Linux-Advocacy Digest #36, Volume #31 Sat, 23 Dec 00 17:13:03 EST
Contents:
Re: Question with Security on Linux/Unix versus Windows NT/2000 (mlw)
Re: The Sixth Sense ("Chad C. Mulligan")
Re: The Sixth Sense ("Chad C. Mulligan")
Re: Conclusion ("Chad C. Mulligan")
Re: Conclusion ("Chad C. Mulligan")
Re: Who LOVES Linux again? (*)
Re: Sun Microsystems and the end of Open Source (Shane Phelps)
Re: An Entire Day With Linux (Yukkkkk!!!) (Yatima)
----------------------------------------------------------------------------
From: mlw <[EMAIL PROTECTED]>
Subject: Re: Question with Security on Linux/Unix versus Windows NT/2000
Date: Sat, 23 Dec 2000 16:18:59 -0500
Zane wrote:
>
> At work we use Windows NT on workstations and the other day people got
> email with an attached virus. The virus reformatted that persons hardrive
> if they clicked on the attachment.
The NT formatter code will not function on a drive with file locks, but,
should the user have sufficient privileges, a program which corrupts the
boot sector and possibly the file system can be run, then all that need
be done is crash the system with some bogus system I/O calls. BSOD.
Upon reboot the system will appear that no system disk exists. It isn't
a format, but a casual user won't know that.
>
> I thought the purpose of NT was to protect the workstation from being
> manipulated either from the user of that workstation or from an outside
> source. Isn't that why you have an administrator login versus a login for
> a user?
>
> Is Linux or Unix vulnerable to this?
There are a couple reasons why this is a problem:
(1) Most Windows programs install assuming they are on Windows, and
don't make the extra effort necessary to move registry settings and
start menu entries to each user on a system. Because of this, most NT
users run with a dangerous level of privileges to install and use
standard Windows software.
(2) Most Windows programs are written assuming they will have full
access to the system on which they are running.
Given these problems, a user in NT is more likely to be running in a
mode where a dangerous program, like the one described, is in an
environment to do the damage it was intended to do.
Under UNIX and Linux, it is fairly difficult to give your user account
root privileges and there is no need for it. UNUX/Linux programs are
written with the supervisor/user model, so there is no advantage to
installing software as yourself.
Can it happen that a program is sent to a Linux box, it is saved and run
as su? Of course it can. Is it likely, no.
Can it happen on NT? it is likely because the environment promotes
insecure behavior from its users.
--
http://www.mohawksoft.com
------------------------------
From: "Chad C. Mulligan" <[EMAIL PROTECTED]>
Crossposted-To:
alt.destroy.microsoft,comp.os.ms-windows.advocacy,comp.os.ms-windows.nt.advocacy
Subject: Re: The Sixth Sense
Date: Sat, 23 Dec 2000 21:16:33 GMT
"T. Max Devlin" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Said Chad C. Mulligan in alt.destroy.microsoft on Thu, 21 Dec 2000
> >"T. Max Devlin" <[EMAIL PROTECTED]> wrote in message
> >news:[EMAIL PROTECTED]...
> >> Said Chad C. Mulligan in alt.destroy.microsoft on Fri, 01 Dec 2000
<trimmed>
> >>
> >
> >Nope, it is a sign that a quickie port of software without consideration
of
> >the target platform is doomed to fail.
>
> Yes, that is another reason Windows is monopoly crapware. The only
> platform where the most powerful and successful workgroup product gets a
> quickie port, because Windows, while being the largest installed base,
> is the least standard and rational.
>
So now it is Microsoft's fault that Lotus developers didn't bother to look
at the platform. BTW you are overstating both the power and sucess of Notes,
it is buggy and unstable crap on any platform even OS2 where it was
developed.
> --
> T. Max Devlin
> *** The best way to convince another is
> to state your case moderately and
> accurately. - Benjamin Franklin ***
>
> Sign the petition and keep Deja's archive alive!
