Linux-Advocacy Digest #961, Volume #29 Tue, 31 Oct 00 12:13:03 EST
Contents:
Wall St dislikes LNUX? ([EMAIL PROTECTED])
Re: Ms employees begging for food (T. Max Devlin)
Re: Ms employees begging for food (T. Max Devlin)
Re: Debian vs RedHat/Mandrake (Roberto Alsina)
Re: IBM to BUY MICROSOFT!!!! ("Christopher Smith")
Re: IBM to BUY MICROSOFT!!!! ("Bruce Schuck")
Re: A Microsoft exodus! (Chris Wenham)
Re: Why don't I use Linux? (Aaron Ginn)
Re: Why don't I use Linux? (Aaron Ginn)
Re: Once agian: Obscurity != security (Was: Tuff Competition for LINUX! ("Bruce
Schuck")
Re: so REALLY, what's the matter with Microsoft? ("JS/PL")
Re: A Microsoft exodus! ("Bruce Schuck")
Re: A Microsoft exodus! ("Bruce Schuck")
----------------------------------------------------------------------------
From: [EMAIL PROTECTED]
Subject: Wall St dislikes LNUX?
Date: 31 Oct 2000 10:41:10 -0500
What's up with the VA Linux stock price drop? Is it the numbers in the
latest annual report or what?
--
Bruce R. Lewis http://brl.sourceforge.net/
------------------------------
From: T. Max Devlin <[EMAIL PROTECTED]>
Crossposted-To: comp.os.ms-windows.nt.advocacy,comp.arch,comp.os.netware.misc
Subject: Re: Ms employees begging for food
Date: Tue, 31 Oct 2000 10:47:53 -0500
Reply-To: [EMAIL PROTECTED]
Said Les Mikesell in comp.os.linux.advocacy;
>
>"T. Max Devlin" <[EMAIL PROTECTED]> wrote in message
>news:[EMAIL PROTECTED]...
>
>> >The 10% (I thought 30?) maximal nominal use is a malicious
>> >misinterpretation of one of the more interesting papers on ethernet.
>>
>> The phrase "maximal nominal" does not parse. I know the 30% number
>> you're referring to, and that is, indeed, related to my placement of
>> "nominal throughput" at 10%. CSMA/CD does have a "logarithmic response
>> curve" under shared-media load. But the question can be asked "so you
>> can rely on 30% bandwidth; fine. Now, *which* 30%?"
>
>The 10% number is a figment of your imagination.
No, it is the results of my research and experience, which I'm going to
have to point out is not limited to only examining the ethernet itself,
but dealing with the "whole network".
>The 30% number
>came from a much publicized IBM paper based on a flawed
>model of how the collision avoidance actually works, and was
>refuted later by people who knew better and actually had
>ethernets running at 60% with no delays (as they all will if
>you stay within the specs). IBM was trying to sell token ring
>at the time based on such claims when in fact ethernet would
>generally outperform it.
Well, they were describing a valid phenomena, resulting from the
logarithmic response curve which causes loading to be non-linear. I
can't believe how many people mistake this "rule of thumb" for
provisioning to be some sort of hard limit, as if getting any arbitrary
ethernet to sustain higher utilization is said to be impossible. It
doesn't work like that.
>> Another reason I would call 10% *nominal throughput*, in contrast to
>> that 30% figure, is the observation that at the time of the creation of
>> Ethernet, microcircuit components for LAN-style transceivers generally
>> used a cost/performance break point of 1 to 2.5 Megabits per second. In
>> contrast, the CSMA/CD method required very fast transmission bit rate,
>> and the components became much more expensive. Yet, with the
>> logarithmic response curve, shared media ethernet wasn't expected to
>> reach even 50% utilization. It appears that in order to ensure a
>> nominal throughput on the order found in similar designs, a 10 Megabit
>> NIC and media were necessary.
>
>Is there supposed to be some point here?
Yes; Metcalfe determined that in order to get useful service from
CSMA/CD, the bit rate should be ten times the necessary throughput
capacity. I can think of no other reason why a network system which was
designed to be cheap as well as easy would use much higher-cost
components than comparable systems to support an amount of bandwidth
which was literally an order of magnitude greater than the alternatives.
