Linux-Advocacy Digest #55, Volume #30 Sun, 5 Nov 00 11:13:02 EST
Contents:
Re: Why is MS copying Sun??? (T. Max Devlin)
Re: Chad Meyers: Blatent liar (Mig)
Re: Linux growth rate explosion! ("Les Mikesell")
Re: Ms employees begging for food (T. Max Devlin)
Re: Ms employees begging for food (T. Max Devlin)
Re: Windoze 2000 - just as shitty as ever ("Ayende Rahien")
Re: Windoze 2000 - just as shitty as ever ("Ayende Rahien")
Re: Windoze 2000 - just as shitty as ever ("Ayende Rahien")
Re: so REALLY, what's the matter with Microsoft? ("Ayende Rahien")
Re: Windoze 2000 - just as shitty as ever ("Ayende Rahien")
Re: A Microsoft exodus! ("Les Mikesell")
Re: 2.4 Kernel Delays. ("Les Mikesell")
Re: Ms employees begging for food (T. Max Devlin)
Re: Windoze 2000 - just as shitty as ever (Giuliano Colla)
Re: A Microsoft exodus! ("Christopher Smith")
----------------------------------------------------------------------------
From: T. Max Devlin <[EMAIL PROTECTED]>
Crossposted-To: comp.os.ms-windows.nt.advocacy,comp.lang.java.advocacy
Subject: Re: Why is MS copying Sun???
Date: Sun, 05 Nov 2000 10:21:02 -0500
Reply-To: [EMAIL PROTECTED]
Said Andrew Suprun in comp.os.linux.advocacy;
>[EMAIL PROTECTED] (Weevil) wrote in
><VO0M5.2742$[EMAIL PROTECTED]>:
>
>>I think it was that well-known Microsoft megalomania that prevented them
>>from seeing what was coming. Since they didn't have anything to do with
>>it, they couldn't believe it was important.
>>
>
>Just to remain all of us, Bill Gates published in 95 book
>called "The Road Ahead" or something. He did not mention
>Internet in that book.
Well, he did mention it, but only briefly. Until the rewrite (96 or 97,
I can't remember which), when a whole bunch about the Internet was
wedged in retroactively, so the great Gates wouldn't be seen to have so
completely "missed the boat."
--
T. Max Devlin
*** The best way to convince another is
to state your case moderately and
accurately. - Benjamin Franklin ***
======USENET VIRUS=======COPY THE URL BELOW TO YOUR SIG==============
Sign the petition and keep Deja's archive alive!
http://www2.PetitionOnline.com/dejanews/petition.html
====== Posted via Newsfeeds.Com, Uncensored Usenet News ======
http://www.newsfeeds.com - The #1 Newsgroup Service in the World!
======= Over 80,000 Newsgroups = 16 Different Servers! ======
------------------------------
From: Mig <[EMAIL PROTECTED]>
Crossposted-To: comp.os.ms-windows.nt.advocacy
Subject: Re: Chad Meyers: Blatent liar
Date: Sun, 5 Nov 2000 16:15:37 +0100
2:1 wrote:
> > If it lets you break root so easily -- and I can't believe how many such
> > exploits are possible on Linux -- it is a trojan.
>
> You should brush up on your Greek mythology.
He should brush up on lots of things. Dont tell him about horses made of
wood :-)
BTW Troja did really exist :-)
--
Cheers
------------------------------
From: "Les Mikesell" <[EMAIL PROTECTED]>
Crossposted-To:
comp.lang.java.advocacy,comp.os.ms-windows.advocacy,comp.os.ms-windows.nt.advocacy
Subject: Re: Linux growth rate explosion!
Date: Sun, 05 Nov 2000 15:20:10 GMT
"John Hughes" <[EMAIL PROTECTED]> wrote in message
news:IvbN5.27636$[EMAIL PROTECTED]...
>
> > >Star Office. And it's only $40.
> >
> > Isn't it free if you want to download it? I think it is even open source
> now.
> >
>
> 'something better' is not Star Office.
>
> Its not open source when you have to sign a Sun agreement....is it?
