Linux-Advocacy Digest #429, Volume #32 Fri, 23 Feb 01 11:13:05 EST
Contents:
Re: State of linux distros (chrisv)
Re: Microsoft says Linux threatens innovation (T. Max Devlin)
Re: Are todays computers 1000 times better than the original PCs? (chrisv)
Re: Maximum Linux Magazine Is Going Out Of Business Ha Ha Ha (Donn Miller)
Re: Microsoft says Linux threatens innovation (T. Max Devlin)
Re: Whistler/.NET will Help Linux (T. Max Devlin)
Re: Linux Threat: non-existant (Peter =?ISO-8859-1?Q?K=F6hlmann?=)
Re: SSH vulnerabilities - still waiting [ was Interesting article ] (T. Max Devlin)
Re: State of linux distros (pip)
Re: SSH vulnerabilities - still waiting [ was Interesting article ] ("Seán Ó
Donnchadha")
Re: SSH vulnerabilities - still waiting [ was Interesting article ] (T. Max Devlin)
----------------------------------------------------------------------------
From: chrisv <[EMAIL PROTECTED]>
Subject: Re: State of linux distros
Date: Fri, 23 Feb 2001 15:17:17 GMT
"Reefer" <[EMAIL PROTECTED]> wrote:
>ah, but C'MON.....like i said before; this is the year 2001, and anyone
>running a 'puter with less than a PII 300 (or compatible) and 128 MB RAM in
>it, need some serious reality check, u cant wip a dead horse like that forever
Oh really? Did you ever consider that some households have more than
one computer? Like there's a machine for the children to play with
while dad downloads nu.. I mean surfs the Web? Keeping two or more
machines somewhat current can be a significant financial load.
------------------------------
From: T. Max Devlin <[EMAIL PROTECTED]>
Subject: Re: Microsoft says Linux threatens innovation
Reply-To: [EMAIL PROTECTED]
Date: Fri, 23 Feb 2001 15:18:47 GMT
Said Erik Funkenbusch in comp.os.linux.advocacy on Thu, 22 Feb 2001
>Of course not, but they do have a right to defend themselves from attack.
The only defense they are allowed against competition is competing.
Monopolizing is not an option, I'm afraid.
--
T. Max Devlin
*** The best way to convince another is
to state your case moderately and
accurately. - Benjamin Franklin ***
------------------------------
From: chrisv <[EMAIL PROTECTED]>
Subject: Re: Are todays computers 1000 times better than the original PCs?
Date: Fri, 23 Feb 2001 15:25:03 GMT
Aaron Kulkis <[EMAIL PROTECTED]> wrote:
>Yes. Microsoft Windows...the "desktop" operating system that requires
>a one-user supercomputer just to run.
What? You consider a pipelined, super-scalar CPU capable of executing
over a billion operations a second to be fast? You must be a slow.
------------------------------
Date: Fri, 23 Feb 2001 10:30:24 -0500
From: Donn Miller <[EMAIL PROTECTED]>
Subject: Re: Maximum Linux Magazine Is Going Out Of Business Ha Ha Ha
Matthew Gardiner wrote:
>
> Hear! hear! I must agree. The projected theory is becoming reality, can't
> remember the person who said it, but the conclusion was made that although in
> the short term there are ALOT of distro's, the number will decrease to a small
> number, in around 2 to three years time (depending upon market conditions,
> the main distro's left will be Redhat, SuSE, Debian and if MacMillian doesn't
> drop it, Mandrake.
What about Slackware? Don't think Slack is going anywhere anytime soon,
at least as long as P. Volkerding is willing to keep the distro going.
Slack is one of my favorite distros, and has been since 1995!
====== Posted via Newsfeeds.Com, Uncensored Usenet News ======
http://www.newsfeeds.com - The #1 Newsgroup Service in the World!
