Linux-Advocacy Digest #990, Volume #29 Wed, 1 Nov 00 19:13:03 EST
Contents:
Re: A Microsoft exodus! (2:1)
Re: Linux growth rate explosion! (Goldhammer)
Re: A Microsoft exodus! ("Christopher Smith")
Re: A Microsoft exodus! ("Christopher Smith")
Re: Windoze 2000 - just as shitty as ever (Giuliano Colla)
Re: 2.4 Kernel Delays. (The Ghost In The Machine)
Re: Oracle say's Microsoft no good! ("Christopher Smith")
Re: Why Linux is great (R.E.Ballard ( Rex Ballard ))
MILLS CATCHES COLD FROM BADGER (The Great Suprendo)
Re: 2.4 Kernel Delays. (Gary Hallock)
----------------------------------------------------------------------------
From: 2:1 <[EMAIL PROTECTED]>
Crossposted-To:
comp.os.ms-windows.nt.advocacy,comp.os.ms-windows.advocacy,comp.sys.mac.advocacy,comp.os.os2.advocacy,comp.unix.advocacy
Subject: Re: A Microsoft exodus!
Date: Thu, 02 Nov 2000 00:59:05 +0000
> Neither does Outlook. The basic principle is identical - all you need to do
> is attach a shell script and convince someone to execut it it in a shell.
> Most mailers let you pipe attachments straight from the email to any program
> you want, so all you need is a message body that says something like:
>
> "Press |, then type /bin/sh and hit return to see Natalie Portman obey your
> every wish."
>
> And an attachment like:
> #!/bin/sh
> rm -rf /* > /dev/null &
> echo "Loading up, please wait...."
>
There's an easy way to protect yourself: run it in a chrooted system as
an ordinary user. The worst that can happen is that the guinea pig
user's files (which this attachment is probably the only one) gets
trashed. That's it.
Or, run it as a guinea pig user on a non chrooted system. Same goes:
nothing but the guinea pig gets trashed.
> And the end result will be largely the same (all that user's files deleted,
> the whole system nuked if they're running as root - which a _lot_ of people
> do, even experienced ones).
>
> > Assuming that there are email (or other types of) programs Linux that do
> > blindly execute attachments, there is still another layer of security the
> > trojan must get past. Unless the user is running as root, the only damage
> > that can be done to the system is the user's own files.
>
> Which as far as the user is concerned, is just as bad as the entire system
> getting nuked. Sheesh. Reinstalling a system is _easy_ (albeit time
> consuming). Rewriting that 1000 page thesis is major heartache.
>
> And of course Win2k has as much protection of this sort as Unix does.
>
> > So...if there is an app that blindly executes attachments, and if someone
> is
> > naive enough to use it, and if they use it as root, then yes, they're just
> > as vulnerable as Windows users.
>
> Outlook doesn't blindly execute attachments. Never has.
>
> The average dumb user is just as vulnerable under either OS. If they're
> dumb enough to open and execute attachments without looking at them, then
> they're quite dumb enough to be running as root.
>
> The only "protection" Unix has is that a) a much larger proportion of its
> userbase would be clueful enough _not_ to run an attachment without checking
> it out and b) no-one would bother writing such a trojan, due to reason (a).
>
> Unix is "protected" from viruses for much the same reason MacOS is - lack of
> interest. If Linux becomes as popular as many seem to want it to, *this
> will change*. Not only as more virus writers and the like become
> interested, but also as more distribution and software developers start
> adding all the little features that make Windows and MacOS quicker, easier
> and simpler to use that end-users love. Good (ie effective) security is a
> major pain in the arse, which is why so few people practice it. It's
> forever getting in the way, making simple tasks more difficult etc.
>
> [chomp]
--
Konrad Zuse should recognised. He built the first | Edward Rosten
binary digital computer (Z1, with floating point) the | Engineer
first general purpose computer (the Z3) and the first | u98ejr@
commercial one (Z4). | eng.ox.ac.uk
------------------------------
From: [EMAIL PROTECTED] (Goldhammer)
Crossposted-To:
comp.lang.java.advocacy,comp.os.ms-windows.advocacy,comp.os.ms-windows.nt.advocacy
Subject: Re: Linux growth rate explosion!
Reply-To: [EMAIL PROTECTED]
Date: Wed, 01 Nov 2000 23:07:41 GMT
On Wed, 01 Nov 2000 02:35:55 GMT,
Chad Myers <[EMAIL PROTECTED]> wrote:
>How 'bout a real workgroup database development
>environment for making small business or
>workgroup database applications
>that an average user can learn
>and master in days or weeks.
MySQL.
>I don't believe there is ANYTHING
>on Linux that competes even remotely
>with Access and all its functionality.
Surely you can't be serious. Access
vs. MySQL or Postgres? Do you realize how
ridiculous you sound?
