Make a limited XP account without losing settings?
in [Design]
|
From: krw on 26 Jul 2010 18:14 On Mon, 26 Jul 2010 14:03:24 -0700, Joerg <invalid(a)invalid.invalid> wrote: >Joel Koltner wrote: >> "Grant" <omg(a)grrr.id.au> wrote in message >> news:g5qr46dvn06utplgmgj9eieldi9oe1jo7g(a)4ax.com... >>> On Mon, 26 Jul 2010 10:36:51 -0700, Joerg <invalid(a)invalid.invalid> >>> wrote: >>>> Nobody wrote: >>>>> The whole Vista UAC mess was an attempt to implement relatively modest >>>>> security policies without breaking a zillion applications written by >>>>> people who thought it was perfectly reasonable to assume that normal >>>>> (non-Administrator) users would be able to write to the "Program Files" >>>>> directory. >>>> Nothing wrong with that. >>> There is. Trouble is that windows is now trying to be unix like ("every >>> OS wants to grow up to be unix"), and MSFT bolts on extra complexity to >>> try catch up on secure environment. >> >> I think that UAC as implemented on Windows 7 (Vista was way too annoying >> initially) is actually a ...reasonable... way to go (although I think >> the Mac OS does better here). There's always going to be a fundamental >> problem that your average home users *does* need to be able to write to >> "Program Files" without being forced to jump through a lot of hoops, yet >> of course many an IT guys doesn't want *any* of their users touching it. >> >> (Personally I tend to think many an IT guy wants to use technology to >> solve what are really policy problems, though. ...although it's become >> quite ubiquitous in society -- even *soldering irons* meant for >> production usage will now have special little electronic keys that the >> production supervisor retains so that the lowly production workers can't >> dare change the temperature. Sheesh! How was it we managed to build a >> spaceship to take us to the moon and back when we couldn't >> electronically prevent some guy working on the guidance computer from >> turning his soldering iron temperature up 25C more than he should have?) >> > >It is indeed somewhat moronic. But you see it everywhere. "Do not put >fluorescent bulb in mouth and bite down" and things like that. Just >because some ambulance chaser succeeded once. The topper on the news >came yesterday: A kid died because it had reclined the seat, all the way >down, her sister fell asleep at the wheel, crashed the car, kid got >killed because the seat belt won't protect when you almost lay down in a >car. AFAIK the family "won" $1.8M. I mean, how much does it take to >realize that when the safety belt is flopping about in the wind it won't >protect? The solution: no more reclining seats. >>> I don't know gEDA. Under unix/linux, there are defined areas for >>> read-only code (/usr), as well as application writable area (/var). >> >> At least your average Windows user understands that "program files" >> probably contains programs and "documents and settings" probably >> contains application setting. /usr? Unix system resources? What's >> that? /var? Variable? Huh? And what's this /etc directory think where >> all the "odds and ends" seem to end up? >> > >From a serious CAD user it can be expected that he or she understands >the basics of file management. In fact, gEDA was written completely >Linux-centric, ports to Windows have largely failed because some not so >compatible code must have been employed (in laymen's terms). Yet even >gEDA does what every CAD does, store libraries in program directories. >Meaning user libs and non-custom libs get splintered up. What's wrong >with allowing write access to the lib directory? Why not a user-lib directory. If you want to place them in one pool (a naming convention nightmare), use indirection. >I don't want an OS to tell me what I can't and cannot do, just like I >don't want a car to decide when to shift :-) The problem is that if it can't tell you what not to do it can't tell any other program what it can't do either.
