Linux-Advocacy Digest #413, Volume #26 Mon, 8 May 00 18:13:05 EDT
Contents:
Re: Dvorak calls Microsoft on 'innovation' ("John Hill")
Re: Dvorak calls Microsoft on 'innovation' (Mathias Grimmberger)
Re: Why only Microsoft should be allowed to create software ("Erik Funkenbusch")
Re: Why only Microsoft should be allowed to create software (Craig Kelley)
Re: Why only Microsoft should be allowed to create software (Craig Kelley)
Re: Why only Microsoft should be allowed to create software ("Erik Funkenbusch")
Re: Why only Microsoft should be allowed to create software ("Erik Funkenbusch")
Re: Why only Microsoft should be allowed to create software ("Erik Funkenbusch")
Re: Browsers and e-mail (Perry Pip)
Re: computer viruses on LINUX (Craig Kelley)
Re: KDE is better than Gnome (Craig Kelley)
----------------------------------------------------------------------------
From: "John Hill" <[EMAIL PROTECTED]>
Crossposted-To: comp.os.ms-windows.nt.advocacy,comp.lang.java.advocacy
Subject: Re: Dvorak calls Microsoft on 'innovation'
Date: Mon, 8 May 2000 22:50:29 +0100
Erik Funkenbusch wrote in message ...
>Wally Bass <wallyb6@nospam> wrote in message
>news:[EMAIL PROTECTED]...
>> On Wed, 3 May 2000 18:52:26 -0500, "Erik Funkenbusch" <[EMAIL PROTECTED]>
>> wrote:
>>
>> >I'll give you the same challenge I gave Mig Mig. Prove that every one
of
>> >microsofts patents are prior art.
>>
>> My, you're so generous with the feasibility of you challenges. Since
>> you are allowing your opponent to prevail merely by PROVING
>> the case on EVERY patent, I would be inclined to make an equally
>> generous offer to you! Why don't you PROVE that EVERY
>> Microsoft patent is (a) innovative enough that everyone would
>> agree that is indeed real innovation, and (b) that it was not
>> prior art.
>
>First, you can't prove that something does not exist. How am I to prove
>that nowhere in the world is prior art? Simply not possible.
>
>Second, I don't need to prove that all of them are innovative to counter
the
>original claim. I need only show that one is. For instance, try this one:
>http://www.patents.ibm.com/details?pn=US06052555__
>
>US6052555: Method for speeding MPEG encoding using JPEG pre-processing
>
>One might argue that all that is occuring is to take previously innovative
>functions and applying them differently, but then that is exactly what
>innovation is. Doing that which has not been done before.
Oh yeah ? Nothing about being useful then ? Nothing about of being
beneficial to the user ? Just about sums up Microsofts "innovations",
not been done before because they were not useful or beneficial.
>
>Finally, I'm not the one that claimed that insinuated that *ALL* of
>microsofts patents were prior art. Since it's impossible for me to prove
>that any of them are not prior art (what do I do, provide the amassed sum
of
>human knowledge as proof?) the burden of proof is on the person that claims
>otherwise.
Not at all - it is YOU who claim they are innovative - now prove it....
>
>
>
>
------------------------------
Crossposted-To: comp.os.ms-windows.nt.advocacy,comp.lang.java.advocacy
From: Mathias Grimmberger <[EMAIL PROTECTED]>
Subject: Re: Dvorak calls Microsoft on 'innovation'
Date: Mon, 8 May 2000 21:09:09 GMT
"Erik Funkenbusch" <[EMAIL PROTECTED]> writes:
> Mathias Grimmberger <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]...
[Note: I snipped lot's of stuff without indicating it]
> > > In my experience, providing proper user feedback is essential to getting
> a
> > > good identification.
> >
> > Of course. I'm just saying that I think getting the users to cooperate
> > is difficult, at least if your target audience is the general
> > population.
>
> It's seldom the general population. Your target audience is almost always
> going to be corporate employees (or government). Those people can be
> trained.
Biometrics in ATMs targets the general population and has been hyped a
lot. One could say that biometrics in Windows does target the average
computer user.
