Shared publicly  - 

I don't think I can talk about "security" people without cursing, so you might want to avert your eyes now.

I gave OpenSUSE a try, because it worked so well at install-time on the Macbook Air, but I have to say, I've had enough. There is no way in hell I can honestly suggest that to anybody else any more.

I first spent weeks arguing on a bugzilla that the security policy of requiring the root password for changing the timezone and adding a new wireless network was moronic and wrong.

I think the wireless network thing finally did get fixed, but the timezone never did - it still asks for the admin password.

And today Daniela calls me from school, because she can't add the school printer without the admin password.

Whoever moron thought that it's "good security" to require the root password for everyday things like this is mentally diseased.

So here's a plea: if you have anything to do with security in a distro, and think that my kids (replace "my kids" with "sales people on the road" if you think your main customers are businesses) need to have the root password to access some wireless network, or to be able to print out a paper, or to change the date-and-time settings, please just kill yourself now. The world will be a better place.

.. and now I need to find a new distro that actually works on the Macbook Air.
sleep walker's profile photoGraham Nicholls's profile photoVijender pal Singh's profile photoLory Nefti's profile photo
I think the key words there may be "macbook air" :p

and yeah its pretty irritating to have to punch in the root password just to add printers and stuff (ive found windows to be particularly tardy about this kind of stuff since windows vista too - i wonder if its a trend? :/ )
I'm right there with you. SELinux annoys me but at least it doesn't get in the way too much. (Fedora user, and I like Gnome 3).
I'm guessing OpenSuse has SElinux enabled by default?
An OS requiring root to do the simplest of tasks is like using Windows XP or older.
Just add the user to the sudo group. I have done the same with my wife's opensuse laptop. It will ask her password only.
Wow. Tell us what you really think.

FWIW, I agree.
Is it root password or nothing, or is there some fine-grained control for these things?

For example, Windows XP requires a user to be in the Network Operator group (or to be an Administrator, of course) to associate to a new wireless access point or "repair" the network interface.
You could try ArchLinux, but only if you have time!
Lets make our live more miserable if we can ...
Well stated +Linus Torvalds , the technical community appreciates #honesty when it comes to #security .
Yago Rosa
It's pretty strange that you have a Macbook Air. One leader of free software having something very closed it's kinda disturbing.

About OpenSUSE, thats things is just as stupid as you thik and more
+Linus Torvalds has mentioned before that the point of a distro is to do all the things that you shouldn't have to do yourself. Which is the entire point of Arch: doing it all yourself. The real solution is exactly what hes doing...complain and get mainline distros to fix stuff that is out of whack
i would like to know what would you suggest for my Early 2011 MacBook Pro.
in fact, i found installing #Fedora on it is very hard, nothing works graphics card, trackpad, wireless, sound & webcam, so, i was wondering if you suggest any +Linux #distro beside +Ubuntu, since i hate it.
thnx in advance ;)
Lars Emm
Sad but true! Still, won't give up on SuSE.
As a security person, I can understand the frustration ;)
"Security" people don't waste time implementing ineffective (i.e. Not reducing actual risks) controls. That's usually done by people who don't understand security. I think the word you were looking for was "numpty".
Thank you +Linus Torvalds for voicing the same security issue in a spirited, passionate, frustrated rant. Amen, fellow Linux lover.
I wouldn't blame SElinux. Daniela didn't have these problems with Fedora 14 or whatever her previous machine had. That had SElinux on too, afaik.

It might be about Gnome, though. In the bugzilla, the wireless problems were blamed on network manager and gnome having changed things.
Maybe multi-purpose distros like OpenSuse should get a install option with the choice of "security presets". e.g., final-users could select a less-paranoic security preset, where they can change timezone, printers config, etc, without be prompted by admin password. And server admin could select a more refinated security preset, where security-relevant points (like time) must be admin-allowed.
I think your concerns are valid. Otherwise however, openSUSE really is a fantastic distro. I hope they come around on these points.
+Yago Rosa Fernández There's no computer with a form factor quite like a Mac Book Air, and while I think they're overpriced, they're certainly a nice design. Buying one and wiping it to install Linux is no different than finding a nice Windows PC and wiping it to install Linux.

One might also ask how +Linus Torvalds or any other Free software developer is to be best prepared to compete with proprietary products if they never own or use those products.
I agree completely. Some other distros seem to have a better policy with sane sudo defaults instead of requiring the root password.
I think one of the arguments against this overly restrictive approach is that it makes the system LESS SECURE because we end up giving everyone the root password because, screw it, it's not worth it.

Moral hazard of system design.
This may sound like a kludge - but since I care about solid hardware support, multi-touch, etc - I've been running ubuntu (substitute any distro here) fullscreen with proper keybindings inside of vmware fusion. For 99% of things (the 1% being games) - I don't notice a performance degradation.

The added bonus is I can periodically snapshot things and if for some reason I decide to mess something up while developing, I can go back to an earlier snapshot.
Finally... the voice of reason...
I'm interested to know when you find one. I've been running different distros in a VM, but sometimes, it would be nice to have the whole machine.
OMG, Linus is goin' all sensible on his ass!
Passwords are meant to be used, and being that no one should ever use a root password, IMO, root shouldn't even have a password. Accounts should be delegated root level access privileges, and software/services should be designed to drop privs when not needed.

Simple. Now.. will someone please enforce this?
"Whoever moron thought that it's "good security" to require the root password for everyday things like this is mentally diseased."

Amen to that.
Hey +Linus Torvalds , I thought you had switched to Linux Mint back when your thoughts on Gnome3 Shell were so widely publicized. Whatever happened to that?
ouch... How do you argue with the father of Linux about things involving Linux...
Linus, please tell as more about your work setup, it's always interesting. for example, whts you opinion of the ChromeOS?
In related news, police are looking into a wave of Seppuku among Linux distribution maintainers. Story at 11.
+Gabriel Walsh He's looking for something that just runs out of the box on a Macbook Air, like his post said.
I'm running Fedora 16 with G3 standard on it and I don't think I had to give my password (for sudo) or the root password to add a new wireless network. I don't think it's Gnome specific....
+1/2 for Arch. It will pretty sure work on the Macbook, but it does require quite a bit of maintenance (and installation). Not sure if that's okay for this use case.
The timezone thing always baffled me as well - why require superuser privileges for such mundane settings?
Linus being told he is wrong about software that runs on his creation... that must be how god feels
Back when I tried suse, about 4-5 years ago, the software repositories were all broken... Hope they fixed that, 'cause I switched and haven't tried it again.
Linus, you should do like we all have to do. Reading Forums and compatibility lists before choosing hardware. :P
Those are indeed very valid points. The classical Linux distros never really understood the use cases of a desktop user. That became even more apparent for mobile devices. That's why Android is making big inroads here and the old Linux distros don't. Of course, another root of evil was their reluctance to eliminate or hide their own config tools. Why do we have the desktop control center for some tasks and tools like YaST for other pretty common tasks like configuring the time zone or adding a printer?
I agree, but Macbook Air? Why, oh why...please get some real hardware for men...
YAST was a huge pain last time I used it
+HighCo Zweizweinulleins and others: why are you guys talking about the hardware? It has nothing to do with the hardware. The "security" policies are all software.

The hardware works fine. Sure, it's a bit painful to install, but I can work with that, since sadly everybody else makes crappy laptops. It's the crazy-ass security policies that get me down.
I still remember times when you needed root password to mount a floppy disk :)
so u want evryone to mess with u printer and time zone ? i say NOOO ;) root for wifi is stupid, but for other things not
+Linus Torvalds The hardware talk is probably because of the "now I need to find a new distro that actually works on the Macbook Air."-line. :)

Besides, Lenovo still makes quite decent hardware. All the cool Xorg guys are using them.

(please kill me for that last sentence)
What's wrong with Apple's unix distro, made specifically for the MBA?
I'm also dealing with opensuse, and sympathize. In their defense, the requirements for classic multi-user Unix systems, shared PC Linux boxes (e.g., in a classroom), and personal laptops are very different, and the solutions aren't wholly trivial.
Isn't the root password for adding printers a CUPS thing? I have to enter it when I add a printer in Slackware. And of course it's ironic that CUPS is an Apple product too...
HAHAHAHAHA ! Well put +Linus Torvalds
A very similar thing killed Windows Vista (Holy Mao! I uttered the 'W' word!)
Tom Nardi
Has it really come to this? The more times you ask the user for the root password, the less serious they take it, and the more likely they are to leave it blank or change it to "1234".

That was the exact same problem with Vista's "UAC". If you ask somebody a question 10 times a day, at some point, they are going to start giving you bullshit answers.
+Brian Johnson - it certainly isn't Gnome specific. Since Fedora 8, I've never had to give the root password for that kind of trivial task. Ubuntu neither. Must be distro-specific.
+Sven Schwedas: no, Lenovo doesn't. I have the Lenovo X1. It's bigger, plasticky, and has worse battery life.