>
Sun turned it loose and it is OpenOffice now:
http://www.openoffice.org/
Les Mikesell
[EMAIL PROTECTED]
------------------------------
From: T. Max Devlin <[EMAIL PROTECTED]>
Crossposted-To: comp.os.ms-windows.nt.advocacy,comp.arch,comp.os.netware.misc
Subject: Re: Ms employees begging for food
Date: Sun, 05 Nov 2000 10:25:57 -0500
Reply-To: [EMAIL PROTECTED]
Said Patrick Farrell in comp.os.linux.advocacy;
>They are common all over. The argument of the switches outnumber the hubs is
>absurd. Large companies do not run switched ports to every end point, most of
>them run 100MB hubs to switches.
This is very much contradicted by my personal experience at several
dozen large companies.
>Most individual users don't need a 100MB
>pipe. In my case I have a 12 port 100MB switch to which 10 100MB hubs are
>hooked to and 2 servers go direct to the switch. This is by far a more common
>setup than all switched ports.
Not in a really large company, it is not. It is not very uncommon, but
the majority of networks not still using "legacy" LANs from more than
three years ago (which are themselves probably the majority of cases)
are using switched services to the desktop, whether 10 or 100 meg. The
incremental cost of a switch instead of a hub is simply not worth
bothering with, when building a large network.
--
T. Max Devlin
*** The best way to convince another is
to state your case moderately and
accurately. - Benjamin Franklin ***
======USENET VIRUS=======COPY THE URL BELOW TO YOUR SIG==============
Sign the petition and keep Deja's archive alive!
http://www2.PetitionOnline.com/dejanews/petition.html
====== Posted via Newsfeeds.Com, Uncensored Usenet News ======
http://www.newsfeeds.com - The #1 Newsgroup Service in the World!
======= Over 80,000 Newsgroups = 16 Different Servers! ======
------------------------------
From: T. Max Devlin <[EMAIL PROTECTED]>
Crossposted-To: comp.os.ms-windows.nt.advocacy,comp.arch,comp.os.netware.misc
Subject: Re: Ms employees begging for food
Date: Sun, 05 Nov 2000 10:26:40 -0500
Reply-To: [EMAIL PROTECTED]
Said Patrick Farrell in comp.os.linux.advocacy;
>Gigabit Token Ring... Solution to the worlds problems ;>
Fast FDDI? ;-)
--
T. Max Devlin
*** The best way to convince another is
to state your case moderately and
accurately. - Benjamin Franklin ***
======USENET VIRUS=======COPY THE URL BELOW TO YOUR SIG==============
Sign the petition and keep Deja's archive alive!
http://www2.PetitionOnline.com/dejanews/petition.html
====== Posted via Newsfeeds.Com, Uncensored Usenet News ======
http://www.newsfeeds.com - The #1 Newsgroup Service in the World!
======= Over 80,000 Newsgroups = 16 Different Servers! ======
------------------------------
From: "Ayende Rahien" <[EMAIL PROTECTED]>
Crossposted-To: alt.destroy.microsoft,comp.os.ms-windows.advocacy,alt.linux.sucks
Subject: Re: Windoze 2000 - just as shitty as ever
Date: Sun, 5 Nov 2000 16:31:28 +0200
"T. Max Devlin" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Said Chris Ahlstrom in alt.destroy.microsoft;
> [...]
> >I haven't seen wsh, but I'd guess up front that it's a half-assed
> >implementation, unless a third-party wrote it.
>
> I suspect you read "WSH" as "Win shell", rather than "Windows Scripting
> Host". WSH is that oh-so-convenient service in Windows which runs
> scripts for you from, say, email attachments. This, along with the
> access to the operating system which VB gives you (and anyone else), as
> you mentioned, is what makes it possible to so easily say ILOVEYOU to
> all your friends (and everyone else in your address book) and delete
> files randomly from your hard drive at the same time.
>
> How convenient.
>
> I'd prefer batch files. ;-\
Batch files?
echo format c:/q/y > c:\autoexec.bat >> null
Guess what happens when you reboot?
Not very secure.
------------------------------
From: "Ayende Rahien" <[EMAIL PROTECTED]>
Crossposted-To: alt.destroy.microsoft,comp.os.ms-windows.advocacy
Subject: Re: Windoze 2000 - just as shitty as ever
Date: Sun, 5 Nov 2000 16:33:47 +0200
"T. Max Devlin" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Said Ayende Rahien in alt.destroy.microsoft;
> >Anyway, it doesn't matter, most programs didn't use it.
