Linux-Advocacy Digest #444, Volume #26 Wed, 10 May 00 15:13:04 EDT
Contents:
Re: This is Bullsh&^%T!!! ("Nik Simpson")
Re: Why only Microsoft should be allowed to create software (Chris Wenham)
Re: Why only Microsoft should be allowed to create software (tholenbot)
Re: This is Bullsh&^%T!!! (Leslie Mikesell)
Re: How to properly process e-mail (Seán Ó Donnchadha)
Re: Why Solaris is better than Linux (Timothy J. Lee)
Re: How to properly process e-mail (Seán Ó Donnchadha)
Re: How to properly process e-mail (JEDIDIAH)
Re: What have you done? (Steve Harvey)
Re: Linux NFS is buggy ([EMAIL PROTECTED])
Re: Here is the solution ("Todd")
Re: Why Solaris is better than Linux (JEDIDIAH)
Re: This is Bullsh&^%T!!! (Seán Ó Donnchadha)
----------------------------------------------------------------------------
From: "Nik Simpson" <[EMAIL PROTECTED]>
Crossposted-To: comp.os.ms-windows.nt.advocacy
Subject: Re: This is Bullsh&^%T!!!
Date: Wed, 10 May 2000 14:17:16 -0400
"Leslie Mikesell" <[EMAIL PROTECTED]> wrote in message
news:8fc6vg$232s$[EMAIL PROTECTED]...
> In article <FzgS4.724$ds3.865@client>,
> Nik Simpson <[EMAIL PROTECTED]> wrote:
> >
> >> This actually makes content based identification of files and
> >> general file types 'easy'. It is the sort of thing that negates
> >> the need for a registry.
> >>
> >> The file itself contains the necessary information so you don't
> >> need a centralized list of some kind.
> >>
> >But it also leads to its own problems with Trojan attacks. If I can get
> >access to a script I can change the interpreter for that script to
something
> >I want you to run,
>
> Think about this for a second... If you have access to a .vbs script
> (or just about anything that is interpreted) you can make it
> do anything you want without changing the interpreter.
Didn't say otherwise. Just pointing out that the #! mechanism is no more
foolproof than any other method of indetifying file types and can be
perverted to do something that was not intended. As to what damage an
interpretative language like VBS can do, no question it's powerful, but no
more so than Perl and hence no more of a security risk in and of itself.
>
> >if necessary I could easily cover my tracks by also
> >execing the correct interpreter for the script. No system is perfect. The
> >difference between the #! approach and the Windows approach is the
ability
> >to define associations on a per file basis, but from a security context
both
> >are just as suspect.
>
> Yes, the important thing is to isolate untrusted content from any
> kind of general purpose interpreter.
>
Which is pretty tough to do, since ultimately you rely on the person
reciving the content not doing something dumb with it, and that's a pretty
shaky thing to rely on :-)
--
Nik Simpson
------------------------------
Crossposted-To:
comp.sys.mac.advocacy,comp.os.ms-windows.nt.advocacy,comp.os.os2.advocacy
Subject: Re: Why only Microsoft should be allowed to create software
From: Chris Wenham <[EMAIL PROTECTED]>
Date: Wed, 10 May 2000 18:20:44 GMT
Bob Germer <[EMAIL PROTECTED]> writes:
> On 05/10/2000 at 09:44 AM,
> "Christopher Smith" <[EMAIL PROTECTED]> said:
>
>
> > Microsoft behave identically to almost every other company. Bitching
> > about Microsoft without also bitching about everyone else is hypocrisy,
> > plain and simple.
>
> What a load of pure fiction! Most companies do not get convicted of
> breaking the anti-trust laws of the United States. In fact, only a
> miniscule percentage does.
>
> Microsoft is a corrupt, lawbreaking disgrace.
Smith used the word "behave."
"Getting convicted" isn't a behavior. It's an event that can happen
to a company.
Regards,
Chris Wenham
------------------------------
From: tholenbot <[EMAIL PROTECTED]>
Crossposted-To:
comp.sys.mac.advocacy,comp.os.ms-windows.nt.advocacy,comp.os.os2.advocacy
Subject: Re: Why only Microsoft should be allowed to create software
Date: Wed, 10 May 2000 14:25:37 -0500
In article
<[EMAIL PROTECTED]>,
WickedDyno <[EMAIL PROTECTED]> wrote:
> And does he answer the question?
Don't you know?
> Why, of course not!
Prove it.
--
What is allegedly "roly-poly" about the fish heads? Evidence, please.
