Wikipedia:Reference desk/Archives/Computing/2014 November 4
Computing desk | ||
---|---|---|
< November 3 | << Oct | November | Dec >> | November 5 > |
Welcome to the Wikipedia Computing Reference Desk Archives |
---|
The page you are currently viewing is an archive page. While you can leave answers for any questions shown below, please ask new questions on one of the current reference desk pages. |
November 4
[edit]Configuring capabilities on Ubuntu
[edit]I'm currently playing around with the minimal version of Ubuntu 14.10 in VMware Player and I'm trying to understand Linux capabilities with the goal of restricting what root is able to do. Note, that things like disabling root login or setting files to immutable is not what I'm looking for because root can reverse those. I understand that with lcap
I can set it so that root can't change the immutable flags of files until reboot. That fits what I'm looking for, but it apparently isn't supported anymore. Now, "capabilities" is the way to go about it, but I'm not sure how to use it or if it does what lcap could do or if it's even supported by Ubuntu 14.10. Can anyone show me how I might go about setting the files in the boot partition to immutable and then stopping root from being able to change that with this system? Thanks. — Melab±1 ☎ 00:28, 4 November 2014 (UTC)
- I could be wrong, because there is much about Ubuntu I don't know, but I think a lot of the thinking about modern Linux security is that, yes, you do just want to disable root login. root can, by definition, do anything, but if there's no line in /etc/passwd with uid 0, and no line in /etc/sudoers that gives anyone unlimited root capabilities, then there's simply no way for a process to run as root on that machine. Then, you create other non-root administrative accounts and/or sudodoers entries with just the capabilities you want to allow. —Steve Summit (talk) 02:48, 4 November 2014 (UTC)
- I have a feeling that much like
chattr +i
that is reversible. I need to stop even non-jailed root from being able to touch certain files. — Melab±1 ☎ 03:33, 4 November 2014 (UTC)- Except, erm, the developers always have root. When you're designing your security model and your use-case, you have to think long and hard about who you're trying to protect yourself from. A lot of people - especially recreational users of Linux - really are their own biggest security hole; and when they follow secure practices, they're really just using software enforcement mechanisms to jostle themselves into good practice. But if the objective really is to keep out the "baddies," you've got to become a lot more paranoid! "root" is just a user! Users - and restrictions on what they can do - only exist in userland. These restrictions must be enforced - and therefore, implemented, by something else: if I may misquote the jargon file, "root" is deep magic, but there is a "deeper magic" underneath. Think about your kernel, and it's dynamically loaded modules! And what about your device hardware and the drivers that operate it? These entities run software that essentially have unprotected access to all your resources: files, memory, hardware, I/O, user interface.
- It takes a lot of very comprehensive planning to create a system that completely isolates sensitive information from such software entities. It is very difficult to protect data in ways that the kernel (or its extensions) cannot override or "work around."
- Nimur (talk) 05:28, 4 November 2014 (UTC)
- I have a feeling that much like
- I'm doing this just for the hell of it. It's kind of an aesthetic thing. As far as enforcement goes, I'm aware that non-userland restrictions on root can and do exist. According to this page here,
lcap CAP_LINUX_IMMUTABLE
would prevent root from being able to modify the immutable flag on files until the next reboot and securelevel on BSD could only be raised and not lowered.cap CAP_SYS_RAWIO
used to take care of the loophole of raw access (it's not included anymore). I've already compiled a kernel modified to perform signature checks on kernel modules before loading them and enabled trusted boot on GRUB2 on a BIOS-based virtual machine. — Melab±1 ☎ 21:19, 4 November 2014 (UTC)
- I'm doing this just for the hell of it. It's kind of an aesthetic thing. As far as enforcement goes, I'm aware that non-userland restrictions on root can and do exist. According to this page here,
- Restricting "root" isn't going to work - and even if it did, it would leave you with a system that would be impossible to maintain. What you need to do is to create a new "admin" account with whatever of root's supervisory capabilities you wish to leave open - and just lock the root password away someplace where your users can't find it. — Preceding unsigned comment added by SteveBaker (talk • contribs)
- Also: this is an old article, but it showed up last week on the linux kernel mailing list: hiding stuff from the terminal... the question was how linux sysctl(3) should interpret malicious-looking strings. The blog article was about hiding strings from the user (in the terminal), but it got me thinking, "how do I hide stuff from the kernel?"