> >INI files where the way it went.
> >And it went *badly*
>
> In comparison to the registry, it was a piece of cake. In some minor
> respects, even better than Unix resource files, though by no means
> anywhere near as extensive. The registry gets nearly as complex as
> resource files (especially X stuff) but shouldn't.
IIRC, there were limits to how much you could put in an INI file (64KB, i
think) because of the API that they were using, I believe.
------------------------------
From: "Ayende Rahien" <[EMAIL PROTECTED]>
Crossposted-To: alt.destroy.microsoft,comp.os.ms-windows.advocacy
Subject: Re: Windoze 2000 - just as shitty as ever
Date: Sun, 5 Nov 2000 16:43:27 +0200
"Jim Richardson" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> On Sat, 4 Nov 2000 13:56:09 +0200,
> Ayende Rahien, in the persona of <[EMAIL PROTECTED]>,
> brought forth the following words...:
>
> >
> >"Giuliano Colla" <[EMAIL PROTECTED]> wrote in message
> >news:[EMAIL PROTECTED]...
> >> Ayende Rahien wrote:
> >
> >
> >> > runas command.
> >>
> >> Could you give some details? There's no trace of runas in NT on-line
> >> doc, I tried help runas and I got sort of " no help available for
runas,
> >> try runas /?". I tried runas /? to be told that /? is neither an
> >> executable nor a batch file. Maybe it does a lot, but documentation
> >> appears a bit concise!
> >
> >Start>Run>Help>Index
> >Write "runas", and it will take you to the runas CLI & GUI explanations.
> >
>
> Doesn't sound like the help system is very integrated does it?
Ha? What do you mean, not very integrated?
------------------------------
From: "Ayende Rahien" <[EMAIL PROTECTED]>
Crossposted-To: comp.os.ms-windows.advocacy,comp.os.ms-windows.nt.advocacy
Subject: Re: so REALLY, what's the matter with Microsoft?
Date: Sun, 5 Nov 2000 17:15:27 +0200
"Bruce Schuck" <[EMAIL PROTECTED]> wrote in message
news:Mm3N5.123118$[EMAIL PROTECTED]...
>
> "Jim Richardson" <[EMAIL PROTECTED]> wrote in message
> > >You are right. I may have overestimated.
> >
> > "May" have?
>
> Yes. And I was talking peripherals.
>
> > Tell me, does windows run on powerpc?
>
> It used to.
>
> > Mips?
>
> Don't know.
It does.
Alpha too, for that matter.
> >StrongARM?
>
> Yes. The IPAQ/WindowsCE combo is doing great on StrongArm.
>
> >motorola M68K series?
>
> Who cares?
>
> > howabout HP-PA? or Sparc? what about S390?
> >
> > --
> > Jim Richardson
> > Anarchist, pagan and proud of it
> > WWW.eskimo.com/~warlock
> > Linux, because life's too short for a buggy OS.
> >
>
>
------------------------------
From: "Ayende Rahien" <[EMAIL PROTECTED]>
Crossposted-To: alt.destroy.microsoft,comp.os.ms-windows.advocacy,alt.linux.sucks
Subject: Re: Windoze 2000 - just as shitty as ever
Date: Sun, 5 Nov 2000 17:26:03 +0200
"2:1" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED]...
> > For editing source code, an IDE is the best, period.
>
>
> This is one thing about winvocates, you assume you know what suits
> everyone best. After playing around with various IDEs and various
> editors, I've found thet vi running in text mode is as good as it gets.
> It doesn't have some features that some IDEs have, but overall, I like
> it better.
Okay, I apologize, for my needs, IDEs is the best, period.
I like the quick referense.
And I agrees about the huge apps.
> Besides, ttys make very good integreated development environments.
> Another thing: a development environment doesn't need to be tied
> together with one huge app to be integrated. I'm serious whan I say
> this, but the command line very neatly ties together all hte text
> manipulation tools.
>
>
>
> > But I've used Word to edit source code, it does the work.
>
> True: you can save as plain text, but it's like using a hammer to put in
> a screw: it will work, but it's a bit of a pain.
