Linux-Advocacy Digest #377, Volume #26 Fri, 5 May 00 15:13:04 EDT
Contents:
Re: MS App. Spin-Off Company Logo Revealed? (Peter Gavin)
Re: This is Bullsh&^%T!!! ("Erik Funkenbusch")
Re: This is Bullsh&^%T!!! ("Erik Funkenbusch")
Re: This is Bullsh&^%T!!! (JEDIDIAH)
Re: This is Bullsh&^%T!!! (JEDIDIAH)
Re: This is Bullsh&^%T!!! ("Mr. Rupert")
Re: This is Bullsh&^%T!!! ("Mr. Rupert")
Re: This is Bullsh&^%T!!! (Brian Langenberger)
Malicious scripts on Unix (Brian Fristensky)
Re: X Windows must DIE!!! (root)
Re: Why monopolies are a danger? ("Cihl")
Re: This is Bullsh&^%T!!! ([EMAIL PROTECTED])
Re: Are we equal? ("Christopher J Campbell")
----------------------------------------------------------------------------
From: Peter Gavin <[EMAIL PROTECTED]>
Subject: Re: MS App. Spin-Off Company Logo Revealed?
Date: Fri, 05 May 2000 15:33:54 -0400
Rob Clark wrote:
>
> While publicly denying any plans to split the corporation, Microsoft
> quietly has begun the application process for a new ticker symbol on
> NASDAQ for a new non-OS company, Coruscant Technologies [CRSH]
>
> http://www.grapevine.net/~gromitkc/coruscant.png
The logo is obviously stolen from Star Wars. The snowflake insignia is
nearly identical to the Empire's symbol in Star Wars. Coruscant is also
the name of the Capital of the Republic. If you've seen the Pantom
Menace, the planet entirely covered with city and where the Senate meets
is Coruscant.
Peter Gavin
<[EMAIL PROTECTED]>
------------------------------
From: "Erik Funkenbusch" <[EMAIL PROTECTED]>
Crossposted-To: comp.os.ms-windows.nt.advocacy
Subject: Re: This is Bullsh&^%T!!!
Date: Fri, 5 May 2000 13:20:28 -0500
JEDIDIAH <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> On Fri, 5 May 2000 12:49:24 -0500, Erik Funkenbusch <[EMAIL PROTECTED]>
wrote:
> >Leslie Mikesell <[EMAIL PROTECTED]> wrote in message
> >news:8ev0b0$10dc$[EMAIL PROTECTED]...
> >> >You are right MLW, what you've just said is Bullshit. This virus type
> >could
> >> >be written to work just as well in UNIX if attachments can be executed
> >from
> >> >email, is that not possible with Netscape on LINUX?
> >>
> >> If you detach it, make it executable, and execute it, of course the
> >> same thing would happen. It is the concept of automatically executing
> >> something from an insecure source like email by just opening it
> >> that is insane.
> >
> >I agree. But let's repeat it again. YOU DO NOT GET THIS VIRUS SIMPLY BY
> >READING THE EMAIL. YOU *MUST* EXECUTE THE ATTACHMENT IN ORDER TO INFECT
> >YOUR SYSTEM.
>
> Yup. And the 'ease of use' OS tends to try and make that as likely
> as possible, while hiding these security issues from a group of end
> users that are presumed to be ignorant to begin with.
How does it "hide" it?
When you access the attachment from Outlook it says this:
"Some files can contain viruses or otherwise be harmful to your computer..."
And then it defaults to "Save file" instead of "Open File". If you persist
and choose "Open file" and it contains executable content, it warns you
again.
Tell me how this is "hiding"?
------------------------------
From: "Erik Funkenbusch" <[EMAIL PROTECTED]>
Crossposted-To: comp.os.ms-windows.nt.advocacy
Subject: Re: This is Bullsh&^%T!!!
Date: Fri, 5 May 2000 13:21:19 -0500
JEDIDIAH <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> On Fri, 5 May 2000 12:37:28 -0500, Erik Funkenbusch <[EMAIL PROTECTED]>
wrote:
> >CG <[EMAIL PROTECTED]> wrote in message
> >news:[EMAIL PROTECTED]...