--
Don't think you are. Know you are.
------------------------------
From: "Christopher Smith" <[EMAIL PROTECTED]>
Crossposted-To:
comp.os.ms-windows.nt.advocacy,comp.os.ms-windows.advocacy,comp.sys.mac.advocacy,comp.os.os2.advocacy,comp.unix.advocacy
Subject: Re: A Microsoft exodus!
Date: Thu, 2 Nov 2000 09:18:46 +1000
"lyttlec" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Christopher Smith wrote:
> >
> > "Weevil" <[EMAIL PROTECTED]> wrote in message
> > news:VyHL5.1544$[EMAIL PROTECTED]...
> > >
> > > > How hard would it be to write something like this for unix/linux?
> > > > If I understand the way those viruses worked, you open the attach
file,
> > it
> > > > reads the adress book and sent it to the first 50 people there,
right?
> > > > Can't you do the same in unix? (I'm asking, not insulting. I want to
> > know
> > > > the answer.)
> > >
> > > It used to be a truism that you can't get a virus merely by reading
your
> > > email. Microsoft changed all that (to the shock of most
> > security-conscious
> > > observers) when they added Visual Basic macro capability to their
email
> > > program. Any of their apps which use such macros (e.g. Word) are
> > obviously
> > > vulnerable.
> >
> > This is false. You have to *deliberately* double click on the
attachment
> > and answer yes to the resultant dialog box (which defaults to no) to
> > open/run it. It's a long way from getting a virus "just by reading
email".
> >
> I understood you could get the virus via the "preview" feature without
> even opening the e-mail. Is this true or not?
Not as far as I know.
There was, I believe, a buffer overrun that caused some problem along those
lines a while back, but that's a long way from it being a design choice and
deliberate feature.
------------------------------
From: "Christopher Smith" <[EMAIL PROTECTED]>
Crossposted-To:
comp.os.ms-windows.nt.advocacy,comp.os.ms-windows.advocacy,comp.sys.mac.advocacy,comp.os.os2.advocacy,comp.unix.advocacy
Subject: Re: A Microsoft exodus!
Date: Thu, 2 Nov 2000 09:22:00 +1000
"2:1" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED]...
> > Neither does Outlook. The basic principle is identical - all you need
to do
> > is attach a shell script and convince someone to execut it it in a
shell.
> > Most mailers let you pipe attachments straight from the email to any
program
> > you want, so all you need is a message body that says something like:
> >
> > "Press |, then type /bin/sh and hit return to see Natalie Portman obey
your
> > every wish."
> >
> > And an attachment like:
> > #!/bin/sh
> > rm -rf /* > /dev/null &
> > echo "Loading up, please wait...."
> >
>
>
>
> There's an easy way to protect yourself: run it in a chrooted system as
> an ordinary user. The worst that can happen is that the guinea pig
> user's files (which this attachment is probably the only one) gets
> trashed. That's it.
>
>
> Or, run it as a guinea pig user on a non chrooted system. Same goes:
> nothing but the guinea pig gets trashed.
There's an even easier way to protect yourself - don't run it at all.
However, the point isn't whether or not it's easy to protect yourself -
because it is - the point is that idiots on both platforms as just as
vulnerable. A lot of people run as root, even those who know better.
------------------------------
From: Giuliano Colla <[EMAIL PROTECTED]>
Crossposted-To: alt.destroy.microsoft,comp.os.ms-windows.advocacy
Subject: Re: Windoze 2000 - just as shitty as ever
Date: Wed, 01 Nov 2000 23:26:19 GMT
Ayende Rahien wrote:
>
> "Giuliano Colla" <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]...
>
> > The biggest asset of Linux isn't that it's free, but that it
> > works fine. When you you're used to the crappy MS software
> > costing a lot of money to buy, and an enormous amount as
> > TCO, and you discover that you may have quality software,
> > working as intended, and that moreover it's free, then maybe
> > you stress a bit the fact that it's free. You start using it
> > and you're happy. Only it turns out that because of
> > anti-competitive policies (certainly not out of innovation
> > and quality!) Windows has become a de-facto standard, and
> > you're forced to cope with it. And when you're fed up with
> > its crappyness you post on ADM to cool down a bit.
>
> There was a time when Microsoft wasn't the de fasto standard, right?
Wrong. MS DOS was stuffed in any IBM PC sold, when only IBM was making
PC's. It all started from then. Nobody's ever got a chance to compete.
> How did it reach this position? When it didn't have the power to threaten
> the OEMs and everybody else, exactly how did Microsoft got to the point when
> windows is now? By making bad software?
They had that power from the beginning, using IBM leverage. Using MS DOS
dominance, they imposed Windows 16 bits, they pushed DR DOS out of
market by providing fake incompatibility messages, they introduced
Windows 95 by faking a nonexistent integration between OS and GUI, in
order to outsmart a court order which imposed the separation of the
products. THey got to the point where they are by using any sort of
anti-competitive actions they could figure out, while software quality
was bad and has become worse as time goes by.