> http://www2.PetitionOnline.com/dejanews/petition.html
------------------------------
From: "Chad C. Mulligan" <[EMAIL PROTECTED]>
Crossposted-To:
alt.destroy.microsoft,comp.os.ms-windows.advocacy,comp.os.ms-windows.nt.advocacy
Subject: Re: The Sixth Sense
Date: Sat, 23 Dec 2000 21:17:57 GMT
"T. Max Devlin" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Said Chad C. Mulligan in alt.destroy.microsoft on Thu, 21 Dec 2000
> >"T. Max Devlin" <[EMAIL PROTECTED]> wrote in message
> >news:[EMAIL PROTECTED]...
> >> Said Chad C. Mulligan in alt.destroy.microsoft on Fri, 01 Dec 2000
> >> >"T. Max Devlin" <[EMAIL PROTECTED]> wrote in message
> >> [...]
> >> >I'd think the developer is required to write his application correctly
to
> >> >the target platform.
> >>
> >> I think that's because you presume, incorrectly, that software
> >> development is an academic pursuit. Currently, writing software is a
> >> commercial venture. Which means the developer has what requirements
the
> >> *customer* places on them, entirely independent and unrelated to the
> >> arbitrary and entirely unimportant suggestions that the platform
> >> developer might have for how the API is most "correctly" used.
> >>
> >
> >A developer with that attitude won't stay in business long, they'll soon
> >join the ranks of open sores.
>
> You are correct; it is not possible to compete with anti-competitive
> behavior. In the current, disfunctional, software markets, an honest
> and talented programmer has less of a chance of staying in business then
> a thief and a liar. Yet another reason Windows is monopoly crapware.
>
You are right but for the wrong reason. I am correct that poor programming
makes it difficult for a software company to stay in business. This
monopoly argument is annoying repetitive and self-delusional.
> --
> T. Max Devlin
> *** The best way to convince another is
> to state your case moderately and
> accurately. - Benjamin Franklin ***
>
> Sign the petition and keep Deja's archive alive!
> http://www2.PetitionOnline.com/dejanews/petition.html
------------------------------
From: "Chad C. Mulligan" <[EMAIL PROTECTED]>
Crossposted-To: comp.os.ms-windows.advocacy,comp.os.ms-windows.nt.advocacy
Subject: Re: Conclusion
Date: Sat, 23 Dec 2000 21:20:50 GMT
"sfcybear" <[EMAIL PROTECTED]> wrote in message
news:922u16$hpp$[EMAIL PROTECTED]...
> Right chad. And you still have NO proof to show that the numbers are
> wrong. The only thing you can say is that the netcraft numbers don't
> come from the computers *you* think they should. YOu and the winvocates
> here have NEVER shown that the numbers are NOT From W2K boxes and that
> they are not accurate. Even Erics statement of how it works states
> basicly the same. All of which is CLEARLY documented on the Webcraft
> page. From all the actual evidance (real, not your claims) shows that
> the numbers are indeed from W2K boxes and are indeed accurate.
>
So how do you gain anonymous administrator access to secured performance
metrics?
> 2 sources claim the same thing you despite your persistand claims that
> they are worng, neither have been PROVEN to be giving false information.
> Yes, Netcraft does not always get the numbers from the webserver proper,
> but the numbers it does get for W2K DO come from W2K and are accurate,
> even according to eric.
>
Repeating the big lie, Joe Goebbells would be proud of you.
>
> In article <VgV06.21734$[EMAIL PROTECTED]>,
> "Chad C. Mulligan" <[EMAIL PROTECTED]> wrote:
> >
> > "sfcybear" <[EMAIL PROTECTED]> wrote in message
> > news:91vpdg$967$[EMAIL PROTECTED]...
> > > In article <ZGy06.16247$[EMAIL PROTECTED]>,
> > > "Chad C. Mulligan" <[EMAIL PROTECTED]> wrote:
> > > >
> > <trimmed>
> > > > >
> > > >
> > > > And Ghost in the Machine, and several others.
