Linux-Advocacy Digest #32, Volume #30 Sat, 4 Nov 00 02:13:02 EST
Contents:
Re: 2.4 Kernel Delays. ("Les Mikesell")
Re: IBM to BUY MICROSOFT!!!! ("Bruce Schuck")
Re: I think I'm in love..... (sfcybear)
Re: IBM to BUY MICROSOFT!!!! ("Bruce Schuck")
Re: A Microsoft exodus! ("Christopher Smith")
Re: IBM to BUY MICROSOFT!!!! ("Bruce Schuck")
Re: A Microsoft exodus! (Bill Vermillion)
Re: A Microsoft exodus! (Bill Vermillion)
Re: IBM to BUY MICROSOFT!!!! ("Bruce Schuck")
Re: IBM to BUY MICROSOFT!!!! ("Bruce Schuck")
Re: Why is MS copying Sun??? (JoeX1029)
Re: IBM to BUY MICROSOFT!!!! ("Les Mikesell")
Re: A Microsoft exodus! ("Bruce Schuck")
Re: IBM to BUY MICROSOFT!!!! ("Les Mikesell")
Re: Linux growth rate explosion! ("Chad Myers")
Re: We will never know what the MS intruder did ("Chad Myers")
Re: We will never know what the MS intruder did ("Chad Myers")
Re: 2.4 Kernel Delays. ("Chad Myers")
----------------------------------------------------------------------------
From: "Les Mikesell" <[EMAIL PROTECTED]>
Crossposted-To: comp.os.ms-windows.nt.advocacy,comp.os.ms-windows.advocacy
Subject: Re: 2.4 Kernel Delays.
Date: Sat, 04 Nov 2000 06:18:35 GMT
"Bruce Schuck" <[EMAIL PROTECTED]> wrote in message
news:dFNM5.121778$[EMAIL PROTECTED]...
>
> > > They tested the best capabilities of all systems.
> >
> > Did I miss the php and mod_perl timings?
> >
> > > It's well known fact that IIS 5 on Win2K kicks ass on dynamic content.
> > >
> > > If you have alternative benchmarks post them.
> >
> > Why would I have any IIS timings? I would be interested if anyone
> > has equivalent perl code running under IIS and apache/mod_perl, though.
>
> That is the beauty of IIS. You can write you ISAPI filters in many
> languages, including Perl.
Of course you can. The question is how it performs compared to
apache/mod_perl and whether you have to write thread-safe
code in a thread-safe language (which in my experience takes
about 15 years longer than when you don't) to make it work.
Les Mikesell
[EMAIL PROTECTED]
------------------------------
From: "Bruce Schuck" <[EMAIL PROTECTED]>
Crossposted-To: comp.os.ms-windows.advocacy,comp.os.ms-windows.nt.advocacy
Subject: Re: IBM to BUY MICROSOFT!!!!
Date: Fri, 3 Nov 2000 22:21:13 -0800
"Les Mikesell" <[EMAIL PROTECTED]> wrote in message
news:pVJM5.12878$[EMAIL PROTECTED]...
>
> "Bruce Schuck" <[EMAIL PROTECTED]> wrote in message
> news:AVCM5.121602$[EMAIL PROTECTED]...
> >
> > While some of the holes in Linux get fixed quickly (and the OpenBSD
people
> > seem to think "quickly" is 6 months faster than Linux people think it
is)
> > many are not fixed. ANd many of the fixes are not implimented by the
> users.
>
> Do you imagine that every win2k box has service pack 1 applied now?
No. But Linux is an open door by default. Win2K is not.
>
> > > > Because Linux is an open door by default!
> > >
> > > Early versions have had problems. The real reason is that compared
> > > to Windows, Linux is much more useful after you gain access.
> >
> > A Linux fantasy.
> >
> > The real answer is it's a lot easier to break in to a Linux box. Thats
why
> > the kiddies target Linux.
>
> It that is true, it is only because it is easier to install keep running
> than
> other systems, and thus the choice for some people who don't want to
> bother learning how to configure things correctly.
Win2K is a lot more secure out of the box than Linux is.
>Or perhaps that
> they are easy to forget because they run for years with no attention.
> It is not easy to break into a Linux box when all the vendors updates
> have been applied.
There are so many .... and people would never get any work done monitoring
all the open source security advisory sites.
