Slashdot Mirror

> The other fix you need is: don't visit malicious web sites.

You mean sites like The New York Times, the BBC, MSN, and AOL? https://arstechnica.com/inform...

Or Forbes? https://www.fireeye.com/blog/t...

It's gotten so bad that "Mainstream Web Sites Are More Risky than Porn Sites" according to Cisco. https://www.esecurityplanet.co...

Assume that *EVERY* site you visit is compromised. If your OS/browser combo can't handle that, look at different software.

While compression may help prevent some types of attack (in particular known plaintext attacks) it also creates new avenues of attack. In particular it makes the message length dependent on the message content.

For something like human written pgp emails this is not a massive deal,the length variability of human written messages and the low message rate mean that the chances of useful information being leaked this way are negligable.

For things like VOIP this can cause information leakage even to a passive attacker as what people say will impact the compressibility of the data. http://www.esecurityplanet.com...

For things like https the message rate is too low and the content too variable for a passive attacker to stand much chance of exploiting the messsage length side channel but an active attacker can stimulate traffic with known characteristics and partially known content to effectively exploit the channels.

Even so most malware does not rely on security flaws, it simply entices the user to install it (trojan).

This is the key point in this discussion, as it reveals the FUD from TFA. Note that TFA says "99 Percent of New Mobile Threats Target Android", but does not disclose the number of devices infected.

In practice, there's huge differences in estimates of infection rates. One anti-virus company claims more than 4 percent of Android devices are infected by malware, while a group of academic researchers from the US identified that less than 0.0009 per cent of the devices in the US were infected.

Given recent efforts in Android and Play Store tro improve security, it's likely that rates will fall rather than increase, however anyone interested in real Android security intead of AV vendor FUD should read genuine security articles like this, and avoid the marketing fluff: http://www.esecurityplanet.com...

1. Generic porn sites tend to also have a far higher frequency of adware and malware content than normal.

Then they should also block relegious sites because they seem to contain more malware

Perhaps they should. However, in general in the real world people make these decisions based on a combination of all the relevant factors, and the act of blocking all religious sites has other potential issues besides malware filtering.

1. Generic porn sites tend to also have a far higher frequency of adware and malware content than normal.

Then they should also block relegious sites because they seem to contain more malware

• Skype helped the NSA collect video and audio of conversations conducted via Skype
• Skype accesses more files on your computer than you'd expect it to
• Skype helps China's government spy

All of those are incredibly valuable. The CIA alone spends $11.5 billion on Data Collection Expenses each year. And of all organizations, Skype is one of the most able to provide information to them - whatever your PC's microphone's hearing now - whatever non-skype-related files Skype keeps accessing even though it has no need to - etc.

I didn't find the article positing that number in my first 10 secodns of searching, but I did find this: http://www.esecurityplanet.com/mobile-security/lookout-predicts-18-million-android-malware-infections-by-end-of-2013.html .

The likelihood that new Lookout users will encounter malware or spyware is heavily dependent on their geography and behavior, varying from 0.20 percent in Japan to 0.40 percent in the US and as high as 34.7 percent in Russia

Almost 35% will "encounter" malware in a given year. What precentage of those end up infected, I'm not sure - that would require more investigation into what "Lookout" is and how it works - but the subtitle of the article indicates that "encounter" means infection. Then there's the many devices that will already be infected. 40% doesn't sound high in that light.

The #1 problem with the arrangement is the requirement for whole disk encryption on the company laptop. It really slows it down. Performance is always worse on a laptop but it's dismal with disk encryption.

Your company has shitty laptops, shitty encryption software, or both.

Yes, get disk-encryption software that supports the AES-NI hardware based crypto that are built into the last 3 generations of Intel Core processors (if you're driving two screens off your laptop, you probably have one of these). Should make your drive encryption much less painful.

Tell me it was that god damn MyFuckingCleanPC (a.k.a. MySlowPieceOfShitPC) company that got busted...

PULLEEEZZZZEE!

"The fake 'scareware' programs included WinFixer, WinAntiVirus, PopupGuard, WinFirewall, InternetAntiSpy, ComputerShield, PC SuperCharger and ErrorSafe," http://www.esecurityplanet.com/malware/ftc-wins-163-million-judgment-against-scareware-marketer.html

That's a typo, should be $163 million plus. http://www.esecurityplanet.com/malware/ftc-wins-163-million-judgment-against-scareware-marketer.html

Link to ESecurity's scareware story... http://www.esecurityplanet.com/malware/ftc-wins-163-million-judgment-against-scareware-marketer.html

Problem is, if Apple did not block it they might be held legally liable for continued distribution and at least contributing to willful infringement of the patent.

