- Feature Articles
- CodeSOD
- Error'd
-
Forums
-
Other Articles
- Random Article
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
:-)
Admin
Nope, it's quite right:
0 degrees C = 32 degrees F
100 degrees C = 212 degrees F
difference: 212 - 32 = 180. There you go.
I guess the minus sign in the original post got you confused.
Admin
"The nice thing about standards is that there are so many of them to choose from."
-- Attributed to Andrew S. Tanenbaum (scroll down to the Attributed section)
Admin
Yes.
Use whatever format you like for display and user input, but for processing dates inside your application and for data storage, please use either YYYY-MM-DD, or else a numerical format such as the unix datetime. It just makes things so much easier.
What bugs me is that so many programming languages have date functions that require the American format. VB is the worst -- they've made it practically impossible to work with any other format -- but even some languages that should know better seem to have succumbed. It's crazy that the most numerically illogical and ambiguous date format you could possibly come up with is the one is most likely to be forced upon us.
Admin
VBA does not require a var to be declared. So, I could see where one might do Date = "07/07/2006" if they did not know that date was a VBA global property.
Admin
What's a parm? What does it mean to throw my toys out of the pram? Your recap is off. I admit mistakes, however I never said anything specific about the windows system clock. I simply commented on how poor Windows handles security when it comes to all things (like the clock). A well informed indivudual went into depth on the security of the windows system clock, however provided no information that contradicted anything I was saying.
Let's look at his main statement in detail.
The real WTF is people who are seemingly intelligent enough to comprehend the WTFs, while not being smart enough to look into even the basics of Windows security as it has been for over 13 years!
This WTF was actually not hard to comprehend at all. I think it's very easy to understand what happened in the program, what the programmer was trying to do, and why the results the users observed occured. Not only that, but the superb comments of Alex should allow even the most amature of programmers to learn from the posters' mistake(s).
Windows security is a complex thing. Any security model on any operating system will be at least somewhat complex if said OS is to even consider itself partially secure. Before 2000, the term "Windows Security" was seen as an oxymoron. While today it is slightly different, the consensus still stands that it has fundamental flaws that need to be addressed.
So the poster states that he thinks a person that understands the wtf should be smart enough to look into the basics of windows security over the past 13 years.
Given: A person that is intelligent enough to understand the WTF
Conclude: A person that is intelligent enough to look into the basics of windows security over the past 13 years.
Agreed.
Admin
You need to use the option -s to change the date. It is almost the same as calling the program "setdate".
Admin
Because it make sense when you try to order, sort and search in your information.
- Jon who will probably cease to exist before he'll get how anyone could invent the MM/DD/YYYY format.
Admin
Did anyone mention that YYYY-MM-DD is good because it sorts good? You'd think at least 5 or 10 of these posts would have redundantly mentioned it.
Admin
I have at least 2200 pages of perl books on my desk (Camel, Llama and some others) and about 1.5 times that much on the shelf. No way that you can write as much about GW-Basic. Basic is simple. Perl is powerful.
On a side note: I just reconfigured the company firewall to be able to see the captcha. Image is sent as HTTP Content-type img/jpeg. This should be image/jpeg.
Thijs
Admin
Dude,
HPC would just specify that app must be run as admin. HPC would be long gone when someone asked "Why does this app have to have admin rights?"
Admin
This is not true. On many versions of unix, the "-s" is optional:
# date
Thu Jul 13 11:14:21 EDT 2006
# date 071809102006
Tue Jul 18 09:10:00 EDT 2006
#
ok
dpm
Admin
It is only weird because he used -32 as the freezing point of water. Water freezes at +32 degrees Fahrenheit . . .
212 - 32 = 180
Admin
I used some very specific words in my posting. I said "Just sounds like you're getting more" rather than "You are getting more." Semantics are rather important at times like this. That is what this thread was about, originally: The use of particular words in particular places.
Admin
Dang! You are absolutely right on that. Was asleep at the wheel when I wrote it. Shows the importance of consistent and heavy use of caffeine, which I sometimes neglect.
Admin
So a two year old Register rant + a four year old (now patched) security flaw = Fundamental flaws in Windows Security.
