Slashdot Mirror

You're being dishonest. Your original claim was spyware specifically. There's no more spyware on Linux than on OS X (~0), no more viruses, and no more trojans. In addition, you can't pretend a 10% desktop userbase (a gross overestimate: it's between 5% and 8%) equals a bigger share on the server, which is the main attack vector for Linux; unattended servers getting rooted. OS X is entirely irrelevant on the server, whereas Linux is pretty big. NextStep was never used on the server, btw. So, let's say Linux is rooted more often than OS X -- for computers open to attack from the internet, Linux has 172 times the installed base of OS X.

Also, I haven't said there is spyware on the Mac. In fact, I've said there's none, and that there's nothing special to it. You still haven't pointed out any spyware for Linux.

isn't sco dead yet?

You aren't dead unless Netcraft says you're dead.

Transparent mirroring is of course only one way among many to use drupal (or any other cms) securely. It is my impression that the current US administration actually allows hiring someone with a higher IQ than the president, so someone probably did a google search.

Per my subject-line above. & this quote from the article here on /.:

"The Cybersecurity Act of 2009 passed a Senate panel, giving the president unprecedented power to issue a nation-wide blackout or restriction on websites without congressional approval" - by Akido37 (1473009) on Tuesday March 30, @10:49AM (#31670706)

?

Well, then from the SOUND of it @ least, I am ALL FOR IT personally!

Why??

Well, because online attacks DO go on, & they DO exist, & they DO INTERFERE WITH PEOPLE'S LIVES IN SERIOUS WAYS IS WHY!

(AND, in many ways, because a LOT goes over "the public internet" people, a lot more than say, slashdot webpages, whether you know it or not)...

E.G.-> Such as databases' drivers & libs using ports on the net, like:

----

A.) SQLServer = default ports usually used -> 1433/1434/4022/2382/2382/443 (SSL)/135 (RPC) & on both UDP & TCP/IP

B.) Oracle = default ports usually used -> 66/1521/1525/1526/1527/1529/1571/1575/1630/1748/1754/1808/1809/1830/2481/2482/2483/2484/3872/3891/3938

C.) IBM DB/2 = default ports usually used -> 523/532/6789/50000/60000 (probably more here, this is the one I am LEAST familiar with, sorry I could not be more "complete" here)

D.) MySQL = default ports usually used -> 3306 (probably more here too, I am JUST "getting into" this one lately (hey, it's FREE man!!!)

----

(Those tools, as I am sure MOST of you know, are for businesses where YOU yourself do business, which means YOUR MONIES or other life-crucial information, for instance - which again, is a LOT more than & of most likely far greater import than merely the web's HTML data alone you use, while you browse websites, in other words...)

And, then there are things like POWER PLANTS (which, like it or not, DO conduct things over the public internet), & even life-monitoring devices + security systems.

SHOULD THE GOV'T. TAKE ACTIVE MEASURES vs. ATTACKS ON THESE THINGS NOTED ABOVE? Hey guys...?? ABSOLUTELY!

(Especially IF they're being "cyber-attacked", OR, just to prepare for such an event, JUST IN CASE!)

APK

P.S.=> See- The past 12 yrs. now or so, I've taken a more than "somewhat" active interest in things 'security-related' online... &, know what sort of "spooks me" (& yes, even shocks me, because of the cultures/nations I see it coming from mainly)?

CHINA...

Yes - It really "blows my mind" that a culture w/ more than 5,000++ yrs. of recorded history behind it is showing up, & MORE THAN ANY OTHER NATION BY FAR, in the lists I use to populate my HOSTS file here, & here are the sources (all known & reputable) I typically utilize, so you can check this yourselves (or, perhaps, even USE THEM yourselves for hosts file population to block out known bogus sites &/or servers):

-----

http://ddanchev.blogspot.com/
http://www.malwareurl.com/listing-urls.php?page=1&urls=off&rp=
http://www.malware.com.br/lists.shtml
http://securitylabs.websense.com/content/alerts.aspx
http://blog.fireeye.com/
http://mtc.sri.com/
http://www.scansafe.com/threat_center/threat_alerts
http://news.netcraft.com/
http://www.shadowserver.org/
https://zeustracker.abuse.ch/monitor.php?filter=online
http://en.wikipedia.org/wiki/Hosts_file

Some media file can pop up a browser window to an infected site that will install malware on your computer especially if you use older software versions.

