“It was with great anticipation that I began looking at Wal-Mart’s latest offering: a Microtel PC with LindowsOS preloaded. I had reviewed the OS-less Microtel computer from Wal-Mart a few weeks ago and I hoped that this, the first consumer-focused Linux-based PC to appear from a major U.S. retailer, would be a great product for Linux newbies. Unfortunately, no matter how much I try to like this system, I am not comfortable recommending it to novice users.” Read the review at NewsForge.
“So far I haven’t addressed the questionable design decision to make the user run as root. This opens the door for viruses and insecurities like the ones that have plagued Windows for years. The Unix system of limited privileges has been an effective means of restricting viral code. To throw all that away now seems very foolish.”
This says it all.
[quote]The Unix system of limited privileges has been an effective means of restricting viral code. To throw all that away now seems very foolish.”[/quote]
i agree completely 100%
this Lindoze is just bad karma, especially for doing this…
Sounds like a better deal than any Windows PC already. Sure you get a junk X86 processor in a junk box, but at least you don’t get a junk, legacy OS. It is sad that they went for “just good enough to sell”. Calling a home directory “C:” is so 1980’s. Wiping your data during an OS repair session is NOT GOOD.
What the reviewer fails to answer is this: if he is uncomfortable recommending this to novices, how can he POSSIBLY recommend Windows?
As for virii– root is only one “route” to trouble. Windows gets most of its viruses because of inept OS design, (or inept application design– remember “I love you”. How MSFT avoided getting sued for malpractice on that one, I will NEVER understand…). It is not necessarily because of running at root level.
“Sounds like a better deal than any Windows PC already. Sure you get a junk X86 processor in a junk box, but at least you don’t get a junk, legacy OS.”
Yeah… Instead you get an OS that won’t run 90% of the applications out there that most buyers will want to run. And you get an OS where the buyer will have to call tech support any time they want to install a new application.
Lindows itself backed off on their claim that their OS will run most Windows apps because it simply never materialized.
Bottom line, no matter how much the zealots whine and stomp their feet while claiming otherwise, Linux is not ready for the average end user desktop.
Bottom line, no matter how much the zealots whine and stomp their feet while claiming otherwise, Linux is not ready for the average end user desktop.
I don’t think any serious Linux users (aka zealots) care one way or another what the average end user runs. It seems to me that the ones doing all the stomping, whining and complaining are the ones who can’t figure out how to run Linux (and other Unix-like OSes) not those who already can.
Now for those of us who already know how to run the system, Linux, et. al., are perfectly fine to use as a desktop.
Yeah… Instead you get an OS that won’t run 90% of the applications out there that most buyers will want to run.
How do you know? Have you actually ran Lindows? I can run most of the software I ran on Windows on Linux under WINE without Lindows’ (or codeweavers) extra modifications. There are equally good native products available, however, so I usually only run the Windows apps when absolutely necessary (very rare). Anyway, my point is that while there are Windows products that don’t run under WINE, I think 90% is high; either you underestimate what WINE can do or you overestimate the variety of software the average user actually uses.
Linux was not designed nor ever intended for the average home user. It started out as a hobby and evolved in an OS for computer savvy students/professionals who need to do some serious computing. Half assed attempts like Lindows to bring Linux to the avg user only hurts oss’s image in the eyes of the general public. Eventually I think Linux will be a viable alternative to Windows/Mac for Joe Sixpack, but that won’t be for a long, long time.
“I don’t think any serious Linux users (aka zealots) care one way or another what the average end user runs. It seems to me that the ones doing all the stomping, whining and complaining are the ones who can’t figure out how to run Linux (and other Unix-like OSes) not those who already can.”
That’s all well and good. But somehow I don’t think the average Linux user shops for computers at Walmart. In fact, the average Linux hobbiest probably rolls their own system. So either way, this just seems like a bad business proposition for Walmart. The person who buys their computers at Walmart isn’t going to want a Linux based system. The person who does want Linux doesn’t shop for computers at Walmart.
