Linux-Advocacy Digest #515, Volume #34 Mon, 14 May 01 21:13:04 EDT
Contents:
Re: The Economist and Open-Source (Roy Culley)
Re: W2K/IIS proves itself over Linux/Tux (Roy Culley)
Microsoft Admits To Backdoor In IIS [updated] (Roy Culley)
Re: SUSE license (was: Linux Users...Why?) (Roy Culley)
Re: W2K/IIS proves itself over Linux/Tux (Chronos Tachyon)
Re: Justice Department LOVES Microsoft! (The Ghost In The Machine)
Re: Why Linux Is no threat to Windows domination of the desktop ("Aaron R. Kulkis")
Re: Microsoft Admits To Backdoor In IIS [updated] (Chronos Tachyon)
Re: What does Linux need for the desktop? (Terry Porter)
Re: LOMAC shocks Microsoft! ([EMAIL PROTECTED])
Re: OT Movies ("Julester")
Re: Justice Department LOVES Microsoft! (Rick)
Re: W2K/IIS proves itself over Linux/Tux ("Ayende Rahien")
Re: Justice Department LOVES Microsoft! ("Ayende Rahien")
Re: Justice Department LOVES Microsoft! ("Daniel Johnson")
EXTRA EXTRA MS ADMITS!!!! (Charlie Ebert)
Security in Open Source Software ("Ayende Rahien")
Re: Justice Department LOVES Microsoft! (Rick)
Re: Win 9x is horrid (Craig Kelley)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (Roy Culley)
Subject: Re: The Economist and Open-Source
Date: Tue, 15 May 2001 00:53:16 +0200
Reply-To: [EMAIL PROTECTED]
In article <[EMAIL PROTECTED]>,
Matthew Gardiner <[EMAIL PROTECTED]> writes:
>
> Isn't regression testing to ensure that the additions/modifications
> donot cause problems to the rest of the software, in this case, Win2k,
> and the programs that run on it?
That was what I was trying to convey but you have said it much better.
It was Erik that brought up regression testing as a reason why Microsoft
are so slow to get patches out. I had just pointed out that many of
their patches for security bugs either do not correct the bug properly
or introduce new security bugs. Now a back door has been discovoured
in IIS. Their total lack of credibility in regard to security just
continues to drop to lower and lower depths.
--
Over 100 security bugs in Microsoft SW last year. An infamous
record. The worst offending piece of SW, by far, IIS. 2001 isn't
looking any better.
------------------------------
From: [EMAIL PROTECTED] (Roy Culley)
Crossposted-To: comp.os.ms-windows.nt.advocacy
Subject: Re: W2K/IIS proves itself over Linux/Tux
Date: Tue, 15 May 2001 00:36:39 +0200
Reply-To: [EMAIL PROTECTED]
In article <9dn5mq$pdb$[EMAIL PROTECTED]>,
"Ayende Rahien" <Don'[EMAIL PROTECTED]> writes:
>
> "Roy Culley" <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]...
>> In article <GvbL6.45194$[EMAIL PROTECTED]>,
>> "Chad Myers" <[EMAIL PROTECTED]> writes:
>> >
>> > "Roy Culley" <[EMAIL PROTECTED]> wrote in message
>> > news:[EMAIL PROTECTED]...
>> >>
>> >> Grief, you people are pathetic. Microsoft has lost the Internet server
>> >> market. Remember, over 100 security bugs in Microsoft SW last year.
>> >
>> > That's including Office and such as well. How many were in Red Hat Linux
>> > and the software that ships with it? At least that many.
>>
>> Can't you read. Over 100 security bugs in Microsoft SW in 2000. A RECORD.
>
> Just 100? In *all* their products?
> Wow, that is pretty low.
> Have you considerred the bloody *amount* of software they have?
>
> Now, how many holes are there in a RH distribution?
Can't you read? It was a record for security bugs found from a single
comapny. And IIS was the worst. Now we learn that Microsoft has a
back door in IIS. How bad does it have to get before people realise
that Microsoft are just plain bad?
--
Over 100 security bugs in Microsoft SW last year. An infamous
record. The worst offending piece of SW, by far, IIS. 2001 isn't
looking any better.