There was even gif and jpeg exploits made public in the past, it probably occurred with other media files as well...

http://isc.sans.org/diary.html?storyid=2997

http://news.netcraft.com/archives/2004/09/17/exploit_for_microsoft_jpeg_flaw_is_published.html

Just because the device comes with a flavor geared by the manufacturer, doesn't mean that the device cannot be set up with your favorite distro.

I've had great luck with modern Linux distributions (perhaps it's skill)- deploying on HP G3 and G4 blades, old Compaq Proliant servers (1650R and 1850R), new HP Proliant servers (DL380 and DL560), every Thinkpad I've ever owned (that's quite a few), and the Ideapad netbooks I bought for my daughters (Lenovo S10-2)

IMHO, the Linux world did learn its lesson - slow and steady wins the race.

Think about how many devices have Linux installed on them, and how many ways Linux touches our daily lives. Your ISP probably runs Linux in some form, possibly without knowing it. The website you're looking at runs on Linux (at least the RSS feeds). Your digital camera might be running linux. Your cell phone might run Linux. Chances are, most people are touched by Linux in their daily lives.

Apparently not: http://uptime.netcraft.com/up/graph?site=jonathanischwartz.wordpress.com

You mean you can't find it because this shows Linux ahead of FreeBSD (for reliability)? Or this, where several different Linux distros beat FreeBSD soundly in most benchmarks?

Sorry, but your nonsense about FreeBSD performing better than Linux is just that: nonsense. In some cases it does, in other cases it doesn't. Use the tool you think suits you best (and there are plenty of reasons to prefer BSD), but claims that FreeBSD generally performs "better" is just delusional fanboy bullshit. It's still a good, clean Unix with excellent performance.

the top 8 uptimes on netcraft are windows you fool. http://uptime.netcraft.com/up/today/top.avg.html

looking for.
To get an idea try:
http://news.netcraft.com/archives/2010/02/02/most_reliable_hosting_company_sites_in_january_2010.html

SankaCoffeee

Oh sure, for them Linux is a good enough platform to serve up their stupid little santa stalking site, but not good enough to bother making it work for Linux users. Way to go, Norad/Google.

What the hell are you on about it works perfectly on Linux here opensuse 11.2ms3 X86_64 with firefox 3.5B4 you need a distro update or a brain transplant or maybe BOTH ,
what i want to know is who moved these keys closer together on this keyboard .

Oh sure, for them Linux is a good enough platform to serve up their stupid little santa stalking site, but not good enough to bother making it work for Linux users. Way to go, Norad/Google.

Netcraft confirms it: FreeBSD is dying. (Again!)

http://toolbar.netcraft.com/site_report?url=http://www.netcraft.com

Doh!!

It's funny you put it like that, because looking at the current NetCraft stats it seems like IIS is back to about the market share it had in 2006.

However, they did this same strategy with domainNames to get IIS up in rankings in late 2007 through early 2008. How are they doing now?

• SQL Injection 25%
• XSS 17%
• Web Server 2%
• Buffer Errors 12%
• Web Browser 8%
• Authentication / Authorization 14%

Plus a few under 10%. The funny thing is that the article seems to blame the browser for SQL Injection, Web Server, Information Leak / Disclosure? WTF?

Information Leaks could be the result of any attack, SQL Injection has nothing at all to do with any browser and "Web Server"? There is no real information other than a nice shaded 3D pie chart so what this guy is trying to prove is beyond me. It also includes Path Traversal which is server side as well, code injection well injection into what? The browser, the server ... what?

Popular vendors including Sun, IBM, and Apache continue to be among the top 10 most vulnerable Web applications named.

Even if some agrees that these companies are actual web applications and not software companies, you would have to agree that there really are only about 10 commonly used web servers in total so Sun, IBM and Apache will be on this list regardless of the exploit.