Doubt it. About the worst that would happen is that Apple would have to pay the 30% that they made off of sales of the app. Apple wouldn't be liable for anything else.

Perhaps a little too safe, but as Apple has zero stake in the app it really makes no sense not to be as safe as possible.

See, this bothers me.

So an Apple developer makes a name for themselves with their iPhone app and ports it to Android. Traitors! After all that Apple did for these developers, they turn around and stab Apple in the back! Bastards! And yet, Apple, Inc.--with billions of dollars in the bank--is afraid they might lose 30% of their take in one app (which they'd by liable for anyway) and figures they'll play it "safe" and cut off the developers' cash flow and it's perfectly understandable.

So if Apple will put me in a stranglehold like that, why should I develop exclusively for iOS again?

Here's an app that's made a name for itself--and Apple--among a group of people. They're exclusively Apple developers--there's no Android version. And now Apple has cut off their air supply--if they can't sell their app, how are they supposed to make money to fight this? At least if I had an Android version, I might have some money coming in to help me fight this.

If you want the appearance of "safe" applications the only way to go is the App Store model as all other Internet distribution models have failed to keep the customer "safe".

FTFY.

After all, there've never been any privacy breaches on iOS, right?

iOS developers don't have direct control over when an update is made public after submitting it to the store; Apple does. This issue only affects the Android version anyway.

No, it didn't.

Again, it's the latest version of the Android app that does this.

Came along for the ride, & guess what gents: It's about to get WORSE!

Case-in-point/e.g. is "MASS MESH ATTACKS":

http://www.esecurityplanet.com/trends/article.php/3935941/New-Injection-Attack-30000-Websites.htm

* Very nasty...

APK

P.S.=> Now - SQLInjection's fairly easy to stop (via Stored Procedures usage, BIND variables usage, & removal of business logic out of front ends in general (if not blocking out redirects as I do to over 1, 444, 444++ known bad sites/servers/domains-hosts as I do via a HOSTS file, or a firewall (or even a TPL for IE, Opera's URLFILTER.INI or FireFox's methods etc.))...

This type though? Quite a bit worse

So - I sort of hate to say "I told you so", but... it furthers the case for my stating to people to LIMIT THEIR USE OF JAVASCRIPT, or be judicious in its usage @ least, as I have said for YEARS here:

http://www.bing.com/search?q=%22HOW+TO+SECURE+Windows+2000%2FXP%22&go=&form=QBRE [bing.com]

nd a decade before it here:

http://www.neowin.net/news/apk-a-to-z-internet-speedup--security-text [neowin.net]

Man - yes, I know: You NEED javascript for some sites (think e-commerce) but... the second I saw scriptable documents in say, Word & Excel docs + their macros being taken advantage of in VB-Script/VBA? I knew that scripting web HTML documents was going to be the same!

So, do take a read of the 1st URL I posted on Mass Mesh attack & its mechanics, be enlightened folks, & prepare yourselves!

... apk

They're nasty SOB's too:

http://www.esecurityplanet.com/trends/article.php/3935941/New-Injection-Attack-30000-Websites.htm

"Now we just need to hope that they don't breed better attackers that are all resistant." - by DanTheStone (1212500) on Thursday June 16, @01:32PM (#36465516)

Break out the "Zithromax" then... looks like we'll need it!

APK

P.S.=> Now - SQLInjection's fairly easy to stop (via Stored Procedures usage, BIND variables usage, & removal of business logic out of front ends in general (if not blocking out redirects as I do to over 1, 444, 345++ known bad sites/servers/domains-hosts as I do via a HOSTS file, or a firewall (or even a TPL for IE, Opera's URLFILTER.INI or FireFox's methods etc.))...

This type though? Quite a bit worse

So - Hate to say "I told you so", but... it furthers the case for my stating to people to LIMIT THEIR USE OF JAVASCRIPT as I have said for YEARS here:

http://www.bing.com/search?q=%22HOW+TO+SECURE+Windows+2000%2FXP%22&go=&form=QBRE

nd a decade before it here:

http://www.neowin.net/news/apk-a-to-z-internet-speedup--security-text

Man - yes, I know: You NEED javascript for some sites (think e-commerce) but... the second I saw scriptable documents in say, Word & Excel docs + their macros being taken advantage of in VB-Script/VBA? I knew that scripting web HTML documents was going to be the same!

