[KLUG Members] Drive Shield/Deep Freeze for Linux
Mike Williams
knightperson at zuzax.com
Mon Jun 6 19:31:53 EDT 2005
>
> From:
> Adam Tauno Williams <awilliam at whitemice.org>
>
>
>>>> >I think translucent filesystems will work for you. Mount the parition read-only
>>>> >and then mount a RAM disk over it?
>>>
>>>
>>> Translucent filesystems? I think I understand conceptually how that
>>> would work, but I've never heard of such a thing. Can you explain how
>>> one would implement that? What the heck would the /etc/fstab entries
>>> look like?
>>
>>
>
>Haven't used one in ages; I'll see if I get a chance to look it up.
>I'm fairly certain they became standard in 2.6.
>
>Translucency is basically a read-write media mounted over a read-only
>one. So long as the object doesn't exist on the rw media you see the
>object on the ro media. If open the object read-write it is
>transparently copied to the rw media and then operation suceeds.
>
>
>
Hmmm, presentation topic?
>>>> >Or just use VMware which does snapshotting exactly like what you describe.
>>>
>>>
>>> As long as you've got enough horsepower to run vmware and the Windows
>>> underneath it. And are willing to shell out the licenses. Not trying
>>> to shoot down your solution, just pointing out that it's unlikely to be
>>> an ideal one in a lot of environments.
>>
>>
>
>Of course; just enumerating possibilities (and I wasn't suggesting
>running Windows under the VM, thats just crazy). We run Linux and
>Windows VMs on Linux in production and it works very well.
>
>>> Two problems with that (at least before we have to take this over to
>>> advocacy): 1) In most cases you CAN install stuff on a Windows box
>>> without being an administrator,
>>
>>
>
>Only if the local admin hasn't bother to configure a policy (it isn't
>hard). I have lots of 2000/XP boxes and the user can't so much as
>install a browser plugin.
>
>
>
Guess I need to brush up on my AD (which I needed to anyway, but getting
caught being wrong makes it a little more likely I'll actually do it.)
Seems like it should be the default, though, not something you have to
add. And in Linux you can lock down a non-networked workstation. GPO's
require an AD server.
>>> 2) A few applications (admittedly, most
>>> of them are games) won't run without administrator rights, so the users
>>> do have to be administrators, and it doesn't fix anything if they're not..
>>
>>
>
>Not to nit-pick; but your wrong. If an application must be run as
>Administrator then IT IS NOT Windows 2000/XP compatible - it better not
>have one of those gold stickers on the box or you can report them to M$
>for *@&(*#^( advertising. An application that requires Administrator
>privileges is just a half-baked port of a Win9x application and should
>never be installed or run on a Windows 2000/XP box. You should at least
>do what I do and write a letter informing the company they should hire
>programmers who can read documentation.
>
>
The game that comes to mind is Age of Mythology, written by Ensemble
Studios, a subsidiary of Microsoft themselves! It's quite recent, but I
don't know for sure if it has the 2000/XP sticker or not.
>As a work around look at running the application with runas or cpau
>(sp?), this lets you run an individual application in a separate
>security context (like sudo, only crappier) rather then adding the
>user's account to Administrators and opening up the machine to be
>trashed by IE.
>
>
Tried that. Age of Myth still wouldn't run.
>BUT THERE IS NO EXCUSE FOR NOT BITCHIN' TO THE DEVELOPERS ABOUT SOFTWARE
>THAT ****IS**** INCORRECTLY IMPLEMENTED. I believe in writing one's
>congressman frequently and even more frequent verbal lashing of
>proprietary software developers. Both actually work (I've had a federal
>congressman call me on my cell phone, and I've had patches suddenly
>appear that fix the @#**(@#*(@# run-as-administrator ***BUG***).
>
>
Impressive! I wonder if an average Joe who doesn't have the muscle of a
company behind him would get the same response.
More information about the Members
mailing list