Linux-Advocacy Digest #4, Volume #30 Thu, 2 Nov 00 11:13:03 EST
Contents:
Re: Windoze 2000 - just as shitty as ever (Perry Pip)
Re: Software companies better than tire companies?? Please. (Was: Tuff.. (Perry Pip)
Re: Microsoft == Firestone (Was: Tuff Competition for LINUX! (Perry Pip)
Re: A Microsoft exodus! (Perry Pip)
Re: A Microsoft exodus! (Perry Pip)
Re: Once agian: Obscurity != security (Was: Tuff Competition for LINUX! (Perry Pip)
Re: Ms employees begging for food (Peter da Silva)
Re: Ms employees begging for food (Peter da Silva)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (Perry Pip)
Crossposted-To: alt.destroy.microsoft,comp.os.ms-windows.advocacy
Subject: Re: Windoze 2000 - just as shitty as ever
Date: 2 Nov 2000 15:29:47 GMT
Reply-To: [EMAIL PROTECTED]
On Thu, 2 Nov 2000 14:52:37 +0200,
Ayende Rahien <[EMAIL PROTECTED]> wrote:
>
>"Weevil" <[EMAIL PROTECTED]> wrote in message
>news:bxbM5.268$[EMAIL PROTECTED]...
>>
>> Ayende Rahien <[EMAIL PROTECTED]> wrote in message
>
>> > I don't think so. X + Gnome/KDE are much more resource hungry in my
>> > experiance than windows.
>>
>> That could be because you are trusting the numbers you see in Windows.
>> Windows lies to you about your resources. Microsoft changed the way it
>> counts "free memory" beginning with Win95, because Win95 itself consumed
>> such a shocking amount. Each successive version of Windows gets worse.
>> When you see:
>
>Perhaps, I don't know anything about this, I do know that X +Gnome/KDE is
>slower on lower system than window (98se) is.
>
How do you "know"?? Have you persoanlly examined every machine on the
planet?? Did you even bother to enable DMA on your Linux machine??
------------------------------
From: [EMAIL PROTECTED] (Perry Pip)
Crossposted-To: comp.os.ms-windows.nt.advocacy,comp.os.ms-windows.advocacy
Subject: Re: Software companies better than tire companies?? Please. (Was: Tuff..
Date: 2 Nov 2000 15:32:59 GMT
Reply-To: [EMAIL PROTECTED]
On Wed, 1 Nov 2000 16:33:49 +0200,
Ayende Rahien <[EMAIL PROTECTED]> wrote:
>
>"Perry Pip" <[EMAIL PROTECTED]> wrote in message
>news:[EMAIL PROTECTED]...
>> On Tue, 31 Oct 2000 12:58:21 +0200,
>> Ayende Rahien <[EMAIL PROTECTED]> wrote:
>> >
>> >"Perry Pip" <[EMAIL PROTECTED]> wrote in message
>> >news:[EMAIL PROTECTED]...
>> >> On Mon, 30 Oct 2000 08:21:14 +0200,
>> >> Ayende Rahien <[EMAIL PROTECTED]> wrote:
>> >> >Well, for a start, they are going to have unaffected copies of the
>source
>> >> >code, remember?
>> >> >They've change logs.
>> >> >They can simply run a doc compar of the code and check only the
>portions
>> >of
>> >> >it that changed.
>> >>
>> >> Sure, they can do this to assess the damages. But what if they find
>> >> something really bad?? Suppose they discover that a trojan was put in
>> >> W2k updates, and tens of thousands downloaded it?? Would they announce
>> >> it to the public?? Or would they try to cover it up?? What did
>> >> Firestone try to do when they found out their tires were flawed and
>> >> people were dying?? Why would MS be different from any other large
>> >> corporation with a mistake to hide.
>> >
>> >To do so you need a lot more than a mere access to the code.
>>
>> All the cracker would need is read/write access to the code, some fake
>> reasons to log the code into the CM system, and lot's of time to study
>> it.
>
>Trust me,
Trust you?? Why should I?? If you know the first thing about security
you don't trust total strangers. This is what is fundamentally wrong
with closed source software. Send me a check for $5000 to do a
background investigation on you and I will see about trusting you. My
employer did one on me.
