Linux-Advocacy Digest #154, Volume #30 Fri, 10 Nov 00 03:13:02 EST
Contents:
Re: A Microsoft exodus! ("Christopher Smith")
Re: Linux 2.4 mired in delays as Compaq warns of lack of momentum ("Chad Myers")
Re: A Microsoft exodus! ("Christopher Smith")
Re: Linux 2.4 mired in delays as Compaq warns of lack of momentum ("Chad Myers")
Re: Linux Is Lame. Sorry but it is true ("Javaduke")
Re: Linux vs Microsoft Misconceptions: (sfcybear)
Re: OS stability (sfcybear)
Re: Linux vs Microsoft Misconceptions: (sfcybear)
----------------------------------------------------------------------------
From: "Christopher Smith" <[EMAIL PROTECTED]>
Crossposted-To:
comp.os.ms-windows.nt.advocacy,comp.os.ms-windows.advocacy,comp.sys.mac.advocacy,comp.os.os2.advocacy,comp.unix.advocacy
Subject: Re: A Microsoft exodus!
Date: Fri, 10 Nov 2000 17:32:37 +1000
"Les Mikesell" <[EMAIL PROTECTED]> wrote in message
news:fcLO5.16122$[EMAIL PROTECTED]...
>
> "Christopher Smith" <[EMAIL PROTECTED]> wrote in message
> news:8uekur$43i$[EMAIL PROTECTED]...
>
> > > > > From email, things should be viewed,
> > > > > not run, regardless of what the sender arbitrarily named them.
> > > >
> > > > Why only email ? How about the web ? Networks ? Floppy disks ?
> > >
> > > The web, of course - nothing but active-X treats web-retreived content
> > > as trusted. Networks are up to you and your network administrator
> > > as to how you trust what comes from them, and only you know about
> > > the contents of your floppies. The point is that as soon as you
> > > copy any of this stuff on your hard drive you lose track of the
> > > source and the potential for trojans.
> >
> > Bingo. Noting that the difference between saving to the hard disk then
> > opening it and opening it directly is largely one of semantics,
especially
> > when the default is *not* to open.
>
> Saving to disk is worse. At that point you effectively own it.
So let's get this straight:
1. Executing directly from the email is Bad.
2. Saving it to disk is Worse.
JUST HOW THE FUCK ARE PEOPLE SUPPOSED TO DEAL WITH ATTACHMENTS ?
> > > > They should be handled by file *type*, for consistency.
> > >
> > > Just because a file is named something.pl should not mean
> > > that I am ready for perl to execute it. When I want it
> > > executable, I'll make it executable. And the contents
> > > should specify the interpreter.
> >
> > Once again you confuse executing with opening. When making arguments
> > against Windows, use Windows terminology.
>
> I am making arguments about an email program. It does not have
> to inherit all of Windows problems in order to run there.
It runs under Windows. Therefore it uses Windows' semantics and UI.
> Still there is a difference between opening and executing a perl
> script. I would open it to view or edit its contents.
Good for you. I would edit it to edit it and double click it to run it (or
type in the name).
> > > > Why ? I thought you Unix folk revelled in your "diversity".
> > >
> > > Not when the diversity includes insane insecurity.
> >
> > Which this doesn't.
>
> Do you remember the problem here or not?
Yes. The problem is dumb people doing dumb things.
> > > > There is no reason whatsoever for a "window" in Unix to behave like
a
> > > > "window" in Windows. There *is* a reason, though, for icons to
behave
> > > > consistently within an operating system.
> > >
> > > There is a reason for a concept of trusted and untrusted content and
> > > there is a long history that Windows products completely ignore.
> >
> > If the user trusts it, then it's trusted. Period. Much like Unix.
>
> Of course. But any reasonable system will distinguish between
> enough trust to view something and enough trust to allow it to
> take control with all your permissions. Outlook doesn't.
Neither does any other program. If you execute anything in any OS, it runs
with your permissions.
> > > > So the way every mailer on earth works - by letting you save it - is
> the
> > > > "worst possible action".