Looking at the real report all of the exploits blamed on the browsers are based on SQL Injections and propagating malicious code from the originator of the web site so how could one browser handle this more effectively then another? This doesn't really make a lot of sense so anyone gifted with more ability then myself please reply below.

mass-adoption is a security liability. it must be feared as much as holes and bugs in software. how does it feel to be in Microsoft's shoes? go ahead, fanbois. mod me down.

Oh, really? Take a look at the market share of Apache webserver. Now which is more secure? IIS or Apache? They are plump target for every organized crime outfits in the world. They host banks and brokerage accounts that transact trillions of dollars day in day out. And the organized crime outfits don't limit themselves to simple hacker techniques. They would not mind murder and kidnapping and bribing to get passwords or breaking and entering to install key loggers. In that market place Apache shines and IIS lags.

Mass adoption alone is not a security liability. Mass adoption of closed proprietary protocols, be it Apple, be it Microsoft, be it Diebold, is a security liability. The reason is the main interest of Apples and Microsofts and Diebolds is to sell more of their product. Not security of user data. It is important only as much as it affects sales. If there are other factors that influence sales they will be the preoccupation of these companies, not security of user data.

I suspect your memory is a little faulty.

Akamai has been reverse proxying whitehouse.gov for quite some time.

So IIS on linux might have been reported, but all sites akamai proxies for show up as being on linux. See
http://uptime.netcraft.com/up/graph?site=search.microsoft.com for example

of IIS/6.0 on linux.

That assumes that the value of the software is the same, value being usability, performance, etc. For netbooks, servers, and small dedicated devices I don't think Microsoft can compete at all.

More netbooks sell with Windows than Linux. When IT staffers were asked "the operating system of choice for IT netbooks is Windows 7". Some are hoping that because of Moblin Linux will regain market share in netbooks. MS IIS comes in second in webservers, behind Apache. While down from it's high IIS still has a market share of 18% in webservers, excluding Apache more than all the others combined. I don't think Microsoft is in any danger of losing it's market share anytime soon.

I'm all for Linux, but it can't completely replace Microsoft just yet.

For most people both Linux and Macs can replace Windows. People just have this "Microsoft software is needed" attitude. Like a lot of other switchers before switching from Windows to first Linux then OSX I evaluated what I wanted to do, the tasks not the software. I then looked to see if there was any software available for Linux and OSX that could do what I wanted. Other than there being no drop-in replacement for Photoshop for Linux the answer was I could get software that would do what I wanted. And with WINE or Crossover Photoshop CS 2 will run on Linux.

Falcon

Netcraft says www.danger.com uses freeBSD+Apache+PHP http://uptime.netcraft.com/up/graph?site=www.danger.com

Ah, but he does.

The argument will be that since they run Redhat it's not considered open source or freeware, even though it is a Linux distribution that is proprietary.

Ah, but he does.

Linux seems to be fine for them to run their web server.

[IIS7] has 2 vulnerabilities in its entire lifetime, and only one of those is remote.

Well, 2 vulnerabilities that MS has acknowledged. IIS is still a closed-source app, so third-party security researchers can't audit it and announce vulnerabilities as they can with Apache. Meanwhile, the black hats don't share the ones they find.

IIS7 is no doubt better than IIS6 and perhaps is decent. But if I wanted to run a web server, I'd run Apache 1.x on Debian Stable; I don't trust the combination of Windows+IIS as much as I trust Linux+Apache. And it looks like actual web sysadmins agree with me, because according to Netcraft, in August 2009, Apache had twice the server share as Microsoft (46% vs. 23% if I read that chart correctly; it looks like the ruled lines represent 8% increments, which seems strange).

steveha

"open source tools were too slow and required "too much fooling around to administer"

Is this true, is there no 'Open Source revision control system' with functionality equivilent to Perforce?
--

"The newsletter system we had often lead us reboot Apache, this way we opted by purchasing a paid webware instead, and since we have paid for the licence, we got faster support and they managed to keep us running without Apache issues anymore,"

Wha, Apache can't even run a newsletter ??? No prizes for guessing which webware they switched to ...