It is easier to install on, though. No question about that.
The problem is that it's impossible to talk about the diminishing returns of security, because the "more is always better!" security crowd.
+Linus Torvalds The Abomination-That-Shall-Not-Be-Named is not a real Thinkpad. <cough> They're bulky indeed, but apart from that still the best hardware out there. If black, clunky and indestructible isn't your taste, then yeah, good luck finding decent non-Apple laptops.
I always thought the bleeding edge nature of something like Fedora should help with modern hardware like a Macbook. The flexibility of Arch Linux will help but then you will be cursing the package manager braking things once in a while and spent too much time configuring stuff that kernel development will suffer and that'd be bad for all of us ;-) And it might not be exactly suited for "I just want to use my computer" cases it's more like the front line of Linux world which keeps the nasty bugs from hitting the people who just need to get work done...
Seriously LOL'ed so hard. Awesome rant.
+Shawn McMahon nope, +Jonathan Baker and I both mentioned Gnome on Fedora doesn't require what Linus was talking about....(regarding wireless at least....)

And, just confirmed I was able to change time settings with no need for a password either
The timezone makes sense, though. Screwing with a timezone can seriously screw with system services.
You need root to change the system settings. You can always tell the KDE clock to display a timezone different from the system settings and you don't need to be root to do it.

Same thing with printers. If you want to write to /etc (system wide) you need to be root, for the user settings you don't.

I hope you're not suggesting /etc should be user writable
Well I guess it depends on what you are using the computer for. I wouldn't want someone changing the time on my server. But then again, you'd limit user access to that box anyway. But Linux is designed to run in many different capacities, from a server, to a desktop, all the way to a phone.
What is really needed is a switch at install which tells the OS that this is a laptop / personal machine and from that, sets the security accordingly. Treating every install like it's for a corporate environment is rather silly. Some of us just want it to work.

edit[you could always just set your daughters uid to zero!]
+Linus Torvalds Guess I didn't figure you'd buy Apple stuff.. :D IF you want that lightweight, there should be several viable Ultrabooks out there now...
Sounds like Australian Strine (Local lingo/dialect) to me - commonly, in Australia the plural for you is yous as in "ewes" (Female sheep) - open ewes stirs up some rather funny and ridiculous pictures for me. Is this New Zealand or Australia (Sorry, local in-joke) 'Where men are men and sheep are "Well endowed" ha ha!
Something that drives me up the wall is that the Linux GUIs are bringing back the idea of "the root password" at all. A shared password is liquid poison, and in CLI space sudo had at least mostly gotten rid of it.
+Linus Torvalds As far as I remember there is a "Security" setting in yast ... the default settings are pretty tight and whenever an ordinary user wants to change something he/she requires root's password. I guess this is what you're seeing .... What if you lower those security settings? Does that have any effect ... ?
Ouch! That's like Thomas Edison telling you your lightbulb sucks.
TIL: The Jesus of Linux does not get root access.
Can't you set that with the "actions policy" dialog in KDE's control center?

Well, I'm somewhat pissed about the timezone as well, and I'll try if I can change that without root permission. Adding printers (local and remote) also has a setting there, so it seems to be possible to do something about it.

But indeed, the default setting is stupid. Timezone? Should use some location based service on the net, and not require user interactions.
Linux distro security folks seem to get caught up in trying to make systems SOX/PCI friendly out of the box. They forget that it's far easier for an enterprise IT department to turn a security policy on than it is for grandma to turn it off.
Just give her the admin password.
I worked with SUSE on workshops amd classes since 6.x because they where "near to the rules" and the distros where working quite well. That was valid up to 9.3 and after that release things begun to got worse.
File sharing, Samba implementation and printer setup are nightmarish for unexperienced users.
There needs to be some kind of privilege allocation thing that you need root to change that chooses what users can do what. Like there might be cases where you don't want users to mess with certain things like even adding a printer (Dunno why) but you give them that privilege as root then they can do it. You could maybe still ask them for their password, like with sudo, but without having to make them a full sudoer, giving them access to anything. requiring root for that stuff is just retarded.
Someone needs to jailbreak that laptop and give her the password.
Linux is at the crossroads of faith. Is it going to be user friendly or hacker friendly or server friendly or mobile friendly or cloud friendly or...
+Don Kibbey: that's making excuses for bad security policies.

Even in a corporate environment, there is absolutely no reason to ever say "user cannot set his own timezone". Seriously. And the whole "don't let the user connect to new wireless networks" is as stupid on a corporate laptop as it is on a kids machine. Probably even more stupid.

+Bernd Paysan: I'm not using KDE. I tried. It's even more annoying than gnome. So this is with the gnome thing and yast.
I think sudo is evil (as in a security hole waiting to happen), and a lazy cop-out -- it's definitely not the right answer to these kinds of problems because need for root privileges at the lower levels is the wrong way to handle these kinds of changes.
You know something is really messed up in your linux distro when Torvalds complains about it...
Thanks for posting this. I now know what distro not to try until they regain their sanity. That's got to be the craziest security scheme I've ever heard of.
May the /src be with /home/you :D
Wait... why not just, I don't know, use the OS that came on the MB Air... It works. Without root password nonsense. And if you REALLY want a terminal and to play with the guts of things there is a nice linux terminal available... (Heck you can install X if you want to and run Gimp and all sorts of other nifty Linux programs...)

I used to be a Linux programmer, I bought a MacBook, I did NOT put Linux on it. Gah.
+Linus Torvalds I've got to disagree about the connecting to other networks. We have students that connect to other networks to bypass our internet filtering. It makes it a pain, because they neglect to reconnect to our wireless before logging off. Then other students can't log on or can't connect to their server shares.
"please just kill yourself now. The world will be a better place"....... :( unsubscribe.
+Blair Zimmerman: if you want to restrict people from doing everyday things, make that the uncommon option, and add a checkmark for it.

Don't force your taliban ways on everybody else.
There is "security" as in "protect the system from unauthorized intrusion" and "security" as in "protect users from other users changing/damaging the system".

Since Linux is a multi-user system, it doesn't seem a product of a 'diseased mind' to prevent unprivileged access to things that can damage the system for other users. It is a design choice, and one that given the distribution is rarely used in a true multi-user setting, is probably wrong. But it's not so obvious a decision as Linus makes out.

(I know, it's a vent, but still.)
Yeah, such a policy likely opens far more security holes than it closes.

FYI, I've been using Mint on my MacBook Air (2011), and haven't had any problems with it.
as an IT tech, I disagree with Adam Schubert. It is absolutely stupid to require the admin password for adding printers and changing time zones. most of the time I can't even count on people to make it through changing their own password, NOT giving them the admin account so they can lock that one up on everyone too.
+Shaun McMahon agreed! I have to do PCI compliance at work and even then, it's not doable 'out of the box' so it's pointless to try. It's more annoying to attempt to force that kind of intrusive interaction on the user who doesn't understand why they're being asked in the first place. Privilege escalation should be for tasks that could potentially compromise the system, not in order to use the system in the first place.
It's gotta be awesome to have a dad who can fix your problems by ripping the entire industry a new asshole. Your-kids-have-the-greatest-dad-EVAR++.
i wonder... the first post from famous linus torvalds that i see because it's hot on google+ is about security policy in connection with printers and wireless... shouldn't that be in connection with ACTA and stuff?
I guess a better question is why didn't the time zone update automagically after you joined the wireless network? You've already entered the root password to do something that should be allowed by all users, even guest accounts, unless if limited for security reason in a corporate/military/paranoid-delusional-psychopath house-in-the-woods-environment. The fact that it is on a MacBook Air is irrelevant other than limiting other distributions to choose. Try giving ChromeOS a shot before it goes the way of Google Buzz :)
+Blair Zimmerman I somehow doubt that such situations are so common the strictest possible policy should be made default. :) If you do need it, there's always PolKit. But for 99% of the users, it simply makes no sense.
+Linus Torvalds, I should have added the caveat that this is a K-12 school. However, I deal with too many people who "click for the free laptop" if they don't have some direction given.
Hello. I'm Linus Torvalds and I pronounce Leenooks as Ooboontoo.
i was once at a race track and i accidentaly dropped a tire down a hill and it hit a security guard :p
What of CentOS based on RHEL instead?
Knock Apple all you want, but they do have quality laptops. I've been using Fedora for some time and it's been pretty good (minus Gnome 3 and other minor instabilities). Have you thought about giving Ubuntu/Debian or Mandriva a shot? Also, what Window Manager are you using?
h aha ha ha haha ah haha haha ha. thanks linus.
If you talk in terms of corporate areas those thing are surely concern of security, but if you think in terms of average desktop level user security not much big deal. I still think any thing modifying my system settings for which can change ways it works surely has concern with security.
I think you might enjoy archlinux. Takes some time to install but its worth it! The wiki is great and very detailed. Some things are not to strait forward but honestly I do not think this might be a problem for you! ;)
If you have not tried Arch Linux I would give it a try. I have it on my Aspire One 751h which is probably one of the most difficult netbooks to install linux on these days. I love the OS and would highly recommend it.
I think Gryphn.Co is working on some excellent solutions in the Mobile Security space better than anyone has thus far. Check them out, I think you will be pleased. They launched Armor Text - A secure way to send text messages on Android this week.
Hartej Singh Sawhney
Ubuntu- SemiAnnualForcedDeathMarch™ no thanks
I can agree with your perspective +Linus Torvalds on security policies enforcement... Unfortunately all of that depends on "security officer" empowerment. Usually, their requests are never questioned. Yet they demand the implementation of every possible "security feature" they come across.
The sad truth is that often they do not have enough knowledge or will to make the distinction between real security improvement (which comes from necessity) and empty marketing advertisements.

