Linux-Advocacy Digest #321, Volume #32 Mon, 19 Feb 01 14:13:03 EST
Contents:
Re: SSH vulnerabilities - still waiting [ was Interesting article ] ("Chad Myers")
Re: SSH vulnerabilities - still waiting [ was Interesting article ] ("Chad Myers")
Re: Interesting article ("Chad Myers")
Re: The Windows guy. (Aaron Kulkis)
Re: Information wants to be free, Revisited (Aaron Kulkis)
Re: Information wants to be free, Revisited ("Karel Jansens")
Re: Information wants to be free, Revisited ("Karel Jansens")
Re: Information wants to be free, Revisited ("Karel Jansens")
Re: Which Linux? ("Karel Jansens")
Re: .NET is plain .NUTS ("Karel Jansens")
Re: .NET is plain .NUTS ("Karel Jansens")
Linux web pads? ("Karel Jansens")
----------------------------------------------------------------------------
Reply-To: "Chad Myers" <[EMAIL PROTECTED]>
From: "Chad Myers" <[EMAIL PROTECTED]>
Crossposted-To: comp.os.ms-windows.nt.advocacy,comp.security.ssh
Subject: Re: SSH vulnerabilities - still waiting [ was Interesting article ]
Date: Mon, 19 Feb 2001 18:21:52 GMT
"Markus Friedl" <[EMAIL PROTECTED]> wrote in message
news:96rit1$ne3$[EMAIL PROTECTED]...
> In <ox9k6.55423$[EMAIL PROTECTED]> "Chad Myers"
<[EMAIL PROTECTED]> writes:
>
> >It's still just telnet, but it's encrypted. You're still just telneting
> >through a "secure" tunnel.
>
> it's not TELNET, it's a different protocol. do your homework.
> there is no DO and not DONT, there is no WILL and no WONT.
>
> it's just TELNET? as opposed to what?
It may be an encrypted protocol, but in the end, there is a telnet-like
session, it's essentially telnet. There's nothing you can do with SSH
that you couldn't do with telnet and vice versa. The different is in the
implementation, but it's still terminal emulation over the internet in
the end. I really don't see the difference at the end points. So, it's
updated a little for the 90's (and not very well, I might add), but
in the end, I'm still looking at a shell prompt.
>
> >However, given the numerous exploits and vulnerabilities available for
> >SSH in just the month of February this year, perhaps they should start
> >calling it "Not so secure shell" NSSSH.
>
> no single pointer to a single exploit in all your postings.
So you just easily dismiss all these vulnerabilities simply because no
exploit has been written for them (THAT WE KNOW OF)?
What about all the ones from last year? The ones I mentioned were just
THIS MONTH alone!!
> please stop lying to the poeple.
NO, you please stop lying. You're falsely advertising SSH as secure,
when, in fact, it's not. There are numerous bugs and vulnerabilities.
According to Theo himself, SSH1 is broken, and many hosts still run
SSH1. It's not secure according to the creator!
> >There are numerous exploits and attacks on the encryption of SSH1,
> >and there are beginning to be numerous ones for SSH2 as well.
>
> oh, you are a troll. i'm sorry. i'm sorry for replying to your postings.
Troll? Your definition of a troll is someone who presents facts and questions
conventional (wrong) wisdom? SSH is not secure as demonstrated.
Why do not answer these claims? You dismiss them out of hand, but do not
answer the general problem.
-Chad
------------------------------
Reply-To: "Chad Myers" <[EMAIL PROTECTED]>
From: "Chad Myers" <[EMAIL PROTECTED]>
Crossposted-To: comp.os.ms-windows.nt.advocacy,comp.security.ssh
Subject: Re: SSH vulnerabilities - still waiting [ was Interesting article ]
Date: Mon, 19 Feb 2001 18:23:33 GMT
"Markus Friedl" <[EMAIL PROTECTED]> wrote in message
news:96rils$nbm$[EMAIL PROTECTED]...
> In <Ry9k6.55424$[EMAIL PROTECTED]> "Chad Myers"
<[EMAIL PROTECTED]> writes:
>
> >Really, how do you answer to all these exploits and vulnerabilities?
>
> could you please name every single 'exploits' you are talking about?