> > > What's wrong with a cleartext password? It's not like the password is
> being
> > > transmitted over a wire. It's all internal.
> >
> > One of the first rules in security is: "Do not store passwords nor
> > password equivalents". That it's all internal doesn't matter - if it's
> > there then there is a way to get at it. It doesn't even matter if that
> > would require Admin privileges, even the admin should not be able to get
> > at any passwords.
>
> There is symanticly no difference between forcing a user to enter his
> cleartext password and having an application send that password. I fail to
> see the difference. Suppose the password were encrypted. Sending an
> encrypted password is no different than sending a cleartext one, it's just a
> set of characters.
You misunderstand me. Sending the password somewhere is not the issue -
permanently storing it is. To have an app send it it must be stored
somewhere so the app can retrieve it when needed. If it is stored
somewhere (note that if the user has to enter it it is not usually
permanently stored anywhere) it can be retrieved at least in principle
at any convenient time and that is the security problem.
This is the reason why Unix, NT and so on only ever store cryptographic
hashes of passwords.
> > > And not all uses of biometrics are for national defense level security.
> A
> > > good use is when you have a terminal sitting out in a store somewhere
> and
> > > you want to make sure only authorized people use it.
> >
> > But that is again a very special application, there will be special
> > software running, not some generic app. What use is biometrics for the
> > average user, the market MS is in?
>
> Very special? It's a pretty common one actually. There are millions of
> stores around the world that could make use of such a feature.
It is a special application running on millions of terminals but only in
stores. There are not going to be that many different vendors for this
type of app.
This is not the same as some office suite or so being used in all sorts
of settings - home users, government agencies, the military, lawyers,
corporations. There are lot's of vendors for general Windows software.
Most of those apps don't benefit from biometrics at all.
> > > Biometrics is uncommon and expensive primarily because there's no
> > > standardized way of using it.
> >
> > May be true, I don't really know. I'm a pessimist as far as funky new
> > technologies are concerned.
>
> And that's the attitude that keeps them from becoming commonplace.
Maybe. Well, I may be harming the New Economy, so what... :-)
I just don't believe in press releases hyping something beyond reason
being a good thing.
Which was actually the point of my original post: that MS is just hyping
something as innovation that is not quite that useful and not quite that
new. Never mind doesn't exist yet.
> > > > > They did a pretty good job with the CryptoAPI.
> > > >
> > > > You mean the one with the _NSAKEY variable? It's not secure. And no,
> > > > this has nothing to do with "NSA" being a part of that variable name,
> if
> > > > the rumours where true that would be the second security hole.
> > >
> > > Do you know anything about this? MS's CryptoAPI has been reviewed by
> lots
> > > of security experts. Don't babble about net rumors.
> >
> > The story goes like this:
> >
> > In CAPI all components used are cryptographically signed - no valid
> > signature, no way to use that module. This is an important part of the
> > security of the whole thing.
> >
> > For unknown reasons MS included *two* public keys in the API, the
> > primary one and the one called _NSAKEY. MS claims the second one is a
> > backup should the first one become unavailable - that is just bogus, why
> > can't they keep a backup of the first one? AFAIK MS also never provided
> > proof that they actually have access to the private key matching the
> > public _NSAKEY, but that thought leads to the conspiracy theory...
>
> Bruce Schnier, one of the most respected members of the cryptology field has
> said in his newsletter that he doesn't buy the story coming from the
> anti-microsoft advocates.
Hmm, I do not 100% believe it either. However I wouldn't go so far as to
totally reject it - stranger things have happened and it is a well-known
fact that US companies could export only crippled crypto for many years.
It could well be that the name NSAKEY was just a silly slip (I guess MS
engineers are weenies too :-) but then again there is no proof either
way.
> Your question, why not store a backup copy of the key is silly. Keys are
> meant to be secure and not to be copied.
That requires special hardware to enforce it.
> If you can copy it once, you can copy it a million times. Then it's
> not secure at all.
If I have special hardware I can probably arrange to have exactly two
copies with no feasible way to make more.
