Linux-Advocacy Digest #278, Volume #32 Sun, 18 Feb 01 02:13:06 EST
Contents:
Re: .NET is plain .NUTS (Charlie Ebert)
Re: M$ taking over linux? (Charlie Ebert)
Re: Microsoft says Linux threatens innovation (Charlie Ebert)
Re: My Win2k Network Nightmare!!!!!! ("Adam Warner")
Re: Whistler/.NET will Help Linux ("Tom Wilson")
Re: Interesting article ("Chad Myers")
Re: The Windows guy. (Brent R)
Pop Quiz: Who made this statement 15 months ago? ("Adam Warner")
Re: Interesting article (J Sloan)
Re: Interesting article (Steve Mading)
Re: .NET is plain .NUTS ("Jim Cason")
Re: .NET is plain .NUTS ("Jim Cason")
Re: Interesting article ("Tom Wilson")
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (Charlie Ebert)
Subject: Re: .NET is plain .NUTS
Reply-To: Charlie Ebert:<[EMAIL PROTECTED]>
Date: Sun, 18 Feb 2001 04:24:46 GMT
In article <96nblj$pr8$[EMAIL PROTECTED]>, Bloody Viking wrote:
>
>Charlie Ebert ([EMAIL PROTECTED]) wrote:
>
>: Let's quit beating around the bush here.
>: I'm not a traitor to any employer I've ever had.
>: I'm not about to turn in an employer I've had.
>
>While you might not ever "go postal" by turning in an employer by calling the
>BSA, so long as any company ever uses payware, ANY disgruntled employee can.
>Who needs to pack some heat when the Copyright Fine is $250K/pop? A bad warez
>company can be _nuked_ by one disgruntled employee, and the "nuke attack" is
>perfectly legal. Who needs guns? ANY company using warez is just a phone call
>away from financial armageddon. We all know that nearly every company is using
>warez. All you need is ONE disgruntled employee to pick up that damn phone to
>nuke the company back to the stone age.
>
>This is one fucking good reason to use Linux in the workplace. You protect
>yourself from anyone "going postal" by attempts at calling the BSA.
>
>--
>FOOD FOR THOUGHT: 100 calories are used up in the course of a mile run.
>The USDA guidelines for dietary fibre is equal to one ounce of sawdust.
>The liver makes the vast majority of the cholesterol in your bloodstream.
I totally agree. I agree that people have no business going postal
in the workplace. If you have a problem with somebody or are just
sick or your job or even wanting a change, turning your employer
into the software police is going postal!
And since Microsoft is going to DO THAT to everybody anyway, they
you could say *MICROSOFT IS GOING POSTAL*!
--
Charlie
**DEBIAN** **GNU**
/ / __ __ __ __ __ __ __
/ /__ / / / \/ / / /_/ / \ \/ /
/_____/ /_/ /_/\__/ /_____/ /_/\_\
http://www.debian.org
------------------------------
From: [EMAIL PROTECTED] (Charlie Ebert)
Subject: Re: M$ taking over linux?
Reply-To: Charlie Ebert:<[EMAIL PROTECTED]>
Date: Sun, 18 Feb 2001 04:28:41 GMT
In article <[EMAIL PROTECTED]>, Gareth Brereton wrote:
>i was wondering... if M$ distrobuted linux running a proprietary gui,
>installer/pakaging system, command line tools, etc (basically only the
>kernel is GPL)... then they promoted it like they've done with the XBox
>people would use it... wouldnt that give billy control to do what he
>likes? sorry.... im paranoid, just wondering if anyone has had any
>similar thoughts and why or why not microsoft could do something like this
>
I don't CARE if Microsoft wants to make money honestly!
If they came up with their own Linux distribution and released
the GUI via the GPL for a change, they would take Linux EVERYWHERE
for us and still manage to maintain their status as the software
king of the world. And WHY NOT?
Brand loyalty is everything to the customer. It truely is.
And if they offered their own Linux distribution, the OS would
actually be stable.
They couldn't manage to deviate from the Linux base as GPL'd code
would contain any stupid actions on their part. It would act like
a stupid filter.