======= Over 80,000 Newsgroups = 16 Different Servers! ======
------------------------------
From: T. Max Devlin <[EMAIL PROTECTED]>
Subject: Re: Microsoft says Linux threatens innovation
Reply-To: [EMAIL PROTECTED]
Date: Fri, 23 Feb 2001 15:33:10 GMT
Said Erik Funkenbusch in comp.os.linux.advocacy on Thu, 22 Feb 2001
>"T. Max Devlin" <[EMAIL PROTECTED]> wrote in message
>news:[EMAIL PROTECTED]...
>> >This ignores the fact that MS's software has gone down in price when you
>> >factor in inflation, and the amount of software you get per dollar.
>>
>> No, it doesn't, though your statement does ignore the fact that it has
>> not gone down in price at all, nor kept up with the competition in terms
>> of the amount of functionality included with the distribution.
>
>If the numbers on the price tag stay the same, and inflation goes up. The
>dollar value has dropped, and thus the product becomes cheaper.
The dollar value has stayed the same (number on the price tag). If the
price goes down, it goes down. Otherwise, it has not gone down. The
price of Windows has not gone down.
>> >Further, you negelected to mention why OS's like BeOS and MacOS X exist if
>> >this were the case.
>>
>> There is no need to, though it might have been a decent troll guard to
>> point out that if the OS is not sufficiently substitutable for Windows,
>> MS has little reason or leverage to "strangle" it.
>
>He claims that MS inhibits innovation. Linux flies in the face of that.
I wouldn't say so. There's not very much that's all that 'innovative'
in Linux; it is very much a Unix clone.
>Linux doesn't depend on a market to grow its technology base, since the
>people that use it enhance it. Since Linux's technology has not advanced
>past the level that MS's has, and in most cases, Linux is still trying to
>catch up to Windows, that theory is bogus. If the argument were true, then
>Linux's technology would completely surpass Windows.
It has. Windows is horribly unstable and completely lacks
interoperability, compared to Linux.
Oh, you meant the GUI would be more unavoidable, is that what you meant
by "surpass"?
>> >IE would have won on it's merits, without ISP agreements.
>>
>> Then why did MS spend millions to secure such agreements?
>
>Because Netscape was doing the same thing.
Sorry; that doesn't hold water with a federal judge.
>> >They react to every situation as a life or death threat, and that isn't
>> >always necessary. Sometimes it is, but not always.
>>
>> And when it isn't, its criminal behavior, Erik. There is no 'life or
>> death'. There is competing, and there is monopolizing. If the only way
>> MS can 'stay alive' is to monopolize, then they are a criminal
>> organization. QED.
>
>No, it's not criminal behavior. I see nowhere in the Sherman Act that
>specifies that.
"It is a felony to restrain trade. It is a felony to monopolize, or
attempt to monopolize." With very little paraphrasing, this is the
entirety of the Sherman Act. That makes monopolizing a criminal
behavior.
>> >> Are you denying that Microsoft has a monopoly ? Or that monopolies
>> >> do not charge higher prices than competitors do ?
>> >
>> >Apples and Oranges.
>>
>> Is that a yes or a no, Erik?
>
>I'm saying that determining the price of a product is not so simple as just
>comparing two products, since they offer different kinds of functionality.
So you're saying that you don't understand very much at all about
anti-trust? Or just that you don't want to say "yes, I am denying it",
since it would make it too obvious that your only concern is apologizing
for the Windows monopoly?
>> >OS/2 has always been more expensive than Windows.
>> >MacOS is more expensive than windows (they charge $99 for an upgrade, while
>> >MS charges $89), Netware is more expensive than NT. Solaris, until recently
>> >was much more expensive than NT, and still is for high end systems.
>> >
>> >The only "competitors" that charge less are Be and Linux. Be offers a
>> >fraction of the functionality of Windows, so that's understandable. Linux
>> >is an enigma. Please back up this claim.
>>
>> What claim? That Windows is priced above competitive levels is a fact,
>
>Is it? Then you wouldn't mind stating what the exact competitive price
>level is. Go ahead. What's the figure?
