Linux-Advocacy Digest #732, Volume #31 Thu, 25 Jan 01 19:13:04 EST
Contents:
Re: Ramen worm/virus cracks NASA and others (J Sloan)
Re: Comparison: Installing W2K and Linux 2.4
Re: Linux is crude and inconsistant
Re: The Server Saga
Re: Ramen worm/virus cracks NASA and others
Re: Why can't Microsoft keep their web servers up? (Lee Wei Shun)
Re: Getting first W2K server ("Edward Rosten")
Re: The Server Saga ("Joseph T. Adams")
Re: A salutary lesson about open source (Steve Mading)
Re: Windows 2000 (Steve Mading)
Re: Why can't Microsoft keep their web servers up? ("Joseph T. Adams")
Re: NTFS Limitations (Was: RE: Red hat becoming illegal?) (Mathias Grimmberger)
Re: Poor Linux (Steve Mading)
Re: 3100 W2K Adv Servers deployed accross Europe (Steve Mading)
Re: New Microsoft Ad :-) (.)
----------------------------------------------------------------------------
From: J Sloan <[EMAIL PROTECTED]>
Crossposted-To: comp.os.ms-windows.nt.advocacy
Subject: Re: Ramen worm/virus cracks NASA and others
Date: Thu, 25 Jan 2001 22:41:11 GMT
Conrad Rutherford wrote:
> But it can't even reach C2 level of security...
Actually there is work going on right now in that regard,
because government wants to make use of the power
of Linux, rather than having to choose between expensive
traditional RISC Unix solutions, or flaky pc server solutiuons.
> NT is more "highly securable" the NSA says...
What a joke - nt can be configured on certain hardware
to get a nominal security rating, but if you install a network
card, or even a floppy, your security rating goes right out
the window. Not a very useful pc, huh?
jjs
------------------------------
From: [EMAIL PROTECTED] ()
Crossposted-To: comp.os.ms-windows.nt.advocacy,alt.linux.sux
Subject: Re: Comparison: Installing W2K and Linux 2.4
Date: Thu, 25 Jan 2001 22:42:09 -0000
On 25 Jan 2001 16:31:19 -0600, Conrad Rutherford <[EMAIL PROTECTED]> wrote:
>
>"Martin Eden" <[EMAIL PROTECTED]> wrote in message
>news:Wp0c6.7702$[EMAIL PROTECTED]...
>> Heh. Microsoft shot itself in the foot with Windows 2000.
>
>I wish I could shoot myself in the foot this succesfully.
>
>According to IDC (in last weeks Infoworld magazine) MS has exceeded every
>single one of IDCs predictions for sales.
IDC was very pessimistic about the launch of NT5 to begin with.
You've only pointed out that the bar was low enough for
someone to 'stumble' over.
...lies, damned lies & statistics.
[deletia]
--
The ability to type
./configure
make
make install
does not constitute programming skill. |||
/ | \
------------------------------
From: [EMAIL PROTECTED] ()
Crossposted-To: alt.linux.sux
Subject: Re: Linux is crude and inconsistant
Date: Thu, 25 Jan 2001 22:44:09 -0000
On Thu, 25 Jan 2001 22:37:22 +0000, Edward Rosten <[EMAIL PROTECTED]> wrote:
>In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
>wrote:
>
>> Said Edward Rosten in comp.os.linux.advocacy on Thu, 25 Jan 2001
>> [...]
>>>I remember using a version of WP in about 1994 (or 3?) for Win3.11. It
>>>was one of the best word processors I have ever used. I'll still stick
>>>by that comment, even when its compared to Word 2000.
>>
>> Well, I have to say that's an uphill battle, even assuming one is a
>> WordPerfect fan. WordPerfect was, of course, 'king of the hill' at DOS
>> wordprocessing (and Unix, too, in fact) but the 'hidden codes' mechanism
>> was never as useful in a WYSIWYG GUI package as it was on the
>> no-graphics text screen.
>
>Really? The earliest version I used was a Win3.11 version. That had a
>reveal codes function which was very useful.
This notion that the early versions of WP for Windows were
"too weak to live" is a common FUD mantra used by the Lemming
crowd. They are an attempt to cover up the fact that msword
lagged far behind both WP and amipro.
