Linux-Advocacy Digest #79, Volume #27 Wed, 14 Jun 00 17:13:05 EDT
Contents:
Re: What else is hidden in MS code??? (Bob Hauck)
Re: Why Linux, and X.11 when MacOS 'X' is around the corner? (Rjones)
Re: Linux faster than Windows? (Gary Hallock)
Re: Microsoft migrates Hotmail to W2K (abraxas)
Re: Linux MUST be in TROUBLE ([EMAIL PROTECTED])
Re: Why We Should Be Nice To Windows Users -was- Neologism of the day (Josiah Fizer)
Re: Linux MUST be in TROUBLE ([EMAIL PROTECTED])
Re: Linux MUST be in TROUBLE ([EMAIL PROTECTED])
Re: Run Linux on your desktop? Why? I ask for proof, not advocacy lies....
([EMAIL PROTECTED])
Re: Microsoft migrates Hotmail to W2K (abraxas)
Re: An Example of the Superiority of Windows vs Linux ([EMAIL PROTECTED])
Re: Microsoft migrates Hotmail to W2K (abraxas)
Re: What is the proper newsgroup for Linux networking questions?
([EMAIL PROTECTED])
Re: Linux faster than Windows? (Leslie Mikesell)
Re: What is the proper newsgroup for Linux networking questions? (OSguy)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (Bob Hauck)
Crossposted-To: comp.os.ms-windows.nt.advocacy
Subject: Re: What else is hidden in MS code???
Reply-To: hauck[at]codem{dot}com
Date: Wed, 14 Jun 2000 20:31:21 GMT
On 14 Jun 2000 13:46:03 -0500, Drestin Black
<[EMAIL PROTECTED]> wrote:
>> Do you mean to suggest that it is much easier to hide backdoors in
>> closed source software?
>
>Yes, I believe it would be.
Ok, we can agree on that then. One point in favor of Open Source,
unless you think having hidden backdoors is a good thing.
>> BugTraq seems to have quite a few vulnerabilities listed for various
>> closed-source operating systems, even for sealed boxes like routers and
>> print servers. Thousands of them. How do you explain this?
>
>the same as the quite few vulnerabilties listed for open source systems,
>even some used as routers and print servers. Thousands of them. NO one is
>saying closed source has no vulnerabilities - likewise for Open Source.
Ok so far. I'll agree that Open Source code has had security problems
found in it.
>is whole point I keep making. Now, it's my opinion that closed source makes
>it harder for hackers to find vulnerabilties - "harder" but not impossible,
But if it were really harder, wouldn't there be fewer of them found?
If you look at the numbers it doesn't seem as if that is the case.
>obviously. I think Open Source, while it can make it easer to find and fix,
>since it's available to everyone, some of those that find an exploit might
>not have it in THEIR best interest to report the exploit right away.
That's true of all exploits though, not just the ones found in Open
Source code.
>deface a few sites first then let it out... in a closed source project, if
>they find a backdoor, they can fix it before it goes public (hopefully).
Who are "they" then? You think MS sits around looking for security
bugs? Their record does not support that. Virtually all of the ones
on BugTraq were first reported by third parties. And there is no
evidence that the good MS user base reports security bugs to MS any
more frequently than does the Linux user base.
I'll let you in on a secret that has some relevance. The most common
sort of exploit is a stack overrun. Where you feed a server process a
real long request and try to overwrite a buffer on the stack and
thereby change the return address that's also on the stack (IOW, you
assume that the server software was written in C or C++). You then
craft a bit of assembly code to get run this way, cleverly embed it in
your long string, and thereby do some nasty thing to the server.
To find these, one method is to feed a real long string of A's or some
such thing to a server and see what happens. Often, by analyzing what
you get back you can discover a stack overrun. The kiddies out there
have automated tools to help them with this.
So, in this important case, security by obscurity provides no
additional protection at all, as the tools are easier to use than
reading the source code.
>at least they won't be USING the vulnerability - it would hurt them as
>well as their customers. See my point?