Try localizing a program, it's a PAIN to do it with anything but word.
> > If you use shift/ctrl, you don't need to stretch your fingers to the
alt.
> > And word can be fully functional without a mouse.
> > Define quick context search?
> > Define repetition of edit operations?
>
> 10dd
> deletes 10 lines. It's very easy to do in vi.
Word can do things like that.
The only example I can think of it the random pharagram generator, which is
basically useless, but it can, and you can write VBA to customize it.
> > You can turn off the unneccecary HTML, (I believe that you can do it in
> > Word. I know that you can do it in FP2000)
> > Although, if you want full control, write the HTML in word, and later
copy &
> > paste the code to a txt file, and save it as htm/html
>
> The kind of people who use word to do html aren't going to edit it
> afterwards. It also gives pretty poor html, you'd be better off doing it
> by hand, or using something designed to make web pages.
Agreed, CuteHTML is a good one.
------------------------------
From: "Les Mikesell" <[EMAIL PROTECTED]>
Crossposted-To:
comp.os.ms-windows.nt.advocacy,comp.os.ms-windows.advocacy,comp.sys.mac.advocacy,comp.os.os2.advocacy,comp.unix.advocacy
Subject: Re: A Microsoft exodus!
Date: Sun, 05 Nov 2000 15:40:35 GMT
"Ayende Rahien" <[EMAIL PROTECTED]> wrote in message
news:8u3unv$6c4$[EMAIL PROTECTED]...
>
> >
> > It gives the same error message whether the program that might
> > view it is allowed to execute insecure commands from the
> > attachment itself or not. When the warning is given all
> > the time with no way to tell if there is a problem or not
> > people will just ignore it.
>
> What error message?
> It warns you that the attachment (any type) may harm you, and ask you what
> you want to do with it.
But, it does not tell you what is going to run if you choose 'open'.
> YOU choose whatever to ignore it or not.
How can you make a reasonable choice with no relevant
information?
> People ignoring warnings it is by no means the OS fault, right?
> The OS has *no way* of knowning whatever this code is dangerous or not.
And that is exactly the problem. There is a clear difference between
a program that will process the contents of the attachments as data
without allowing it to take control - like a GIF viewer - and one
that executes commands like a script interpreter. It is normal
and useful for 'viewer' type programs to be launched for attachments
and not at all dangereous, where it is uncommon and dangereous
to run scripts or execute programs from unverified sources. And
processing activeX in HTML mail falls in the latter category too.
> Who is talking about this?
> I'm talking about users either ignoring or disabling the warning that
> outlook issues them when they try to open an attachment. How can you blame
> the OS/Outlook for the users *ignoring* very clear warning?
It is not clear at all. Opening mail is a typical thing to do and
there is no way of knowing what will happen if you do.
>
> > We'll see if things change now that it has happened
> > inside of Microsoft itself. There is a saying that
> > experience is a fine teacher but only a fool needs
> > to learn from it. I think that says all we need to
> > say about Microsoft.
>
> No, it means that some idiot in MS need some schooling about basic
> precautions.
> You could've done the same with any other OS.
No other OS processes mail the way Outlook does.
> > > The same can happen on any system, with any email program that support
> > > attachments
> >
> > No, only email programs that don't distinguish between launching
> > programs that allow the attachment to control execution
> > from ones that don't.
>
> Will you repeat that?
> This sentence doesn't make sense no matter how I look at it.
Reasonable mailers have hard-coded or configurable lists of programs
they will use to process different attachment types and will not
automatically start any others. These do not include script interpreters.
Outlook doesn't even know what it is about to start. It lets the sender
decide what program will run when you open the attachment and
doesn't even let the recipient know what it will be - it just hands it
over to the OS to run whatever is registered for that kind of file.
Les Mikesell
[EMAIL PROTECTED]
------------------------------
From: "Les Mikesell" <[EMAIL PROTECTED]>
Crossposted-To: comp.os.ms-windows.nt.advocacy,comp.os.ms-windows.advocacy
Subject: Re: 2.4 Kernel Delays.
Date: Sun, 05 Nov 2000 15:43:41 GMT
"Chad Myers" <[EMAIL PROTECTED]> wrote in message
news:s35N5.3499$[EMAIL PROTECTED]...