--
Charlie
**DEBIAN** **GNU**
/ / __ __ __ __ __ __ __
/ /__ / / / \/ / / /_/ / \ \/ /
/_____/ /_/ /_/\__/ /_____/ /_/\_\
http://www.debian.org
------------------------------
From: [EMAIL PROTECTED] (Charlie Ebert)
Subject: Re: Microsoft says Linux threatens innovation
Reply-To: Charlie Ebert:<[EMAIL PROTECTED]>
Date: Sun, 18 Feb 2001 04:31:26 GMT
In article <[EMAIL PROTECTED]>, Aaron Kulkis wrote:
>
>
>Charlie Ebert wrote:
>>
>> In article <[EMAIL PROTECTED]>, Aaron Kulkis wrote:
>> >
>> >
>> >[EMAIL PROTECTED] wrote:
>> >>
>> >> Flacco wrote:
>> >> >
>> >> > > It's interesting to note that the whole phenomenon of Microsoft vs. Open
>> >> > > Source most likely wouldn't exist had IBM not (albeit, unthinkingly)
>> >> > > 'open-sourced' the PC architecture.
>> >> >
>> >> > I don't buy that. It just wouldn't be taking place on IBM hardware with MS
>> >> > software.
>> >>
>> >> If IBM had not 'open-sourced' the PC architecture, PCs may not have had
>> >> the success they did. It may be that the discussion would be
>> >> open-source v Apple
>> >
>> >There were Apple clones in the early 1980's.
>> >
>> >Franklin was selling them in 1981.
>> >
>>
>> This is TRUE! A distant former Boss of mine actually had
>> one of these! I'm shocked you remember this!
>>
>
>Rumors of my alzheimer's are overstated.
HA! I still remember what I said when I saw the thing!
Hey! You got an Apple! He said NO I DON'T!
It's a FRANKLIN!
I said, what the hell is a FRANKLIN! That's an APPLE!
NO! It's a FRANKLIN. FRANKLIN WHAT! It's AN APPLE!
NO FRANKLIN! READ HERE! SEE FRANKLIN!
WOW! FRANKLIN IS GOING TO GET SUED!!!!
That was my exact words! 20 years ago!
I remember!
>
>
>> >
>> >> --
>> >> http://www.guild.bham.ac.uk/chess-club
>> >
>> >--
>> >Aaron R. Kulkis
>> >Unix Systems Engineer
>> >DNRC Minister of all I survey
>> >ICQ # 3056642
>> >
>> >
>> >H: "Having found not one single carbon monoxide leak on the entire
>> > premises, it is my belief, and Willard concurs, that the reason
>> > you folks feel listless and disoriented is simply because
>> > you are lazy, stupid people"
>> >
>> >I: Loren Petrich's 2-week stubborn refusal to respond to the
>> > challenge to describe even one philosophical difference
>> > between himself and the communists demonstrates that, in fact,
>> > Loren Petrich is a COMMUNIST ***hole
>> >
>> >J: Other knee_jerk reactionaries: billh, david casey, redc1c4,
>> > The retarded sisters: Raunchy (rauni) and Anencephielle (Enielle),
>> > also known as old hags who've hit the wall....
>> >
>> >A: The wise man is mocked by fools.
>> >
>> >B: Jet Silverman plays the fool and spews out nonsense as a
>> > method of sidetracking discussions which are headed in a
>> > direction that she doesn't like.
>> >
>> >C: Jet Silverman claims to have killfiled me.
>> >
>> >D: Jet Silverman now follows me from newgroup to newsgroup
>> > ...despite (C) above.
>> >
>> >E: Jet is not worthy of the time to compose a response until
>> > her behavior improves.
>> >
>> >F: Unit_4's "Kook hunt" reminds me of "Jimmy Baker's" harangues against
>> > adultery while concurrently committing adultery with Tammy Hahn.
>> >
>> >G: Knackos...you're a retard.
>>
>> --
>> Charlie
>>
>> **DEBIAN** **GNU**
>> / / __ __ __ __ __ __ __
>> / /__ / / / \/ / / /_/ / \ \/ /
>> /_____/ /_/ /_/\__/ /_____/ /_/\_\
>> http://www.debian.org
>
>--
>Aaron R. Kulkis
>Unix Systems Engineer
>DNRC Minister of all I survey
>ICQ # 3056642
>
>
>H: "Having found not one single carbon monoxide leak on the entire
> premises, it is my belief, and Willard concurs, that the reason
> you folks feel listless and disoriented is simply because
> you are lazy, stupid people"
>
>I: Loren Petrich's 2-week stubborn refusal to respond to the
> challenge to describe even one philosophical difference
> between himself and the communists demonstrates that, in fact,
> Loren Petrich is a COMMUNIST ***hole
>
>J: Other knee_jerk reactionaries: billh, david casey, redc1c4,
> The retarded sisters: Raunchy (rauni) and Anencephielle (Enielle),
> also known as old hags who've hit the wall....