Next up: Goat Cheez discusses the Morris worm and the fundamental flaws in the Unix operating system
Admin
My girlfriend refers to it as a 'gross'
Admin
I suggest we make them use Malbolge *evil grin*
http://en.wikipedia.org/wiki/Malbolge and also http://www.antwon.com/other/malbolge/malbolge.txt
Admin
HitScan wrote the following post at 07-12-2006 4:33 PM:
In old BASICs it didn't matter, because strings had to be suffixed with $. You could easily use if$, then$, rem$ and whatnot, so long as the reserved word didn't also have a $, such as date$ and input$ (there may have been a print$, but it's been too long for me to remember.) You could also use % for ints (I think) and I believe that every reserved word would work with that, and whatever the float/long/etc suffixes were.
Double check the FP, he used Date$, not Date. All prior experience would point to it working perfectly, unless you knew about it's special function.
That's not really true.
Any BASIC keyword that acted like a function returning a string had the $ suffix. It was pretty consistent; $ variables held strings, and $ functions returned strings. Some of these were obscure; others, like CHR$ and LEFT$ were well-known. I'd put DATE$ in the middle, somewhere.
In addition, DATE$ is not the only BASIC keyword that could be used as the l-value of an assignment expression (the C/C++ equivalent would be a function that returns a reference). If you assign a value to DATE$ or TIME$, you'd set the date or time. A more common application would be assigning a value to MID$ to do a substring replacement.
So, anyone experienced in GW-BASIC would know that not all reserved words could have $ appended to them, because some reserved words incorporated a $. In addition, anyone experienced in GW-BASIC would also know that some reserved words can be used on the left side of an assignment expression to perform some operation.
As the language evolved through QuickBASIC, the $ got dropped (as did %, !, &, and #, the other data-type specifiers). You now had CHR, LEFT, and DATE, but they worked the same way they always did, and if you wanted to, you could put the $ on them - didn't make a difference. This has never changed.
Anyone with any degree of experience in BASIC will be aware of Left, Right, and Mid (or LEFT$, RIGHT$, and MID$), and should, therefore, know that reserved-word-plus-dollar-sign-on-the-left-side-of-an-expression is potentially dangerous. In addition, Date is not an obscure keyword by any stretch of the imagination. Finally, any editor with syntax-highlighting will point out immediately that it's a keyword...and Visual Studio should even automatically capitalize it for you.
This particularly developer must be an old-school BASIC programmer, because anyone newer would (a) not use $, and (b) not use GOSUB. Complain all you want about lax permissions in Windows, the appropriateness of VBA in this context, and the quality of the language in general, but don't excuse the programmer by saying that this is a really obscure gotcha. It's well-known, and it follows patterns used by other parts of the language.
Admin
Ok, I totally screwed up the quoting there. Mea culpa - first time posting and clearly I wasn't paying enough attention to the fact that there was a big "Quote" button sitting there.
RE: The earlier comment by someone that whoever named the Date function must not have had very puch programming experience: This name goes back until at least the early '80s, possibly earlier. We've got over 20 more years of programming to look back on and learn from. I have no idea which dialect of BASIC first introduced DATE$...I think all Microsoft BASICs had it, including BASIC-A and the BASICs written for other platforms like the TRS-80, but I know that, for instance, ATARI BASIC did not have it, so I doubt it was part of the original language from 1963.
Admin
As opposed to intuitive names like 'awk' - the first letters of the last names of the authors (Aho, Weinberger, Kernighan)
Admin
feet is not metric, yet we have 10 toes. I claim we are, at least incognito, partially metric. Program that! </wink>
Admin
There really ought to be a museum somewhere to commemorate the most magnificently pointless endeavours of mankind.
Admin
Alright, I'll bite. Let's look at the six dumbest ideas in computer security, and see how many apply to Windows.
Looks to me like four of them apply (default permit, enumerating badness, penetrate and patch, and educate the users). The others don't apply only because they are social rules for computer administrators, not rules for software developers.
So that's four fundamental security problems that have existed ever since Windows stopped being a local desktop single-user GUI and tried to turn itself into a globally networked information nexus. Switching over from the old Windows shell to NT certainly helped, but MS put so much effort into making NT behave just like Windows used to, that they managed to completely suppress most of the security advantages that NT could have offered.