------------------------------
From: sfcybear <[EMAIL PROTECTED]>
Subject: Re: I think I'm in love.....
Date: Sat, 04 Nov 2000 06:14:47 GMT
In article <LFHM5.430$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> Ken McFelea wrote:
>
> > Just installed Linux Mandrake 7.2. Read the manual for about an
hour.
> > Spent an hour installing it and it has already stolen my heart.
Could be
> > puppy love though. This is my first experience with a Linux type
> > environment but I'm impressed.
>
> What does work is very nice...
>
> * Wheel mouse now works. Never could get it going on 7.1
> * USB ZIP 250 drive working just fine
> * EPSON Stylus Color 640 now supported
> * Voodoo 5500 supported (XFree86 4.0.1)
>
> Hey this KNode newsreader is pretty cool...
>
> Certainly looks good so far, though there are a few warts...
>
> * My sound card (still) isn't supported
Of course you don't say what it is.
> * LILO boot keeps coming and going
That is caused by a loose nut on the keyboard.
> * Fonts all got stuck on some ugly fixed font
My fonts are working well!
> * Quite a few SIGSEGV's in KDE 2.0
I Have not noticed very many...
>
> --
> Pete Goodwin
>
> Just waiting for Linux to get there...
>
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: "Bruce Schuck" <[EMAIL PROTECTED]>
Crossposted-To: comp.os.ms-windows.advocacy,comp.os.ms-windows.nt.advocacy
Subject: Re: IBM to BUY MICROSOFT!!!!
Date: Fri, 3 Nov 2000 22:22:57 -0800
"Aaron R. Kulkis" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Bruce Schuck wrote:
> >
> > "Weevil" <[EMAIL PROTECTED]> wrote in message
> > news:Q_IM5.12930$[EMAIL PROTECTED]...
> > >
> > > Bruce Schuck <[EMAIL PROTECTED]> wrote in message
> > > news:H1DM5.121603$[EMAIL PROTECTED]...
> > > >
> > > > *** Note "We can make the changes the vendors would not make".
> > > Translation:
> > > > The other vendors leave holes in their software.
> > > > Like many readers of the BUGTRAQ mailing list, we believe in full
> > > disclosure
> > > > of security problems. In the operating system arena, we were
probably
> > the
> > > > first to embrace the concept. Many vendors, even of free software,
still
> > > try
> > > > to hide issues from their users.
> > > >
> > > > ** The "even of free software" is a clear attack on Linux. Which
> > security
> > > > problems are they saying Linux is hiding from users?
> > >
> > > Note the qualifier "even". "Even of free software," meaning that it
> > should
> > > be surprising, and considered a rarity, that vendors of free software
> > would
> > > resort to such things.
> >
> > No. What they are saying is that free software (Linux) hide issues from
> > their users all the time.
> >
> > Anyone who reads the security advisories knows that Linux distros are
> > unsecure and open by default.
>
> Oh, really?
>
> Actually, AT INSTALLATION you are forced to pick between
>
> "unsecure"
> "moderately secure"
> and
> "paranoid"
Very droll. Not true of course. But very amusing.
>
>
> > They are the favorite hacking ground of script
> > kiddies and hackers.
>
> Really. Then how come all of the problems keep showing up on NT
> machines, not *nix machines?
Aaron, we know you sleep beside your machine and ignore the many security
advisories for Unix -- especially the buffer overflow ones you claimed were
removed from Unix in 1988.
------------------------------
From: "Christopher Smith" <[EMAIL PROTECTED]>
Crossposted-To:
comp.os.ms-windows.nt.advocacy,comp.os.ms-windows.advocacy,comp.sys.mac.advocacy,comp.os.os2.advocacy,comp.unix.advocacy
Subject: Re: A Microsoft exodus!
Date: Sat, 4 Nov 2000 16:22:07 +1000
"Bill Vermillion" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED]...
> In article <N7KM5.6196$[EMAIL PROTECTED]>,
> Erik Funkenbusch <[EMAIL PROTECTED]> wrote:
> >"Bill Vermillion" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> >> >> So, like, why don't we see Unix e-mail viruses?
> >>
> >> >Not enough people interested in making them?
> >>
> >> Well unless you consistanly run as root the worst any email virus
> >> could do would be wipe out your own files. Why write a virus if
> >> you can't nuke the entire system :-).
