Linux-Development-Sys Digest #775, Volume #7 Sun, 16 Apr 00 00:13:12 EDT
Contents:
Re: MS caught breaking web sites ("Brian D. Smith")
Trouble installing GNU C from Red Hat 6.0 CD (Jason)
Disabing cache... (Badrinath Venkatachari)
Re: Disabing cache... (Frank Sweetser)
Re: 16-Bit C compiler that can deal properly with bit fields ("Mark Graybill")
Re: MS caught breaking web sites ("Mark Graybill")
Re: MICROSOFT IT THRU! MICROSOFT IS THRU! (Charlie Ebert)
Re: MICROSOFT IT THRU! MICROSOFT IS THRU! ("Mark Graybill")
Re: MS caught breaking web sites ("Mark Graybill")
----------------------------------------------------------------------------
From: "Brian D. Smith" <[EMAIL PROTECTED]>
Crossposted-To:
comp.os.linux.advocacy,comp.os.ms-windows.advocacy,comp.os.ms-windows.nt.advocacy,comp.os.linux.networking,comp.os.linux.security,comp.os.ms-windows.networking.tcp-ip,alt.conspiracy.area51
Subject: Re: MS caught breaking web sites
Date: Sun, 16 Apr 2000 02:38:55 GMT
=====BEGIN PGP SIGNED MESSAGE=====
Hash: SHA1
Well, we could debate the real threat from the alleged back door ad
infinitum. However, that misses the true point here: That with
closed source, it is possible that there is something in the code that
you don't want there. Something that would be quickly identified and
remove from open source.
In this case, Microsoft programmers put something in the code that MS
execs say they should have. Even if this does not turn out to be the
back door it was originally reported to be, it's still a weakness of
closed, proprietary source and a black eye for Microsoft.
Brian Smith
[EMAIL PROTECTED]
Robert Moir wrote:
>
> "wisdom" <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]...
> > WELL WELL WELL!
> >
> > For all of you butt-bumping suckbuddies of Mr. Bill who have
> > been assuring us that there are no network "backdoors" in
> > Windows you, along with your evil master, are fucked now.
> >
> > Microsoft just acknowledged (see attached CBS article) that they
> > installed secret code in Windows to sabotage webservers
> > by allowing "backdoor" unsecured logins for hackers. The
> > code was apparently intended to be used against Netscape
> > based on embedded comments in the file.
>
> Hey Fudster, seen this?
> taken from NT bugtraq
>
> Latest reports say that there is
> NO VULNERABILITY IN DVWSSR.DLL
> Yup, that's right, different again from what I said earlier, and
even more
> different than what I said yesterday to WSJ.
> Please accept that I have followed the story published elsewhere and
tried
> to keep you abreast of everything I knew. Also appreciate that the
amount of
> time given to verify and research the claims made by others has been
> extremely short. I've had probably 30 interviews today by orgs
pressing for
> information on the story as the feeding frenzy occurs after the
first one
> goes to press (WSJ in this case).
> MS have had people working on this thing like madmen, trying to
verify the
> claims and investigate all of the possible pieces of code that may
be
> affected. As that research progressed, different observations were
made and
> so the story came out in various stages (with varying levels of
> "correctness"). Had they been given a reasonable amount of time to
respond,
> nobody would have been in a tizzy about anything (i.e. the press
would not
> have cared to run this story anywhere).
> Decide for yourself whether we were better served by (more)
immediate
> disclosure or not. I've stood where I stand for a reason, despite
the
> loathing of others for my stance...
> In the end, it turns out that unless you actually have permissions
for the
> file you are requesting, you'll get an error message when you follow
the
> procedures outlined by RFP in his RFP2K02 advisory.
> That said, understand that sites that allow connections by Front
Page may
> very well provide you with source asp if you request it. BUT THAT
WILL
> HAPPEN with or without the .dll. Without proper and full permissions
applied
> across virtual servers on a given box, site leakage or manipulation
by
> others will always be possible in myriad ways.
> From what I've heard/seen/been told, permissions on the test servers
must
> have either been non-existent, incorrectly applied, or permissioned
the user
> across multiple virtual sites (i.e. incorrectly applied).
> I had someone claim that they could get into an FP98 site using
> "Netscapeengineersareweenies!" as a userID and no password...making
them
> think it was a backdoor userID. Fact is they could get into the same
sites
> using "TomDickandHarry" as a userID too. If the permissions aren't
set
> correctly, anything is possible.