Of course, within a few years, when 3Com (Metcalfe's company) came up
with the "single chip ethernet" solution, Ethernet got a lot cheaper
again. But the earliest ethernet cards cost $5000, I'm told.
>> Well, if it didn't, then why did everyone go to switched Ethernet just
>> about as fast as they could afford to?
>
>I don't recall any big rush for switched 10Meg. Some places used
>it to fix their out-of-spec shared nets, but I would never have called
>it popular. Switched 100Meg is almost a requirement because
>you can't cascade hubs and it is cheap enough that you don't have
>to worry about alternatives.
Depending on what in particular you mean by "cascade hubs", your
statement appears to be mistaken. Switched 10Mb is what started the
rush to LAN switching to begin with. Kalpana's
"cross-point-switch-matrix" ASIC technology, the "translating bridge"
Synernetics LanPLEX, and finally the "ATM backplane" systems which
became the LAN switches of today (the Cascade, the SpeedSwitch stuff
from Nortel, etc.) were all initially designed for 10 Megabit, with 100
meg full duplex capabilities retro-fitted in once available.
--
T. Max Devlin
*** The best way to convince another is
to state your case moderately and
accurately. - Benjamin Franklin ***
======USENET VIRUS=======COPY THE URL BELOW TO YOUR SIG==============
Sign the petition and keep Deja's archive alive!
http://www2.PetitionOnline.com/dejanews/petition.html
====== Posted via Newsfeeds.Com, Uncensored Usenet News ======
http://www.newsfeeds.com - The #1 Newsgroup Service in the World!
======= Over 80,000 Newsgroups = 16 Different Servers! ======
------------------------------
From: T. Max Devlin <[EMAIL PROTECTED]>
Crossposted-To: comp.os.ms-windows.nt.advocacy,comp.arch,comp.os.netware.misc
Subject: Re: Ms employees begging for food
Date: Tue, 31 Oct 2000 10:57:08 -0500
Reply-To: [EMAIL PROTECTED]
Said Ketil Z Malde in comp.os.linux.advocacy;
>T. Max Devlin <[EMAIL PROTECTED]> writes:
>
>> Well, if it didn't, then why did everyone go to switched Ethernet just
>> about as fast as they could afford to?
>
>Because it's a pretty cheap thing to do if you already have structured
>cabling?
Not as cheap as not.
>Because you can get larger networks at very little
>configuration cost (as opposed to using routers between network
>segments)?
I'm not concerned at this point with the "switching or routing" false
dichotomy. The question was why, if shared media isn't limited by this
supposedly false "30% ceiling", as the poster was indicating, people
spent extra money going to switched, rather than simply increasing their
bandwidth to 100 meg at *zero* configuration cost.
>And yeah, because you get better capacity for each workstation.
By "capacity", I presume you mean "bit rate". That is the point. When
you examine ethernets in isolation, it is easy to confuse throughput for
bandwidth, leading to such problematic nomenclature as calling bit rate
"capacity". This is why the "ping pong troubleshooting wars" are so
common in every modern network. The LAN guys "prove" the problem isn't
the ethernet by pointing to utilization statistics, and the system guys
point to their matching metrics to "prove" it isn't the system, and
nobody can figure out what is going on, but can "prove" it isn't their
isolated component causing the problem.
In a large proportion of cases (at least out of the couple hundred I've
seen since 1994, when I started focusing on LAN-based networking), the
"better capacity for each workstation" is a boondoggle, and ends up
being little more than "throwing bandwidth at the problem", with mixed
results being the norm only if you are optimistic and ignore all the new
problems caused by lack of instrumentation on switched segments.
--
T. Max Devlin
*** The best way to convince another is
to state your case moderately and
accurately. - Benjamin Franklin ***
======USENET VIRUS=======COPY THE URL BELOW TO YOUR SIG==============
Sign the petition and keep Deja's archive alive!
http://www2.PetitionOnline.com/dejanews/petition.html
====== Posted via Newsfeeds.Com, Uncensored Usenet News ======
http://www.newsfeeds.com - The #1 Newsgroup Service in the World!