>
> >Lots of viruses have been written which do just that. Melissa and
> >ILOVEYOU could be accomplished without any special priveledges.
> >They just need to grep the users home directory for email addresses
> >to mail itself to.
>
> We were talking about Unix email viruses - not the Mellisa or
> ILOVEYOU. I'm unaware of any for Unix. First you have to execute
> the program from the mailer and what Unix mail readers do that?:
Anything that allows handing off the attachment to some other application
like Outlook does. Pine is an example that springs quickly to mind.
------------------------------
From: "Bruce Schuck" <[EMAIL PROTECTED]>
Crossposted-To: comp.os.ms-windows.advocacy,comp.os.ms-windows.nt.advocacy
Subject: Re: IBM to BUY MICROSOFT!!!!
Date: Fri, 3 Nov 2000 22:25:21 -0800
"Aaron R. Kulkis" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Bruce Schuck wrote:
> >
> > "Les Mikesell" <[EMAIL PROTECTED]> wrote in message
> > news:QXpM5.12759$[EMAIL PROTECTED]...
> > >
> > > "Bruce Schuck" <[EMAIL PROTECTED]> wrote in message
> > > news:WimM5.120952$[EMAIL PROTECTED]...
> > >
> > > >
> > > > The OpenBSD people claim they are usually 6 months ahead of
Linux/Unix
> > in
> > > > fixing exploits.
> > > >
> > > > Go ahead and sleep through those 6 months of "open" vulnerabilities.
> > >
> > > Why don't you ask them how many years they are ahead of anything
> > > from Microsoft?
> >
> > What percentage of the market does the secure open source project
(OpenBSD)
> > hold compared to the insecure one (Linux) ?
>
> And this is your argument that closed-source Microsoft code is more
secure?
I was arguing that every Linux and Unix is 6 months behind OpenBSD and
inherently not secure.
------------------------------
Crossposted-To:
comp.os.ms-windows.nt.advocacy,comp.os.ms-windows.advocacy,comp.sys.mac.advocacy,comp.os.os2.advocacy,comp.unix.advocacy
From: [EMAIL PROTECTED] (Bill Vermillion)
Subject: Re: A Microsoft exodus!
Reply-To: [EMAIL PROTECTED]
Date: Sat, 4 Nov 2000 05:55:35 GMT
In article <[EMAIL PROTECTED]>,
Aaron R. Kulkis <[EMAIL PROTECTED]> wrote:
>The Ghost In The Machine wrote:
>> In comp.os.linux.advocacy, Aaron R. Kulkis
>> <[EMAIL PROTECTED]>
>> wrote
>> on Thu, 02 Nov 2000 09:54:52 -0500
>> <[EMAIL PROTECTED]>:
>> >Christopher Smith wrote:
>> >>
>>
>> [snip]
>>
>> >> It doesn't. He said same scenario, not same events. THe scenario is a
>> >> trojan, and any OS is vulnerable to them.
>> >
>> >Really now.
>> >
>> >So, like, why don't we see Unix e-mail viruses?
>> Who says we don't? Kevin Mitnick's "worm" was highly prolific,
>> somewhat destructive (because of bandwidth), and resulted in his
>> being forbidden to touch a computer ever again and serving time, AFAIK.
>1) That was Morris's, not Mitnick
>2) it was a buffer-over run attack -- all such code was removed from
> Unix within a couple of months .. ie. 1988
>3) 12 years later, Microsoft products are still open to buffer
> overrun attacks.
> What kind of stupid shits are programming for Microsoft?
>> Of course, it wasn't nearly as dangerous as QAZ, and any Unix
>> and Linux trojan will be limited in its scope unless run as root.
>Actually, it was VERY dangerous. It took down nearly every machine
>on the Internet at that time.
Not true. It took down many - not nearly every. I remember the
mail about it that morning before it was figured out. ISTR it
was primarily Vaxen - but it's been a long time. I think some
SUN's - and Sendmail running on them. I have the original
diagnostic paper filed away somewhere that Spaf shipped from Purdue
for all who asked. Net was much smaller then - I think there were
about 100,000 hosts out there from the monthly Usenet traffic
posts.
>However...that was 12 years ago, and we haven't seen another
>serious Unix attack since then--despite the now widespread availability
>of Unix/Linux systems for would-be virus writers to use as a
>development platform.