Alright, here goes... with great trepidation I hit "Post" from the HTML edit window...
Admin
I was going to say Logo too, but then I thought about it a bit more and decided that Lisp might be better. Just imagine what kind of programmer you might be if your "native language" was Lisp instead of BASIC...
Admin
http://www.urbandictionary.com/define.php?term=bobbins
You see us English know how to use search engines.
Admin
1. Most spreadsheets I update need to be updated on weekdays only, so the weekend can be ignored.
2. On the few spreadsheets that need the weekend data, I use VBA's weekday statement to determine whether today is Monday, and if the statements returns "TRUE", the macro updates for Saturday, Sunday, and Monday by subtracting days (i.e. NOW() - 2, NOW()-1, etc).
I inherited a mass of macros when I arrived at my job that had zero (0) awareness of the current date. My options were: (1) Redo all the macros that need to be run once a week to detect the current date, holidays, etc., and adjust accordingly, or (2), write a workaround macro, ran after holidays, that: Adjusts the system date, run the necessary macros, and adjust it back. This is only used until I can get to the first option.
I have been too busy fixing bugs, errors, decreasing run time (The original macros were mainly written using Excel's macro recorder), etc. to fix this minor issue. I do agree, though, that making the macros aware of the current date and adjust accordingly is the best solution.
Admin
Wow! :))) I like the idea of alphabetically sorted date! Especially, I have this problem with my current program, when there is a long date format, i.e. Jun 11, 2006, and it is sorted alphabetically. This is a real WTF. :)
BTW, please go to the Regional Options (or Regional Settings) in Windows, choose Japanese, and slecet Emperor Calendar for date format. That is! Today is 18 year, July 13th of the current emperor. Nice, isn't it?
Admin
I wasted a week or more with a dumb date problem. I was handed a huge amount of "PowerBuilder" code, musta been 30,000 lines. Came from a consultant wouldnt you know it. I was a bit puzzled as the code was supposed to manage one lousy web page with about a dozen buttons on it.
Turned out the "consultant" Had somehow written about 2,000 lines of code to handle ONE button.
Then they cut and pasted those 2000 lines eleven times to handle the other buttons of course.
( Needless to say one can handle buttons in a couple of decades times less code, even in lousy Powerbuilder) And there are these things called "procedures", so 11 more buttons should have been like 11 more ilnes of code, not eleven TIMES more code. Sigh.
But we're not to the date problem yet. All the dates on the web page were "funny", like with day and month reversed, but not all of them. I changed the order around in the code for a few of them,, but this was a slow and tediousprocess. I kept scratching my head, how could this code have ever worked right???
Finally after a lot of stepping thru with the debugger debugging it dawned on me, no, couldnt be. Yep, "PowerBuilder", although it was running as a "server", whenever it went to return the date to the server code, even though the function was documented to return( int month, int day, int year ), It would go look at the Windows GUI locale settings on the server for the date format. I had set my date format to be "10-Jan-2004". So the date function would return ( day, month, year ), terribly scrozzling all calculations past that point.
Never in a bazillion years would I have suspected a server would do this. That's the power of "PowerBuilder".
Admin
I'm surprised you're the only one who noticed this so far.
Admin
You really should look into modern scripting languages, you can do a tremendous amount with really clean syntax. For example, here's some Ruby.
puts "hello world"
or
puts "please enter your name"
puts "hello there" + gets
For example, how about a simple program to read in a file, and print out each line with some formatting?
File.for_each("filename") { |line| puts "#{line}" }
or if you prefer the alternative notation
File.for_each("filename") do |line|
puts "#{line}"
end
Combine some of Ruby's cool features and you could make a dsl for Rrobots or another nifty graphical applications. The DSL I wrote for Rrobots was 70 lines long and allows my students to write code like this:
shoot if target found
turn clockwise 10 if target not found
speedup if damaged
Admin
I would give two choices: Python (or Ruby I suppose) or Scheme. The basics of either can be taught in about an hour, with zero to hello world probably taking about five minutes.