>
>A: The wise man is mocked by fools.
>
>B: Jet Silverman plays the fool and spews out nonsense as a
> method of sidetracking discussions which are headed in a
> direction that she doesn't like.
>
>C: Jet Silverman claims to have killfiled me.
>
>D: Jet Silverman now follows me from newgroup to newsgroup
> ...despite (C) above.
>
>E: Jet is not worthy of the time to compose a response until
> her behavior improves.
>
>F: Unit_4's "Kook hunt" reminds me of "Jimmy Baker's" harangues against
> adultery while concurrently committing adultery with Tammy Hahn.
>
>G: Knackos...you're a retard.
--
Charlie
**DEBIAN** **GNU**
/ / __ __ __ __ __ __ __
/ /__ / / / \/ / / /_/ / \ \/ /
/_____/ /_/ /_/\__/ /_____/ /_/\_\
http://www.debian.org
------------------------------
From: "Adam Warner" <[EMAIL PROTECTED]>
Subject: Re: My Win2k Network Nightmare!!!!!!
Date: Sun, 18 Feb 2001 18:01:12 +1300
Hi flatfish,
<snip>
> After screwing around with it for what must have been 2 hours, I noticed
> that the Lan connection name in Network Neighborhood had changed it's
> name to Lan(2) from Lan. Interesting! I don't see any Lan there?
<snip>
Unfortunately Windows keeps old settings in the registry and they have a
habit of causing conflicts. It is possible to edit the registry by hand to
remove them. When something named ...(2) etc. pops up you know old
settings still exist.
As some wise person said in this forum, Windows trusts the registry more
than the hardware you are running.
Regards, Adam
------------------------------
From: "Tom Wilson" <[EMAIL PROTECTED]>
Subject: Re: Whistler/.NET will Help Linux
Date: Sun, 18 Feb 2001 05:02:12 GMT
In article <96ndec$muk$[EMAIL PROTECTED]>, [EMAIL PROTECTED]
wrote:
> In article <VPuj6.371$[EMAIL PROTECTED]>, Erik Funkenbusch
> <[EMAIL PROTECTED]> wrote:
>>
>>I specifically offered an alternative. Hell, VSS has many competitors,
>>most of which have integration these days. PVCS, MKS, Perforce,
>>Clearcase, StarTeam, Endeavor, hell, even certain versions of CVS have
>>integration.
>>
> I have spoken at length with a StarTeam developer who assures me
> that he is trying to get a Linux port approved by his management.
>
> He has used Linux enough to know that W2K cannot keep up.
> Monopolysoft has lost him forever.
>
> He loved awk but I should have started him on perl from day one.
>
> "And another one bites the dust!"
You may want to relay to this gentleman that if they port to Linux, we'll
buy in a heartbeat. CVS is great, but a less-hassle option would be
better and would save my months of hacking one up myself.
--
Tom Wilson
Sunbelt Software Solutions
Presently lurking in his Linux Partition
------------------------------
From: "Chad Myers" <[EMAIL PROTECTED]>
Crossposted-To:
alt.destroy.microsoft,comp.os.ms-windows.advocacy,comp.os.ms-windows.nt.advocacy
Subject: Re: Interesting article
Date: Sun, 18 Feb 2001 05:22:53 GMT
"Tom Wilson" <[EMAIL PROTECTED]> wrote in message
news:BlGj6.51$[EMAIL PROTECTED]...
> In article <MFFj6.45899$[EMAIL PROTECTED]>, "Chad Myers"
> <[EMAIL PROTECTED]> wrote:
>
> >
> > "Tom Wilson" <[EMAIL PROTECTED]> wrote in message
> > news:kEEj6.69$[EMAIL PROTECTED]...
> >> In article <hFlj6.41815$[EMAIL PROTECTED]>, "Chad
> >> Myers"
> >> <[EMAIL PROTECTED]> wrote:
> >>
> >> >
> >> > "Ayende Rahien" <[EMAIL PROTECTED]> wrote in message
> >> > news:96jg3p$9hn$[EMAIL PROTECTED]...