You say 'would be virus writers' in that paragraph but the original
was a worm. I'm not aware of any virii that have propagted. Just
that major worm and a few trojan horses.
What a long sig you have. Surely violates the 4 line
recommendation.
--
Bill Vermillion - bv @ wjv . com
------------------------------
Crossposted-To:
comp.os.ms-windows.nt.advocacy,comp.os.ms-windows.advocacy,comp.sys.mac.advocacy,comp.os.os2.advocacy,comp.unix.advocacy
From: [EMAIL PROTECTED] (Bill Vermillion)
Subject: Re: A Microsoft exodus!
Reply-To: [EMAIL PROTECTED]
Date: Sat, 4 Nov 2000 05:57:03 GMT
In article <fUMM5.12939$[EMAIL PROTECTED]>,
Les Mikesell <[EMAIL PROTECTED]> wrote:
>
>"Bill Vermillion" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED]...
>
>> Many many many years ago - and details are fuzzy as this happened
>> before I got into Unix 15+ years ago - I remember reading how some
>> pepole would have 'fun' embedding some strings in documents, and
>> that it was either 1) vi or 2) mail application which would execute
>> code if it was in the first 4 lines of the file. This was used to
>> nuke files when someone read/edited the file. That was very very
>> early usenet - so maybe someone else who was around then can fill
>> in the details.
>Vi will execute 'modelines' in the first or last 5 lines of a file
>if they start with vi: or ex:. These days you can only set options
>there. In the early days you could put any commands including
>shell escapes in the modelines and have them auto-execute. It was
>about 20 years ago when everyone realized that was a bad idea, but
>there are always people (and companies) who refuse to learn from
>history...
Thanks for the refresher. I knew by the time I got into Unix 15+
years ago those original holes were plugged. But I had forgotten
the details.
--
Bill Vermillion - bv @ wjv . com
------------------------------
From: "Bruce Schuck" <[EMAIL PROTECTED]>
Crossposted-To: comp.os.ms-windows.advocacy,comp.os.ms-windows.nt.advocacy
Subject: Re: IBM to BUY MICROSOFT!!!!
Date: Fri, 3 Nov 2000 22:26:24 -0800
"Aaron R. Kulkis" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Bruce Schuck wrote:
> >
> > "Les Mikesell" <[EMAIL PROTECTED]> wrote in message
> > news:dMsM5.12789$[EMAIL PROTECTED]...
> > >
> > > "Bruce Schuck" <[EMAIL PROTECTED]> wrote in message
> > > news:yDqM5.121003$[EMAIL PROTECTED]...
> > > >
> > > > > > The OpenBSD people claim they are usually 6 months ahead of
> > Linux/Unix
> > > > in
> > > > > > fixing exploits.
> > > > > >
> > > > > > Go ahead and sleep through those 6 months of "open"
vulnerabilities.
> > > > >
> > > > > Why don't you ask them how many years they are ahead of anything
> > > > > from Microsoft?
> > > >
> > > > What percentage of the market does the secure open source project
> > > (OpenBSD)
> > > > hold compared to the insecure one (Linux) ?
> > >
> > > Probably 1% - and there are some good reasons for that.
> > >
> > > > And why do so many open source programs have holes in them?
> > >
> > > All large programs have holes in them. The open source ones
> > > get fixed quickly where closed source ones can be exploited for
> > > years by the smaller number of people who know about them and
> > > withold that knowledge.
> >
> > While some of the holes in Linux get fixed quickly (and the OpenBSD
people
> > seem to think "quickly" is 6 months faster than Linux people think it
is)
> > many are not fixed. ANd many of the fixes are not implimented by the
users.
> >
> > >
> > > > Why do script kiddies prefer Linux to break into and install DDOS
tools?
> > > >
> > > > Because Linux is an open door by default!
> > >
> > > Early versions have had problems. The real reason is that compared
> > > to Windows, Linux is much more useful after you gain access.
> >
> > A Linux fantasy.
> >
> > The real answer is it's a lot easier to break in to a Linux box.
>
> Wrong.
>
> If you install any verions of Linux released in the last 2 years,
> one would have to SPECIFICALLY CHOOSE "unsecure" to run at the
> "minimal" security level ..
Not on any of the distros I installed on VMWare.