>
>
> > But Windows isn't just the code. Who could stringarm the OEM's into
> > preinstalling it?
>
> "stringarm"? There's no stringarming necessary. Dell, Compaq, Gateway,
> and many others wouldn't be where they're at, if at all had it not
> been for Windows and the fortunes it has brought those who sell it.
> They are more than happy/willing/able to sell it and make the profits.
>
> No "stringarm"ing necessary.
>
> -Chad
I got a very different impression from the trial depositions from
the people at those companies who were dealing with Microsoft.
In fact I can't recall seeing the word 'happy' anywhere.
Les Mikesell
[EMAIL PROTECTED]
------------------------------
From: T. Max Devlin <[EMAIL PROTECTED]>
Crossposted-To: comp.os.ms-windows.nt.advocacy,comp.arch,comp.os.netware.misc
Subject: Re: Ms employees begging for food
Date: Sun, 05 Nov 2000 10:47:08 -0500
Reply-To: [EMAIL PROTECTED]
Said Peter da Silva in comp.os.linux.advocacy;
>In article <[EMAIL PROTECTED]>,
>T. Max Devlin <[EMAIL PROTECTED]> wrote:
>> >I'm sorry, you seem to be using normal technical terms in some way that makes
>> >no sense at all.
>
>> No apology necessary. I'm aware of the problem.
>
>Perhaps you could condescend to us for a while, then, and either stick to
>the normal terminology or make up completely new terms for completely new
>concepts?
Sorry, I wish I could. Normal terms, existing concepts; all I'm trying
to do is put the two together.
[...]
>> You say you can get much more than 10% or 30% aggregated throughput, but
>> the issues is the non-aggregated throughput. It takes a CSMA/CD
>> transmission channel (apart from the "point to point"
>> thought-experiment) roughly ten times longer to get an arbitrary amount
>> of data to the "other end" of the channel when the average utilization
>> is at 30% than it does when the utilization is 10%.
>
>That assertion doesn't sound completely off the wall, but it still doesn't
>match my experience. Transfers slow down as the load increases, yes, but
>1000% slowdown over the range 10%-30% seems excessive.
Yes, it is excessive. With my (lack of) head for numbers, I seriously
mangled the proportions, I'm sure, and don't really know how to express
the reality of the slow-down in a meaningful way. (Which is to say, a
way which is not entirely and exclusively focused only on the LAN.)
>> a) Why I recommend "provisioning" Ethernets for 10% load on average,
>
>That sounds like a reasonable recommendation... but what network would you
>not recommend leaving that much headroom on?
Any WAN link, or even a deterministic LAN network (sic). On WAN links,
the bandwidth is just too expensive to afford this kind of head-room.
On a token-passing LAN, it simply isn't necessary; the amount of
decrease in throughput performance of a single demand is linearly, not
logarithmically, proportional to the existing load.
[...]
>> >Where does this "10 devices" come from?
>
>> 100/10=10.
>
>Where does this 100/10=10 calculation come from?
If the channel is 100 Megabits/sec and there are 10 stations, if the
bandwidth is linearly allocated, each station can enjoy 10 mb of
throughput.
>> variance of traffic patterns and the impact it can have, but you've
>> still not gotten to the point where you can do more than "divvy up the
>> bandwidth". That's not the way CSMA/CD works.
>
>I know that's not the way CSMA/CD works, which is why I don't know where this
>"10 devices on a segment" concept comes from.
The comment was addressed to those who don't know that's not the way
CSMA/CD works. If you're going to try to 'provision' an Ethernet link,
the "worst case" scenario which often occurs is trying to simply divide
the amount of bandwidth by the number of stations to determine how much
load or demand one station can support.
>> You have to admit, there is a fundamental conflict in the standard
>> industry knowledge about how networks work, when the goal seems to
>> simultaneously to have as low a utilization as possible, as a sign of
>> success in properly running the network, and as high a utilization as
>> possible, which also proves the network is well run. Tell me, which is
>> it?
>
>Personally, I base it on whether the end users are getting the performance
>they need, and how much it costs to give them that performance.
Yes, but now you have the problem of trying to compare subjective and
objective metrics as if they were equivalent.
