their best role, and actually contributes something to the craft instead of fighting with zeal against the tyranny of the other side.
I’m rising above feeding into this, but you’d do well to know that just because someone disagrees with you doesn’t mean they’re an idiot and you look absolutely silly when responding like this.
Ah yes, let’s take cheap-shots at me, my university, and the literature I referred to. Very mature (and if Tanenbaum is so much better, then what is your excuse for knowing so little about Windows internals? Not that I have anything against Tanenbaum by the way, I have read some of his books as well. They are indeed very good, and I like his humourous style of writing).
As for the real IT-world, look at yourself. I have no problem with respectfully disagreeing with others. But as you yourself already admit: you weren’t very respectful yourself. And again in your reply I can taste a level of arrogance that indicates that you think you are the more knowledgable and experienced of us. I probably have quite a few more years in IT under my belt than you do. And probably in higher positions and more high-tech environments. Not that I feel like throwing a resume around to impress someone like you, let alone that I think that being more experienced would mean that I am right more often, let alone that I wouldn’t have to listen to the opinion of someone less experienced. But it smells of illusory superiority on your behalf.
I don’t care whether you use Windows or not, that is not the point (and statistically, how small is the chance that any *nix advocate has never used Windows? I mean, let’s be realistic here). The point is also not that you disagreed with me. The point is in the tone you used when disagreeing with me, combined with your obvious lack of knowledge about Windows (using Windows doesn’t make you are an expert on OS internals anymore than linux does). That is what makes you an idiot. I am making an example out of you, because there are too many people like you around. You also failed to ‘rise above’, by the way.
Lastly, I never argued which is better. But only a sane, reasonable IT professional would be able to objectively read my posts, and understand what I did and didn’t say (perhaps you should read some more of my blog posts to get a bit of an idea about what kind of OSes and technologies I use, or have used, and what my stance is. Hint: I’m not pro-Microsoft or pro-Windows, let alone Microsoft/Windows-only).
But hey: I’m a reasonable guy, I didn’t delete or edit your reply. You can have your say, and defend yourself if you like. I don’t believe in censorship. I believe in mature, fair, reasonable debate.
I don’t think “cheap shot” means what you think it does.
I thought something like this: http://www.yourdictionary.com/cheap-shot
That’s how it was meant anyway.
In other words: your digs at me, the university etc were all just fallacies. They don’t have anything to do with the real subject at hand. If my technical knowledge was shown to be lacking, start a technical debate on things I said wrong, not on what university I may have gone to, or what books I may have used there. The fact that you made these digs shows at the very least that you are not capable of respectfully disagreeing (you made the digs, I didn’t make any digs, I merely confronted you with your own behaviour right here on my blog, which everyone can see for themselves), and is also an indication that you don’t have any real arguments to add to the discussion.
Well, not many people have come to your rescue, have they?
Scali,
You seem to be a bit rude and overly aggressive in situations where they are not warranted. This blog post appears to be no different. You did not write this post to add to the previous topic, but rather to be a personal attack on Jed, as well as a sweeping statement of *all* Linux (notice the capitalization as it is a proper noun) users.
“Jed Smith, you are an idiot! Of the arrogance-through-ignorance kind! And there are so many of you! It’s like the linux idiot army!” — Please clarify to me how this statement, in any way, can be considered constructive? (Also, watch your proper nouns.)
I must admit I am not impressed with your conduct. Maybe you should realize comments are not always meant to be abrasive or confronting. They are designed to continue the conversation and possible clarify, or request clarification, for topics discussed in the article. Maybe you should take a step back and read the comments as someone having a conversation with you, not someone attacking you. I feel you can then provide better responses and continue with a constructive conversation.
This blog post is nothing but an enraged rant where *NOTHING* constructive was accomplished. Maybe you should have made this article start off by mentioning the comments by Jed, and then made it a constructive post. Instead of continuing on to explain ACLs and touch every topic, you continued it as a personal attack.
Your conduct in this blog post made it quite apparent who the idiot is here. It also brings an internet meme to mind:
“u mad bro?”
-Alex
Hi Alex, let me just pick out a few things here.
That is your opinion. This is my blog, where I post my opinions.
