Not Missed Opportunities – Denied Opportunities

Matt Hartley wrote, at Datamation, “The real missed opportunities I see with the Linux desktop is due to a poor job marketing the many things Linux can do for the average user. Once installed, I’ve actually had a reduction in late night service calls. It’s too bad that most PC users today won’t ever have the opportunity to try a Linux desktop themselves. That, my friends, is what I call the biggest missed opportunity of all.”

The biggest missed opportunity is that GNU/Linux systems are not on every retail shelf, thanks to anti-competitive actions of M$ and “partners” in crime. If consumers had their choice and migration was as simple as picking up this box instead of that box, there would be no missed opportunity. It is not a failing of GNU/Linux desktop software that the average consumer does not install any operating system, ever. I’ve had thousands of students and teachers, ordinary consumers, pick up GNU/Linux with scarcely any trouble at all if it magically appears in front of them thanks to my efforts. The same would happen if retailers delivered what customers need instead of what M$ wants.

See Linux Desktop's Missed Opportunities.

About Robert Pogson

I am a retired teacher in Canada. I taught in the subject areas where I have worked for almost forty years: maths, physics, chemistry and computers. I love hunting, fishing, picking berries and mushrooms, too.
This entry was posted in technology and tagged , , , , . Bookmark the permalink.

16 Responses to Not Missed Opportunities – Denied Opportunities

  1. oiaohm wrote, ” The reality is each application being displayed should be its own encrypted stream and treated independantly. This is the core problem with X11. X11 was designed on the idea that USER approval instantly allows everything.”

    Wrong. It is perfectly possible to set up individual streams for each application in GNU/Linux. That works unless a user imports/creates an executable that doesn’t follow the rules. Web filtering and non-installation of software tools stops that, but the fellow could still import via USB. Again, locking things down can secure an X11 system. Most of us have no need of such security however either because there’s nothing of value that needs protecting or we have very modest infrastructure not worth invading. The idea that X11 is key to holding back GNU/Linux is silly. There may be niches where that is true but putting GNU/Linux on retail shelves everywhere would get past the roadblocks retailers, OEMs and M$ have set up.

  2. oiaohm says:

    Robert Pogson ssh is only preventing tapping of cables. Not if user has run application with hostile intent. The reality is each application being displayed should be its own encrypted stream and treated independantly. This is the core problem with X11. X11 was designed on the idea that USER approval instantly allows everything.

    Robert Pogson users is too course of security. Future systems need to think in terms of applications. NT in fact thinks in terms of applications not users.

    X11 is an area that is just wrong. It has cost us progress. 1998 is when the attempts to dispose of X11 started due to security issues. It has taken us all this time.

    Linux has been fighting with a hand tied behind back.

  3. oiaohm wrote, ” There is a good security conference video demo X11 being taken over remotely just because a user was ssh into a server at the other end.”

    I have no trouble setting up a system in which root can SSH in to a thin client from the server but no other user can do that. One has to have a sane environment for a GNU/Linux terminal server. It’s the right way to do IT but you can’t do stupid things like allow users the rights to do everything. That was the problem with lots of XP installations and look what happened. There’s absolutely no need for an ordinary user to even have an account on the thin clients. The accounts are on the terminal server and the Xservers are on the thin client. Where’s the insecurity in that? Sending X11 over SSH even prevents tapping into the cables being insecure. There’s no need for anything to go over the wire in the clear.

  4. oiaohm says:

    Robert Pogson to be correct X11 combind with ssh is also worse of a nightmare than you can dream as well. There is a good security conference video demo X11 being taken over remotely just because a user was ssh into a server at the other end. Even if you don’t use the pass -X flag.

    Robert Pogson high secure systems require isolation between applications.

    Robert Pogson in particular areas Linux is more secure than Windows. Isolation of application at graphical is not one of them.

    There are technical reasons why the Linux Desktop has not been able to progress. X11 is one of them. Undocumented file formats used is another.

    Yes Windows fall over when attacked from intruder the other side of world. Problem is X11 will not withstand attacks even as well as Windows does. The change to wayland/mir can allow proper isolation so if for example a browser plugin in breached it cannot go and control what ever it likes.