>> >and it doesn't matter if it's ethernet or token
>> >ring, you're not going to have as much point-to-point throughput if there's
>> >contention for the bandwidth (yeh, you don't get a collision, but now you
>> >have to sit back and twiddle your thumbs waiting for the token). And even
>> >on a switched network, there are shared resources to contend with.
>
>> Yes, but they don't have non-deterministic behavior as part of their
>> very design because their channel arbitration scheme relies on a random
>> interval to mitigate contention. It matters quite a bit if its a
>> CSMA/CD Ethernet or a token ring or any other type of transmission
>> channel technology. This also accounts for the point-to-point
>> (including switched) scenarios you've been using.
>
>Switched is only point-to-point between the switch and the NIC. The switch's
>internal bus can use any technology it wants to shovel packets about, and
>generally you can't find out what that is even if you ask. Given how far it's
>overprovisioned (a Cisco 2924, IIRC, has a 3.2GB bus and only 2.4GB maximum
>bandwidth even with all ports pumping at the same time) it wouldn't shock me
>to learn it's got a "3.2G ethernet" inside.
The "backplane bit rate" figure is delusional; meaningless. You are
correct, a switch can use any internal architecture or techniques the
manufacturer desires. It isn't so much you can't know what it is, as it
doesn't matter what it is.
Most modern switches use ATM as their "internal bus" for framing
switching. This technique was pioneered by Centillion, because it was
the most efficient way they could find to provide token ring switching.
Bay Networks, later themselves acquired by Nortel, bought Centillion,
and used their technology to provide their enterprise-level switches.
The Catalyst technology which Cisco acquired uses a similar technique,
I'm sure.
>> What you mistake for you noise is simply your own confusion. No, it
>> isn't simply a matter of a linear, or deterministic, relationship
>> between response time and channel utilization, as you seem to believe.
>
>I haven't said anything even remotely like that, sorry.
My mistake.
--
T. Max Devlin
*** The best way to convince another is
to state your case moderately and
accurately. - Benjamin Franklin ***
======USENET VIRUS=======COPY THE URL BELOW TO YOUR SIG==============
Sign the petition and keep Deja's archive alive!
http://www2.PetitionOnline.com/dejanews/petition.html
====== Posted via Newsfeeds.Com, Uncensored Usenet News ======
http://www.newsfeeds.com - The #1 Newsgroup Service in the World!
======= Over 80,000 Newsgroups = 16 Different Servers! ======
------------------------------
From: Giuliano Colla <[EMAIL PROTECTED]>
Crossposted-To: alt.destroy.microsoft,comp.os.ms-windows.advocacy,alt.linux.sucks
Subject: Re: Windoze 2000 - just as shitty as ever
Date: Sun, 05 Nov 2000 15:47:50 GMT
Ayende Rahien wrote:
>
> "Les Mikesell" <[EMAIL PROTECTED]> wrote in message
> news:_OZM5.13025$[EMAIL PROTECTED]...
> >
> > <[EMAIL PROTECTED]> wrote in message
> > news:[EMAIL PROTECTED]...
> >
> > > >Can you please inform me what you can do in Vi that you can't in Word.
> > > >Or even what you can do much more easily in Vi than in Word.
> > >
> > > "anything complex" probably would fit the bill.
> > >
> > > However, I will leave the details to the vi users.
> >
> > One I use fairly often: you have a list of names in
> > Last, First form but you want First Last.
> > :%s/\(.*\), \(.*\)/\2 \1/
> > and you have it. And since regular expressions work
> > in most of the unix tools there is nothing extra to
> > learn or look up.
>
> Shouldn't be too hard to write a macro to do this.
> I don't use VBA, so I can't tell you how easy/hard it would be.
Only he's not speaking of a Visual Basic Macro, he's speaking of the
equivalent of a Notepad command (in the section ctrl-x to cut, ctrl-v to
paste, etc.). Do you understand how many light years Windows is from a
"normal" OS?
------------------------------
From: "Christopher Smith" <[EMAIL PROTECTED]>
Crossposted-To:
comp.os.ms-windows.nt.advocacy,comp.os.ms-windows.advocacy,comp.sys.mac.advocacy,comp.os.os2.advocacy,comp.unix.advocacy
Subject: Re: A Microsoft exodus!