Indeed, it was not meant to add to the previous topic. It was meant to harken back to an earlier topic, a gripe I’ve had with the linux community for years now (see the “Are all linux users idiots?” blog, for example, first link in this blog).
I have not made a sweeping statement however, I just said there’s ‘an army’ of such people. That does not imply that *all* linux users are like that (which you can also read in the very first line of the aforementioned blog).
Nice of you to pick up on the deliberate non-capitalization of linux by the way (but not FreeBSD, for example *hint*). I always do that, bit of an in-joke… a response on how some people like to write Micro$oft or Windoze etc.
Blogs tend to be opinion pieces, opinions are not always constructive. Sometimes they are not even trying to be constructive at all! In this case, however, I try to be constructive by confronting people with their behaviour, in the idle hope that they may realize what they are doing, and subsequently change their ways.
That I do, that I do. I think my first response was perfectly friendly and constructive. I merely pointed him to the proper MSDN background info. I just added a small jab at the end to counter the jab he put in his own post, in the hope that he would see the irony.
Then he became increasingly pedantic and argumentative, rather than just admitting he was wrong with his earlier assessment, and his jab was uncalled for. And only *then* do the gloves come off. As you can see, I have been friendly to the other posters, extending them the same courtesy they have given me (much like with Jed, really).
There is no point in continuing the conversation, as Jed has not bothered to respond to the last replies by myself and Sune Marcher. The ball is in his court on that matter. Had he just admitted he was wrong, then he wouldn’t have come off so arrogant. But when someone like Jed comes here, insults my knowledge for no apparent reason, and then just leaves a technical discussion without even having the decency to admit he was wrong, let alone apologize for his behaviour, then yes, I will tell someone like that EXACTLY how I feel about them.
Oh, I’d like to add another opinion of mine: your post here seems to be quite a rant. If you had taken the time to follow how the original conversation between Jed and myself evolved, perhaps your judgement would have been different. And perhaps if you understand the true idea behind this blog post, you might change your opinion on that as well.
Not sure what your point is supposed to be anyway. You seem to be the same type of person as Jed Smith, thinking you’re better/more experienced/etc than I am, and try to tell me how I should conduct myself. I have no idea who you are, or why I should even listen to you. And you have no idea who I am, so I wonder why you try to judge and even lecture me. I’m not some kid who writes Python scripts, you know. I’m a very experienced developer and project manager. I know how the IT world works, and I know how to deal with people, especially other developers.
PS: There is an extra in-joke in that I use rhetoric and terms such as ‘idiot’, as used by prominent linux/OSS advocate Eric S. Raymond.
Not even a reply for courtesy? You guys are all the same. Shoot off your big mouth, jumping to conclusions, then sneaking out like a thief in the night. Weak, very weak.
I kinda look at linux users as rebels without a cause. They don’t wish to really be part of any kind of OS that has a brand to it. Like Apple or Microsoft. Most of the linux users I knew in the past hated on MS. But eh, I am a gamer so I am really just neutral on all of it. I use Windows because of the games. SPEAKING OF GAMES.
Crysis 2 DX11 finally did come out. It does look really pretty. Interestingly enough there is already a benchmark on it from a Euro website. Nvidia seems to dominate in performance lead. (Due to tweaks or hardware differences but I hug my 920 @ 4.2 580 SLI rig)
http://gamegpu.ru/Action-/-FPS-/-TPS/Crysis-2-v-rezhime-DirectX-11-test-GPU.html
Keep it up Scali! Hates gonna hate, remember that!
Yes, an old saying is: “Linux users use linux because they hate Windows. BSD users use BSD because they love UNIX”.
I think there is some irony in that: A lot of people use Windows simply because it is the most obvious option, not because they really thought about what kind of OS suits their needs best. The people who hate Microsoft/Windows use linux simply because it is the most obvious option, not because they really thought about what kind of OS suits their needs best. So in a way they’re no better than the Windows users they despise for “not thinking about the OS they choose”.