    Like chrome under windows enabled most of MS windows built in isolation protections. So its many times harder to take over a Windows machine if someone is using the chrome browser.

    Robert Pogson most of Windows security issues is not a bad core design. Most are like poor implementation. Like Internet explorer does not use all the isolation protections it can around plugins.

    Windows as signed applications option. But you can still run unsigned. So what was the point of implementing signed applications. Next having one huge CA to approve all applications.

    Windows all the framework of a nice solid OS is there. Few stuffups in implementation and hugely bad defaults. Some Linux distributions suffer from the same problems.

    Robert Pogson yes the reasons for the orders of magnitude difference with windows is down right sad. Its either incompetence on Microsoft part or Microsoft does not want to make a secure OS because they will not be able to sell new product as simply.

    The of Linux for graphical cleaned up will also allow the end of text based booting in Linux as well.

  5. oiaohm wrote, ” X11 server allows all keyboard and mouse input to be capture by all applications connected.”

    What applications are connected to the Xserver on my thin client? Mine. Not the other users. Not even root can make a connection except by SSH. Why even make an issue of it when that other OS falls over at the drop of a hat with an intruder from the other side of the world and I only have to deal with my own LAN? GNU/Linux with X11 is orders of magnitude more secure than that other OS.

  6. oiaohm says:

    Robert Pogson X11 server allows all keyboard and mouse input to be capture by all applications connected.

    Robert Pogson application graphical buffers are shared with the X11 server. Before DRI3 these don’t have kernel controlled security.

    X11 provided a set of foolish wrappers that allow applications to snoop on other applications graphical parts without requiring any special permission.

    Robert Pogson you are right the Linux kernel forbids it unless application tells it to share. But when the X11 server will grant access to what is shared with it to everything else we have problems.

    This is simple X11 being crap. The Wayland work is to address this. So that applications share buffers with display server. and only parties that can access those buffers is the application they came from and the display server unless permission is specially granted.

    Robert Pogson security and isolation between processes is dependant on a lot of things. X11 has been a huge hole.

    This is why the Administration tools for Linux have had a habit of being web based or terminal based. For end user friendliness we need desktop that can securely protect input for passwords and securely protect particular windows from being snooped on without permission.

    Robert Pogson you are aware that the buffers transfered to X11 become disassociated with the process they are running on with DRI2 and before. This is why crashes of applications can cause memory leaks in X11.

    The core of X11 has been shot for years. Its very hard to build a house if you don’t have solid foundations.

    X11 has to die or be redesigned to make solid foundations.

  7. oiaohm wrote, “even hosting the X11 on the thin client does not solve the snooping on other applications input or buffers.”

    The application is on the server and cannot see the buffers on the thin client. Snooping on other applications’ buffers is not allowed by the kernel. That is not anything to do with X11, but normal system security, isolation, between processes. Applications can scrub buffers before releasing them back to the system. Whether they do or not is not about X11 but the applications.

  8. oiaohm says:

    Robert Pogson the problem is not only terminal server. Password capture by malware is a big weakness of the X11 design.
    Due to X11 running as root any user on the system can connect to it.

    Robert Pogson even hosting the X11 on the thin client does not solve the snooping on other applications input or buffers. This is a road block. Wayland and Mir and surfaceflinger(androids) don’t suffer from this particular problem.

    Wayland and Mir applications need special permission to screen capture. Particular dialogs under windows and OS X also cannot be captured by a generic screen capture program.

    Robert Pogson basically this is a bug that your have missed. The bug where applications can capture other application input prevents Linux from the high end secure desktop market.

    At least we are looking at this defect disappearing in the future at some point.

  9. oiaohm wrote, “Under X11 you can keylog every keyboard stroke from any application that connect to the X11 server.”

    That’s only true if there is an Xserver on the terminal server. There doesn’t need to be one and shouldn’t for security. The applications can connect to the Xserver on the thin client. I often install one so I can have one more seat in the room. There’s no problem at all in a school’s lab behind its own firewall or LAN.

  10. oiaohm says:

    Robert Pogson sorry but X11 cannot be made perfectly secure. At least while supporting the old magic cookie and other major flaws.

    Please note I said particular areas of government. Wayland and DRI3 that is recent work are heading down the path.