Not really. Who won't be using what vulnerability? Who is this "they"
you are referring to? Do you think hackers need to see the source to
find security bugs? I think you are confused.
The way I see it there are four cases:
1. Vendor finds bug, fixes before release.
2. Vendor finds bug, fixes in next version.
3. Hacker finds bug, never tells anyone.
4. Hacker finds bug, tells vendor, fixed in next version.
I fail to see which one of these cases does not apply to closed source.
Besides that, some of them are less likely with open than with closed
source, but not vice versa. #3 is less likely with open than with
closed (because of outside review). #4 tends to happen a lot faster
for open than for closed. Looks like a win for open to me.
Or maybe you were referring to case #5 or #6:
5. Vendor finds bug, ignores problem.
6. Hacker finds bug, tells vendor, vender ignores him.
These are both really hard to pull off for Open Source, but pretty easy
to do for closed. #5 sounds a lot like what you are trying to argue
for ("at least they won't be using the vulnerability"). Is that what
you're trying to say? That closed source vendors can hide their
problems from their customers better? They aren't hiding much from the
hackers, I can assure you.
--
-| Bob Hauck
-| Codem Systems, Inc.
-| http://www.codem.com/
------------------------------
Date: Wed, 14 Jun 2000 20:34:15 +0000
From: Rjones <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Crossposted-To: comp.os.linux.x
Subject: Re: Why Linux, and X.11 when MacOS 'X' is around the corner?
Default wrote:
>
> Having just gotten through reading over 7,000 Linux posts in one sitting,
> I *still* fail to see the advantages of Linux over Apple's forthcoming OS
> 'X'.
>
> Okay, Steve is still an Assh**e, and Apple Inc., leaves much to be
> desired. And Apple's present operating system stinks compared to what it
> replaced (8.6 vs. 9.04). Sort of like Windows 95 vs. 98/2000.
> I fail to see why anyone, other those that want to make a living via
> Linux, would want to be involved in Linux?
Of course this is only my opinion, and not a very informed one at that,
since I haven't used OSX yet. I've used Linux for a long time, but I'm
very excited by OSX. However, I can imagine reasons why I would stick
with Linux after OSX comes out (and I don't know whether any or all will
prove to be true):
1. A PC+Linux+X may be cheaper than a Mac+OSX.
2. A PC+Linux+X may be faster than a Mac+OSX.
3. Although I look forward to having a friendly interface on top of
Unix, I abhor a graphical interface that I can't configure and tune in
my own quirky ways. Linux+X allows me to do that (although GNOME has
taken a step in the wrong direction, IMHO), and Mac+OSX may not.
------------------------------
Date: Wed, 14 Jun 2000 16:35:47 -0400
From: Gary Hallock <[EMAIL PROTECTED]>
Subject: Re: Linux faster than Windows?
Pete Goodwin wrote:
> [EMAIL PROTECTED] (Leslie Mikesell) wrote in
> <8i8atn$19lj$[EMAIL PROTECTED]>:
>
>
> >But it is the only influence the OS has on running a CPU intensive
> >job. Otherwise you are testing the compiler and the compile
> >options.
>
> Correct, that's what I'm interested in.
>
> Pete
Then you should have made the subject line:
"gcc produces faster code than Visual C++?"
There are other compilers for Linux.
Gary
------------------------------
From: [EMAIL PROTECTED] (abraxas)
Crossposted-To: comp.os.ms-windows.nt.advocacy
Subject: Re: Microsoft migrates Hotmail to W2K
Date: 14 Jun 2000 20:39:25 GMT
In comp.os.linux.advocacy Drestin Black <[EMAIL PROTECTED]> wrote:
> "abraxas" <[EMAIL PROTECTED]> wrote in message
> news:8i6f6k$f4a$[EMAIL PROTECTED]...
>> In comp.os.linux.advocacy Drestin Black <[EMAIL PROTECTED]>
> wrote:
>>
>> > "Andres Soolo" <[EMAIL PROTECTED]> wrote in message
>> > news:8hgqbg$sm8$[EMAIL PROTECTED]...