Yup, Netcraft confirms that 3 of the top 10 most reliable hosting sites use FreeBSD. 3 use Windows, 2 use Linux, and 2 use unknown ... so there is the possibility that 4 use Linux.

Btw, I love all three OS's, they're all great for different reasons.

Those queries should yield a higher result for Windows since the market share of Windows is so much higher than anything else (i.e. desktop). In other words, after the 20th result page the content will dissolve into any content that discusses Windows with the keyword "hosting" mixed in. Not necessarily "Windows hosting", same applies for the "linux hosting" results. Quoting "windows hosting" and "linux hosting" yields around 1.3m results each.

Regardless, imo the hypothesis of using Google to measure "windows hosting" vs. "linux hosting" is flawed to begin with. Netcraft have been the better tool since its purpose is to measure exactly what you're looking for:

http://news.netcraft.com/archives/web_server_survey.html

Note that the possibility exists that there are more *sites* (domains) sitting on top of the Windows servers even though IIS has a lower market share among web servers than Linux. For example, when Godaddy changed their parking servers to IIS a few years ago.

But these days most Wordpress sites sit on top of a Centos-based VPS, or via Blogspot, etc. which are all running Apache. Lastly, as an empirical check, most hosting companies (Hostgator, advertisers on Webhostingtalk, etc.) have a Linux based package as their default. Windows is available but tends to be more of an option. Perhaps this is more due to cost/licensing issues, I don't know the economics involved.

After all, they need to hold on to that monopoly position on the desktop to keep their server business afloat.

Microsoft doesn't seem to be suffering much with a decline in web servers as compared to others. By a pretty good margin IIS is still number 2.

Falcon

I'm not sure why this is marked flamebait....

I've never worked with Java, but I am a full-time .Net developer. The second real job I had was a consulting gig....we did most of our projects in .Net but a few clients either had existing code in Java or wanted to use Java to avoid costs often associated with Microsoft technologies.

Anyway, while I didn't know Java, we had a lot of very sharp programmers who worked on professional, successful projects in both Java and .Net. The general consensus was basically what parent said.

From what I've heard, ASP.Net really makes web development a lot cleaner than the Java equivalent. Go here and check out the graph - http://news.netcraft.com/archives/2004/03/23/aspnet_overtakes_jsp_and_java_servlets.html you can see ASP.Net gaining market share and passing Java technologies, back in 2004.

I believe JSF was supposed to be Java's answer to ASP.Net - but from what I've heard it's not quite on-par.

Visual Studio isn't a requirement of using .Net (and isn't relevant to the Linux development discussion) but in terms of general .Net vs. Java - it really does seem to offer more to the developer than any of the Java IDEs. Yes, you can find plenty of Java programmers with years of experience in Eclipse who use Visual Studio and say, 'Man this sucks because you can't do X, Y, and Z' (but X, Y and Z are available - they just didn't find it). But yeah amongst people who regularly use both, I really believe the majority are going to say that Visual Studio is the way to go.

More recently, LINQ has made a fairly large splash in the development community. There have been quite a few articles/blogs expressing concern that LINQ, along with other .Net developments are giving .Net a clear edge over Java. And some of these are coming from Java developers - which means it's more than just fan-boy crap.

http://tech.puredanger.com/2008/01/31/is-linq-leaving-java-in-the-dust/

I know of, at least two, Java-based implementations of 'LINQ'. But, really, they are just playing catch-up to Microsoft's innovation in that area. And while many of the basic samples given work perfectly, if you dig deeper you'll find that they are lacking, compared to the Microsoft's LINQ. Naturally, people have been programming for decades without LINQ. It's not 'needed' by any stretch of the imagination...but many feel it's an important step forward.

Anyway, I'm *not* saying .Net is better than Java. But, I am saying there are certainly people who would make the argument. And there are certainly people who would argue that Java is better. They both have some real pros and cons....but the parent pointing that out isn't flamebait.

