Linux-Advocacy Digest #43, Volume #30 Sat, 4 Nov 00 17:13:05 EST
Contents:
Re: Microsoft Speaks German! ("Chad Mulligan")
Re: A Microsoft exodus! ("Bruce Schuck")
Re: Software companies better than tire companies?? Please. (Was: Tuff.. ("Chad
Mulligan")
Re: A Microsoft exodus! ("Bruce Schuck")
Re: Linux growth rate explosion! ("Simon Cooke")
Re: IBM to BUY MICROSOFT!!!! ("Chad Mulligan")
Re: Linux growth rate explosion! ("Simon Cooke")
Re: Once agian: Obscurity != security (Was: Tuff Competition for LINUX! ("Bruce
Schuck")
Re: IBM to BUY MICROSOFT!!!! ("Bruce Schuck")
Re: Ms employees begging for food (Al Kossow)
Re: IBM to BUY MICROSOFT!!!! ("Bruce Schuck")
Re: I think I'm in love..... (Gary Hallock)
Re: Once agian: Obscurity != security (Was: Tuff Competition for LINUX! ("Les
Mikesell")
Re: Itanium-based Linux cluster deployed (.)
Re: 2.4 Kernel Delays. ("Les Mikesell")
Re: Linux growth rate explosion! ("Les Mikesell")
Re: IBM to BUY MICROSOFT!!!! ("Les Mikesell")
----------------------------------------------------------------------------
Reply-To: "Chad Mulligan" <[EMAIL PROTECTED]>
From: "Chad Mulligan" <[EMAIL PROTECTED]>
Crossposted-To: comp.os.ms-windows.advocacy,comp.os.ms-windows.nt.advocacy
Subject: Re: Microsoft Speaks German!
Date: Sat, 04 Nov 2000 21:08:41 GMT
2:1 <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED]...
> Chad Myers wrote:
> >
> > "Ilja Booij" <[EMAIL PROTECTED]> wrote in message
<trimmed, try it sometime>
> > > >
> > > > Is that a good thing?
> > > >
> > > > Juding by how the Europe economy is doing, I'd say no. They could
learn
> > > > a few thousand things from the U.S.
> > > I'm sorry, I'm not seeing a bad economy where i live. in fact, the
> > > economy is growing quite rapidly. maybe not growing as fast as in the
us,
> > > but i we talk quality of life i don't see a big difference.
> > > i'd rather have 6 weeks of free time a year, than earn more and and
get
> > > just 2 or 3 weeks of!
> >
> > The euro is way down.
> >
> > It's because we take 2-3 weeks off that you guys can take 6.
>
> Xenophobic bullshit.
>
Actually he's accruate on that score.
> >
> > American's aren't lazy, we do all the work so Europeans can be snooty to
> > us.
>
>
<trimmed>
------------------------------
From: "Bruce Schuck" <[EMAIL PROTECTED]>
Crossposted-To:
comp.os.ms-windows.nt.advocacy,comp.os.ms-windows.advocacy,comp.sys.mac.advocacy,comp.os.os2.advocacy,comp.unix.advocacy
Subject: Re: A Microsoft exodus!
Date: Sat, 4 Nov 2000 13:12:33 -0800
"Les Mikesell" <[EMAIL PROTECTED]> wrote in message
news:jaZM5.13013$[EMAIL PROTECTED]...
>
> "Bruce Schuck" <[EMAIL PROTECTED]> wrote in message
> news:tqXM5.122684$[EMAIL PROTECTED]...
> >
> > OpenBSD says they are 6 months ahead of other open source systems.
> >
> > That sounds like Linux is slow in responding.
>
> Or OpenBSD is exaggerating. They just turn all services off by
> default so they can claim that they are harder to exploit remotely
> and consider it the user's fault if he actually enables any of the
> services that he needed the computer for. Actually they are doing
> a good and needed job, but there is always a tradeoff between
> security and usability and an OpenBSD distribution moves too
> far away from the usability side to be popular. It is probably
> possible to build a Mandrake-like install on top of OpenBSD
> but so far no one has been interested.