>it's very nigh impossible to someone, even if he has full access
>to the code, to make sense of it.
And maybe some people are much better at understanding code than you
are. I never said it was probable. I said it was possible.
>A> It's a *lot* of code.
But you only need to trojan a small part of it, like maybe IIS, NTLM,
or Microsoft telnet server.
>B> It's not lying in someone's computer marked as
>windows_and_office_source_code_plus_comments_and_useful_insights.zip, it's
>thousands or more of files. You just got worker access to MS computers,
>where do you start looking?
It is most likely in a CM system with a directory structure. Browse
the directories. Also, a former MS employee would know exactly where
to go. Or maybe a disgruntled but not yet former MS employee. Or maybe
a MS employee taking bribes from corporate or international spies who
wants the code. Does MS do background investigations on all of it's
employees??
>C> How many workers do you think MS has that not only has full access to all
>the source codes to all the products, but also free and unlimited access to
>MS site?
You put a sniffer on the network and sniff all the users passwords.
>D> PR mess when this come out to the open, MS is already in deep shit in PR
>right now, putting a fix wouldn't make it much worse.
>
Few corporations are rational with respect to PR.
And you are avoiding the point I made:
closed source software:
requires blind trust in people solely out to make money
no public review.
You never know for sure
open source software:
requires cautious trust in people giving away code,
is subject to public review.
can review it yourself if need be.
------------------------------
From: [EMAIL PROTECTED] (Perry Pip)
Crossposted-To: comp.os.ms-windows.nt.advocacy,comp.os.ms-windows.advocacy
Subject: Re: Microsoft == Firestone (Was: Tuff Competition for LINUX!
Date: 2 Nov 2000 15:33:21 GMT
Reply-To: [EMAIL PROTECTED]
On Thu, 2 Nov 2000 03:35:24 +0200,
Ayende Rahien <[EMAIL PROTECTED]> wrote:
>
>"Aaron R. Kulkis" <[EMAIL PROTECTED]> wrote in message
>news:[EMAIL PROTECTED]...
>> Ayende Rahien wrote:
>> >
>> > "Aaron R. Kulkis" <[EMAIL PROTECTED]> wrote in message
>> > news:[EMAIL PROTECTED]...
>> >
>> > > You forget something: MICROSOFT's TWENTY YEARS of unethical behavior.
>> >
>> > You forget the trial, MS is going to look *real* bad in the appeal, the
>DoJ
>>
>> Oh yes...the trial.
>>
>> Where Microsoft's OWN e-mail and memos proved the case
>>
>> Where Gates, Allen, and other notables answered each question by either
>>
>> a) lying
>> b) dodging the question
>> c) claiming ignorance.
>>
>
>And this surprise you because?
>It was obvious to anyone with half a brain that they would do so.
>Or did you thought that Gates would come and say: "Of course we used illegal
>means to become the monopol. Now please breakup my company and ruin my
>lifework as well as my money cow."
>
>
So then why do you say we should trust his closed source software,
hypocrite.
------------------------------
From: [EMAIL PROTECTED] (Perry Pip)
Crossposted-To:
comp.os.ms-windows.nt.advocacy,comp.os.ms-windows.advocacy,comp.sys.mac.advocacy,comp.os.os2.advocacy,comp.unix.advocacy
Subject: Re: A Microsoft exodus!
Date: 2 Nov 2000 15:34:23 GMT
Reply-To: [EMAIL PROTECTED]
On Wed, 1 Nov 2000 23:21:41 -0600,
Erik Funkenbusch <[EMAIL PROTECTED]> wrote:
>"Weevil" <[EMAIL PROTECTED]> wrote in message
>news:r80M5.2717$[EMAIL PROTECTED]...
>> Erik Funkenbusch <[EMAIL PROTECTED]> wrote in message
>> news:hQTL5.5426$[EMAIL PROTECTED]...
>> > <[EMAIL PROTECTED]> wrote in message
>> > news:39ff63ae$1$yrgbherq$[EMAIL PROTECTED]...