It is not a figure. The "exact" competitive pricing level is whatever
it would cost if there were competition. This is obviously and
necessarily lower than what it would be were there not competition.
Since there is not competition (MS has more than 95% of the preload
market) the price for Windows is higher than it would be if there were
competition.
>> not a claim. It doesn't have anything to do with the snow-storm you
>> throw up whenever the subject appears, though. If you could buy Windows
>> from either MS or, say, TMax Software Inc., then would MS still be able
>> to charge the same for their Windows, presuming mine was a suitable
>> alternative that supported Win32 sufficiently to erase the application
>> barrier?
>
>That's two entirely different things. MS's competition is other OS's, not
>Windows clones. Stop pretending that lots of other OS's out there aren't
>more expensive than Windows. They are.
It makes no difference if other OSes out there are "more expensive than
Windows" (though, honestly, I know of none). The only thing that
matters is what Windows costs, and what a "Windows clone" would cost.
The fact that there are no Windows clones available is a secondary
issue. Apples and oranges, you might say.
MS's competition is any product which exposes APIs, as it might provide
a means for becoming less dependant on the monopoly Windows OS.
>> The answer is "no"; TMax Windows would drastically lower the amount that
>> MS could charge, as any other _competition_ (note the lack of quotes)
>> would. This is called 'competitive pricing', and its something MS will
>> avoid at all costs, including engaging in illegal activity.
>
>MS is already priced below the majority of their competition.
Excuse me? What beach provides such an ample amount of sand for burying
your head in?
>> >> The drama was an attempt to shock you out of your denial. Obviously
>> >> it did not work. I'll try to think of something else.
>> >
>> >Perhaps you should start by evaluating your own base assumptions. Windows
>> >is *NOT* more expensive than most of it's competitors.
>>
>> Windows is astronomically more expensive than all of its competitors.
>> If it weren't, they wouldn't need to maintain a monopoly in order to
>> keep people buying it.
>
>The monopoly is BECAUSE people buy it.
Wow. Was it just you that overturned hundreds of years of economics
dating back to Adam Smith himself? Or did Bill Gates help?
If the monopoly is because people buy it, Erik, then why does MS have to
spend so much money making deals to maintain the monopoly? Why would
"lock in" contracts (complete with Non-Disclosure Agreements) be so
necessary to Microsoft's strategy?
--
T. Max Devlin
*** The best way to convince another is
to state your case moderately and
accurately. - Benjamin Franklin ***
------------------------------
From: T. Max Devlin <[EMAIL PROTECTED]>
Subject: Re: Whistler/.NET will Help Linux
Reply-To: [EMAIL PROTECTED]
Date: Fri, 23 Feb 2001 15:48:16 GMT
Said Erik Funkenbusch in comp.os.linux.advocacy on Thu, 22 Feb 2001
[...]
>> >In fact, I stated specifically "kids" (plural) and "garages" (plural).
>>
>> So if you make your rhetoric vague enough, your argument becomes
>> irrefutable? You are the one who misunderstood, Ed's comments, Erik.
>
>Ed was responding to *MY* comment, and insinuating that I had claimed that
>it was a single garage. I didn't.
By my reading, the supposed insinuation is all in your mind, Erik.
Though it was an accurate critique of the issue; to suppose that any
number of garages could overturn a monopoly is to assume they're not
competing with one another. If they are competitors, rather than
monopolists, then it requires that a single garage be capable of
overthrowing an anti-competitive monolith without suffering in the real
competition.
You assumed that because he said that no garage could overturn a
monopoly, and then later pointed out how much progress a host of garages
can make, even while competing, that he had contradicted himself. Your
bad.
> >> The Open Source community is now millions strong, time for some
>> >> reorganization.
>> >
>> >And completely irrelevant to the thread.
>>
>> But not the comment you remarked upon, oddly enough. Whether that does
>> or does not make it relevant to "the thread" is something of an
>> epistemological argument, don't you think?