Admin
Admin
Remember, <font face="Courier New">DATE$</font> dates back to before PCs had battery-backed calendars (hell, I remember you could buy ISA expansion cards to add that functionality to such PCs). Being able to fiddle with the system clock makes a lot more sense at that point.
Admin
Way to be a smartass and try to point out such glaring problems with the security features that exist in today's (and yesterday's) more sensible OSs. However, if you need to set the date, you can run an app that lets you run your date changing app with elevated privileges. Maybe you ought to try an OS that isn't Windows and see how workable this is. Or if you're an MS fanboy, you can try out Vista, since they've finally decided to get with the times.
Admin
I don't see how this is a windows wtf anymore than a unix wtf. Most unices are setup such that a normal (non-superuser) would not be allowed to run NTP (or set the system time), but they would still be able to reboot the machine (and hence setting the time as is usually done in a startupscript).
All the security in the world will not hinder an irate user from restarting a machine, one way or the other....
Admin
Sometimes interesting ideas emerge from the long threads. After coming in late and skimming 4 pages in 10 minutes, I had the impression that somebody kept Windows from converting Fahrenheit to Centigrade and melted European computers. I think I have it straight now, but I like my first read better.
My own 2 cents is that however strict the standards there are, somebody important is not going to follow them. However, this is the kind of task computers are good at, and we can allegedly tell them what to do...
Specifically, why not try for an OS standard for the internal representation of dates, and let the presentation layer do whatever the hell it wants. Most system software, Windows, Oracle, etc. supports that. XML was specifically designed for matching data to format, so interfaces should present no problem. Thus, even if your kingdom bases its dates on the accession of rulers, you can shoot them every year and not have to rewrite any software.
Admin
OK, so you think Windows somehow handles security of the clock poorly, perhaps due to a perceived lack of a proper system of privileges. I disagree because Windows allows an administrator to decide exactly which security principals are allowed to change the clock. Are you suggesting that an administrator should not be allowed to delegate the clock changing ability, and that only a process with administrative privileges should be able to set the clock?
I would disagree with that, because a network time service would need to be able to set the clock, but do no other administrative tasks on the server. There's no reason an NTP service would need to be an administrator -- unless you're running it on a Unix machine where it needs to be root in order to listen on a port less than 1024 and to change the clock.
Furthermore, Windows has an extremely robust security infrastructure. Every kernel object (files, processes, semaphores, shared memory segments, etc.) and most other objects (like printers and file shares) have ACLs attached to them, allowing the owner to grant fine-grained access, deny access if necessary, and even allow a security administrator to specify how access should be audited. For things that don't have ACLs (like the clock), there are user rights. In fact, what makes somebody an administrator is really just having a sufficient number of rights (like being able to take ownership of objects, being able to load device drivers). For things that aren't user specific, like the ability to shut down the computer without logging in first, there are "Policies" (Local or Group). That is all of what I would consider to be the fundamentals of Windows security.
Now maybe Microsoft does some stupid things, like having poor defaults, writing services that access the desktop, and so on. Most of this is stuff I can fix myself, though. If I can fix it myself, it isn't a fundamental security problem. Some things are hard to fix myself, and Vista will help with many of these things. For example, one person posted a link to the shatter attack issue. There is no way to prevent programs from sending messages to windows of other processes, so it is best to just not run any high-privilege processes that make windows. Vista solves this by creating mandatory labels, making it so that lower-integrity programs cannot communicate with higher-integrity programs. There is even a mode in IE where it will run as a low-integrity program instead of the default of medium-integrity. This prevents IE from doing anything but talking to the Internet and accessing the cache, so it requires broker programs to do things like the "Save As..." function or install plug-ins.
Contrast this with Unix, where things like ACLs, audit logs, and user rights are rare add-ons for special high-security installations. Anybody who can convince the system that their uid has all of its bits cleared has access to every part of the system, but nobody else can do anything. Did you know that creating a directory required root access up until the 1980s? That's right, mkdir(1) was an suid root program, just like ps(1) and other silly things that should have never required root access. The problem with SUID is that every suid program is a privilege escalation attack waiting to happen. Unfortunately, anything that can't be solved by some combination of rwxrwxrwx pretty much requires an suid program. If I'm working with a team on a class project, how do I give other members of my team write access, while giving the teacher and TAs read access, and denying access to other members of my class? What would be a 30-second task for any user on Windows is a major task fraught with security issues for a Unix admin.