>> >> In comp.os.linux.advocacy Drestin Black <[EMAIL PROTECTED]>
>> > wrote:
>> >>
>> >> > Um, no. I just believe that if you read the document and accompanying
>> > PDF
>> >> > you'll note that no hardware changes are requird and if you read the
>> > specs
>> >> > on the hardware you will find nothing special about them. I am able
> to
>> >> Umm, you're claiming that a system might be C2-secure if it's running
>> >> on a PC with known bugging devices attached?
>> >>
>>
>> > are you on drugs? where did you come up with that crap?
>>
>> You said that hardware doesnt matter for an NT C2 certification, idiot.
>>
>> Are you telling me that I could plug my cute little PC microphone onto a
>> certified C2 NT machine and keep that certification?
>>
> OK, tell you what: I'll play. Show me, URL, exactly where it says plugging
> your "cute little PC microsphone" into a certified machine will void that
> certification.
Youve never answered any of my questions dresden, never backed up a thing,
and continually made an utter fool of yourself by pretending you know about
computer security.
I'm not "playing" anything, im telling you that you do not know the details
of what is involved with a C2 certification, because you've never actually
SEEN one. All youve done is read some web pages on the subject and sorely
misunderstand their meaning.
And you're a liar.
=====yttrx
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Linux MUST be in TROUBLE
Date: Wed, 14 Jun 2000 20:39:44 GMT
On Wed, 14 Jun 2000 18:13:23 GMT, [EMAIL PROTECTED] wrote:
>[EMAIL PROTECTED] writes:
>
>>No it's not. I can stream 48 tracks of digital audio with full FFT
>>based effects under WIndows 98SE without a hic-up. My scanner/printer
>>is supported under Windows, just like 99 percent of every peice of
>>hardware out on the market.
>
>Now try using that scanner/printer combo while streaming those 48 tracks ;-)
My system is SCSI based, mostly..........
>Still convinced that a parallel port scanner was such a hot idea?
Nobody in their right mind would do anything CPU intensive while doing
digital audio or video and th PP scanner or SCSI scanner has nothing
to do with it.
>Can you even print while you scan?
As a matter of fact yes. And unlike Linux both my ancient IBM
Proprinter and my Canon printer are supported.
>Bernie
------------------------------
From: Josiah Fizer <[EMAIL PROTECTED]>
Crossposted-To: comp.sys.mac.advocacy,talk.bizarre
Subject: Re: Why We Should Be Nice To Windows Users -was- Neologism of the day
Date: Wed, 14 Jun 2000 13:40:00 -0700
Jim wrote:
> In article <[EMAIL PROTECTED]>, Josiah Fizer
> <[EMAIL PROTECTED]> wrote:
>
> > > They are like you in that they were so sure they understood what
> > > was possible and so they "knew" nothing better could come along.
> > >
> >
> > So what you're saying is that I shouldn't be an absolitist. That I
> > should be like you and think that there is NOTHING a GUI cant do.
>
> I think you've got it!
>
> What makes you think a GUI is any less extensible than a CLI (note: I
> didn't say as _easy_ to extend)?
>
I think you missed the sarcasim. Read again with special attention to the
words 'absolutist' and 'NOTHING'.
I just think that the CLI lends its self better to some tasks.
>
> Conversely, there is nothing that a command line can't do, provided
> you're willing to provide some GUI features in some of it's apps.
>
> Generally, the extra effort that goes into programming the GUI pays off
> in convenience for every day use. Sort of the next level (or two or
> three) beyond coding up batch files or control strings to do repetitive
> stuff.
>
> The best possible of all (current) worlds is, IMHO, a combination of the
> two: a _good_ GUI on an OS with either powerful scripting or a full CLI
> capability. Sound anything like OS X?