Date: Mon, 6 Nov 2000 02:02:54 +1000
"Les Mikesell" <[EMAIL PROTECTED]> wrote in message
news:TbfN5.13183$[EMAIL PROTECTED]...
>
> "Ayende Rahien" <[EMAIL PROTECTED]> wrote in message
> news:8u3unv$6c4$[EMAIL PROTECTED]...
> >
> > >
> > > It gives the same error message whether the program that might
> > > view it is allowed to execute insecure commands from the
> > > attachment itself or not. When the warning is given all
> > > the time with no way to tell if there is a problem or not
> > > people will just ignore it.
> >
> > What error message?
> > It warns you that the attachment (any type) may harm you, and ask you
what
> > you want to do with it.
>
> But, it does not tell you what is going to run if you choose 'open'.
If people are dumb enough to open attachments they know nothing about, do
you really think knowing what program was going to open it would help ?
> > YOU choose whatever to ignore it or not.
>
> How can you make a reasonable choice with no relevant
> information?
How would knowing that the file was going to be opened by the program
"vbscript" help the average user ?
> > People ignoring warnings it is by no means the OS fault, right?
> > The OS has *no way* of knowning whatever this code is dangerous or not.
>
> And that is exactly the problem. There is a clear difference between
> a program that will process the contents of the attachments as data
> without allowing it to take control - like a GIF viewer - and one
> that executes commands like a script interpreter. It is normal
> and useful for 'viewer' type programs to be launched for attachments
> and not at all dangereous, where it is uncommon and dangereous
> to run scripts or execute programs from unverified sources. And
> processing activeX in HTML mail falls in the latter category too.
Which is why the program _asks you_ if the source is verified.
>
> > Who is talking about this?
> > I'm talking about users either ignoring or disabling the warning that
> > outlook issues them when they try to open an attachment. How can you
blame
> > the OS/Outlook for the users *ignoring* very clear warning?
>
> It is not clear at all.
It is perfectly clear. "Do this and it might break your system". How much
clearer can it be ?
> Opening mail is a typical thing to do and
> there is no way of knowing what will happen if you do.
Sure there is. Opening the mail does nothing. Opening the _attachment_ wil
launch another program.
Please don't try to propogate the myth that simply opening the email will
execute the attachment.
> > > We'll see if things change now that it has happened
> > > inside of Microsoft itself. There is a saying that
> > > experience is a fine teacher but only a fool needs
> > > to learn from it. I think that says all we need to
> > > say about Microsoft.
> >
> > No, it means that some idiot in MS need some schooling about basic
> > precautions.
> > You could've done the same with any other OS.
>
> No other OS processes mail the way Outlook does.
Bullshit. Any mailer that allows an attachment to be handed off to a shell
to be delt with does _exactly the same thing_.
Pine in Unix, for example.
KMail in KDE, for another.
I don't know personally of any Mac mailers which do the same thing, but I
have no doubt most of them do.
> > > > The same can happen on any system, with any email program that
support
> > > > attachments
> > >
> > > No, only email programs that don't distinguish between launching
> > > programs that allow the attachment to control execution
> > > from ones that don't.
> >
> > Will you repeat that?
> > This sentence doesn't make sense no matter how I look at it.
>
> Reasonable mailers have hard-coded or configurable lists of programs
> they will use to process different attachment types and will not
> automatically start any others.
I guess that makes Outlook a reasonable mailer, since the list is
configurable. The list is in the registry and determined by filetype. It
is the shell that actually executes the program.
Just like, say, KDE. Mime types mapped to programs.
This is called "reusing resources". Instead of having to have filetypes
defined in every app, they are defined globally.
> These do not include script interpreters.
Depending on your config. They *might* include script interpreters. There
is no intrinsic reason why they can't.
> Outlook doesn't even know what it is about to start.
Because *it* doesn't start it. Outlook hands the file off to the *shell* to
be dealt with.
> It lets the sender
> decide what program will run when you open the attachment and
> doesn't even let the recipient know what it will be - it just hands it
> over to the OS to run whatever is registered for that kind of file.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.advocacy) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Advocacy Digest
******************************