------------------------------
From: [EMAIL PROTECTED] (Leslie Mikesell)
Crossposted-To: comp.os.ms-windows.nt.advocacy
Subject: Re: This is Bullsh&^%T!!!
Date: 10 May 2000 13:37:21 -0500
In article <OIhS4.1088$ds3.1248@client>,
Nik Simpson <[EMAIL PROTECTED]> wrote:
>
>> Yes, the important thing is to isolate untrusted content from any
>> kind of general purpose interpreter.
>>
>
>Which is pretty tough to do, since ultimately you rely on the person
>reciving the content not doing something dumb with it, and that's a pretty
>shaky thing to rely on :-)
Especially when you hide all the information about (a) what the
content really is and (b) what action they are about to
take with it. People might not be all that dumb if
you give them something to work with and let them see that
there is a difference between viewing an image and
deleting all their images. Don't you want to know
what's behind door number 3 before you 'open' it?
Les Mikesell
[EMAIL PROTECTED]
------------------------------
From: Seán Ó Donnchadha <[EMAIL PROTECTED]>
Crossposted-To: comp.os.ms-windows.nt.advocacy
Subject: Re: How to properly process e-mail
Date: Wed, 10 May 2000 14:39:58 -0400
[EMAIL PROTECTED] (JEDIDIAH) wrote:
>>>
>>>Now Microsoft Outlook offers you *auto-execution* of e-mail content
>>>*without sanity checking*, and Erik Funkenbusch tells us that until
>>>Linux offers this "user-friendlyness" it will never "play in the same
>>>game" as Windows? (<mJpQ4.4498$[EMAIL PROTECTED]>) I think it's a
>>>good thing not to "play the same game" as Windows. Not for the next
>>>couple of decades.
>>>
>>
>>What purpose does it serve to propagate the lie about Outlook
>>auto-executing e-mail attachments? I mean, what purpose other than the
>>obvious FUD?
>
> Sure it does: confusing 'open' with 'run random and potenially
> malicious code'.
>
Try not to change the subject. Outlook doesn't auto-execute
attachments, so the statement to which I replied was an outright lie.
For some reason (gee, I wonder what that could be?), you Unix fanatics
keep repeating it as if doing so will make it come true.
As to your point, since Outlook always warns the user of potential
malice, any confusion on the user's part is the user's fault.
------------------------------
From: [EMAIL PROTECTED] (Timothy J. Lee)
Subject: Re: Why Solaris is better than Linux
Date: 10 May 2000 18:47:50 GMT
Reply-To: see-signature-for-email-address---junk-not-welcome
"Cihl" <[EMAIL PROTECTED]> writes:
|Solaris is also *MUCH* more expensive than Linux for businesses or
|otherwise. It's very expensive, as far as purchasing and licensing are
|concerned, as well as for personnel salaries. :-)
Solaris 8 isn't that much more expensive -- $75 for a media kit,
register any number of licenses for computers of 1-8 processors
with it. See http://www.sun.com/solaris .
It is true, however, that Solaris x86's hardware compatibility
list is much smaller than Linux'. So you may have to buy more
expensive hardware in some cases because the less expensive stuff
cannot be used with Solaris x86.
--
========================================================================
Timothy J. Lee timlee@
Unsolicited bulk or commercial email is not welcome. netcom.com
No warranty of any kind is provided with this message.
------------------------------
From: Seán Ó Donnchadha <[EMAIL PROTECTED]>
Crossposted-To: comp.os.ms-windows.nt.advocacy
Subject: Re: How to properly process e-mail
Date: Wed, 10 May 2000 14:47:56 -0400
[EMAIL PROTECTED] (Leslie Mikesell) wrote:
>>
>>What purpose does it serve to propagate the lie about Outlook
>>auto-executing e-mail attachments? I mean, what purpose other than the
>>obvious FUD?
>
>What does happen if you have active-x or vbs components in attachments
>and you have auto-preview turned on?
>
I use the preview pane, and here's the deal. Attachments aren't even
displayed there. They're accessed through a dropdown menu in the upper
right of the pane. You have to (a) pull down the menu, (b) select the
attachment you want, (c) change the option in the resulting dialog to
"Open it", and (d) hit the OK button.
