> 7: Root user
Really? REALLY?!!!

It’s the most stupid thing I’ve heard recently. Root user (along with suid/sgid/sticky + sudo) is an incredibly ugly hack to workaround incredibly stupid permission system in UNIX.

If we speak about privilege separation, state of Linux security is pretty much on par with that of NT3.51 (except NT actually had ACLs): you have to explicitly run runas (I mean sudo/gksu) for each command (even GUI one) and you have to do this on the same desktop where potentially dangerous code executes (well, isn’t this a reason to run “non-root” user in first place?).

There is no such thing as Linux security – it’s oxymoron.

“Having a 3D desktop that offers you quick access (via key combinations) to multiple workspaces is handy.”

http://technet.microsoft.com/en-us/sysinternals/cc817881

Bite me.

“But when I install Linux for the average user, I’m done.”

LibreOffice, fsck yeah.

Admin slipped in that “Steam” part when I wasn’t looking.

That bugger.

I was going to mark it as an admin update, but it felt natural leaving it that way.

This should be a TM. Linux users thinking their beloved features don’t exist on Windows. I can’t think of a name for it though.

Thinking about it, I think the reason this always happens is that Windows doesn’t require these features for normal users, so only determined users will find out about them. Take the log viewer for example. When was the last time you ever had to use it on your non-server Windows machine? For me: never. But for Linux, many things require you to use dmesg eventually.

And now for the specific features:

1: Compiz
This is definitely one of the things I miss the most when using Windows. I can’t live without Exposé-style window switching. Workspaces are very important for me too.

@CHRISTX
Wow, thanks, that’s very useful. However, he does say “by default”.

2: Multi-user
What he means is having two users logged in and using the system at the same time. You can’t do that with fast user switching. But you can’t do that with Linux either because there is only one display/keyboard/mouse. If he means for a server, he’s wrong about the “third-party tool” part; Microsoft provides it (for a price).

3: Log files
As mentioned above, you rarely need to look at logs on Windows. However, his point is that the logs are not “plain text” and so you can’t read them if the computer can’t boot or log viewer keeps crashing. What I personally think the problem is is the lack of a Windows LiveCD (or DVD, or USB). If Windows could boot a minimum system from the installation CD, many “feature X is not plain text” complaints wouldn’t be a problem at all. (Yes, there are ways to create a Windows LiveCD, but the legality of such methods is dubious)

4: Centralized application installation
Again, “by default”. Microsoft Store is still just a website (this might change in Windows 8) and Steam is not installed by default. Microsoft Store also doesn’t have every Windows program that ever existed, which is hardly centralized. The repositories of Linux distros do contain every Linux program that ever existed (open source ones, at least).

As for multiple package managers, I disagree. Each distribution comes with a single package manager only, and installing another one will probably wreck havoc.

5: Cron
facepalm I don’t believe he never heard of Scheduled Tasks.

Blimey, I passed the 3000 character limit again. To be continued.

6: Regular release cycle
I strongly disagree with him. I hate the approach used by Linux distributions (maybe I should start a new one! The ten thousand distros currently available are not enough!). You either have:
a- Release-based distros, where all software gets updated every release, and you need to wait at least 6 months to update even the smallest program. Or,
b- Rolling-release distros, where all software gets updated whenever released, usually full of bugs. I could live with the bugs, but THE BASE SYSTEM also gets updated the same bloody way. And your system could become unbootable overnight, any day of the year. Marvelous.

*BSDs are somewhat better in this regard. The base system is separated from third party software. The base system gets updated using a release-based approach (for example: FreeBSD 8.1, 8.2, etc. OpenBSD 4.8, 4.9, etc). The third party software lives in a “ports tree” that is pretty much similar to rolling-release Linux distros. Unfortunately, other reasons prevent me from moving to a *BSD operating system.

7: Root user
Pressing “Allow” on the UAC dialog is not different from entering a sudo password. After all, the sudo password IS the user’s password, and most Linux users learn to enter their password without thinking about it.

8: Pricing
I agree with the article, but Linux is much, much worse. One billion distributions and counting, each with wildly different features.