> > >
> > >
> > > You are also forgetting the *Documented Fact* that WWW.UPTIMES.ORG a
> > > second METHOD of gathering stats, gives the same results. BOTH
> indicate
> > > w2K is UNSTABLE!
> > >
> >
> > Or they both cannot get the correct metrics from the machine. By
> default
> > performance metrics are only available to authenticated
> administrators.
> >
> > > Still no spacifics from *you* on how the numbers are so inacurate
> that
> > > they do can not be used to get an indication as to the stability of
> an
> > > OS that does report uptime numbers.
> > >
> > > Does netcraft relate to a singe machine? No. Does that mean that the
> > > uptime number that is returned by the responding machine is wrong?
> NO.
> >
> > Actually yes. If the machine the data is requested of isn't the one
> > responding the netcraft numbers are reporting the wrong machine.
> Wrong in
> > any instance is still wrong.
> >
> > > Does that make the uptime *average* wrong? not in the way that
> Netcraft
> > > defines what the stat means. Does Uptimes relate to a sinlge
> machine?
> > > YES. Does Uptimes indicate that W2K is unstable as well? YES! 2
> > > different methods, same result. But you seem to ingnore that. Or is
> it a
> > > bad case of denial?
> > >
> >
> > Averaging bad data will simply give you a bad average. Are you
> familiar
> > with the GIGO principle.
> >
> > >
> > <trimmed>
> >
> >
>
>
> Sent via Deja.com
> http://www.deja.com/
------------------------------
From: "Chad C. Mulligan" <[EMAIL PROTECTED]>
Crossposted-To: comp.os.ms-windows.advocacy,comp.os.ms-windows.nt.advocacy
Subject: Re: Conclusion
Date: Sat, 23 Dec 2000 21:23:51 GMT
"sfcybear" <[EMAIL PROTECTED]> wrote in message
news:922una$iep$[EMAIL PROTECTED]...
> In article <VgV06.21734$[EMAIL PROTECTED]>,
> "Chad C. Mulligan" <[EMAIL PROTECTED]> wrote:
> >
> > "sfcybear" <[EMAIL PROTECTED]> wrote in message
> > news:91vpdg$967$[EMAIL PROTECTED]...
> > > In article <ZGy06.16247$[EMAIL PROTECTED]>,
> > > "Chad C. Mulligan" <[EMAIL PROTECTED]> wrote:
> > > >
> > <trimmed>
> > > > >
> > > >
> > > > And Ghost in the Machine, and several others.
> > >
> > >
> > > You are also forgetting the *Documented Fact* that WWW.UPTIMES.ORG a
> > > second METHOD of gathering stats, gives the same results. BOTH
> indicate
> > > w2K is UNSTABLE!
> > >
> >
> > Or they both cannot get the correct metrics from the machine. By
> default
> > performance metrics are only available to authenticated
> administrators.
>
> Prove that the software that gets loaded for the Uptimes tracking can
> not track the actual uptime for the server it is on. After all, if it
> relied on the metrics that are available from NT, the NT boxes in the to
> 100 would not be there. They would have rolled over at 49.7 days. Just
> as the default metric on NT always does! The uptime used by Uptimes does
> not use the standard metric. and that does not make them wrong. infact
> it gets past the limitations of MS softare.
>
OK, How? In detail please. So far your arguments are repeated conjecture
even in the face of some convicing contrary and independently corroborated
(use your dictionary) evidence.
>
> >
> > > Still no spacifics from *you* on how the numbers are so inacurate
> that
> > > they do can not be used to get an indication as to the stability of
> an
> > > OS that does report uptime numbers.
> > >
> > > Does netcraft relate to a singe machine? No. Does that mean that the
> > > uptime number that is returned by the responding machine is wrong?
> NO.
> >
> > Actually yes. If the machine the data is requested of isn't the one
> > responding the netcraft numbers are reporting the wrong machine.
> Wrong in
> > any instance is still wrong.
>
> No it does no. It makes it a different machine. The uptimes and the OS
> would still be accurate for that machine even if you *think* it sould be
> gotten from another. Netcraft clearly states what happens with firewalls
> and so the numbers are accurate in the context of the deffinition of
> thoes numbers. YOu really do need to take a stats class.