Hmmm. Trading usability for security is one of the standard attacks on
Microsoft.
Now that Linux is trying to enter the big leagues they are adopting the
Microsoft way.
I can't wait until the kernel forks just about the same time Microsoft
unforks Windows to free up even more resources for more functionality.
------------------------------
Reply-To: "Chad Mulligan" <[EMAIL PROTECTED]>
From: "Chad Mulligan" <[EMAIL PROTECTED]>
Crossposted-To: comp.os.ms-windows.nt.advocacy,comp.os.ms-windows.advocacy
Subject: Re: Software companies better than tire companies?? Please. (Was: Tuff..
Date: Sat, 04 Nov 2000 21:16:44 GMT
Perry Pip <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> On Fri, 03 Nov 2000 17:51:59 GMT,
> Chad Mulligan <[EMAIL PROTECTED]> wrote:
>
> >>
> >> Yes, it's possible. It's also *possible* he got write access to it.
> >> BTW, VSS can be cracked as easily as anything else MS does.
> >>
> >
> >Sure
>
> >[snip]
>
>
> >IAC, That aint easy on a properly administered system.
>
> That's another assumption you must make: that the MS's internal systems
> are properly admininstered. Good security does not base itself on
> assumptions.
>
I think that assumption is supported by evidence. First they have been a
primary target for many years and have only one incident, and that one an
inside job.Two, they provide ample documentation on how to secure their
system that they know intimately. Three, those precautions work.
<trimmed>
> >
> >Understanding the motivation enables an intelligent person to predict
> >actions and thereby anticipate problems.
>
> That's why in my business we avoid closed technologies.
>
Non sequiter.
<trimmed>
> >>
> >
> >The only true review of source code is running it.
>
> Running binary code does not reveal trojans, or all bugs. Source code must
> be availabe for software to be trusted.
>
This is a circular argument and there for invalid.
> >I was writing programs
> >when you were in diapers Perry.
>
> Fat chance. In fact, your lying again. You don't write code.
>
I was programming in c in 1985, Fortran and JCL before that. When were you
born?
> >And actually they do, in a professional
> >testing environment.
>
> Sure, and were I work we also peer review and auditing of code in
> addition to testing.
>
Bully for you
> >BTW have you heard of a debugger.
>
> Useless for a product that is binary only and built without symbols. If
you
> actually wrote code you would know that. Once again, you are proven a
liar.
>
A member of MS Technet will receive all the debug symbols in any Microsoft
OS and is free to debug to their hearts content.
>
> >>
> >> Bullshit. Provide some *proof* that OSS developers are any more
> >> "unstable" than closed source developers. A closed source developer can
> >quit
> >> his job anytime, leaving no one in the company who understands the
code,
> >and
> >> thus, no one in the world.
> >>
> >
> >Two anecdotal examples:
>
> There are plenty more examples of closed source vendors being late on
> delivery, denying bugs exist, not releasing sucurity patches, and
> abanding support for products. With open source, you have a chance to
> fix the problem yourself or get a third party to do it. With closed
> source you're screwed.
>
> >> >> is subject to public review.
> >> >
> >> >Self review (AKA Peer Review) is inherently ineffective,
> >>
> >> 1) Public != Peer != Self.
> >>
> >
> >What body, then, reviews the reviewers for accuraccy?
>
> That's a could question in regards to closed source.
> With open source, it's all public.
>
>
Answer: None.
------------------------------
From: "Bruce Schuck" <[EMAIL PROTECTED]>
Crossposted-To:
comp.os.ms-windows.nt.advocacy,comp.os.ms-windows.advocacy,comp.sys.mac.advocacy,comp.os.os2.advocacy,comp.unix.advocacy
Subject: Re: A Microsoft exodus!
Date: Sat, 4 Nov 2000 13:18:41 -0800
"Perry Pip" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> On Fri, 3 Nov 2000 22:15:11 -0800,
> Bruce Schuck <[EMAIL PROTECTED]> wrote:
>
> >
> >Nope. All Unix/Linux systems have vulnerabilities.
