Linux-Advocacy Digest #185, Volume #29 Mon, 18 Sep 00 17:13:04 EDT
Contents:
Re: Sun cannot use Java for their servers!! ("Ermine Todd")
Re: Never tell me again that Windows is easy to install!!! It's a lie!
([EMAIL PROTECTED])
Re: Never tell me again that Windows is easy to install!!! It's a lie!
([EMAIL PROTECTED])
Re: Id Software developer prefers OS X to Linux, NT (dc)
I'm back! This group has sunk to a new low ([EMAIL PROTECTED])
Re: Linux to reach NT 3.51 proportions in next 2 years (Tim Kelley)
filename extensions are NOT a kludge (Richard)
Re: I'm back! This group has sunk to a new low
----------------------------------------------------------------------------
From: "Ermine Todd" <[EMAIL PROTECTED]>
Subject: Re: Sun cannot use Java for their servers!!
Date: Mon, 18 Sep 2000 13:25:45 -0700
Crossposted-To:
comp.lang.java.advocacy,comp.lang.java.programmer,comp.os.ms-windows.nt.advocacy
I don't believe that what you describe can be done by other than a Trojan
device driver that has been installed by the user. And even then, the OS
will complain and issue warnings on NT. Additionally, on Win2k, attempting
to install such a device driver would result in a warning that the user
would have to ignore.
There is no way that a user program (running in ring 3) can switch context
and suddenly have ring 0 privileges on NT - just can't happen. Likewise,
there is no way that a user program running in ring3 can perform direct
memory writes to protected memory. What often confuses people is that they
forget that EVERY application running on an NT system has a VIRTUAL 4GB
address space (typically 2GB available for the application) and that ANY
attempt by a user program to write to protected memory generates a fault
that is caught by the OS which will then kill that process.
This isn't to say that there aren't security holes but the fundamental
design is sound.
--ET--
"lyttlec" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Both Unix and NT will be open to attacks via root or administrator. But
> this is about being able to do it without being administrator. It is
> about not having to reboot to do it. It is also about System being more
> powerful than either administrator or root. My code and the code posted
> on the internet both let anyone, even a MSWord document, get System
> privileges. The design flaw in NT is that some System functions bypass
> the HAL and go directly to the hardware. The problem in Unix is that
> some sys admins are stupid.
> Linux solves the problem on Intel by having users run at hardware ring3,
> which disallows many machine instructions, even to root. Any Unix only
> permits root to change drivers NT however is always running at a
> (hardware) privileged ring so all you have to do is trick it into
> running a privileged instruction. It seems the only thing preventing NT
> from running privileged instructions is that the normal Windows
> compilers do not generate those instructions. So you just need to hand
> code them into an obj or .exe file ( or just POKE them into memory).
> That is the theory. I've tried it with 3.1/95/98. Hackers on the
> internet claim it works also with NT/2K and Me. A variant will attack
> Linux via root.
>
> I think the NT structure was a compromise by MS to make installation of
> new software easy. Self booting CDs running under Install Shield and
> changing System files are certainly more convenient than rebuilding the
> kernel or going through the trouble to administer variant libraries. Too
> bad it means surrendering control of your system to anyone who pays MS
> enough money.
>
> Chad Myers wrote:
> >
> > "lyttlec" <[EMAIL PROTECTED]> wrote in message
> > news:[EMAIL PROTECTED]...
> > > Ermine Todd wrote:
> > > >
> > > > The device driver software development kit (DDK) is available for
NT. When
> > > > you've actually managed to write a kernel level driver and have it
installed
> > > > in the system then you potentially be worth listening to.
> > > >
> > > > --ET--
> > > >
> > > You miss the point. The point is to *bypass* the OS and therefore the
> > > DDK. I did a short Google search and came up with dozens of hits of
> > > people doing just that! Some were even commercial products (things
that
> > > wanted to do fast DMA for video, games, large data base copies, etc.).