>> > > I don't know which vessel you are talking about, but the USS Yorktown
>> was
>> > dead
>> > > in the water and towed into port -- and YES -- it was NT that crashed.
>> >
>> > Look, NT was as much at fault in the yorktown as the OS that was used in
>> the
>> > Arianne 5 was responsible for it's crash.
>> >
>> > > >Trust me, Linux/Unix applications have errors too.
>> > >
>> > > They haven't sunk and billion dollar vesselsand killed the crew --
>which
>> > is
>> > > exactly what would have happened to the Yorktown in war time.
>> >
>> > The Yorktown is a non-combat vessel. But it's irrelevant since the
>fault
>> > was in the database software. The Database vendor even said that the
>> > problem would have never happened if the navy had not been running a
>beta
>> > version of their software.
>>
>> I'm not familiar with the details of this case. Did NT crash or not? If
>> so, then surely you're not blaming an application for it. If the OS
>> crashes, it is the fault of the OS. A buggy application should have no
>> effect on the OS, beyond perhaps keeping it busier than it should.
>
>Something you might want to read is this:
>
>http://www.jerrypournelle.com/reports/jerryp/Yorktown.html
>
>No, NT did not crash. The "system" crashed, and specifically the database
>was corrupted do to an application failure. This caused a domino effect
>throughout the network, where systems that depended on valid data all
>crashed because they had no data validation or exception handling.
>
Get your facts straight. There were multiple incidents on the Yorktown
http://www.gcn.com/archives/gcn/1998/july13/cov2.htm
"Ron Redman, deputy technical director of the Fleet Introduction
Division of the Aegis Program Executive Office, said there
have been numerous software failures associated with NT
aboard the Yorktown."
"Refining that is an ongoing process", Redman said. Unix is a
better system for control of equipment and machinery, whereas
NT is a better system for the transfer of information and data.
NT has never been fully refined and there are times when we
have had shutdowns that resulted from NT.
"The Yorktown has been towed into port several times because of
the systems failures, he said."
"Because of politics, some things are being forced on
us that without political pressure we might not do,
like Windows NT," Redman said.
>It was taken out to shake it down and find out where the faults were. The
>basic idea of an "X" project is that if it doesn't fail, you're not testing
>it hard enough.
>
That's a pile of crap. I'm working on an X project. Unecessary
failures alot of cost money. Measuring failures is not a measure of
sucsess.
------------------------------
From: [EMAIL PROTECTED] (Perry Pip)
Crossposted-To:
comp.os.ms-windows.nt.advocacy,comp.os.ms-windows.advocacy,comp.sys.mac.advocacy,comp.os.os2.advocacy,comp.unix.advocacy
Subject: Re: A Microsoft exodus!
Date: 2 Nov 2000 15:34:41 GMT
Reply-To: [EMAIL PROTECTED]
On Wed, 1 Nov 2000 23:28:26 -0600,
Erik Funkenbusch <[EMAIL PROTECTED]> wrote:
><[EMAIL PROTECTED]> wrote in message
>news:3a00b5cf$3$yrgbherq$[EMAIL PROTECTED]...
>> >Look, NT was as much at fault in the yorktown as the OS that was used in
>the
>> >Arianne 5 was responsible for it's crash.
>>
>> REALLY! I'm sure this is going to be good --- And the reason the database
>> kept the crew from restarting NT and get underway was?
>
>Can't use your brain can you? Once the tech entered the data into the
>database, applications all over the ship started crashing as they performed
>illegal calculations. When the applications were restarted, the first thing
>they do is read the data out of the database, causing it to crash again.
>The only way to fix the problem is to fix the database, and without the
>application to enter the data into, it has to be done by hand.
>
Get your facts straight. There were multiple incidents on the Yorktown
http://www.gcn.com/archives/gcn/1998/july13/cov2.htm
"Ron Redman, deputy technical director of the Fleet Introduction
Division of the Aegis Program Executive Office, said there
have been numerous software failures associated with NT
aboard the Yorktown."
"Refining that is an ongoing process", Redman said. Unix is a
better system for control of equipment and machinery, whereas
NT is a better system for the transfer of information and data.