[deletia]
--
Also while the herd mentality is certainly there, I think the
nature of software interfaces and how they tend to interfere
with free choice is far more critical. It's not enough to merely
have the "biggest fraternity", you also need a way to trap people
in once they've made a bad initial decision.
|||
/ | \
------------------------------
From: [EMAIL PROTECTED] ()
Subject: Re: The Server Saga
Date: Thu, 25 Jan 2001 22:47:16 -0000
On 25 Jan 2001 22:34:35 GMT, Joseph T. Adams <[EMAIL PROTECTED]> wrote:
>Pete Goodwin <[EMAIL PROTECTED]> wrote:
>:> I don't really care whether Linux is popular among the computer
>:> illiterate, they won't be able to contribute anything anyway. Let
>:> them suffer the trashy software in the monopolistic market they have
>:> created for themselves, or turn to Steve Jobs (or, for that matter,
>:> Mandrake) with their hope he will somehow make things better.
>:> </rant>
>
>: So screw Joe Pulic huh? Don't they deserve better?
>
>
>In my opinion, they do deserve much better.
>
>However, they already have the option of getting something better, IF
...and they have had that option for over 15 years.
They chose to ignore it. You can only scream for so long
before you reach a point where you no longer care. Plus,
with free software one can build an enclave where one
really doesn't NEED to care.
>they're willing to invest some time to learn something new.
>
>I'm all in favor of efforts to make installing, learning, and using
>Linux easier. I think all current GUIs, including Windows, are more
>complex than they need to be for the average computer novice.
>
>However, I don't ever believe that it will be possible to make the
>most efficient or productive use of any PC or PC-like device without
>being willing to learn something about the tools one is using.
[deletia]
I quite agree. The operator still remains the brains
of the PC + Human combo. At some point, you will have
to do something without a 'wizard'.
--
>
> ...then there's that NSA version of Linux...
This would explain the Mars polar lander problem.
Kyle Jacobs, COLA
|||
/ | \
------------------------------
From: [EMAIL PROTECTED] ()
Crossposted-To: comp.os.ms-windows.nt.advocacy
Subject: Re: Ramen worm/virus cracks NASA and others
Date: Thu, 25 Jan 2001 22:48:49 -0000
On 25 Jan 2001 22:40:01 GMT, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
>In comp.os.linux.advocacy [EMAIL PROTECTED] wrote:
>
>> Besides, if you like Linux and need to run C2 or BETTER you
>> could always get Trusted Solaris or Trusted Irix. You would
>> get "better than Microsoft" security and a nice migration
>> path.
>
>It never fails to amaze me that people at large see "C2" as some kind
>of goal to be reached. C2 certification guarantees a nearly useless,
>horribly configured machine.
I forgot to bring up that part.
--
Freedom != Anarchy.
Some must be "opressed" in order for their
actions not to oppress the rest of us.
|||
/ | \
------------------------------
From: Lee Wei Shun <[EMAIL PROTECTED]>
Crossposted-To: comp.os.ms-windows.advocacy
Subject: Re: Why can't Microsoft keep their web servers up?
Date: Fri, 26 Jan 2001 06:51:28 +0800
No need for rhetoric:
traceroute shows:
For dns4:
...
13 253 ms 247 ms 252 ms microsoft-sea-oc12.sea.above.net [208.184.233.30]
14 253 ms 249 ms 253 ms 207.46.190.117
15 253 ms 250 ms 247 ms icpmdistc7503-a1-00-1.cp.msft.net
[207.46.129.147]
16 252 ms 249 ms 252 ms dns4.cp.msft.net [207.46.138.11]
Trace complete.
For dns7:
...
13 246 ms 247 ms 246 ms microsoft-sea-oc12.sea.above.net [208.184.233.30]
14 246 ms 247 ms 252 ms 207.46.190.117
15 255 ms 249 ms 247 ms icpmdistc7503-a1-00-1.cp.msft.net
[207.46.129.147]
16 250 ms 255 ms 248 ms dns7.cp.msft.net [207.46.138.21]
Trace complete.
Even if they are on different subnets, any boo-boo upstream WILL screw things up,
and this is probably what happened.
Regards,
Wei Shun
------------------------------
From: "Edward Rosten" <[EMAIL PROTECTED]>
Subject: Re: Getting first W2K server
Date: Thu, 25 Jan 2001 22:55:08 +0000
In article <ni_b6.231$[EMAIL PROTECTED]>, "Erik Funkenbusch"
<[EMAIL PROTECTED]> wrote:
> "Lloyd Llewellyn" <[EMAIL PROTECTED]> wrote in
> message
> news:UdVb6.8145$[EMAIL PROTECTED]...
>> >I and
>> > programming and admins are wondering what ugly surprises is lurking
>> > for
> us in
>> > running W2K in this situation.
>>
>> Well, we just moved a system from AIX to Win2K two days ago. Worked
>> fine
> under
>> AIX, but now print jobs max out the CPU (like, 100%) when printing to a
> text
>> printer on a local LPT port. Easily enough solved by putting the
>> printer
> on
>> its own box, but why is that an issue in Windows? It shouldn't be.