> > > For an example of the type (not specific) virus look at
> > > <http://lunateks.com/lunateks/963717948/>.
> > > (The 95/98 code I wrote turns out to be an improvement on the
Chernobyl
> > > virus. Oh Well. )
> > > (
> > >
> > >
> > > Later : I found the basic code for the NT stuff I was writing at a
site
> > > on the web. Real cute. Someone has lots more time than I do. How to
> > > steal NT Ring0 from NT Ring3. How to use NT Ring0 to jump out of NT
and
> > > run your virus and then jump back into NT. How to wipe the CMOS on the
> > > fly ( Your system is dead ... period). How to get an infected file
pass
> > > the basic security checks. The level of technical knowledge required
to
> > > do anything with this code is way beyond the normal script kiddy. You
> > > need to know how to use a hex editor, calculate complex checksums,
speak
> > > Russian (or Ukranian).
> >
> > lyttlec, I'm sorry to burst your bubble, but thinking that, by
installing
> > a driver and having that driver bust into NT's kernel and do mean things
> > is a design flaw in NT simply makes you look like more of an idiot than
> > you already do.
> >
> > Anything running in kernel-mode is trusted on just about any system you
> > look at (include most Unixes). Once you're in the kernel space you
> > can pretty much usurp control from the kernel and have free range of
> > the system. There are kernel "root kits" for Unix, NT, and just about
> > every other server-class OS. I don't think Windows 2000 yet, but there's
> > nothing stopping anyone from doing it.
> >
> > On trusted-class systems that have something equivalent to B or A class
> > ratings on the TSEC scale will have trusted kernels that check and
> > prevent root kits and kernel kits from taking control and replacing
normal
> > kernel operation.
> >
> > Writing something like this (taking over the system, flashing the BIOS
with
> > meaningless junk and jumping back into the kernel) on any
non-trusted-class
> > OS wouldn't be particularily difficult for someone who has ever written
> > a device driver. NT is not alone in this vuleneratbility. OSes in the
> > same class as NT (non-trusted, such as all windows, dos, Linux, Solaris,
> > BSD, Tru64 Unix and just about every non-Trusted unix and every other
OS,
> > MacOS, etc) allows you to install drivers that could potentially usurp
> > control of the kernel.
> >
> > However, on just about every worth-while system (NT/2K, Unix) that has
> > any type of security infrastructure doesn't allow anyone but an
administrative
> > or root-type user to install devices or their drivers, so this whole
discussion
> > is irrelevent.
> >
> > Once you get root or admin on a Unix or NT box, you pretty much have
free reign
> > to wreak all sorts of havoc, everyone in this group agrees.
> >
> > So just give it up, this isn't some "l33t NT hax0r" or anything.
> >
> > -Chad
> >
> > >
> > > > "lyttlec" <[EMAIL PROTECTED]> wrote in message
> > > > news:[EMAIL PROTECTED]...
> > > > > Nik Simpson wrote:
> > > > > >
> > > > > > "lyttlec" <[EMAIL PROTECTED]> wrote in message
> > > > > > news:[EMAIL PROTECTED]...
> > > > > > > Nik Simpson wrote:
> > > > > > > >
> > > > > > > > "lyttlec" <[EMAIL PROTECTED]> wrote in message
> > > > > > > > news:[EMAIL PROTECTED]...
> > > > > > > > > Ermine Todd III wrote:
> > > > > > > > > In otherwords SuperRoot held by MS and its "trusted"
partners.
> > > > > > Otherwise
> > > > > > > > > you couldn't apply service packs which, on occasion, do
replace
> > > > SYSTEM
> > > > > > > > > functionality.