======= Over 80,000 Newsgroups = 16 Different Servers! ======
------------------------------
From: Roberto Alsina <[EMAIL PROTECTED]>
Subject: Re: Debian vs RedHat/Mandrake
Date: Tue, 31 Oct 2000 13:06:55 -0300
El mar, 31 oct 2000, Bruce Scott TOK escribió:
>In article <[EMAIL PROTECTED]>,
>Bob Hauck <bobh{at}haucks{dot}org> wrote:
>>On 30 Oct 2000 17:46:56 +0100, Bruce Scott TOK <[EMAIL PROTECTED]> wrote:
>>
>>>I don't understand these memory leaks. Is the cause of this known?
>>
>>Writing giant applications in C and/or C++.
>
>Is this just careless programming or is it something stupid in the IO
>buffers I keep hearing about?
It's the nature of the languages, and of being coded by humans.
Memory leaks are caused because, to put it mildly, keeping memory allocation in
check is too complex for humans, after the project grows past a certain
threshold.
C++ is not nearly as bad as C for this, but it is nowhere close to ideal.
--
Roberto Alsina
------------------------------
From: "Christopher Smith" <[EMAIL PROTECTED]>
Crossposted-To: comp.os.ms-windows.advocacy,comp.os.ms-windows.nt.advocacy
Subject: Re: IBM to BUY MICROSOFT!!!!
Date: Wed, 1 Nov 2000 01:55:19 +1000
"2:1" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED]...
> Christopher Smith wrote:
> >
> > > note pad:)
> >
> > *shrug*. I ran Word 95 on Win95 at school for some time on a 386 w/12MB
> > RAM. It was usable.
>
> That was one hell of a 386. Personally, I found that win95 on 386 and
> 486 was very slow unless you get to the hige end dx2s and dx4s. Win311,
> OTHO was fine on a 386.
It was slow to boot (minutes), and you couldn't run more than one or maybe
two things at once - but it was usable.
>
> >
> > > > Certainly it's no slower than any other OS offering equivalent
> > > > functionality.
> > >
> > > I've found Linux+X on a 486 much faster than Win95 on a 486.
> >
> > Using a window manager like KDE or GNOME, I find that difficult (nay,
>
> KDE and Gnome aren't window managers. Neither is explorer.exe
Semantics. Would you prefer I used to the term "GUI" ?
> > impossible) to believe.
> >
> > Or did you not see the "equivalent functionality" part ?
>
> Depends what you count as functionally equivalent: explorer.exe provides
> no window management, something even twm does.
There is no direct analogy to a "window manager" in Windows.
> FVWM2 can provide more then you get with Windows in some areas, less in
> others. Window maker is also fine on an SX/33. That is a very nice WM.
Drag & drop is something that springs instantly to mind. As is global cut &
paste that actually works (and of something more than just basic text).
Fvwm, Window maker, Afterstep etc are all essentially the same - just flashy
graphical task switchers (some flashier than others) with little real
functional difference between any of them.
Most *nix WMs/desktop environments/GUIs/whatever-you-want-to-call-its do a
wonderful job of making flashy task switchers. However, they perform a
lousy job of providing any sort of coherent and consistent working
environment. Shit, even KDE *today* can't provide a consistent desktop and
behaviour within just "KDE apps" themselves (let alone other programs like
Mozilla), and it's closer than anything else has come so far.
------------------------------
From: "Bruce Schuck" <[EMAIL PROTECTED]>
Crossposted-To: comp.os.ms-windows.advocacy,comp.os.ms-windows.nt.advocacy
Subject: Re: IBM to BUY MICROSOFT!!!!
Date: Tue, 31 Oct 2000 08:13:48 -0800
"2:1" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED]...
> Bruce Schuck wrote:
> >
> > "2:1" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED]...
> > > Bruce Schuck wrote:
> > > >
> > > > "Aaron R. Kulkis" <[EMAIL PROTECTED]> wrote in message
> > > > news:[EMAIL PROTECTED]...
> > > > > Chad Myers wrote:
> > > > > >
> > > > > > "Shannon Hendrix" <[EMAIL PROTECTED]> wrote in
message
> > > > > > news:8t2458$15a$[EMAIL PROTECTED]...