> >> >>
> >> >> "Chad Myers" <[EMAIL PROTECTED]> wrote in message
> >> >> news:MEaj6.27470$[EMAIL PROTECTED]...
> >> >>
> >> >> < Perm bits
> >> >> > are ancient, a poor design, and are really unsecure.
> >> >>
> >> >> Describ a way to get over permissions in any *nix that implement
> >> >> perm bits
> >> >> (all of them).
> >> >
> >> > You're not understanding what I'm saying...
> >> >
> >> > It's the mentality. Permission bits are extremely limiting, as they
> >> > only allow one owner, one group, and everyone else.
> >> >
> >> > Secondly, permissions are not applied pervasively. That is, they're
> >> > only applied to files and file/devices. You can't set an ACL on
> >> > whether or not someone can access a specific porition of a file, you
> >> > can't set permissions on whether or not a particular process can
> >> > perform specific functions with the OS.
> >> >
> >> > Secondly, this is a little off of perm bits, but related, there's
> >> > almost no auditing, or not serious auditing in Linux, for example and
> >> > in many Unixes. The Unixes that have DAC have a full auditing scheme.
> >> > In fact, that's a requirement of DAC is to verify that permissions
> >> > are applied properly and that users are not circumventing the intent
> >> > of the permissions.
> >> >
> >> > Perm bits, as agreed by anyone who has a basic understanding of
> >> > secure OS implementations, are kindergarten-level, and are insecure
> >> > by nature.
> >> >
> >> > -Chad
> >> >
> >> >
> >>
> >> I'll post Mr Rahien's question again....
> >>
> >> " Describ a way to get over permissions in any *nix that implement perm
> >> bits (all of them). "
> >>
> >> ...as I noticed you ignored it in your first response.
> >
> > I replied to it. Don't you read posts?
> >
> > You're thinking at two low of a level. If you say that only X has
> > permissions to a file, then only X has permission to a file. I'm not
> > saying that that is broken or something. I'm saying, however, that perm
> > bits are too limiting, and they do not provide ample control, nor
> > reporting, nor auditing, nor inheritance, nor explit denies, nor any of
> > the basic concepts of modern security. It's a 70's architecture that
> > some undereducated head-in-the-sand individuals seem to not want to let
> > go.
> >
> > Even the major Unix vendors have seen how bad perm bits are and have
> > developed their own DAC implementations for the security concious.
>
> If such were the case, permission bits would have been relegated to the
> history books long ago.
So would've many things in Unix. But like many things in Unix, there
are some die-hards out there that won't see the light and refuse to
let it go. It's kind of a "can't teach and old dog new tricks" type thing.
Likewise, if DAC wasn't really that good, then they wouldn't have
spent much time or effort developing for it.
> In all but the most demanding cases, permission
> bits do quite well and therefore are still used. Three forths of what you
> described just plain isn't neccesary for most installations.
Hmm, I don't know. When I've set up boxes before and I have shared and
complex directory systems for marketing, sales, product development, etc
It always seems that one group needs access to something in another
group's folder, etc. Most of these schemes involved allowing several
groups access to a folder and possibly denying one person or several
individuals for special situations, and then setting inheritence on
sub folders to prevent sub-folder permission wrangling.
> Anyway, why do you persist in lumping anything pre 90's into the waste
> bin?
Not anything, just inferior things, like permission bits and telnet.
-Chad
------------------------------
From: Brent R <[EMAIL PROTECTED]>
Subject: Re: The Windows guy.
Date: Sun, 18 Feb 2001 05:40:13 GMT
<snip>
> Chances are an NT machine set up and working may be stable for extended periods
> of time. (weeks) It is when you start installing many pieces of software that
> all this stuff starts to crumble.
Bam! Precisely. Windows works fine until I have 30 or so apps installed
on it. Right now I'm getting BSOD's and hangs all the time, who the hell
knows what from. All I know is that it's just about time for another
reinstall.
--
Happy Trails
-Brent
=============================
http://rotten168.home.att.net
=============================
ICQ# 51265871
------------------------------
From: "Adam Warner" <[EMAIL PROTECTED]>
Subject: Pop Quiz: Who made this statement 15 months ago?
