Linux-Advocacy Digest #445, Volume #26 Wed, 10 May 00 16:13:08 EDT
Contents:
Re: How to properly process e-mail (Leslie Mikesell)
Re: Why only Microsoft should be allowed to create software (Eugene Fan)
Re: How to properly process e-mail (Seán Ó Donnchadha)
Re: Here is the solution (John Poltorak)
Re: How to properly process e-mail (Seán Ó Donnchadha)
Re: Here is the solution (Peter Ammon)
Re: This is Bullsh&^%T!!! ("Nik Simpson")
Re: This is Bullsh&^%T!!! (Mr Rupert)
Re: Why Solaris is better than Linux (Tim Kelley)
Re: This is Bullsh&^%T!!! (Mr Rupert)
Re: How to properly process e-mail (JEDIDIAH)
Re: This is Bullsh&^%T!!! (JEDIDIAH)
Re: Why only Microsoft should be allowed to create software (abraxas)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (Leslie Mikesell)
Crossposted-To: comp.os.ms-windows.nt.advocacy
Subject: Re: How to properly process e-mail
Date: 10 May 2000 14:00:10 -0500
In article <[EMAIL PROTECTED]>,
Seán Ó Donnchadha <[EMAIL PROTECTED]> wrote:
>[EMAIL PROTECTED] (Leslie Mikesell) wrote:
>
>>>
>>>What purpose does it serve to propagate the lie about Outlook
>>>auto-executing e-mail attachments? I mean, what purpose other than the
>>>obvious FUD?
>>
>>What does happen if you have active-x or vbs components in attachments
>>and you have auto-preview turned on?
>>
>
>I use the preview pane, and here's the deal. Attachments aren't even
>displayed there. They're accessed through a dropdown menu in the upper
>right of the pane. You have to (a) pull down the menu, (b) select the
>attachment you want, (c) change the option in the resulting dialog to
>"Open it", and (d) hit the OK button.
Does that mean that even there you can't tell the difference between
a gif and a script before executing it?
Les Mikesell
[EMAIL PROTECTED]
------------------------------
From: Eugene Fan <[EMAIL PROTECTED]>
Crossposted-To:
comp.sys.mac.advocacy,comp.os.ms-windows.nt.advocacy,comp.os.os2.advocacy
Subject: Re: Why only Microsoft should be allowed to create software
Date: Wed, 10 May 2000 18:56:43 GMT
In article <[EMAIL PROTECTED]>,
Eric Bennett <[EMAIL PROTECTED]> wrote:
> In article <79dS4.389$[EMAIL PROTECTED]>, "Erik Funkenbusch"
> <[EMAIL PROTECTED]> wrote:
>
> > Main Entry: in·no·va·tion
> > Pronunciation: "i-n&-'vA-sh&n
> > Function: noun
> > Date: 15th century
> > 1 : the introduction of something new
> > 2 : a new idea, method, or device : NOVELTY
> > - in·no·va·tion·al /-shn&l, -sh&-n&l/ adjective
>
> ...which is a pointless definition to use, because under that
> definition, anything new is an innovation, even if it is actually
> *worse* than what came before. Clearly that is not how the word is
> being used by Microsoft... the connotation is that innovation brings
> things that are better.
Maybe Microsoft actually wants to leave that ambiguity in the
definition. MS claims integrating Internet Explorer into Windows
without the option to remove it is an example of their "innovation".
Well, by making the Windows shell (Explorer) and IE share code,
your browser problems can now be your OS problem as well.
For example, if you're surfing with IE and come across a page with
buggy javascript, IE may crash, but you may also get a shell
(Explorer) crash. You've seen those, that's when your taskbar
refreshes, all the icons in your tray disappear, and if you were
running Active Desktop, it may now be in Active Desktop Recovery
Mode. Though you can most likely continue working with any open
apps, chances are, you'd save, close, and reboot, not knowing what
else might've been hosed in memory.