> > >
> > > It is your choice.
> >
> > Our point precisely.
>
> No, you would have a point if you had previously been able to
> safely view the contents, or had been warned that the content
> of this attachment has no preconfigured safe viewer and is
> unlike normal multimedia mail attachments.
You can safely view the contents and you *do* get a warning saying the
contents might be dangerous.
> > > If you want to shoot off your foot you should
> > > be allowed to.
> >
> > Really ? So far in this thread you've spent countless posts arguing you
> > *shouldn't* be able to.
>
> No, I have never said anything like that.
*Boggle*. You've spent this entire thread waxing lyrical about how outlook
opening attachments is a bad idea.
It's even better now - now we can't even save them to our hard disks because
that's a bad idea.
Pretty soon you'll be wanting attachments stripped off at the mail server.
> What I have said is that
> you should be allowed to know whether the gun is loaded and
> which way it is pointing at the time you pull the trigger or deposit
> it where children play.
You do.
The icon of the file tells you.
The extension tells you.
The filename will usually give some indication.
> You, on the other hand keep insisting
> that such knowledge is unimportant as you make your choice.
> Ready, fire, aim...
No, I am aware that such knowledge is *already there* for those who have the
intelligence to look.
> > > However, Windows prevents you from ever being
> > > able to tell if the gun is loaded or not.
> >
> > Bullshit. Windows provides the same facilities for checking Unix does.
> > Extensions, icons, the ability (the default !) to save to permanent
> storage
> > for examination.
>
> Yet most of the Windows-using world has been unable to get this right.
Most people are stupid and/or ignorant. Your point ?
> I have trouble myself trying to get anything but the default action to
> happen to any file under windows and I'd bet that 90% of the users
> don't know it is possible.
ANd without that default action most people wouldn't be able to get a file
to do anything _at all_.
> I don't see any equivalence here in either functionality or ease of use
> when compared to automatically running a viewer for each type
> that can safely be viewed and telling you that the unknown types
> do not have a safe handler before you choose to bless it with your
> ownership in the filesystem.
Because it's a stupid waste of resources to have to maintain both lists.
Because a safe viewer doesn't always exist.
Because it's inconsistent UI.
Because it's an inconveniece to others.
Because it would have made fuck all difference if people had had to save the
attachment to their hard disk before running it.
> > > Once the file is on your disk, how do you expect *anything else* or
> > > anyone else to ever know it came from an insecure source.
> >
> > THE SAME WAY YOU DO IN ANY OTHER OS.
>
> An OS must assume that if you copy the file into the filesystem that
> you trust its contents or otherwise take responsibility for it.
The OS should assume that when you tell it to do something, that's what you
want it to do.
> However
> other mailers do not prevent you from making an informed choice
> about this before you do it.
Neither does outlook.
> > > You
> > > are just dropping that loaded gun in a place where children play.
> >
> > With the safety on. Just like every other OS.
>
> Huh? Anyone who touches it is still going to invoke the default action.
> But now it belongs to you.
The "safety" being the fact everyone's going to hav eto change the default
action before it can do anything bad.
>
> > > > > It doesn't matter what either of us think about it. We know
exactly
> > > > > what the result of this situation is - one disaster after another.
> > > >
> > > > And the three mouseclicks between opening it from the email and
> opening
> > it
> > > > from the filesystem are going to matter to people like that ? Yeah,
> > > right.
> > >
> > > It isn't the extra effort that matters, it is being able to know the
> > > difference
> > > between something safe and ordinary and something dangereous.
> >
> > Which is identical regardless of where the attachment is being opened
> from.
>
> No, it is only hidden in Outlook.
Not at all. Extensions, filenames, icons, save to disk and check yourself.
> Mailers with a mailcap concept can
> avoid turning over control to the whims of the sender and let you
> know that you have something unusual.
As does outlook.
> > > > SO every mailer in the world that can handle attachments is broken ?
> Or
> > > are
> > > > the Unix ones ok because Microsoft don't write them ?