------------------------------
From: [EMAIL PROTECTED] (Roy Culley)
Crossposted-To: alt.destroy.microsoft
Subject: Microsoft Admits To Backdoor In IIS [updated]
Date: Tue, 15 May 2001 00:10:27 +0200
Reply-To: [EMAIL PROTECTED]
http://smallbusiness.yahoo.com/entrepreneur.html?s=smallbiz/articles/20010514/microsoft_ackno
Is there no end to this company's negligence?
--
Over 100 security bugs in Microsoft SW last year. An infamous
record. The worst offending piece of SW, by far, IIS. 2001 isn't
looking any better.
------------------------------
From: [EMAIL PROTECTED] (Roy Culley)
Subject: Re: SUSE license (was: Linux Users...Why?)
Date: Tue, 15 May 2001 00:45:45 +0200
Reply-To: [EMAIL PROTECTED]
In article <[EMAIL PROTECTED]>,
Matthew Gardiner <[EMAIL PROTECTED]> writes:
> "Rob S. Wolfram" wrote:
>
>> I think YaST is a mighty fine admin tool. I consider it a loss for the
>> people at large that this tool cannot be reused in other distributions /
>> OSes.
>
> maybe they (SuSE) could license YaST to other distro's?
Maybe they (SuSE) could GPL YaST? I really do find it strange that
a company that does so much for OSS (xfree, reiserfs, etc) made
their admin tool proprietory.
--
Over 100 security bugs in Microsoft SW last year. An infamous
record. The worst offending piece of SW, by far, IIS. 2001 isn't
looking any better. Now a back door has been discovered in IIS!!!
------------------------------
From: Chronos Tachyon <[EMAIL PROTECTED]>
Subject: Re: W2K/IIS proves itself over Linux/Tux
Crossposted-To: comp.os.ms-windows.nt.advocacy
Date: Mon, 14 May 2001 23:53:02 GMT
On Mon 14 May 2001 04:12, Jon Johansan wrote:
[Snip]
>
> That is wrong. There is a simple utility to run to switch between the uni
> processor kernel and mutiprocessor kernel for NT4. W2K does not have this
> problem and you can change motherboard and CPU counts under it no problem,
> it reconfigures itself automatically when you come back up. I recently
> went from a uniprocessor m/b to a dual board and just shut down, changed
> hardware and came back up; had to reboot once more after it detected the
> changes.
>
That sounds either incorrect or inefficient, but since I don't have an SMP
machine handy to test your claim, I'll take it at face value.
--
Chronos Tachyon
Guardian of Eristic Paraphernalia
Gatekeeper of the Region of Thud
[Reply instructions: My real domain is "echo <address> | cut -d. -f6,7"]
------------------------------
From: [EMAIL PROTECTED] (The Ghost In The Machine)
Crossposted-To:
comp.os.ms-windows.nt.advocacy,comp.sys.mac.advocacy,comp.os.ms-windows.advocacy
Subject: Re: Justice Department LOVES Microsoft!
Date: Mon, 14 May 2001 23:53:43 GMT
In comp.os.linux.advocacy, Ayende Rahien
<Don'[EMAIL PROTECTED]>
wrote
on Sat, 12 May 2001 14:22:57 +0200
<9dkgqi$8pc$[EMAIL PROTECTED]>:
>
>"The Ghost In The Machine" <[EMAIL PROTECTED]> wrote in
>message news:[EMAIL PROTECTED]...
>
>> We'll see how far they get. One worrisome sign: MS apparently has
>> a majority of the secure IIS servers out there. (No, I don't have
>> a cite handy. Perhaps someone else can clarify this?)
>
>Secure IIS server, can you clarify a bit? I wasn't aware that there was IIS
>and Secure IIS, and that someone else beside MS produce IIS.
Oops. Amend that to secure servers, period. IIS has a secure option.
(To be pedantic, "secure" = "https-capable", in this context. I
don't know how secure it is, or how to enable it.)
>
>However, if you are talking about secure servers, then it's quite true,
>according to netcraft, IIS is the most used SSL server.
>http://www.netcraft.com/surveys/analysis/https/2001/Jan/CMatch/cnt_all.html
>(a bit unupdated, though, for more current data you've to pay)
I doubt it's changed much, unless one of the bigger competitors --
IBM or BEA are the ones I know about -- goes on an ad campaign
attacking Microsoft security. Haven't seen it yet.
If anything, I suspect IIS share has gone *up*.