Windows' biggest security problem is the fact that the number of educated users is round-off error among the 500 million users. Since security is at odds with usability, there is no way to make the system as secure as OpenBSD without also reducing the size of the user base to around the same size as OpenBSD's. For example, one person posted a link to a page indicating that one of the six dumbest ideas in computer security is "why operating systems are so dumb that they let any old virus or piece of spyware execute without even asking me." The reason is that most programs are not virii or spyware, so making a user take an administrative action for every piece of software they want to use will just annoy them and turn them into non-users.
Of course, if you really want Windows to not allow you to run just any program, simply go into good old Local Security Settings again, and under Software Restrictions, set Security Levels from Unrestricted to Disallowed. Then you can easily tell it which programs to allow by what directory it lives in, its file hash, the certificate it was signed with, or where it came from on the Internet. I don't recommend this, though.
BTW, 'pram' is short for 'perambulator', which we Americans call a baby carriage. The implication, of course, is that you're acting like a baby by just throwing out toys (a Register article? Really, now!) instead of actually being able to explain reasons for what you're saying.
Admin
Or you could just add the user name and the "date" command to the "sudoers" file.
Admin
This is incorrect. You didn't read the article very carefully. Around 1991 or so there were, indeed, more good programs than bad. Today, however, some estimates indicate that there are between 200 and 700 new pieces of malware hitting the Internet every month! There sure aren't 200 to 700 new useful programs hitting the internet every month, and if there are, the number that any one user is going to use is much closer to 1 than 700. So it makes no sense at all in today's environment to permit absolutely everything to run by default. That was the point of that security flaw.
Perhaps Mr. Ranum wasn't aware of this feature. In any case, it should not be an obscure switch, disabled by default, that most users will never see and therefore never think about. It should be the default policy and be difficult to change. Not recommending this indicates that you do not fully grasp the scope of the malware problem in today's Internet.
A freshly installed copy of Windows XP, attached to the Internet, will become someone else's within a matter of 2 to 3 minutes. This is also about how long it takes for your wheels to be stolen off your car in the seedier areas of, say, Detroit. Living in such an area, would you leave your front door unlocked or open so that just anybody could walk in and do whatever they wanted whenever they felt like it? It would be a lot less hassle if you didn't have to lock and unlock your door all the time, that's for sure. But that doesn't mean that's the best policy.
The fact that Windows is designed to be easy to use, rather than secure, means that those of us who know what we are doing must spend inordinate amounts of time installing and maintaining add-on security software to prevent computers bought by the unwitting and pwn3d by the impure in heart from causing more havoc than they already do. How is this a good thing?
Admin
You seem to be hung up on the clock thing. I never made a single definitive comment on the security of the clock. Get off it. I've been referring to the inner/fundamental security flaws. You seem to like to make assumptions. While I read the first two paragraphs of your last response, it seems like you are talking to a wall. Having poor defaults, as you even admit windows does, constitutes a fundamental security problem. If Microsoft changed the defaults, they could possibly break compatibility with applications.
<sarcasm>
Please forgive me for not taking hours of my time collecting the information that better educated users have already seen. It was wrong of me to do a quick search on "windows security flaws" and then post one of the better articles. Everyone knows the register is a totally unreliable news source, and they never have anything important to say ever. It is especially true of an article that is almost two years old as well. Surely anything in that article can be disregarded because it's just so ancient. We all know that running ActiveX controls in IE is 100% safe in all situations now. Also, Microsoft never condoned that in the first place anyway. Besides, there's not a single company that would ever want to have an ActiveX control on any of their web. We also know that ALL problems with RPC were fixed long ago as well. There is no way anything could ever exploit RPC's nowadays. We also all know that there are absolutely no programs, especially any essential or common ones, that rely on Internet Explorer. Even if there were, we all know that Internet Explorer is the safest most secure web browser ever built. We also all know that there are absolutely no other points I could ever make. After all, Windows is the most secure OS in existence, and do think otherwise is complete blasphemy!