>
> could you please name every single 'vulnerabilities' you are talking about?
I already have. I just listed the few that have occurred from THIS MONTH alone.
It would take too long to list them all. Search SecurityFocus.com (bugtraq).
> otherwise it's impossible to take your claims for serious.
Maybe for you. When presented with facts, you just dismiss them because
it's to scary?
>
>
> >Perhaps you should start calling it Not so secure shell (NSSSH).
>
> perhaps you should stop spreading FUD.
It's the truth, whether or not you want to believe it. The fact is,
there are several vulnerabilities in SSH and you refuse to admit it.
-Chad
------------------------------
Reply-To: "Chad Myers" <[EMAIL PROTECTED]>
From: "Chad Myers" <[EMAIL PROTECTED]>
Crossposted-To:
alt.destroy.microsoft,comp.os.ms-windows.advocacy,comp.os.ms-windows.nt.advocacy
Subject: Re: Interesting article
Date: Mon, 19 Feb 2001 18:24:56 GMT
"Roy.Culley" <[EMAIL PROTECTED]> wrote in message
news:phlr69.9oo.ln@gd2zzx...
> In article <[EMAIL PROTECTED]>,
> Chris Ahlstrom <[EMAIL PROTECTED]> wrote:
> >
> > Chad Myers wrote:
> >>
> >> As for remoting Windows desktops in your organization, Terminal Services
> >> and NetMeeting's Remote Desktop Sharing are much better.
> >
> > Can someone ask him in what way?
>
> I think this sums up netmeeting:
http://www.shenton.org/~chris/nasa-hq/netmeeting/
We're not talking about public networks.
What problem do you guys have sticking to the focus of the thread?
It's like an epedemic!
-Chad
------------------------------
From: Aaron Kulkis <[EMAIL PROTECTED]>
Subject: Re: The Windows guy.
Date: Mon, 19 Feb 2001 13:53:27 -0500
Peter Köhlmann wrote:
>
> Aaron Kulkis wrote:
> >
> >
> > Nigel wrote:
> > >
> > > > MS-DOS..no.
> > > >
> > > > Digital Research's DR-DOS..yes.
> > > >
> > >
> > > Wasn't DR's multitasking version of dos called
> > > concurrent dos and sold separately to the single
> > > tasking standard DR-DOS?
> >
> > DR-DOS's introduction of true multi-tasking was concurrant
> > with Mafia$oft's sales of MS-DOS 3.0
> >
>
> Even if A R Kulkis repeats it several hundred times again,
> DR-DOS was not multitasking.
http://www.drdos.com/
Key Features
* 100% compatible
* DOS Year 2000 compliant
* Ability to boot DOS from ROM or FLASH
* Comprehensive DOS utility set
* Multitasking, with API for developers
* Includes 286 DPMS memory manager in addition to DPMI
* DOS TCP/IP stack Stacker disk compression
* NWCACHE - disk caching program
* EMM386 memory manager
* DOS Protected Mode Services (DPMS)
* Multitasking
* DR-DOS provides a full multitasking environment on
Pentium, 486, or 386-based hardware. This is built into the
memory management extensions provided in the operating
system, and is accessible for standard un-aware
applications when using the Task manager (Taskmgr) utility.
* Programs however can have direct access to create
separate threads etc, via the extended Application
* Programming Interface.
* DPMS - A memory manager that works on 286-based PCs,
allowing device drivers to reside outside of the regular DOS
application area. Drivers or Terminate stay-resident
applications can thereby avoid using valuable application
memory.
* ROM tools
Here, we find documentation that DR-DOS 5.0 had multitasking (1991):
http://www.cowo.de/archiv.cfm?path=http://www.cowo.de/archiv/1991/30/9130c062.html
Mit der Übernahme von Digital Research würde Novell ein gewalow-how auf
PC-Betriebssystem-Ebene erwerben. Das Flaggschiff des kalifornischen
Softwareveteranen, das Betriebssystem DR DOS, entspricht in großen Teilen der
im Markt weitaus etablierten Microsoft-Entwicklung MS-DOS. DR DOS folgte
dem Ende der 70er Jahre führenden PC-Betriebssystems CP/M, daß von
Digital-Research-Gründer Gary Kildall entwickelt worden war. Vor allem die
aktuelle Version 5.0 von DR DOS stieß auf großes Interesse in Fachkreisen, da
mit ihr erstmals Multiuser- und Multitasking-Betrieb unter DOS ermöglicht wurde.