--
[EMAIL PROTECTED] -- insert random misquote here
EAC code #191 14d:15h:57m actually running Linux.
No protons were harmed during this message.
------------------------------
From: "Aaron R. Kulkis" <[EMAIL PROTECTED]>
Crossposted-To: soc.men,soc.singles,alt.fan.rush-limbaugh
Subject: Re: Why Linux Is no threat to Windows domination of the desktop
Date: Mon, 14 May 2001 19:54:29 -0400
Edward Rosten wrote:
>
> >>If you have really firm evidence that homosexualtiy is genetic, I
> >>suggest you publish.
> >>
> >
> > Most homosexuals will try and tell you that they were "born that way".
> > What does that tell you? Are you suggesting this isn't really true?
>
> What it tells me is that don't realise that not everything is genetic.
> People are born with cerebral paulsy and stay like that for life. Is it
> genetic? Answer: no. What I'm saying is that permenant homosexuality could
> be caused by something which is not genetic.
>
So, you admit that it's a defect then.
--
Aaron R. Kulkis
Unix Systems Engineer
DNRC Minister of all I survey
ICQ # 3056642
L: This seems to have reduced my spam. Maybe if everyone does it we
can defeat the email search bots. [EMAIL PROTECTED] [EMAIL PROTECTED]
[EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
[EMAIL PROTECTED]
K: Truth in advertising:
Left Wing Extremists Charles Schumer and Donna Shalala,
Black Seperatist Anti-Semite Louis Farrakhan,
Special Interest Sierra Club,
Anarchist Members of the ACLU
Left Wing Corporate Extremist Ted Turner
The Drunken Woman Killer Ted Kennedy
Grass Roots Pro-Gun movement,
J: Other knee_jerk reactionaries: billh, david casey, redc1c4,
The retarded sisters: Raunchy (rauni) and Anencephielle (Enielle),
also known as old hags who've hit the wall....
I: Loren Petrich's 2-week stubborn refusal to respond to the
challenge to describe even one philosophical difference
between himself and the communists demonstrates that, in fact,
Loren Petrich is a COMMUNIST ***hole
H: "Having found not one single carbon monoxide leak on the entire
premises, it is my belief, and Willard concurs, that the reason
you folks feel listless and disoriented is simply because
you are lazy, stupid people"
G: Knackos...you're a retard.
F: Unit_4's "Kook hunt" reminds me of "Jimmy Baker's" harangues against
adultery while concurrently committing adultery with Tammy Hahn.
E: Jet is not worthy of the time to compose a response until
her behavior improves.
D: Jet Silverman now follows me from newgroup to newsgroup
...despite (C) above.
C: Jet Silverman claims to have killfiled me.
B: Jet Silverman plays the fool and spews out nonsense as a
method of sidetracking discussions which are headed in a
direction that she doesn't like.
A: The wise man is mocked by fools.
------------------------------
From: Chronos Tachyon <[EMAIL PROTECTED]>
Subject: Re: Microsoft Admits To Backdoor In IIS [updated]
Crossposted-To: alt.destroy.microsoft
Date: Mon, 14 May 2001 23:56:24 GMT
On Mon 14 May 2001 05:10, Roy Culley wrote:
> http://smallbusiness.yahoo.com/entrepreneur.html?
> s=smallbiz/articles/20010514/microsoft_ackno
>
> Is there no end to this company's negligence?
>
This is old news, a rehash of the "!seineew era sreenigne epacsteN"
backdoor in FrontPage extensions.
--
Chronos Tachyon
Guardian of Eristic Paraphernalia
Gatekeeper of the Region of Thud
[Reply instructions: My real domain is "echo <address> | cut -d. -f6,7"]
------------------------------
From: [EMAIL PROTECTED] (Terry Porter)
Subject: Re: What does Linux need for the desktop?
Reply-To: No-Spam
Date: 15 May 2001 00:00:49 GMT
On Mon, 14 May 2001 09:09:33 +0100,
Pete Goodwin <[EMAIL PROTECTED]> wrote:
> In article <[EMAIL PROTECTED]>,
> [EMAIL PROTECTED] says...
>
> You need decent fonts first.
I have so many decent fonts, I don't knowwhat to do with them.
>
>> Over half of small business here in OKC is 100 % linuxfied as of now.
>> You need a word application so they use either Star Office or Word Perfect.