> I somehow doubt it. Look at their record, please.
> The best example I can give you is the browser wars, in version 2 & 3
> netscape was by far superior to IE, and it had by far the largest market
> share. Since version four, what happened to NS market share? I used netscape
> exclusively in the ver 2 & 3 days, now I don't use it. No one forced me to
> move, IE was simply better in giving me what I needed.
Market share of Netscape started to drop only when MS obliged OEM's not
to pre-install it, and installing IE instead. You may easily check the
dates, they're in the MS trial documents. Up to that time market
acceptance of IE was very cold. Why they make IE impossible to
uninstall, if they're not afraid that given a chance everybody would get
rid of it? If you check MS trial documents, you'll find a Bill Gates
memo asking to find means to block Netscape, because "we can't win on
performance". In that case I must agree with Bill Gates. I tried IE 4,
compared to Netscape 4, and uninstalled it next day. I even gave a try
to IE 5 (carefully saving my registry, dll's and so on), and I quickly
uninstalled it (the hard way, because it's not intended to be). If
you're happy to connect to the Internet with a browser which doesn't
make a difference between opening an http location or executing a
program in you HD, well, it's your HD and your data. However I suggest
you to give a look to the Finding of Facts of the MS trial. It's rather
instructing:
http://www.usdoj.gov/atr/cases/ms_index.htm
------------------------------
From: [EMAIL PROTECTED] (The Ghost In The Machine)
Crossposted-To: comp.os.ms-windows.nt.advocacy,comp.os.ms-windows.advocacy
Subject: Re: 2.4 Kernel Delays.
Date: Wed, 01 Nov 2000 23:31:19 GMT
In comp.os.linux.advocacy, Bruce Schuck
<[EMAIL PROTECTED]>
wrote
on Wed, 1 Nov 2000 08:15:36 -0800
<6jXL5.119887$[EMAIL PROTECTED]>:
>
>"Shannon Hendrix" <[EMAIL PROTECTED]> wrote in message
>news:8tobps$cq$[EMAIL PROTECTED]...
>> In article <iAbL5.5023$[EMAIL PROTECTED]>,
>> Erik Funkenbusch <[EMAIL PROTECTED]> wrote:
>>
>> > How many multi-server load balanced Linux sites can you come up with?
>> > Google is a good one, but it's a rarity.
>>
>> The main reason you don't see as many clustered UNIX sites is that a
>> single machine can do the work of many NT machines.
>>
>> Microsoft's own site is a virtual masterpiece example of throwing
>> resources at a problem instead of using your head. A single IBM
>> mainframe could handle that load, and be cheaper. It would, of
>> course, be running UNIX. Or Linux even.
>
>And it would be 10 times more expensive.
>
>And have a single point of failure. Look at EBays use of 1 E10000 over the
>last few weeks as a prime example.
>
>Clustering of cheap boxes is a lot more flexible. And cheaper.
And presumably with Windows NT a lot easier....maybe. I for one
would be curious as to how one could set up a multinetwork
cluster of, say, 32 NT boxes and 32 Linux boxes (hardware identical,
software as near to identical as it makes sense to do so).
There's also the issue as to precisely how "clustering" is
defined as well -- presumably it's easy enough to set up 32
identical websites, but it would be a maintenance nightmare --
or would it? -- or one can use a central NFS server (single point
of failure?), or dual servers with some sort of automounting
failover mechanism.
I don't know how to do this with Windows NT/IIS, of course. But
there are several ways of setting this up with Linux -- and probably
with Windows NT, as well.
One issue with older Unix boxen is that they tend to be more reliable --
and more expensive. (With Linux, of course, this ceases to be an issue,
although one can't really make a silk purse out of a sow's ear;
don't expect gigabytes/sec from that old IDE/33 Mhz PCI system. :-) )
One also has issues with session management. (My employer did.)
A user connects, "logs in" through a form, then moves on.
On a well-crafted system, that user should be "known", as far as
his session tracking (cookie) is concerned, to every Webfarm
machine.
Or one uses authorization, as per RFC2068.
Tracking the user as he moves from system to system (remember,
HTTP is a stateless protocol) makes life interesting. :-)
--
[EMAIL PROTECTED] -- insert random misquote here
------------------------------
From: "Christopher Smith" <[EMAIL PROTECTED]>
Subject: Re: Oracle say's Microsoft no good!
Date: Thu, 2 Nov 2000 09:32:31 +1000
"Tim Kelley" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Tim Smith wrote:
>
> > [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
> > >Laugh all you want. Microsoft have lost the server market. Linux is
> > >making inroads on the desktop. Now that they have been hacked (and not
> >
> > The Linux inroads on the desktop are not very big. Linux is a better OS
> > than any version of Windows, but Microsoft has a much better graphical
> > shell than anything available for Linux.