Darüber hinaus bietet DR DOS nach Ansicht von Experten in der
Speicherverwaltung mehr Features als die Microsoft-Variante.
>
> --
> Linux is simply a fad that has been generated by the media
> We are Borg. Resistance is futile (Borg Gates)
--
Aaron R. Kulkis
Unix Systems Engineer
DNRC Minister of all I survey
ICQ # 3056642
H: "Having found not one single carbon monoxide leak on the entire
premises, it is my belief, and Willard concurs, that the reason
you folks feel listless and disoriented is simply because
you are lazy, stupid people"
I: Loren Petrich's 2-week stubborn refusal to respond to the
challenge to describe even one philosophical difference
between himself and the communists demonstrates that, in fact,
Loren Petrich is a COMMUNIST ***hole
J: Other knee_jerk reactionaries: billh, david casey, redc1c4,
The retarded sisters: Raunchy (rauni) and Anencephielle (Enielle),
also known as old hags who've hit the wall....
A: The wise man is mocked by fools.
B: Jet Silverman plays the fool and spews out nonsense as a
method of sidetracking discussions which are headed in a
direction that she doesn't like.
C: Jet Silverman claims to have killfiled me.
D: Jet Silverman now follows me from newgroup to newsgroup
...despite (C) above.
E: Jet is not worthy of the time to compose a response until
her behavior improves.
F: Unit_4's "Kook hunt" reminds me of "Jimmy Baker's" harangues against
adultery while concurrently committing adultery with Tammy Hahn.
G: Knackos...you're a retard.
------------------------------
From: Aaron Kulkis <[EMAIL PROTECTED]>
Crossposted-To:
comp.sys.mac.advocacy,comp.sys.next.advocacy,comp.os.ms-windows.advocacy
Subject: Re: Information wants to be free, Revisited
Date: Mon, 19 Feb 2001 13:56:04 -0500
Ziya Oz wrote:
>
> Nick Condon wrote:
>
> >> If he did indeed embellished it substantially, well, that's the price of
> >> progress. Both in theory and historical fact, especially in art.
> >
> > It only progress in software if he shares the source code with us.
> > Otherwise its just a black-box.
>
> The overwhelming majority of software/application/GUI innovations
^^^^^^^^^^^
You misspelled "problems"
> have come from proprietary sources.
>
> If the GLP zealots were as obsessed about the innovation in their apps as
> they are about the legal ramifications, we'd be all better off.
>
> ****
> Ziya
--
Aaron R. Kulkis
Unix Systems Engineer
DNRC Minister of all I survey
ICQ # 3056642
H: "Having found not one single carbon monoxide leak on the entire
premises, it is my belief, and Willard concurs, that the reason
you folks feel listless and disoriented is simply because
you are lazy, stupid people"
I: Loren Petrich's 2-week stubborn refusal to respond to the
challenge to describe even one philosophical difference
between himself and the communists demonstrates that, in fact,
Loren Petrich is a COMMUNIST ***hole
J: Other knee_jerk reactionaries: billh, david casey, redc1c4,
The retarded sisters: Raunchy (rauni) and Anencephielle (Enielle),
also known as old hags who've hit the wall....
A: The wise man is mocked by fools.
B: Jet Silverman plays the fool and spews out nonsense as a
method of sidetracking discussions which are headed in a
direction that she doesn't like.
C: Jet Silverman claims to have killfiled me.
D: Jet Silverman now follows me from newgroup to newsgroup
...despite (C) above.
E: Jet is not worthy of the time to compose a response until
her behavior improves.
F: Unit_4's "Kook hunt" reminds me of "Jimmy Baker's" harangues against
adultery while concurrently committing adultery with Tammy Hahn.
G: Knackos...you're a retard.