> > > > > > > >
> > > > > > > > Bullshit. If something cannot be loaded/unloaded through the
normal
> > > > > > > > mechanisms then you have to reboot for the change to take
effect. In
> > > > > > other
> > > > > > > > words if foo.sys is soemthing that can't be stopped and
started on a
> > > > > > running
> > > > > > > > system, the SP install renames foo.sys to foo.sys.old and
puts a new
> > > > > > version
> > > > > > > > of foo.sys on the disk which is loaded during a reboot. No
need for
> > > > any
> > > > > > > > magin "SuperRoot" except in your limited imagination.
> > > > > > > >
> > > > > > > BZZZT Wrong. If you have full system priveleges (Ring0 on the
Pentium)
> > > > > > > you can do anything, including modifying running programs,
and have
> > > > the
> > > > > > > changes take effect immediately. Pentium Ring 0 Changes do not
require
> > > > a
> > > > > > > reboot. Root and Administrator are demigods. Kernel is GOD.
Kernel can
> > > > > > > change your program while it is running. Kernel can make
Administrator
> > > > > > > cease to exist.
> > > > > >
> > > > > > Sigh, have you ever installed a Service Pack on NT, if you had,
you'd
> > > > know
> > > > > > just how wrong you are about the installation process and what
Microsoft
> > > > > > does. But of course you clearly not one to let a few facts get
in the
> > > > way of
> > > > > > an arguement.
> > > > > >
> > > > > > >
> > > > > > > Well, at least you make a distinction between Nt and operating
> > > > systems.
> > > > > > > Personaly I have built a half dozen or so operating systems.
How many
> > > > > > > have you built?
> > > > > >
> > > > > > As an RV at Bell Labs in the 80s I worked on early System V and
have
> > > > quite a
> > > > > > lot of experience, just what experience do you have.
> > > > > >
> > > > > So why don't you know the differnce between "root" and "System"? I
do
> > > > > agree that System V, Linux, and other Unix variants do make it
difficult
> > > > > for any mere mortal to get System privileges. NT, OTH, does not.
Unless
> > > > > you show that the code in ring0.exe published by MS in its code
base
> > > > > doesn't work.
> > > > > > --
> > > > > > Nik Simpson
------------------------------
From: [EMAIL PROTECTED]
Crossposted-To: comp.ms.windows.advocacy,comp.ms.windows-nt.advocacy
Subject: Re: Never tell me again that Windows is easy to install!!! It's a lie!
Reply-To: [EMAIL PROTECTED]
Date: Mon, 18 Sep 2000 20:27:51 GMT
On Sat, 16 Sep 2000 21:38:51 -0500, OSguy <[EMAIL PROTECTED]> wrote:
>I have wasted a whole day putting on Windows ME from scratch on my
>daughter's computer (Celeron-350Mhz, 32M Ram). Her machine under
>Windows 98 just got too bogged down, and slowly but surely, all of her
>games and educational programs were getting too much for Win98 to
>handle.
So I must assume that all of these games and educational programs were
available under Linux as well?
Doesn't Linux have 10's of thousands of FREE software titles?
> So this morning I completely wiped and reformatted her hard
>disk, then started the Windows ME installation. Two Hours later, it was
>over. The Windows Install program, of course, told me it would be 30-60
>minutes, but funny how it was 10 minutes to go for installation for
>about 25 minutes while it was installing.
What does that statement mean?
What does "To go for installation for about 25 minutes" mean?
>Linux has never taken me over 30 minutes to install on a machine.
Me either.
Putting Sears Bias Ply tires on my Impala SS doesn't take any more
time than putting Goodyear Eagles either....
>Here where the fun began. Once Windows ME fully started up, it couldn't
>find a driver for my jukebox-CD unit....in fact it couldn't find the
>drive, and I couldn't get WinME to understand that there is a CD Drive
>there. The insane thing is that the floppy disk used to boot and then
>install WinME from the CD Drive not only recognized my jukebox CD
>drive....it recognized ALL of the CDs in the drive. What type of morons
>have an install program with a driver much more advanced then the
>system? I sat there wondering why that driver on the floppy wasn't
>integrated at all in the Windows ME System. I spent a lot of time
>opening up the case of the machine and wondering what the h*LL is wrong
>with this ME garbage, then it hit me. The jukebox CD was on a separate
>IDE card creating the 3rd IDE port on the machine. Wondering if the
>problem was that WinME couldn't see the 3rd IDE port, I switched the CD
>to the second IDE port and took out the external IDE card. Finally, I
>had a CD. So, the Install floppy, and Windows 98 could recognize my
>external IDE, but WinME proper can't. What's wrong with this picture.