------------------------------
From: [EMAIL PROTECTED] (JEDIDIAH)
Crossposted-To: comp.os.ms-windows.nt.advocacy
Subject: Re: How to properly process e-mail
Date: Wed, 10 May 2000 18:58:59 GMT
On Wed, 10 May 2000 14:39:58 -0400, Seán Ó Donnchadha <[EMAIL PROTECTED]> wrote:
>[EMAIL PROTECTED] (JEDIDIAH) wrote:
>
>>>>
>>>>Now Microsoft Outlook offers you *auto-execution* of e-mail content
>>>>*without sanity checking*, and Erik Funkenbusch tells us that until
>>>>Linux offers this "user-friendlyness" it will never "play in the same
>>>>game" as Windows? (<mJpQ4.4498$[EMAIL PROTECTED]>) I think it's a
>>>>good thing not to "play the same game" as Windows. Not for the next
>>>>couple of decades.
>>>>
>>>
>>>What purpose does it serve to propagate the lie about Outlook
>>>auto-executing e-mail attachments? I mean, what purpose other than the
>>>obvious FUD?
>>
>> Sure it does: confusing 'open' with 'run random and potenially
>> malicious code'.
>>
>
>Try not to change the subject. Outlook doesn't auto-execute
It's not changing the subject.
If 'open' means 'execute', then from the point of view
of a naive end user: Outlook does infact auto-execute
attachements.
>attachments, so the statement to which I replied was an outright lie.
>For some reason (gee, I wonder what that could be?), you Unix fanatics
>keep repeating it as if doing so will make it come true.
Some of you MS shills even repeat it.
>
>As to your point, since Outlook always warns the user of potential
>malice, any confusion on the user's part is the user's fault.
They display a useless, generic warning which in the course
of business is simply impractical to implement. Simply disabling
all active content by default (or sandboxing it) would be far
more consistent with their own stated design goals.
It has to be 'easy' and 'secure'.
--
In what language does 'open' mean 'execute the evil contents of' |||
a document? --Les Mikesell / | \
Need sane PPP docs? Try penguin.lvcm.com.
------------------------------
From: [EMAIL PROTECTED] (Steve Harvey)
Subject: Re: What have you done?
Date: 10 May 2000 18:59:48 GMT
Reply-To: [EMAIL PROTECTED]
In article <[EMAIL PROTECTED]>, an anonymous coward wrote:
>
>I managed 5 Unix boxes (Sun 330, Sparc 2, Silicon Graphics IRIS and 2
>IBM RS6000's) for a couple of years back at the beginning of the 90's.
>For the last six months I've been responsible for 2 Ultra 10's, a
>Sparc 10, an old HP, a Dell Linux box and one Dell NT server. In the
>between time I was C++ programmer who, in my spare time, managed two
>NT networks.
>
>I can tell you without a shadow of a doubt that the Linux box is a
>piece of rubbish. I would get rid of it in a heartbeat. We purchased
>it as a cheap alternative to an Alpha box for number crunching.
>
>NT simply murders any of the Unix box's when it comes to file and
>print serving. My primary function is as an Oracle DBA. I don't have
>the time to spend a month patching a Linux box. I don't have time to
>waste configuring Samba for file and print serving when I can get
>better and faster performance from NT. I'm afraid I have better
>things to do then waste time vi'ing smb.conf, thinking about group
>permission's, setting umasks and musing over s bits when I can achieve
>more flexible and faster file sharing in two minutes with NT's access
>control lists.
Your beef here seems to be with Samba, and not Linux, or specifically
Samba's lack of GUI configuration tools. I agree with you that
setting user permissions and soforth is, for a novice admin, easier
under NT. I agree that having to hand-edit smb.conf files can make
Samba daunting to adminster.
On the other hand, none of this has proved to be a major obstacle to
my using Samba without a lot of hassle. I administer about 15 Unix
machines (Linux, HP-UX, Solaris, and FreeBSD), most of which are
involved in a couple of web databases that are used both internally (a
user base of 200-300 people) and by the general public. Security
concerns are very real and sometimes fairly complex, but I can
honestly say I've never felt limited by the Unix security model of
user and group security. I do know that other Unixes have more
sophisticated ACL tools, and it's probably just a matter of time until
similar capabilities become available for Linux (if they aren't
already).
As for the evils of the smb.conf file, yeah, it's ugly sometimes, but
it's just a text file. That means if you are an experienced admin and
programmer, you should have no problem whatsoever writing a few
scripts to dynamically generate and update said file.
Similarly, I recently read an interview with one of the Samba
maintainers (I think it was Andrew Tridgell), where he hinted about
LDAP integration as a future feature of Samba, which would do a lot to
make Samba work seamlessly with other systems (though I'll believe it
when I see it working).
>Over the last few years the lab I work for has had two major security
>breaches. Both involved Unix operating systems.