------------------------------
From: "Bruce Schuck" <[EMAIL PROTECTED]>
Crossposted-To: comp.os.ms-windows.advocacy,comp.os.ms-windows.nt.advocacy
Subject: Re: IBM to BUY MICROSOFT!!!!
Date: Fri, 3 Nov 2000 22:28:37 -0800
"Aaron R. Kulkis" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Bruce Schuck wrote:
> >
> > "Les Mikesell" <[EMAIL PROTECTED]> wrote in message
> > news:2_JM5.12879$[EMAIL PROTECTED]...
> > >
> > > "Bruce Schuck" <[EMAIL PROTECTED]> wrote in message
> > > news:H1DM5.121603$[EMAIL PROTECTED]...
> > > >
> > > > http://www.openbsd.org/security.html
> > > >
> > > > Quotes: (my comments start with **)
> > > >
> > > > OpenBSD believes in strong security. Our aspiration is to be NUMBER
ONE
> > in
> > > > the industry for security (if we are not already there). Our open
> > software
> > > > development model permits us to take a more uncompromising view
towards
> > > > increased security than Sun, SGI, IBM, HP, or other vendors are able
to.
> > > We
> > > > can make changes the vendors would not make. Also, since OpenBSD is
> > > exported
> > > > with cryptography, we are able to take cryptographic approaches
towards
> > > > fixing security problems.
> > > >
> > > > *** Note "We can make the changes the vendors would not make".
> > > Translation:
> > > > The other vendors leave holes in their software.
> > > > Like many readers of the BUGTRAQ mailing list, we believe in full
> > > disclosure
> > > > of security problems. In the operating system arena, we were
probably
> > the
> > > > first to embrace the concept. Many vendors, even of free software,
still
> > > try
> > > > to hide issues from their users.
> > > >
> > > > ** The "even of free software" is a clear attack on Linux. Which
> > security
> > > > problems are they saying Linux is hiding from users?
> > >
> > > Errr, by 'even' they mean it is rare in free software as opposed to
being
> > > rampant and expected among commercial vendors.
> >
> > Nope. When they say "Many vendors, even of free software" it clearly
means
>
> "free Windows software"
Nope. Linux.
Spend less time sleeping Aaron. Learn to read. Maybe you might read some of
those buffer overflow security advisories from CERT that have Solaris on
them -- you know, the ones you claimed were removed from unix in 1988.
That was hilarious Aaron. Very very funny. And completely untrue.
Say, sine you were sleeping, are the resource string holes still unpatched
on your Unix boxes?
------------------------------
From: [EMAIL PROTECTED] (JoeX1029)
Subject: Re: Why is MS copying Sun???
Date: 04 Nov 2000 06:31:45 GMT
>>Uhh.. the cheap 386 *WAS* available more than 5 years before the first
>>release of Linux. First release of Linux was in 1991, while the 386 was
>>released in 1985. And the 486 in 90.
>
>Well, was it cheap in 85? I remeber ads with 386's for as low as
>$10,000. So I bought an Amiga for $500 instead. However, once the 486
>was released the 386 got a lot cheaper.
Damn. For $10,000 you coulda had a NeXT Cube, or a station. I feel for the
idiots who spent 10,000 on a 386.
------------------------------
From: "Les Mikesell" <[EMAIL PROTECTED]>
Crossposted-To: comp.os.ms-windows.advocacy,comp.os.ms-windows.nt.advocacy
Subject: Re: IBM to BUY MICROSOFT!!!!
Date: Sat, 04 Nov 2000 06:40:25 GMT
"Bruce Schuck" <[EMAIL PROTECTED]> wrote in message
news:TIMM5.121763$[EMAIL PROTECTED]...
>
> > Errr, by 'even' they mean it is rare in free software as opposed to
being
> > rampant and expected among commercial vendors.
>
> Nope. When they say "Many vendors, even of free software" it clearly means
> that they are appalled that their *nix cousins -- Linux being the obvious
> one -- still try to hide issues from their users.
>
> Anyone who speaks english would interpret it that way.
No, your notion of Linux involvement comes strictly from your
overactive imagination. English speakers or not, everyone
knows there are ego problems among the *bsd's (hence the
plural form) and thus that their counter claims of superiority are
questionable.