>
> --
> Jim Naylor
> [EMAIL PROTECTED]
Indeed. I dont know how much its going to be like OSX as I have not been
able t oget any real information regarding CLI tools from Apple. After all
I'm just a long standing developer, why should I get any information about
OSX.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Linux MUST be in TROUBLE
Date: Wed, 14 Jun 2000 20:42:01 GMT
On Wed, 14 Jun 2000 18:13:24 GMT, [EMAIL PROTECTED] wrote:
>[EMAIL PROTECTED] writes:
>>On Tue, 13 Jun 2000 23:00:29 GMT, [EMAIL PROTECTED] (JEDIDIAH)
>>wrote:
>
>>> Nope, slow hacks are simply not appreciated by those of us that
>>> have any understanding of the technology or interest in quality.
>
>>Crap only to the small number of Linux users that can't use them. The
>>rest of the world, 90 percent or so, are doing quite nicely using them
>>under Windows.
>
>Until that fabled "upgrade path" comes around, and your new version of
>Windows uses a different driver model from your old version. At that
>point, you often end up with just a whole bunch of expensive techno
>junk, where before you had what you considered a "modem" or a "page
>printer".
Wrong...
A piece of hardware will NOT SELL unless Windows drivers are either
supported out of the box, or included with the hardware.
It will take all of 5 seconds for the news to be all over the net and
nobody will buy the product.
When Windows controls at least 90 percent of the market this is
assumed.
>And due to the lack of protocol documentation and/or driver source,
>you can't even hack something up yourself.
That's the key statement. You don't have to.
Hacks apply to Linux. In fact Linux in and of itself IS a hack.
>Bernie
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Linux MUST be in TROUBLE
Date: Wed, 14 Jun 2000 20:42:43 GMT
And my Mac software won't run on my PC...
Your point?
On Wed, 14 Jun 2000 14:34:10 -0400, Gary Hallock
<[EMAIL PROTECTED]> wrote:
>aflinsch wrote:
>
>>
>> Another advantage of Linux -- running on more hardware platforms than
>> Windows.
>>
>> Guessing that you are running on the VM/OS390 port of Linux, I would
>> imagine that you have the ability to run about 1000 or so instances of
>> Linux on the same machine, each running it's own webserver. Can
>> Windows do that? I didn't think so.
>
>Yep, Linux on VM/ESA on an S/390. I currently only have one copy of Linux
>running - the box is currently being shared with CMS. I have to change the
>partitions a bit so that things like /usr can be mounted read-only. Then I can
>bring up mulitple copies.
>
>Gary
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Run Linux on your desktop? Why? I ask for proof, not advocacy lies....
Date: Wed, 14 Jun 2000 20:44:31 GMT
Call them up and tell them you use Linux and see what they
say...............................
On 14 Jun 2000 17:53:07 GMT, [EMAIL PROTECTED]
(WhyteWolf) wrote:
>In article <[EMAIL PROTECTED]>, Martijn Bruns wrote:
>>[EMAIL PROTECTED] schreef:
>
>[sniped the simple simon]
>
>
>>>
>>Talk about ISP's.
>>I just made a homepage, and it had a false link in it. (I use a
>>plain-text editor :-) )
>>It looks like my ISP is using Apache/1.3.12! I wonder which OS
>>they use it with.
>
>oh it gets better then that ... all of the ISP's he mentioned
>use a UNIX and Apache combo ... one of them even used
>Red Hat Linux
------------------------------
From: [EMAIL PROTECTED] (abraxas)
Crossposted-To: comp.os.ms-windows.nt.advocacy
Subject: Re: Microsoft migrates Hotmail to W2K
Date: 14 Jun 2000 20:45:29 GMT
In comp.os.linux.advocacy Drestin Black <[EMAIL PROTECTED]> wrote:
> "abraxas" <[EMAIL PROTECTED]> wrote in message
> news:8i6f91$f4a$[EMAIL PROTECTED]...
>> In comp.os.linux.advocacy Drestin Black <[EMAIL PROTECTED]>
> wrote:
>>
>> > "John W. Stevens" <[EMAIL PROTECTED]> wrote in message
>> > news:[EMAIL PROTECTED]...