> This info may change again before its finalized. It may well be that
there
> is some way to use this .dll in a way that's not intended...it just
doesn't
> appear to be this one. On a box where multiple sites have not been
> individually permissions, or permissions are lax or
non-existent...anyone
> permissioned to execute the .dll in the first place would have the
ability
> to simply open the other sites and manipulate them directly (i.e. no
need to
> do this junk with the dvwssr.dll)
> Finally, to my point out the string not being a password. Elias Levy
of
> SecurityFocus.com and Mark Edwards of NTSecurity.net have both
correctly
> pointed out that using the term password to apply to that string is
not
> beyond the realm of understanding. The client component mtd2lv.dll
and the
> server component dvwssr.dll both need to know this value, and use it
> correctly, for communications to work. If you try and talk directly
to
> dvwssr.dll and don't obfuscate your communication with the correct
"key", it
> won't understand you. Of course if you don't already have
permissions,
> knowing this value gets you nothing...hence my observation that its
not a
> password. Whatever it is, it appears to be meaningless junk text
used as
> data.
=====BEGIN PGP SIGNATURE=====
Version: PGP 6.0.2
iQA/AwUBOPknuBUjubvBswzqEQJaUwCfQE8X7LwB9Lf1aJqG1MzEiQtL+PMAoO2q
t8YM8zF2EWsCQp4XZ3rkqYcu
=pM1u
=====END PGP SIGNATURE=====
------------------------------
From: Jason <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.development.apps,comp.os.linux.development
Subject: Trouble installing GNU C from Red Hat 6.0 CD
Date: Sun, 16 Apr 2000 03:18:08 GMT
Hello. what follows is taken from the C-language tutorial page at
redhat.com:
There are a few ways to add the development libraries to your
system after
installation. For our purposes, I recommend you simply install
the necessary
RPM files. (you should be logged in as root for this) To do this,
mount the first
Red Hat Linux CD-ROM and go into the RedHat/RPMS directory.
Now, type 'rpm -i *egcs*', 'rpm -i *glibc-devel*', 'rpm -i *cvs*,
'rpm -i *make*', and
'rpm -i *gdb*' That should cover what you'll need for this
tutorial.
This all makes sense except that when I type 'rpm -i *egcs*' I get a
bunch of errors indicating that things couldn't be installed because of
various dependency issues. I'm not sure how to proceed. Also, the
above blurb seems to indicate that even were the above commands
successful I would be performing less than a complete installation.
Anyway, what should I do? How can I get GCC off of my damn cdrom and
onto my Linux system :) ? Thanks in advance for any help anyone can
offer.
Jason
------------------------------
From: Badrinath Venkatachari <[EMAIL PROTECTED]>
Subject: Disabing cache...
Date: Sat, 15 Apr 2000 23:19:26 -0700
Hi,
I have been trying to measure the throughput and average response time
of applications on my hard disk. However, since I have a 128 MB ram, and
quite a bit of that is used for caching (or so I suppose), I get very
high throughput and very low response time. I would like to know if
there is any way to disable caching in the kernel or reduce the amount
of memory used for caching so that I can get as accurate a measurement
as possible for my hard disk. (basically have most of the requests go to
the disk)
Also, are there any programs/software that help u make such
measurements and model your disk ??
thanks in advance
regards
badri
------------------------------
From: [EMAIL PROTECTED] (Frank Sweetser)
Subject: Re: Disabing cache...
Date: 16 Apr 2000 03:17:55 GMT
Badrinath Venkatachari <[EMAIL PROTECTED]> wrote:
> Also, are there any programs/software that help u make such
>measurements and model your disk ??
hdparm and bonnie are the programs you want to look for. you should
already have hdparm, and you can probably find bonnie at freshmeat.net
--
Frank Sweetser rasmusin at wpi.edu, fs at suave.net
Full-time WPI Network Tech, Part time Linux/Perl guy
Odd that we think definitions are definitive. :-)
-- Larry Wall in <[EMAIL PROTECTED]>
------------------------------
Reply-To: "Mark Graybill" <[EMAIL PROTECTED]>
From: "Mark Graybill" <[EMAIL PROTECTED]>
Subject: Re: 16-Bit C compiler that can deal properly with bit fields
Date: Sun, 16 Apr 2000 03:20:48 GMT
David,
It's a little uncertain what your problem really is. Perhaps you can
elaborate. Do you have overflow into other bit fields?
-Mark
David Nowak wrote in message <[EMAIL PROTECTED]>...
>Hi,
>
>I am searching a 16-Bit C compiler for Linux that can deal properly with
bit
>fieds. Indeed, with bcc (from linux-86) everything is padded to char, int
or
>long: it can store values wider than the specified field width!
>
>That's surely not convenient for system programming.
>
>By the way, does BCC and Linux-86 have a web page ? What is their original
>site ?