So, do take a read, be enlightened folks!

... apk

Say what you will...but when the New York Times got hit with malicious ads last year, as a regular NYT user of the site I was unaffected because of AdBlock. You should have heard the howls of those who didn't.

http://www.esecurityplanet.com/features/article.php/3910891/Android-Code-at-Risk.htm seems like a better article to me, as it actually gives you information. For instance, to answer one commenter I saw, it mentions that the code from the vanilla linux kernel has fewer flaws than the code that is Android specific. It also mentions this gem: "We found that the Android kernel had about half the defect density that you would expect, compared to other industry average codebases of the same size," Andy Chou, Chief Scientist and co-founder of Coverity told InternetNews.com."What that means is that a defect density of one defect per approximately one thousand lines of code is industry average, according to our measurements – for the Android kernel, the defect density was about 0.47." According to the same source, the defect density if you look at Android only code is .7 per a thousand lines, so still below the industry average. In short, Android is more secure than most other kernels that Coverity has analyzed.

I'm quoting your entire reply. Simply because it illustrates a few things very well:

"Of course it was fixed two months sooner. It was out in the wild, whereas beforehand it was not.

A security exploit that's readily known is going to be a much higher priority than one that isn't."

Let's take these points in order, "whereas beforehand it was not" -- and just HOW do you know that? I certainly didn't know it.
Which lead you to your second point -- the "priority". There are several conflicting priorities here. One is the public relations priority. And, in this case you are right... But I don't care about the vendor's public image.

Another is that a readily known security exploit that has a trivial work-around has LOWER priority than one that isn't "readily known". I can defend against the first (example, my laptops X server was listening to the internet. Easily hardened, just remove TCP listen except from localhost). The second? If there is no published defence I consider myself rather screwed.

I assume that as soon as a defect is located, it will be talked about. Simply the knowledge that a defect is in an area might direct a "black-hat" to investigate. Or, the information may leak out of the vendors lab. All it takes is a bit of social engineering. I'd hire a hooker and go after the geekiest guy in the vendors lab. Sometimes, the bug report databases are published to "trusted partners". The vendor may trust the (for example) Chinese Government, but I don't.

This is just classic spying. Easier because its lower risk (you won't get shot for leaking a 0-day). But, it happens:

http://www.esecurityplanet.com/cisco/article.php/3354851/Cisco-Investigating-Stolen-Source-Code.htm

Cisco, Microsoft, others.

So, the clock is already ticking EVEN IF FULL DISCLOSURE IS NOT MADE. The only thing that this "responsible disclosure" does is give the vendor a PR break, and maybe (MAYBE) IF the vendor has appropriate security policies in the lab, allows the hold to be plugged without black-hats finding out. Maybe.

4. Backward compatibility, and a zillion features that assume an essentially insecure and trusted
world are a disaster. M$ has no way out.

You can believe that if you want to. If you want others to believe it you have to provide some level of evidence. ;)

http://www.esecurityplanet.com/features/article.php/3860131/article.htm

Overall security discussion:

http://www.esecurityplanet.com/views/article.php/3665801/Linux-vs-Windows-Which-is-Most-Secure.htm

Monolithic vs modular design (it's not what you think it is) and other security issues:

http://www.theregister.co.uk/2004/10/22/security_report_windows_vs_linux/#execsummary

NT is is an improvement but fundamentally flawed also. It has been patched extensively in Vista/7 but due to the underlying fundamental flaws of the OS architecture, there will always be another hole just waiting to be exploited.

I think it is hilarious because you are in more danger from the poor guy trying to keep all that cruft from falling down than you ever were by the NSA. I was one of those that downloaded the source code for my beloved Win2K back in the day when it hit the net. While it was surprisingly well written and clean code every so often you would come along this -#HACK-We aren't really sure WHAT this does, but when you remove all versions of Office from 3.0-97 scream and have a nasty habit of screwing up data-Don"t Touch#

And just from the source code that hit the net there were quite a few spots just like that. Some piece of cruft that nobody had a clue what did anymore, but which seriously screwed things up when removed. Which sadly makes sense if you think about it. WinNT was released in 1993. Think about that for a second. Think about how different the specs were on machines back then and then realize how many coders have been through the revolving door of OS development at MSFT. Each one adding their own code and trying to figure out just what in the hell the guy that came before them was thinking. The fact that the WMF bug affected everything from Win3.1-XP(Vista wasn't released at the time IIRC) means that there was code still sitting in the bowels of the OS that damned old.