> >
>
> So does NT:
>
> http://www.attrition.org/mirror/attrition/os-graphs.html#SPECIAL
According to that site, Linux won September and tied NT in August.
------------------------------
From: "Simon Cooke" <[EMAIL PROTECTED]>
Crossposted-To: comp.lang.java.advocacy
Subject: Re: Linux growth rate explosion!
Date: Sat, 04 Nov 2000 21:18:07 GMT
"Andrew Suprun" <[EMAIL PROTECTED]> wrote in message
news:dZUM5.10709$[EMAIL PROTECTED]...
> [EMAIL PROTECTED] (Chad Myers) wrote in
> <IyMM5.2795$[EMAIL PROTECTED]>:
>
> [...]
> >ASP is the leading pre-processor and has many advantages
> >over competitors in rapid development, multi-tiered app
> >design, speed, flexibility, etc.
> >
> [...]
>
> That is why Microsoft is replacing it with ASP+ which is
> modeled after JSP, isn't it?
I don't see how you think ASP+ is modeled after JSP, but given that JSP was
modeled after ASP, I guess that's fair.
Simon
------------------------------
Reply-To: "Chad Mulligan" <[EMAIL PROTECTED]>
From: "Chad Mulligan" <[EMAIL PROTECTED]>
Crossposted-To: comp.os.ms-windows.advocacy,comp.os.ms-windows.nt.advocacy
Subject: Re: IBM to BUY MICROSOFT!!!!
Date: Sat, 04 Nov 2000 21:20:09 GMT
Les Mikesell <[EMAIL PROTECTED]> wrote in message
news:hfPM5.12959$[EMAIL PROTECTED]...
>
> "Bruce Schuck" <[EMAIL PROTECTED]> wrote in message
> news:RTNM5.121787$[EMAIL PROTECTED]...
> >
> > >
> > > Do you imagine that every win2k box has service pack 1 applied now?
> >
> > No. But Linux is an open door by default. Win2K is not.
>
> No it isn't.
>
Yes it is
> >
> > Win2K is a lot more secure out of the box than Linux is.
>
> No it isn't.
You are right here, but four mouse clicks can change that.
>
> > >Or perhaps that
> > > they are easy to forget because they run for years with no attention.
> > > It is not easy to break into a Linux box when all the vendors updates
> > > have been applied.
> >
> > There are so many .... and people would never get any work done
monitoring
> > all the open source security advisory sites.
>
> Why would you do that? Just watch your own distribution's updates, which
> you generally want to know about whether they are improvements, additions,
> or bugfixes. Many of the distributions come with auto-update programs
> to pick up the new stuff as it becomes available.
>
> Les Mikesell
> [EMAIL PROTECTED]
>
>
>
------------------------------
From: "Simon Cooke" <[EMAIL PROTECTED]>
Crossposted-To:
comp.lang.java.advocacy,comp.os.ms-windows.advocacy,comp.os.ms-windows.nt.advocacy
Subject: Re: Linux growth rate explosion!
Date: Sat, 04 Nov 2000 21:23:41 GMT
"Bruce Schuck" <[EMAIL PROTECTED]> wrote in message
news:MoXM5.122683$[EMAIL PROTECTED]...
> > What has Access got to do with a web server.
>
> Access databases are used as to serve up dynamic content on IIS.
Ummm... if you're using Access for that, you deserve everything you get.
If you're using Access to talk to a SQL database, or to MSDE for testing
purposes, then fine -- it'll work great!
If you're using Access with the Jet Engine (the standard access database)
then woe betide you -- it's not designed for heavy multi-user access.
Certainly, performance will be heavily lacking in a web-server context.
Simon
------------------------------
From: "Bruce Schuck" <[EMAIL PROTECTED]>
Crossposted-To: comp.os.ms-windows.nt.advocacy,comp.os.ms-windows.advocacy
Subject: Re: Once agian: Obscurity != security (Was: Tuff Competition for LINUX!
Date: Sat, 4 Nov 2000 13:31:16 -0800
"Les Mikesell" <[EMAIL PROTECTED]> wrote in message
news:LRZM5.13026$[EMAIL PROTECTED]...