>> >> Drestin Black wrote:
>> >> >
>> >> > p.s., it is impossible for an operating system _alone_ to be C2
>> > certified.
>> >> > It is ALWAYS a complete system that's evaluated and certified. NT
> enjoys
>> >> > another advantage in that it's C2 certification can be achived
> through
>> >> > software alone, not requiring any special hardware.
>> >>
>> >> Don't sentences one and two contradict each other Drestin?
>>
>> > no, I said not requiring any special hardware. What I mean is what I've
>> > written. NT enjoys the fact that it can gain certification on most any
>> > readily available hardware.
>>
>> Not laptops. Care to tell the class why, dresden? Go ahead, flaunt
>> your incredible security knowledge.
> Let me just remind the class of this paragraph from the TPEP FAQ:
> "A system does not require custom hardware to be successfully evaluated
> against the Trusted Computer System Evaluation Criteria (TCSEC) or Common
> Criteria for Information Technology Security Evaluation (CCITSE). "
Youve misunderstood what that paragraph means, dresden, likely because
youve never been involved with computer security to this degree.
"Custom" does not mean the same thing as "specific". You need "specific"
hardware to gain a C2 certification for WinNT 4.0, but not "custom".
In short, you're an idiot.
> Next: find the relevant paragraph in the TOD where it says "not laptops"
> http://www.radium.ncsc.mil./tpep/library/rainbow/5200.28-STD.html
Wow, youve managed to misunderstand everything, havent you. It must
be difficult to live with a retarded father.
> Lastly - I'll say. I do not know why. Next, YOU amaze US with your
> incredible knowledge and tell us why no laptops.
Because they do not fit the hardware criteria of a C2 certification
for WindowsNT 4.0. Now, dresden, why dont you amaze and astound us
some more by misunderstanding WHY they dont fit into the criteria?
> (I've read the entire 193 pages of the actual evaluation/certification:
> http://www.radium.ncsc.mil./tpep/library/fers/TTAP-CSC-FER-99-001.pdf -
> obviously you have not.
Actually, I have.
> NO where do they discuss ANY special hardware
> requirements (or exceptions) EXCEPT to note that the TFM requires that the
> OS can only boot from where it was installed, i.e., not allow someone to
> boot from floppy and have access to the OS tested).
Thats not how NT4.0 "specifically" (theres that hard word dresden,
look it up) was certified. "Certifiable" is not the same thing as
"certified".
> IF you take the time to read this document you'll CLEARLY realize that NT 4
> sp6a CAN be installed on any hardware according to specific instructions
> from MS (documented earlier) and will achieve C2 certification levels.
But the fact is, it hasnt. 6a has not been certified. So what you will
have is a computer that "is certifiable". No company or organization in
their right mind will think that this is the same thing as "certified".
Again, you lack security experience in this area. Probably best to let
it drop for now until you can get yourself some.
> An
> evaluation IS done on particular hardware (4 different machines in this
> case, to include testing networked configurations) BUT you do NOT have to
> use the same hardware to reachieve this certification leve.
They do in order to be *certified*. Not *certifiable*. You need some
experience, is what you need.
> Think about it idiot... what good would ANY certification level mean if you
> HAVE to have EXACTLY the same hardware as tested. Are you really that stupid
> or just don't realize how ignorant you sound.
You clearly have zero experience in the area.
> I can easily conclude you know NOTHING of what you are talking about.
Your son must be proud.
=====yttrx
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: An Example of the Superiority of Windows vs Linux
Date: Wed, 14 Jun 2000 20:45:55 GMT
Sorry but he has.
You can get so much more and better software, even the stuff that is
included with virtually every modem you can buy, for Windows.
The name of the game is faxing something now, not waiting for some
geek to write a program so you can do it.
On Wed, 14 Jun 2000 18:13:20 GMT, [EMAIL PROTECTED] wrote:
>Tim Palmer <[EMAIL PROTECTED]> writes:
>
>>FAX modems just don't work on UNIX.