So worrying about the NSA having a backdoor is like worrying about a pinhole leak when you got a gash the size of an iceberg in your hull. The simple fact is the NSA don't NEED a backdoor, because they can go to a Exploits R' Us and simply buy one for whichever version of Windows they wanted to target. Because with that much code that has been going for THAT long there simply isn't anybody in the company that can tell you with certainty exactly WHAT all those millions of lines of code are doing and where they have come from. I mean it must be a nightmare to get bug fixing duty on that code. Considering the WinNT codebase began as NT OS/2 in 1988 you are talking 21 years of cruft buildup. With that much cruft the NSA simply wouldn't have to bother.

(for those who don't get it)

This is a sample of what I meant (first result from Google): http://www.esecurityplanet.com/views/article.php/3 586511. More specifically the promise of spam disappearing entirely.

each version of windows, was more stable and more reliable and more secure than the last one

I agree with you, in general. As I said, I know (hope?) Vista will be more stable than XP, which is already very stable and secure. But it is very unlikely, probably unfeasible for a Windows release to be spyware-free, even with (or despite having) Microsoft security tools being part of the OS. Never underestimate opportunists looking for money and human ignorance.

Hope this clears things up.

The 'Nyxem.e' is a mass-mailing worm that also tries to spread using remote shares.

Worm-Nyxem-E propagates via email. It sends a copy of itself using its own Simple Mail Transfer Protocol (SMTP) server. Having its own SMTP server allows it to send email messages without relying on email application like Microsoft Outlook.

I have always felt that Linux is a nice operating system (for hobbyists and geeks), but there are some areas where it is seriously lacking, especially when compared to its main competitor, Microsoft Windows.

* File sharing. Windows has long been superior when it comes to making large amounts of files available to third parties. Even early versions of Windows automatically detected and made available all directories thanks to the built in NetBIOS-powered file sharing support. But Microsoft has realized that this technology is inherently limited and has added even better file sharing support to its Windows XP operating system. Universal Plug and Play will make it possible to literally access any file, from any device! I think universal file sharing support needs to be built into the Linux kernel soon.

* Intelligent agents. With innovations like Clippy, the talking paperclip and Microsoft Bob, Microsoft has always tried to make life easier for its customers. With Outlook and Outlook Express, Microsoft has built a framework for developers to create even smarter agents. Especially popular agents include "Sircam", which automatically asks the users' friends for advice on files he is working on and the "Hybris" agent, which is a self-replicating copy of a humorous take on "Snow-White and the Seven Dwarves" (the real story!). Microsoft is working on expanding this P2P technology to its web servers. This project is still in the beta stage, thus the name "Code Red". The next versions will be called "Code Yellow" and "Code Green".

* Version numbers. Linux has real naming problems. What's the difference between a 2.4.19 and a 2.2.17 kernel anyway? And what's with those odd and even numbers? Microsoft has always had clear and sophisticated naming/versioning policies. For example, Windows 95 was named Windows 95 because it was released in 1995. Windows 98 was released three years later, and so on. Windows XP brought a whole new "experience" to the user, therefore the name. I suggest that the next Linux kernel releases be called Linux 03, Linux 04, Linux 04.5 (OSR1),
Linux 04.7B (OSR2 SP4 OEM), Linux 2005 and Linux VD (Valentine's Day edition). Furthermore, remember how Microsoft named every upcoming version of Windows after some Egyptian city? Cairo, Chicago and so on. I think that the development kernels should be named after Spanish cities to celebrate Linux' Spanish origins. Linux Milano or Linux Rome anyone?

* Multi-User Support. This has always been one of Microsoft's strong sides, especially in the Windows 95/98 variants, where passwords were completely unnecessary. Microsoft has made the right decision by not bothering the user
with a distinction between "normal" and "root" users too much -- practice has shown that average users can be trusted to act responsibly and in full awareness of the potential consequences of their actions. After all, if your operating system doesn't trust you, why should you trust it? (To be fair, Linux is making some progress here with the Lindows distribution, where users are always running as root.)

With Windows XP, Microsoft has again improved multi-user support. Not only does Windows XP come with a large library of user pictures that are displayed on the login screen, such as a guitar and a flower, i

Why not just put it into .hlp files like it used to be? I don't recall any security issues with those.

Not since December 27 2004, anyway...

