systemd cat and GNU cat hugging a Linux cat.
this post was submitted on 14 Jun 2025
659 points (96.6% liked)
linuxmemes
25663 readers
750 users here now
Hint: :q!
Sister communities:
Community rules (click to expand)
1. Follow the site-wide rules
- Instance-wide TOS: https://legal.lemmy.world/tos/
- Lemmy code of conduct: https://join-lemmy.org/docs/code_of_conduct.html
2. Be civil
- Understand the difference between a joke and an insult.
- Do not harrass or attack users for any reason. This includes using blanket terms, like "every user of thing".
- Don't get baited into back-and-forth insults. We are not animals.
- Leave remarks of "peasantry" to the PCMR community. If you dislike an OS/service/application, attack the thing you dislike, not the individuals who use it. Some people may not have a choice.
- Bigotry will not be tolerated.
3. Post Linux-related content
- Including Unix and BSD.
- Non-Linux content is acceptable as long as it makes a reference to Linux. For example, the poorly made mockery of
sudoin Windows. - No porn, no politics, no trolling or ragebaiting.
4. No recent reposts
- Everybody uses Arch btw, can't quit Vim, <loves/tolerates/hates> systemd, and wants to interject for a moment. You can stop now.
5. π¬π§ Language/ΡΠ·ΡΠΊ/Sprache
- This is primarily an English-speaking community. π¬π§π¦πΊπΊπΈ
- Comments written in other languages are allowed.
- The substance of a post should be comprehensible for people who only speak English.
- Titles and post bodies written in other languages will be allowed, but only as long as the above rule is observed.
6. (NEW!) Regarding public figures
We all have our opinions, and certain public figures can be divisive. Keep in mind that this is a community for memes and light-hearted fun, not for airing grievances or leveling accusations. - Keep discussions polite and free of disparagement.
- We are never in possession of all of the facts. Defamatory comments will not be tolerated.
- Discussions that get too heated will be locked and offending comments removed. Β
Please report posts and comments that break these rules!
Important: never execute code or follow advice that you don't understand or can't verify, especially here. The word of the day is credibility. This is a meme community -- even the most helpful comments might just be shitposts that can damage your system. Be aware, be smart, don't remove France.
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I had a look at Haiku some months ago. Its single user architecture is an interesting choice. I mean, you don't need to worry about privilege escalation exploits, if you are always fully privileged /s
Yeah, it doesn't actually make much of a difference:
Fundamentally the idea of having a separate admin account, which is completely protected, and a user account where everything can mingle together and see everything else, is a 1960s security model. It was originally created for a world where the owner of the computer and the user of the computer were two different people. In that world the user provides all the software that they want to run in their account (they probably wrote it) and the OS's job is to protect the admin account from users and the users from each other.
Fast forward to the present day and this security model is completely mismatched with the reality of a personal computer. The internet exists, the user and owner are the same person, and they're probably not writing all their software themselves. A piece of malicious or compromised software can encrypt every file in your user folder, steal your browser history, your saved passwords, and (on xwindows) record your keystrokes and make your screen display anything it wants, all without privilege escalation. But you can rest assured knowing that the user account can't violate any timeshare limits that the root account placed on it.
The one thing you could argue is that a separate admin account makes it easier to detect and fix a compromised user account, but:
Most people are not in the habit of regularly logging into their root account and examining all the processes that are running in their user account. In fact many distributions do not even have a separate root account.
If you do think your computer has been compromised the sensible thing is to wipe the disk and restore from backup. It just doesn't make any sense to fiddle around trying to figure out just how compromised you are and trying to reverse the process in a running system.
If you're running xwindows I hope you never install updates or type your password for any other reason while some malicious software is running, since, as previously stated, anything running under your account can record your keystrokes. In that case your admin account is compromised anyway without having to use any privilege escalation exploits. Can you see how all this stuff was built with the assumption that the user and owner are two separate people with two separate passwords?
With Wayland and containerized applications we are slowly moving away from that 1960s security posture, which is something that's long overdo. But currently something like Linux Mint is not really much better off than Haiku, from a pure security model standpoint.
In any case its security model is not the interesting thing about Haiku.
I feel the importance of user privileges distinction, as I see it from a server perspective and organization managed devices. Some would argue the insignificance of this in the personal desktops.
However, I believe that the community structure of Linux is benefiting everyone. It is a general purpose kernel, that gets improvements from various different sectors. In the current space, where most servers run Linux and most desktops run Windows, desktops are not benefiting from filesystem or scheduling optimizations implemented for servers.