> >> >You are right MLW, what you've just said is Bullshit. This virus type
> >could
> >> >be written to work just as well in UNIX if attachments can be executed
> >from
> >> >email, is that not possible with Netscape on LINUX?
> >>
> >> You missed the point. the reason this worm spread so quickly is
> >> because so many people use outlook, and the only reason so many people
> >> use outlook is because M$ gives it away for free, and the only reason
> >> M$ gives it away for free is to bankrupt companies writing email
> >> programs, so that M$ can extend its monopoly grip to all software on
> >> your computer. Once that happens M$ can charge plenty for its crappy
> >> email program.
> >
> >Do not be so arrogant as to believe that this could only happen to
Outlook.
> >
> >The worm does nothing that could not also be done on Unix or Linux. No
>
> ...assuming you have an applications vendor stupid enough to
> treat foriegn executables in a casual manner...
You mean like Netscape?
> That's quite a big IFF.
Doesn't seem that big.
------------------------------
From: [EMAIL PROTECTED] (JEDIDIAH)
Crossposted-To: comp.os.ms-windows.nt.advocacy
Subject: Re: This is Bullsh&^%T!!!
Date: Fri, 05 May 2000 18:19:54 GMT
On Fri, 5 May 2000 13:20:28 -0500, Erik Funkenbusch <[EMAIL PROTECTED]> wrote:
>JEDIDIAH <[EMAIL PROTECTED]> wrote in message
>news:[EMAIL PROTECTED]...
>> On Fri, 5 May 2000 12:49:24 -0500, Erik Funkenbusch <[EMAIL PROTECTED]>
>wrote:
>> >Leslie Mikesell <[EMAIL PROTECTED]> wrote in message
>> >news:8ev0b0$10dc$[EMAIL PROTECTED]...
>> >> >You are right MLW, what you've just said is Bullshit. This virus type
>> >could
>> >> >be written to work just as well in UNIX if attachments can be executed
>> >from
>> >> >email, is that not possible with Netscape on LINUX?
>> >>
>> >> If you detach it, make it executable, and execute it, of course the
>> >> same thing would happen. It is the concept of automatically executing
>> >> something from an insecure source like email by just opening it
>> >> that is insane.
>> >
>> >I agree. But let's repeat it again. YOU DO NOT GET THIS VIRUS SIMPLY BY
>> >READING THE EMAIL. YOU *MUST* EXECUTE THE ATTACHMENT IN ORDER TO INFECT
>> >YOUR SYSTEM.
>>
>> Yup. And the 'ease of use' OS tends to try and make that as likely
>> as possible, while hiding these security issues from a group of end
>> users that are presumed to be ignorant to begin with.
>
>How does it "hide" it?
>
>When you access the attachment from Outlook it says this:
>
>"Some files can contain viruses or otherwise be harmful to your computer..."
That's really quite vague, and not very meaningful.
>
>And then it defaults to "Save file" instead of "Open File". If you persist
>and choose "Open file" and it contains executable content, it warns you
>again.
>
>Tell me how this is "hiding"?
It blurs the line between what is a program and what isn't. It
blurs the line between merely reading a file and executing it.
That 'warning' demonstrates all that is wrong with Microsoft's
handling of email data, as does the 'open versus save' procedure.
It would be far more sensible to have:
Open
Save
EXECUTE
and to give the user explicit cues to distinguish between
inert data and programs. Also having a tight security model
around the email application would also be sensible. Of
course this should be something that a sysadmin could set and
disallow user access to.
You could even have one of those 'broken image' style icons to
indicate executable content that wasn't executed.
--
|||
/ | \
Need sane PPP docs? Try penguin.lvcm.com.
------------------------------
From: [EMAIL PROTECTED] (JEDIDIAH)
Crossposted-To: comp.os.ms-windows.nt.advocacy
Subject: Re: This is Bullsh&^%T!!!
Date: Fri, 05 May 2000 18:25:25 GMT
On Fri, 5 May 2000 13:21:19 -0500, Erik Funkenbusch <[EMAIL PROTECTED]> wrote:
>JEDIDIAH <[EMAIL PROTECTED]> wrote in message
>news:[EMAIL PROTECTED]...
>> On Fri, 5 May 2000 12:37:28 -0500, Erik Funkenbusch <[EMAIL PROTECTED]>
>wrote:
>> >CG <[EMAIL PROTECTED]> wrote in message
>> >news:[EMAIL PROTECTED]...