The current Recovery.gov site is running Drupal on Apache/Linux, and the site designers made at least a token effort to support current Web standards in the markup (while it is XHTML with a tableless layout, the W3C's validator did flag many problems when I checked it so it isn't perfect). :

• http://buytaert.net/obama-using-drupal
• http://toolbar.netcraft.com/site_report?url=http://www.recovery.gov

On the other hand, the new prime contractor's Web site www.smartronix.com is running on Microsoft-IIS/6.0. They do not appear to be making much of an effort to support current Web standards (fixed, table based layout).

• http://toolbar.netcraft.com/site_report?url=http://www.smartronix.com/

So who knows, maybe they will build a beautiful new site for that $18m, but I like the old site and will be sad to see it go.

The current Recovery.gov site is running Drupal on Apache/Linux, and the site designers made at least a token effort to support current Web standards in the markup (while it is XHTML with a tableless layout, the W3C's validator did flag many problems when I checked it so it isn't perfect). :

• http://buytaert.net/obama-using-drupal
• http://toolbar.netcraft.com/site_report?url=http://www.recovery.gov

On the other hand, the new prime contractor's Web site www.smartronix.com is running on Microsoft-IIS/6.0. They do not appear to be making much of an effort to support current Web standards (fixed, table based layout).

• http://toolbar.netcraft.com/site_report?url=http://www.smartronix.com/

So who knows, maybe they will build a beautiful new site for that $18m, but I like the old site and will be sad to see it go.

Or, more to the point: http://news.netcraft.com/archives/web_server_survey.html

The second graph and the table below it tell the story. IIS has never been as popular as Apache.

Try opening a newlined file with notepad, for example.

Gedit on my Ubuntu laptop saves with LF newlines, and Windows Notepad can't read them because it expects CRLF newlines. But I add one to Notepad and all is well. In fact, pretty much every text editor but Windows Notepad can handle the differences between UNIX and Windows.

As for VMS, how much VMS is used in world-facing applications as of June 2009? Even HP, the owner of copyright in VMS after having bought Digital's parent company, uses HP-UX, Linux, or Windows Server on its popular public websites. Even HP's site about VMS was found to use HP-UX. Netcraft confirms it: VMS is dead.

And if FTP translates oddball operating systems' conventions for text/plain files, why doesn't it do so for image files (.ppm vs. .bmp), audio files (.au vs. .wav), or other MIME types?

Try opening a newlined file with notepad, for example.

Gedit on my Ubuntu laptop saves with LF newlines, and Windows Notepad can't read them because it expects CRLF newlines. But I add one to Notepad and all is well. In fact, pretty much every text editor but Windows Notepad can handle the differences between UNIX and Windows.

As for VMS, how much VMS is used in world-facing applications as of June 2009? Even HP, the owner of copyright in VMS after having bought Digital's parent company, uses HP-UX, Linux, or Windows Server on its popular public websites. Even HP's site about VMS was found to use HP-UX. Netcraft confirms it: VMS is dead.

And if FTP translates oddball operating systems' conventions for text/plain files, why doesn't it do so for image files (.ppm vs. .bmp), audio files (.au vs. .wav), or other MIME types?

If that means that Apache is more popular, then http://uptime.netcraft.com/up/today/top.max.html would mean windows is more stable?

Is this information really pertinent ? It is the summary of the most requested website through netcraft as far as I understand. if you look at the highest uptime recorded by netcraft at http://uptime.netcraft.com/up/today/top.avg.html then you only see IIS servers. High uptime rhymes with stability. There is certainly an explanation (security update may requires reboot or stuff like that). But it makes me wonder if the stat is relevant. Someone ? Any clue ?

waitasec... #4, www.bing.com, runs on *LINUX*? Man, the kool-aid in Redmond must SUCK.

What's even weirder is that the top 5 servers with the highest uptime are all Windows 2000.

I haven't touched Windows 2000 in probably 5 years, and I've been trying to avoid Windows at all costs for about 4 years....so someone educate me on this: Isn't Windows 2000 unsupported when it comes to security updates? I had a friend tell me a few years ago that his employer (some-mega-corp) had to pay Microsoft over $5,000 just to get them to develop a version of the DST patch for their old Win2k/Exchange2k corporate mail system...