>
>Usually one something works under linux, I have no trouble keeping it
>working from upgrade to upgrade...the worst I have to do is to recompile
>the 'driver' again under the kernel version I'm using, and it works just
>fine. Also, If the Linux install can recognize the device, the fully
>installed linux distro can understand it too. And the kernel-2.4.0-test
>series understand additional IDE ports just fine.
So you had to use a test kernel or recompile to get Linux to recognize
all of your hardware?
Tell me, does a currently shipping kernal recognize whatever hardware
you have on the system?
>Of course, my 16-bit sound card which worked under Win95 & Win98 didn't
>work under WinME....why aren't I surprised? So I got to buy a new
>Soundblaster Card just so WinME would understand it.
And exactly WHAT soundcard was it that Windows ME did NOT recognize?
You left that part out....
>Somehow, I was under the impression WinME was supposed to be an updated
>Win98...and the box says it maintains compatibility with Win95 and
>Win98. Well, guess what? I found out that anything that installed its
>driver in the Config.sys section of DOS and expected its driver to be
>there before WinME comes up is now broken. WinME won't allow any DOS
>'legacy' drivers in the system.
Maybe you should RTFM, like Linux supporters are always screaming.
A quick search on Windows+me under www.google.com provides this hit on
the first page:
http://www.zdnet.com/products/stories/pipreviews/0,8827,176419,00.html
Note the part about Dos.....
Maybe you should learn to read?
>Well, 12 hours later, I finally have a system working as good as it was
>before I wiped off the Win98 system, except now it goes to the disk a
>lot......Well, I have 32M Ram, the Windows recommended, but what's this
>note that says performance will improve with more memory? Has it ever
>occurred to Microshaft to tell anybody what the optimum amount of memory
>is for their system? Why must I try to flush that info out from all of
>the MS Blurbmeisters? So later this week, I'll be buying more memory.
And you run KDE or Gnome in 32 meg?
You must be a masochist......
>After this little episode, I really appreciate my linux machine which
>never gives me trouble, works with existing hardware where I only
>upgrade when I want to, and, while it make take a while to get all the
>drivers for the devices I need, at least I can rest easier knowing that
>once the driver is out, it will work for as long as I keep it compiled
>to my system. And, I've never seen a Linux distro regress on
>capabilities from update to update (No, I've never used Corel Linux).
True, Linux will support every shit piece of hardware all the way back
to the AST 6 Pack card that added an extra 384k, parallel and serial
as well as game ports....
Unfortunately, the rest of the world likes to move on once in a while.
Fortunately, for you, Linux thrives on supporting antiquated, albeit
sometimes useful (depending on your purpose) hardware.
You can sleep tight tonight knowing that whatever piece of 10 year old
hardware you can pull out of your junk box, Linux will support it...
>So, as long as you Windows advocates keep coming into the
>comp.os.linux.advocacy groups telling us how much easier Windows is to
>install, I'm just going to laugh at you because I know you're either a
>moron, ignorant, or just plain lying.
And the same goes for LinO-Zealots posting trolls such as this
one.....
>Oh, and to the trolls, this is a first-hand account true story, unlike
>your works of fiction that you keep spewing.
Buy a decent system, or as an alternative use your crap hardware under
Linux...All those games and educational programs you mentioned ARE OF
COURSE available under Linux?
Well are they?
>Microshaft Sucks! I hope to NEVER buy another product that Gates had a
>hand in selling!