>
> What are you talking about? Printing does not take 100% of the CPU, not
> even in Windows 3.1.
Wouldn't suprise me. I used a 2x PII 400 a few years back which went up
to 100% utilization on both processors for about a minute, whilst
searching for a modem (or was it initializing-I don't remember). Oh, and
it was MS' driver shipped with Windows.
-Ed
--
Did you know that the reason that windows steam up in cold|Edward Rosten
weather is because of all the fish in the atmosphere? |u98ejr
- The Hackenthorpe Book of lies |@
|eng.ox.ac.uk
------------------------------
From: "Joseph T. Adams" <[EMAIL PROTECTED]>
Subject: Re: The Server Saga
Date: 25 Jan 2001 23:02:33 GMT
[EMAIL PROTECTED] wrote:
: In article <6KI86.36526$[EMAIL PROTECTED]>,
: [EMAIL PROTECTED] wrote:
:> pip wrote:
:>
:> > This is what I asked myself and I have no sensible reasons. Human
: error
:> > :-)
:> > It is a pain in the proverbial.
:>
:> My theory is it's a bug in Linux Mandrake installer.
: My theory is human error. There is zero relationship between the rpm's
: needed for KDE or Gnome and the rpm's needed for telnetd, et al.
Actually, there are some weird dependencies in Linux-Mandrake. For
instance, its Samba RPMs seem to depend on CUPS, although I have no
possible use for CUPS seeing that this machine isn't hooked up to a
printer.
I don't know if this is a problem for other RPMs or other distros that
use them. It isn't usually a problem even for me, since I tend to
install almost everything and then uninstall what I don't need (this
is bad from a security standpoint, but most of my boxes are behind a
good firewall, and I don't network them until all nonessential
services and ports are disabled).
But I can see how this might confuse someone new to Linux or who
didn't know how to compile from source or use the --nodeps option of
RPM.
Joe
------------------------------
From: Steve Mading <[EMAIL PROTECTED]>
Crossposted-To: comp.os.ms-windows.nt.advocacy
Subject: Re: A salutary lesson about open source
Date: 25 Jan 2001 23:05:33 GMT
In comp.os.linux.advocacy Chad Myers <[EMAIL PROTECTED]> wrote:
: "Steve Mading" <[EMAIL PROTECTED]> wrote in message
: news:94nl5c$8o8$[EMAIL PROTECTED]...
:> In comp.os.linux.advocacy Chad Myers <[EMAIL PROTECTED]> wrote:
:>
:> : Despite what Bobby would have you believe, I never considered the
:> : Hot100 irrelevant in general, just not for this thread. I was
:> : talking about businesses who have a significant investment in
:> : the web and who have large capital and profits.
:>
:> No you weren't. You were talking about the Fortune 500.
: Which are the Fortune 500, I've established that.
: Nice try.
I guess we don't agree on what the word "signifigant" actually
means in this context. I don't consider an investment of
a few percent of your total budget on "the web" as being
as "signifigant" an investment as a company that is 100%
web based, even if the total sum of money of those few
percent is large becuase the parent company is large.
--
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
Steven L. Mading at BioMagResBank (BMRB). UW-Madison
Programmer/Analyst/(acting SysAdmin) mailto:[EMAIL PROTECTED]
B1108C, Biochem Addition / 433 Babcock Dr / Madison, WI 53706-1544
------------------------------
From: Steve Mading <[EMAIL PROTECTED]>
Subject: Re: Windows 2000
Date: 25 Jan 2001 23:10:46 GMT
Aaron R. Kulkis <[EMAIL PROTECTED]> wrote:
: Steve Mading wrote:
:>
:> T. Max Devlin <[EMAIL PROTECTED]> wrote:
:> : Said Steve Mading in comp.os.linux.advocacy on 23 Jan 2001 19:42:17 GMT;
:> :>
:> :>Actually, I think the reason for it is that the only reason Windows
:> :>is popular at all is because of all the applications that are only
:> :>released for Windows and nothing else, not because the OS itself is
:> :>all that spectacular. Therefore, porting the OS to other platforms
:> :>would be usless unless MS could get all the third-party application
:> :>developers to make all of their software for non-intel platforms
:> :>also. If ONLY Windows and maybe Office ran on platform Foo, but
:> :>nothing else did, nobody would want it. MS discovered this, and stopped
:> :>trying to support other platforms. Of course they falsely attributed
:> :>this to people being uninterested in other platforms, when in fact
:> :>they *would* be interested if the Windows world hadn't been
:> :>monoplatform for so long that all the app developers forgot how to
:> :>program cross-platform code. (Consider how Corel ported WP 2000
:> :>to Linux - by using Wine instead of actually doing a real port.)