> > >
> > > Every mailer that lets the attachment content execute it's choice of
> > > interpreter whether it is a program known to be safe or not is broken.
> >
> > Funny, that's different to what you wrote the first time
>
> You must have me confused with someone else.
I would quote exactly what you said, but my newserver has expired it.
> I have repeated
> exactly the same point over and over. Do I have to say it again
> for every instance of someone executing a virus accidentally?
You said something along the lines of "any mailer that lets you save
attachments is broken".
> > > That just happens to be the kind that Microsoft wrote.
> >
> > No, it does not.
>
> Did they buy Outlook from some other company?
No, outlook only executes something you tell it to.
------------------------------
From: "Chad Myers" <[EMAIL PROTECTED]>
Crossposted-To: comp.os.ms-windows.nt.advocacy
Subject: Re: Linux 2.4 mired in delays as Compaq warns of lack of momentum
Date: Fri, 10 Nov 2000 03:32:15 GMT
"The Ghost In The Machine" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> In comp.os.linux.advocacy, Chad Myers
> <[EMAIL PROTECTED]>
> wrote
> on Wed, 08 Nov 2000 04:04:37 GMT
> <ph4O5.1087$[EMAIL PROTECTED]>:
> >
> >"Roberto Teixeira" <[EMAIL PROTECTED]> wrote in message
> >news:[EMAIL PROTECTED]...
> >> >>>>> "R" == Relax <[EMAIL PROTECTED]> writes:
> >>
> >> R> NTFS has yet to be proven unstable anywhere. Just a little
> >> R> difference, of course, but one that matters. That said, it is
> >> R> interesting to discover that a very important, if not crucial,
> >> R> piece of code like an enterprise-class filesystem can be
> >> R> "proven unstable" despite the fact it's open-sourced thus
> >> R> scrutinized by thousands of talented and dedicated people for
> >> R> bugs and security holes, with "0-day patches" (tm) and the like
> >> R> :)
> >>
> >> ReiserFS is still UNDER DEVELOPMENT, do not forget this. And that is
> >> why it is still _not_ in the Linux kernels.
> >
> >Thank you for admitting this.
> >
> >ReiserFS is the first, best hope for a Linux FS.
> >
> >Ext2 is hopelessly flawed, ext3 is still ways away.
> >
> >It's safe to say:
> >
> >Linux has no enterprise-class, or even departmental-class filesystem.
>
> And why does NTFS qualify as an enterprise-class filesystem?
>
> I'm curious.
Because it's in use by many enterprises in "enterprise-class" scenarios
(Running SAP, Baan, PeopleSoft, Email, etc for millions of users every day).
None of the major DB's require a special partition with a special filesystem
to run on NT, they all use NTFS and break performance records doing so.
NTFS has multiple layers of redundancy, journaling, etc that protect it from
the gross corruption episodes that plague ext2 and prevent it from being
taken seriously.
Among many other reasons...
-Chad
------------------------------
From: "Christopher Smith" <[EMAIL PROTECTED]>
Crossposted-To: comp.os.ms-windows.nt.advocacy
Subject: Re: A Microsoft exodus!
Date: Fri, 10 Nov 2000 17:35:40 +1000
"Les Mikesell" <[EMAIL PROTECTED]> wrote in message
news:hvLO5.16178$[EMAIL PROTECTED]...
>
> "Christopher Smith" <[EMAIL PROTECTED]> wrote in message
> news:8ue4go$69q$[EMAIL PROTECTED]...
> >
> >
> > Personally I believe the important sacrifices have already been made. I
> > doubt many of the people who were burnt the first time will allow it to
> > happen again. Lessons learnt hard are lessons learnt well.
>
> Considering that it is Microsoft itself that is now learning the lesson,
> I think things will change in the future... Do you consider it safe to
> store your credit card number or other personal or financial information
> on the same machine that is ready and willing to execute any code
> someone sends you without letting you realize that it is unusual
> content for an email attachment?
Which would be, er, any machine I can think of.
> Would you let your family or friends
> that you trust not to damage anything intentionally use outlook on this
> machine?