9: Installed applications
Microsoft is a victim of their own success. They can’t bundle programs with Windows like Apple does because of anti-monopoly laws, and the EU would eat them alive for it.

10: Hardware detection
Device manager does indeed do that, but it’s not exactly visible. It would’ve been much better if unknown device names were “Unknown Device (Logitech Webcam 250)” instead of just “Unknown Device”.

“What he means is having two users logged in and using the system at the same time.”

That’s what RDP is for, in Server 2003, at least.

“What I personally think the problem is is the lack of a Windows LiveCD (or DVD, or USB).”

Isn’t that what Windows PE is for?

@ALMAFETA
I don’t know, you tell me. Can you, using a regular Windows installation DVD, view the log of an installed system, edit its registry, etc? If yes, then I take what I said back.

“Can you, using a regular Windows installation DVD, view the log of an installed system, edit its registry, etc? If yes, then I take what I said back.”

There is nothing you can do with a Linux installation CD (except installing Linux) unless it also happens to be built as a LiveCD, and, often or not, a Linux installation CD is simply not a LiveCD.

On top of that, you also have a good chance of ending up with a broken or non-existent rescue mode. I don’t know about you , but my glorious experience with SL 5.4 thus far is simply whatever meaning attached to “segmentation fault”. Frankly, Redhat/Fermilab might just as well replace the whole damned thing with the words “You got served” flashing on the screen.

I didn’t mean “installation” DVD per se. What I meant is the generally used media for installing the system, which pretty much all users are guaranteed to have. Most popular distros (Ubuntu, Fedora, Mint) do have a liveCD as the installation media.

Actually, forget the above argument; most Windows users don’t have the installation DVD because they get it pre-installed. I’ll try again: Can that be done using any media that is available for the general public? In other words, can I legally get (buy, download, transported by a pigeon) a CD/DVD that boots into an environment that allows me to view log files and edit the registry of an existing Windows installation?

Just to elaborate further on that “LiveCD” goodness:

Trying to fix a Linux install with a LiveCD of a different distribution is fun, And by “fun” I mean “amputating both your arms with a dull saw” kind of fun.

Two HDDs are set up as a software RAID-1 array in SL 5.4. Try accessing the array from Knoppix results in two separate arrays that you can’t put back together without resyncing the data (or some obscure command-line/config-file fu that you can’t locate without digging into even more obscure forums or mailing lists). Broken/half-baked drivers in Linux also means that my on-board Marvell Yukon NIC only works when it feels like to, and no NIC means no Internet and hence no Googling. Man pages in Linux still stink at offering useful information, and when there is something you haven’t already known that you need to deal with the situation, you are out of luck.

LiveCD? Hell yeah.

“In other words, can I legally get (buy, download, transported by a pigeon) a CD/DVD that boots into an environment that allows me to view log files and edit the registry of an existing Windows installation?”

BartPE, a recovery disk based on the downloadable Windows PE toolset:

http://windowsxp.mvps.org/peboot.htm

Or if that doesn’t suit your taste, here’s the vanilla Automated Installation Kit (though you’ll need it for BartPE anyway):

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=c7d4bc6d-15f3-4284-9123-679830d629f2

BartPE and the like (VistaPE, vLite, etc) feel somewhat cumbersome, and I’m not sure if they violate Microsoft’s EULA or not.

The Automated Installation Kit is indeed interesting. I’ll try it myself and see what it’s capable of, although not any time soon.

You missed the Ten Windows Things I Want On Linux drivel.

Applications that work? Nope. Power management? Nope.

Number 1, would you believe, is “Marketing.” Although to be fair, he does mention “Support” lower down, in a grudging sort of way.

“What I personally think the problem is is the lack of a Windows LiveCD (or DVD, or USB).”