If the browser and OS were kept separate, you'd only have to restart
IE after it crashed. All that work spent "innovating" something
that caused more problems instead of fewer, just to squeeze out
Netscape. One more reason for us Windows users to say,
"Thanks a lot, Bill!"
--
Eugene
iMac user: "The iMac's distinctive, elegant, and colorful styling
makes it stand out from a sea of non-descript beige computers and
lets the world know that we 'Think Different' (tm)."
eMachines eOne user: "My computer got outlawed. Who's the real rebel
here?"
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Seán Ó Donnchadha <[EMAIL PROTECTED]>
Crossposted-To: comp.os.ms-windows.nt.advocacy
Subject: Re: How to properly process e-mail
Date: Wed, 10 May 2000 15:12:33 -0400
[EMAIL PROTECTED] (JEDIDIAH) wrote:
>>
>>Try not to change the subject. Outlook doesn't auto-execute
>
> It's not changing the subject.
>
> If 'open' means 'execute', then from the point of view
> of a naive end user: Outlook does infact auto-execute
> attachements.
>
Bullshit. Some moron users' mousing hands may effectively be
"auto-double-click", but Outlook doesn't automatically execute
anything, unless you start redefining "automatically".
>>
>>As to your point, since Outlook always warns the user of potential
>>malice, any confusion on the user's part is the user's fault.
>
> They display a useless, generic warning which in the course
> of business is simply impractical to implement.
>
What's impractical? Is it impractical for the user to read the
warning? Is it impractical for the user to cancel the dialog? Is it
impractical for the user to do the default thing and let it save the
attachment to disk? Do you expect anyone to believe that the *ONLY*
practical thing is for the user to (a) change the default dialog
settings and (b) hit OK?
>
> Simply disabling
> all active content by default (or sandboxing it) would be far
> more consistent with their own stated design goals.
>
> It has to be 'easy' and 'secure'.
>
You're forgetting "functional".
------------------------------
From: [EMAIL PROTECTED] (John Poltorak)
Crossposted-To:
comp.sys.mac.advocacy,comp.os.ms-windows.nt.advocacy,comp.os.os2.advocacy
Subject: Re: Here is the solution
Date: 10 May 2000 19:15:00 GMT
Reply-To: [EMAIL PROTECTED] (John Poltorak)
In <8fcbp3$hqk$[EMAIL PROTECTED]>, "Todd" <[EMAIL PROTECTED]> writes:
>
>Challenge:
>
>Give me just *one* MS undocumented API call, that could not be done with
>their *free* downloadable SDK?
>
>Just *one* API call is all I'm asking.
>
>MS provides WIn32 developers with *everything* they need and more.
>
>If you want to try this challenge, again, just give me *one* undocumented
>API call or secret API (whatever) that meets this challenge.
If I gave you a secret API call, I'd have to kill you :-)
--
John
------------------------------
From: Seán Ó Donnchadha <[EMAIL PROTECTED]>
Crossposted-To: comp.os.ms-windows.nt.advocacy
Subject: Re: How to properly process e-mail
Date: Wed, 10 May 2000 15:15:20 -0400
[EMAIL PROTECTED] (Leslie Mikesell) wrote:
>>
>>I use the preview pane, and here's the deal. Attachments aren't even
>>displayed there. They're accessed through a dropdown menu in the upper
>>right of the pane. You have to (a) pull down the menu, (b) select the
>>attachment you want, (c) change the option in the resulting dialog to
>>"Open it", and (d) hit the OK button.
>
>Does that mean that even there you can't tell the difference between
>a gif and a script before executing it?
>
Huh? How do you get that from what I said?
------------------------------
From: Peter Ammon <[EMAIL PROTECTED]>
Crossposted-To:
comp.sys.mac.advocacy,comp.os.ms-windows.nt.advocacy,comp.os.os2.advocacy
Subject: Re: Here is the solution
Date: Wed, 10 May 2000 15:24:05 -0400
Reply-To: [EMAIL PROTECTED]
Todd wrote:
>
> Challenge:
>
> Give me just *one* MS undocumented API call, that could not be done with
> their *free* downloadable SDK?