    Remember under Unix everything is meant to be a file for security reasons. X11 in everything before and including DRI2 attempts to use its own platform neutral security methods.

    http://lwn.net/Articles/517375/

    Robert Pogson the use of NT objects under Windows sad as it sounds has been higher security than X11.

    Robert Pogson you are basically fooling self if you think current generations X11 are secure. X11 was not designed to prevent applications messing with other applications. This is why X11 has not been suitable for admin. wayland and mir in fact contain protective control.

    Under X11 you can keylog every keyboard stroke from any application that connect to the X11 server. This is in fact not possible under OS X or Windows display solutions.

    Wayland and Mir also don’t have this defect. Ywindows and directfb also did not have this defect.

    Staying with X11 has been one of Linux biggest problem. X11 for user applications is mostly ok. X11 for administration applications mostly not ok.

  11. oiaohm wrote, “X11 has been one of the big reasons why Linux has not been able to pass some areas of government security requirements. This spreads.”

    Nonsense. In that case no government would use it and many do. X11 can be perfectly secure in a locked-down system. I could even use it securely on a terminal server by removing the X-server from the server and just keep it on the thin-client terminals. On modern hardware it’s easy to do NX or X11 over SSH too.

  12. oiaohm says:

    bw really you have it wrong.

    Linux world late 90~ was already attempt to get rid of X11. Security issues in X11 have been known for a long time. Linux admin being command line centric is not some random fluke.

    Anti-competitive actions the biggest one against Linux Desktop has not been OEM or Microsoft. Its been ATI and Nvidia. ATI and Nvidia both universally said X11 support only for Unix like platforms. So no Framebuffer or any other support. Even that X11 at the time was documented as insecure.

    Look at servers Linux has mostly moved from high end down. This trend has happened many times.

    X11 has been one of the big reasons why Linux has not been able to pass some areas of government security requirements. This spreads.

    bw only in the last few years has Linux been able to force The Khronos Group to start designing Opengl independent to screen management software.

    The major issues are countries that tax return systems don’t work with anything other than Windows.

    Tortoise vs Hare. bw just because Microsoft has market share does not mean it can maintain it.

    Really bw look at the last 12 months and the 12 months before. For closed source applications released for Linux this has increased a lot. Its also not solo vendors.

    Stuff is changing. We are on the path for a truly secure desktop on Linux. NSA issues will worry governments.

  13. bw says:

    thanks to anti-competitive actions of M$ and “partners” in crime

    As long as you consider a vendor’s prudent efforts to sell their products as “anti-competitive” you are doomed to be, at best, an also-ran and, more likely, as with most Linux version, a never-ran. It is said “You snooze, you lose!” and leaving consumer education and product promotion to chance is snoozing at its worst.

    The big problem here is that commercial entities that might otherwise promote Linux and know how to do it are not compensated for their efforts and so they go elsewhere for their profits.

  14. ram says:

    No doubt, Microsoft’s “incentives” to retailers did much to put Microsoft on the shelves and keep others off. It is why Apple had set up their own chain of retail stores — they simply could not get into established mall retailers. The only Linux suppliers for a long time were the Asian “white box” computer shops somewhat off the beaten track.
    Looks like Linux “white boxen” are winning now, especially during these times of “austerity”.

  15. lpbbear says:

    I have had exactly the same kind of experiences as Mat. Installed Linux for quite a number of customers in my area. Only had one go back to Windows. (elderly lady who said she did not feel like she could learn any more than she already had learned for Windows, no complaints from her about how Linux performed though)
    All the rest were fine with it. If Linux were preloaded on retail systems the majority of users would be fine with it.

  16. Mats Hagglund says:

    As i’ve wrote before huge majority of people don’t buy operation systems, they are just buying computers. And hardly more than 2-3% are mentally ready to install operation system to their own computer. Computer users are now even less geeks than they used to be in 1990’s.

    I have installed Linux (mostly Mint LTS) to about 20 different computers during the last 4 years. None of those new users have mentioned that they have disliked Linux. Actually they have been very happy using free, stable and decent system. What ever one may think about Mint (hardly the most stable Linux) they can’t debunk the truth that it’s user friendly, easy to install and easy use.

Leave a Reply