> And in any case, that doesn't help if the key is compromised and
> changed.
No, it doesn't if the key is compromised. I don't know what MS planned
for that case but presumably a service pack could exchange the whole
CAPI stuff for a version with a new key.
If it where changed (the primary key that is) CAPI wouldn't work anymore
because that change would be detected. Only the _NSAKEY thingy can be
changed.
> > Now for the purpose of signing CAPI components the two keys are
> > equivalent. Their protection is not equivalent however - while you can't
> > change the primary key you can just change the secondary and sign new
> > modules with the matching private key.
> >
> > There exists a little tool on the net which does just that. Apparently
> > crypto companies have known about the whole thing for some years and
> > have used it for their own purposes (installing their crypto modules).
> >
> > A bad guy could now install new components which use rot-13 for
> > encryption. Poof, no security anymore. Whithout additional measures you
> > just can't trust the modules CAPI is using which was a design goal
> > AFAIK. So in my book CAPI is not secure because of that.
>
> Installing rot-13 won't allow you to decode 128 bit encrypted data.
A more clever way would be to have a rogue module that would do 128 bit
encryption just fine but would forward all cleartext data via a hidden
channel somewhere.
MGri
--
Mathias Grimmberger <[EMAIL PROTECTED]>
Eat flaming death, evil Micro$oft mongrels!
------------------------------
From: "Erik Funkenbusch" <[EMAIL PROTECTED]>
Crossposted-To:
comp.sys.mac.advocacy,comp.os.ms-windows.nt.advocacy,comp.os.os2.advocacy
Subject: Re: Why only Microsoft should be allowed to create software
Date: Mon, 8 May 2000 17:02:41 -0500
John Poltorak <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Of course, Microsoft's apps developers have a head start on everyone else
> because they have inside knowledge of the development of the API,
> and can even make a request for development of a specific API to suit
> their application. And they may conveniently forget to tell any
competitiors
> (competitiors? :-), what a notion...) about this API.
Do you really think that every Microsoft developer is given free access to
the Windows source code?
Given the number of pre-release beta leaks that get out of Redmond (some are
clearly unintended), then if just about every developer had access, then the
windows source would be plastered all over the internet.
> Given Microsoft's track record for sabotaging competitors, I would not
> be surprised if there were plenty of APIs which revealed whether the
> app was Microsoft friendly and if not, some random spurious msgs
> would be generated causing that app to fail or perform badly.
> It happened when DR-DOS tried to run Windows, although it wasn't
> random in that case. Who is to say MS Word runs better than Lotus WordPro
> simply because Windows has some built in impedance for WordPro.
> It's this sort of trick that Microsoft is very capable of pulling.
First, get your facts straight. No release product ever gave any kind of
message while running under DR-Dos. Second, even if one had, there were
documented bugs at the time (which DR later fixed) that it seems quite
logical for MS to warn people that incompatibility may occur. The fact that
MS removed the warning that occured in ONE beta test after DR fixed the
problem should tell you something.
If MS pulled some trick like you claim, it WOULD be found. There are
hundreds of people disassembling the Windows source code daily. Books have
been published by people like Andrew Schulman documenting secrets discovered
by disassembly.
Finally, people claim that MS deliberately breaks software when updates are
put out. If it's so easy to keep compatibility with other software when
updating things, why has MacOS been one of the worst culprits over the years
of breaking apps when new versions of the OS came out? Apple has very
little to gain by breaking them, yet they done so quite regularly over the
last 16 years. (Granted that this hasn't happen as much in recent years,
but say.. the jump from OS 6 to OS 7 was quite painful).
> This is exactly the reason why the DOJ is correct in splitting the two
functions
> up and removing the unfair advantage which Microsoft apps have always
> had with respect to the API.
Well, I guess IBM should be broken up as well (they have NT source code
liscenses). So should Apple (Do they still own Claris?). So should Compaq
(Compaq's DEC arm still produces some NT apps and they certainly have access
to source code).
> It would be interesting to conduct some tests to see if Netscape performed
> unfavourable when compared against Internet Explorer when both access
> a Web site hosted on MS IIS, and then contrast those results with tests
> when a site is hosted on something else such as Apache.