>
> Just *one* API call is all I'm asking.
>
> MS provides WIn32 developers with *everything* they need and more.
>
> If you want to try this challenge, again, just give me *one* undocumented
> API call or secret API (whatever) that meets this challenge.
>
> I bet that I can write *any* piece of Win32 software with the normal SDK
> that is downloadable for *free* from MS's web site.
>
> All you conspiracy theorists are welcome to take this challenge.
>
> Just *one* API call is all I'm asking for here...
A quick search of "undocumented API" reveals not one, but two.
RegisterServiceProcess, in KERNEL32.DLL, appears to "Register a process
as a service, which means it doesn't show up in the Control+Alt+Delete
program list," and there is also WNetEnumCachedPasswords in MPR.DLL
which "Retrieves all of the current user's cached passwords, and calls
the specified callback procedure with a pointer to each one."
The WINE project also seems to have a great deal of information on
undocumented Windows APIs.
-Peter
------------------------------
From: "Nik Simpson" <[EMAIL PROTECTED]>
Crossposted-To: comp.os.ms-windows.nt.advocacy
Subject: Re: This is Bullsh&^%T!!!
Date: Wed, 10 May 2000 15:28:57 -0400
"Leslie Mikesell" <[EMAIL PROTECTED]> wrote in message
news:8fca91$31t$[EMAIL PROTECTED]...
> In article <OIhS4.1088$ds3.1248@client>,
> Nik Simpson <[EMAIL PROTECTED]> wrote:
> >
> >> Yes, the important thing is to isolate untrusted content from any
> >> kind of general purpose interpreter.
> >>
> >
> >Which is pretty tough to do, since ultimately you rely on the person
> >reciving the content not doing something dumb with it, and that's a
pretty
> >shaky thing to rely on :-)
>
> Especially when you hide all the information about (a) what the
> content really is and (b) what action they are about to
> take with it.
On the subject of (a), the attachment was quite clearly a VBS script, in my
mailer (Outlook Express) it had the correct icon and the full file name was
shown. So the information is there, unfortunately most users have no clue
what a VBS script file is or could potentially do to them, but I don't think
you can hold Microsoft to blame for that.
On the subject of (b), Outlook tells you what it it will do if you really
want it to and it warns you against doing it.
--
Nik Simpson
------------------------------
From: Mr Rupert <[EMAIL PROTECTED]>
Crossposted-To: comp.os.ms-windows.nt.advocacy
Subject: Re: This is Bullsh&^%T!!!
Date: Wed, 10 May 2000 14:35:09 -0500
Erik Funkenbusch wrote:
>
> mlw <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]...
> > > Seem's that here you are saying that it's not the email application's
> fault.
> >
> > I assert that an e-mail client has NO RIGHT WHAT SO EVER to RUN A
> > PROGRAM or OPEN a FILE unless it knows exctly what IT IS DOING!!!!!! An
> > E-mail client MUST ACT AS a gatekeeper!! If the e-mail client can not
> > tell the difference between harmless data, i.e. *.mp3 or *.jpeg and
> > executable content i.e. *.doc, *.exe or *.vbs, then it should be pulled
> > from the market right away.
>
> How exactly does the email client know that .jpg or .mp3 is what it claims
> to be? You could send a virus with a .jpg extension and then have a
> different trojan rename the file types to launch the virus when the jpg file
> is opened. Suddenly, a jpg is no longer safe.
>
How exactly is the second trojan going to launch? After all, the first
trojan cannot launch. What does the second trojan have that the first
trojan cannot have?
Your scheme is the classic dog chasing its tail.
Eric, I have watched you desperately attempt to refute all logic
presented to you about the inherent security dangers in MS software.
Instead of admitting that MS software is a security risk on the net,
you try and give examples of UNIX venerability.