------------------------------
From: "Karel Jansens" <[EMAIL PROTECTED]>
Crossposted-To:
comp.sys.mac.advocacy,comp.sys.next.advocacy,comp.os.ms-windows.advocacy
Subject: Re: Information wants to be free, Revisited
Date: Mon, 19 Feb 2001 20:03:15 -0100
In article <[EMAIL PROTECTED]>,
"pip" <[EMAIL PROTECTED]> wrote:
> Karel Jansens wrote:
>> > Your turn. (Extra Credit - name 2 Microsoft innovations.)
>> >
>>
>> Only going for the extra credit:
>>
>> 2. Make people rent software.
>
> Nah- IBM was on to that one long ago...
I suppose you're talking about the Big Iron boxes, because what I've seen
from Big Blue's behaviour on the PC scene (OS/2), they were more than
generous - in their heyday of course.
--
Regards,
Karel Jansens
==============================
"Go go gadget linux." Zoomm!
==============================
------------------------------
From: "Karel Jansens" <[EMAIL PROTECTED]>
Crossposted-To:
comp.sys.mac.advocacy,comp.sys.next.advocacy,comp.os.ms-windows.advocacy
Subject: Re: Information wants to be free, Revisited
Date: Mon, 19 Feb 2001 20:03:15 -0100
In article <[EMAIL PROTECTED]>,
"pip" <[EMAIL PROTECTED]> wrote:
>
> Ohhhh, actually I have one:
>
> Menu items that don't show up: in MS-office 2000 if you click on the
> menu's - you (wait for it) don't see all the menu items! Yes - it is
> true - you have to physically move your mouse cursor down the menu -
> indicating that you'd like to "reveal" all the menu options.
>
> Obviously the programmers knew it was brain-dead as they have added the
> option to disable this default annoyance.
>
> Now if that is not an innovation - what is?
No, that's been done as well. I definitely remember a wordprocessor (Ami
Pro, DeScribe?) which had the ability to show 'simplified' menus for
really dumb users.
Oh wait! I just remembered: GeoWorks Ensemble! That one had _three_
levels of menus: everything, 'dumb user level' and 'former Windows user'.
It's bloody difficult to find _anything_ Microsoft invented, even
including the stupid or evil stuff.
--
Regards,
Karel Jansens
==============================
"Go go gadget linux." Zoomm!
==============================
------------------------------
From: "Karel Jansens" <[EMAIL PROTECTED]>
Crossposted-To:
comp.sys.mac.advocacy,comp.sys.next.advocacy,comp.os.ms-windows.advocacy
Subject: Re: Information wants to be free, Revisited
Date: Mon, 19 Feb 2001 20:03:18 -0100
In article <[EMAIL PROTECTED]>, "Donal K. Fellows"
<[EMAIL PROTECTED]> wrote:
> Karel Jansens wrote:
>> "Nick Condon" <[EMAIL PROTECTED]> wrote:
>>> Your turn. (Extra Credit - name 2 Microsoft innovations.)
>>
>> Only going for the extra credit:
>>
>> 1. Ask money for bugfixes (i.e. every Windows release since resp.
>> Windows
>> 3.0 and Windows 95)
>> 2. Make people rent software.
>
> I believe that other people have tried doing those first.
>
Well, I give up then. I sure as heck couldn't find anything _good_ they
invented and now it seems that even as Evil Schemes <TM> go, they're
copying as well.
--
Regards,
Karel Jansens
==============================
"Go go gadget linux." Zoomm!
==============================
------------------------------
From: "Karel Jansens" <[EMAIL PROTECTED]>
Subject: Re: Which Linux?
Date: Mon, 19 Feb 2001 20:03:21 -0100
In article <96riu4$pec$[EMAIL PROTECTED]>, "Edward Rosten" <[EMAIL PROTECTED]>
wrote:
>> I'm interested to learn a few more things about this Monkey Linux:
>>
>> What kernel is it based on?
>
> 2.0.x (.3 I hink)
>
>> The info says it runs on a UMSDOS "partition". Not knowing much about
>
> Esentially, UMSDOS mungs the file names in some way to fit them in to
> 8.3 files. There is also a lookup file in the directory which contains
> information such as perms and the real file name and nodes or pipes.
> This file is not visible to anything except the kernel once Linux is
> loaded, but it is an ordinary DOS file. If a directory does not have
> this file, it will behave like a directory mounted on a plain FAT
> system.
>
> It's a it slower than FAT, but works much better than MS' solution
> (fat32).