"XFocus also reported a hole in winhlp32.exe, the Windows .hlp file parsing program. The vulnerability is forged from a decoding error within the .hlp header. A perpetrator can exploit the flaw by triggering a heap-based buffer overflow."
http://www.esecurityplanet.com/patches/article.php /11778_3452081

I have always felt that Linux is a nice operating system (for hobbyists and geeks), but there are some areas where it is seriously lacking, especially when compared to its main competitor, Microsoft Windows.

* File sharing. Windows has long been superior when it comes to making large
amounts of files available to third parties. Even early versions of Windows
automatically detected and made available all directories thanks to the built in
NetBIOS-powered file sharing support. But Microsoft has realized that this
technology is inherently limited and has added even better file sharing support
to its Windows XP operating system. Universal Plug and Play will
make it possible to literally access any file, from any device! I think
universal file sharing support needs to be built into the Linux kernel soon.

* Intelligent agents. With innovations like Clippy, the talking paperclip and Microsoft Bob, Microsoft has always tried to make life easier
for its customers. With Outlook and Outlook Express, Microsoft has built a framework for developers to create even smarter agents. Especially popular agents include "Sircam", which automatically asks the users' friends for advice
on files he is working on and the "Hybris" agent, which is a self-replicating
copy of a humorous take on "Snow-White and the Seven Dwarves" (the real story!).
Microsoft is working on expanding this P2P technology to its web servers. This
project is still in the beta stage, thus the name "Code Red". The next versions
will be called "Code Yellow" and "Code Green".

* Version numbers. Linux has real naming problems. What's the difference
between a 2.4.19 and a 2.2.17 kernel anyway? And what's with those odd and even
numbers? Microsoft has always had clear and sophisticated naming/versioning
policies. For example, Windows 95 was named Windows 95 because it was released
in 1995. Windows 98 was released three years later, and so on. Windows XP
brought a whole new "experience" to the user, therefore the name. I suggest that
the next Linux kernel releases be called Linux 03, Linux 04, Linux 04.5 (OSR1),
Linux 04.7B (OSR2 SP4 OEM), Linux 2005 and Linux VD (Valentine's Day edition).
Furthermore, remember how Microsoft named every upcoming version of Windows
after some Egyptian city? Cairo, Chicago and so on. I think that the development
kernels should be named after Spanish cities to celebrate Linux' Spanish
origins. Linux Milano or Linux Rome anyone?

* Multi-User Support. This has always been one of Microsoft's strong sides,
especially in the Windows 95/98 variants, where passwords were completely
unnecessary. Microsoft has made the right decision by not bothering the user
with a distinction between "normal" and "root" users too much -- practice has
shown that average users can be trusted to act responsibly and in full awareness
of the potential consequences of their actions. After all, if your operating
system doesn't trust you, why should you trust it? (To be fair, Linux is making
some progress here with the Lindows distribution, where users are always running as root.)

With Windows XP, Microsoft has again improved multi-user support. Not only
does Windows XP come with a larg

I have always felt that Linux is a nice operating system (for
hobbyists and geeks), but there are some areas where it is seriously lacking, especially when compared to its main competitor, Microsoft Windows.

* File sharing. Windows has long been superior when it comes to making large
amounts of files available to third parties. Even early versions of Windows
automatically detected and made available all directories thanks to the built in
NetBIOS-powered file sharing support. But Microsoft has realized that this
technology is inherently limited and has added even better file sharing support
to its Windows XP operating system. Universal Plug and Play will
make it possible to literally access any file, from any device! I think
universal file sharing support needs to be built into the Linux kernel soon.

* Intelligent agents. With innovations like Clippy, the talking paperclip and Microsoft Bob, Microsoft has always tried to make life easier
for its customers. With Outlook and Outlook Express, Microsoft has built a framework for developers to create even smarter agents. Especially popular agents include "Sircam", which automatically asks the users' friends for advice
on files he is working on and the "Hybris" agent, which is a self-replicating
copy of a humorous take on "Snow-White and the Seven Dwarves" (the real story!).
Microsoft is working on expanding this P2P technology to its web servers. This
project is still in the beta stage, thus the name "Code Red". The next versions
will be called "Code Yellow" and "Code Green".