>> Mainly Word Perfect.
>
> OK, I'll accept Star Office.
Eww I think Star Office is a Pig!
>
>> You need a web browser, Linux has netscape and Mozilla.
>
> Browsing on Windows seems a little better.
Not on my Wifes Win98pc!
>
>> You need an SQL database. Linux has Postgres.
>
> Don't use SQL.
I do and Postgress or Mysql, abs rule.
>
>> You need a web server. Linux has the industry standard Apache!
>
> Don't need a web server, but Apache does the job.
Yeah ya do!
>
>> You need E-mail handing. Linux has so many it's hard to count.
>
> I use KMail.
A bit new for me, I likesomething tried and tested,like EXMH.
>
>> You write in VB. Use Kylix!
>
> Got $1000? The free version isn't out yet.
True.
>
>> Linux has built in compilers, perl, python, and java.
>
> gcc is ok.
OK!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
scheesh!
>
>> Linux has built in version control.
>
> Does it have file versions? As in x.a;1, x.a;2, x.a;3 ?
Yeah of course, CVS or RCS give files versions.
Is that what you meant ?
>
>> Linux has dozens of HTML authoring tools.
>
> Where?
Bluefish etc ?
> --
> ---
> Pete Goodwin
> All your no fly zone are belong to us
> My opinions are my own
--
Kind Regards
Terry
--
**** ****
My Desktop is powered by GNU/Linux.
1972 Kawa Mach3, 1974 Kawa Z1B, .. 15 more road bikes..
Current Ride ... a 94 Blade
Free Micro burner: http://jsno.downunder.net.au/terry/
** Registration Number: 103931, http://counter.li.org **
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: LOMAC shocks Microsoft!
Date: Tue, 15 May 2001 00:19:59 GMT
On 14 May 2001 23:38:29 GMT, [EMAIL PROTECTED] (Terry Porter)
wrote:
>Firstly the desktop market is at the mercy of a certain
>criminal company, who, using preditory trade practices
>have forced manufacturers to sell pc's with *their*
>lame desktop. Search for 'Sherman Antitrust Law' if you
>don't know what that means.
Maybe, but the world still uses Windows, for better or worse. Linux is
right there out in the open for free, yet pitiful few are converting
their desktops. And worse yet corporations who stand to save millions
in licensing fees are ignoring Linux. If StarOffice/Gimp and the other
typical Linux programs are really equivalent drop ins for the Windows
counterparts why are they virtually ignored?
For that matter, why is StarOffice ignored even on the Windows
platform?
Seems to me if I had 10k licensees to purchase for my company, I could
save a fortune using StarOffice, but yet virtually nobody is?
Why is that?
>Secondly, I have had a Linux only desktop since 1997.
What works for you may or may not work for others.
>Thirdly, Windows lovers see the world covered in Windows
>desktops, they suffer from a certain personal bias, and
>their observations are therefore suspect.
We see productivity and compatibility with the rest of the world. if
Linux could offer such for free the world would easily move. But it
doesn't so we pay our $89.95 USD.
Flatfish
------------------------------
From: "Julester" <[EMAIL PROTECTED]>
Subject: Re: OT Movies
Date: Mon, 14 May 2001 20:32:07 -0700
Sorry, gotta jump in here. My personal favorite is the old Star Trek
episodes where I'd swear they used floppies once in a while.
Actually, along the same lines, did you ever notice when they would show a
battle scene or something on the space craft viewer, it was usually a shot
that would be "technically impossible" due to the angle ? As if an
independent camera was out in space taking the shot ? Go figure...no more
Trakkie conventions for me...what a jip <lol>
Jules
"Nigel Feltham" <[EMAIL PROTECTED]> wrote in message
news:9dn3h0$j13uj$[EMAIL PROTECTED]...
> [EMAIL PROTECTED] wrote:
>
> > On Fri, 11 May 2001 22:18:04 -0400, mlw <[EMAIL PROTECTED]> wrote:
> > >I would love, just once, a movie show a real data center. Cluttered
> > >wires, non-color coordinated boxes. Things impossible to find, not
> > >because of security, but because of simple complexity.
> > >
> > >That would be cool.