>
> >
> > > Does that make the uptime *average* wrong? not in the way that
> Netcraft
> > > defines what the stat means. Does Uptimes relate to a sinlge
> machine?
> > > YES. Does Uptimes indicate that W2K is unstable as well? YES! 2
> > > different methods, same result. But you seem to ingnore that. Or is
> it a
> > > bad case of denial?
> > >
> >
> > Averaging bad data will simply give you a bad average. Are you
> familiar
> > with the GIGO principle.
> >
>
> THe data has never been proven to be bad. In fact 2 sources both show
> the same results indicating that W2K is not stable. Athough many CLAIMS
> have been made no proof has been given to prove that they are not
> accurate. Indeed, every objection has been proven false or a
> misreproesentation of what the numbers are *defined* as (read the
> netcraft FAQ to get a diffinition of what the netcraft numbers are).
>
How can the data cosidered good when a request sent to a given web server is
replied to by a router, firewall or other system in certain, quite common,
installations?
> No doccumented proof showing W2K as stable in the production world vs. 2
> sources showing W2K is NOT stable and NO documented proof showing that
> the numbers from EITHER site are wrong! Even Eric's claims match what
> Netcraft states the numbers to be (read the FAQ)
>
Empirical data is all I can give you, but since that contradicts your
desired hypothesis you don't hear.
>
> > >
> > <trimmed>
> >
> >
>
>
> Sent via Deja.com
> http://www.deja.com/
------------------------------
From: * <[EMAIL PROTECTED]>
Crossposted-To: alt.linux.sux
Subject: Re: Who LOVES Linux again?
Date: Sat, 23 Dec 2000 21:26:39 GMT
Matt Gaia wrote:
> *gets out his stupid argument gun* :)
ha. with the emphasis on stupid.
stupid.
> > > a.. Linux is NOT more stable.
> > >I love when Linux zealots claim that "Linux is sooo much more stable than
>anything Microsoft ever came out with". This used to be true. Linux had good
>stability, it was a true-32 bit OS from it's boot loader to "telinit 0". But come
>on, this claim is getting old.< <
> Old, but true, none the less
well. there's no defeating _that_ argument.
> > >And these "uptime" claims. Please. These are being posted by people running
>their Linux kernel, and a super-stripped down C shell. Really, if I was running the
>Windows command console, writing documents with "edit.com" and posting them using
>some MSDOS based usenet posting software, I'd never have to reboot either (except
>when I turn my PC off).< <
> No comment here. Only going to put the address of
> http://uptime.netcraft.com/up/today/top.avg.html
alright. i only had the patience to look at the top3 sites. but it comes as no suprise
that they have uptimes of over 3 years - none of the sites looked like they have
changed any in the last 36 months.
> > > 1.. Real computing involves running programs. LOTS of programs, loading them
>into and out from memory repeadly, over the course of a day, or two or three. It
>involves running multipul applications at once, and loading and unloading them as
>previously mentioned. Maybe, even running a video game here and there occasionaly.
>Doing all this, your invaraibly going to hit something that isn't coded perfectly,
>and is going to cause SOMETHING to go somewhere.< <
> Wow, you mean running web servers aren't really running many programs
> then. I have to get me a server like that. Oh yah, I was being
> sarcastic again, wasn't I? :)
or stupid. again. linux is the weak man of computers as far as multimedia apps are
concerned.
> > > a.. Linux is NOT Free
> Actually, yes, it is. Linux source code can be freely distributed.
>
> > > 2.. The "Image Files" require a CD writing device. That is a commodity, not a
>typical component. Most people DON'T own a CD writing device.< <
> Get any computer built in the last 1 1/2 years, and it probably will.
> If it doesn't, fork out about $150 and get one.
one hundred-fifty dollars eh? wow. you are sooo smart!