>> >> >You are right MLW, what you've just said is Bullshit. This virus type
>> >could
>> >> >be written to work just as well in UNIX if attachments can be executed
>> >from
>> >> >email, is that not possible with Netscape on LINUX?
>> >>
>> >> You missed the point. the reason this worm spread so quickly is
>> >> because so many people use outlook, and the only reason so many people
>> >> use outlook is because M$ gives it away for free, and the only reason
>> >> M$ gives it away for free is to bankrupt companies writing email
>> >> programs, so that M$ can extend its monopoly grip to all software on
>> >> your computer. Once that happens M$ can charge plenty for its crappy
>> >> email program.
>> >
>> >Do not be so arrogant as to believe that this could only happen to
>Outlook.
>> >
>> >The worm does nothing that could not also be done on Unix or Linux. No
>>
>> ...assuming you have an applications vendor stupid enough to
>> treat foriegn executables in a casual manner...
>
>You mean like Netscape?
So? What interesting things have you done with the executable
content in Netscape lately?
The proof is in the virii.
Even Atari ST's had virii.
>
>> That's quite a big IFF.
>
>Doesn't seem that big.
Then where are the non-microsoft examples?
--
|||
/ | \
Need sane PPP docs? Try penguin.lvcm.com.
------------------------------
From: "Mr. Rupert" <[EMAIL PROTECTED]>
Crossposted-To: comp.os.ms-windows.nt.advocacy
Subject: Re: This is Bullsh&^%T!!!
Date: Fri, 05 May 2000 13:23:41 -0500
Mike Palmer wrote:
>
> "Leslie Mikesell" <[EMAIL PROTECTED]> wrote in message
> news:8ev0b0$10dc$[EMAIL PROTECTED]...
> > In article <n0zQ4.3$dv6.148@client>,
> > Nik Simpson <[EMAIL PROTECTED]> wrote:
>
> > If you detach it, make it executable, and execute it, of course the
> > same thing would happen. It is the concept of automatically executing
> > something from an insecure source like email by just opening it
> > that is insane.
>
> And that doesn't happen in Outlook Express. So, what's the problem?
Phft... it does so, just add ActiveX to an HTML document and mail it.
--
Mr Rupert
------------------------------
From: "Mr. Rupert" <[EMAIL PROTECTED]>
Crossposted-To: comp.os.ms-windows.nt.advocacy
Subject: Re: This is Bullsh&^%T!!!
Date: Fri, 05 May 2000 13:25:52 -0500
Erik Funkenbusch wrote:
>
> Leslie Mikesell <[EMAIL PROTECTED]> wrote in message
> news:8ev0b0$10dc$[EMAIL PROTECTED]...
> > >You are right MLW, what you've just said is Bullshit. This virus type
> could
> > >be written to work just as well in UNIX if attachments can be executed
> from
> > >email, is that not possible with Netscape on LINUX?
> >
> > If you detach it, make it executable, and execute it, of course the
> > same thing would happen. It is the concept of automatically executing
> > something from an insecure source like email by just opening it
> > that is insane.
>
> I agree. But let's repeat it again. YOU DO NOT GET THIS VIRUS SIMPLY BY
> READING THE EMAIL. YOU *MUST* EXECUTE THE ATTACHMENT IN ORDER TO INFECT
> YOUR SYSTEM.
Let me see if I can shout louder than you! IF YOU ADD ACTIVEX TO AN HTML
DOCUMENT AND MAIL IT, IT WILL AUTO-EXECUTE!!!
--
Mr Rupert
------------------------------
From: Brian Langenberger <[EMAIL PROTECTED]>
Crossposted-To: comp.os.ms-windows.nt.advocacy
Subject: Re: This is Bullsh&^%T!!!
Date: 5 May 2000 17:58:57 GMT
In comp.os.linux.advocacy Erik Funkenbusch <[EMAIL PROTECTED]> wrote:
<snip>
: Do not be so arrogant as to believe that this could only happen to Outlook.
: The worm does nothing that could not also be done on Unix or Linux. No
: content is auto-executed and email lists are available for anyone to read on
: either platform.
:> anybody who uses outlook should have their heads examined.