In many ways, linux is the Windows of the non-Microsoft world. It has the largest userbase, as a result, the average linux user is also less knowledgeable than other *nix users. And the linux world tends to ignore portability and other OSes as much as Microsoft does. The linux world seems to think that they *are* UNIX. As a result, you often find open source applications that *should* be portable, but aren’t. They will use the specific GNU make dialect, breaking compatibility with BSD make. And they will use specific linux paths to headers, although linux also has softlinks to more standard paths in the UNIX world. As a result, you often have to put in quite a bit of work to make open source projects compile on non-linux systems. However, once you’ve done that, they STILL compile on linux, so there is no reason why they wouldn’t have made it more portable and compatible in the first place. They just seem to be ignorant of the rest of the world.
And yes, I just downloaded the Crysis 2 updates and played a bit. I was pleasantly surprised at how well my GTX460 handled the game with all the detail on. I was disappointed however to find that there isn’t a 64-bit binary (unlike Far Cry, Crysis 1 and Warhead/Wars). Apparently they only say you need a 64-bit OS because it allows 4 GB of memory per 32-bit process, where a 32-bit OS only allows 2 GB.
Based on the benchmarks you linked to, I have to conclude that AMD is doing better in DX11 than nVidia though. Although nVidia has the absolute fastest option there, by a margin, you see that the Radeons move up a few places in the ranks, going from DX9 to DX11. Eg. the Radeon 5870 overtakes the GeForce 470 and nearly closes the gap with the GeForce 560Ti.
Dude, don’t generalize on things. There are all kinds of Linux users out there. Linux users are apparently humans too. Just like BSD have varying variety of users like idiots, stupids, psycos, morons, maniacs, etc :p. Linux has its share too.
And by the way, we don’t use Linux because we hate Windows or we love UNIX. We love Linux because we love it, because it provides the most efficient Free and Open Source alternative(according to me by the way), because we love the community it provides, because everyday it grows more than any other OS in the world. It might have some drawbacks, sometimes serious ones. But we aren’t backing-out. We are going to stick with it, contribute to it and make it more better and more efficient.
Since Linux and BSD are both UNIXes, we are supposed to be friends and not fight against each other. To an Apple-fanny girl or a rich fat Microsoft fan, we all look alike. Ever talked to an apple or microsoft fan about how BSD is an (efficient) OS too……. you will know! :p
I can generalize all I want, for dramatic effect. You can complain about it all you want, and show your lack of comprehension.
Also, no… BSD is an actual UNIX, linux is UNIX-like.
hehehehhe… you right man! I’m a gamer too… But I use linux too for virtualization. It depends on what we need….
sincerely
Scali, I see you’re still a windbag. If you’re talking about ACLs on *nixes being less mature, you’re leaving out the likes of HP-UX and AIX, and the now-defunct DG-UX and IRIX, which have all had ACLs for nearly as long as VMS.
There are very practical reasons that the BSDs and Linux haven’t put much effort into developing their ACLs: they’ve been hobbyist UNIXes for half their existence, and had other things to worry about. VMS was built for anal organizations from the beginning, and commercial UNIXes mainly had them to get red book division C so they could sell stuff to the US government. In fact, MS added ACLs to NT for the same reason, and until windows 2000/2003 they were ridiculed for doing a terrible job of it. SELinux and AppArmor were both better solutions the moment they appeared than windows ACLs were for the first decade of their existence.
Also, Jed’s right: Tanenbaum > Silberschatz.
Clearly there are exceptions to every rule, but in this case we were mainly concentrating on the POSIX extensions that OS X/BSD/linux use (let’s not pull things out of context). By SuSE’s own admission, there are still a number of restrictions. See the link I posted.
Regardless of how good a solution they may or may not be, the mere fact that these solutions have been created is clear proof that the original UNIX design itself was not as ‘secure’ as some people seem to think. People make it sound like UNIX has always been about maximum security. And that therefore any UNIX-derivatives (mainly BSD, OS X, linux) are secure by default. Nothing could be further from the truth. VMS/Windows NT provide a better case for this (although still not a very strong one, but since people usually compare to Windows, well…).
I never denied that (I don’t even want to START a debate on ‘who is better’, it’s pointless. You do know the difference between opinion and fact, don’t you? Because both you and Jed have presented your opinion as fact), I just fail to see the relevance of such remarks (it’s just a fallacy). Which goes for you as well. If you want to post book reviews, post them on Amazon. In fact, I wonder why I even approved your post at all, and even reply to it.