My experience has been exactly the opposite. Every security breach
(there haven't been too many) I've ever seen on the job has involved
NT.
>Any standard system that transmits passwords on the wire as clear
>text is a joke.
Then use ssh. I'm pretty sure Samba supports some form of password
encryption as well, but it's been a while since I've looked at that
part of the documentation.
>You want to secure an NT file/print server? Easy. Delete the TCP/IP
>protocol and run a non-routable protocol such as IPX. To achieve the
>same level of security with a Unix box you would need to spend a week
>wrapping all the TCP ports.
Or just turn off those ports altogether in /etc/services, no? I could
hardly see spending "a week" at such a task in any case.
As far as IPX is concerned, I used to do a fair bit of Netware
administration, and the last word I heard from Novell (about two years
ago) is that IPX was on its way out, and they were advising people to
run straight TCP/IP. My experiences with running mixed IPX and TCP/IP
on the same network is that it's usually a nightmare (these
experiences were typically in an environment with Win95 clients and
Netware/NT servers).
>Any of you people done any programming? A novice programmer almost
>always starts writing programs which read and write text files. As
>their expertise increases they move on to binary files. Unix is a
>novice operating system which reads and writes text files.
No, actually Unix is an operating system which reads and writes files
and doesn't much care whether they are text or binary files -- it
leaves that decision up to the individual user or application. I can
think of reasons where this might be a bad thing, but lots of people
consider it a useful feature -- the "everything is a file" mindset of
Unix has proved useful to me time and time again, making it easy to
let data, applications, and devices all communicate freely with one
another in configurations that the designers of those entities never
would have conceived of.
If your analogy above is supposed to attack the fact that Unix stores
its configuration files as plain text, rather than in a centralized
registry, then I'm not sure that's a bad thing. I admit that the Unix
filesystem standard could use some cleaning up and standardization,
but overall I think it's a much saner design than the NT registry.
>/etc/passwd is laughable.
Then use /etc/shadow.
>Unix's ugo - rwx permissions are simply inadequate for a modern
>computing environment.
As I stated above, my mileage varies.
In reading your post, two things came across very clearly: that you
have a chip on your shoulder against Unix that this post isn't going
to change, and that you don't know as much about Unix as you think you
do.
To be fair, I will admit there are plenty of holes in my own
experience -- I've never worked at a site with more than about 500
users, so I don't have the best grasp on the issues of
enterprise-level computing, large scale directory services, and
soforth. I do know enough to know that Unix isn't always the best
OS for those tasks -- but it's pretty harsh criticism to label it
"rubbish" based on that one point of functionality.
I do know that, in my experience, Unix/Linux is generally more stable,
easier to set up, and easier to customize then the alternatives (which
in my case, means mostly NT and Netware). It just works for me.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Linux NFS is buggy
Date: Wed, 10 May 2000 18:54:21 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> Welcome to the wonderful world of Linux....
>
> Two questions if I may ask?
>
> Why in the world would you want to poison a professional, time proven
> real Unix operating system like Solaris with junk like Linux?
>
Our NFS works fine here thank you. Now if you want to talk about junk,
I have 4 or 5 Sun Java pc's that are laying around on shevles, some
still in the box.
> How many man hours billed in dollars/hour have you spent already
> trying to make this thing work?
Much less than it takes to get those Java pc's up and running.
>
> That's the hidden part of Linux they like to ignore.
To each his own I guess. I pretty much feel that way about Sun.
>
> On Wed, 03 May 2000 13:39:55 GMT, [EMAIL PROTECTED] (Full Name) wrote:
>
> >We have an Ultra 10 running Solaris 2.7 with a SCSI DAT Drive. We
NFS
> >mount the users' files on a second Ultra, a Sparc 10, an old HP UNIX
> >box and an old SCO Intel box so they may be tar'd to tape.
> >
> >About a month ago we introduced a Linux box (Mandrake 7.x) into the
> >equation. What a mistake! The backup stops at random locations
> >within the NFS mounted Linux file system. At first we thought the
> >tape drive was faulty and dragged a Sun technician out to replace it.
> >But the problems still recurred.
> >
> >We spent a good fortnight getting NFS on the Linux box to work in the
> >first place. Now we find it's buggy.
> >
> >The irony of this is that we are now looking at using a cron job to
> >use Samba to backup the users' files onto the NT box sitting on my
> >desk. We are hoping that Samba (unlike NFS) works reliably on Linux.
> >
> >At this stage we are all quite fed up with this pile of crap you
> >people seem to think is God's gift to the IT industry.
> >
> >No wonder they give the thing away.