Les Mikesell
[EMAIL PROTECTED]
------------------------------
From: "Bruce Schuck" <[EMAIL PROTECTED]>
Crossposted-To:
comp.os.ms-windows.nt.advocacy,comp.os.ms-windows.advocacy,comp.sys.mac.advocacy,comp.os.os2.advocacy,comp.unix.advocacy
Subject: Re: A Microsoft exodus!
Date: Fri, 3 Nov 2000 22:42:22 -0800
"Marty" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Christopher Smith wrote:
> >
> > Marty wrote:
> >
> > > "Aaron R. Kulkis" wrote:
> > > > And thus, you touch upon the ENTIRE problem of the windows
paradigm...
> > > > that each type of file is ONLY to be used by one specific
executable,
> > > > and no other.
> >
> > False.
> >
> > > This is an area where the flexibility of OS/2 particularly shines.
You
> > > can have several different programs associated with the file type and
> > > select among
> > > them by right-clicking the object in question. You can make the
default
> > > something safe, like a Notepad type of app. For objects that you know
are
> > > safe, you can change just their defaults to use a different app and
this
> > > information is stored in the extended attributes of that particular
file.
> >
> > And you can do the same in Windows.
>
> Yeah, but we had it first. ;-)
Didn't Microsoft write OS/2 for IBM?
------------------------------
From: "Les Mikesell" <[EMAIL PROTECTED]>
Crossposted-To: comp.os.ms-windows.advocacy,comp.os.ms-windows.nt.advocacy
Subject: Re: IBM to BUY MICROSOFT!!!!
Date: Sat, 04 Nov 2000 06:45:10 GMT
"Bruce Schuck" <[EMAIL PROTECTED]> wrote in message
news:vGMM5.121762$[EMAIL PROTECTED]...
> Anyone who reads the security advisories knows that Linux distros are
> unsecure and open by default. They are the favorite hacking ground of
script
> kiddies and hackers.
>
This hasn't been true for the last several releases. And the real favorite
hacking ground is still vbs viruses as attachments for Outlook. That
has affected orders of magnitude more sites.
Les Mikesell
[EMAIL PROTECTED]
------------------------------
From: "Chad Myers" <[EMAIL PROTECTED]>
Crossposted-To: comp.lang.java.advocacy
Subject: Re: Linux growth rate explosion!
Date: Sat, 04 Nov 2000 04:48:40 GMT
"Andrew Suprun" <[EMAIL PROTECTED]> wrote in message
news:PQJM5.9542$[EMAIL PROTECTED]...
> [EMAIL PROTECTED] (Bruce Schuck) wrote in
> <y7FM5.121648$[EMAIL PROTECTED]>:
>
> >My list includes tools like Access. And a free web server that kicks ass
> >with dynamic content and even beats Apache with static content delivery.
> >And many many other great things about Win2K.
>
> Your "free" web server is not exactly free.
> What the price difference between W2K Professional
> and W2K Server? The difference is the price of your
> "free" web server.
Personal Web Server comes with Win2K Pro. It's IIS 5
without the multi-site capabilities.
> Quality and performance of your "free" server is
> another question. Can you specify how exactly it
> "kicks ass with dynamic content"?
ASP is the leading pre-processor and has many advantages
over competitors in rapid development, multi-tiered app
design, speed, flexibility, etc.
Personal Web Server also serves up ASP.
-Chad
------------------------------
From: "Chad Myers" <[EMAIL PROTECTED]>
Crossposted-To: comp.os.ms-windows.nt.advocacy
Subject: Re: We will never know what the MS intruder did
Date: Sat, 04 Nov 2000 04:54:14 GMT
"Raffael Cavallaro" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> In article <WlqM5.1988$[EMAIL PROTECTED]>, "Chad Myers"
> <[EMAIL PROTECTED]> wrote:
>
> >So far, there's no evidence that any code was stolen from MS, let alone the
> >critical
> >systems code, let alone it was checked into source control (where the final
> >product(s) get built from).
>
> This statement misses the whole point of the paragraph quoted from
> Windows2000 Magazine. To paraphrase, we haveabsolutely no way of
> _knowing_ whether any, or which MS source code was downloaded,
> compromised, modified, etc. We only have Microsoft's press releases,
> which are bound to be self serving at best, and, at worst, simply
> mistaken. Isn't it possible that the intruder found multiple means of
> access and only _let_ MS track a decoy while doing his real damage
> undetected? We can _never_ check the source code and know for sure.