> >
> > I would just like to see, once, a real computer in a movie. Not those
> > moronic
> > throwback to the 50's hollywood imaginations. Even if they show a real
> > laptop, they have some silly need to have text displayed at 50 baud with
> > beeping or card
> > reader noises. I laughed myself blue when I saw an anderson-jacobson
(?)
> > 110 baud modem in "war games" (I think) enhanced with strings of
christmas
> > lights.
> >
> >
> > Oooo! Flashing lights and beeping! It must be thinking!
>
> I like the way alien technology can be brought down with an apple-mac
virus
> (independence day).
>
>
>
------------------------------
From: Rick <[EMAIL PROTECTED]>
Crossposted-To:
comp.os.ms-windows.nt.advocacy,comp.sys.mac.advocacy,comp.os.ms-windows.advocacy
Subject: Re: Justice Department LOVES Microsoft!
Date: Mon, 14 May 2001 20:45:57 -0400
Ayende Rahien wrote:
>
> "Rick" <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]...
> > Ayende Rahien wrote:
>
> > > Define stealing from the competition.
> >
> > For instance, patent infringement (Stac - compression) and taking code
> > (Apple - used quicktime code in windows video). m$ lost both cases.
>
> Stac bought a patent,
Stac may have bought a patent, but m$ infringed upon it after it was
bought.
> and MS bought a patent (btw, isn't it suppose to be
> that two patents don't infrige on one another?) that infrige on Stac's
> patent.
m$ was caonvicted pf patent infringement. Ther was no second patent
involved.
>
> Not familiar with the quicktime code issue.
>
Read up on it.
> So, in other words, you are perfectly fine with IE, DVD player, built in
> zip, cd burner, GUI, networking, memory management, as long as they don't
> take code from other companies?
> All of the above had been developed or licensed by MS.
>
The compression routines werent licensed. The quicktime routines werent
licensed.
> If not, tell me what features you think that MS should be allowed to enter
> the OS?
features leaglly obtained, and "features' that arent added to the OS
merely to kill competition.
--
Rick
------------------------------
From: "Ayende Rahien" <Don'[EMAIL PROTECTED]>
Crossposted-To: comp.os.ms-windows.nt.advocacy
Subject: Re: W2K/IIS proves itself over Linux/Tux
Date: Mon, 14 May 2001 15:45:48 +0200
"Roy Culley" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Now we learn that Microsoft has a
> back door in IIS. How bad does it have to get before people realise
> that Microsoft are just plain bad?
No, we don't.
It's frigging *old news*.
======= BEGIN MESSAGE =========
From: Windows NTBugtraq Mailing List [[EMAIL PROTECTED]]
on behalf of Russ [[EMAIL PROTECTED]]
Sent: Friday, April 14, 2000 12:33 PM
To: [EMAIL PROTECTED]
Subject: Re: DVWSSR.dll Vulnerability in Microsoft IIS 4.0 Web Servers
Ok, here's a breaking update.
Latest reports say that there is
NO VULNERABILITY IN DVWSSR.DLL
Yup, that's right, different again from what I said earlier, and even more
different than what I said yesterday to WSJ.
Please accept that I have followed the story published elsewhere and tried
to keep you abreast of everything I knew. Also appreciate that the amount of
time given to verify and research the claims made by others has been
extremely short. I've had probably 30 interviews today by orgs pressing for
information on the story as the feeding frenzy occurs after the first one
goes to press (WSJ in this case).
MS have had people working on this thing like madmen, trying to verify the
claims and investigate all of the possible pieces of code that may be
affected. As that research progressed, different observations were made and
so the story came out in various stages (with varying levels of
"correctness"). Had they been given a reasonable amount of time to respond,
nobody would have been in a tizzy about anything (i.e. the press would not
have cared to run this story anywhere).
Decide for yourself whether we were better served by (more) immediate
disclosure or not. I've stood where I stand for a reason, despite the
loathing of others for my stance...
In the end, it turns out that unless you actually have permissions for the
file you are requesting, you'll get an error message when you follow the
procedures outlined by RFP in his RFP2K02 advisory.
That said, understand that sites that allow connections by Front Page may
very well provide you with source asp if you request it. BUT THAT WILL
HAPPEN with or without the .dll. Without proper and full permissions applied
across virtual servers on a given box, site leakage or manipulation by
others will always be possible in myriad ways.
>From what I've heard/seen/been told, permissions on the test servers must
have either been non-existent, incorrectly applied, or permissioned the user
across multiple virtual sites (i.e. incorrectly applied).