Date: Sun, 18 Feb 2001 05:43:02 GMT
"...we have been guided by the most basic American values: innovation,
integrity, serving customers, partnership, quality and giving to the
community. We compete vigorously, but fairly."
(Please don't enter the quotation into Google :-)
Adam
------------------------------
From: J Sloan <[EMAIL PROTECTED]>
Crossposted-To:
alt.destroy.microsoft,comp.os.ms-windows.advocacy,comp.os.ms-windows.nt.advocacy
Subject: Re: Interesting article
Date: Sun, 18 Feb 2001 06:01:00 GMT
Chad Myers wrote:
> Not anything, just inferior things, like permission bits and telnet.
Linux and BSDs ship with ssh, win 2k ships with telnet.
Who's 20 years behind?
jjs
------------------------------
From: Steve Mading <[EMAIL PROTECTED]>
Crossposted-To:
alt.destroy.microsoft,comp.os.ms-windows.advocacy,comp.os.ms-windows.nt.advocacy
Subject: Re: Interesting article
Date: 18 Feb 2001 06:08:12 GMT
In comp.os.linux.advocacy Aaron Kulkis <[EMAIL PROTECTED]> wrote:
: Steve Mading wrote:
:>
:> In comp.os.linux.advocacy Chad Myers <[EMAIL PROTECTED]> wrote:
:>
:> : No, really, I want to know.
:>
:> : When it's good for Linux, Linux is Unix. When it's bad for Linux,
:> : Linux isn't Unix.
:>
:> Bull. There are many Unixen, of which Linux is one in every
:> way except the legal trademark way. This is very simple, and
:> very consistent. When speaking on technical issues, Linux is
:> one of the Unixes. When speaking on legal or corporate issues,
:> (trademark discussions, or discussing how "unix companies" tend
:> to act) it is not.
:>
:> Now, speaking on technical issues, both statements: "Linux is Unix"
:> and "Linux is not UNIX" don't really fit 100%. UNIX is a set of
:> OSes, ONE of which is Linux. Niether sentence tells the whole
:> story. You are comparing a set to a scalar. This might be why
:> you are confused on this very simple issue. That's why
:> I was careful to phrase it as "Linux is ONE OF THE Unixen".
:> But English is a sloppy language, where it is *sometimes* acceptable
:> to say "A is B" when you really mean "A is a subset of B"
:> (Example, "a bannana is fruit". This is because nouns sometimes
:> are treated like objects and sometimes like classes, depending
:> on context. UNIX is such a noun.)
: Actually, a better way to put it is:
[snip ascii art. Wow - an asciified Ven Diagram.]
The Venn Diagram doesn't really tell the picture well, though
because "UNIX" isn't at the same level in the taxonomy as
Linux. It's a set of OSes, one level above the OS level.
Comparing UNIX to Linux isn't like comparing apples and oranges.
It's more like comparing a scalar to a set.
------------------------------
From: "Jim Cason" <[EMAIL PROTECTED]>
Subject: Re: .NET is plain .NUTS
Date: Sun, 18 Feb 2001 05:58:35 GMT
Or... just work for a company that pays for its licensing correctly. They
are out there and they do have some integrity.
"Bloody Viking" <[EMAIL PROTECTED]> wrote in message
news:96nblj$pr8$[EMAIL PROTECTED]...
>
> Charlie Ebert ([EMAIL PROTECTED]) wrote:
>
> : Let's quit beating around the bush here.
> : I'm not a traitor to any employer I've ever had.
> : I'm not about to turn in an employer I've had.
>
> While you might not ever "go postal" by turning in an employer by calling
the
> BSA, so long as any company ever uses payware, ANY disgruntled employee
can.
> Who needs to pack some heat when the Copyright Fine is $250K/pop? A bad
warez
> company can be _nuked_ by one disgruntled employee, and the "nuke attack"
is
> perfectly legal. Who needs guns? ANY company using warez is just a phone
call
> away from financial armageddon. We all know that nearly every company is
using
> warez. All you need is ONE disgruntled employee to pick up that damn phone
to
> nuke the company back to the stone age.
>
> This is one fucking good reason to use Linux in the workplace. You protect
> yourself from anyone "going postal" by attempts at calling the BSA.
>
> --
> FOOD FOR THOUGHT: 100 calories are used up in the course of a mile run.
> The USDA guidelines for dietary fibre is equal to one ounce of sawdust.