* Version numbers. Linux has real naming problems. What's the difference
between a 2.4.19 and a 2.2.17 kernel anyway? And what's with those odd and even
numbers? Microsoft has always had clear and sophisticated naming/versioning
policies. For example, Windows 95 was named Windows 95 because it was released in 1995. Windows 98 was released three years later, and so on. Windows XP
brought a whole new "experience" to the user, therefore the name. I suggest that
the next Linux kernel releases be called Linux 03, Linux 04, Linux 04.5 (OSR1),
Linux 04.7B (OSR2 SP4 OEM), Linux 2005 and Linux VD (Valentine's Day edition).
Furthermore, remember how Microsoft named every upcoming version of Windows
after some Egyptian city? Cairo, Chicago and so on. I think that the development
kernels should be named after Spanish cities to celebrate Linux' Spanish
origins. Linux Milano or Linux Rome anyone?

* Multi-User Support. This has always been one of Microsoft's strong sides,
especially in the Windows 95/98 variants, where passwords were completely
unnecessary. Microsoft has made the right decision by not bothering the user
with a distinction between "normal" and "root" users too much -- practice has
shown that average users can be trusted to act responsibly and in full awareness
of the potential consequences of their actions. After all, if your operating
system doesn't trust you, why should you trust it? (To be fair, Linux is making
some progress here with the Lindows distribution, where users are always running as root.)

With Windows XP, Microsoft has again improved multi-user support. Not only
does Windows XP come with a larg

I have always felt that Linux is a nice operating system (for hobbyists and geeks), but there are some areas where it is seriously lacking, especially when compared to its main competitor, Microsoft Windows.

* File sharing. Windows has long been superior when it comes to making large
amounts of files available to third parties. Even early versions of Windows
automatically detected and made available all directories thanks to the built in
NetBIOS-powered file sharing support. But Microsoft has realized that this
technology is inherently limited and has added even better file sharing support
to its Windows XP operating system. Universal Plug and Play will
make it possible to literally access any file, from any device! I think
universal file sharing support needs to be built into the Linux kernel soon.

* Intelligent agents. With innovations like Clippy, the talking paperclip and Microsoft Bob, Microsoft has always tried to make life easier
for its customers. With Outlook and Outlook Express, Microsoft has built a framework for developers to create even smarter agents. Especially popular agents include "Sircam", which automatically asks the users' friends for advice
on files he is working on and the "Hybris" agent, which is a self-replicating
copy of a humorous take on "Snow-White and the Seven Dwarves" (the real story!).
Microsoft is working on expanding this P2P technology to its web servers. This
project is still in the beta stage, thus the name "Code Red". The next versions
will be called "Code Yellow" and "Code Green".

* Version numbers. Linux has real naming problems. What's the difference
between a 2.4.19 and a 2.2.17 kernel anyway? And what's with those odd and even
numbers? Microsoft has always had clear and sophisticated naming/versioning
policies. For example, Windows 95 was named Windows 95 because it was released
in 1995. Windows 98 was released three years later, and so on. Windows XP
brought a whole new "experience" to the user, therefore the name. I suggest that
the next Linux kernel releases be called Linux 03, Linux 04, Linux 04.5 (OSR1),
Linux 04.7B (OSR2 SP4 OEM), Linux 2005 and Linux VD (Valentine's Day edition).
Furthermore, remember how Microsoft named every upcoming version of Windows
after some Egyptian city? Cairo, Chicago and so on. I think that the development
kernels should be named after Spanish cities to celebrate Linux' Spanish
origins. Linux Milano or Linux Rome anyone?

* Multi-User Support. This has always been one of Microsoft's strong sides,
especially in the Windows 95/98 variants, where passwords were completely
unnecessary. Microsoft has made the right decision by not bothering the user
with a distinction between "normal" and "root" users too much -- practice has
shown that average users can be trusted to act responsibly and in full awareness
of the potential consequences of their actions. After all, if your operating
system doesn't trust you, why should you trust it? (To be fair, Linux is making
some progress here with the Lindows distribution, where users are always running as root.)

With Windows XP, Microsoft has again improved multi-user support. Not only
does Windows XP come with a larg

I have always felt that Linux is a nice operating system (for hobbyists and geeks), but there are some areas where it is seriously lacking, especially when compared to its main competitor, Microsoft Windows.

* File sharing. Windows has long been superior when it comes to making large
amounts of files available to third parties. Even early versions of Windows
automatically detected and made available all directories thanks to the built in
NetBIOS-powered file sharing support. But Microsoft has realized that this
technology is inherently limited and has added even better file sharing support
to its Windows XP operating system. Universal Plug and Play will
make it possible to literally access any file, from any device! I think
universal file sharing support needs to be built into the Linux kernel soon.