> > > 4.. Distributions are not "updated". They are being replaced. RedHat Linux
>6.1 has been suceeded by RedHat Linux 6.2, and now 7.0. The only difference between
>the products is updated componetns inside the distribution that fix idiotic security
>and stability problems. If you cannot accomidate line items "1", or "2" above, your
>only choice for updating your distro is to buy another one. If you bought a fully
>commercial package, you may be entitled to free upgrades.
> > >Item "4" above shoots a hole in the claim that "Linux can be updated for free,
>Windows can't, you have to buy another one when 'big billy' says so." Fine, so
>instead of Microsoft controlling product udpates, you have to rely on often
>anonymous, 3rd parties to maintain and fix your OS components, and then you have to
>pay the distro maker more money to obtain the latest release.< <
> Once again, *bzzzt* wrong again.
ha HA. you used 'again' two times in five words. you idiot.
> If Linux can't be upgraded for free,
> then why have I, probably along with many other people, done it?
ahh..
> Especially on web servers that don't run many programs either. :)
can you possibly manage to write a single argument without completely undermining
yourself? (see .1)
> > >XFree86 is Linux's only other X server (alternative is a commercial, unpopular
>product). Does XFree86 comes with hardware optimization for video graphics
>accelerators? Yes and No. It doesn't fully support any of the 3D technology in
>today's 3D accelerators, nothing quite even CLOSE to what Apple & Microsoft can do
>with 'em.< <
> You mean Linux will not have the drag 'n drool support that MS and Apple
> have? damn.
sorry? you obviously have not used drag+drop on a relatively modern mac. just one of
the many conventions widely used on pc's today that linux is missing.
> > >As for other operations, like general interface, XFree86 is a sugglish nightmare.
> Really, using dedicated CPU time to create, and update the display is a sluggish and
>outdated practice that went the way of the dodo when hardware accelerated procedures
>were implemented. So there goes the GUI "speed" advantage.< <
> See two responses above.
basing further arguments on obviously failable formers is still not going to make it a
stable and free os. dummy.
> > >Summary: Linux is for cheap computer programmers, who have no idea what computing
>should be like for people who don't have the time to interface with their computers
>in C.< <
> Amendment to Summary: Linux is for programmers/techies/whatever you want
> to call them who don't want to be tied down by Father Bill or forced to
> witness another BSOD.
bsod? how about os/x then?
ehh..
y'r pal -kK
------------------------------
From: Shane Phelps <[EMAIL PROTECTED]>
Crossposted-To: comp.os.ms-windows.nt.advocacy
Subject: Re: Sun Microsystems and the end of Open Source
Date: Sun, 24 Dec 2000 08:32:30 +1100
"Chad C. Mulligan" wrote:
>
> "Shane Phelps" <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]...
> >
> >
> > "Chad C. Mulligan" wrote:
> > >
[ snip ]
> >
> >
> > I'm going to call you (and other TCO claimants) on this one, Chad!
> >
> > I keep seeing lots of claims from assorted quarters that System X has
> > much lower TCO than System Y (where X and Y are arbitrary OSen, and
> > are often reversed) but the hard data never seem to surface.
> >
> > Please don't use MS's NT vs Linux pages as a reference - they were
> > derived from *old* NT vs SPARC/Solaris figures, then Linux was
> > substitied for Solaris.
> > http://www.microsoft.com/NTServer/nts/exec/Compares/LowerTCO.asp
> >
>
> Why not they are perfectly valid. And with the rising up front costs of
> Linux the TCO get's worse and worse. The extras include needing to fix a
> compiler before you can include the network stack into your recompiled
> Kernel to improve performance. IAC that old study predates the inclusion of
> WBEM into NT so the UNIX is being given an extra bonus. When does that come
> to Linux?
>
You CAN NOT possibly be serious!!!!!!!
Has anybody apart from me even *read* that BRG piece??????
It contains too little information even to be a valid comparison of
NT & Solaris, and there is no mention of Linux whatsoever.
All it says is (loosely translated)
"we surveyed 400 Solaris and NT sites.