>
> "Bruce Schuck" <[EMAIL PROTECTED]> wrote in message
> news:IwZM5.122712$[EMAIL PROTECTED]...
> >
> > > Not only did they not mention Linux like you claimed they did, they
also
> > did
> > > not claim to be 6 months ahead of ANYone. But you knew that. You
just
> > > decided to lie about it.
> >
> > I backed up everything I said ... and more. With quotes.
>
> Really??? Where was Linux mentioned in anything you
> quoted? Where is the unbiased source for the quotes?
http://www.openbsd.org/testimonials.html
I kind of like this one:
Quote On
few] years ago I was just getting into system administration. I learned
Linux first. Then one of our old (I mean *really* old) BSDi servers crashed,
and it was up to me to rebuild the system.
I looked at FreeBSD, NetBSD, OpenBSD and Linux. In the end, it came down to
"secure and stable" that took the prize. OpenBSD 2.1 was installed.
Since then, I've run 2.1-2.5 on everything from production servers to
laptops. We've never (repeat: NEVER) had a break-in.
A coworker setup a RedHat based box to test his skills at setting up SSL and
a secure web site. It was hacked literally overnight, and by the next
morning was attacking other sites.
Quote off
If you want to try and count the Linux vulnerabilities, go to
http://www.securityfocus.com
But there so many .... and many have to with buffer overflows. (Wake up
Aaron)
You know, after the research I've done over the last few days I will think
about trying OpenBSD.
Linux is just too open.
------------------------------
From: "Bruce Schuck" <[EMAIL PROTECTED]>
Crossposted-To: comp.os.ms-windows.advocacy,comp.os.ms-windows.nt.advocacy
Subject: Re: IBM to BUY MICROSOFT!!!!
Date: Sat, 4 Nov 2000 13:32:09 -0800
"Perry Pip" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> On Fri, 3 Nov 2000 22:25:21 -0800,
> Bruce Schuck <[EMAIL PROTECTED]> wrote:
> >
> >"Aaron R. Kulkis" <[EMAIL PROTECTED]> wrote in message
> >news:[EMAIL PROTECTED]...
> >> Bruce Schuck wrote:
> >> >
> >> > "Les Mikesell" <[EMAIL PROTECTED]> wrote in message
> >> > news:QXpM5.12759$[EMAIL PROTECTED]...
> >> > >
> >> > > "Bruce Schuck" <[EMAIL PROTECTED]> wrote in message
> >> > > news:WimM5.120952$[EMAIL PROTECTED]...
> >> > >
> >> > > >
> >> > > > The OpenBSD people claim they are usually 6 months ahead of
> >Linux/Unix
> >> > in
> >> > > > fixing exploits.
> >> > > >
> >> > > > Go ahead and sleep through those 6 months of "open"
vulnerabilities.
> >> > >
> >> > > Why don't you ask them how many years they are ahead of anything
> >> > > from Microsoft?
> >> >
> >> > What percentage of the market does the secure open source project
> >(OpenBSD)
> >> > hold compared to the insecure one (Linux) ?
> >>
> >> And this is your argument that closed-source Microsoft code is more
> >secure?
> >
> >I was arguing that every Linux and Unix is 6 months behind OpenBSD and
> >inherently not secure.
> >
> >
>
> And you never proved it.
I like this testimonial from the OpenBSD site:
A few] years ago I was just getting into system administration. I learned
Linux first. Then one of our old (I mean *really* old) BSDi servers crashed,
and it was up to me to rebuild the system.
I looked at FreeBSD, NetBSD, OpenBSD and Linux. In the end, it came down to
"secure and stable" that took the prize. OpenBSD 2.1 was installed.
Since then, I've run 2.1-2.5 on everything from production servers to
laptops. We've never (repeat: NEVER) had a break-in.
A coworker setup a RedHat based box to test his skills at setting up SSL and
a secure web site. It was hacked literally overnight, and by the next
morning was attacking other sites.