>
>Really? You should inform Gert Doering that he has been wasting his time on
>the "mgetty+sendfax" package.....
>
>Bernie
>
>P.S.: I don't often say this on Usenet, but you *really* need to get a spell
> checker!
------------------------------
From: [EMAIL PROTECTED] (abraxas)
Crossposted-To: comp.os.ms-windows.nt.advocacy
Subject: Re: Microsoft migrates Hotmail to W2K
Date: 14 Jun 2000 20:48:19 GMT
In comp.os.linux.advocacy Drestin Black <[EMAIL PROTECTED]> wrote:
> Enlighten us then...
> by the way, we're building a C2 certified NT configuration today, hint: not
> a single Compaq part in sight, guess what: it'll be the equivilent of a C2
> certified system. Choke on it.
Being the "equivalent" of a C2 certified system is not the same thing as
being a "C2 certified system". If you understood the process, you would
realize this.
I am now looking at the signed document that *proves* that the AIX machine
in the next room is a *certified* B1. Its signed and everything and even
has an embossment.
Now stop pretending that you understand computer security and go change
the toner cartridge in a printer somewhere, Mr. IT professional.
=====yttrx
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: What is the proper newsgroup for Linux networking questions?
Date: Wed, 14 Jun 2000 20:48:53 GMT
Well GOLLY GEE Sargent Carter How about trying:
comp.os.linux.networking
On Wed, 14 Jun 2000 18:15:10 GMT, [EMAIL PROTECTED] wrote:
>I want to post on topic and I'm really excited
>about getting networking to function on my Linux
>computer. I have some questions and would like
>to solicit help from the guru's in a newsgroup.
>What is the best list of groups to post for these
>questions?
>
>It's all related to my TCP/IP setup, I'm pretty
>sure of that. To whom should I ask questions
>about this?
>
>
>Sent via Deja.com http://www.deja.com/
>Before you buy.
------------------------------
From: [EMAIL PROTECTED] (Leslie Mikesell)
Subject: Re: Linux faster than Windows?
Date: 14 Jun 2000 15:42:19 -0500
In article <[EMAIL PROTECTED]>,
Pete Goodwin <[EMAIL PROTECTED]> wrote:
>>>When I ran the test there was nothing else running.
>>
>>Ummm, did 'ps ax' actually only show your shell and ps itself?
>
>Dunno. Didn't try 'ps ax' as I knew I was running nothing else. Any daemons
>were configured/installed by Linux Mandrake as an 'out of the box'
>installation.
Then in fact you probably had 30 to 50 other things running. It
is easy enough to see.
>>>>An interesting test would be to run 4 or 5 (or more) concurrent povray
>>>>sessions and see how good the systems are in the taskswitching
>>>>department.
>>>
>>>That's not how you would normally run POVray!
>>
>>But it is the only influence the OS has on running a CPU intensive
>>job. Otherwise you are testing the compiler and the compile
>>options.
>
>Correct, that's what I'm interested in.
Then why is Linux in the subject of the thread when it's only
influence is in how many time slices are given to other things?
I think you'll find that when you really are multitasking on
both OS's that linux will schedule the slices more fairly and
waste less time doing it, but claiming to test an OS by running
one app is pretty meaningless.
Les Mikesell
[EMAIL PROTECTED]
------------------------------
From: OSguy <[EMAIL PROTECTED]>
Subject: Re: What is the proper newsgroup for Linux networking questions?
Date: Wed, 14 Jun 2000 15:14:52 -0500
Start at comp.os.linux.networking
[EMAIL PROTECTED] wrote:
> I want to post on topic and I'm really excited
> about getting networking to function on my Linux
> computer. I have some questions and would like
> to solicit help from the guru's in a newsgroup.
> What is the best list of groups to post for these
> questions?
>
> It's all related to my TCP/IP setup, I'm pretty
> sure of that. To whom should I ask questions
> about this?
>
> Sent via Deja.com http://www.deja.com/
> Before you buy.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.advocacy) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Advocacy Digest
******************************