>
>--
>David
>
------------------------------
Reply-To: "Mark Graybill" <[EMAIL PROTECTED]>
From: "Mark Graybill" <[EMAIL PROTECTED]>
Crossposted-To:
comp.os.linux.advocacy,comp.os.ms-windows.advocacy,comp.os.ms-windows.nt.advocacy,comp.os.linux.networking,comp.os.linux.security,comp.os.ms-windows.networking.tcp-ip,alt.conspiracy.area51
Subject: Re: MS caught breaking web sites
Date: Sun, 16 Apr 2000 03:48:21 GMT
Colleagues...
It is an understandable phenomenon to have pent up emotions over a company
(Microsoft) that has gained as much success as they have in part because of
less than ethical methods (e.g. lying, deception, manipulation - even
illegal actions like violating copyright laws); and because the more
advanced technology that we so admired and loved has to eat their dust; and
because Microsoft has the non-technical believing Windows was the better
technology (and anything else Microsoft or the media tells them.)
However, it pains me to see such emotion vented in a newsgroup that has a
different objective. It wastes news server space and lines in our listboxes.
Get a Microsoft memento and vent your emotions by destroying the memento (or
loving it - whatever your stance), then get back to helping support and
nurturing our esteemed OS - Linux. Although for some reason, I cherish
reading about Microsoft's "black eyes", my suggestion would be to focus on
the good (Linux), and leave such spam out of this newsgroup.
Let's take the energy that could be spent on such negativity, and divert it
to our dedication and motivation to expanding and sharpening our skills so
we can make Linux the most advanced and viable operating system on the
planet. It is already in the lime-light, so each time it conquers a new
piece of the market away from Microsoft, we can celebrate in our revenge!
Best!
-Mark Graybill
------------------------------
From: Charlie Ebert <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Crossposted-To:
comp.os.linux.advocacy,comp.os.ms-windows.advocacy,comp.os.ms-windows.nt.advocacy,comp.os.linux.networking,comp.os.linux.security,comp.os.ms-windows.networking.tcp-ip,alt.conspiracy.area51
Subject: Re: MICROSOFT IT THRU! MICROSOFT IS THRU!
Date: Sun, 16 Apr 2000 03:49:29 GMT
Chad Myers wrote:
> "Charlie Ebert" <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]...
>
> > Dear Chad.
> >
> > Microsoft is asking everybody to delete that .dll.
> > They wouldn't ask us to delete the .dll if it weren't a threat.
>
> Because people are too stupid to set their permissions correctly.
>
permissions for you NT people are like what you have to do in Linux.
You know, Linux. That cruddy operating system which let's you do things.
Well, your not supposed to have to do that to NT as they were supposed
to set your operating system up right folks and NOT include any .dll's
with passwords like netscapeengineersareweenies....
>
>
> Not to mention that there is a buffer overrun that was discovered (which has
> nothing to do with this false 'backdoor' urban legend) and since this DLL
> is pretty much depricated, MS is just advising to delete it for precaution.
Depreciated = Netscape is out of business.
>
>
> If MS were interested in backdooring your system, why would they tell you
> to delete it?
>
Perhaps the entire world knows about it now Chad?
>
> > You can't call a guy a moron and an idiot if there's been a story published
> > about a security threat from a Microsoft product, THEN have Microsoft tell
> > you to delete the .dll because it IS a security threat.
>
> But the reason they're telling you to delete it is completely unrelated to
> this crazy "back door" nonsense.
>
But what of the comment you just made in the paragraph above Chad?
What did you say above. "IF MICROSOFT WERE INTERESTED IN BACKDOORING YOUR SYSTEM
THEN WHY WOULD THEY TELL YOU TO DELETE IT?"
Everybody jump back up one line and read Chad's thought train here.
The guy can't even manage to have complete thoughts.
>
> > That just makes you look stupid.
Let me say this again Chad. That just makes you look stupid.
>
>
> Hmm... truth is stupid? Ok! Then I'm a flaming moronic truth-telling idiot, if
> that's what interest in the truth makes me. I suppose I could be cooler and
> jump on the anti-MS conspiracy and disreguard all fact, evedience and truth,
> like you obviously have.
>
Chad,
I could tell you that CF4 will kill you and the first thing you'd try to do is
ram a bottle of it up your nose and turn it on.
>
> > If the .dll wasn't a threat then they shouldn't have told the world to delete
> it.
>
> Since the DLL was under intesnse scrutiny, another, rather minor buffer overrun
> was detected. Since the DLL is pretty much depricated, MS didn't see any point
> in
> supporting it. Remember, this was with the FrontPage98 extensions back when
> VisualInterDEV 1.0 was out. No one runs VID 1.0 anymore, so there's no use for
> the DLL anyhow.
>
> C'mon people, know your facts before you start spouting of this ignorant BS.
>
We got our facts straight Chad. Now it's time for you to pull your head out.
How about that. And watch your train of thought next time should you attempt
to communicate again.