>
>
>> this: if your DOS runs from a PCMCIA flash card, will Monkey Linux
>> automatically recognise it, or do I need to find drivers for the card?
>
> I have no idea at all. You could certainly install it, because it
> installs from DOS. I suggest you get the disks and try. Since it's so
> small, it doesn't take very long.
>
>> The reason I'm asking is this: I happen to own an old Omnibook 425,
>> which regular linux will not install on. This Monkey business seems to
>> be the ticket, I hope.
>
> Good luck.
>
Thanks, I'll give it a shot.
Thing is, I can't just wipe the cards and go ahead, because I use the
Omnibook as a portable archive for the society I'm secretary of (it's
very handy that way: runs forever on a battery charge, is dead quiet and
flash is - next to gold CD-ROMs - one of the safest ways for storing
information).
--
Regards,
Karel Jansens
==============================
"Go go gadget linux." Zoomm!
==============================
------------------------------
From: "Karel Jansens" <[EMAIL PROTECTED]>
Subject: Re: .NET is plain .NUTS
Date: Mon, 19 Feb 2001 20:03:51 -0100
In article <96ra3q$ik4$[EMAIL PROTECTED]>, "Edward Rosten" <[EMAIL PROTECTED]>
wrote:
> In article <[EMAIL PROTECTED]>, "Karel
> Jansens" <[EMAIL PROTECTED]> wrote:
>
>> Re-installing linux? Why would anybody want to do that?
>
> Dead hard disk?
>
Linux-powered hard disks do not die!
Methinks it's big <G> time (forgot it in my first post).
--
Regards,
Karel Jansens
==============================
"Go go gadget linux." Zoomm!
==============================
------------------------------
From: "Karel Jansens" <[EMAIL PROTECTED]>
Subject: Re: .NET is plain .NUTS
Date: Mon, 19 Feb 2001 20:03:53 -0100
In article <[EMAIL PROTECTED]>, "Charlie Ebert"
<[EMAIL PROTECTED]> wrote:
> Here are some classic reasons I've had to re-install Debian.
>
> #1. OG&E and a 100,000,000 volt lightning bolt.
> #2. Dead Hard Disk.
> #3. Dead Hard Disk Controller/ Mother Board.
> #4. Iced Tea/ Coffee/ Dog pee.
> #5. Daughters playing socker in house. Also closely related to #2.
>
>
> That's 5 verified reasons you need both a Backup and a CD image.
>
Replace family and reboot. <G>
--
Regards,
Karel Jansens
==============================
"Go go gadget linux." Zoomm!
==============================
------------------------------
From: "Karel Jansens" <[EMAIL PROTECTED]>
Subject: Linux web pads?
Date: Mon, 19 Feb 2001 20:04:00 -0100
Recently, I keep coming across articles praising a 'revolutionary new way
of computing' (or something along those lines anyway), referring to those
nifty 'web pads', A4-sized flat touch-screens that allow users to access
the web away from their computer (although most of them seem to be limited
to around 10 m, which sounds like they're developed for closets rather
than homes). They've been popping up in several magazines, but the only
one I've got at hand is on page 37 of the february 2001 issue of Popular
Science.
The articles usually boast about how the pads need 'only' a Pentium III to
run Windows-Whatever (this was not mentioned in PS) for about 1.5 hours.
This set me thinking: Could this not be the killer app linux might need?
The X-Windows protocols, coupled with a wireless LAN (most households
would initially only need two adapters: one for the desktop and one on the
pad) seem to be a much more intuitive solution for this than a cumbersome
Windows setup. All the more since linux-powered webpads would need to be
nothing more than simple (ahum!) X-terminals.
Wouldn't this look nice for the Home of the Future: the desktop is a very
beefy machine, linked to the Net via cable or ADSL, but without screen,
keyboard, sound- or graphics card (saving all that money for RAM and
storage!), and every member of the household has her/his own pad, hooked
up to the home server via wireless LAN, ready to run whatever app they
have installed on the server.
I bet it would look real nice on the company floor too...
--
Regards,
Karel Jansens
==============================
"Go go gadget linux." Zoomm!
==============================
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to comp.os.linux.advocacy.
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Advocacy Digest
******************************