- In all seriousness, this is an actual question that warrants an answer. Consider, for example, government computers that deal with Top Secret information. Companies that sell computers to such clients need to have a good answer. Nimur (talk) 17:03, 4 November 2014 (UTC)
- The good answer is that on a computer containing top secret information - only people with top secret clearance should have access to the root password. (Actually, at least in the US, *TOP* secret information is protected to the degree that someone without clearance isn't even allowed into the room containing the computer...and the computer is not connected to any network and doesn't even have a WiFi chip in it. (see Sensitive Compartmented Information Facility...commonly known as 'the skiff'). When I worked at a company that dealt with top secret information, the skiff was a fortress. Mere mortals like me didn't even get to see inside it...it was constructed over Xmas when us mortals were banned from entering the building...it was tested and re-certified on a regular basis. We used to joke and speculate about what was in the room...Maybe a ball-pit? Perhaps a mahogany drinks cabinet and a pool table? Was the TRUE story of the aliens working in Area 51 contained within? Who knows? (I believe it really contained a desk, a chair, a lamp and a desktop computer with no network capability...and NOTHING else - and that the information stored on it made people with access to it wonder "Why the heck is all this boring, mundane information kept secret in the first place?!?"...but that could just be a cover story!
- If a computer is going to be maintainable - there has to be some means to perform operations that could compromise information stored on it - so you need a super-user with extraordinary powers. The trick is to limit access to that account to a very few (possibly zero) trusted individuals and parcel out subsets of those powers to people who need only a subset of those powers. Hence, if someone is allowed to perform the (usually root-ish) task of creating new users - then you make a 'createusers' group, change the permissions of tools that create users to be executable by that group - and limit which users are given membership of that group. That's much easier, and safer, than trying to prevent root from creating new users. It's a LOT easier to grant limited permission to mundane users to allow them do specific admin tasks than it is to remove powers from an omnipotent being. You can probably prevent root from creating new users - but you can't reliably block every possible avenue that would allow root to grant himself those powers back again. So in a security sensitive world, you open up specific paths to selected users - and lock 'root' away someplace that nobody but the very most trusted people can get to it. SteveBaker (talk) 15:55, 5 November 2014 (UTC)
How and why did android and iphone defeat blackberry, symbian, windows mobile, and palm os?
[edit]How and why did android and iphone defeat blackberry, symbian, windows mobile, and palm os? — Preceding unsigned comment added by Whereismylunch (talk • contribs) 01:52, 4 November 2014 (UTC)
- This might be a question for future historians. But as far as I'm concerned, a key feature is that iOS (in practice) and Android are both very open systems. They both have a Unix-derived kernel at heart (iOS is a BSD "personality" on top of a microkernel, Android is Linux), and both came with free and good developer tools and documentation, making it possible for nearly every developer to develop apps with a very low hurdle to entry. And a Unix kernel is a very solid foundation, and its core capabilities and mechanisms are well understood. --Stephan Schulz (talk) 08:01, 4 November 2014 (UTC)
- I would go further. Apple fights very hard to keep apple software on apple hardware. See: [1]. Google on the other-hand made Android available to anyone-one. I can even run it on my PC for free. I have it running on a VM just to see what is like on a desktop. This means developers and smart-phone manufactures can very quickly create new stuff without the very-long-time-consuming-effort of jumping through all the hoops that proprietary, closed OS owners demand. I have even been accused (yay, accused ! ) of being anti-Microsoft by some editors on WP (whom must be devotees of Sisyphus) when I have pointed out the downside to proprietary OS's.--Aspro (talk) 20:01, 4 November 2014 (UTC)
- I'm all in favour of free software. But, despite being proprietary, Apple has made it very easy to develop for iOS. You basically need an Mac and an email address to register as a developer. For a while the tools even came with the standard OS install. That's not as good as with Android, but it is pretty good. And because XCode was established for the Mac, it was easy to move developers over to iOS with the same tool set. --Stephan Schulz (talk) 21:19, 4 November 2014 (UTC)