The fact of the matter is MS WIN95/98 is a dominant user OS on the net
and security needs to be addressed, pronto!
Eric, instead of fighting against the UNIX advocates in these newsgroups,
the best you can do for yourself, to save further embarrassment, is to
say, "yes, MS software needs to address security issues." PERIOD!
Note to all: please leave out of your arguments that the user deserves
what they get for being dumb and clicking on an attachment. This point
solves nothing and serves only to boost your ego.
--
Mr Rupert
------------------------------
From: Tim Kelley <[EMAIL PROTECTED]>
Subject: Re: Why Solaris is better than Linux
Date: Wed, 10 May 2000 14:39:21 -0500
Lord Williams wrote:
>
> Technically Solaris is more advanced especially in
> features for working on very large systems -- ones with dozens of processors
> or even clusters of ones with dozens of processors. It "scales" much better
> meaning that as processors are added performance goes up. This is never
> linear, i.e., 8 processors won't give you twice the performance of 4, but for
> most operating systems, especially NT but now, anyway, still Linux, you get
> zero additional performance after 4 for NT and probably the same for Linux.
> Solaris is also much much more stable. Big Solaris systems attain what's
> known as "5 9's" -- 99.999% uptime. That comes out to 5 minutes of downtime
> per year.
Yeah yeah.
Commercial unix is definitely either an acquired taste (even
among unix people) or a necessity.
Sure solaris is superior to linux for a lot of things. But for
home use? You gotta be kidding. Solaris (well I find) is
totally unsuited for such use ... it is much more difficult than
linux or Freebsd. what I mean by that is that you really wind up
doing everything yourself. For pc use, using solaris would be
like using a linux distro that only contained the base system,
KDE and nothing else. I call that a pain in the ass. No one
wants to download and compile a few GB worth of applications.
Aside from that is comes with CDE which is really, really awful
compared to KDE. No wonder unix was dying in the hands of these
people.
--
Tim Kelley
[EMAIL PROTECTED]
[EMAIL PROTECTED]
------------------------------
From: Mr Rupert <[EMAIL PROTECTED]>
Crossposted-To: comp.os.ms-windows.nt.advocacy
Subject: Re: This is Bullsh&^%T!!!
Date: Wed, 10 May 2000 14:44:04 -0500
Erik Funkenbusch wrote:
>
> Perry Pip <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]...
> > >How exactly does the email client know that .jpg or .mp3 is what it
> claims
> > >to be?
> >
> > It doesn't need to know. All it needs to know is that a jpeg veiwer or mp3
> > player is a safe application to pass it to, because the application will
> > attempt to render the file's contents, instead of attempting to interpret
> > and execute the file's contents. If you pass a jpeg viewer a file that is
> > not in jpeg format it will report an error. Same with an mp3 player.
>
> And how does it know that the application is safe to execute content? Since
> file types are user defineable, the .mp3 association can point to anything,
> including WSH.
>
Eric, now you are being plain ridiculous and waffling all over the place.
Are you a corporate shill? As I look through this newsgroup I find that
there is not one single negative MS post which you have not replied to.
You are a very busy person.
--
Mr Rupert
------------------------------
From: [EMAIL PROTECTED] (JEDIDIAH)
Crossposted-To: comp.os.ms-windows.nt.advocacy
Subject: Re: How to properly process e-mail
Date: Wed, 10 May 2000 19:46:40 GMT
On Wed, 10 May 2000 15:12:33 -0400, Seán Ó Donnchadha <[EMAIL PROTECTED]> wrote:
>[EMAIL PROTECTED] (JEDIDIAH) wrote:
>
>
>>>
>>>Try not to change the subject. Outlook doesn't auto-execute
>>
>> It's not changing the subject.
>>
>> If 'open' means 'execute', then from the point of view
>> of a naive end user: Outlook does infact auto-execute
>> attachements.
>>
>
>Bullshit. Some moron users' mousing hands may effectively be
>"auto-double-click", but Outlook doesn't automatically execute
>anything, unless you start redefining "automatically".