Uhm, Windows PE existed for ages, is free and customizable?
http://technet.microsoft.com/en-us/library/dd799303(WS.10).aspx

If you need more, there’s DaRT for Enterprises (basically a prebuilt WinPE with a lot of tools included, also with NT Locksmith allowing password reset)
http://www.microsoft.com/windows/enterprise/products/mdop/dart.aspx

“The repositories of Linux distros do contain every Linux program that ever existed (open source ones, at least).”

a.) That’s not really true. The ones of Debian maybe contain a lot of them, but they’re terribly outdated and in most instances simply riddled with security holes as you can’t backport security fixes for 23,000 packages.

b.) Microsoft got a repository styled ( users can install from published lists or force install ) software deployment solution
http://support.microsoft.com/kb/816102

c.) In Windows 8, there will be an app store, similar to the one shipping with OS X 10.6.7/10.7

“Cron allows you to schedule as many tasks as you like, at any time you like, from a simple command-line tool”

at.exe . Welcome to Windows NT.

“6: Regular release cycle”

This would be a lot easier on Linux if it were for two things: a) drivers out of the kernel main tree, with drivel models and a stable ABI ( I said the words that must not be said, omg! ) b) libc with a stable ABI, so I can replace it without bricking everything.

Apps need to be deployed rolling. Otherwise you end up with separate installers like the one for NetBeans and so on. Repos my ass.

“Pressing “Allow” on the UAC dialog is not different from entering a sudo password.”

That’s not true. UAC’s input panels and such are isolated from the desktop. sudo isn’t and could be intercepted. Shouldn’t be so hard to edit the PATH var and make a sudo wrapper script that steals the password. Try that for UAC.

“It would’ve been much better if unknown device names were “Unknown Device (Logitech Webcam 250)” instead of just “Unknown Device”.”

That would require an external PCI ID database.

“Device manager does indeed do that, but it’s not exactly visible.”

Oh but dmesg is? If so:
gwmi -query “SELECT * FROM Win32_PnPEntity WHERE ConfigManagerErrorCode <> 0”

> Uhm, Windows PE existed for ages, is free and customizable?
Even more, http://en.wikipedia.org/wiki/Windows_Recovery_Environment is included since Vista and Windows boots into it automatically if it fails to boot several times in a row. Most of the problems are easily solved by restoring to the last system restore point. Before Vista there was http://en.wikipedia.org/wiki/Recovery_Console (on the installation disc – yes).

> Shouldn’t be so hard to edit the PATH var and make a sudo wrapper script that steals the password
You don’t even need that. xspy/xinput could sniff password out of root process (both use two different, but documented (mis)features of X).

“Shortened” version of your oneliner:
gwmi win32_pnpentity -filter “status = 'Error’”

“Uhm, Windows PE existed for ages, is free and customizable?”

Yes. I wasn’t aware of it, but now I am. (Although I still think Linux LiveCDs are easier to obtain, but I guess it’s not a very big problem)

“That’s not really true. The ones of Debian maybe contain a lot of them, but they’re terribly outdated and in most instances simply riddled with security holes as you can’t backport security fixes for 23,000 packages.”

Well, Debian stable is outdated most of the time. The situation is better in Debian testing, Ubuntu, Fedora, etc. I don’t know about the security holes though. Debian people claim to take security very seriously. Do you have an example of such package?

“Microsoft got a repository styled ( users can install from published lists or force install ) software deployment solution”

The article said “by default”, how many times do I have to repeat that? Linux supports every Wireless card out there, they’re just not there by default. See the similarities?

“In Windows 8, there will be an app store, similar to the one shipping with OS X 10.6.7/10.7”

Yes. That’s a great improvement. I even mentioned it indirectly: “Microsoft Store is still just a website (this might change in Windows 8)”.

But wait, UbuntuPlusOneWillSolve
Everything™. WindowsPlusOneWillSolve
Everything™?

“That’s not true. UAC’s input panels and such are isolated from the desktop. sudo isn’t and could be intercepted. Shouldn’t be so hard to edit the PATH var and make a sudo wrapper script that steals the password. Try that for UAC.”

I agree, and you don’t even need to change anything in the system; X is just plain broken from a security point of view.

I meant that as an answer to the article. He says Linux is better because you need to enter your password before doing something as root. I’m saying it’s not better because, when presented with a gksu dialog, users will enter their password without thinking about it. Just like they will press “Allow” in Windows without thinking about it.

“That would require an external PCI ID database.”