In fact, I am never interested in ‘which is better’, my angle is, and has always been, about finding facts. But, people like you can only see in black-and-white, so I don’t expect you to understand, or even try.
Next time, try without the insults. And don’t try to make it sound as if you know me. I certainly have absolutely no idea who the heck you are, other than that you’ve made a lousy first impression.
Well, all the ones I mentioned are fully POSIX-compliant, which BSD and linux generally aren’t, so I don’t think I’m decontextualizing at all. I’m merely putting things in a more historical context. Also, ACLs never made it into an accepted POSIX standard. Most implementations are based on the NFSv4 implementation or home-brewed. It turns out that they’re just not a feature that’s in that much demand.
And I agree that there’s no point in arguing authors, but I strongly suggest checking Tanenbaum out if you have a moment.
I don’t really view calling someone a windbag as an insult. Some people don’t talk much, some people talk a lot, and listening is also subject to variation. You just happen to land on an interesting spot on those continua. As for knowing you, I was a #c4n op back in the earlier days of #win32asm.
Well, I think you are contradicting yourself here.
Nevertheless, as I have already said to Jed in the previous blog-comments: the problem with the POSIX API is that it is not built with security attributes in mind. So even though you may have ACL support in the filesystem, and ‘everything is a file’, you still lack some control there. Which is where something like SELinux or AppArmor comes in, which is very OS-specific, which means we’ve strayed WAY from the ‘UNIX design’-topic that originally started the discussion, and this path need not be pursued further.
Yes, the SuSE link in my blog speaks of a POSIX draft, and goes into this subject somewhat.
I already said I have read some of Tanenbaum’s books. Just because I mention this one book doesn’t mean I haven’t read any others.
It reminds me of what one professor told us back in the day… He said: “Well, you probably all use Google to search the web, right? And I think that we probably all agree that Google is the best search engine, right?
Well, but what about the others? Just because they are not as good or popular as Google, doesn’t mean that they’re useless.”
Then he demonstrated what a search looks like if you take the results, and filter out the ones that Google would give you. This was very interesting. In a way you were filtering ou the ‘Google bias’ of the search results. Instead of landing on the articles that everyone else also read, when searching for that topic, you got the ones that were overlooked by most people.
I feel the same way about this situation: Yes, Tanenbaum’s books are very good. But you should try reading some others sometimes, they may focus on other subjects. Silberschatz has a really nice case study of a few popular kernels, including Windows NT and linux. It’s almost a direct comparison, which I think is more appropriate in this case than Tanenbaum’s approach.
Well I do. It means that someone doesn’t have anything interesting to say. You are entitled to your opinion ofcourse, but I don’t think it’s a good conversation-starter. Also, my blog enjoys a modest popularity, so apparently it is interesting enough to a certain audience.
To speak with the words of the infamous Captain Jack Sparrow: “… But you HAVE heard of me”
I was just thinking though… Quite a coincidence that both you and Jed have read both Tanenbaum and Silberschatz. Yet neither picked up on the case study in Silberschatz that would be quite appropriate here.
You HAVE read Silberschatz, haven’t you? Or is the Tanenbaum-thing just a case of name-dropping, appeal-to-tradition etc? The book everyone (yes including me) ‘knows’ you *should* be reading. Just like everyone ‘knows’ that UNIX is the most secure OS…?
Admittedly, I seem to have caught you at a low point in your blog. And most of what I heard of you wasn’t the kind of thing that you’d tend to want said. So I guess it’s a contemporary american kind of fame.
Also, the debian document you linked is from 2003 and refers to 2.4 kernels; things have changed a LOT. I reasonably presume that with devfs and procfs and 2.6 kernels, most of the limitations mentioned in that document have been addressed.
Depends on how you look at it. This post is among the most popular this week.
Yes, and I’m not even American, so I guess my allure is international!
Yes, I am well aware of the date. Some things may have changed, other things are still very much relevant: The point you made about ACLs not being accepted as a POSIX standard, and implementations being based on the NFSv4 standard is in there, for example.
Some of the limitations *I* have mentioned go well beyond the scope of this document however.
At the very least, it gives an interesting historical context of ACL support in linux and related OSes.
Pingback: Why I don’t use linux (and why you shouldn’t either) | Scali's blog