</sarcasm>
The abscence of evidence is not the evidence of absence.
Just because you don't have evidence that something does exist, doesn't mean you have evidence that something doesn't exist.
There are known knowns, and there are known unknowns. But there are also unkown unknowns: things we don't know that we don't know.
Admin
Bad analogy. Some people with convertibles leave the top down precisely so thieves find it easier to steal that way than by cutting the top. I leave the doors unlocked on my old POS truck so a thief won't break the window. Or maybe they'll steal the whole thing and I won't have to deal with it anymore.
Admin
I think Abe "Grandpa" Simpson put it best...
"The metric system is the tool of the devil! My car gets 40 rods to the hogshead, and that's the way I likes it!"
Admin
Have you read the original post? It's about a clock. I'm terribly sorry that I assumed your post to be on-topic. Of course, my last post was a reply to a post of yours containing "I simply commented on how poor Windows handles security when it comes to all things (like the clock)." Do you see the word "clock" in there? And do you see how you include "the clock" in the list of things Windows handles insecurely? That may have been where I got hung up on the clock thing.
Granted, your first post regarding security didn't explicitly mention the clock, but it did talk about privileges and documentation. Since Windows has a perfectly well-documented privilege system, I didn't understand what you were talking about. Then you went on to refer to a Reg article that makes no sense whatsoever.
Did you actually read the article? They claim that Linux is better than Windows because Windows desktop apps (like word processors, mail clients, and web browsers) are frequently attacked, while Linux is ideal as a "headless server", meaning it has no monitor or keyboard plugged directly into it. If they're comparing security of servers, why are they using desktop applications as an argument? As if running a web browser remotely on a Linux box doesn't expose the user to the same attacks.
As another example, the article asserts that Linux is modular because, for example, JPEG rendering is a separate library, and thus is separated out and has no privileges besides those of the user running the program utilizing the library. This is supposedly what makes Linux secure. Windows is supposedly insecure because it is "monolithic", which means, for example, that Internet Explorer is deeply integrated into the OS which allows a flaw in IE to be exposed in countless other applications, many of which use IE in a way which is not obvious, thereby giving the user a false sense of security. They also imply that somehow image (i.e. JPEG) rendering can only happen in a single place in the kernel, allowing an image rendering attack to take over the system.
What they really just described is that Windows is modular, which allows many different programs to use the HTML rendering engine with little difficulty. Meanwhile, they neglect to mention the zlib double-free bug. It turns out that zlib is used in many places, like the Linux kernel and PNG rendering code, for decompression. This means that everything from web browser and mail readers to network drivers and file management utilities were vulnerable to attack, including attacks which could take complete control over the computer. If Linux were completely modular, as they assert, there would be a single file (the zlib module) which would need to be fixed to totally fix the issue. Instead, all kinds of things needed to be patched. In fact, due to the presence of suid on Unix, every suid binary needs to be analyzed for vulnerability everytime a bug is found.
In other words, not only do they get the whole modular vs. monolithic argument wrong, it doesn't even mean anything! Would you like me to continue telling you what's wrong with the article?
If you have a beef with Windows security, feel free to discuss it. Pointing to a nonsensical article in a barely-reputable industry rag isn't going to prove your point, though.
Admin
I'm not sure any OS people would call either Linux or Windows modular. Neither is "microkernel" and only Windows is even "hybrid kernel". It is not my area, but I believe the only popular microkernel-based OS is Mac OS/X, which I'd only call modular in practice if I could figure out how to unplug the damn UI.
Admin
You just don't understand. As part of owning a computer, users expect to be able to run any programs they want, whether they bought it from a store or downloaded it. If you make it impossible to run a program that hasn't been authorized by the administrator, then it is no longer the user's computer. This means that either the user will no longer want the computer (as they don't own it), or they would have to get help every time they need software installed. Would you like to spend inordinate amounts of time authorizing legit software, or just occassionally getting rid of malware?
Of course, you could simply allow the applications to specify that they should be allowed, but what's to prevent malware from telling the OS to allow it also?