You'll buy it, only because you need to run certain programs and
chances are they are not available under Linux...
What a poor attempt at a troll...Either that or the guy is a genuine
moron..
Claire
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Never tell me again that Windows is easy to install!!! It's a lie!
Reply-To: [EMAIL PROTECTED]
Date: Mon, 18 Sep 2000 20:28:01 GMT
Yep, Tim is correct. A GOOD Linux Distro, like Mandrake for example is
30 minutes tops for install. I have not tried ME but Win2k was over an
hour and I lost track of how many re-boots. With decent, supported
hardware on both platforms (Win and Linux) Linux blows Windows away,
no contest.
Shame on MS..
However, I do not agree with the original poster, which I have
addressed in another post.
BTW I AM female, at least as of the last time I looked down there..
claire
On Mon, 18 Sep 2000 10:33:15 -0500, Tim Kelley <[EMAIL PROTECTED]>
wrote:
>"David M. Butler" wrote:
>>
>> Ingemar Lundin wrote:
>>
>> >
>> > "OSguy" <[EMAIL PROTECTED]> skrev i meddelandet
>> > news:[EMAIL PROTECTED]...
>> > > Microshaft Sucks! I hope to NEVER buy another product that Gates had a
>> > > hand in selling!
>> >
>> >
>> > Strange thing tough...it only seems to be linux users that having problem
>> > with windows setup...how come?
>>
>> Porbably the same reason that Windows users have the most trouble with
>> setting up a Linux system... few will admit when their own preference in OS
>> actually does something that makes it difficult, or doesn't seem to make
>> sense. Both sides are guilty of this one.
>
>Almost no one complains about linux being hard to install, not
>even the schizo steve-heather-keys88 guy that posts here. Even
>he thinks linux is easy to install. Most Linux distros also take
>less time to install, and is set up so that you fill out all the
>info first, then go about whatever else you wanted to do (with
>windows you need to sit at attention during the entire install
>process).
>
>Consider: a full RH6.2 install takes about 20 minutes, and that
>is about half the time it takes to install Win98 and yet is about
>five times as much software.
>
>Windows is NOT easy to install. Windows installers (from 95 to
>NT) have always been poorly written, klunky, futzy and weird.
------------------------------
From: dc <[EMAIL PROTECTED]>
Crossposted-To: comp.sys.mac.advocacy,comp.os.ms-windows.nt.advocacy
Subject: Re: Id Software developer prefers OS X to Linux, NT
Date: Mon, 18 Sep 2000 15:28:15 -0500
On Mon, 18 Sep 2000 22:13:50 +0100, [EMAIL PROTECTED]
(C Lund) wrote:
>In article
><[EMAIL PROTECTED]>, dc
><[EMAIL PROTECTED]> wrote:
>
>> >> >Go read Paul 'Z' Ewande's reply to my post and maybe you'll
>> >> >learn a thing or two yourself.
>> >> Why? It's common knowledge.
>> >Then why didn't you give a few examples?
>> Why didn't you know?
>Because I haven't used W2K. I thought I already told you that.
We've talked about it so frequently here that I don't buy that excuse.
>> >> >One might think you didn't know any more
>> >> >than I do on W2K.
>> >> Why? Because you aren't paying me to educate you?
>> >Why should I pay you? You obviously don't have a clue.
>> How so?
>In that you apparently don't know the difference between W2K and Win98.
Proof?
------------------------------
From: [EMAIL PROTECTED]
Subject: I'm back! This group has sunk to a new low
Reply-To: [EMAIL PROTECTED]
Date: Mon, 18 Sep 2000 20:30:36 GMT
This group is just plain boring these days, I have a break in work for
about 11 days so I will be posting here, even for a short time.
