Apparently he thinks that he is an expert on security, for ALL OSes, just because he uses linux. He seems to think that linux is the blueprint for all OSes everywhere, so his limited knowledge of things such as Access Control Lists based on half-baked linux add-ons makes him an expert on Windows as well.
So, he comes off with the usual arrogant and pedantic rhetoric:
“You’re free to critique things but at least know your material beforehand”.
Sure… problem is, I did, he didn’t. Once I answered, and a technical discussion ensued, it quickly became obvious that he has no idea what he is talking about. He is locked into the linux mindset (“everything is a file”, “ACLs only exist in the filesystem” etc), and has little or no grasp of how Windows works (newsflash: Windows is not based on *nix. Although it may borrow some ideas from the *nix-world, in other areas it is nothing like *nix in any way). So it quickly becomes very painful when you have to explain some very basic features of the Win32API (which has been that way since 1993, unlike the ACL patches and other things such as SELinux and AppArmor, which were introduced to hack similar security features into linux as an afterthought).
Even though limited ACL support exists for linux and similar *nix-like OSes, it is not quite a mature solution yet, as linux developers will tell you: http://www.suse.de/~agruen/acl/linux-acls/online/
I just wonder: what is it with linux that makes people like Jed Smith think they know everything about every OS? Why do they try to tell others that they don’t know what they’re talking about, while they don’t know the facts themselves?
Not that I consider myself an expert in the least, I merely try to know the facts before I speak. It does help however that I have quite a bit of experience of developing on Windows and various *nix-like OSes, and that I have studied the OS internals of Windows and linux at university (with the great book “Operating System Concepts” by Silberschatz and Galvin). It also helps that I was hired by a university to develop an efficient ACL-based security system for their Typo3-based CMS, as the size of the organization gave them trouble managing the security with just the built-in *nix-like owner/group/world security bits, or with existing ACL-plugins.
Jed Smith, you are an idiot! Of the arrogance-through-ignorance kind! And there are so many of you! It’s like the linux idiot army!