:> :>
:>
:> : Coincidentally, immediately after Microsoft bought a big stake in the
:> : company, IIRC.
:>
:> I got a copy of Corel WP 2000 for Linux *before* MS bought that
:> large sum of stock in Corel.
: Was it a native port, or something to run on Wine?
Wine. My point is that you can't blame the MS buyout for
the decision to use the Wine solution. The work was already
done to make the Wine solution before that happened.
------------------------------
From: "Joseph T. Adams" <[EMAIL PROTECTED]>
Crossposted-To: comp.os.ms-windows.advocacy
Subject: Re: Why can't Microsoft keep their web servers up?
Date: 25 Jan 2001 23:20:33 GMT
In comp.os.linux.advocacy Erik Funkenbusch <[EMAIL PROTECTED]> wrote:
: Yes, they do. But it seems that someone is DoSing all their DNS servers, or
: spoofing them, or something. This has always been a severe weakness of the
: internet, and has accounted for many problems. I remember a while back
: someone hijacked Network Solutions DNS and was rerouting people to his own
: site that were trying to go to NSI.
If Microsoft would show even the slightest inclination to use its
dominant position on the desktop for good, and to start building
robust support for *standard-compliant* IPv6 and IPSec into its
software, it could make a BIG contribution to solving this and many of
today's other Internet security problems.
Joe
------------------------------
Crossposted-To:
alt.destroy.microsoft,comp.os.ms-windows.advocacy,comp.os.ms-windows.nt.advocacy
From: Mathias Grimmberger <[EMAIL PROTECTED]>
Subject: Re: NTFS Limitations (Was: RE: Red hat becoming illegal?)
Date: Thu, 25 Jan 2001 21:49:23 GMT
"Ayende Rahien" <Please@don't.spam> writes:
> "Mathias Grimmberger" <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]...
> > "Ayende Rahien" <[EMAIL PROTECTED]> writes:
> > > > > Sometimes ago someone mentioned ADS as an NTFS exploit, but I've
> found
> > > > > absolutely no information about this.
> >
> > There has been a virus using them to hide itself but I don't think it
> > ever appeared in the wild. And the webserver exploits. See (NT) Bugtraq.
>
> Streams, yes, I've heard about it.
> Frankly, I'm sure that most anti virus makers would be delighted because of
> it, the virus actually packs itself in a nice little package that you can
> nuke without harming the actual file data.
But you can't do that.
The virus must also modify the data in the default stream or it won't be
activated - ever.
> I'm no interested in NT bugs at the moment, but in NTFS bugs & exploits.
I see. There have been reports of bugs in the quota stuff and right now
about EFS in W2K. You probably can find these by looking at the
(NT)Bugtraq archives.
> > [snip examples about image.jpg:Thumbnail and foo.doc:Formatting]
> >
> > > I'm sure you can see why this is a good feature.
> >
> > It also depends on some central registry allocating the names. Not quite
> > a scaleable setup. But it may work if MS would choose to do that work.
>
> Central registry? You mean MFT? That is how NTFS *works*, it's pretty
> scalable by what I've seen.
No, not MFT. For e.g. the thumbnail thing to be useful everyone has to
agree that the stream containing it is called "Thumbnail" and that the
image data is stored in format foo. So there needs to be a central
registry for these stream names and what they should contain.
Maybe the market could work that out, but then again maybe not.
> > > A> Awareness for this feature.
> >
> > Which lead to security holes in webservers some time ago, AFAIK bot MS's
> > and others.
>
> You mean the ::$DATA bug in IIS?
Yes.
> > > B> ADS-aware NT/2K 's standards tools. Neither CLI nor Explorer will let
> you
> > > know whatever a file has ADS, how many of those, and how much the file's
> > > size is (they only count unnamed stream, not ADS).
> >
> > Which basically means the feature is useless. I'm shure that most of the
> > third party "quota tools" for NT 4 didn't know about ADS either. Lots of
> > potential for abuse...
>
> Yes, there was a lot of potential for abuse there, but the thing is that
> the quota tools makers were aware of the streams, they just didn't have
> requests to make this into the qouta (see A).
Then they knowingly screwed their customers. An attacker couldn't care
less about whether the customer wanted the quota tool to account
correctly for streams. If he knows (or thinks) that it doesn't he will
abuse that hole without mercy.