> The liver makes the vast majority of the cholesterol in your bloodstream.
------------------------------
From: "Jim Cason" <[EMAIL PROTECTED]>
Subject: Re: .NET is plain .NUTS
Date: Sun, 18 Feb 2001 06:01:15 GMT
Thank you for pointing out that there are companies who take care of their
licensing the correct way. For those that dont, they should be fined. Its
just like stealing anything else.
"Mart van de Wege" <[EMAIL PROTECTED]> wrote in message
news:3a8e471c$0$7102@reader4...
> In article <[EMAIL PROTECTED]>, "Aaron Kulkis"
> <[EMAIL PROTECTED]> wrote:
>
> >
> >
> > Charlie Ebert wrote:
> >>
> >> Okay boys and girls.
> >>
> >> We all have employers. Even if you own your own business you
> >> have employers.
> >>
> >> And from my own experience working in the world of Windows,
> >> producing code for even the LARGEST of multi billion dollar
> >> companies, I'm ashamed to say that they *ALL* cheat.
> >>
> >> They *ALL* take one copy of NT and install it across 50
> >> machines or more. They *ALL* take one copy of Word and install
> >> it across 50 machines or more.
> >>
> >> 30% of which I've noticed do it deliberately!
> >>
> >> The other 70% attempt to keep records but the fucking
> >> employee's go out there on their own and install all kinds of
> >> unauthorized software anyway.
> >>
> >> If your going to play the Windows game legally, you have to
> >> buy the license.
> >>
> >> I feel the *REASON* why Windows is still the most preferred
> >> desktop is because the *EMPLOYERS* are treating Windows like
> >> it were shareware or even GPL'd Linux. I even remember one
> >> company who loaned *THEIR* copy of NT to a customer just so
> >> they could get NT installed to use *OUR* application!
> >>
> Charlie,
>
> Although I agree with your sentiment, I must say that my
> employer is a different animal altogether. As I stated in
> another thread, we are currently migrating to NT4.0 for our
> workstations (OT: Properly configured and managed by a competent
> IT staff, not a bunch of click-happy MCSEs, NT4.0 is actually a
> quite decent workstation OS) and every NT machine has its own
> individual license number properly affixed to the machine
> itself.
> For the record (since I am saying positive things I am sure they
> don't mind) I work for the ING group, which definitely is one of
> the bigger financial institutions in Europe, so proper NT
> licensing must be costing us a fair bit, yet we are still
> posting record profits. It must also be said that this is a rare
> beast: they are a very fair employer, even going above and
> beyond the Netherlands' relatively strict employment laws, so I
> think their policy on software licensing is just another example
> of a fair company policy.
> Also, since our workstations are nowhere near a standard NT
> configuration, I think us being a large customer has given us
> some leeway with MS.
> Don't know how our US division handles things though, and given
> the horror stories I keep hearing about audits in the US, I
> think that you are right and a lot of companies have illicit
> software installations, and they *will* feel the crunch if
> compulsory registration through the internet is enforced.
>
> Mart
>
> --
> Happily running Debian, posting with Pan
------------------------------
From: "Tom Wilson" <[EMAIL PROTECTED]>
Subject: Re: Interesting article
Crossposted-To:
alt.destroy.microsoft,comp.os.ms-windows.advocacy,comp.os.ms-windows.nt.advocacy
Date: Sun, 18 Feb 2001 06:17:58 GMT
In article <N_Ij6.30934$[EMAIL PROTECTED]>, "Chad Myers"
<[EMAIL PROTECTED]> wrote:
>
> "Tom Wilson" <[EMAIL PROTECTED]> wrote in message
> news:BlGj6.51$[EMAIL PROTECTED]...
>> In article <MFFj6.45899$[EMAIL PROTECTED]>, "Chad
>> Myers"
>> <[EMAIL PROTECTED]> wrote:
>>
>> >
>> > "Tom Wilson" <[EMAIL PROTECTED]> wrote in message
>> > news:kEEj6.69$[EMAIL PROTECTED]...
>> >> In article <hFlj6.41815$[EMAIL PROTECTED]>, "Chad
>> >> Myers"
>> >> <[EMAIL PROTECTED]> wrote:
>> >>
>> >> >
>> >> > "Ayende Rahien" <[EMAIL PROTECTED]> wrote in message
>> >> > news:96jg3p$9hn$[EMAIL PROTECTED]...