I had someone claim that they could get into an FP98 site using
"Netscapeengineersareweenies!" as a userID and no password...making them
think it was a backdoor userID. Fact is they could get into the same sites
using "TomDickandHarry" as a userID too. If the permissions aren't set
correctly, anything is possible.
This info may change again before its finalized. It may well be that there
is some way to use this .dll in a way that's not intended...it just doesn't
appear to be this one. On a box where multiple sites have not been
individually permissions, or permissions are lax or non-existent...anyone
permissioned to execute the .dll in the first place would have the ability
to simply open the other sites and manipulate them directly (i.e. no need to
do this junk with the dvwssr.dll)
Finally, to my point out the string not being a password. Elias Levy of
SecurityFocus.com and Mark Edwards of NTSecurity.net have both correctly
pointed out that using the term password to apply to that string is not
beyond the realm of understanding. The client component mtd2lv.dll and the
server component dvwssr.dll both need to know this value, and use it
correctly, for communications to work. If you try and talk directly to
dvwssr.dll and don't obfuscate your communication with the correct "key", it
won't understand you. Of course if you don't already have permissions,
knowing this value gets you nothing...hence my observation that its not a
password. Whatever it is, it appears to be meaningless junk text used as
data.
===== END MESSAGE ======
------------------------------
From: "Ayende Rahien" <Don'[EMAIL PROTECTED]>
Crossposted-To:
comp.os.ms-windows.nt.advocacy,comp.sys.mac.advocacy,comp.os.ms-windows.advocacy
Subject: Re: Justice Department LOVES Microsoft!
Date: Mon, 14 May 2001 15:49:26 +0200
"Rick" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Ayende Rahien wrote:
>
> > So, in other words, you are perfectly fine with IE, DVD player, built in
> > zip, cd burner, GUI, networking, memory management, as long as they
don't
> > take code from other companies?
> > All of the above had been developed or licensed by MS.
> >
>
> The compression routines werent licensed. The quicktime routines werent
> licensed.
I asked about the "above" stuff.
> > If not, tell me what features you think that MS should be allowed to
enter
> > the OS?
>
> features leaglly obtained, and "features' that arent added to the OS
> merely to kill competition.
No, I don't want this statement, you can weazle out of it.
I want features.
Name them.
------------------------------
From: "Daniel Johnson" <[EMAIL PROTECTED]>
Crossposted-To:
comp.os.ms-windows.nt.advocacy,comp.sys.mac.advocacy,comp.os.ms-windows.advocacy
Subject: Re: Justice Department LOVES Microsoft!
Date: Tue, 15 May 2001 00:51:39 GMT
"Ayende Rahien" <Don'[EMAIL PROTECTED]> wrote in message
news:9dpoah$624$[EMAIL PROTECTED]...
> Not familiar with the quicktime code issue.
As I understand it, Apple subcontracted parts
of QuickTime to another firm- codecs I think.
Microsoft later subcontracted parts of
Window Media to the same firm.
This firm- I forget the name- turned
around and sold the same code to
MS they had previously sold to
Apple.
Apple had every right to be cheezed,
but in fairness, Microsoft didn't exactly
mean for it to work out like this.
[snip]
------------------------------
From: [EMAIL PROTECTED] (Charlie Ebert)
Subject: EXTRA EXTRA MS ADMITS!!!!
Reply-To: [EMAIL PROTECTED]
Date: Tue, 15 May 2001 00:57:42 GMT
http://slashdot.org/article.pl?sid=01/05/14/1858201
http://smallbusiness.yahoo.com/entrepreneur.html?s=smallbiz
/articles/20010514/microsoft_ackno
Microsoft admits to screwing thousands of business owners out of the security,
to jeapordizing confidential customer information, to cheating the U.S.
government and the tax payers of their confidential security for years
without their consent!
EXTRA EXTRA EXTRA!!!!!
EXTRA EXTRA EXTRA!!!!!
Microsoft has proven once again by their own admission to be
totally untrustworthy!
They CLAIM they knew nothing about it.
They appearently don't ever do a code review,
for years yet!
And I'll say it again! Would you quit reading CEO magazine,
pull your heads out of
your butts and install Linux servers before you get sued!!!
You know your liable now!