Finally, for me, openSUSE is currently being the favorite distribution (I use few different ones on a regular basis) with a high level of quality and I am aware that it only takes a few fundamental bad decisions to become ruined. For me personally, luckily, since I am not a simple computer user, this still is not the case with openSUSE.
Adding a Printer not a security matter. I don't think so but user password should be enough. Is this not working when the user is just user and not admin? I never tried because I am always sudoer on my Debian.
I just manually edit etc/passwd and make all the users to uid 0. Problem solved.

Why not install Windows or MacOS instead? Neither has much trouble setting a timezone, or connecting to a wifi network, or adding a printer...
user settings belong in the user directory, there is no excuse for allowing unchecked editing of system wide settings.

Applications should allow local settings to override system wide settings, except in a kiosk situation. In most cases, this actually happens.
Ubuntu Oneiric installed on my 4,2 MBA, when following the wiki page Ubuntu has.
While everyone else is at it.... Windows 8 consumer preview :trollface:
+Linus Torvalds hates Arch and other technical distributions, he likes distributions easy to maintain and install as Fedora or OpenSuse.

+Linus Torvalds , I recommend you +Linux Mint if you don't want Unity. You can try +Fuduntu too, is a distribution based in Fedora and the philosophy of Ubuntu. This distribution is Rolling Release.

I know you dislike Debian, but if you install succesful a Testing version you can forget upgrade the system.
On the wireless: OK, and that's fixed.
For the rest: AFAIK most distros do it like this. Even windu systems need administrator access for these activities.
For everyone recommending just use OSX, Linux devs prefer to eat their own dogfood
Asking for somebody to kill themselves because of a bad policy is a little bit extreme perhaps...
According to Linus, if you disagree with him about something, you are "mentally diseased" and should consider suicide to make the world a better place. What fucking incendiary rubbish. It's so frustrating to see someone you respect be so petty that they think they need to make insinuations that the world would be better off without people who disagree with him about this single topic. Prepending this rant with the word "Venting" doesn't excuse it. You can get away with venting crap like that to your friends, family, and therapist, but not in public. He should know better.

Then again, maybe I should know better. He's famous for two things: Linux and being a dick. Maybe he's just fitting the pattern.

In any case, I think he's right about the security policy—at least in the way he framed it.
Have you tried with PCLinuxOS? ... I use and like very much ... I use it all worked the first installation attempt ...
+Linus Torvalds You can use vi /etc/polkit-default-privs.standard if you don't like the KDE control center :-). The problem seems to be that while there is a polkit policy to change the time zone and you can set that to "let anybody do it", it doesn't have an effect. I'm still asked to provide a root password.

Now that is stupid and should be fixed.

And BTW: In good old times, where vi was used by kids with terminals, and real men used ed and teletypes, the timezone was set by setting the shell variable TZ, and every user could have its own timezone (or several, one per shell session :-). This still works for the shell, and all other programs like KDE, Gnome, Unity, or whatever, should honor that simple shell variable. Of course, they don't.
In the Linux world you typically have to be incendiary to get distro devs to pop their heads out of their rectums, clean the feces out of their ears and pay attention. I typically agree with most of what I read of Linus'.... and with this rant, except in certain situations.
Not only this OpenSuse does nothing the standard way, if you start with it you have to learn a totally new System.
+Linus Torvalds Linux did you consider a Toshiba satellite Z830? It's very similar to the air, slightly more powerful and very very easy to work with. I bought one, installed Ubuntu on it and it works like a charm.
+Robert Quattlebaum it's called a rant! And if you respect Linus you should already know he has a thing for overstating the idea being that if you don't and be polite people don't understand that something is bullshit/wrong/stupid/whatever. It's why politics has stopped working, everyone is so damn polite and calls no one an idiot even if they are.
And I'm pretty sure no one commits suicide because of that..
it is difficult finding the right distro at least for Gnome users. Gnome3 is fare away to be nice and easy and with Gnome2 you just have the older Kernels and more and more problems to install newer versions of applications. I spend 2 days to install shotwell from source on 2.6.32...
Bad day at the office? try some Mint and Cinnamon, it will calm you down
In the Linux world I grew in, you had to know the root password to switch mouse port. Pah! Youngsters, these days :)
whiner. linux guru's everywhere mock you and your sweet sweet carebear tears.
+Linus Torvalds Working with kids at a Children's Museum, I can tell you that they will try everything possible to get onto a new network, and if they find out they can print to a printer, all of those printers will start running out of ink and paper within minutes. :-)
Also better to engage and discuss than rant and look stupid IMHO
I think the whole POSIX ethos is broken, you even have to compile your own f77 these days even though it was one of the main parts of the original Bell / BSD UNIX.
Wow, strong words.
+Colin King, "I first spent weeks arguing on a bugzilla that the security policy of requiring the root password for changing the timezone and adding a new wireless network..." He MIGHT have tried that
There is another good reason to ask for the user password and that's the keyring! Asking for a password is the only way to securely store the credentials for the wirless network, then again the keyring should have been unlocked at login ;-)
"please just kill yourself now". Nothing more constructive to suggest, really?
+Robert Quattlebaum: quite frankly, I'd rather be offensive than offended.

I could write another rant on the whole American "I take offense with that" mentality. It's political correctness of the worst kind, and as far as I'm concerned.

Jokes are often offensive. If you get offended, the problem is solidly at your end. Think about it for a while.
OK, I'm very interested in what's going on here. I'm having wireless problems as well. However, there are some computer language I don't quite understand. Such as: distro, root password, openSUSE, can you elaborate on these words, please?
+Niketha Grubbs Distro = linux kernel plus all the apps etc. Root password = admin password, that you need to do important stuff. Opensuse = Linux distro
Sorry to hear about this experience. A quick search shows folks installing Linux Mint 12 (I'm using that on my laptop with the cinammon desktop and the Linux Mint Debian Edition on my desktop), Ubuntu, Arch, and Gentoo. Dunno if any of those are acceptable for your or your kids use, but my experience with Linux Mint has been very good in terms of hardware support/recognition without interposing admin protection for wireless network or standard peripherals.
Sorry Linus, trivialising suicide is not funny. And it's not that I'm offended, I'm actually saddened to hear you think it is funny.
Perhaps one of the largest challenges of our time, Linus. Friendly identity based security. The big three, Facebook, Apple and Google are starting to commit major resources to bring it to fruition.
Security is one of the things that combine many rational steps and produce an irrational result.
Who would've thought Linux's father was such an angry man
i can imagine the frustration... however, "please just kill yourself now", will it be a bit too violent? :| . Even though, we used to "kill" or "killall" in command prompt
+Eduardo Rayas : I used to think that Ubuntu and co were easy to maintain... and still I had to fiddle around every half a year to get my stuff working again. Arch with its rolling releases doesn't have that problem. Also I think it is for +Linus Torvalds to decide what he likes and hates. And obviously he hates predefined security restrictions....
Honestly I prefer a distro that gives me the power to decide what I like and want and doesn't treat me like a child! But everyone hes own!
Leaving this discussion now: if I want to read some comments of people trying to bash others just because they are frustrated about something at the moment or just make stupid remarks i can also go to failbook.... (dont mean you +Eduardo Rayas)
Ubuntu 12.04 will be the best ubuntu distribution, I recomend... for me it's perfect (even with alpha 2)...
there "security" model remind me of Windows UAC just saying
+Niketha Grubbs you realize this isn't Microsoft land right? know the content before you moan about your unrelated problems.
Here is how we solve the problem. We make our own laptop company and use linux to put the others to rest. Up yours microsoft, and all those companies that produce shit laptops.
if you overlook this minor irriatinons, it's a fine distro
Thanks for that. Once entering a root password becomes a routine operation, people don't worry about it, don't pay attention to it, and developers then rely on using that a lot more. In the end, we end up with people running everything as root because it's just that much more convenient.

My pet peeve: requiring the root password to install applications (e.g. I couldn't download full albums from amazon without their custom app, which could only be installed with the root password). There's gcc on the system available to all users, so requiring the root password to install apps doesn't do anything to prevent me from running arbitrary code.
Add the idiocy that is DBUS, the idiocy that is NetworkManager, the idiocy that is UDEV, and the 'how do we configure GRUB this week' mess... you know, +Linus Torvalds, you need to do a Linux distro of your own.

No, I'm not kidding. I've been looking for an OS X exit strategy since Snow Leopard, and I'm good with FreeBSD on the server, but Linux is where the desktop apps work but... damn...
+Linus Torvalds I am not offended, I am disappointed. You took a perfectly valid complaint/disagreement with someone and made it personal, for no good reason. You don't have to be polite—this isn't about being polite. For example, I said you are known for being a dick—not exactly polite. It's about making a valid argument vs. ad hominem vitriol.