- I agree with you that apple has made it easier to develop apps (as compared to Microsoft). Yet, smart-phone manufactures can just use Android (with out the penalty, restrictions and licensing fees that propriety software demands, (with the full wait of the law on their side, which can evoke the threat of possible multimillion dollar litigations to back those demands up) and instead benefit from all the spin off's which Android adoption can generate... That's the bottom line in business. I think that is that is what the OP is asking and why Android and apple has been so successful... I love apple software but it is only available on apple products, yet on those devices it is user friendly with great apps. Android is available and usable on almost any computer, with great apps also.--Aspro (talk) 22:17, 4 November 2014 (UTC)
- Let's get real here. Apple's success with a new product today has far less to do with the quality and technical merits of the product, and far more to do with the name Apple. The vast majority of purchasers have no understanding nor care about technical merits. HiLo48 (talk) 22:42, 4 November 2014 (UTC)
- The industrial design, user interface, integrated platform, and design quality certainly factor into it. Apple is successful because they make one or two versions of a product and stick with it. All other smartphone and tablet manufacturers make many different ones and spread themselves thin by doing so. Apple hires the best of the best for every part of their product. — Melab±1 ☎ 03:29, 5 November 2014 (UTC)
Yes I did hear about iOS being easier to develop, e.g. American Girl mentioned on their Facebook page as to why they went first for iDevices despite of Android being widespread, but the problem is, Apple's mobile OS is by and large a walled garden, and you have to pay for you to be able to sign and deploy applications on iOS hardware and on the App Store. Not to mention that iPhones and iPads are quite expensive to most people anyway, and the introduction of low-cost Androids running on Mediatek, Allwinner and Rockchip made Google's OS an attractive choice for developing markets. Blake Gripling (talk) 11:11, 5 November 2014 (UTC)
- This discussion seems to have largely developed in to a Android vs Apple thread, which wasn't the OPs question and while some of the Apple vs Android may help to understand, I'm not sure it's really that useful, particularly since a lot of it seems to be more what than why. Firstly, I'm presuming everyone including the OP somewhat understands how and why the iPhone and it's multitouch centric UI is seen as r/evolutionary. (Hopefully people also know what it has helped push, including BYOD.
It's likely timing is a big factor here. Remember the first iPhone was released in June 2007. Third party apps became available in July 2008 (the iOS SDK became available in February or March 2008). Android was launched in October 2008, but beta SDKs had been available since November 2007. (The first round of the Android Developer Challenge was also before the launch of the first phones.) They'd also got vendors on board in late 2007. Okay they didn't have proper multitouch support until Android 2 in October 2009 and even then it may have been a bit buggy phttp://www.zdnet.com/blog/burnette/how-to-use-multi-touch-in-android-2/1747] but they were getting there.
Meanwhile, Windows Mobile 6.5 launched October 2009 over a few versions added some degree of touch screen support (including I think some level of multitouch), but it was still fairly limited and while the UI had some degree of work to be more touch screen compatabile, you can probably say it was in many ways still worse than Android 1.0 or at least 2 or iOS 1.0 had been. Windows Phone 7 finally brought proper touchscreen with a touchscreen oriented UI, but that didn't come until October 2010. Similarly while the Windows Marketplace for Mobile existed, I think it was clear to developers that the Windows Mobile platform (as it was then called) and the store, was in a major state of flux and so it probably made sense to wait until Windows Mobile 7 (launched as Phone 7), which did sort of pan out with the Windows Phone Store. Heck this problem continued somewhat to Windows Phone 8 and even to now.
Nokia X6 was the first (I think) Symbian capactive touch screen phone but Symbian still didn't support multitouch and the phone as per our article, was pushed more towards the multimedia crowd than the internet/social media one. From searches, I'm not sure if Symbian ever really joined the multitouch crowd although they did have pinch to zoom [[2] but the].
The BlackBerry Storm was launched in October 2008, but it was still fairly business focused (as had been Blackberrys core market) and of course BlackBerry themselves were similar to Apple in being a device manufacturer, but unlike Apple, had more of a nerd/geek reputation than Apple's hip and cool one, and appear to have had problem breaking in to that market. (This can probably be said of Microsoft/Windows too to some extent.) They did have an advantage in messaging but of course that wasn't enough with how smartphones came to be used. As per our article, I don't think reviews of the Storm were generally that stellar [3] either. And I'm not entirely sure how much BlackBerry were able to get developers on to their touchscreen phone lines. It also seems that Blackberry had a problem in how to manage keeping up with their bread and butter of physical keyboard messaging phones with the new multitouch smartphone era.