* Intelligent agents. With innovations like Clippy, the talking paperclip and Microsoft Bob, Microsoft has always tried to make life easier
for its customers. With Outlook and Outlook Express, Microsoft has built a framework for developers to create even smarter agents. Especially popular agents include "Sircam", which automatically asks the users' friends for advice
on files he is working on and the "Hybris" agent, which is a self-replicating
copy of a humorous take on "Snow-White and the Seven Dwarves" (the real story!).
Microsoft is working on expanding this P2P technology to its web servers. This
project is still in the beta stage, thus the name "Code Red". The next versions
will be called "Code Yellow" and "Code Green".

* Version numbers. Linux has real naming problems. What's the difference
between a 2.4.19 and a 2.2.17 kernel anyway? And what's with those odd and even
numbers? Microsoft has always had clear and sophisticated naming/versioning
policies. For example, Windows 95 was named Windows 95 because it was released
in 1995. Windows 98 was released three years later, and so on. Windows XP
brought a whole new "experience" to the user, therefore the name. I suggest that
the next Linux kernel releases be called Linux 03, Linux 04, Linux 04.5 (OSR1),
Linux 04.7B (OSR2 SP4 OEM), Linux 2005 and Linux VD (Valentine's Day edition).
Furthermore, remember how Microsoft named every upcoming version of Windows
after some Egyptian city? Cairo, Chicago and so on. I think that the development
kernels should be named after Spanish cities to celebrate Linux' Spanish
origins. Linux Milano or Linux Rome anyone?

* Multi-User Support. This has always been one of Microsoft's strong sides,
especially in the Windows 95/98 variants, where passwords were completely
unnecessary. Microsoft has made the right decision by not bothering the user
with a distinction between "normal" and "root" users too much -- practice has
shown that average users can be trusted to act responsibly and in full awareness
of the potential consequences of their actions. After all, if your operating
system doesn't trust you, why should you trust it? (To be fair, Linux is making
some progress here with the Lindows distribution, where users are always running as root.)

With Windows XP, Microsoft has again improved multi-user support. Not only
does Windows XP come with a larg

I have always felt that Linux is a nice operating system (for hobbyists and geeks), but there are some areas where it is seriously lacking, especially when compared to its main competitor, Microsoft Windows.

* File sharing. Windows has long been superior when it comes to making large amounts of files available to third parties. Even early versions of Windows automatically detected and made available all directories thanks to the built in
NetBIOS-powered file sharing support. But Microsoft has realized that this technology is inherently limited and has added even better file sharing support to its Windows XP operating system. Universal Plug and Play will
make it possible to literally access any file, from any device! I think universal file sharing support needs to be built into the Linux kernel soon.

* Intelligent agents. With innovations like Clippy, the talking paperclip and Microsoft Bob, Microsoft has always tried to make life easier for its customers. With Outlook and Outlook Express, Microsoft has built a framework for developers to create even smarter agents. Especially popular agents include "Sircam", which automatically asks the users' friends for advice on files he is working on and the "Hybris" agent, which is a self-replicating copy of a humorous take on "Snow-White and the Seven Dwarves" (the real story!).
Microsoft is working on expanding this P2P technology to its web servers. This
project is still in the beta stage, thus the name "Code Red". The next versions will be called "Code Yellow" and "Code Green".

* Version numbers. Linux has real naming problems. What's the difference between a 2.4.19 and a 2.2.17 kernel anyway? And what's with those odd and even numbers? Microsoft has always had clear and sophisticated naming/versioning
policies. For example, Windows 95 was named Windows 95 because it was released
in 1995. Windows 98 was released three years later, and so on. Windows XP
brought a whole new "experience" to the user, therefore the name. I suggest that the next Linux kernel releases be called Linux 03, Linux 04, Linux 04.5 (OSR1), Linux 04.7B (OSR2 SP4 OEM), Linux 2005 and Linux VD (Valentine's Day edition).
Furthermore, remember how Microsoft named every upcoming version of Windows after some Egyptian city? Cairo, Chicago and so on. I think that the development kernels should be named after Spanish cities to celebrate Linux' Spanish origins. Linux Milano or Linux Rome anyone?