> > > > > > > In article <WGgI5.32396$[EMAIL PROTECTED]>,
> > > > > > > Otto <[EMAIL PROTECTED]> wrote:
> > > > > > >
> > > > > > > > Linux does detect the memory correctly, although it uses
only
> > the
> > > > first 64
> > > > > > > > MB of it until you change some configuration files. Chad
> > might've
> > > > meant
> > > > > > > > that. The only distro I've seen which detects and uses all
of
> > the
> > > > memory was
> > > > > > > > Caldera 2.4.
> > > > > > >
> > > > > > > This is not true. Sigh...
> > > > > > >
> > > > > > > The problem is that when Linux is being loaded, a check was
made,
> > > > > > > basically a BIOS call for memory (can't remember which one),
and
> > it
> > > > > > > often returned 64M at the most. If you knew you had 128MB of
RAM
> > then
> > > > > > > you added a boot parameter to Linux to tell it how much RAM
you
> > had
> > > > > > > since your BIOS/motherboard combination couldn't get it right.
> > > > > > >
> > > > > > > This is a PC/BIOS bug, not a Linux bug.
> > > > > >
> > > > > > No, it's a linux bug. Windows detected it just fine.
> > > > >
> > > > > Can you even get Lose98 to INSTALL on 386 or 486 machine?
> > > > >
> > > > > A) yes, you can keep old hardware in production
> > > > > B) NO, YOU MUST THROW AWAY YOUR OLD MACHINES.
> > > >
> > > > I've run Windows NT Server a 486 with no problem. I admit it wasn't
as
> > fast
> > > > as I liked but it ran just fine.
> > >
> > > Ypu don't say whoch one. 3.5.1 will go on a 486 (if you could be arsed
> > > with 300 floppies). I'd love to see NT4 on a 486 with ie5.
> >
> > It was NT4. And NT4 installs just fine from a network folder. You don't
need
> > floppies.
>
> I saw 3.5.1 on floppies. I think someone at the company i worked for
> actually installed it. The mind boggles.
>
> I have to say I'm surprisd to hear that NT4 works OK on a 486
> considering Win95 doesn't (it's horribly slow).
It was a 486/100 and a decent amount of memory.
------------------------------
Crossposted-To:
comp.os.ms-windows.nt.advocacy,comp.os.ms-windows.advocacy,comp.sys.mac.advocacy,comp.os.os2.advocacy,comp.unix.advocacy
Subject: Re: A Microsoft exodus!
From: Chris Wenham <[EMAIL PROTECTED]>
Date: Tue, 31 Oct 2000 16:14:18 GMT
>>>>> "Ayende" == Ayende Rahien <[EMAIL PROTECTED]> writes:
> "Weevil" <[EMAIL PROTECTED]> wrote in message
> news:YLxL5.508$[EMAIL PROTECTED]...
>> That's quite a bit of trouble to go to, but it is not an impossible
>> scenario. Here's the same scenario for Windows:
>>
>> 1) Write a back door in any piece of software you want to.
>> 2) Upload it to shareware sites.
> Why can't I do the same for OSS product?
You can do the same, so in theory the potential for payoff (the
number of clients you compromise) is the same for either model.
The only difference is that the user of the Free software HAS THE
OPTION of re-compiling the source code that he might also audit or
have audited.
The user of the closed software does not have that option.
> How hard is that? And how many people actually bother to compile the source
> if they've the binary already?
I typically compile from the source code anyway and the reason is
because I use FreeBSD - which features a ports collection (a package
manager coupled with a tree of makefiles for a variety of
programs).
It works by downloading the source and compiling it on your
machine. It uses checksums to validate the integrity of the archived
source.
StarOffice and Netscape are the only two programs installed on my
computer that were not compiled on my computer. Soon, even those two
will be replaced by their open-source successors that are already in
the Ports Collection.
I am not using any program from outside of the Ports Collection, so I
only have one source who's integrity and accountability I have to
worry about.
>> No, it's far easier to compromise closed source products, and one of the
>> main reasons is that customers do *not* have access to the source code.
> Actually, it's not easier, you can do it with OSS too, because I know that a
> lot of people read the source, but use the binary unless they make some
> changes in the code.