The Palm Pre came came in June 2009, but only to the US and Palm themselves suffered somewhat similar problems to Apple and as per our article, Palm, Inc. clearly lacked the resources of even BlackBerry. (The keyboard on most of their phones, while something also present on early Android phones although already lacking in the HTC Magic in April 2009 [4], also suggests Palm still didn't quite appreciate how the iPhone had changed the marketplace.) HP did try to do something with webOS, but by that stage they were at least as late as Microsoft.
One point from above that is of relevance is that the free (meaning gratis) and open source nature of Android has likely encouraged phone vendors to get on to it. Of course the dominance of the the Play Store (and only Amazon has any real alternative presence in the Android app area) and perhaps importance of certain Google Mobile Services software, means that vendors do have to do what Google says, at least in most of the Western markets (China and some other places may be different). They don't have to pay for it and can customise it how they want (although some people feel this is to the detriment of users), so Windows Phone despite I believe some fairly generous licencing terms from Microsoft does have some difficulties there. (I'm to discuss Palm or Symbian.)
Ultimately, these sort of questions are IMO almost impossible to answer fully, since they likely show some degree of chaosness and fadlikeness (which isn't to say that I think the iPhone or anything is a fad, more that it's similarly hard to say even after the event, let alone predict beforehand, why it happened, e.g. the yoyo fads or the loom band fad). A good example of this would be why Samsung came to dominate, particularly the high end smart phone (and tablet) Android market. It's not like there often weren't similarly speced, similarly quality, similarly priced, similar time frame phones from others. Sure there are probably some reasons [5] (although I note that doesn't mention LG at all), but I would question whether you can really say it boils down to those factors. Or to put it a different way, the plenty of missteps along the way by the competitors didn't help, but they probably weren't the only factors.
BTW, I'm not convinced the *nix roots are that big a factor at least when it comes to apps. (May be in terms of platform performance & ease of the development of the platform.) As I understand it, the nature of development on both the Android and iOS platforms means most app developers don't really experience it much, and AFAIK the Apple tools, APIs and SDKs are largely proprietary. And notably, it's generally suggested that iOS attracted a new breed of developers who'd never really programmed much before. (In the particular case of iOS, it's worth remembering you don't even have normal file system access or similar on non jailbroken devices. IMO it's difficult to call it a very open platform.)
And I'm not convinced the availability of free tools or the quality and ease of use of those tools was a big factor either. [6] Microsoft Visual Studio Express has after all been available since the 2005 edition. The lack of programming language integration until the 2012-2013 editions may have been a factor, although I'm not sure many app developers it was really a concern for (probably a bigger one in other areas).
In other words, while the apps and phones were big factors, probably the biggest reason why developers shied away from these alternatives (as many did before iOS) was not so much because they were difficult to develop for, but because they were simply never significant enough a platform marketshare to bother. The fact that many developers had one of these phones themselves likewise would have helped. And this is self reenforcing, with so few apps, often including many apps people would see as key (e.g. for Windows Phone an official Youtube app, BBC news, as we discussed not long ago Snapchat, or see [7] for one discussion), people don't want these phones regardless of whether they like the UI and whatever else. There is a push towards HTML5 by some, including a number in the open source community (e.g. Firefox OS, perhaps Ubuntu), which may help but until then. iPhone was first to get there for a myriad of reasons mentioned by me and others but their exclusive, premium, highend nature meant there was always going to be a competitor and Android ended up being that for a number of reasons but I think timing is a big one. There may be room for a third party, but the nature of the market meant there wasn't so much a rationale. Note that despite the greater dominance of Android overall, iOS is still frequently seen as the best platform to make money from apps (the limited variation mentioned by others also means developers have far less to worry about fragmentation). It's worth remembering that while *nix has advantages in a bunch of areas where open source programs are significant (particularly scientific computing) and also on the service side, and OS X to some extent in the creative side, in terms of the commercial apps Window has tended to dominate. (Games are one particular example here, but they clearly aren't the only one. And not it isn't just Microsoft Office or AV either.) It may be true that some FLOSS alternatives are available on *nix (perhaps including OS X), meaning there's even less incentive to develop for them. In fact it's something many *nix supporters suggest, the large market share (perhaps not helped by Microsofts practices) has meant developers have had no choice but to concentrate on Windows. So there's no particular reason to think it's that different in the mobile space. The fact that some apps, despite largely using cross platform frameworks which support Windows Phone aren't available for it would also suggest this IMO. BTW I'm not saying the perception and dislike of Microsoft by some (accurate or not), isn't a factor, simply that I don't think that big a factor. It's also worth remembering that while marketshares can vary, most money, most developers, and most interest tends to be on that which dominates in the West, particularly the US. (Although there is increasing concern about the developing world among smartphone vendors at least.)