>> >> >>
>> >> >> "Chad Myers" <[EMAIL PROTECTED]> wrote in message
>> >> >> news:MEaj6.27470$[EMAIL PROTECTED]...
>> >> >>
>> >> >> < Perm bits
>> >> >> > are ancient, a poor design, and are really unsecure.
>> >> >>
>> >> >> Describ a way to get over permissions in any *nix that implement
>> >> >> perm bits
>> >> >> (all of them).
>> >> >
>> >> > You're not understanding what I'm saying...
>> >> >
>> >> > It's the mentality. Permission bits are extremely limiting, as
>> >> > they only allow one owner, one group, and everyone else.
>> >> >
>> >> > Secondly, permissions are not applied pervasively. That is,
>> >> > they're only applied to files and file/devices. You can't set an
>> >> > ACL on whether or not someone can access a specific porition of a
>> >> > file, you can't set permissions on whether or not a particular
>> >> > process can perform specific functions with the OS.
>> >> >
>> >> > Secondly, this is a little off of perm bits, but related, there's
>> >> > almost no auditing, or not serious auditing in Linux, for example
>> >> > and in many Unixes. The Unixes that have DAC have a full auditing
>> >> > scheme. In fact, that's a requirement of DAC is to verify that
>> >> > permissions are applied properly and that users are not
>> >> > circumventing the intent of the permissions.
>> >> >
>> >> > Perm bits, as agreed by anyone who has a basic understanding of
>> >> > secure OS implementations, are kindergarten-level, and are
>> >> > insecure by nature.
>> >> >
>> >> > -Chad
>> >> >
>> >> >
>> >>
>> >> I'll post Mr Rahien's question again....
>> >>
>> >> " Describ a way to get over permissions in any *nix that implement
>> >> perm
>> >> bits (all of them). "
>> >>
>> >> ...as I noticed you ignored it in your first response.
>> >
>> > I replied to it. Don't you read posts?
>> >
>> > You're thinking at two low of a level. If you say that only X has
>> > permissions to a file, then only X has permission to a file. I'm not
>> > saying that that is broken or something. I'm saying, however, that
>> > perm bits are too limiting, and they do not provide ample control,
>> > nor reporting, nor auditing, nor inheritance, nor explit denies, nor
>> > any of the basic concepts of modern security. It's a 70's
>> > architecture that some undereducated head-in-the-sand individuals
>> > seem to not want to let go.
>> >
>> > Even the major Unix vendors have seen how bad perm bits are and have
>> > developed their own DAC implementations for the security concious.
>>
>> If such were the case, permission bits would have been relegated to the
>> history books long ago.
>
> So would've many things in Unix. But like many things in Unix, there are
> some die-hards out there that won't see the light and refuse to let it
> go. It's kind of a "can't teach and old dog new tricks" type thing.
>
> Likewise, if DAC wasn't really that good, then they wouldn't have spent
> much time or effort developing for it.
And if permission bits weren't effective they wouldn't be used at all.
These "die-hards" you speak of don't hold on to a thing so long if it
doesn't work. As far as "new tricks" are concerned. New doesn't always equate to
better. And it certainly isn't as if they are afraid of learning
something new. UNIX is sufficiently complex enough that, people who have the
ability to master it, are most certainly not afraid or unable to learn something
else. I've seen some of the "gurus" do things with permission bits that
left me shaking my head in wonderment.
>
>> In all but the most demanding cases, permission bits do quite well and
>> therefore are still used. Three forths of what you described just plain
>> isn't neccesary for most installations.
>
> Hmm, I don't know. When I've set up boxes before and I have shared and
> complex directory systems for marketing, sales, product development, etc
> It always seems that one group needs access to something in another
> group's folder, etc. Most of these schemes involved allowing several
> groups access to a folder and possibly denying one person or several
> individuals for special situations, and then setting inheritence on sub
> folders to prevent sub-folder permission wrangling.
>
>> Anyway, why do you persist in lumping anything pre 90's into the waste
>> bin?
>
> Not anything, just inferior things, like permission bits and telnet.
Telnet is one component that i'll agree on. if only from a security
standpoint and its' shortcomings were answered by ssh.
--
Tom Wilson
Sunbelt Software Solutions
Presently lurking in his Linux Partition
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to comp.os.linux.advocacy.
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Advocacy Digest
******************************