I realize you could care less about my disappointment, but oh well.
Dan Ellender, think the goal is to have these off by default (restrictions should be controllable on any user account)...
I just checked Kubuntu 11.x and I am happy to say it did not required root access to change date and time.
Seriously, a "Macbook Air"?
Might I ask, WHY?
So much for principle....
That sounds moronic, especially since I assume that most root passwords are just annoying to type.

I thought you used Fedora? Does that not work on the MBA?
I really wonder why you ppl fight with a multi user os there is only one boss on a Unix machine which is root or the second in charge which is the first in %admin or %wheel if you want something else init=/bin/bash and forget about Getty and X +Linus Torvalds you should have invented something else ;-)
I know how this is going to end... Last time +Linus Torvalds didn't like something, he wrote something completely from scratch to replace it (BitKeeper -> Git).
No, seriously, I understand the anger, and that's one of the things that doesn't allow Linux to get a full deployment in corporate environments...
+Linus Torvalds If you find something, please, let me know, as I would like to be able to recommend something that fulfill the corporate environment and a "normal" everyday's user.
hate it, also on debian i needed root pass for wireless, and what the hell? for printer? fortunately i did't use one in a while
true said. Sharing this view as well.
Couldn't agree more Linus. Even Ubuntu goes overboard in some aspects with sudo on the oddest things.
I Think here we have new scope for development of Security policy.
at the time of installation users could be asked what kind of security policy they want to install.
1) home use
2) corporate use
3) any other if necessary
to me

for corporates
From corporate or point of view changing even smallest bit of system settings (others than looks and preferences) can cause security issues.

for home users (personal computers)
From common man's point of view local system settings must be freely editable.

thus we meet both the requirements for home users and also the corporates.
My usual statement concerning such thing is: No security survives the active opposition of the users. So if you plan security against the users, you are doomed to fail.
+Linus Torvalds , +Santiago Vizan Problem with Wifi wasn't related much with OpenSuSE but with NetworkManager, afaik, and affected not only that distro. Currently it's fixed in up-to-date 12.1. New way of saving connections was made in latest NM (past: save user's connections in users's $HOME, current: save user connections in /etc with user ACLs/permissions).

About CUPS and printers vs. root privileges... really you think it's only OpenSuSE problem? ;-)
LoL after reading it few times now I actually understood it :P
my bad English :P
OK Linus I agree with you but I would sill go with my above point of having different security policy for different requirement.
+James Finstrom: That's the whole idea of OS community: to-communicate. Even thou he created The grid doesn't necessarily mean he's right in everything :).

I'm not saying he was wrong in that, because he obviously wasn't :P
Changing the system timezone should require root or at least someone in sudoers to access or authenticate. Changing the user one don't.

If there is no way to change user timezone, and the main (only?) desktop user can't sudo, is about desktop/distribution design, but getting sure somehow that the user that want to modify the system is the user that should do it is not a very bad security policy.
I can tell Linus has kids, his "cursing" is still at a G rating.
Network of the best methods of protecting a computer is to NOT allow anybody to use it. ;-)
Quick, it's Linus' status update, commenting will instantly make you 42x cooler. Aimed at Brook above. But everyone equally, including myself at this point, sadly. +1 on Macbook Airs for best HW. Untouchable. +1 on "quite frankly, I'd rather be offensive than offended." and "If you get offended, the problem is solidly at your end." too. I love the bullshit free approach! <3
My root password is ...1 .... 2 .... 3 .... 4. makes it easier for me to remember my luggage combination.
+pushkar madan honestly a corporate user should do what internal it wants it to do a home user should do what it wants it to do and on a server it should do what admin tells the software to do it's difficult to tell for a distro what you are
+Niketha Grubbs "Distro" is short for "distribution", the common term used for different versions of Linux. For examle, Red Had, Fedora, Slackware, etc. are all all different "distros" of Linux. "Root password" is the password assigned to or set by the "root" or main administrative user on a Linux or Unix system. openSUSE is a popular version or "distro" of Linux.
This is funny - you know there are simple configuration fixes for these - right? It's probably appropriate to do them on a laptop/PC. On a server? Much less so.
just try MacOS X, I heard it works well on these macbooks...
People saying that they are offended should grow a pair of metaphorical balls and maybe get a thicker skin.
Well, if you don't like Linux, go write yourself an operating system! ... hmm one second...
im not a distro but i'd say learning to be super efficient takes some doing, nothing good comes easy
+Dan Anderson on your home install you don't want to configure /etc or next being on fedora /usr/etc
+Linus Torvalds Try the Asus Zenbook series. While I can't say that it is outright better than the macbook air, it packs a punch and is every bit as smart and travel friendly.

And the plus side is it is definitely more linux friendly.
Actually it is really funny, to hear you, of all people, complain that linux don't work properly on a MacBook Air ... the #1 Linux problem since it's start is that it as no real hardware support from hardware maker , it can be made to run on everything but you won't find a supported Out of the box computer running it from major hardware vendor , beside the new android that is.

You have done the software ... now do the hardware or slap someone around to do it for you ...

is that what they means when they say the emperor as no clothes ? ;-)
I am not so smart as the great Mr. Linus but I like OpenSuSE 12.1 more than Ubuntu. I am using it for years. And if You don't like it You can choose another distro. You know better than us that it is so many distros that using Linux kernel. But it is just my opinion.
You might consider this really cool OS called Mac OS X.
I totally love how every 10th person suggests to use Mac OS X instead, I kind a hope it's all jokes but my guts tell me some might be serious...
I would have loved to see what would have happned if someone had suggested to Steven Jobs to use Windows instead or told Dennis Ritchie that he really should switch to Java.
Or how about suggesting to the Wright brothers why to bother with planes if trains are so much easier, or telling Ford that he should've gotten a Benz because that's the original car...
How do you feel about Arch Linux, Linus? I use it on my desktop and aside from a few quirks I haven't figured out yet it's pretty awesome.
Have you considered installing sudo? You can run things as root, without using the root password. Also if you are really concerned about security look into OpenBSD.

Edit: Gadzooks! I'm not sure why I didn't notice the name on the original post(I hadn't circled Him, and doubt he has me circled). My face now resembles a lobster in a main seafood buffet.
wasn't that you that put that policy in place?
I did the distro shuffle a while back and tried just about every distro under the sun. I ended up settling on Arch for my home machine and Debian for work. They both seem to work well enough, though I wish Debian had Gnome 3 by default. The Arch package manager is the best I've seen, hands down, but Debian is easier to install certain software on (Skype, Condor, and other stuff that isn't in the repos)
Why on earth should a user be able to change the system time? I agree that it might be useful for the user, to select his or her own timezone, or even a manual offset, but if ordinary users can change the time syslog uses, I think we're on the wrong track.

Of course, in case of a desktop computer, where the user is pretty much the owner of the computer or the only user, you might want to allow it, but I think it should be a setting, and it should be set to "root only" per default.

Maybe I am "mentally diseased", mr. Torvalds, but I am surprised to disagree with you on this point.
I agree totally with what Mr. +Linus Torvalds said about SUSE.... I am a CentOS user i think CentOS, Fedora and Debian are probably the most decent linux distributions in this moment... but i also think that being paranoid is ok... being stupid is not.... and asking root pass for daily actions is stupid... not paranoid :))
Also is very funny to see "great" admins ( men ) making a fool of themselves :) some here did.. honestly i do not want to say names cos i do not want to be responsible for any suicide :))) but is one thing to be right and another to be a fool who argues just for the sake of the augment specially when some ppl want to say " i argue with Linus Torvalds" and of course in their minds they think they are right.... and again i do not give the names... cos i do not want them to kill themselves... :))
Guys never argue with the creator of something ( does not matter what that "something" is)... all you get is ridicule not fame... and i do not agree with him cos he is the creator of Linux but because he is totally right about this ( had myself a client with SUSE on his servers... he put SUSE cos, and i quote "he liked the name of that linux distribution" and after 2 months i fired the client cos of this reason Mr. Torvalds said here and many others)
Everybody have a good night :)
+Jim Best I'd really like to know if you are serious? I mean yeah I kind of think he heard about sudo. And I highly doubt OpenBSD is the right OS for Linux Kernel development and it's far far away from being good at useability especially without any proper package management and no ports ain't package managment. Adding to that I highly doubt it runs on a Macbook Air
Thanks for the rant stranger. How'd you end up on my wall? I read lots of pettiness and ill consideration of your sales people and of the poor people at bugzilla.