Wouldn't those Windows 2000 servers be a *huge* target?

http://uptime.netcraft.com/up/today/requested.html

http://uptime.netcraft.com/up/graph?site=www.bing.com You have GOT to be kidding.

http://uptime.netcraft.com/up/today/requested.html

http://uptime.netcraft.com/up/graph?site=www.bing.com You have GOT to be kidding.

You mean like Google, or Amazon? Or, are they too high-profile?

You mean like Google, or Amazon? Or, are they too high-profile?

You might have a point.... except that Apache is far more popular than IIS and yet IIS is the one routinely attacked.

Citation needed? ;)

Apache is far more popular: Netcraft confirms it! Attacks, on the other hand, are probably about equal, though, IME, security hardening Apache on *nix is far easier than security hardening IIS on Windows.

You might have a point.... except that Apache is far more popular than IIS and yet IIS is the one routinely attacked.

Citation needed? ;)

Seriously, some data would be nice.

http://uptime.netcraft.com/up/today/requested.html

As the meme says:

Netcraft confirms it:
http://toolbar.netcraft.com/site_report?url=http://ax.search.itunes.apple.com

The iTunes store runs on Linux.

I would assume apple.com, uses OSX Server for mission critical data, although netcraft lists the site OS as "unknown."

That was a dodgy MS/Unisys website stunt (directed at Solaris, whose customers needed no reminders about their strategic options). While touting the virtues of Windows, the site was actually running on a Unix/Apache box.

At least this time they actually used a Windows/IIS server.

The whole thing traces back to Washington, which means the stench of MS marketing is in the air.

You would think they would learn from the parody websites that sprang up from the "wehavethewayout" debacle, but those marketing guys are slow learners.

Somebody really needs to tell MS marketing that the PC guy in the Apple commercials is NOT some kind of Steve Ballmer brainchild that should be emulated. You would think that a company that has a marketing budget like MS would learn to stop shooting itself in the foot.

[...]

What makes it far more major, is that its one of the extremely rare remotely exploitable vulnerability that IIS6 have had. Contrary to Slashdot beleif, IIS6 (IIS7 more so though) is totally rock solid and extremely secure, so having something like that pop up is quite scary.

Contrary to Slashdot belief, Slashdotters usually rant about Microsoft client operating systems, like Vista or Win7. Ranting about Server Software is bad form, primarily because Linux/Apache is the primary platform, and Slashdot should therefore rant that Linux is nipping MS in the bud with its uncompetitive practices.

They're using Netcraft to prove their server count - which reports on IP addresses. Just because there are 50,000 IP addresses responding to port 80, doesn't mean they have 50,000 boxes. The shared hosting arrangements can easily have dozens and dozens of "servers" operating on the same physical box.

Not exactly what netcraft is saying right now from TFAL:

Netcraft has developed a technique for identifying the number of computers (rather than IP addresses) acting as web servers on the internet, and attributes these computers to hosting locations through reverse DNS lookups.

I suspect there's a power law in here, and that the estimates of google and amazon and others should be way beyond this, perhaps surpassing 500.000. That would be an interesting milestone.

FTFA:

There's a widely circulated estimate of 450,000 servers, but that number is at least three years old. If it was ever accurate, it certainly isn't anymore, given Google's data center building spree. Google's recently revealed container data center holds more than 45,000 servers, and that's a single facility built in 2005.

Only thing slow today seems to be google. Is there some sort of Level 3 outage or something? I know Google News was down earlier in the Northeast but now it seems google video, youtube and search are affected as well.

Anyway... can we stop saying stupid crap like "Once IE's market share goes the way of the Dodo"?

Just because something is declining now that there is a serious competitor in the market place doesn't mean that the decline will go on at the same rate or indefinitely. Look at webserver trends.

Every time I hear stuff like that I just picture those little dogs that bark at big dogs.

But that doesn't mean that when we are discussing a non-US topic, that US law is somehow automatically applicable!

Nor did it mean that we were even discussing a non-US topic. WHOIS says the domain is registered to a proxy company based in Scottsdale, Arizona, USA. And Netcraft's report says the site is hosted in the United States.