From: Joerg on 26 Jul 2010 18:24 krw(a)att.bizzzzzzzzzzzz wrote: > On Mon, 26 Jul 2010 14:03:24 -0700, Joerg <invalid(a)invalid.invalid> wrote: > >> Joel Koltner wrote: >>> "Grant" <omg(a)grrr.id.au> wrote in message >>> news:g5qr46dvn06utplgmgj9eieldi9oe1jo7g(a)4ax.com... >>>> On Mon, 26 Jul 2010 10:36:51 -0700, Joerg <invalid(a)invalid.invalid> >>>> wrote: >>>>> Nobody wrote: >>>>>> The whole Vista UAC mess was an attempt to implement relatively modest >>>>>> security policies without breaking a zillion applications written by >>>>>> people who thought it was perfectly reasonable to assume that normal >>>>>> (non-Administrator) users would be able to write to the "Program Files" >>>>>> directory. >>>>> Nothing wrong with that. >>>> There is. Trouble is that windows is now trying to be unix like ("every >>>> OS wants to grow up to be unix"), and MSFT bolts on extra complexity to >>>> try catch up on secure environment. >>> I think that UAC as implemented on Windows 7 (Vista was way too annoying >>> initially) is actually a ...reasonable... way to go (although I think >>> the Mac OS does better here). There's always going to be a fundamental >>> problem that your average home users *does* need to be able to write to >>> "Program Files" without being forced to jump through a lot of hoops, yet >>> of course many an IT guys doesn't want *any* of their users touching it. >>> >>> (Personally I tend to think many an IT guy wants to use technology to >>> solve what are really policy problems, though. ...although it's become >>> quite ubiquitous in society -- even *soldering irons* meant for >>> production usage will now have special little electronic keys that the >>> production supervisor retains so that the lowly production workers can't >>> dare change the temperature. Sheesh! How was it we managed to build a >>> spaceship to take us to the moon and back when we couldn't >>> electronically prevent some guy working on the guidance computer from >>> turning his soldering iron temperature up 25C more than he should have?) >>> >> It is indeed somewhat moronic. But you see it everywhere. "Do not put >> fluorescent bulb in mouth and bite down" and things like that. Just >> because some ambulance chaser succeeded once. The topper on the news >> came yesterday: A kid died because it had reclined the seat, all the way >> down, her sister fell asleep at the wheel, crashed the car, kid got >> killed because the seat belt won't protect when you almost lay down in a >> car. AFAIK the family "won" $1.8M. I mean, how much does it take to >> realize that when the safety belt is flopping about in the wind it won't >> protect? > > The solution: no more reclining seats. > >>>> I don't know gEDA. Under unix/linux, there are defined areas for >>>> read-only code (/usr), as well as application writable area (/var). >>> At least your average Windows user understands that "program files" >>> probably contains programs and "documents and settings" probably >>> contains application setting. /usr? Unix system resources? What's >>> that? /var? Variable? Huh? And what's this /etc directory think where >>> all the "odds and ends" seem to end up? >>> >>From a serious CAD user it can be expected that he or she understands >> the basics of file management. In fact, gEDA was written completely >> Linux-centric, ports to Windows have largely failed because some not so >> compatible code must have been employed (in laymen's terms). Yet even >> gEDA does what every CAD does, store libraries in program directories. >> Meaning user libs and non-custom libs get splintered up. What's wrong >> with allowing write access to the lib directory? > > Why not a user-lib directory. If you want to place them in one pool (a naming > convention nightmare), use indirection. > >> I don't want an OS to tell me what I can't and cannot do, just like I >> don't want a car to decide when to shift :-) > > The problem is that if it can't tell you what not to do it can't tell any > other program what it can't do either. Oh, it can. All you need is to let the user set individual write access. It's not much, a library directory here and there, and so on. There should be stages, including access to everything. On their own risk, of course. Just like I want that on a car. Yes, I did force one into reverse at around 50mph, ran the engine up to the red rpms and came to a stop with an asbestos-stench wafting out of the clutch area. Full brake failure, pedal on the floor board. On a "modern" car that would have resulted in a hard crash. Remarkably the transmission survived it even though it let off an awful grind when I forced it into reverse. -- Regards, Joerg http://www.analogconsultants.com/ "gmail" domain blocked because of excessive spam. Use another domain or send PM.