Fair enough. I think Microsoft already maintains a hardware database (for updating drivers in Windows 7), but it doesn’t contain unsupported devices. Maybe it could add hardware IDs to identify unsupported devices, but that’s probably pointless.

“Oh but dmesg is?”

Of course not.

“But wait, UbuntuPlusOneWillSolve
Everything™. WindowsPlusOneWillSolve
Everything™?”

Windows has survived without an “app store” (whatever hell that’s supposed to mean) for well over two decades, but now all of the sudden the lack of it becomes a problem. How? Because people wouldn’t know stuff all about where to look for Adobe Photoshop or Microsoft Office? Enlighten me here, by all means.

“I meant that as an answer to the article. He says Linux is better because you need to enter your password before doing something as root. I’m saying it’s not better because, when presented with a gksu dialog, users will enter their password without thinking about it. Just like they will press “Allow” in Windows without thinking about it.”

Again, ACE, GPO... Any fine-grained role-based access control Linux doesn’t have, Windows has already got them all since NT 3.5.

The best sudo can do is to take you from “being confined to you home directory” to “having the ability to nuke the entire system”. But, hell, people seem to like this “all or nothing” joke of a security paradigm, and MS, despite the painfully obvious, gives you exactly what you wanted.

I just don’t understand what exactly is there to complain about.

“Of course not.”

So, again, what the hell exactly are you complaining about?

I think you misunderstand my position. I’m not complaining. I don’t hate Windows, and I think it’s a good Operating System. I even use it on every computer in the house except one (unless you count Android and Iomega ScreenPlay¹).

Now, if other operating systems have feature X and Windows does not, and I point that out, I’m complaining? Linux users are wrong if they believe Linux is perfect, Mac OS X users are wrong if they believe Mac OS X is perfect, and Windows users are wrong if they believe Windows is perfect.

“Windows has survived without an “app store” (whatever hell that’s supposed to mean) for well over two decades, but now all of the sudden the lack of it becomes a problem. How? Because people wouldn’t know stuff all about where to look for Adobe Photoshop or Microsoft Office? Enlighten me here, by all means.”

It’s not a problem, it’s a feature other operating systems have. Wouldn’t it be nice if you could go to Windows Store and download a program being sure it’s not malware? And buy a program without trusting a shifty website (which you just visited for the first time after a Google search) with your credit card? It sure is useful, and if you think YouDontReallyNeedIt™, then I’ll leave it at that.

“The best sudo can do is to take you from “being confined to you home directory” to “having the ability to nuke the entire system”. But, hell, people seem to like this “all or nothing” joke of a security paradigm, and MS, despite the painfully obvious, gives you exactly what you wanted.
I just don’t understand what exactly is there to complain about.”

I’m not arguing for sudo, period. I’m actually with you on this one. I was saying that Jack’s claim was wrong. The world is not black and white, and I can agree and disagree with arguments instead of people saying them.

““Of course not.”
So, again, what the hell exactly are you complaining about?”

Here’s another thing you misunderstand. As implausible as it seems, I am capable of learning and changing my opinion using the newly learned knowledge. That was not sarcastic. The Windows approach of going through few mouse clicks to find the hardware IDs is okay, and is better than going through hundreds of dmesg lines to find the undetected device (grep can help, but it’s still not easy).

(Besides this issue, which I changed my mind about, just because Linux is terrible at something, then it’s okay for Windows to be bad as long as it’s better than Linux?)

[1] http://screenplayprohd.wikia.com/wiki/ScreenPlay_Pro_HD

“It’s not a problem, it’s a feature other operating systems have. Wouldn’t it be nice if you could go to Windows Store and download a program being sure it’s not malware?”

If that’s what you worry about, then go to CNET or Tucows. They have been around for more than a decade and they do check everything listed there for malware. If you think a so-called “app store” can fair any better than them, then simply consider the fact that even Mozilla is not fully able to stop malicious material from showing up amongst their tiny collection of Firefox plugins. The supposed security benefits of an app store, all in all, are simply bullcrap.

“And buy a program without trusting a shifty website (which you just visited for the first time after a Google search) with your credit card?”

I thought this was precisely why PayPal existed in the first place.