“I can run most of the software I ran on Windows on Linux under WINE without Lindows’ (or codeweavers) extra modifications.”
I haven’t run Lindows. But I have used WINE. Admitidly, I haven’t used it in probably 7 months or so. But the last time I did, most major applications I tried didn’t work. For example, It wouldn’t run MS Office. That’s a big problem.
I never tried running Quicktime in WINE, but I suspect it won’t run. (If I am wrong, please let me know). If I am right, that would be a big one since Quicktime is an industry standard for delivering online video content. I know there are some free players out there for Linux that will play SOME Quicktime videos. But I don’t think there are any that will play videos that use the Sorenson 3 CODEC. And Sorenson 3 is rapidly becoming the prefered CODEC for encoding quicktime movies because of its extremely good compression / quality ratio.
And of course, even for apps that will run under WINE, it often requires a lot of tinkering to get them to work. So once again, this is not a usable solution for most users.
Actually, I think that running the system is root isn’t such a terrible bad idea. After installing Gentoo, I was stuck as root for a few hours because I wasn’t used to the adduser command and didn’t know about superadduser and then decided to stay at this. Why? Simple, it’s much much more comfortable. Usually the first thing I do when opening a console is “su”, so where is the difference anyway? Finally I can use Nautilus to do practically everything. Prior I was stuck to konsole again because Nautilus ran as root. Konqueror can be launched in root mode but that’s again not comfortable at all.
Why should I bother? Because of trojans? No way, when I install software, I do it as root anyway. No difference. When getting mail, I never ever launched an executable and the usual Linux mailer won’t even allow me to do so. Viruses? See the installation comment.
There is really nothing particulary “save” about running a system as a user. The user system wasn’t invented to protect for trojans and viruses (what would it protect anyway? Only the system, your data could be equally deleted as user), it was designed to be used in a multiuser environment.
The advantages of running as a user on a single user workstation are small. The only ones I see so far are, that when beeing a user you can supply a username, you can’t do that with root (so you are always refered to as “root”), some IRC channels will lock you out (this happend to me a few years ago, not sure if this is still the case) and xscreensaver refuses to run as root (but I can most probably fix that).
Another advantage of beeing a user is, that you can’t accidently do a “rm -r /”. But today most of us are running a GUI so this can’t happen that easily anymore. Whenever I use a console, I would do that for administrative tasks anyway and type “su” at first. So beeing a user doesn’t protect me in the slightest but makes working with the system considerably more annoying.
“Why should I bother? Because of trojans? No way, when I install software, I do it as root anyway. No difference. When getting mail, I never ever launched an executable and the usual Linux mailer won’t even allow me to do so. Viruses? See the installation comment.”
You have never KNOWINGLY launched an executable. But you leave out an entire class of security problems known as buffer overflows. the PINE mail program is well known for having a lot of these. With network enabled applications, its possible for malicious email headers (or web pages in the case of a browser) to cause a buffer overflow. You don’t have to actively run any code for this to happen. All you have to do is open an email message with a malicious header for example. When this happens, arbitrary code can be executed on your system. If you are running the application as root, that code will also execute as root.
Good system administrators NEVER read email as root because of the possibility of remote buffer exploits. They always have root’s email forward to a regular user account and read the email from there.
Of course, on IRC, it’s possible for a remote user to find some kind of exploit in the client that allows them access to your system. If you are running the client as root, they will get root access to your system if they can find an exploit.
So basically, trojans and viruses are not the only reason not to run as root. Running any network application as root can be dangerous because of programming problems in the applucation itself that allow remote exploits.
I ordered a Lindows box from Walmart and it just arrived yesterday. I had also gotten the 17″ monitor that is paired with it, it’s multi-sync, so it works fine. I have a cable modem/ethernet home network, so downloading is no problem. I also got the higher end Athalon 1.4 MHz and 256 DRR RAM (I ordered more RAM, which is on its way). So, that’s my setup.
So okay, I have a pretty nice system of the choices Walmart has. I also did that on purpose in case Lindows didn’t stay on there for very long 😉 I agree with the author in certain areas, especially in running in root. I think Lycoris has shown that you do not have to do that and still have an intuitive, simple system.