>
> Linux distros, by contrast, can be, and are checked by the many who work
> on them. Even if some code is compormised on one server, Linux as a
> whole can be verified, can be checked.
So you're saying that if someone said "I've managed to plant a time bomb
somewhere in the <insert distribution here> source code" You'd be able
to find it in a timely, reasonable manor? ROFL...
You know as well as I that only a small fraction of the code actually gets
reviewed by someone other than its original author.
> Who is going to check Microsoft's code to see if it has been
> compromised?
The dozen or so professional auditing firms that they contract that
pour over the code day and night. Much more effective, well trained,
and more dedicated than the weekend-programmer of questionable experience
pouring over his minute fraction of the Linux code.
> How do we really know that MS was watching the intruder the
> whole time? Isn't it possible that the intruder found more than one way
> in and did other damage undetected? Is it possible that the intruder
> modified logs, so that the full extent of the intruder's activities are
> still not known, even to Microsoft?
We can play what-ifs all day. The fact remains unchallenged that no
code was compromised.
> The point is, we will never know the answers to these questions because
> we can't check the source. With RedHat, or any other Linux distro, we
> _can_ know the answers to these important questions because _we can read
> the code_.
You _can_ know, but you won't. No one will. So far, one trojan has managed
to slip out in a RELEASE of Red Hat's. It was caught because it was
admitted to, not because anyone found it. They probably never would've found
it. That's far more grevious than a reported snooping of code from MS which
has yet to be substantiated at all by anyone.
How come you're not crying foul at RedHat? Open Source breeds more security
my ass....
-Chad
------------------------------
From: "Chad Myers" <[EMAIL PROTECTED]>
Crossposted-To: comp.os.ms-windows.nt.advocacy
Subject: Re: We will never know what the MS intruder did
Date: Sat, 04 Nov 2000 04:56:10 GMT
"Bruce Schuck" <[EMAIL PROTECTED]> wrote in message
news:FPLM5.121749$[EMAIL PROTECTED]...
>
> "Raffael Cavallaro" <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]...
> > In article <WlqM5.1988$[EMAIL PROTECTED]>, "Chad Myers"
> > <[EMAIL PROTECTED]> wrote:
>
> > With RedHat, or any other Linux distro, we
> > _can_ know the answers to these important questions because _we can read
> > the code_.
>
> According to the OpenBSD site, they are the only secure OS. They even say
> other free OS's hide issues from their users.
>
> http://www.openbsd.org/security.html
>
> Quotes: (my comments start with **)
>
> OpenBSD believes in strong security. Our aspiration is to be NUMBER ONE in
> the industry for security (if we are not already there). Our open software
> development model permits us to take a more uncompromising view towards
> increased security than Sun, SGI, IBM, HP, or other vendors are able to. We
> can make changes the vendors would not make. Also, since OpenBSD is exported
> with cryptography, we are able to take cryptographic approaches towards
> fixing security problems.
It's interesting to note they didn't mention MS. It appears the BSD team(s)
are not hell-bent on MS destruction, they simply want to be the best Unix
and are of the opinion that Unix is superior. Good for them!
The Penguinistas have become to clouded in their vision and it shows in
their poor excuse for a product.
-Chad
------------------------------
From: "Chad Myers" <[EMAIL PROTECTED]>
Crossposted-To: comp.os.ms-windows.nt.advocacy,comp.os.ms-windows.advocacy
Subject: Re: 2.4 Kernel Delays.
Date: Sat, 04 Nov 2000 04:59:21 GMT
"Colin R. Day" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Chad Myers wrote:
>
>
> >
> > Does it matter? If fact is, they do. You and others were ignorantly
> > claiming that if Redmond got nuked (how cute, by the way), that Windows
> > would be lost forever which is simply rediculous.
> >
>
> But even if code survives, there are still a few issues. First, who owns
> the code? Second, would that owner(s) be able to control changes to the
> code?
There would certainly be someone left alive from MS, regardless,
MS would be done and the remaining employees or an appointed lawyer (assuming
all the lawyers died as well) would be responsible for selling the
remainder of the assets to pay off debts in good faith. Someone would
purchase it in an auction (probably IBM) and either throw it away (unlikely)
or continue producing Windows and assume leader in the multi-billion dollar
market of the desktop OS.
-Chad
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.advocacy) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Advocacy Digest
******************************