------------------------------
From: [EMAIL PROTECTED] (Al Kossow)
Crossposted-To: comp.os.ms-windows.nt.advocacy,comp.arch,comp.os.netware.misc
Subject: Re: Ms employees begging for food
Date: Sat, 04 Nov 2000 13:24:26 -0800
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] wrote:
> But the reason, AFAIK, that the programming construct
> uses the word it does is because it is used to create a socket
In the TCP/IP socket domain under BSD. This same programming
abstraction works across several non-TCP domains as well. There
are implementations of XNS, for example, that use the BSD socket
API.
It's an unfortunate choice of words, since 'socket' even at the
time the BSD API was being developed was already overused.
--
The eBay Curse:
"May you find everything you're looking for.."
------------------------------
From: "Bruce Schuck" <[EMAIL PROTECTED]>
Crossposted-To: comp.os.ms-windows.advocacy,comp.os.ms-windows.nt.advocacy
Subject: Re: IBM to BUY MICROSOFT!!!!
Date: Sat, 4 Nov 2000 13:34:26 -0800
"Les Mikesell" <[EMAIL PROTECTED]> wrote in message
news:NlZM5.13020$[EMAIL PROTECTED]...
>
> "Bruce Schuck" <[EMAIL PROTECTED]> wrote in message
> news:VyXM5.122687$[EMAIL PROTECTED]...
> >
> > >
> > > No, your notion of Linux involvement comes strictly from your
> > > overactive imagination. English speakers or not, everyone
> > > knows there are ego problems among the *bsd's (hence the
> > > plural form) and thus that their counter claims of superiority are
> > > questionable.
> >
> > I've seen the long long list of Linux security advisories on various
> distro
> > makers.
> >
> > I'll stand by what I said. Linux is insecure.
>
> Note that those bugs are all fixed. Where is the current problem
> that can be exploited with anywhere near the ease of sending
> a trojan to some outlook users? You are also trying to confuse
> raw numbers with real statistics. A Microsoft distribution would
> have to include about $10,000 worth of add-on third party programs
> (which, in fact, most offices have installed...) to match the number
> of applications that come up in a Linux distribution. Most of the
> warnings you see are about applications that happen to be included
> in the distributions, not the Linux kernel itself.
I'm sure the NT kernel is just as secure as the Linux kernel. Neither of
them are too vulnerable without any services connecting them to a network.
:)
> To be fair you
> would have to include all the warnings about all the apps you
> might run under windows (like exchange being an open relay
> if you expose it to the internet).
Not with 5.5 and up.
> The fact that a distribution
> does not include a needed service doesn't make it a bit more
> secure after you add what you need to run.
I really like this testimonial from the OpenBSD site:
few] years ago I was just getting into system administration. I learned
Linux first. Then one of our old (I mean *really* old) BSDi servers crashed,
and it was up to me to rebuild the system.
I looked at FreeBSD, NetBSD, OpenBSD and Linux. In the end, it came down to
"secure and stable" that took the prize. OpenBSD 2.1 was installed.
Since then, I've run 2.1-2.5 on everything from production servers to
laptops. We've never (repeat: NEVER) had a break-in.
A coworker setup a RedHat based box to test his skills at setting up SSL and
a secure web site. It was hacked literally overnight, and by the next
morning was attacking other sites.
------------------------------
Date: Sat, 04 Nov 2000 16:39:02 -0500
From: Gary Hallock <[EMAIL PROTECTED]>
Subject: Re: I think I'm in love.....
Pete Goodwin wrote:
>
>
> > > * Quite a few SIGSEGV's in KDE 2.0
> >
> > Which program?
>
> I think it was the KDE Control Panel.
>
There is a known problem with the KDE control panel abending on exit.
http://www.kde.org/info/2.0.html
Apparently, since it only happens on exit, no function is lost.
Gary
------------------------------
From: "Les Mikesell" <[EMAIL PROTECTED]>
Crossposted-To: comp.os.ms-windows.nt.advocacy,comp.os.ms-windows.advocacy
Subject: Re: Once agian: Obscurity != security (Was: Tuff Competition for LINUX!
Date: Sat, 04 Nov 2000 21:42:38 GMT
"Bruce Schuck" <[EMAIL PROTECTED]> wrote in message
news:2d%M5.122759$[EMAIL PROTECTED]...