So, I started right up, no problems, the start-up proces is as the author described. A very pleasant looking desktop appears. I went into settings and fixed everything up the way I wanted to and easily configured the HP 972 inkjet I had attached to it (USB).
One thing the author didn’t quite go deeply into enough is exactly how sparse the included software is. Get a load of this – the only work processor is KEdit. That’s it. They don’t even have The Gimp! So, it is shocking and, as the author said, you are pretty much forced to pay for the Click ‘n Run Warehouse if you really wnt to do anything.
I sat and pondered this for a long time. The disappointment and even anger of how little software there is on the system weighed heavily on me. My personal consuming passion regarding Linux is to get it to John and Jane Doe. So, I decided to go ahead and plunk down the $99 (the subscruption lasts a year) and I’ll use this system with Lindows for one year and see what takes place over the course of that year. The lack of software on the default Lindows system is inexcusable – it’s a trap. But, I figured they are probably sort of groping around in the dark to see what will work. If I want to explore my own goals for Linux, I have to take some chances.
Well, after plunking down the $99, I have to admit, the psychological burden that had been weighing on me was suddenly lifted – I went to Click ‘n Run and was in a software playground. I started downloading stuff left and right and I’ve had no problems yet with download failures as the author did.
So, I know many laugh at Lindows, but when you’re their using it, you can see the possibilities. After all, the Doe family are the type to purchase a computer with the OS and other software already loaded. As a result, my criticism is not as harsh as the reviewers, BUT:
1) As I said regarding Lycoris, there is no real reason to run in root, that can be gotten around and still have an easy to use system for the Doe family.
2) For the love of God, put a little more software on the pre-configured system – KWord, The Gimp and a few other things.
With a few changes, Lindows could be the real thing for the Doe family as they browse in Walmart.
By the way, I haven’t said anything about running Microsoft applications on Lindows because I know where that’s at right now and, actually, I have no real desire to do that anyway. It will be interesting to see if Lindows, Inc. will continue to pursue this or not – if they continue to think that being able to do that through wine is important to their goals.
Are they shipping the CDs yet, and if yes, does anybody know if it contains the “click-n-run” softwares? Unless they have a broadband connection – and most people don’t -using click-n-run would be unworkable.
I never tried running Quicktime in WINE, but I suspect it won’t run. (If I am wrong, please let me know). If I am right, that would be a big one since Quicktime is an industry standard for delivering online video content.
I’d be satisfied if the Quicktime Player for Windows XP worked on Windows XP. :p
Luckily it seems like the version 6 public preview works, at least on the same boot, but if UI elements start randomly disappearing again, I’m gonna find another app.
Good system administrators NEVER read email as root…
Well, see that’s part of the problem, isn’t it? Home users are not systems administrators, they are *home users*. Yes, I know, technically, the home user is the sysadmin of his own system, but mainstream computer users don’t know that, and really, they shouldn’t have to know that. As others have pointed out, there are ways to deal with this, but most distros don’t, leaving the new Linux user to learn the hard way. Since Lindows is targeted to home users, then they should definitely “deal with this”, so the home user won’t have to.
“But you leave out an entire class of security problems known as buffer overflows.”
Two things:
1) I don’t know of a single instance where this actually was used to harm or get access to a system.
2) Why should I care if I’m logged in as root or user if something like this happens? What’s valuable is the data I store on the system, not the system itself. If it should ever happen, rebuilding the system would probably take me a day or less. Loosing my data is what’s critical and this is accessable by the user anyway.
Of course is different for a system administrator who is responsable for a lot of users or are productivity system.
But this is a single user system anyway, why shouldn’t I use it like that?
“I’d be satisfied if the Quicktime Player for Windows XP worked on Windows XP. :p”
Hmm… I have Quicktime 5.0.2 installed on my Win XP Pro box and I haven’t had any problems with it.