Outlook blindly hands content off to the shell. Even
some of the local MS Shills admit as much. THAT is
still 'auto-execution' of active content.
'moron users' are Microsoft's target market. If they
can't adequately address their own target market
perhaps they should just liquidate entirely...
[deletia]
'functional' doesn't require doc-scripting flim-flam.
My Unix mail system is plenty functional, even more so
than any WinDOS facility that I would use simply because
I never need fear the contents of an email.
I can actually read all my mail. ALL of it.
--
In what language does 'open' mean 'execute the evil contents of' |||
a document? --Les Mikesell / | \
Need sane PPP docs? Try penguin.lvcm.com.
------------------------------
From: [EMAIL PROTECTED] (JEDIDIAH)
Crossposted-To: comp.os.ms-windows.nt.advocacy
Subject: Re: This is Bullsh&^%T!!!
Date: Wed, 10 May 2000 19:50:32 GMT
On Wed, 10 May 2000 15:05:54 -0400, Seán Ó Donnchadha <[EMAIL PROTECTED]> wrote:
>Brian Langenberger <[EMAIL PROTECTED]> wrote:
>
>>:
>>: Examining the file to determine type is just about the worst thing you
>>: can do. It's unreliable and inefficient (requiring sophisticated
>>: pattern matching that doesn't always work), and you're screwed if you
>>: don't have read access.
>>
>>Eh? Examining the file is the *only* 100% reliable way of telling
>>what the file is.
>>
>
>Is that why file(1) often indicates "English text" for C source files
>and vice versa? 100% reliable my ass.
That's what it is actually. The shell certainly won't be feeding
it through an interpreter. It's just another ascii text file.
>
>>
>>file(1) is quite capable of figuring them out
>>both quickly and accurately - and often you don't need the whole file
>>either.
>>
>
>Of course you don't need the whole file. But you still have to open
>each file, read some of it, and close it. This becomes a lot of work
>if you're displaying a directory's worth of file types.
Yup. Some things require a little work. Everything in life
is a tradeoff...
[deletia]
>>The best way is to ignore such "hints" and figure out the
>>file on your own because labels can't be trusted. In other
>>words, just because someone says an attachment is a love letter
>>doesn't make it so...
>>
>
>I disagree. When you double-click on that attachment, neither its name
>nor its contents determine how it's executed. It's the file type tag,
>be it a filename extension or some resource fork thing.
It is still, ultimately, just a name. Either it's tacked onto the
end of the name you see or buried away in a file you never see.
--
In what language does 'open' mean 'execute the evil contents of' |||
a document? --Les Mikesell / | \
Need sane PPP docs? Try penguin.lvcm.com.
------------------------------
From: [EMAIL PROTECTED] (abraxas)
Crossposted-To:
comp.sys.mac.advocacy,comp.os.ms-windows.nt.advocacy,comp.os.os2.advocacy
Subject: Re: Why only Microsoft should be allowed to create software
Date: 10 May 2000 20:06:03 GMT
In comp.os.linux.advocacy Eric Bennett <[EMAIL PROTECTED]> wrote:
> In article <79dS4.389$[EMAIL PROTECTED]>, "Erik Funkenbusch"
> <[EMAIL PROTECTED]> wrote:
>> Main Entry: in·no·va·tion
>> Pronunciation: "i-n&-'vA-sh&n
>> Function: noun
>> Date: 15th century
>> 1 : the introduction of something new
>> 2 : a new idea, method, or device : NOVELTY
>> - in·no·va·tion·al /-shn&l, -sh&-n&l/ adjective
> ...which is a pointless definition to use, because under that
> definition, anything new is an innovation, even if it is actually
> *worse* than what came before. Clearly that is not how the word is
> being used by Microsoft...
Yet thats what it seems to mean when microsoft products are being
described.
=====yttrx
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.advocacy) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Advocacy Digest
******************************