I agree that it's feasable to distribute a compromised binary with
original source and collect a payoff from those who use the binary on
faith.
But this danger has always existed for both models of software
distribution. It is equally possible to put a back door in a
commercial program as it is to put one in an open source program, so
from this perspective it's as if the two models were
indistinguishable flavors, right?
No, not quite. Even if you deliver a compromised binary to the hands
of a potential victim, the victim still has one more option with Free
software: He has the option of having the code audited and
re-compiled. This option does not exist for Binary-Only software
packages.
Whether the victim exercises that option or not is less important
than the -freedom- to exercise it.
I have the -option- of taking a used car to a mechanic before I buy
it. I have the -option- of asking to see a dentist's license before I
let him drill my teeth. I have the -option- of looking up a
restaraunt's health inspection record before eating there.
If I fail to exercise any of these options and I lose brake pressure
at a critical moment, or get a wrecked mouth, or salmonella
poisonining, then it's my own fault*.
What we are talking about here is not so much whether it's possible
to install a back-door into a piece of software and give it to
someone, but rather: what are the vendors of this software doing to
help the user cover his own ass?
In the closed-source world, you must trust the vendor. In the
open-source world, you don't have to trust the vendor in order to use
the software and know that it's safe.
The Free Software model means the developer can give the user one
more way of covering his ass in a world where -anything- can be
compromised.
Regards,
Chris Wenham
* - I guess I can sue in all three cases, but these are remedies and
not preventative measures. It still really sucks to get
salmonella poisoning, even if you do win punative damages.
------------------------------
From: Aaron Ginn <[EMAIL PROTECTED]>
Subject: Re: Why don't I use Linux?
Date: 31 Oct 2000 08:39:59 -0700
I knew I would regret getting into an argument with you. I'm
beginning to strongly suspect you are a troll, but ...
Pete Goodwin <[EMAIL PROTECTED]> writes:
> In article <[EMAIL PROTECTED]>,
> Aaron Ginn <[EMAIL PROTECTED]> wrote:
>
> > You're the one that always calls people to task for not being
> > specific. I was merely calling you out for doing the same.
>
> I didn't start it.
>
> I kept using Linux to lump together Linux, X and KDE.
And that was your mistake. X is not Linux, KDE is not Linux. That's
like saying Explorer is Windows. It doesn't make any sense.
> Now I see people use the term "Windows" when they really Windows
> 95/98/ME, and not NT/2000.
Very few people in this group refer to NT as anything other than NT.
Same with W2K. When people say Windows, they are almost always
referring to Microsoft OSen that have a DOS legacy. Maybe we lump
95/98/98SE/ME together, but that's because they all generally suck the
same.
> > ... that you choose to use. There are plenty of options, as you have
> > been told several times. What does Delphi offer me that XEmacs
> doesn't?
>
> Quite a lot more than most IDE + compiler packages offer. It's the
> resource editor + VCL + forms + integrated editor and reasonably well
> thought out classes that make the whole thing. I've yet to see anything
> else even close to it.
That sounds very... vague. How about some specifics? What would
Delphi offer me that would not be available in XEmacs? In XEmacs I
have the premiere text editor (calm down vi users!), an integrated
debugger, compiler, totally customizable C/C++ environment complete
with color/syntax highlighting. This is the same environment that I
use for Perl/Python/Java/etc development. Why is Delphi any better?
> > Don't upgrade. Reinstall from scratch. It's a little work up front,
> > but it will pay off in terms of stability.
>
> That's pretty piss poor for a user. At least when I upgrade Windows it
> works!
Please. You mean to tell me you upgraded the same machine from 95 to
98 to 98SE to ME (or any combination of those) without any problems?
If so, you're lying, and everyone here is knowledgable enough about
these OSen to spot your lies a mile away.
You can upgrade Mandrake if you want, but a fresh install is better.
I guarantee you that an upgrade from Mandrake 7.0 to 7.1 will result
in a more stable machine than an upgrade from any MS OS.