Don't you think such tests would have already been performed? There are
people just looking for ways to discredit MS. Besides, MS doesn't need to
discredit NS's speed, it's slow without them doing anything to discredit
them, even under Linux.
------------------------------
Crossposted-To:
comp.sys.mac.advocacy,comp.os.ms-windows.nt.advocacy,comp.os.os2.advocacy
Subject: Re: Why only Microsoft should be allowed to create software
From: Craig Kelley <[EMAIL PROTECTED]>
Date: 08 May 2000 15:55:41 -0600
[EMAIL PROTECTED] (Matthias Warkus) writes:
> It was the Mon, 08 May 2000 13:14:46 -0500...
> ...and Tim Kelley <[EMAIL PROTECTED]> wrote:
> > >
> > > The ultimate goal of a CEO may be towards corporate centrailzation,
> > > but our (Earth's) nature does not tolerate uniformity, no matter how
> > > hard they try. It's one of the beauties of the free market, it
> > > requires little maintenance to keep it functioning fairly because
> > > there will always be an individual who is unhappy with the market
> > > leader's product.
> >
> > There really is no "free market", corporations are tools for
> > controlling such, and are doing quite a good job so far.
>
> A free market needs an enormous amount of maintenance by a dedicated
> government and of course by NGOs (consumer protection agencies,
> standards organisations etc.).
That maintenance come free.
People love to do that stuff.
--
The wheel is turning but the hamster is dead.
Craig Kelley -- [EMAIL PROTECTED]
http://www.isu.edu/~kellcrai finger [EMAIL PROTECTED] for PGP block
------------------------------
Crossposted-To:
comp.sys.mac.advocacy,comp.os.ms-windows.nt.advocacy,comp.os.os2.advocacy
Subject: Re: Why only Microsoft should be allowed to create software
From: Craig Kelley <[EMAIL PROTECTED]>
Date: 08 May 2000 15:58:26 -0600
Tim Kelley <[EMAIL PROTECTED]> writes:
> David Steinberg wrote:
>
> > "Had those toolbars been created elsewhere, they no doubt would have been
> > patented and never incorporated into Windows." <bill gates>
>
> what's funny is that (putting aside that the statement is false)
> this is an argument against patents more than anything, coming
> from the patent whores themselves!
Yep.
http://www.patents.ibm.com/details?&pn=US05974454__
Better not make an installer for Windows now...
--
The wheel is turning but the hamster is dead.
Craig Kelley -- [EMAIL PROTECTED]
http://www.isu.edu/~kellcrai finger [EMAIL PROTECTED] for PGP block
------------------------------
From: "Erik Funkenbusch" <[EMAIL PROTECTED]>
Crossposted-To:
comp.sys.mac.advocacy,comp.os.ms-windows.nt.advocacy,comp.os.os2.advocacy
Subject: Re: Why only Microsoft should be allowed to create software
Date: Mon, 8 May 2000 17:07:38 -0500
Salvador Peralta <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Boris wrote:
> >
> > > Given Microsoft's track record for sabotaging competitors, I would not
> > > be surprised if there were plenty of APIs which revealed whether the
> > > app was Microsoft friendly and if not, some random spurious msgs
> > > would be generated causing that app to fail or perform badly.
>
> > That's not true.
>
> Actually, it is true that they insert spurious messages into code and
> write code that degrades the performance of their competitors. DR-DOS,
> which was dealt with in the Federal lawsuit is one example.
Did not exist in a retail product.
> Netscape is another that was addressed in the lawsuit.
I don't recall seeing any testimony which suggested that Microsoft displayed
spurious warnings when Netscape was used.
> And the "if wordperfect then
> declare a font allocation error when no such error exists" is a third.
I've never heard of this one. Where is the documentation for it?
> As to whether they continue to use undocumented API's, I doubt if you
> could know either way. The operative word here is "undocumented".
Since Windows is a DLL based OS, it's quite easy to install tracing hooks to
determine which API's are called and with which arguments. In fact, several
companies sell automatic tools to do such.