* Multi-User Support. This has always been one of Microsoft's strong sides, especially in the Windows 95/98 variants, where passwords were completely
unnecessary. Microsoft has made the right decision by not bothering the user with a distinction between "normal" and "root" users too much -- practice has shown that average users can be trusted to act responsibly and in full awareness of the potential consequences of their actions. After all, if your operating system doesn't trust you, why should you trust it? (To be fair, Linux is making some progress here with the Lindows distribution, where users are always running as root.)

With Windows XP, Microsoft has again improved multi-user support. Not only does Windows XP come with a large library of user pictures that are displayed on the login screen, su

I have always felt that Linux is a nice operating system (for hobbyists and geeks), but there are some areas where it is seriously lacking, especially when compared to its main competitor, Microsoft Windows.

* File sharing. Windows has long been superior when it comes to making large
amounts of files available to third parties. Even early versions of Windows
automatically detected and made available all directories thanks to the built in
NetBIOS-powered file sharing support. But Microsoft has realized that this
technology is inherently limited and has added even better file sharing support
to its Windows XP operating system. Universal Plug and Play will
make it possible to literally access any file, from any device! I think
universal file sharing support needs to be built into the Linux kernel soon.

* Intelligent agents. With innovations like Clippy, the talking paperclip and Microsoft Bob, Microsoft has always tried to make life easier
for its customers. With Outlook and Outlook Express, Microsoft has built a framework for developers to create even smarter agents. Especially popular agents include "Sircam", which automatically asks the users' friends for advice
on files he is working on and the "Hybris" agent, which is a self-replicating
copy of a humorous take on "Snow-White and the Seven Dwarves" (the real story!).
Microsoft is working on expanding this P2P technology to its web servers. This
project is still in the beta stage, thus the name "Code Red". The next versions
will be called "Code Yellow" and "Code Green".

* Version numbers. Linux has real naming problems. What's the difference
between a 2.4.19 and a 2.2.17 kernel anyway? And what's with those odd and even
numbers? Microsoft has always had clear and sophisticated naming/versioning
policies. For example, Windows 95 was named Windows 95 because it was released
in 1995. Windows 98 was released three years later, and so on. Windows XP
brought a whole new "experience" to the user, therefore the name. I suggest that
the next Linux kernel releases be called Linux 03, Linux 04, Linux 04.5 (OSR1),
Linux 04.7B (OSR2 SP4 OEM), Linux 2005 and Linux VD (Valentine's Day edition).
Furthermore, remember how Microsoft named every upcoming version of Windows
after some Egyptian city? Cairo, Chicago and so on. I think that the development
kernels should be named after Spanish cities to celebrate Linux' Spanish
origins. Linux Milano or Linux Rome anyone?

* Multi-User Support. This has always been one of Microsoft's strong sides,
especially in the Windows 95/98 variants, where passwords were completely
unnecessary. Microsoft has made the right decision by not bothering the user
with a distinction between "normal" and "root" users too much -- practice has
shown that average users can be trusted to act responsibly and in full awareness
of the potential consequences of their actions. After all, if your operating
system doesn't trust you, why should you trust it? (To be fair, Linux is making
some progress here with the Lindows distribution, where users are always running as root.)

With Windows XP, Microsoft has again improved multi-user support. Not only
does Windows XP come with a larg

Brought to you by the makers of WEP and WPA...

Actually, they've Already done that.

Well, after RTFA, it has everything to do with the SGI crap which has since been removed for being a kludge. This is the code snippet which we are aware of anyways.

Yes, but according to the submission someone else has already broken it down for us. Essentialy Perens was misquoted in a very deceitful manner (Darl decieve us? NO! :) ) Darl claims Bruce admitted the code was illegally copied. But Bruce had said it was legally copied under the license SCO provided for this code, and that the code was useless anyway and removed from the kernel.

Likewise, Darl is lying outright about ESR as usual. He claims that ESR has admitted that the DOS was from a Free Software developer. But ESR not only said that such a DOS would be wrong but on several occasions

I had to search really hard to find an article which even quoted ESR in a way that Darl could misquote the way he did. Darl was not nice enough to give a reference. Even so, it is clear form the article that despite Darls claims, ESR did not know the hacker and was only guessing by the nature of the attack that it was a Free Software developer who did it. He also had said from the beginning (in the above quotes) that DOSing SCO would be wrong and if it were happening it should stop. This is the source of Darl's quote that ESR asked the attacker to stop. Darl claims ESR knew hwo it was, admitted he knew who it was, and asked the person to stop but did not give him up to the authorities. THis is a complete fabrication as have been most of SCO's comments on Bruce Perens and ESR.

I do not agree with this.