At least we can count on some excitement instead of the boring crap
that has been going on here.
claire
------------------------------
From: Tim Kelley <[EMAIL PROTECTED]>
Crossposted-To: comp.os.ms-windows.nt.advocacy
Subject: Re: Linux to reach NT 3.51 proportions in next 2 years
Date: Mon, 18 Sep 2000 15:32:10 -0500
Rich C wrote:
> Every window has a title bar with buttons to minimize, close, etc, right?
> How about adding a button to pull up the task list? Then you wouldn't need a
> task bar or access to the bare desktop to find your icons. You could also
> include items to navigate between your virtual desktops as well. Your other
> desktops and your running programs would always be a button click away, even
> if you are running an app "full screen."
I know windowmaker and kwm already do this, you just click both
mouse buttons on the desktop and the window list comes up.
--
Tim Kelley
[EMAIL PROTECTED]
------------------------------
From: Richard <[EMAIL PROTECTED]>
Subject: filename extensions are NOT a kludge
Date: Mon, 18 Sep 2000 20:46:16 GMT
Brian Langenberger wrote:
>File extensions *are* stupid; they're quite possibly the stupidest of
> all ways to figure out the type of files being dealt with. Rather
> than hoping the user uses some sane naming scheme and performing
> checks in case they don't, just examine the start of the file
> and know *for sure* what sort of file it is. And if performance is
> an issue, transparently cache the magic data in the filesystem
> to make a quick system call out of it (which should be just as fast
> as getting the file's name and doing suffix checking).
>
> File type associations aren't a bad idea for those that want it.
> But let's at least make a sane implementation of it without the
> stupid file name extension kludge.
People's attitudes to typing will dictate their attitude
towards file extensions. If you're a fan of typing (or have
had your brain fried by C and its evil spawn) then you'll
want magic and type checking. OTOH, if you're not a
fan of typing (take a wild guess which category I'm in)
and you think of it only as a user convention that must
be kept extensible by the users (which type checking
cannot /ever/ be) then putting type information in the
filename where users can change it at will is the only
possible way to go.
Filename extensions are no more stupid than weakly-
typed programming languages. There are plenty of
perfectly legitimate reasons to have weak typing, so
I'd revise my provincial attitudes if I were you.
Btw, type checking and using magic can be interpreted
as condescension on the part of software. Certainly, your
opinion of users demonstrates plenty of condescension.
Just what the hell is wrong with letting users determine
the type of an object? Will the system come to a grinding
halt the way it does if a user executes rm -rf? Is there
some reason why I shouldn't be allowed to rename
"list\ of\ songs.text" to "list\ of\ songs.playlist"? Oh,
that's right, the type is supposed to be determined by
magic, eh? Get a clue, buddy; what you're proposing is
flatly impossible!
Even if you define a hierarchy of types so that objects
of type playlist can be operned with a text editor, it does
not change the fact that users have to be able to create
new objects of that type. And it's beyond stupidity to do
as you imply and put barriers in users' way just for the
hell of it! In fact, the obvious implication that only
programmers (or their delegates) should be allowed to
create new objects (who else would create the magic?),
new types (who else would have access to the type-
checking code?) and convert objects to different types
(if this were even allowed by the hallowed programmers!),
demonstrates an intense need for control, power and
domination of users. Clearly, users would be better off
if programmers were required to attend psychotherapy
in order to deal with their emotional problems.
Oh, and in case you didn't know; it is a fallacy to assume
that just because something (CP/M, DOS, Windows) is
horrible that it can't possibly have done anything right.
------------------------------
From: <[EMAIL PROTECTED]>
Subject: Re: I'm back! This group has sunk to a new low
Date: Mon, 18 Sep 2000 13:29:35 -0700
Reply-To: <[EMAIL PROTECTED]>
<[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> This group is just plain boring these days, I have a break in work for
> about 11 days so I will be posting here, even for a short time.
>
> At least we can count on some excitement instead of the boring crap
> that has been going on here.
>
> claire
>
Speak of the devil and the devil appears!
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.advocacy) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Advocacy Digest
******************************