------------------------------
From: "Erik Funkenbusch" <[EMAIL PROTECTED]>
Subject: Re: Why only Microsoft should be allowed to create software
Date: Mon, 8 May 2000 17:10:38 -0500
Who said anything about user-friendliness?
Basically, MS has used Office as a testbed for new OS features for years.
If the feature is popular, then they add it to the OS. Things like gradient
titlebars, floating menus, etc.. expect to see natural language help systems
in a future version of the OS.
If the feature is not popular, then it can be phased out of the next version
of Office, whereas a feature can never be retired from the OS.
Bracy <[EMAIL PROTECTED]> wrote in message
news:lhyR4.9203$[EMAIL PROTECTED]...
> I wonder how the Macintosh ever became such a user-friendly OS
> since Apple never had access to all that MS Office code?
>
>
> Bracy
>
> In article <wIuR4.75$[EMAIL PROTECTED]>, "Erik Funkenbusch"
> <[EMAIL PROTECTED]> wrote:
> > You are misrepresenting what he said. He said that the OS would not be
> > what it is today without having taken code from it's applications and
> > rolled it into Windows. He did not say that Office could not be done
> > without access to Windows, he said Windows could not be what it is today
> > without access to Office (and other) source code.
> >
> > You seem to be saying that Gates is claiming that Office couldn't be as
> > good without access to Windows, but that is not what he's saying.
> >
> > His claim is that all software developers benefit from the work done in
> > Microsoft application divisions, since Microsoft takes that code and
> > makes it available to 3rd parties via Windows API's.
> >
> >
> >
>
------------------------------
From: "Erik Funkenbusch" <[EMAIL PROTECTED]>
Crossposted-To:
comp.sys.mac.advocacy,comp.os.ms-windows.nt.advocacy,comp.os.os2.advocacy
Subject: Re: Why only Microsoft should be allowed to create software
Date: Mon, 8 May 2000 17:12:05 -0500
Bob Lyday <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Erik Funkenbusch wrote:
> >>
> > You are misrepresenting what he said. He said that the OS would not be
what
> > it is today without having taken code from it's applications and rolled
it
> > into Windows. He did not say that Office could not be done without
access
> > to Windows, he said Windows could not be what it is today without access
to
> > Office (and other) source code.
>
> Hmmm, so Be is incapable of writing a good OS cuz they only make OS's
> and not programs, too?
No, you're misrepresenting things. Nobody (not even Gates) said the OS
wouldn't be good. He said the OS would NOT BE WHAT IT IS TODAY.
> > His claim is that all software developers benefit from the work done in
> > Microsoft application divisions, since Microsoft takes that code and
makes
> > it available to 3rd parties via Windows API's.
>
> Yeah but they hide the best API's from a lot of them and save them for
> MS programers.
Your proof is?
------------------------------
From: [EMAIL PROTECTED] (Perry Pip)
Crossposted-To: comp.os.ms-windows.nt.advocacy
Subject: Re: Browsers and e-mail
Reply-To: [EMAIL PROTECTED]
Date: Mon, 08 May 2000 21:59:35 GMT
On Mon, 08 May 2000 21:13:20 GMT, Bob Hauck
<[EMAIL PROTECTED]> wrote:
>On Mon, 08 May 2000 19:50:07 GMT, Perry Pip <[EMAIL PROTECTED]> wrote:
>
>>On Mon, 8 May 2000 12:51:47 -0400, Nik Simpson
>><[EMAIL PROTECTED]> wrote:
>
>>No it's not. You can't put #!/path/to/jpeg-viewer as the top line in a
>>jpeg file, set the exec bit, and have it work.
>
>No, it doesn't work, but only because the jpeg viewer can't handle the
>extra junk in the file. I just tried it with a gif and the xv viewer. Put
>"#!/usr/X11R6/bin/xv" at the top of a gif and then "chmod a+x test.gif".
>Running the gif launched xv, which just printed a hex dump of the file
>since the gif header is all borked up now.
>
>The magicfilter print filter uses the #! mechanism and you don't need to
>do anything special to make it work (other than installing magicfilter).