"Rm" will do a far more effective job of accidentally damaging things that
outlook will. Should we take out rm ?
> > That can be explained in about 10 lines of instructions. Or it can be
> > centrally distributed as a registry patch by the sysadmin.
>
> Perfect - you want to train users to open *.reg files they
> receive in email???
Well personally I'd have it run as part of the login script, but not
everyone does that.
------------------------------
From: "Chad Myers" <[EMAIL PROTECTED]>
Crossposted-To: comp.os.ms-windows.nt.advocacy
Subject: Re: Linux 2.4 mired in delays as Compaq warns of lack of momentum
Date: Fri, 10 Nov 2000 03:29:41 GMT
"Ketil Z Malde" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> "Chad Myers" <[EMAIL PROTECTED]> writes:
>
> >> I know you work hard to slander Linux and free software, but this is
> >> getting silly.
>
> > Who's slandering? These are very real questions.
>
> Yes, I know you're trying to objectively evaluate varous OS
> technologies. Sure.
I never claimed that, however they are still very relevant questions.
The claim that Linux is already "enterprise ready" is at stake.
You can't have an enterprise-ready application with a faulty and
half-baked file system (ext2). Even the MS you consider to be so
inferior knows this.
According to people in your camp, ReiserFS is the answer, but according
to you and several others, it's still in development and it doesn't
appear that anyone is staking their job or their credibility on it.
If you were setting up an enterprise system with thousands of desktops
running a piece of software that they all depended upon. Downtime is
measured in minutes costing thousands of dollars per each downtime unit.
Would you trust Linux and ReiserFS to it?
The possible answers are:
"Yes"
"No"
"I wouldn't use Linux in that scenario"
You can't win because if you answer:
"Yes" then you're obviously lying because it's still a work in
progress and not even all the Linux distro ship with it, let alone
use it as their default FS, let alone is it "Enterprise ready" and
tested.
"No" Then Linux isn't "enterprise ready".
"I wouldn't use..." Then Linux isn't "enterprise ready".
In any case, Linux isn't "enterprise ready" or "enterprise class" as
Red Hat declares on their site.
I never want to hear another jab at MS for "false marketing" or
"misleading statements", etc.
> If it is a "real" question, could you please define "released"?
Whatever you consider "done" or "stable" or "we're confident enough
that we'd trust running a banking operation on it"
> In my book, S.u.S.E has "released" Linux with ReiserFS. Does that
> count?
Perhaps. Is it the default FS? Or, Is is a recommended FS? Or does
SuSE claim in their documentation (what little docs there are) that
ReiserFS is in-progress and should only be used for testing?
> It's still being worked on, of course. Does that make it not
> count?
Ah... well, this answers the questions. If the developers don't
count on it, then why should a Fortune 500 company?
Linux is not an "enterprise ready" or "enterprise class" OS. Period.
-Chad
------------------------------
From: "Javaduke" <[EMAIL PROTECTED]>
Subject: Re: Linux Is Lame. Sorry but it is true
Date: Fri, 10 Nov 2000 07:47:39 GMT
I don't like you any more, I won't invite you to my birthday party... :)
javaduke
"Clifford W. Racz" <[EMAIL PROTECTED]> wrote in message
news:8uferf$nik$[EMAIL PROTECTED]...
>
> "Aaron R. Kulkis" <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]...
> >
> > You must be an idiot.
> >
>
> Oh yeah, Mr. Poopy pants! Well my dad can beat up your dad.
>
> P.S. Why don't you get a more interesting and significantly shorter sig
> file. It is irritating.