The Solaris sites are bigger and do different things, but the NT
sites spent less money"
There is absolutely no analysis of the type of work done by the
servers, nothing about geographic dispersion, nothing about the
use of DR sites, nothing about internal network structure, nothing
about the type of clients used to gain access to the servers (esp
cost of supporting them), nothing about the uptime requirements, no
breakdown of server type, ...
It *did* include software redevelopment/maintenance, and network
upgrades (dubious inclusions at best), again with no explanation.
The only way this "study" could have been even remotely valid is
if the TCO comparisons had been broken down by classes of operation.
And even more importantly, it compares ***Solaris on SPARC****
to ***Windows on Compaq***!!!!!!!!
BRG's explanation for the lower TCO of MS over Sun almost exclusively
derives from cheaper hardware costs:
1/ Intel servers are cheaper than SPARC
2/ unit costs for software are cheaper on Intel/Windows
3/ software vendors charge more on bigger/more expensive systems
4/ MS's price-cutting for Back Office, etc forced other vendors
to follow suit.
Point 1 is equally applicable to the Intel *nixen.
Point 2 may favour MS, though a lot of commercial Unix packages
have been ported to Linux, and there are many free packages.
Point 3 would probably favour Linux over NT.
Point 4 seems to be a rehash of Point 3.
Sun has some TCO reports online as well,
http://www.sun.com/smi/Press/sunflash/2000-03/sunflash.20000302.1.html
This is fairly specific to ERP deployments. Sun, like MS, is only likely
to publish reports which favour them, so this has to be taken with a
grain of salt too.
Can you cite a *useful* independent TCO study, please?
I haven't encountered the need to fix the compiler to rebuld the kernel.
Is this one of the Red Hat 7.0 bugs, or is it one of the other
distributions?
This would actually have little effect on TCO in any case, although
it obviously increases the setup time of the first system. TCO really
only applies to larger numbers of systems (typically hundreds
or thousands), not one-offs.
The report didn't give enough detail to form any conclusions anyway,
so WBEM probably doesn't make much difference on that front. I agree
that WBEM and friends should help with W2K remote admin.
[ snip ]
> >
> > FWIW, the bulk of real world TCO is in the ongoing support, and
> > depends very heavily on stability, ease of installation and ease of
> > remote management as it scales beyond trivial numbers of users,
> > boxen and sites.
>
> And Windows 2K really advances that significantly. You should read up on
> WBEM and look into Windows remote installation services.
W2K Server certainly has improved remote management capabilities out of
the box. Terminal Services is the best thing to happen to NT in ages IMO.
sshd and rsync can ease remote management of Win32 as well, though Win32
is easier to handle through a GUI.
------------------------------
From: [EMAIL PROTECTED] (Yatima)
Crossposted-To: alt.linux.sux
Subject: Re: An Entire Day With Linux (Yukkkkk!!!)
Date: Sat, 23 Dec 2000 22:06:51 GMT
On Sat, 23 Dec 2000 05:49:31 GMT, Kyle Jacobs <[EMAIL PROTECTED]> wrote:
>This entire post is dedicated to the ideal that "Well, your not having this
>problem, so it's YOU not Linux".
No, it's not. Steve/Heather/Claire_Lynn/Swango/flatfish is a well know
troll who is sometimes pro linux and sometimes against. In addition I
didn't accuse him of fabricating these problems and did preface my post
by indicating that I use a different distro (which may account for some
of the differences in our experiences).
>Isn't this the same line you Linux zealots are consistently bashing
>Microsoft for?
I'm not a zealot and linux users are not a homogeneous group. For the
record, I've not had terrible problems with windows 98 in the past. I
don't like to use it because I find it less configurable and not as
powerful as linux. However, I still boot into windows for a gaming
session every now and again (except quake3 which I play under linux).
> Claiming that "Well, OUR Windows works just fine, so it's
>entirely you and your computer"...
Never claimed that sparky, try again.
>Gee, truth hurts.
Do some research next time.
>So does hippocrracy.
Apparently, so does a spell checker :) <-- note smiley!!!
--
yatima
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to comp.os.linux.advocacy.
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Advocacy Digest
******************************