>
>
>>The #! mechanism is built into Unix specifically for supporting scripting
>>languages and calling scripts directly. It does not support general data
>
>More specifically, it supports script languages that use # as a comment or
>that ignore the first line of the script.
>
Yes, or it was intended for scripting languages to do that so they would
work. You could, I guess, write a jpeg viewer that will ignore everything
up to the first LF if the first character is a #.
>>files. The file association mechanism in Windows was originally built for
>>general data files, i.e. .jpg, .html, .doc, etc. etc. and then later used
>>for scripting tools as they were added to windows. This has lead to
>>confusion of the terms "open" and "execute".
>
>I don't know where the confusion comes from but I'm not at all sure that
>the file association mechanism is the root of it. I think it is more from
>the "document centric paradigm" that once was the "future of computing".
Well if we are moving in this direction we need to control what rights
these "documents" have in terms of executing code.
>
>>There is certainly a serious risk in executing any script from an unknown
>>source on any OS. That's why a good UI, be it for Unix or Windows, should
>>clearing distinguish between "open" and "execute".
>
>I can certainly agree with this. But that would conflict with "document
>centric computing".
Oh...I see...I guess marketing is more important than security:(
Perry
------------------------------
Subject: Re: computer viruses on LINUX
From: Craig Kelley <[EMAIL PROTECTED]>
Date: 08 May 2000 16:07:11 -0600
[EMAIL PROTECTED] (abraxas) writes:
> JEDIDIAH <[EMAIL PROTECTED]> wrote:
> > On 8 May 2000 07:59:01 -0700, david parsons <[EMAIL PROTECTED]> wrote:
> >>In article <[EMAIL PROTECTED]>,
> >>JEDIDIAH <[EMAIL PROTECTED]> wrote:
> >>
> >>> GNOME already barks at you for running as root.
> >>
> >> Oh, so Gnome is nannyware? Good, that's another reason to keep it
> >> off my systems.
>
> > ...only barks if you're DUMB enough to run a desktop as root.
>
> Ahh...the psychology of a nannyware advocate...
>
> There are actually a few reasons to run X as root, briefly.
X almost always runs as root...briefly. :)
> Gnome really does suck, seriously.
It's gmc that complains, and filemanagers really suck, generally.
GNOME, OTOH, is really cool.
--
The wheel is turning but the hamster is dead.
Craig Kelley -- [EMAIL PROTECTED]
http://www.isu.edu/~kellcrai finger [EMAIL PROTECTED] for PGP block
------------------------------
Crossposted-To: comp.windows.x.kde,tw.bbs.comp.linux
Subject: Re: KDE is better than Gnome
From: Craig Kelley <[EMAIL PROTECTED]>
Date: 08 May 2000 16:09:03 -0600
Roberto Alsina <[EMAIL PROTECTED]> writes:
> In article <[EMAIL PROTECTED]>,
> [EMAIL PROTECTED] wrote:
> > It was the Mon, 08 May 2000 12:35:26 GMT...
> > ...and Roberto Alsina <[EMAIL PROTECTED]> wrote:
> > > > Well, the reason for the high number of dependencies of, say, the
> > > > GNOME panel, compared to, say, kpanel, is the greater modularity
> of
> > > > the supporting libraries GNOME uses.
> > >
> > > Actually, no. It's because KDE's modularity is done better ;-)
> >
> > I'm not talking about the KDE libraries (which are split pretty much
> > the same way as gnome-libs), but about Qt. Qt is a large monolithic
> > chunk AFAICS. GTK+ consists of three libraries minimum (not counting
> > libgthread, libgmodule etc.).
>
> If every app is going to link glib, gdk and gtk, what's the point
> of having three libraries?
Some apps only link against glib.
It's actually a pretty nice C de-crappifier.
[snip]
--
The wheel is turning but the hamster is dead.
Craig Kelley -- [EMAIL PROTECTED]
http://www.isu.edu/~kellcrai finger [EMAIL PROTECTED] for PGP block
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.advocacy) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Advocacy Digest
******************************