On this side of the Internet, we don't revolve around the stick up your but.
hey you guys what do you think about somalia?
+Linus Torvalds "Don't force your taliban ways on everybody else." Good one. I'm guessing that you know that "taliban" means "student". Those are the little critters that +Blair Zimmerman was complaining about. Of course, your daughter is also a student. Nice interlinqual pun.
Telling Linus to use OpenBSD? I haven't seen anything like that since B-- H-- flamed Dennis Ritchie in comp.lang.c. :)
i think it wil be better................that a great one,,,,!
Some very strong, but brilliant, words from Linus. Microsoft could also learn from you.
Duly noted. I shall pass along your feedback where ever applicable.
Your anger is understandable, here, have this chocolate finger ___ 
+Fabian Odoni I love using Linux Mint Debian Edition on my desktop because of the stability and the rolling release type of updating it uses. Only problem here might be the hardware compatibility and whether Clem can keep it maintained. The Linux Mint team is trying to do a heck of a lot. It's a whole lot of cool stuff in my book, but it's a lot for only a few folks to tackle.
+David Cortarello and you think git was invented because bit keeper was bad as hell? It was commercial not bad just like perforce which is really bad and commercial but used by a lot of stupid companies like Google ;-)
Linux distribution steering is going way into the ditch at this point. The UI changes, filesystem unifications, security stupidity...they make quick decisions and hammer it in when they find out there are challenges instead of re-evaluating the decision on its merits and challenges. I hope a new distro with more sane steering and goals is released soon so I can walk away from all the current popular distros.
What's so funny about +Jimi Best 's post?? Isn't OpenBSD a Linux system that also uses Gnome??
Using OpenSuse+KDE here, never ever seen a root login prompt for adding a wireless network... Changing the timezone requires it by default, but it can be configured using polkit (through the KDE System Settings > Actions Policy)... Don't blame OpenSuse for GNOME mistakes please.
Agreed.. and developers... Please STOP creating world writable dirs and files.. its lame. Thx!
+Hugues Vandenbroucke I laugh at the reply. Printer is still an issue though. At least gone are the days where shutting down required root password.
i think yellow dog linux is for mac, maybe ubuntu
but did you try adding 'user' to sudo?
openbsd is bsd, not linux
OpenSuse used to be great, but its become a ghetto. I stopped using it when a release, which I paid for, shipped with a broken python install, which also happened to affect their python based admin tools
No, tell us what you really think...... :-)
Linus, just face it, Ubuntu is best Linux distro out there. With Gnome Shell even better... :)
Linus, i wonder why your kids might use Linux on MacBook - just because theirs father writes it? Cruel... :)
+Dmitriy Likhten Sorry, but it is also configurable through polkit... in Actions Policy > org.opensuse > cupskhelper > The openSUSE project > Add/Remove/Edit a Printer...
I have no clue what this is about but does anyone play horseisle? Ive had enough with that stupid webiste!
People who don't know what they are doing should just stay clear of linux and stick to windows or OSX. Linux is NOT for beginners. Requiring a password to make changes on a computer is GENIUS. People playing with settings that they should not causes a lot of problems in families or anyplace a computer is shared. This should be an optional function you can change by checking the settings.
I hear Windows 7 and OS X are pretty good :P
There is a very fine line between "unusable" and "secure" for the most part...
I think you should just make your own Linux Distro. We can call it Torvix or something to that effect since Linux is already... Oh wait.
So you have to enter the root password one more time!! BIG DEAL!!!
Can only +1 one time, so quoting again: "+Peter da Silva Add the idiocy that is DBUS, the idiocy that is NetworkManager, the idiocy that is UDEV, and the 'how do we configure GRUB this week' mess".
I think adding you daughter to a few of the admin related groups would mean she could give her own password instead of root.

You can probably do this by setting her as an admin user the the GUI user manager.
Old Fogey Time:

Back around 1980 when Berkeley came up with the idea of multiple concurrent groups in 4.1BSD (or whenever it was), I thought "oh good, now people can use groups for fine-grained security, and we'll finally stop having to "su" for everything!"

God, I was a naive kid, wasn't I?
+Faisal Hakami it doesn't have a Linux Kernel but a 4.4 BSD derived one just like all other BSDs and it even has it's own userland (ls, top, cd and stuff like that) mantained by the same develops. So no it's not a Linux system though being a Unix and Linux being Unix-like they are similiar in usage and design but so is Mac OS X. Though the BSDs share and the Desktops like Gnome and KDE with Linux.
+Andriy Tkachuk whats unfair about that? A well configured Linux on a Macbook is quite nice though I hate ther keyboard layout. Also the Macbook Air has Intel graphics which work exceptionally well on Linux.
Why would you use Mac? Just get Windows, and install Linux over it, something I don't think you can do on a Mac. Even with BootCamp.
Linus, thanks for saying what needs to be said...
Can we avoid the brave new world that protects us so thoroughly?
+Mitchell Monahan actually you could run Linux even on the old PowerPC based Macs which was impossible with Windows and there were specialized distros like Yellow Dog. And one could run Linux on Mac (intel) even before Bootcamp because unlike Windows it doesn't need a BIOS which the Intel Macs don't have
Lets not talk about Vista. Its like the red headed step child of Microsoft. I think a few more years of XP and then releasing Windows 7 would have been better for them.
This problem reminds me of windows vista a lot and in some instances windows 7 although you could disable them on windows 7 -.- , never knew if vista gave you that option but dont wanna know =P
what's the problem with Arch Linux?
no one cares about this so stop putting your feelings online and why dont you do something about it
For all of those people that say just use OSX, Do you realize on whose stream you are posting? OSX = Closed Linus likes OPEN.
I just got Linux Mint (LDME) running on my Macbook Pro. The Mactel bits came from Ubuntu. It is working well using their "Cinnamon" shell replacement, though it still has some way to go. MATE (GNOME2) is not installable at the moment and I have not had time to fiddle with it. Good luck!
Try Linux Mint 12 Lisa - it's pretty nice! Ubuntu with its freaken Unity can suck my balls all day! :)
Sounds a lot like Microsoft's UAC (User Access Control) where you have to put in a password every time you double click on something. I had other issues with OpenSUSE back when I used it that I gave up before I had a chance for the security to bother me.
Hi Linus. Try the new range of ultrabooks from Asus. My friend just bought one and after that piece of metal in my hands decided to get myself one as well. The i5 runs like a dream!
As for the security part, having to manage 200 ubuntu machines at a collage I work at i have come to love the strict security policies. Before moving to ubuntu we had xp and i spent most of my days fix stupid stuff. Things like printers being deleted or settings changed in them was only one of the things that constantly came up, even with av installed on the machines users were still able to break them. I love the restrictions and will rather log into a user machine on request and make the changes instead of fixing it later. I can now focus on more important things and feel my value as IT support has increased from being reactive to being pro-active!
Wait doesn't OpenSUSE(Novell) and Microsoft work together?
Stop beating around the bush. How do you really feel about the design team for OpenSUSE? (haha!)
I've had good luck with Fedora and Arch on Macs. I would recommend Fedora for a MacBook though, because Arch doesn't really seem to tune very well for laptops.
I'm more into Ubuntu but is the least security minded of all the distros...Fedora is indeed more for Business and all about security without blocking for common tasks
Emil BB
Interesting how Linus enjoys working with MacBook Air, while his daughter struggles with OpenSUSE.
"If you get offended, the problem is solidly at your end. Think about it for a while."

only if you think you're normative (as we all do).

Oh yeah, Robert: thanks, I always wondered what his middle name is.
I think a lot of people here are misunderstanding his complaint. It has nothing to do with apple or a macbook air. Changing the timezone has always been password required and I think that's reasonable but not connecting/adding wifi but he says they changed it.
Ubuntu also does the wifi thing but it asks for your keychain pass instead. There are settings for all of these, I guess you just need to delve in further sometimes.
People,, the problem is not because he's using MacBook Air.. It is because his daughter got embarrassed in school because she failed to print a paper using a Linux-based OS, created by her father!!
Actually Linus your ranting is quite appreciated. I run Slackware here, and as it happens it is much closer to your philosophy regarding everything. And yes I understand the upset your family member went through.
1 small curse? ooh how offensive
wow hard words but true
I'd be interested in seeing some of the links to the bug reports. I do agree, that normal every day tasks should not require the administrator password, unless you have it in kiosk mode.
I have to confess being a security guy. But like most things I design or put specs for on paper I want be a user. I want to be a normal user. If I, the user, think it is a bad design I, the writer, turn around and rewrite the thing. That is why my specs evolve and specs from external "specialists" always look like a revolution.
+Morten Morten Because you can take a laptop with you to a different time zone, where the system time will then be wrong unless you change the time zone.