>
>
------------------------------
From: sfcybear <[EMAIL PROTECTED]>
Subject: Re: Linux vs Microsoft Misconceptions:
Date: Fri, 10 Nov 2000 07:44:36 GMT
In article <8udf82$3ps$[EMAIL PROTECTED]>,
"Javaduke" <[EMAIL PROTECTED]> wrote:
> Here are some Linux vs. Windows misconceptions:
>
> 1. Linux is an OS: Linux is not the total operating system. Linux,
strictly
> speaking is only the kernel, however, when refering to the full
> distribution, it is refered to as GNU/Linux
Not in my book, when refering to the full distribution I call it by the
distribution name: Mandrake, Redhat, Caldera, etc. a distribution may
have applications that are not coverd by the GPL and thus the
distribution could not be called GNU
>
> 2. Linux is unstable: Linux (see q1) is not unstable, however, the
> distribution (see q1) may be, technophiles generally stick to Debian
because
> of it's strict policy of defining what applications can be included
with the
> distribution. Alot of crashes that do happen are not always due to
software
> bugs, many times they can be caused by faulty hardware, however, Linux
is
> more fault tolerant than Windows when running it on a desktop.
>
> 3. Linux is hard: Linux is not hard, it is just different. Claire
Lynn and
> co. and beat around the bush as much as they like but the fact of the
matter
> is that I could of easily said "I'm going to stick with my Amiga 500
and
> Workbench 1.3" and never bought a PC, however, I did buy a PC, and I
did
> teach my self the basics by reading books, so the explaination of
"Linux us
> too hard" doesn't cut the mustard. I now use a Ultra Sparc 5 w/ 128MB
ram
> and Solaris 8, a step up from Linux, and even though some Linux
purists see
> the battle ground as Linux vs. the rest, I have talked to SUN NZ and
they
> encourage low end users to use Linux as it provides the low cost
stepping
> stone to allow a user to gain experience using a UNIX like OS then
move onto
> a more commercial one like Solaris.
>
> 4. Windows is user friendly: If Windows was user friendly the first
thing
> that Windows would be able to do is recover correctly either after a
crash
> or installation of a bad/corrupted driver, if the NT kernel is the
future of
> OS's then god help us as I have faced on many occasions Windows
failing to
> load concluding with a blue screen of death, worse still, I had to
> re-install Windows, all because the driver was a little thingy (I
finally
> got it loading by keeping the zip disk in the drive whilst NT was
loading).
> Secondly, Microsoft would ensure that users are not scared to death of
being
> hacked to pieces when using high speed internet, you could however,
get a
> third party tool, however, if an OS is properly designed it would not
be
> necessary for a user with a single computer connected via the internet
to go
> out and buy a decent form of protection.
>
> 5. Microsoft Tech Support is Great: Another myth created by the
wintrolls
> of the world. 1. Had Microsoft actually listened to customers (which
the
> claim to do) they would not charge for techsupport, shite, ya pay $400
for a
> bloody piece of software, a little support would be nice! 2. I rang
up,
> after two hours of getting switched from department to department I
was
> finally told that they had changed there database format and as a
result I
> would have to read a 6 page document describing how I can import it
into
> Visual Basic 6 using a special work around.
>
> 6. Linux's hardware support is limited: This was true in the past,
however,
> now with the pending release of kernel 2.4 the only pieces of hardware
not
> supported are obscure pieces of hardware that 0.0000000000001% of
computer
> users have, such as cheap, so-called, SB compliant cards and USB
devices
> nobodies heard of.
>
> 7. Microsoft Innovates: This is another misconception, here are two
> examples, Java, Microsoft broke a licensing deal with Sun
Microsystems
> regarding Java technology. Microsoft's excuse....."We embraced and
extended
> Java functionality"...laymens terms....lets really fuck Java
up.....another
> example is Internet Explorer..........created propriety extensions of
the
> HTML language........."We embrased and extended HTML fuctionality to
provide
> a better user experience".......in laymens terms....lets really fuck
> Netscape.......Two examples of a company using its monopoly in the
> operating-system market to screw competition by screwing open
standards.
>
> javaduke
>
>
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: sfcybear <[EMAIL PROTECTED]>
Subject: Re: OS stability
Date: Fri, 10 Nov 2000 07:40:57 GMT
In article <r%KO5.7420$[EMAIL PROTECTED]>,
"Erik Funkenbusch" <[EMAIL PROTECTED]> wrote:
> "Mig" <[EMAIL PROTECTED]> wrote in message
news:8uf9ve$ovd$[EMAIL PROTECTED]...