> > Hmm. AFAIK the only way to get information about the ADS of a file up to
> > NT 4 was some obscure backup API. Unless that changed with NT 5 (and a
> > cursory scan of MSDN seems to suggest it didn't) B is not really
> > possible. See the documentation of the API for why not (in short:
> > reading the whole damn file just to find out what ADS it may have is not
> > an option in any (even semi-) reasonable scenario).
>
> You are talking about the BackUpRead(), don't you?
Yes.
> There is another way, which is, of course, by far less known.
> NtQueryInformationFile()
Ahh, I didn't know about that one, although obviously the native NT API
has to have the feature somehow.
Unfortunately the function is Officially Not There. There is AFAIK no
documentation about it from MS, it may completely change in the next
version or simply disappear. Nobody should use this function in any
serious software and it won't get used in any serious software project I
have a say in.
Some tool for my own use is something else...
> I can post some source code on how to enumerate streams in NTFS if you like,
> not mine, alas.
Thank you, but I do not really have a need to deal with ADS. It's just a
pet peeve of mine.
> > There is also a funny comment about support for ADS in future FSs,
> > future NT versions and future support for OLE 2 structured storage
> > somewhere in the MSDN stuff.
>
> What funny comment?
It's in Q105763:
"Alternate data streams are strictly a feature of the NTFS file system
and may not be supported in future file systems. However, NTFS will be
supported in future versions of Windows NT.
Future file systems will support a model based on OLE 2.0 structured
storage (IStream and IStorage). By using OLE 2.0, an application can
support multiple streams on any file system and all supported operating
systems (Windows, Macintosh, Windows NT, and Win32s), not just Windows
NT."
Doesn't instill much confidence about the future of ADS in me.
BTW, another fun NTFS feature are case sensitive file names. With them
one can probably break a great many apps. And there may even be security
implications.
MGri
--
Mathias Grimmberger <[EMAIL PROTECTED]>
Eat flaming death, evil Micro$oft mongrels!
------------------------------
From: Steve Mading <[EMAIL PROTECTED]>
Crossposted-To: alt.linux.sux
Subject: Re: Poor Linux
Date: 25 Jan 2001 23:25:56 GMT
Aaron R. Kulkis <[EMAIL PROTECTED]> wrote:
: Read Bach's book "The Design of the Unix Operating System"
: There's a section on the Unix processes scheduler.
: The algorithm is both insanely simple AND wickedly efficient.
: I believe the word is "elegance"
But we have to admit that there is one really big flaw in the
scheduling technique used: the busy-loop problem. If you make
a program that gets stuck in a loop that has no I/O, then it
gets an absurd amount of CPU time that brings everything else
to a crawl after a while. A "while true do nothing" loop will
make every other program crawl. There could be an argument
for allocating a minimum sliver of time to an interactive
process once it starts getting some I/O activity so that
you can type that "kill -9 9999" command to kill the offending
process without having it take several minutes to execute.
(But there could never be an argument for going so far as
Windows did in this direction.)
------------------------------
From: Steve Mading <[EMAIL PROTECTED]>
Crossposted-To: comp.os.ms-windows.nt.advocacy
Subject: Re: 3100 W2K Adv Servers deployed accross Europe
Date: 25 Jan 2001 23:38:56 GMT
In comp.os.linux.advocacy Chad Myers <[EMAIL PROTECTED]> wrote:
: "Steve Mading" <[EMAIL PROTECTED]> wrote in message
: news:94nnig$8o8$[EMAIL PROTECTED]...
:>
:> I don't need to see it. It isn't possible to get better than 100%.
:> EVERYTHING in Unix is remotable. The best anyone can do is to match
:> that, but it isn't physically possible to actually beat it.
: Windows Terminal Services + Microsoft Management Console provides
: better than telnet remotability.
That's nice. Now wake up and look at the calender. UNIX *also*
provides better than telnet remotability.
------------------------------
From: . <[EMAIL PROTECTED]>
Crossposted-To: alt.destroy.microsoft,comp.os.ms-windows.nt.advocacy
Subject: Re: New Microsoft Ad :-)
Date: Fri, 26 Jan 2001 12:45:06 +1300
> C'mon, start thinking. These test are like when you put water into the tank
> of a car and measure how long it takes for the engine to die.
> Why sould I protect my application in a release build from random data when
> the data is always generated on the same machine from the same programs?
> You unix/linux people must be really desperate to prove fault in ms software
> to take such crap at face-value.
The tests are sending random crap through OS communication channels in
order to see whether the OS will screw up or not. When an application
runs amok, who knows what it's going to do? It would be nice to know
that no matter WHAT an app did, the OS would keep ticking. That's what
these tests show.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to comp.os.linux.advocacy.
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Advocacy Digest
******************************