>
>The comment was in regards to my comment. I certainly have the right to
>refute it as being irrelevant to something I said.
I'm fine with that, although as I've explained, you misunderstood the
comment, is all. But you didn't say it was irrelevant to your comment;
you said it was irrelevant to the thread.
--
T. Max Devlin
*** The best way to convince another is
to state your case moderately and
accurately. - Benjamin Franklin ***
------------------------------
From: Peter =?ISO-8859-1?Q?K=F6hlmann?= <[EMAIL PROTECTED]>
Crossposted-To: comp.os.ms-windows.nt.advocacy
Subject: Re: Linux Threat: non-existant
Date: Fri, 23 Feb 2001 17:31:29 +0100
Chad Myers wrote:
>
> I really could care less about what IBM's doing because they will
> change their focus again in 6 months just like every other 6 months.
>
A true chaddyism again. First he dismissed several times the 1 billion $
from IBM as not existant (he had not heard of it etc etc). Now that he can
not any longer deny that, he "could care less".
Chad is truely the dumbest wintroll ever. Even MS-lovers must be
ashamed of company like that.
Peter
--
begin LOVE-LETTER-FOR-YOU.txt.vbs
I am a signature virus. Distribute me!
end
------------------------------
From: T. Max Devlin <[EMAIL PROTECTED]>
Subject: Re: SSH vulnerabilities - still waiting [ was Interesting article ]
Reply-To: [EMAIL PROTECTED]
Date: Fri, 23 Feb 2001 15:51:28 GMT
Said The Ghost In The Machine in comp.os.linux.advocacy on Thu, 22 Feb
[...]
>Sshd might be construed as a wrapper around /bin/login, in a weird
>sort of way. However, that's sshd, the daemon side; ssh (the client
>side) does not call telnet, nor does sshd call telnetd AFAIK.
Ultimately, this is where the issue resides. The sshd has the same
relationship with /bin/login as telnetd did, making most uses of ssh a
complete and precise substitute (plus encryption) for a telnet session.
The funny part is how Chad is going nuts trying to say how "limited" or
"archaic" a remote CLI terminal methodology is, and absolutely nobody is
taking the bait! ;-)
--
T. Max Devlin
*** The best way to convince another is
to state your case moderately and
accurately. - Benjamin Franklin ***
------------------------------
From: pip <[EMAIL PROTECTED]>
Subject: Re: State of linux distros
Date: Fri, 23 Feb 2001 15:53:25 +0000
Reefer wrote:
>
> > Oh in that case, I'll set Win2k up as a mail server on a 486...oh hold
> > on, that won't work will it? Maybe Linux lives on after all...
> > --
>
> A superior OS like Win2k wants to have SOMETHING to work with, not some
> leftover hw from your childhood...
If it is a "superior" os - let me ask you this:
If you have a faulty RAM chip, would windows be able to map around
the bad addresses so that you can continue to use it?
Just one example...
------------------------------
From: "Seán Ó Donnchadha" <[EMAIL PROTECTED]>
Crossposted-To: comp.os.ms-windows.nt.advocacy,comp.security.ssh
Subject: Re: SSH vulnerabilities - still waiting [ was Interesting article ]
Date: Fri, 23 Feb 2001 10:59:56 -0500
"Peter da Silva" <[EMAIL PROTECTED]>
> > >
> > > The UNIX scheme is encoded in the installers, the library builders,
the
> > > loaders, the documentation at every level. The Windows scheme is "just
> > > common sense".
> >
> > The renaming is common sense. The checking of the VS_VERSION_INFO
resource
> > is built into the OS and all the tools.
>
> But the renaming isn't.