: Is it going to take someone to write such a virus for Linux to wake you
: people up?
Been there, done that.
http://www.albion.com/security/intro-5.html
In reality, no UNIX email program executes scripts or apps directly from
the spool. If someone goes to the trouble of saving such a script and
executing it - and that script finds addresses to send to - for the
worm to propagate it will require *lots* of other people to do the
same.
I'm not sure how you're going to get a significant number of
UNIX users to mindlessly execute such a script without sending
it to "more" first for a glance at what it does.
Maybe it's just a different mindset, but popularity has nothing to
do with it. There's certainly more people using UNIX-like systems
now than in 1988...
------------------------------
From: Brian Fristensky <[EMAIL PROTECTED]>
Crossposted-To: comp.os.ms-windows.nt.advocacy,local.unix.general
Subject: Malicious scripts on Unix
Date: Fri, 05 May 2000 13:38:43 -0500
Just for the record, I tried sending myself
a C-shell script as an attachment. The attachment
had no file extension, such as .csh, to
identify the type of file.
The CDE mailer in Solaris correctly identified
the file type, and gave the attachment the
C-shell icon anyway. When
I clicked on the icon, I got a message
saying that it was an executable, and
that I had to click OK to execute, or
Cancel to quit. If you click on the
Help button at this point, it says
"If you weren't expecting to run the
executable, you can save the atttachment
to a file and run it later."
To their credit, the authors of the CDE
mailer at least thought about the possibility
of malicious attachments. However, I
would prefer that they had made it
impossible to execute attachments from
within the mailer altogether.
In the pine mailer, if you ask to
view the attachment, it correctly
identifies it as a C-shell script.
Pine can not execute scripts directly.
The ML mailer also correctly identifies
the C-shell script. If you click
on the attachment, you get a popup window
asking the command to execute. The default
is a text viewer. However, you type in
'csh', it will execute the script.
These mailers are therefore a little bit
more secure about executable attachments,
in the sense that you have to do a bit
of thinking before you execute.
Nonetheless, Unix mailers are still susceptible
to malicious scripts. Perhaps the
people who write mailers on ALL systems
should rethink whether it is really
a good idea to allow direct execution.
===============================================================================
Brian Fristensky |
Department of Plant Science | Sun Microsystems CEO Scott McNealy,
University of Manitoba | when asked recently about Microsoft,
Winnipeg, MB R3T 2N2 CANADA | replied "Which one?"
[EMAIL PROTECTED] |
Office phone: 204-474-6085 | source: ZDNet News
FAX: 204-474-7528 |
http://home.cc.umanitoba.ca/~frist/
===============================================================================
------------------------------
From: root <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.x
Subject: Re: X Windows must DIE!!!
Date: Fri, 05 May 2000 14:40:36 -0400
JEDIDIAH wrote:
> On Fri, 05 May 2000 14:29:14 GMT, bytes256 <[EMAIL PROTECTED]> wrote:
> >In article <[EMAIL PROTECTED]>,
> > [EMAIL PROTECTED] wrote:
> >> It was the Thu, 04 May 2000 13:17:03 GMT...
> >> ...and bytes256 <[EMAIL PROTECTED]> wrote:
> >> > My point is quite simply put: XWindows does not best meet the needs
> >of
> >> > the average Linux user. It is far more complicated than necessary.
> >> > And then it leaves out important functionality that people want.
> >> > (Standardized controls, High performance, easy installation, etc.)
> >>
> >> Please
> >> a) explain why these issues should be addressed by a goddamn windowing
> >> system of all things
> >> b) prove to me that this is not only what people want, but also that
> >> they are willing to accept negative effects of realising it.
> >>
> >> mawa
> >> --
>
> Flexibility? X has always been more flexible.
> Features? X has always had more features.
> 3D? Nope, X beat Windows on that as well.
> Speed? Nope, X implementations have always been
> able to keep up with Windows on the same
> hardware. Today, even the FREE X implementation
> can.
>
> >but let's face it's not perfect (no present OS is).
> >Is it such a bad thing to completely overhaul a dinosaur?
>
I just recently started using Linux on my home PC after using Win98 for quite some
time. I now use both and they each get their own hard-drive. My initial reaction
to Linux is this:
1) Xwindows has a different look and feel about it (but what do I expect? It is
a different OS)
2) The action with my mouse is slower but not that big of deal.