Same as how you can take a laptop with you from one wifi access point to another, where it will be useless unless you can change the active wifi access point.
It's not about distros.'Cause every distro uses same sh*t on their core and shell. So It's about user-friendly UI. As an Arch user i can say it's not easy for everyday users and It's not about the users and groups in *nix systems. It can(should) be a sandbox system I think, that gives user to add/edit his/her PC's prefs but prevents the apps(especially browsers ,network apps) access the users system. I'm not a kernel hacker or a system programmer but I think it should be.Cause people don't want to write down password again and again.(Do not say give more timeout to "sudo"!) Also it's not about who +Linus Torvalds is.Of course all the linux people grateful to Linus. That's the logic and spirit of Linux: Discuss, Share and Rise..
Security: If NO ONE can access the system, then no one can breach it -- problem solved.
If you don't work on an admin account on OSX, it behaves much like this. And I don't think you should be running as admin for user tasks.
Arch Linux based distros require that you enter the root password (or user password if you have them in the sudo group) when you change the time or timezone info and it always annoyed me too. IDK if it's a KDE thing (no idea if it happens in Gnome because I never use it) or an Arch thing, because I believe it happens in Chakra also.
I don't like openSUSE. I'm a big sudo'ers fan. I think it is ultimately the best way to secure a system, just don't give everyone the right to invoke sudo and you're good to go! su / root password is not cool, and very old school. It's one of the things I admire most about Ubuntu. I'm quite sure you can even delegate sudo to arbitrary programs no matter which user uses it, which is also super cool! Thanks Linus for a wonderful world of Linux. So hey, I was thinking about some kind of REST/SOAP/XML-RPC Web 2.0-ish Node.JS with an API sysadmin tool thing--I mean I want to write one. I should be able to link systems together in some sort of directory (perhaps OpenLDAP or any other DB), then do lots of fancy things with it. I don't mean anything too fancy, but something modular anyways. Any thoughts about that? I've been thinking about it for a while. Actually, if you want to really see what I'd like to do, I'll share my blog link with you.
I personally haven't tried OpenSUSE, but there were several comments already suggesting the use of sudo; is that not an acceptable, even if not ideal in your view, solution +Linus Torvalds ? The only reason I can see that not being acceptable is if you don't trust your daughter with sudo rights to the system.
Pity he doesn't like Lenovo. I love them. I would dearly love to legitimately run OS X on a Thinkpad instead of my Macbook.
I love this rant so very much. And also the comment about shitty laptops. Apple is the only place to get a really nice laptop these days.
OpenSUSE does something to a greater degree that other distributions are starting to do, and it drives sysadmins crazy, and that's altering config files programmatically on daemon startup.
Apache, for example, reads /etc/sysconfig/apache2 to find out what modules it's supposed to load, and it goes ahead and re-writes files in /etc/apache2 based on what it found, knocking out customisations that might not fit into their standard template along the way.

That's a minor and relatively trivial example, but it extends almost right across the board into every aspect of your system. It means to seriously sysadmin a SuSE box you've either got to use all their management tools (and nothing else) and sacrifice possibilities; or you've got to compile from source and avoid the SuSE packages more so if you should even think about using a config management tool.

The entire linux distribution market seems to be a juggling game of "which sucks least".
Kevin Jones
This is funny. Random people telling +Linus Torvalds what distro he should be running, telling him how to change settings, or pointing out who he should contact for help with a specific distro--as seen in one comment--is like my mother telling +Sergey Brin what a search engine is and which search engine he should use to best find the average speed of an unladen swallow.

Thanks for the laughs, people of the Internet.
Frank Yeh
You don't like it? Go write your own! Oh wait...
Not that I'm on the road every day, but I do travel a lot. As such I am constantly connecting to different networks, printers, hardware, etc. If I had to enter in the admin password just to be able to do some of that stuff, I would be hounding the crap out of my IT department to remove that restriction. They don't have any restrictions on my machine (that I've found) and knowing that makes me a better self-policed user to keep myself out of trouble. If I screw it up, its on me since my support staff would have to mail me a new machine which would mean some serious downtime until I got the new machine, transferred the files, and re-installed all my software that doesn't come with our corporate image. Last time I had to do that, while in the office with a 1GB connection to the install files, it took me a week to get everything working again.

That being said, I have seen my other co-workers constantly getting themselves into trouble. Do I think that some of the things they did to get themselves into trouble could have been prevented by adding a password to their machine? Absolutely not. I know why they got themselves into trouble. We use Windows, and Windows is loaded with security holes. As such, it's easy to hack, especially if you are into surfing questionable websites. If you keep yourself out of those sites, it's not an issue.

This is why I'm running Linux and BSD at home on my desktops and laptops for my personal machines. Since they already have a lot better security from keeping the "bad stuff" out, and since they are more obscure than Windows, the need of them having that extra layer of security is nil. That's why I laugh so much when I saw those Mac commercials saying how much better those machines are when it comes to virus protection. Well of course they are, there's far far fewer viruses floating around that will run on their OS.

I say let the installer make that choice when installing the OS. Do they think they need that extra layer? Then say yes. Is this a machine for my niece and she's probably going to blow something up? Then say yes. Am I smart enough to keep myself out of trouble? Then say no.

The irony of my philosophy is that my current personal road traveler these days is a Chromebook. There's not much I can break OS wise on it.

And that's fine with me.
Have you tried Xubuntu, due to the decline in user friendliness of GNOME 3, and Ubuntu's Unity.. I am sure that any distro's XFCE version should be ok as long as the "security" issues do not exist
this is why my corporate laptop runs ubuntu ..... the corporate windows7 is virtualised on it and working much better
Hell isn't a bad word. It's a verb
Ranting and calling people out is all fun and good, but I still think it's kinda shitty to tell people to kill themselves, even if it's supposed to be a joke...
One Ring to rule them all, One Ring to find them,
One Ring to bring them all and in the darkness bind them
This is what you forged Linus...
+L. N Cyree er, just thought I would also note that hell is not a verb.. people don't flame if you can't even seem knowledgeable
I know thats right but they use it every day like it is
Shut up you whining prick Linus. You're not relevant. 
This kind of reminds me of why I hate linux. It never successfully runs a program, yet it continually asks you for a password to do anything to try and get a program working. I eventually just give up and accept that its open source OS so I shouldn't expect much. Anyways your rage is completely justified and all of the eugenicists running the government are cheering you on for asking people to kill themselves.
I love any Linux distro, but they all seem to ask for the root password too much. The whole point to having a password is that only select people know it for security. If it starts asking when you install regular programs, set time or move folders around then you start giving out the root password to everyone using that PC for ease of use. That's a little silly, don't you think?
Imaging that maybe some day, you got an OpenSUSE phone, and you need root access to change time, to make a phone call, or install an app, that's really horrible!
I am sure there is some sort of role based access that can be granted to the users so they can do various admin type least that is how Solaris has been doing things for the better part of 12 years.
There is no such thing as The Perfect Linux Distro. It doesn't exist. They all kinda suck in one way or another, and some more than others. You have to choose the one that you find the least suckiest. Let me know if you find one that even comes close.
I had a similar experience when I wanted to alter the udev scripts to give the console user access to the ttyS0 (to be used as console to another system, by the way).

Apparently, in this day, since there is a majority who think that since ttyS0 might be a modem and that it might be used for doing evil stuff like calling pay numbers, only members of the "dialout" group shall be allowed to use it. And of course you have to be root to add yourself to that group. Distros will not even tell you AFAIK you have to figure that one out as a user, by e.g. discovering the user administration program and discover the "dialout" group, and be root.

But I admit the few of us using /dev/ttyS* have ourselves to blame, it's not like aunt Tillie needs that so whatever.

Current "solution": figure out if I can atleast use inotify to trigger the user to be informed that this is the problem (and yes, prompt for root password and all that).
I use Kubuntu on my Macbook pro (no air, sorry) I'm not 100% sure but I don't think it asked me for my password (sudo) to add a printer or WiFi.
i just recently moved from gnome3 to xfce on ubuntu stable.. more on the fact that gnome3 leaks memory like a crazy rogue app.. i think i just had the baby duck syndrome and most likely gonna go back to mama later, lets hope i stay on xfce.. (btw, i find unity rather crappy) which also explains why im still using ubuntu x.x on that note i did notice ubuntu has been cutting a few things that need admin assistance to do, like update the damn machine..
Ok, don't have the energy to read it all - but per user timezone is a interesting concept, there is no reason for it having to be set by the system (ie the system tells you what timezone the clock runs) and then you can set and change your own definition as you travel. Nice.

Wrt to printers i still remember fighting cups on a old ubuntu install - it required the root password on a dist that doesn't-do-that^tm.

And this annoys the hell out of me as well but hey, even macosx uses cups - afair they manage using sudo which is also stupid. I might want to configure my special printer, why should it be configured for all? Why not have the ability to keep printers per user? Or system - if the user can authenticate (su/sudo)

It seems like a lot of things is stuck in the "server world" with a more polished ui.

Anyway, brain fart done, bed time is now! =)
I have to disagree, Linus. It's not "JUST" OpenSUSE issue. It's the old mentality issue. Lets see how far you go with Slackware before you need to vent out again.
Nice rant. You're almost channeling Bill Hicks towards the end ;)
Click on the little arrow pointing down and select the option to get rid of it. If you're using OpenSUSE then you'll need the root password to do that.
I don't think you can really blame the security people for this one, sounds to me just like broken and lazy UI implementation. If opensuse had any security talent on staff, that mess would have been fixed before release. One of the most important aspects of platform security is implementing it in such a way that the user isn't poised to fight it.
+J. Arthur Lee Click on the little downward pointing triangle to the right of the headline and select "Mute this post".
+Colin King - "Sorry Linus, trivialising suicide is not funny"

Actually it is. Everything is standard fair for a joke/comedy, even war, death and illness. Why wouldn't suicide be? Do you have a list of the allowed funny subjects?
I use OpenSUSE and i quite like it however i still love my first distro Fedora but oddly despite my love of Fedora i find myself recommending Mint KDE. Am i insane or evil or just...hmmmm. Still yes i believe this is a Gnome 3.x thing but i could be wrong.
HA, Linus was always one of my heroes. Now, so much more!
+Fabian Odoni , I'd used the most popular Linux distributions, I'd started with Ubuntu and later OpenSuse, Fedora and Mandriva but I chose Ubuntu as my default system.