>
I suppose it depends on the programmer, but unfortunately bad ones are
everywhere. If it's not obvious to a programmer that an incompatible library
update should be renamed under Windows, then it won't be obvious to him when
he changes jobs and starts developing for Linux. My point is that the
hardest part of doing the right thing on either platform is not the
following of conventions, but the compatibility testing. Unix makes that no
easier than Windows, and without perfect compatibility testing (which is
often impossible), neither OS guarantees success. Therefore, saying that
Unix has somehow solved this problem is ridiculous.
> >
> > Still, neither OS does anything to force anyone to do the right thing.
>
> You can ignore the OS on anything.
>
Not with things like filesystem permissions. The OS enforces those. That's
my whole point; If the OS doesn't enforce the right thing, it has not solved
the problem. In the case of perfect library versioning, it is simply
impossible for the OS to enforce the right thing except by eliminating
shared libraries altogether.
>
> UNIX sufficiently stringly encourages people to do thr ight thing that
> they all do.
>
All of them? All Unix programmers have always done the right thing and they
always will? Shared library screwups have never happened, and will never
happen? Are you sure you want to make that claim, Peter?
>
>Windows doesn't expect common sense far enough even for
> Microsoft themselves to do the right thing except in rare cases.
>
Actually I find it amazing how rarely Microsoft screws up their DLL updates
given the amount of software they produce. The only problem I personally
have ever had (that I was required to diagnose properly) was with a couple
of IE betas. I bet a huge number of problems are lazily attributed to DLL
Hell that actually have nothing to do with it.
> >
> > On the contrary, he *WILL* be using the update because he loads the
library
> > through the symbolic link that represents the major version.
>
> BUT THE OLD LIBRARY IS STILL THERE. The fix is automatically available on
> UNIX. On Windows there isn't even a record that the library version has
> changed.
>
Now hold on there. A minute ago you were saying that programs would continue
to use the old library. Are you now saying otherwise? Are we making
progress? :-)
You do have a point here. Because the old library isn't overwritten, Unix
makes it easier to go back to it (just redirect the symbolic link). But
think about it for a minute. You've got hundreds of shared libraries on your
system. You just installed an application that uses a bunch of them.
Actually, no, let's say you're a typical Web-happy power user who tries out
a dozen new software packages (many of them betas) every week. All of a
sudden you notice that something you installed a few months ago has stopped
working. How much investigative work do you think it'll take for you to
figure out exactly what library updates over the last few months caused that
application to break? Would it be worth it? After all, even if you could
pinpoint the exact source of the problem, you have no clue what other things
will break as soon as you change that symbolic link. It's a mess.
Now think about how useful this "Unix advantage" is to someone who doesn't
know a shared library from a public library.
> > >
> > > Joe Q. Public calls tech support, tech support tells them to download
the
> > > script (above).
> >
> > Again, this would work under Windows as well.
>
> Except it doesn't happen.
>
Do you honestly expect a tech support guy for a company with Microsoft's
user base to write custom shell scripts while 10 other people are on hold in
his phone queue? Try to be serious, Peter.
>
> And, according to you, tech support lied to me about it, and told me that
> what I wanted to do was impossible, because it would force all other apps
> to load the wrong version.
>
It probably wasn't deliberate, but yes, they gave you the wrong information.
I'd be pissed too.
> >
> > Who is the applet going to spam if it doesn't have an address book to
scrub?
>
> Why would the applet care about scrubbing your address book? It's got 1000
> domains and a 30,000 name dictionary to send messages at. Spammers do
> dictionary attacks through compromised machines and proxies all the time,
> they don't care if the messages fail, it's not their CPU time and
bandwidth
> they're using.
>
> > How is it going to damage LAN resources if it has no LAN identity?
>
> There are pages and pages of DOS and compromise attacks that can be
performed
> against local systems with nothing more than TCP/IP access. Check out
> securityfocus.com.