NT has never been fully refined and there are times when we
have had shutdowns that resulted from NT.
"The Yorktown has been towed into port several times because of
the systems failures, he said."
"Because of politics, some things are being forced on
us that without political pressure we might not do,
like Windows NT," Redman said.
------------------------------
From: [EMAIL PROTECTED] (Perry Pip)
Crossposted-To: comp.os.ms-windows.nt.advocacy,comp.os.ms-windows.advocacy
Subject: Re: Once agian: Obscurity != security (Was: Tuff Competition for LINUX!
Date: 2 Nov 2000 15:35:13 GMT
Reply-To: [EMAIL PROTECTED]
On Wed, 1 Nov 2000 16:06:43 -0600,
Weevil <[EMAIL PROTECTED]> wrote:
>
>Bruce Schuck <[EMAIL PROTECTED]> wrote in message
>news:GoXL5.119890$[EMAIL PROTECTED]...
>>
>> "Perry Pip" <[EMAIL PROTECTED]> wrote in message
>> news:[EMAIL PROTECTED]...
>> > On Wed, 01 Nov 2000 02:47:44 GMT,
>> > Chad Myers <[EMAIL PROTECTED]> wrote:
>> > >
>> > >"Weevil" <[EMAIL PROTECTED]> wrote in message
>> > >news:9HJL5.1627$[EMAIL PROTECTED]...
>> > >
>> > ><SNIP>
>> > >
>> > >> The reality is open source software is more likely to be secure than
>> binary
>> > >> only software.
>> > >
>> > >LIE
>> >
>> > Nearly every security expert on the planet disagrees with you.
>> >
>> >
>> > >Linux has now taken the lead in exploits.
>> >
>> > These exploits are being found and patches released before they are
>> > exploited, becuase it's open source.
>> >
>> > >It seems that Open Source has produced more security holes than closed
>> source.
>> > >
>> >
>> > No the OSS ones get discovered and fixed.
>>
>> The OpenBSD website disagrees in the sense they say they are at least 6
>> months ahead of the other Linux/BSD sites in closing security holes.
>>
>> Go ahead. Take a look.
>>
>
>I did. You're knowlingly misrepresenting what is on OpenBSD's security
>page. In other words, you're lying.
Of course he's lying. He has no arguement.
But what is most ironic is that he claims Linux is "scary" because the
source code is available for people to see, and then he uses OpenBSD as
and example of what is secure. Total hypocracy.
>The only thing that comes close to what you claim is a paragraph which says:
>
>--------
>Our proactive auditing process has really paid off. Statements like ``This
>problem was fixed in OpenBSD about 6 months ago'' have become commonplace in
>security forums like BUGTRAQ.
>--------
>
>That's a far cry from them claiming to be "at least 6 months ahead of the
>other Linux/BSD sites in closing security holes." They're clearly proud of
>their preventive approach to OpenBSD security, and when something like that
>happens, they notice it and mention it.
>
>I happen to like their approach myself, but nowhere on their website do they
>claim to be "6 months ahead of Linux/BSD in closing security holes." They
>do claim that they've caught holes 6 months before other OSes found similar
>ones. But they don't even mention Linux. In fact, they didn't name *any*
>OS they beat to the punch. For all you know, they were talking about
>Win2K/NT.
>
>But even if they had Windows in mind, they still weren't saying they were "6
>months ahead" of them. You pulled that out of your ass.
>
>Didn't you understand what you read there? Or did you just expect that no
>one would check up on you?
>
>jwb
>
>
>
>
------------------------------
From: [EMAIL PROTECTED] (Peter da Silva)
Crossposted-To: comp.os.ms-windows.nt.advocacy,comp.arch,comp.os.netware.misc
Subject: Re: Ms employees begging for food
Date: 2 Nov 2000 15:42:25 GMT
In article <[EMAIL PROTECTED]>,
T. Max Devlin <[EMAIL PROTECTED]> wrote:
> >I'm sorry, you seem to be using normal technical terms in some way that makes
> >no sense at all.
> No apology necessary. I'm aware of the problem.