As to the reasons for timing, it seems clear that Microsoft seriously underestimate the significance of the iPhone r/evolution. Their internal problems (infighting between departments) and desire to merge their platforms (regardless of whether it will eventually bear fruit which so far is isn't much) also didn't help. Google may have a bit, but not so much [8]. Nokia (and so Symbian) seemingly did as well, which also meant that by the time the were looking at Android, it was starting to be too late for them. I guess Palm did as well, although their lack of resources probably didn't help. BlackBerry may have been a bit late, but as mentioned they also had the problem of a bunch of existing markets which they weren't sure would fit in to the iPhone r/evolution. It's interesting of course that according to sources like the one just used, Android wasn't something Google bought and embraced because of fear of Apple, but because of fear of Microsoft and the effect on their future (particularly in search). This is perhaps also interesting [9].
P.S. I use Android and have used but dislike Apple products in general and have only briefly played with someone else's Windows Phone & I think Symbian. Never touched a webOS or BlackBerry.
P.P.S. Tablets are often similar, albeit frequently with more seperation between the players in time frames. And of course plenty of people, including Microsoft were doing stuff with touchscreens on phone and tablets before Apple, but I think it's hard to deny they were the first to get it majorly right, particularly on the UI side (helped of course by capacitive multi-touch). While this is often said about a lot of Apple stuff, IMO this is even more the case for the iPhone than other devices such as the iPod. As others have said, the perception of them also surely helps a great deal.
Nil Einne (talk) 00:34, 6 November 2014 (UTC) Edit : BTW I neglected to mention Microsoft did eventually make Windows (Phone) licencing free, along with any tablets under 9" but that was only in April 2014. Nil Einne (talk) 05:28, 6 November 2014 (UTC)
SAN Storage
[edit]Could you please inform me if there are any minimum logistical requirements for storing SAN storage s ? --37.216.242.10 (talk) 06:49, 4 November 2014 (UTC)
- As far as I know, SAN is not 'stored' and "logistical" doesn't make sense to me in the context of the question. We have an article Storage area network, maybe have a read of that and come back if still have a question that you can phrase differently. Vespine (talk) 05:57, 5 November 2014 (UTC)
OS-X Yosemite and background windows
[edit]Before the recent upgrade to OS X Yosemite, I could have a Google Chrome window in the background, but still open new tabs by middle-clicking on links (e.g. when watching a video in the foreground). This capability seems to have vanished - the browser still seems to register the clicks (at least the links temporarily change colour), but nothing happens. Has anyone else noticed this and is there something I can do about it? --Stephan Schulz (talk) 07:48, 4 November 2014 (UTC)
Unicode for Microsoft Word
[edit]My Microsoft Word 2007 doesn't recognize some rare Unicode characters copied from my Internet browser, which has no problem with displaying them. Is there an manual update for this? Changing the font wouldn't help since the point wh\en you paste them in Word, it shows a question mark in a rectangle and the information is probably lost. --2.245.216.148 (talk) 22:44, 4 November 2014 (UTC)
- Word should still know what the character is; it just doesn't know how to display it. The white question mark in a black square, that is standing on a point, is a placeholder (fallback font) for the actual character. Once an appropriate universal unicode font is selected (such as the one your browser used), then Word should display it ok. CS Miller (talk) 12:35, 5 November 2014 (UTC)