>
Interesting. I don't doubt anything you say here. Like I said, I'm not an
expert in this kind of thing. Still, wouldn't you agree that the best way to
deal with it is to fortify the OS rather than invent a new virtual one to
run on top of it (a-la the Java applet sandbox)? We seem to have reached a
partial agreement here. A protected, quota-enabled OS like WinNT/2K already
eliminates any risk of damage to the machine itself, and the only thing left
to worry about is a downloaded component's use of the machine as a relay for
attacking some other machine. It doesn't seem like it would be that
difficult to implement OS-level policies to prevent that as well. Or do you
still think that ActiveX and other native plugin technologies are
"fundamentally flawed"?
> >
> > What
> > programs will it load and run if it's blocked by the OS at the
filesystem
> > level?
>
> It doesn't need to load them from the local disk. It can allocate memory,
> load over the network, and jump into it... doing a "bufer overflow" attack
> from the inside.
>
I don't understand this. If the host process has sufficiently limited
privileges, what would be gained by overflowing a buffer?
> >
> > I launch IE from a shortcut whose target is "runas
/user:[hostname]\guest
> > iexplore".
>
> And none of the interfaces by which IE integrates with the desktop are
> available to this program? Active Desktop modifies all sorts of attributes
> in your environment... there's absolutely no possibility that it couldn't
> (for example) insert a hook into your desktop that lets it run code under
your
> ID when you (for example) click on an Icon? Don't answer right away, think
> about how you'd do it if you had to. Think like an aggressor for a while.
>
The IE process I use for Web browsing is totally separate from the IE
process that handles my desktop. They're different processes, so they can't
touch each other. Furthermore, they run under different user accounts. The
guest account simply has no access to any part of my regular user profile.
------------------------------
From: T. Max Devlin <[EMAIL PROTECTED]>
Crossposted-To: comp.os.ms-windows.nt.advocacy,comp.security.ssh
Subject: Re: SSH vulnerabilities - still waiting [ was Interesting article ]
Reply-To: [EMAIL PROTECTED]
Date: Fri, 23 Feb 2001 16:06:09 GMT
Said Seán Ó Donnchadha in comp.os.linux.advocacy on Thu, 22 Feb 2001
>"Peter da Silva" <[EMAIL PROTECTED]>
[...]
Despite your squirming, Sean, there is simply no way that Windows can
have two versions of the same library available simultaneously. This is
the subtle but key point which this discussion revolves around.
>> In practice, there are two significant differences here:
>>
>> 1. There is a formal naming convention that all libraries and files follow.
>
>How is anyone forced to follow the convention?
A desire for interoperability. Common and mandatory in all software
producers save monopolists.
>> 2. The library is identified by the file it was loaded from, not the file name,
>> so a program with special requirements can be accomodated with a special
>> version of the library.
>
>Huh? That's how Windows works as well! Wait a minute, didn't you know that?
This is the same subtle point I raised before: Pete's comment described
how Unix is able to support two versions of the same library
simultaneously. While the equivalent way which Windows "works" results
in the exact opposite; Windows cannot have two versions of the same
library available, EVEN IF THE FILENAMES ARE DIFFERENT.
[...]
>> No, I'm stating that the shared library mechanism used by Windows makes it
>> impossible to correct such situations except by running a back-version OS,
>> and refusing to install any software that requires a more up-to-date library,
>> whereas other shared library mechanisms don't have that fundamental design
>> flaw.
>
>Now I'm certain that you're confused about how Win32 DLLs work. Are you sure
>you aren't thinking of Win16, because it's sounding more and more like you
>are.
How so?
[...]
>No, and I've already acknowledged that. But the ActiveX component can'd
>damage the computer it's running on, nor does it have an address book to
>scrub for spam purposes.
How is this supposed to illustrate how ActiveX is not chock full of
vulnerabilities waiting to be exploited? Do you find that drastically
limiting your use of Microsoft components in other situations is also
the only method you have of maintaining control?
[...]
--
T. Max Devlin
*** The best way to convince another is
to state your case moderately and
accurately. - Benjamin Franklin ***
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to comp.os.linux.advocacy.
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Advocacy Digest
******************************