I can think of one possibly thing that culd be giving you trouble. Are you aware that Quicktime 5.0.1 shipped without the Sorenson 3 CODEC? Basically, the CODEC wasn’t ready in time for the deadline, so Apple shipped without it. The result is that when you try to play a Sorenson 3 encoded video, you will see the progress bar moving, etc., but you will just have a blank box where the video should be. Quicktime 5.0.2 did ship with the CODEC. (We have Sorenson 3 videos on our web site and got some complaints about it. So I researched it and found out that the Quicktime 5.0.1 beta versions shipped with Sorenson 3, but the release version did not.)
Other than that, I haven’t had any problems with Quicktime in Win XP. Not with the 5.0.2 version anyway.
“1) I don’t know of a single instance where this actually was used to harm or get access to a system.”
I don’t KNOW of any either. But it definately is possible that certain buffer overflow problems can be exploited to run arbitrary code on the system.
“2) Why should I care if I’m logged in as root or user if something like this happens? What’s valuable is the data I store on the system, not the system itself. If it should ever happen, rebuilding the system would probably take me a day or less. Loosing my data is what’s critical and this is accessable by the user anyway.”
You should care because chances are that if someone can find a way to exploit one of these buffer overflows, they are not going to use it to directly harm your system. Rather, they are going to use it to install a root kit on your system, thus allowing them full access to any and all data on your system at any time in the future without you knowing about it. Don’t think crackers are interested in your home system? Sure they are. Home systems with broadband connections are a huge source of DDOS attacks on major web sites, etc.
Granted, I have never heard of a buffer overflow being exploited in this way. But theoretically it is possible since the buffer overflow can allow the execution of arbitrary code on your system.
Sure, theoretical almost everything is possible… :]
I don’t even know of any such case for a Windows operating system and those are almost all running with administrator rights.
And then they have to get past the gateway…
The question is, is the theoretical possibility of an exploited client system (taking part as a small mosaic of a large DoS attack) worth reducing it’s overall usability and efficiency? If you want perfect security, I’m sure there are less intriguing methods.
“And then they have to get past the gateway…”
Assuming your gateway allows you to recieve email, then they don’t have to get past your gateway. They can simply attack you on ports that your gateway allows access to.
“The question is, is the theoretical possibility of an exploited client system (taking part as a small mosaic of a large DoS attack) worth reducing it’s overall usability and efficiency? If you want perfect security, I’m sure there are less intriguing methods.”
The answer is why not just take the time to do it right? Most tasks don’t require running as root. The few applications that users do need to use that require root privilages usually have the suid bit set. So even then there is still no reason to run them as the root user.
“The answer is why not just take the time to do it right? Most tasks don’t require running as root. The few applications that users do need to use that require root privilages usually have the suid bit set. So even then there is still no reason to run them as the root user.”
The point is, that I do most of my file managing as root anyway, so a filemanager as user is pretty pointless to me.
A user _has_ to be able to change his system settings, afterall it’s _his_ system. The admin/user concept doesn’t work as long as there is no admin. It’s only an inconvenience for the admin/user person because he constantly has to switch between those modes and it’s even more annoying because X GUI’s don’t let you easily work as root so you are tied to the terminal again.
This just isn’t how a singleuser clientsystem should work IMO. And it’s a really really poor answer to the problem of buffer overflows.
“The point is, that I do most of my file managing as root anyway, so a filemanager as user is pretty pointless to me.”
Why? If you are doing most of your file managing as root you are probably doing something wrong. After all, most of your files that you work with on an every day basis should be owned by a normal user and stored in your home directory. What are you doing that requires to do all of your file managing as root?
“A user _has_ to be able to change his system settings, afterall it’s _his_ system. The admin/user concept doesn’t work as long as there is no admin.”
That’s what dot files are for. That’s why you have a personal .profile stored in your own home directory. It’s also why you have a personal .xinitrc file and a personal .Xresources file. It should be very rare that you have to make changes to the system wide configuration.
Unless you are changing network settings every day or something, there should be no reason you have to do your daily tasks as root.