>
> > You CAN'T KEEP turning the WORLD into FUDSTERS every time a new BAD THING is
> > EXPOSED about Microsoft products...
>
> Considering nothing was exposed, I guess that makes you not only a FUDSTER,
> but a liar and a defamer, right? Consider it a favor that I'm only calling you
> guys raving lunatics concerned only with FUD.
>
Sticks and stones Chad.
>
> > The FUDSTER, moron, idiot campaign carried off by Microsoft Trolls is clearly
> a
> > problem.
>
> Damn that truth! Always hurts when you're smacked by it, doesn't it, Charlie?
>
It appears he feels he's won some magnificient prize. Brandishing it like his
fathers jock strap he goes parading thru the house!
>
> > It leads people to believe that using a Microsoft Operating system is a SAFE
> and
> > SANE
> > thing to do!
>
> Of course, there's been no evidence otherwise, why SHOULDN'T they believe this?
>
Once again! Because they are telling us to delete a .dll which is a security risk
Chad?
Ha! My god. Was it VD which drove to this?
>
> > Isn't that just amazing here folks. The press reports the security flaw, the
> > back door.
> > Microsoft says to delete the .dll as it's a security risk.
>
> Microsoft says there's no Backdoor, many 3rd party sources confirm this.
>
I had to delete the rest as it really didn't matter from this point forward.
You see readers,
Case #1 above Chad says, Microsoft has no intention of backdooring anybody so the
.dll doesn't matter.
Case #2 almost a heartbeat or so down from Case #1 Chad is saying,
it's totally unrelated to back door issues and this is silly nonsense.
And finally in Case #3, Chad changes mind again and says that there's
NO BACKDOOR and that many 3rd parties comfirm this.
So for a re-cap. #1. There IS a back door but the .dll can't be used by it.
#2. There IS a backdoor which MIGHT affect the .dll
but this is silly nonsense.
#3. Chad finally tells us that there IS no backdoor
PERIOD.
So once again for the Microsoft user we see infinate flexibility in the operating
system.
After all, infinite flexibility in an operating system and it's people is what
truely makes
a GREAT OPERATING SYSTEM FOR THE MASSES.
An operating system which can be ANYTHING for ANYBODY at ANYTIME!!!!
In a recent film festible in the state just south of Louisiana, 9 out of 10
nitwits
who recently just arrived via bus agree that infinite flexibility is the key to
marketing sucess in the 21st century. Then they all were found dead the
following
morning in their showers as they attempted to wet shave with their Toshiba 2100
Satellites
running Windows 2000.
And now for something COMPLETELY DIFFERENT!!!
Thank you Chad for clarifiying this whole thing to the world.
We hope to have you on as a guest with the Linux Advocacy real soon.
Ladies and Gentlemen
Goodnight.
Charlie
------------------------------
Reply-To: "Mark Graybill" <[EMAIL PROTECTED]>
From: "Mark Graybill" <[EMAIL PROTECTED]>
Crossposted-To:
comp.os.linux.advocacy,comp.os.ms-windows.advocacy,comp.os.ms-windows.nt.advocacy,comp.os.linux.networking,comp.os.linux.security,comp.os.ms-windows.networking.tcp-ip,alt.conspiracy.area51
Subject: Re: MICROSOFT IT THRU! MICROSOFT IS THRU!
Date: Sun, 16 Apr 2000 03:59:39 GMT
Many believe that Microsoft is not only capable of such things, or have done
or will do such things - so we revel in hearing about them getting caught -
we may even take a stance of dissonance because the pleasure it brings to
know MS was caught is just too hard to let go of.
However, we have to admit that unless we have actually verified technically
for ourselves that it is true, we really don't know and we are just blowing
steam and making waste.
Let's spend our energy in areas we have more control over, like doing our
part in making Linux the most advanced operating system on the planet.
Linux already has the attention of CIOs and CEOs.
Let's give them a show that makes Linux hard to refuse.
-Mark Graybill
------------------------------
Reply-To: "Mark Graybill" <[EMAIL PROTECTED]>
From: "Mark Graybill" <[EMAIL PROTECTED]>
Crossposted-To:
comp.os.linux.advocacy,comp.os.ms-windows.advocacy,comp.os.ms-windows.nt.advocacy,comp.os.linux.networking,comp.os.linux.security,comp.os.ms-windows.networking.tcp-ip,alt.conspiracy.area51
Subject: Re: MS caught breaking web sites
Date: Sun, 16 Apr 2000 04:04:25 GMT
I forgot to mention that I caught my Outlook Express trying to connect to a
CGI script at a Microsoft website.
Thanks to requiring a proxy, it failed.
-Mark
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.development.system) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Development-System Digest
******************************