OK, so you give the user a way to tell the OS which programs should be allowed. Now the user is simply going to allow all the malware, thinking that they will be entered into a raffle or seeing some hot model having sex.
Now about the quantity. Do you really think that there's less than 200-700 new useful programs hitting the Internet every month? I guess you could aruge about usefulness, but Sourceforge claims to have over 100,000 projects on it. That's 700 projects per month for the past 12 years. TUCOWS has over 40,000 software titles on it, which is over 200 pieces of software per month for the past 12 years.
Don't forget that most software doesn't get onto the Internet. Most programs are just scripts or line-of-business apps.
Can you imagine being a software developer or sysadmin in a system that wouldn't let you run anything by default? You'd have to constantly be telling the OS that what you just wrote is OK to run. Let's just say I'm glad you're not running the criminal justice system.
Admin
Note that setting the timezone is different. Users may need to change the timezone, but that should only affect that one user.
I will grant that ACLs that allow the NTP process to drop root after listenting on 1024 would be nice. See below though. This just destroys any argument that windows is better in this area. By your claim you cannot let NTP run as anything other than admin. AT least if I understand you correctly - I don't claim to be an expert in this area. Clearly you know NOTHING about how unix security works. While I agree for governments the ACLs in Windows are better (and governments are also those who buy the special ACL packages that give all those abilities). However most people are not governments and do not need something that complex.In Unix you get access to a restricted part of the system. However you get access to everything you need to do, with very little more or less. In the Unix world it is common for most people to run as a user all the time. Even system administrators rarely spend much time with more privileges than a normal user, because the default privileges given to a normal user is all you need in most cases. I worked for years at a company where I didn't have root, and I never missed it.
Contrast that to Windows. Nearly everyone I know runs as administrator. As a old school Unix guy I've tried to set up my friend's XP machines with 2 accounts, one administrator, and one User. It failed, because most applications do not run as a regular user. Now an expert could sort out the ACLs needed to make everything run, but I'm not that much of an expert, and besides this is a home system, they don't need the abilities of an ACL.
In short, Windows has a wonderful access control system that will let you control just about anything. However it is so complex that few can figure out how to use it, so everyone just runs as administrator. In Unix the standard security system isn't as powerful, but by default it covers everything most people need in a way simple enough for most people to use.
Did you know that up until 2002 the common versions of Windows had concept of user accounts, everyone had to run as administrator of the local machine?Really now, picking something historical is pointless. Windows hasn't stood still for the last 25 years, neither has Unix.
Sure. Now ask yourself how many of those students would bother to configure that access control if they could. Pretty close to zero. Most of those who would do it, would do it once because they could, and then realize that in a school environment it doesn't matter, and skip all that bother. If only because what you described doesn't work. The first time someone makes a mistake and deletes your important work is the first time your realize that emailing files around allows you to save a copy of your work where nobody (but you) can screw it up.Which is just fine until the first time spyware gets in and proves that not everything is perfect. Unix software learned from the first outlook virus and never gave out software that ability. I can forgive Microsoft for thinking scripts in email was a good idea until then. However years and many updates (including complete versions) Outlook still ran scripts from any sender by default, and that is not forgiveable.
Sometimes the majority are inconvenienced by the few. I lock the doors on my house, even though few people every try to break in. It would be much easier if I didn't have to.
Admin
I love ellipses - makes me feel like a movie trailer. Anyhow, I have no idea what you two are arguing about, but you've both got to be smarter than the folks running the US criminal justice system software, and almost as civil. Read about the FBI's software sometime. Maybe the FAA would be a better example... uh, no. Social Security... oops. IRS... God no. Homeland Security... don't tell anyone, but no...
Admin
That is exactly the point. If there is an administrator for a computer, then it is not supposed to be "the user's computer". The user is not supposed to be able to run any unauthorized program. That is the main reason for having a privileged administrator account and unprivileged user accounts.
ok
dpm
Admin
Your boss has developed himself a little app that keeps track of task allocations but he needs someone to write some VBA that will create an email when a task is complete. You may need to change the system date so the email application will send the email with a send date of a week earlier so it looks like you completed the task on time but the email system took a week to deliver it.