> > Erik Funkenbusch wrote:
> >
> > > > By your logic Barns & Noble must be the most secure site around!
> > >
> > > No. It's a fact, any Linux system that's been up over a year has
bugs
> in
> > > it's kernel that could make it insecure.
> >
> > Come on Eric. There is no way around the facts presented by
Netcraft and
> > "sfbear". If those Linux boxes where insecure then they would have
been
> > cracked long time ago and identified as cracked.
>
> Wow, so you're saying that simply because a system hasn't been
cracked, it's
> secure? Wow. I'll rush off and tell all the security experts.
>
> > The facts are simple and straight. NT/W2K is all about hype and
nothing
> > else. It must be extremely annoiyng to know that ones prefered
enviroment
> > is unstable and so insecure - just think about the two recent
Micros~1
> > cracks.
>
> Right. The first Microsoft crack had nothing to do with the OS. It
was an
> unsecure home system which an employee used to access the VPN. It was
poor
> security policy and nothing relating to the OS itself.
Just Like the poor security considerations of the OS it's self!
>
> The second one was an old machine that had not been patched because it
was
> considered in retirement. It should have been removed from the
network
> completely, but it wasn't.
So they say!
>
> Here's another thing to think about. In any large shop, similar to
> microsoft.com, don't you think they do regular maintenance?
Looks like MS software needs more maintenance than Linux and Unix! add
that to your TCO numbers!
If I ran such a
> shop, i'd rotate every server out of the loop every 60 days and
subject it
> to a battery of diagnostics and replace any hardware which shows even
the
> slightest sign of failing.
If I ran a W2K shop, I might do the same, but I run Linux and Unix and
have far more confidance in the OS I use! And because I use Linux and
Unix I don't have to worry as much about hardware issues because Linux
and Unix are far more forgiving when it comes to hardware that "shows
even the slightest sign of failing."
Still you have not said anything that could not be applied equaly to the
linux and Unix servers. So you point is a wash!
Of course, I like to back up my claims so lets take a look a Zenith's
uptime:
http://uptime.netcraft.com/graph?display=uptime&site=www.zenith.com
Zenith just does not seem to have enough servers to do the type of
server rotations that franky is so desperatly trying to sell us (and no,
I won't buy that bridge you are trying to sell, either). It looks as if
Zenith has installed a new server and got the best uptime right of the
bat: 13 days! but what's this? that's the last time we see that high of
number! 6 days uptime is the best they can do after that! Booting a
production webserver every 6 days is very sad!
Of course Franky's server rotation vapor process does not account for
the numbers we see coming from Barns and Noble
The lengths you go through! I wonder how many over worked sys admins,
running on tight budgets, are laughing their asses of over your comment
about swapping out servers!
>
>
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: sfcybear <[EMAIL PROTECTED]>
Subject: Re: Linux vs Microsoft Misconceptions:
Date: Fri, 10 Nov 2000 07:46:10 GMT
In article <[EMAIL PROTECTED]>,
Roberto Selbach Teixeira <[EMAIL PROTECTED]> wrote:
> On Thu, 9 Nov 2000, [EMAIL PROTECTED] wrote:
> > It was the Thu, 9 Nov 2000 19:12:00 +1300...
> > ...and Javaduke <[EMAIL PROTECTED]> wrote:
> >> Here are some Linux vs. Windows misconceptions:
> >>
> >> 1. Linux is an OS: Linux is not the total operating system. Linux,
> >> strictly speaking is only the kernel, however, when refering to the
> >> full distribution, it is refered to as GNU/Linux
> >
> > Which is just as wrong as plain "Linux". It's neither all Linux nor
> > all GNU plus Linux. A "Linux" distribution contains lots of non-GNU,
> > non-Linux software (XFree and KDE, for example).
> >
>
> In the end, it's all semantics :-)
Clarification.
>
> regards,
> Roberto
>
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.advocacy) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Advocacy Digest
******************************