3) Linux does not appear to like my monitor. Windows has no problems with it.
When using Linux 1/3 of my monitor is fuzzy. I have tried everything short of
another monitor or video component. But Linux definently losses this comparison.
I should not have to change any hardware or edit mode-lines, period.
3) Linux does not play with hardware near as good as, at least, MSWindows does.
Case in point, even though I am successfully using the same hardware with Linux,
it was not without a fight. I had MINOR struggles with EVERYTHING. I capitalize
those two words because one is positive and the other negative. Only MINOR
problems, which is good, it shows Linux is improving in those areas, but
EVERYTHING required extensive reading and trial and error. Not very good for the
masses to flock to this OS.
5) Linux already appears more stable. The system has only locked me up once so
far as compared to nearly daily with MSWindows.
6) I like being able to pull up the command the line without losing any
functionality. Windows is all point and click which is truly one-dimensional but
also which has made Windows the "fast-food" product it is.
7) I like having options to run programs that integrate so freely with the OS and
expand the overall functionality of the system (I specifically speak of the
ability of Linux to work as a desktop PC AND AS a server in a LAN or WAN) It has
only been until now (Win2000) that MS has offered this and probably still doesn't
compare.
Conclusion. Obviously Linux is free and to expect perfection is asking a lot.
But if it is ever to compete with Windows (if, in fact, that is the goal. I don't
know. What is the mission statement for Linux?) I feel it must consolidate its
distributions. All these distributions is confusing and intimidating. It needs
to become less command-line oriented for the average/less knowledgable user. The
"mounting" and/or "configuration" of hardware/devices needs to be more automated
and all of that taken care of upon boot up without having to read a book to do it.
Thanks for allowing me the avenue to express myself.
hoffy
------------------------------
From: "Cihl" <[EMAIL PROTECTED]>
Subject: Re: Why monopolies are a danger?
Date: Fri, 05 May 2000 18:45:38 GMT
"Juan Pablo Hierro Álvarez" <[EMAIL PROTECTED]> schreef in
bericht news:[EMAIL PROTECTED]...
> ILOVEYOU
Oooh! Cut it out!
------------------------------
From: [EMAIL PROTECTED]
Crossposted-To: comp.os.ms-windows.nt.advocacy
Subject: Re: This is Bullsh&^%T!!!
Date: Fri, 05 May 2000 18:52:21 GMT
In article <n0zQ4.3$dv6.148@client>,
"Nik Simpson" <[EMAIL PROTECTED]> wrote:
>
> "mlw" <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]...
> > Checking the Microsoft home page. Not even a mention of the virus
> > It is Microsoft's fault that the "ILOVEYOU" virus can spread so
> > quickly and so bad, and they don't even mention it on their site
> >.
> >
> > They have had ample warning, and ample evidence that their e-mail
> > client design is far too insecure for real use, and they have had
> > ample time to fix it. Because of their monopoly, they have no
> > incentive to fix it. Because they are a monopoly, industry, world
> > wide, suffers. If there was competition, this would have been
> > fixed way before Malissa even showed up.
>
> You are right MLW, what you've just said is Bullshit. This virus
> type could be written to work just as well in UNIX if attachments
> can be executed from email, is that not possible with Netscape on
> LINUX?
Yes, Unix machines can have mail programs that allow attachments
to be opened, or executed (FWIW, my Solaris mailtool will
open attachments using the apppropriate program if I click
on them). However, the environment that this is done in can
be controlled, and process permissions can be limited so that
they are not allowed to access system files, or wreak other
havoc such as the "ILOVEYOU" one did.
Because Windoze has no concept of security, however, there
is really no way to limit what such executables do in the
Micro$ux environment.
Cheers,
-- Arne Langsetmo
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: "Christopher J Campbell" <[EMAIL PROTECTED]>
Crossposted-To:
alt.conspiracy,alt.conspiracy.area51,comp.os.ms-windows.advocacy,talk.politics
Subject: Re: Are we equal?
Date: Fri, 05 May 2000 19:09:25 GMT
To paraphrase George Orwell:
We are all equal, but some of us are more equal than others.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.advocacy) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Advocacy Digest
******************************