How many god damn fucking clues do you need here folks!
-
Charlie
=======
------------------------------
From: "Ayende Rahien" <Don'[EMAIL PROTECTED]>
Crossposted-To: comp.os.ms-windows.nt.advocacy
Subject: Security in Open Source Software
Date: Mon, 14 May 2001 15:59:04 +0200
An interesting article about security in Open Source projects.
http://webdeveloper.earthweb.com/websecu/article/0,,12013_621851,00.html
------------------------------
From: Rick <[EMAIL PROTECTED]>
Crossposted-To:
comp.os.ms-windows.nt.advocacy,comp.sys.mac.advocacy,comp.os.ms-windows.advocacy
Subject: Re: Justice Department LOVES Microsoft!
Date: Mon, 14 May 2001 21:04:13 -0400
Erik Funkenbusch wrote:
>
> "Roy Culley" <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]...
> > In article <xwCL6.725$[EMAIL PROTECTED]>,
> > "Erik Funkenbusch" <[EMAIL PROTECTED]> writes:
> > > "Roy Culley" <[EMAIL PROTECTED]> wrote in message
> > >>
> > >> Hey Funky boy keep your hair on. What are you implying by 'hosts, not
> > >> servers'? I presume you are referring to multiple web servers being
> > >> hosted on a single machine? The fact that Linux/Unix servers are so
> > >> capable at this is just another embarrassment to Microsoft.
> > >
> > > Windows is just as capable, however Windows is used more often in
> corporate
> > > environments than ISP environments. ISP's often have hundreds or
> thousands
> > > of web sites (hosts) on a single machine.
> > >
> > > In any event, you're avoiding the question. What is your proof that
> there
> > > are more physical non-Windows servers on the internet than Windows
> servers?
> > > Stick to the topic.
> >
> > Where did I ever mention 'physical non-Windows servers'? You really are a
> > pratt.
>
> "Roy Culley" <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]...
> > You do realise that Microsoft are a minority when it comes to Internet
> > servers
>
> Clearly you were talking about actual servers, not hostsnames.
>
> Don't weasel out of it. What is your proof?
>
http://www.netcraft.co.uk/survey/
> > >> So you are denying that no part of IIS6 will be in the kernel. Come on
> > >> Funky boy put your money where your mouth is.
> > >
> > > You are again avoiding the question. Answer it.
> >
> > I've asked you to deny that no part of IIS6 will be incorporated in
> > the kernel. With your deep knowledge of Microsoft SW I thought it
> > would be easy for you to deny. Personally I don't care. IIS is the
> > worst offending app for security bugs. That is a fact.
>
> No, I asked you to prove that they are putting IIS6 in the kernel. I don't
> know if they are or aren't, but if you are so sure of yourself, it should be
> quite easy to prove.
--
Rick
------------------------------
From: Craig Kelley <[EMAIL PROTECTED]>
Subject: Re: Win 9x is horrid
Date: 14 May 2001 19:08:54 -0600
"Erik Funkenbusch" <[EMAIL PROTECTED]> writes:
> "Craig Kelley" <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]...
> > > Real claimed that this was an unintentional programming error - but
> > > this is the second (or possibly the third) time one of their products
> > > has "unintentionally" violated users' privacy.
> > >
> > > It'll be a cold day in hell before I'll allow any RealNetworks product
> > > anywhere near my systems.
> >
> > Contrast with Microsoft, who openly admits that you'll need to send
> > them intimate knowledge of your machine if you wish to "activate" your
> > products in the future.
>
> It's not intimate knowledge, it's the equivelant of an MD5 checksum.
> It's a hash created by a number of unique identifiers, with no way
> to reverse the data to retrieve the original data.
1) It must be more sophisticated than an MD5 checksum of unique
identifiers, otherwise they would be unable to tell if I changed
a single NIC or the entire system
2) It is intimate knowledge, because if I change an eepro100 for
a DE500 NIC, Microsoft knows about it. They can decide to sic
the BSA on me because of it.
3) Nobody else sees the need to use this draconian system.
--
It won't be long before the CPU is a card in a slot on your ATX videoboard
Craig Kelley -- [EMAIL PROTECTED]
http://www.isu.edu/~kellcrai finger [EMAIL PROTECTED] for PGP block
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to comp.os.linux.advocacy.
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Advocacy Digest
******************************