No, I’m not doing anything wrong, it’s just that I fiddle a lot with my system, installing software is just the most typical task. Why shouldn’t I be able to administrate my system using a GUI, just because there is such a microscopic smal chance that someone abuses my system to ping another system? I wasn’t aware how much that actually sucks until I found out how well real singleuser systems like BeOS work.
I just don’t see the point in typing “su” and my passwort at least 50 times a day.
Maybe working as a user would suck less if:
– The console would automatically log me in as root (without requiring a password) and
– Nautilus and all other problems would be able to get root permissions for every task and would just ask prior to doing so (not requiring a password).
Hmm this sounds like a plan, doesn’t it? Shouldn’t be too difficult. Of course only users especially marked as administrators should have those possibilities.
Too many people here point to weaknesses in Lindows, but it is really a pain to be a user under any OS when you use it as a workstation.
Sometimes, it’s just *so* annoying: when my brother left home, leaving only a user account on his computer, thus forbidding me to change the DNS settings so I could connect the box to the Net. When I wanted to install a new app for my other brother. What if my mom couldnt look at her mail and delete a file under the same account on her station ?
No, it is not suitable for everyday use to have so restricted user accounts. At least there should be policies to be enforced just like under win2k/winXP (user, admin, power user, backup op…)!
I wont give lindows a try though, because so many distros are out and doing it better. If I can, i’ll just download Lycorix LX. When is the 1.0 out ?
liberte, in the OS News interview with Joseph Cheek, he didn’t say when 1.0 is expected. He did say the next update should be out later this month. It’s supposed to deal with the the problem of downloading and installing software, so it should be interesting.
1 Be inc failed. JLG failed. no surprise here.
2 however, what be os showed is what is possible when you start from scratch. it’s pretty amazing.
3 competition is good for the consumer. pheonix and compaq offered a bios through reverse engineering to ibm. amd athlon and intel pentium or nvidia and ati or the various dos’s such as ibm and dr-dos.
4 why doesn’t someone reverse engineer win32 api? make win xp compatibility a goal?
combining 1,2,3, 4, why doesn’t someone build an OS from scratch as Be OS/jlg did, but with the goal of 99% compatibility with windows xp, both at the level of software and drivers.
what was be’s strength? speed, flexibility, unique architecture and (one may add) stability.
what killed be? lack of apps; lack of drivers.
i here all these enthusiast attempts at recreating be (OBOS) amiga, or promoting linux and i am baffled.
why not build from scratch a 32/64 bit fully modern OS with all the buzz words of multithreading, protected memory, microkernel, etc.
but the goal is complete reverse-engineered implementation of the Win32api of windows xp?
what killed be will not kill “newin”
drivers? use microsoft tested and verified windows xp drivers.
software? any software that runs on xp should run on “newin”
m$ will have competition. consumers will have choice. investors will make a ton of money. programmers will be happy.
“what killed be will not kill ‘newin'”
Well, whatever ‘newin’ is, it better have compatability with the MS file formats, or else it’s probably going to fall flat on its face.
The anti-MS crowd seems to think that one day, people will just get tired of MS and jump ship to whatever else is available. But personally, I don’t think that’ll happen because the average ‘consumer’ is too naive and uninformed to do such a thing.
Case in point – my dad (average user) recently bought a laptop with WinXP installed. I ran down all of the anti-MS spill including the spyware and MS ‘phoning home’ with DVD stuff and possibly other things – the whole ‘big brother’ theory, and he still chose to run it, saying “I’m getting too old to learn anything else.” Just goes to show you that some things are more important to people than others.
4 why doesn’t someone reverse engineer win32 api? make win xp compatibility a goal?
There’s a Project called Reactos (http://www.reactos.com/)that is an attempt to create a new os compatible with Windows NT Apps and Drivers. It can’t do much now as it does not have a GUI but it looks interesting.
“4 why doesn’t someone reverse engineer win32 api? make win xp compatibility a goal?”
Because reverse engineering the API is a violation of the Microsoft EULA and would probably get you sued by Microsoft.