Aaron
--
Aaron J. Ginn Phone: 480-814-4463
Motorola SemiCustom Solutions Pager: 877-586-2318
1300 N. Alma School Rd. Fax : 480-814-4463
Chandler, AZ 85226 M/D CH260 mailto:[EMAIL PROTECTED]
------------------------------
From: Aaron Ginn <[EMAIL PROTECTED]>
Subject: Re: Why don't I use Linux?
Date: 31 Oct 2000 08:53:39 -0700
Pete Goodwin <[EMAIL PROTECTED]> writes:
> grep looks for strings in a file... so find and grep are equivalent.
No. grep looks for 'regular expressions' in a file, hence the 're' in
grep. I believe grep stands for 'Global Regular Expression Program'
or such. Regular expressions are _much_ more powerful than strings
(and much more difficult to master).
--
Aaron J. Ginn Phone: 480-814-4463
Motorola SemiCustom Solutions Pager: 877-586-2318
1300 N. Alma School Rd. Fax : 480-814-4463
Chandler, AZ 85226 M/D CH260 mailto:[EMAIL PROTECTED]
------------------------------
From: "Bruce Schuck" <[EMAIL PROTECTED]>
Crossposted-To: comp.os.ms-windows.nt.advocacy,comp.os.ms-windows.advocacy
Subject: Re: Once agian: Obscurity != security (Was: Tuff Competition for LINUX!
Date: Tue, 31 Oct 2000 08:26:10 -0800
"Perry Pip" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> On Sun, 29 Oct 2000 22:21:56 -0800,
> Bruce Schuck <[EMAIL PROTECTED]> wrote:
> >
> >"Les Mikesell" <[EMAIL PROTECTED]> wrote in message
> >news:B08L5.12299$[EMAIL PROTECTED]...
> >>
> >> "Bruce Schuck" <[EMAIL PROTECTED]> wrote in message
> >> news:QF1L5.116842$[EMAIL PROTECTED]...
> >> >
> >> > > > The real lesson is: Say NO to VPN's. Say NO to dial-up access
from
> >> > outside
> >> > > > the secure LAN.
> >> > > >
> >> > > > DO NOT TRUST ANY MACHINE OUTSIDE YOUR FIREWALL.
> >> > >
> >> > > Hey! The real lesson here is don't trust Microsoft!
> >> >
> >> > Everyday the Linux source is checked in and out of the software
source
> >> code
> >> > repository and worked on. And most of those computers are at home.
They
> >> > aren't behind a firewall. They could be just as infected as that
> >Microsoft
> >> > employees computer.
> >> >
> >> > Makes you feel all safe and cozy with Linux. Right?
> >>
> >> You do understand that the most serious hacking comes from
> >> inside, don't you? Disgruntled employees, industrial spies,
> >> and the like....
> >
> >And someone else said there were 200,000 open source programmers. Scary!
> >
>
> 200,000 open source programmers looking at the code.
Please let me know how many lines of code there are in all the software on
all 20 or 30 or 40 Linux distros there are.
Then tell me which decade you PERSONALLY used to review the code line by
line.
The big myth of Open Source is that it all is reviewed. Thats a big fat lie.
Only small parts at a time of the kernel code or some of the sexier / trendy
bits of code are constantly under review.
Look how many big fat holes there arein Linux. Look at the security
advisories.
Get real.
------------------------------
From: "JS/PL" <[EMAIL PROTECTED]>
Crossposted-To: comp.os.ms-windows.advocacy,comp.os.ms-windows.nt.advocacy
Subject: Re: so REALLY, what's the matter with Microsoft?
Date: Tue, 31 Oct 2000 11:21:13 -0500
"Andy Newman" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> In article <8tk12f$614$[EMAIL PROTECTED]>, Christopher Smith wrote:
> >
> >Which "fixes" are present in Win98 you can't download for free ?
> >
> >Similarly with NT, perhaps you've heard of service packs ?
> >
>
> You didn't get it did you. All versions of Win are fixes
> to the previous one. It's only recently with Win2K that
> they're getting the complete set of functions together in
> a package that's half-well implemented. It's taken long
> enough.
Win2k isn't just a fix of NT4.
Windows.Net (Whistler) due out in the spring isn't a fix for WinME or Win9x.
So you are wrong. All versions of Windows aren't fixes to the previous one,
now apologize to the group.