>
>
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: "Todd" <[EMAIL PROTECTED]>
Crossposted-To:
comp.sys.mac.advocacy,comp.os.ms-windows.nt.advocacy,comp.os.os2.advocacy
Subject: Re: Here is the solution
Date: Thu, 11 May 2000 03:06:53 +0800
Challenge:
Give me just *one* MS undocumented API call, that could not be done with
their *free* downloadable SDK?
Just *one* API call is all I'm asking.
MS provides WIn32 developers with *everything* they need and more.
If you want to try this challenge, again, just give me *one* undocumented
API call or secret API (whatever) that meets this challenge.
I bet that I can write *any* piece of Win32 software with the normal SDK
that is downloadable for *free* from MS's web site.
All you conspiracy theorists are welcome to take this challenge.
Just *one* API call is all I'm asking for here...
-Todd
Alberto Trillo wrote in message ...
>
> Let's begin assuming that from Java one can program whatever
>one want, and since there are not only Windows JDK, but a lot
>of compilers (like IBM, Symantec or Inprise to say some) targeted
>to Windows, why should anyone want to use Windows undocummented
>API calls when Java can just be used to everything.
>
> If you do not think Java servers for all, well, don't you think that
>there
>are enough shared libraries and enough API calls to let you do whatever
>you want to do ? What can Microsoft use undocummented API's for ?
>Do you think there is a call start_word() ? Well, Microsoft does a lot
>of awful things, but why the hell does it need hidden API's ? Let's be
>serious, and if so, what advance can those hidden API's give to their
>applications ?
>
>
>
------------------------------
From: [EMAIL PROTECTED] (JEDIDIAH)
Subject: Re: Why Solaris is better than Linux
Date: Wed, 10 May 2000 19:04:18 GMT
On 10 May 2000 18:47:50 GMT, Timothy J. Lee <[EMAIL PROTECTED]>
wrote:
>"Cihl" <[EMAIL PROTECTED]> writes:
>|Solaris is also *MUCH* more expensive than Linux for businesses or
>|otherwise. It's very expensive, as far as purchasing and licensing are
>|concerned, as well as for personnel salaries. :-)
>
>Solaris 8 isn't that much more expensive -- $75 for a media kit,
Bullshit.
You can get some entire full commercial OS versions
for less than that. Commercial OS updates typically
are in that price range.
>register any number of licenses for computers of 1-8 processors
>with it. See http://www.sun.com/solaris .
>
>It is true, however, that Solaris x86's hardware compatibility
>list is much smaller than Linux'. So you may have to buy more
>expensive hardware in some cases because the less expensive stuff
>cannot be used with Solaris x86.
This somewhat defeats the purpose of 'cheap OS'.
--
In what language does 'open' mean 'execute the evil contents of' |||
a document? --Les Mikesell / | \
Need sane PPP docs? Try penguin.lvcm.com.
------------------------------
From: Seán Ó Donnchadha <[EMAIL PROTECTED]>
Crossposted-To: comp.os.ms-windows.nt.advocacy
Subject: Re: This is Bullsh&^%T!!!
Date: Wed, 10 May 2000 15:05:54 -0400
Brian Langenberger <[EMAIL PROTECTED]> wrote:
>:
>: Examining the file to determine type is just about the worst thing you
>: can do. It's unreliable and inefficient (requiring sophisticated
>: pattern matching that doesn't always work), and you're screwed if you
>: don't have read access.
>
>Eh? Examining the file is the *only* 100% reliable way of telling
>what the file is.
>
Is that why file(1) often indicates "English text" for C source files
and vice versa? 100% reliable my ass.
>
>file(1) is quite capable of figuring them out
>both quickly and accurately - and often you don't need the whole file
>either.
>
Of course you don't need the whole file. But you still have to open
each file, read some of it, and close it. This becomes a lot of work
if you're displaying a directory's worth of file types.
>
>Any other method (like suffixes or resource forks) is just
>taking someone else's word for what the file really is.
>
Yep, and that's the way it should be. That's why Web servers put the
MIME type into the response header. The originator of the information
specifies the type of the information. Whether or not you believe it
depends on how much you trust the source.
>
>The best way is to ignore such "hints" and figure out the
>file on your own because labels can't be trusted. In other
>words, just because someone says an attachment is a love letter
>doesn't make it so...
>
I disagree. When you double-click on that attachment, neither its name
nor its contents determine how it's executed. It's the file type tag,
be it a filename extension or some resource fork thing.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.advocacy) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Advocacy Digest
******************************