Perhaps you could condescend to us for a while, then, and either stick to
the normal terminology or make up completely new terms for completely new
concepts?
> >With many stations, I can get much more than 10% or 30% of
> >the aggregate throughput. Just what exactly is this thing you say that
> >you can only get 10% of out of Ethernet? And why should anyone care about
> >it?
> You say you can get much more than 10% or 30% aggregated throughput, but
> the issues is the non-aggregated throughput. It takes a CSMA/CD
> transmission channel (apart from the "point to point"
> thought-experiment) roughly ten times longer to get an arbitrary amount
> of data to the "other end" of the channel when the average utilization
> is at 30% than it does when the utilization is 10%.
That assertion doesn't sound completely off the wall, but it still doesn't
match my experience. Transfers slow down as the load increases, yes, but
1000% slowdown over the range 10%-30% seems excessive.
> a) Why I recommend "provisioning" Ethernets for 10% load on average,
That sounds like a reasonable recommendation... but what network would you
not recommend leaving that much headroom on?
> >> Unless you've got fewer than 10 devices on a
> >> segment,
> >Where does this "10 devices" come from?
> 100/10=10.
Where does this 100/10=10 calculation come from?
> variance of traffic patterns and the impact it can have, but you've
> still not gotten to the point where you can do more than "divvy up the
> bandwidth". That's not the way CSMA/CD works.
I know that's not the way CSMA/CD works, which is why I don't know where this
"10 devices on a segment" concept comes from.
> You have to admit, there is a fundamental conflict in the standard
> industry knowledge about how networks work, when the goal seems to
> simultaneously to have as low a utilization as possible, as a sign of
> success in properly running the network, and as high a utilization as
> possible, which also proves the network is well run. Tell me, which is
> it?
Personally, I base it on whether the end users are getting the performance
they need, and how much it costs to give them that performance.
> >and it doesn't matter if it's ethernet or token
> >ring, you're not going to have as much point-to-point throughput if there's
> >contention for the bandwidth (yeh, you don't get a collision, but now you
> >have to sit back and twiddle your thumbs waiting for the token). And even
> >on a switched network, there are shared resources to contend with.
> Yes, but they don't have non-deterministic behavior as part of their
> very design because their channel arbitration scheme relies on a random
> interval to mitigate contention. It matters quite a bit if its a
> CSMA/CD Ethernet or a token ring or any other type of transmission
> channel technology. This also accounts for the point-to-point
> (including switched) scenarios you've been using.
Switched is only point-to-point between the switch and the NIC. The switch's
internal bus can use any technology it wants to shovel packets about, and
generally you can't find out what that is even if you ask. Given how far it's
overprovisioned (a Cisco 2924, IIRC, has a 3.2GB bus and only 2.4GB maximum
bandwidth even with all ports pumping at the same time) it wouldn't shock me
to learn it's got a "3.2G ethernet" inside.
> What you mistake for you noise is simply your own confusion. No, it
> isn't simply a matter of a linear, or deterministic, relationship
> between response time and channel utilization, as you seem to believe.
I haven't said anything even remotely like that, sorry.
--
`-_-' In hoc signo hack, Peter da Silva.
'U` "Milloin halasit viimeksi suttasi?"
Disclaimer: WWFD?
------------------------------
From: [EMAIL PROTECTED] (Peter da Silva)
Crossposted-To: comp.os.ms-windows.nt.advocacy,comp.arch,comp.os.netware.misc
Subject: Re: Ms employees begging for food
Date: 2 Nov 2000 15:53:27 GMT
In article <[EMAIL PROTECTED]>,
T. Max Devlin <[EMAIL PROTECTED]> wrote:
> Why are you insisting on turning this discussion into a "switched V.
> shared" holy war?
*boggle*
Max, slow down, mate. A Holy War generally involves whacking bits off with
swords, not asking questions.
If that's what you think's going on, carry on without me.
--
`-_-' In hoc signo hack, Peter da Silva.
'U` "Milloin halasit viimeksi suttasi?"
Disclaimer: WWFD?
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.advocacy) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Advocacy Digest
******************************