>
> If you want to try and count the Linux vulnerabilities, go to
> http://www.securityfocus.com
As we keep pointing out, those are the list of solved problems.
The ones to worry about are the ones you don't see there.
> But there so many .... and many have to with buffer overflows. (Wake up
> Aaron)
>
Did someone mention buffer overflows?
Here's one in active X - probably in
all those versions you thought were safe:
http://www.securityfocus.com/bid/1899
Les Mikesell
[EMAIL PROTECTED]
------------------------------
From: [EMAIL PROTECTED] (.)
Subject: Re: Itanium-based Linux cluster deployed
Date: 4 Nov 2000 21:49:52 GMT
ne... <[EMAIL PROTECTED]> wrote:
> Extra, extra read all about it
> http://eltoday.com/article.php3?ltsn=2000-11-04-001-13-PS
Huh....So wheres that vaporous Windows 2000 version thats
supposed to work on Itanium, eh dresden?
=====.
------------------------------
From: "Les Mikesell" <[EMAIL PROTECTED]>
Crossposted-To: comp.os.ms-windows.nt.advocacy,comp.os.ms-windows.advocacy
Subject: Re: 2.4 Kernel Delays.
Date: Sat, 04 Nov 2000 21:50:30 GMT
"Bruce Schuck" <[EMAIL PROTECTED]> wrote in message
news:IA_M5.122727$[EMAIL PROTECTED]...
>
> > > > Do you consider google, deja, or sourceforge to be
> > > > real servers?
> > >
> > > Sort of. There isn't much dynamic content involved. Just a lot of text
> > > searching. No transactions.
> >
> > What part of 'dynamic' don't you understand?
>
> Transactions. Writing to a database. I understand those concepts. Do you?
Yes, but I don't understand why you think that has some relationship
to generating dynamic web pages. It is one of the many things that
php and mod_perl can do easily by linking to other components but
it really has nothing to do with either the language or the web server.
Are you trying to claim that IIS is a match for Oracle now?
Les Mikesell
[EMAIL PROTECTED]
------------------------------
From: "Les Mikesell" <[EMAIL PROTECTED]>
Crossposted-To: comp.lang.java.advocacy
Subject: Re: Linux growth rate explosion!
Date: Sat, 04 Nov 2000 21:57:24 GMT
"Simon Cooke" <[EMAIL PROTECTED]> wrote in message
news:j2%M5.52089$[EMAIL PROTECTED]...
>
> > That is why Microsoft is replacing it with ASP+ which is
> > modeled after JSP, isn't it?
>
> I don't see how you think ASP+ is modeled after JSP, but given that JSP
was
> modeled after ASP, I guess that's fair.
>
Php was the first embedded script processor I saw and mod_perl with
eperl and embperl weren't far behind, but probably neither was
the first to use the concept. Does anybody know who invented
the idea of embedding programming directly in html pages?
Les Mikesell
[EMAIL PROTECTED]
------------------------------
From: "Les Mikesell" <[EMAIL PROTECTED]>
Crossposted-To: comp.os.ms-windows.advocacy,comp.os.ms-windows.nt.advocacy
Subject: Re: IBM to BUY MICROSOFT!!!!
Date: Sat, 04 Nov 2000 22:01:18 GMT
"Chad Mulligan" <[EMAIL PROTECTED]> wrote in message
news:d4%M5.872$[EMAIL PROTECTED]...
>
> > > > Do you imagine that every win2k box has service pack 1 applied now?
> > >
> > > No. But Linux is an open door by default. Win2K is not.
> >
> > No it isn't.
>
> Yes it is
No it isn't. Try a RedHat workstation install. It comes up
with almost as little useful network stuff as Windows.
> > > Win2K is a lot more secure out of the box than Linux is.
> >
> > No it isn't.
>
> You are right here, but four mouse clicks can change that.
You must be clicking something I haven't seen to get
sp1 and the later active X fix installed that easily.
Les Mikesell
[EMAIL PROTECTED]
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.advocacy) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Advocacy Digest
******************************