From: Grant on 26 Jul 2010 19:16 On Mon, 26 Jul 2010 13:38:24 -0700, "Joel Koltner" <zapwireDASHgroups(a)yahoo.com> wrote: .... >At least your average Windows user understands that "program files" probably >contains programs and "documents and settings" probably contains application >setting. /usr? Unix system resources? What's that? /var? Variable? Huh? >And what's this /etc directory think where all the "odds and ends" seem to end >up? Where to start, we're way OT ;) /usr is user programs, applications, lots of OS files there too, is read-only for normal users. Usually only root (admin) can write there. /bin and /usr/bin holds most exec files, there's special places like /sbin and /usr/sbin for single user mode for special (admin) tasks like setting up how the machine goes multi-user after booting. /var is writable area for system wide apps, apps also keep per user info in the user's area /etc is Sorta like the windoze registry, except the files in there are plain text, and can be edited by root (admin, superuser). The /etc tree holds the system configuration, sort of like windoze registry, but made up of plain text files, some arcane binary database with obscure access methods like windoze does. A famous case (or story) is where US navy spec'd POSIX computer system to lock out MSFT, but MSFT added a few unix utilities to WinNT and thus ticked the POSIX compliance box, result was a battleship that used to lock up and need to be towed back to port. Main problem with windows is that they don't segregate program text (read only) from program data. This is why you cannot get a windows live CD. You can get a Linux live CD because the OS is run from read- only area. One needs to meet unix (or unix-like OS) and work with it for a while to understand the differences. I met unix in '97 when I went to uni to finally gain that 'paper', wanted to run unix at home and was told to go grab linux. Been running windoze and linux on multiple machines at home since. I battled ms-dos for years at work, from my PoV it wasn't much better than cp/m for running text based apps like WordStar and cross-assemblers for the embedded controllers I was making on either system. A comms program to talk to other systems or their ICE box. Batch files are so stupid, or rather, the command line so dumb, it was a battle to automate simple tasks. There must be so much productivity lost to MSFT's dominance of the PC world. Linux is so much more powerful at the command line, for example I stitch some commands together to see who looked at my web page about that power supply with the high earth current tripping RCD: ~$ gawk '/\/ps-earth-current\/one/ && !/192.168.3.36/ \ {printf"%s %s ",$1,$2;system("ccfind "$5)}' \ /var/log/apache/access_log 2010-07-25 11:08:31 24.8.89.117 US:United States 2010-07-25 12:21:48 68.185.181.213 US:United States 2010-07-25 13:08:44 71.167.68.184 US:United States .... 'gawk' is the gnu version of Awk, named after "Aho, Weinberger and Kernighan", the authors. Yes, the same Kernighan associated with C language :) A standard programming or scripting language that is a simpler predecessor to perl. 'ccfind' is a shell script to lookup an IP's country code by referencing a memory resident database that I wrote in perl. On windows you be hard pressed to write an ad-hoc database query so easily. Grant. > >---Joel
From: Joerg on 26 Jul 2010 19:40 Grant wrote: [...] > One needs to meet unix (or unix-like OS) and work with it for a while > to understand the differences. ... Or find out that some crucial hardware you need for the job won't run on it ;-) > ... I met unix in '97 when I went to uni > to finally gain that 'paper', wanted to run unix at home and was told > to go grab linux. Been running windoze and linux on multiple machines > at home since. > > I battled ms-dos for years at work, from my PoV it wasn't much better > than cp/m for running text based apps like WordStar and cross-assemblers > for the embedded controllers I was making on either system. A comms > program to talk to other systems or their ICE box. > > Batch files are so stupid, or rather, the command line so dumb, it > was a battle to automate simple tasks. There must be so much > productivity lost to MSFT's dominance of the PC world. > I liked DOS a lot and found that batch files were the best invention since pivot irrigation. I could schedule stuff to run at night and then take my wife out to the dance club. -- Regards, Joerg http://www.analogconsultants.com/ "gmail" domain blocked because of excessive spam. Use another domain or send PM.
From: Grant on 26 Jul 2010 19:41
On Mon, 26 Jul 2010 14:03:24 -0700, Joerg <invalid(a)invalid.invalid> wrote: >Joel Koltner wrote: >> "Grant" <omg(a)grrr.id.au> wrote in message .... >From a serious CAD user it can be expected that he or she understands >the basics of file management. In fact, gEDA was written completely >Linux-centric, ports to Windows have largely failed because some not so >compatible code must have been employed (in laymen's terms). Yet even >gEDA does what every CAD does, store libraries in program directories. Well that's plain stupid. >Meaning user libs and non-custom libs get splintered up. What's wrong >with allowing write access to the lib directory? Question is, which lib directory. The proper place for writable system libraries is /var/lib/$appname :) For example, my Slackware-11 box has: grant(a)deltree:~$ ls /var/lib arpd/ bsdgames/ elm/ logrotate/ misc/ mysql/ nfs/ rpm/ stunnel/ xdm/ xkb/ The program may create its own directory there and allow user access and writing. It's difficult to find an exception to the standard unix rules for basic layout (Sorry, I forget the exact name, hierarchical file system or similar) that's been around for a decade or more. Simple, no? Users may have private libraries under /home/username/whatever > >I don't want an OS to tell me what I can't and cannot do, just like I >don't want a car to decide when to shift :-) There are standards out there that define a framework for these things, of course it is not rigid, as there's no Linux Incorporated controlling this stuff. Each application author has a choice of what standards to follow. A high end CAD system should follow the standard patterns for flexible target OS. (I haven't used CAD for 17 years, no idea what's what these days). It's not about deciding when to shift, more about expecting the shift to have a standard H plus extras (reverse and fifth) pattern (or paddles, or gated semi-auto) and be roughly in the same spot (or two), within reach of the driver. You know, standards, so many to choose from ;) Grant. |