------------------------------
From: "Bruce Schuck" <[EMAIL PROTECTED]>
Crossposted-To:
comp.os.ms-windows.nt.advocacy,comp.os.ms-windows.advocacy,comp.sys.mac.advocacy,comp.os.os2.advocacy,comp.unix.advocacy
Subject: Re: A Microsoft exodus!
Date: Tue, 31 Oct 2000 08:46:06 -0800
"Weevil" <[EMAIL PROTECTED]> wrote in message
news:YLxL5.508$[EMAIL PROTECTED]...
>
> Bruce Schuck <[EMAIL PROTECTED]> wrote in message
> news:NdmL5.118310$[EMAIL PROTECTED]...
> >
> > "Chris Wenham" <[EMAIL PROTECTED]> wrote in message
> > news:[EMAIL PROTECTED]...
> > > >>>>> "Bruce" == Bruce Schuck <[EMAIL PROTECTED]> writes:
> > >
> > >
> > > >> Because of the OPEN source model the GNU/LINUX system is
> > > >> light years ahead of Microsoft.
> > >
> > > > Yup. Anyone can download the source. Modify it. Compile it.
> > Distribute the
> > > > original source and the new binaries and call it a distro.
> > >
> > > Anyone can put rat poison in a bottle, add water and food coloring,
> > > call it "Bob's Coca Cola" and sell it on the street corner.
> > >
> > > Expecting to compromise Linux or any other piece of Free software
> > > this way is just as silly.
> > >
> > > If you're stupid enough to use an OS that you received from someone
> > > you don't know or trust then it's your own fault.
> >
> > Yup. I agree. I don't know or trust anyone making Linux distros.
> >
>
> You don't know anyone making Windows distros, either. You just made the
> arbitrary choice to trust them.
>
> The fact is that you're wrong about your hypothetical "security threat" to
> OSS. To quickly recap, here's your scenario:
>
> 1) Download Caldera's source code
> 2) Alter the source. Put in a back door.
> 3) Compile
> 4) Burn a copy of Caldera's distribution with original source and altered
> binaries.
> 5) Sell cheap copies on EBay or at computer swap meets or at a local
> computer store you own etc etc. Make sure you use forged Caldera labels.
>
> That's quite a bit of trouble to go to, but it is not an impossible
> scenario.
My guess is that it's happening already.
It maybe why there are so many computers sitting around waiting for the DDOS
commands.
Why break-in to so many computers (even though it seesm relatively easy to
break root in a Linux box) when all you have to do is distribute compromised
versions?
------------------------------
From: "Bruce Schuck" <[EMAIL PROTECTED]>
Crossposted-To:
comp.os.ms-windows.nt.advocacy,comp.os.ms-windows.advocacy,comp.sys.mac.advocacy,comp.os.os2.advocacy,comp.unix.advocacy
Subject: Re: A Microsoft exodus!
Date: Tue, 31 Oct 2000 08:48:04 -0800
"Chris Wenham" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> >>>>> "Ayende" == Ayende Rahien <[EMAIL PROTECTED]> writes:
>
> > "Weevil" <[EMAIL PROTECTED]> wrote in message
> > news:YLxL5.508$[EMAIL PROTECTED]...
>
>
> >> That's quite a bit of trouble to go to, but it is not an impossible
> >> scenario. Here's the same scenario for Windows:
> >>
> >> 1) Write a back door in any piece of software you want to.
> >> 2) Upload it to shareware sites.
>
> > Why can't I do the same for OSS product?
>
> You can do the same, so in theory the potential for payoff (the
> number of clients you compromise) is the same for either model.
>
> The only difference is that the user of the Free software HAS THE
> OPTION of re-compiling the source code that he might also audit or
> have audited.
>
> The user of the closed software does not have that option.
>
> > How hard is that? And how many people actually bother to compile the
source
> > if they've the binary already?
>
> I typically compile from the source code anyway and the reason is
> because I use FreeBSD - which features a ports collection (a package
> manager coupled with a tree of makefiles for a variety of
> programs).
Is the package manager open source?
Did you compile it first?
Did everyone recompile it first?
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.advocacy) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Advocacy Digest
******************************