>
> I am getting so sick of hearing this. What makes the windows explorer
> shell soooo much better than KDE or GNOME? What? Name ONE THING, and
don't
> resort to application availability issues, because that has nothing to do
> with the graphical shell.
Drag and drop that works consistently, logically and predictably.
And by limiting it to only the KDE "shell", it is a most unfair comparison,
since almost all the really useful things in Windows and MacOS like common
dialogs, common keyboard shortcuts, common look&feel and global copy & paste
have little to do with the "shell" you use for file management.
> Both KDE and GNOME are superior UI's to anything micros~1 has produced.
KDE has mostly surpassed the level of functionality that was present in
Windows 3.1. It's going to take it a while to get to the level of modern
Windows and MacOS GUIs.
> The windows shell is one of the worst UI's ever concieved.
Not a good advertisement for KDE considering that KDE is largely a copy of
it. And the Windows GUI is _streets_ ahead of either KDE or GNOME right
now.
Having said that, however, I'm most impressed in how far KDE has come, all
things considered.
------------------------------
From: R.E.Ballard ( Rex Ballard ) <[EMAIL PROTECTED]>
Subject: Re: Why Linux is great
Date: Wed, 01 Nov 2000 23:28:22 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (George Richard Russell) wrote:
> In article <[EMAIL PROTECTED]>, Aaron Ginn wrote:
> >[EMAIL PROTECTED] (George Richard Russell) writes:
> >
> >> All hidden behind a backwards UI for 70's teletypes.
And here we go back into the great CLI vs GUI debate. It's like
Holloween. It seems to come back at least once a year. Sometimes
you can see it on a monthly basis.
> >> Shame that.
Nothing to be ashamed of.
You see, by using a CLI as a calling interface, you can:
- manage systems remotely with minimal equipment and risk.
- manage systems using scripts, assuring preditable results.
- manage systems using cron jobs that reduce the number of error
prone human interactions. This also freees labor for development.
- generate commands using any number of graphical interfaces.
- feed GUI generated results to filters to create more sophisticated
results.
- insure consistency between different GUI tools.
This is why there are so many different GUI ways to manage the system.
Some, like the Cobalt Cube almost appear to have lost the CLI entirely,
but are still generating the same commands via the web browser as via
the Python GUI as via the TCL GUI as via the Java GUI.
Since the commant itself is known, the GUI developer has great freedom
in choosing the GUI implementation.
In some cases, the process is orthagonal. For example, the GUI can be
used to generate files, then the file can be edited with a simple
Editor (great way to turn 1 into 100), or even a script (turn 1 into
1000). Then, you can display and edit with the GUI again.
GUIs are easy to learn, especially if there isn't a prescribed
sequence of screens to traverse (making the human being a very
unreliable parser).
For artistic expression, a GUI is wonderful. For routine activities,
a GUI is not a good practice.
> >> George Russell
> >
> >You haven't used KDE2 yet, have you?
>
> Yup.
>
> Wow.
>
> KDE, however nice, is limited in scope, and no Unix desktop
> will ever shed its cli roots
>
> George Russell
>
--
Rex Ballard - VP I/T Architecture
Linux Advocate, Internet Pioneer
http://www.open4success.com
Linux - 60 million satisfied users worldwide
and growing at over 9%/month! (recalibrated 10/23/00)
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: The Great Suprendo <[EMAIL PROTECTED]>
Crossposted-To:
soc.culture.irish,ie.politics,uk.telecom,rec.antiques,ba.art,ba.bicycles,rec.crafts.pottery,rec.sport.pro-wrestling.fantasy
Subject: MILLS CATCHES COLD FROM BADGER
Date: Wed, 1 Nov 2000 23:41:34 +0000
MILLS CATCHES COLD FROM BADGER
Doctors Say Virus Threatens Humanity
Read more on :
http://www.southernunionist.ie.uk/bollocks/shite/blancmange/arse.html
--
ROAR UP MY TWAT!!!
------------------------------
Date: Wed, 01 Nov 2000 18:58:24 -0500
From: Gary Hallock <[EMAIL PROTECTED]>
Crossposted-To: comp.os.ms-windows.nt.advocacy,comp.os.ms-windows.advocacy
Subject: Re: 2.4 Kernel Delays.
Chad Mulligan wrote:
>
>
> Your point? I had two NT4 servers up longer than that between SP4 and SP6.
> They actually ended up at 370+ days and the down time was scheduled.
Is that 370+ days without scheduled down time? Or 370+ days without an
unscheduled outage? If you have a regularly scheduled down time to reboot
once a week then it doesn't count.
Gary
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.advocacy) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Advocacy Digest
******************************