When I improved in Linux use I installed Arch and I was very impressed. Arch is the most flexible operating system I ever seen, truly powerfull, simple and customizable, but I had some problems when some drivers were updated. Thanks to Arch Wiki, is one of the best places of knowledge of Linux and I'd always resolved these problems searching there.

I got tired for problems of drivers, and I saw that Arch is not a good system for a developer, too many software changes, reconfiguring almost always the system after an update is very uncomfortable.

For this I elected Fedora and I install it in three partitions:
- The first is the smallest and I use to install the system. This is the root folder.
- The second is use to my VirtualBox VM.
- The third is my home folder.

When I have to update the system, I only formatting the partition of system (the partition of root folder) and reinstall my applications without lose my files.

About +Linus Torvalds preferences, I relied in his declarations.
someone done pissed off the wrong Linux user.
I think your forgetting that windows UAC in windows vista and windows 7 has the exact same policies in place, and I don't see anyone ranting and raving there. In windows to add a printer you must have the appropriate privileges normal users don't have these rights. And again UAC will need to verify your credentials. Same in windows 7 for changing the time zone, same with adding a wireless network just like Linux. The only difference is that most users run windows accounts with administrator privileges instead of the limited user account that is created by default in Linux. Create a account with the same credentials in windows and I will guarantee you get the exact same results. These are accepted security principles, if you don't like it then I suggest you turn UAC off in Linux just don't blame me when your shopping for a new machine in three months.
god forbid you just use OSX like a normal person
That said, messing with time leads to issues with crypto (VPNs, probably SSH. OK SSH isn't something a sales-on-the-road is using, but VPNs are, definitely).
As for printing, OpenSuse auto-installs your (USB) printer without any root password. Network printers are another issue it's true.
For Wireless, NetworkManager doesn't ask for rook password for WiFi (or wired connections) since ages. What version of OpenSuse are you using ?
Edit: I can see actually no good reason to change time itself, provided it's set well at install and kept sync-ed bt ntp. However I must agree, users should be able to change their local timezone, as long as system time is untouched.
I believe NetworkManager is a user space oriented mechanism to add wifi etc, I didn't think it required root password, from memory you only required root if you use the ifup/ifdown type of mechanism.
I use NetworkManager on laptops where I change the network config regularly. I use traditional ifup/ifdown on server oriented hosts.

Why are so many responding about Microsofts operating system on a post about Linux, that's just weird.
I would be quote interested in seeing what distro +Linus Torvalds would come up with if he went out to build one
Good feedback. Is there an official OpenSuse person on Google+ somewhere?
Ed Dich
... and if you click on the radio button "Remember for this action" it actually doesn't. So yes, something's wrong with security there... And what's worse - OSE12.1 works in many ways worse than OSE11.4, which is rather disappointing. Somehow it shows the trend that people chose wasn't really meant to be useful, but "fancy"...
+J. Arthur Lee - Just click "Mute this post" at the bottom of the thread...
Asus ux21 zenbook is nice and slim and aluminum, but the touchpad is horrible, and I haven't figured out how to disable it.
Hey bud, could not agree more. The state of software development is completely in disrepair. XUL, XBL, XSL, XMLHTTP, XDL fuck it XXX. are we to assume that the foundation these were built on 'wasn't good enough?' To complete the same task? I suppose next we will have SSS (shimering style sheets) instead of css because the css code is so horrible that the W3C will need to redraft the entire spec and give it a new name to wipe the bad taste out of their mouths. horseshit namespace pollution is how I see it.

Not sure about the Macbook issue. Have you tried Arch Linux? i686 and x86_64 builds only though.... doesn't even provide an X server by default. Its basically linux from scratch without all the damned hours wasted on bootstrapping dev tools and compiling all userland apps from source, but it has a pretty solid distribution team and support community operating out Australia I believe.

I consider myself a novice *nix user and I believe that I do exceptionally well with this distro. The only thing I think needs work with it is the fact that system configuration GUI's might as well be non-existant when it comes to doing any real system administration.

On another note, it is up to us seasoned coders to show the novice users the way. If you have time I am working on a draft for a new software make facility where the focus is in clarification, standardization, organization and centralization of project build files and config data. This will be a barebones system at conception where the most active development will take place in userland by the end users in the form of plug-in-scripts that may optionally access C native APIs in the event that some 'hardcore' processing must take place.

This new make system will be written from scratch and a project name has not been decided upon as of yet, but I tell you what I bet the original authors of make never saw a project as large as the mozilla-2.0 source tree! Documentation is also a part of project development and management. A few document authoring and browsing facilities, templates, generators and helpers will be integrated into the new system. The goal is to stream line everything and make the build process straightforward even for a user who is not developing code with the suite. If you are interested HMU!

Not likely but it was a pleasure to request the assistance of an open source legend!
Linus, I don't know if you regularly test out lots of distros, but I'd love to get your take on a few:

Linux Mint (11, 12 was clearly half-baked),

Thanks in advance.
Being in the IT field, I feel you have to have at least some trust (let me stress, very little) of your users or security becomes more annoying than effective. For the points that Linus is making, I completely agree. Connecting your laptop to a new wireless network or adding a new printer are simple tasks that should not require a root password. If the users that I support had to call me every time that they tried to connect to a different wireless network or add a printer then I wouldn't have time to do anything else.
If you use MacBook Air, why dont just use Mac OS?
ioana ma
backtrack ?! knoppix !
".. and now I need to find a new distro that actually works on the Macbook Air." -- try lion, it works out of the box...
Come on, to be honest, if you dont have a problem with your kids changing such data, playing around with networks timzones and whatsoever why dont you give the root password to your kids?
For years I've been saying that Macbuntu has a nice ring to it, and what would be more convenient for the community to work with than consistent, stable hardware? It'd have the shortest HCL in history.
Wow! My friend is an OpenSuse fan ... He will like that!!!

PS: I approve all about the security morons!
Have you ever thought about doing your own distribution? It would be nice to be able to install a distribution that doesn't have at least a dozen irritating pointless things....
I'd stay on Fedora. There's nothing better anyway.
And what about Ubuntu on Macbook Air??
It is a bit difficult for me to believe that someone who is as involved with Linux does not bother to take the concept and practice of security upon himself instead of relying upon others to do it for him.

I don't know if anyone has asked you the next set of questions.

1. Have you ever used any BSD system?

2. If so which one? If not, then why?

3. Refer to #2 above, first question. Which architecture?

4. Have you ever compared to kernel building process of a BSD to that of Linux?

5. Have you ever used a BSD system as a guide when working on Linux? Linux as a guide when working on a BSD system?
I just bought an acer laptop with processor c-50 last me 6 hours battery and cost me five hundred dollars I hope it lasts most of the year
talking about safety I have installed ubuntu 11.10
and thanks for the kernel is going well
lets have a thread to vote if we like to use the root password to change the date or time in the computer
You seem to have a few pieces of Mac hardware. Do you use the Mac OS on any of them?
@Linus Torvalds, thank you for that marvelous thing called linux, it has set us free from that evil called Micro$oft Window$$$.

Have you tried Bodhi Linux, is a distro with the Enlightment E17 window manager, is very stable, beautiful, and very light and fast on new and old computers, you should try it!
i think this could be useful for enterprise to enforce security restrictions on their staff machines, but thia should be configurable to allow non root to update their wifi or timezone
I guess every Linux user is willing to suggest you the distro that @he is using. I won't do that (and I use more than one).
However I have to say that being you a programer, "geek", and Linux founder, would be more comfortable using one among the pioneers and more "do it yourself" distros like Slackware and Debian, or even Red Hat, Arch, Gentoo...
For your kid, perhaps a friendly one is the best choice.

PS: there's not such a thing as a perfect distro, just perhaps the "perfect for me/you distro"!
I don't think I need to recommend Slackware to you. You already know  why you should use it. Stay sexy.
+Valent Turkovic I don't use Fedora but the mechanism is universally the same.  For that printer problem and another annoyances you need to reconfigure policykit (or whatever it is called at this time) user or group permission. Which IMHO, should be done by the system itself.  Notice that you should do it properly (i.e., not overwriting /usr out of desperation) because the system will probably fail or overwrite it in the next update.
OpenSUSE is based off Ubuntu...what does he expect, all Ubuntu branched distros are catered for noobs in mostly dumb ways. Like the Software Center which makes things more frustrating and hinges the user's ability to understand what's actually going on when they install a program and which library dependencies they are also getting with it.
+Jebril Famile what have you been smoking? Ubuntu is based upon Debian, and OpenSUSE was forked long time ago from Red Hat Linux...
I have never seen distro without prompting a root/superuser password. Even with the change of timezone or clock itself. (Exept Arch Linux)
BTW: This prompting is really great at our school and I like it much because anybody can't do what they want (install, uninstall, change settings).
But the fact is, it is sometimes annoying.
YES! Also please shoot yourself now, if you think that there are no old-timers around (or younger people who just happen to be detail/lower level oriented) who are capable of editing configuration files manually. To begin with, it's a damn sight faster than kicking up a special admin tool, ferchrissake!

A few days ago hubby and I almost fucked up our newest home installation of Linux Mint because I naively assumed that we could just su - then chmod /etc/sudoers then edit it and then chmod it back (which is what I had done in May on my Debian at work). We very nearly got into a situation where nobody would have been able to do sudo anymore, because the security started to scream that /etc/sudoers settings were wrong and refused to do anything before that was corrected. Sheesh!
Too bad!  I just recently switched to openSUSE because it was way faster and smoother on my Acer Aspire One than Linux Mint, and it also got a big-assed repos just like Ubuntu & Mint.  Good point though Meister Linus.  Anyways, I'll just stay on it for some time than go over all the process of downloading and installing a new o.s., apps, & games (not to mention customizations).  And heck, I'm still way enjoying it.  So, I'll just have to work-around this problems with "sudo". I'm gonna install sudo right now... :)
To OS X Users, Mac uses the Darwin Kernel, a UNIX Based kernel, not the Linux Kernel, so that is why you could use the sudo commands on the OS X.
So many comments... Glad someone with an audience like Linus made a profound statement on security. Passwords, especially root passwords, should be used as little as possible. Sudo has always worked for me on Snow Leopard and Lion versions of OS X. From what I've read online the SSDs in the MacBook Air notebooks have been the most resistant to failure of all consumer SSDs. Is it OS X doing magic in the background or Apple's hardware?
+Linus Torvalds Linus, is it the desktop environment, then, and not the kernel, that makes it so hard to get Linux working on a MacBook?

Have you, or anyone following this, gotten these working on a MacBook (a) the MacBook Trackpad with multitouch gestures (left-handed, mind you); (b) Bluetooth MagicMouse or keyboard; (c)  dual monitors, without crashes of the XandR extension.

One reason I ask is that I have had some success getting (a) to work using KDE on top of a standard Ubuntu installation (= Kubuntu).

Honestly, no one seems interested in getting any kind of Linux working fully, out of the box, on a MacBook. Disappointing, indeed. 
+John Grimmett It's the kernel I think - seems to be a hardware issue

Source: My friend has a macbook
all the best things were born in 1991; linux, me. I could go on but I think I've made my point :p
The major clients of the commercial distributions are big and paranoid companies. As they don't trust their working forces, they need the functionalities of policykit. Just the name is telling the whole story : its about a cop into the system. In fact, this is not a simple cop, but one of the worst kind, this is a fully multitasking cop.

In a better world, polkit would be a shot in the foot of these companies, and they would disregard it themselves. But we are living here and now, not in some hypothetical future of the most than perfect.

Another fact is that all non commercial or small linux users just don't need it in order to get a god working and secure system. So, it is a real conflict of interests here, and it must be solved. BTW, I use gentoo, polkit (with the whole of gnome -:) can be completely removed of it with a simple world update.
Just stick to stable, reliable Fedora.
linus, Manjaro is an amazing distro, give it a try
I couldn't agree more.  What is happening to the Linux desktop?  I think its trying to compete with WIndows at its own game, and unfortunately, its succeeding!  MS decided that it couldn't fix all of its security issues, and so moved the onus onto the user by requiring a response to the "program Frobiz is trying to open port 5376" do you wish to allow this?" questions.   Most people don't know what Frobiz does, and don't care.  They certainly don't know what the significance of port 5376 is, and really don't care.  Requiring them to say "Yes" to some stern warning is stupid beyond belief - after the third occasion, they routinely hit "yes" without reading the question.  Of course, MS can now say "well its your own fault ...".  Linux seems to be moving the same way.  Another area where its trying to compete is in the use of a registry.   What a truly bad idea.  How to really screw things up.  And as for Akonadi and Nepomuk - who let these - at best alpha- releases onto the desktop?  I can't claim to be any use at programming UIs, but nor can the current crop of Linux Desktop devs.  What on earth has happened with Linux Sound, and Wireless, as well?  I've run Linux on my laptops for 15 years or so - way back before X was viable, I was using ALT-F1->Alt-F9 to give me multiple consoles, so I reckon I can give a good and impartial overview, and my opinion is that Linux on the desktop is moving backwards thanks to the "let's add a new feature to the desktop brigade".  The semantic desktop - good grief!  Might be a nice idea in ten years, but GET THE ****ING THING WORKING before putting it in a major distribution!  I'm just off to try a SuSE KDE desktop, having tried the latest Kubuntu, fuduntu, and fedora.  Here's hoping ... 
SuSE.  Even better grief.  What a horrible mess. Yast or the KDE control centre- pick one, not both.  (Oh and don't tell me it's because I'm new to Linux/SuSE - was a SuSE user from about 5.2 to 10.x (ish - still have the cd sets somewhere). And it's security - aargh.  And the "screen simply flashes on resume" issue I'm getting. C'mon guys, it's 2013, FGS. Somebody mentioned arch, looked that up - shows promise for my use case, so downloading as I speak.
Thank goodness for fast broadband!
After yeras on Suze, I try debian, gentoo, suze again, and now it is a few years I am on gentoo again.

One of the gentoo advantage is you can really decide what you want to install.

USE="-polkit -consolekit -udisk -udesk2 -pulseaudio" world

and the system will be purged of a lot of crap. You can do the same thing with the semantic desktop and get a faster kde.

BTW: still using FVWM-Crystal here. In ts last 3.1.12 release, the Fullscreen function (similar to F11 in Firefox but which work with any application) have been extended to provide a functionality similar to the Amiga OS applications stack, and it work together with the traditional X multiple desktop pages. The best of both navigation systems in the same desktop.
Tried Mint, which I'd avoided as a "simple" distribution - looks good!
there is need to input the root password to access some wireless network only if marked checkbox to save settings of network for all users in system.

By default it is unchecked, setting go saved only for current user and NetworkManager do not ask any password.
Ha. New exploits leverage systems that don't require password to change system time. Nice one Linus.
That's a reason to fix the exploits, not to require the root password.
Nice one, Chas.
Give to opensuse 13.1another chance  ... works amazing with my MacBook Air 13" (6.2) ... has many improvements ... 
You really annoy me, Torvalds.  Not only are you clearly (much) smarter than me, but you talk such good sense.  If I said this (the root password thing), nobody would listen, but because of who you are, people will listen.  Thanks goodness, 'cause hopefully they'll actually change something.
Well +businessBoris, I am the IT field as well as +Linus Torvalds. Of course, his accomplishments are far greater than mine. That being said, I think all good leaders in technology must have vision and passion. From what I have seen Linus has both. Like all great leaders when they see something wrong with something they are passionate about it, they make it known. With the idea in mind, to get it fixed.
So after a read through this thread I'd be curious to have Linus chime on in and tell us what distro he finally landed on with his MacBook?  Linus any comment?
+businessBoris Because Apple makes good hardware but we don't like its software. I don't like OS X but like the Mac's design and hence, have loaded Windows and Ubuntu Gnome on this. I use OS X for err... firmware updates :D
Exactly, Pratyush!  I might well buy a macbook - lovely hardware (annoying KB layout, though - there are only 330 million americans - the rest of us might want a different layout (or two)).  But I damn well don't want to run OS/X
except for the keyboard - you can have any layout you like, as long as it's US.

Oh, and the OS bugs.   People seem to (strangely ) believe that osx is polished.  It is not.  Better than windows, of course, but give me linux on the desktop anyday - if only cisco VPN worked.
Ha, ha, ha! Utterly funny +Linus Torvalds. Developers always have their way of seeing things, that don't have anything to do with the daily reality. I always said that any dev team should hire an Admin to point them the "obvious".
What's so funny. He's right. One of the first things to do after install is to relax the spurious "security".
Hi Linus, I'm French. I'm new user openSUSE. You're right, all the time having to enter the password it's unmanageable. But opensuse is the simplest distribution for a neophyte, and... it's free. It's my first Linux to  ;-)
Hi Linus

  My fisrt linux installed was a "slack"  using kernel 0.8.x  downloaded from  
  newgroups on 80  1,44MB Floppy disks ... Since this day, it's a great
  adventure .. So thanks a lot +Linus Torvalds    ... and all the OSS actors

Today, distros are really usable for !geek people  but, I'm a little bit afraid because this user frendly experience seems to come with many ugly things  (alike systemd vs init)

For instance, I know "mount" option to mount a usb mass-storage device read-only but what the hell way today to tell it to my system ???  ( +1 +Graham Nicholls )

I'm root but sometime I wonder "Who is the boss today ? udev, udisk, hal,
polkit, selinux ..."  :)   :|   :(

Please to meat U a day ... perhaps under sea !:)
Real men can fix such nuisances in openSUSE without ranting on G+. Real men know where the bugzilla is.
Real men fix everything which exasperates them?  I don't think so.  Mr Torvalds should stick to what he does best - programming the kernel , git, and I'm sure, other useful stuff.  Moaning about crap that gets in the way seems fair to me, but I guess you must be a "security" person.    Most security is theatre, so you're a luvvie, perhaps?
i am using open suse 13.1 kde but printer hp 1020+ printer disable many time when i enable than restart pc working fine how to solve it
I love your rants Mr.Torvalds, especially the "please just kill yourself now" and the compiler masturbation one.
Add a comment...