Slashdot Mirror

Somebody needs to get their head out of the sand.

Also: saying that your OS is secure because virus writers arent creating viruses against your OS doesnt mean it is secure. "Security through obscurity" isnt really security- it's more keeping your head in the sand.

Somebody needs to get their head out of the sand.

Also: saying that your OS is secure because virus writers arent creating viruses against your OS doesnt mean it is secure. "Security through obscurity" isnt really security- it's more keeping your head in the sand.

Somebody needs to get their head out of the sand.

Also: saying that your OS is secure because virus writers arent creating viruses against your OS doesnt mean it is secure. "Security through obscurity" isnt really security- it's more keeping your head in the sand.

As long as they can avoid some small issues, they should be ok. Since they only have two vulnerabilities (although one allowed remote execution of arbitrary code), they seem to be doing well.

Otherwise, you may be pronouncing it "Mozsucks"

Lets make sure we take care of all those root exploits this time.

Its called Windows Update. You can also schedule it; but you already knew that, seeing how you are such an expert on what MS products can and cant do.

Can I download and compile XP in a secure environment?

I dont know; I guess it depends on how secure your environment is... MS isnt responsible for that. you seem to THINK your environment is pretty secure, but I cant say I have EVER heard of an exploit in the NT kernel which allowed somebody to compromise the system. So apparently you are less secure than you are trying to claim.

Was it ever compiled in a secure environment? Probably not because MS actively discourages quality and security because it compromises their bottom line

and you know this because you worked there, right? Otherwise you are just blathering stupid, ignorant nonsense.

which is why I can't extract the worlds most buggy browser from the operating system without a major headache

Oh, you mean Mozilla?. Or perhaps you were refering to Nutscrape... um, I mean Netscape? Or were you, by chance, refering to Opera? You need to be a little less vague. Actually, I have never used any of those, so I cant account for how shitty their uninstall programs are (aside from seeing how shitty their application security is).

True I believe Moz gives you an Email client as well but Moz's Email client is flawed by outlook standard - no arbitrary execution of code.

Oh really? Seems the open source community is trying to keep pace... BTW, I routinely remove Outlook Express from every server I set up, and its well documented, and pretty easy to find if you actually get off your lazy ass and look for it... but its so much easier to just complain!

Give me their raw kernel, and I mnight be able to make a secure system, but not with the crap they ship with it.

Somehow, I find it hard to believe that you alone are way better than all the programmers they have working on this stuff at MS. What OS kernels have YOU developed, again? BTW, I did a little looking, and the only kernel exploits were corrected on Feb. 9 and Apr. 4-5 of 2002. Otherwise, no kernel exploits. So much for the claim that open source produces better quality. If you are so bloody good, why didnt you find this, any of these... or maybe some of this or that, or the other thing???

As fordue dilligence, you are probably aware of it as a clapped out VC buzzword.

Unlike yourself, who apparently brags that he can deploy servers right after loading the os (which updates to current with the patches, whoopy do! It saves you a tiny amount of time!). Maybe Im too conservative; I like to test my hardware and applications prior to deployment. But then again, Im not fixing the linux kernel and all those buggy web browsers in my spare time, either, so maybe I just have more free time than yourself. ...oh wait, you arent fixing them either...

You start with a policy defining data and service avail

Its called Windows Update. You can also schedule it; but you already knew that, seeing how you are such an expert on what MS products can and cant do.

Can I download and compile XP in a secure environment?

I dont know; I guess it depends on how secure your environment is... MS isnt responsible for that. you seem to THINK your environment is pretty secure, but I cant say I have EVER heard of an exploit in the NT kernel which allowed somebody to compromise the system. So apparently you are less secure than you are trying to claim.

Was it ever compiled in a secure environment? Probably not because MS actively discourages quality and security because it compromises their bottom line

and you know this because you worked there, right? Otherwise you are just blathering stupid, ignorant nonsense.

which is why I can't extract the worlds most buggy browser from the operating system without a major headache

Oh, you mean Mozilla?. Or perhaps you were refering to Nutscrape... um, I mean Netscape? Or were you, by chance, refering to Opera? You need to be a little less vague. Actually, I have never used any of those, so I cant account for how shitty their uninstall programs are (aside from seeing how shitty their application security is).

True I believe Moz gives you an Email client as well but Moz's Email client is flawed by outlook standard - no arbitrary execution of code.

Oh really? Seems the open source community is trying to keep pace... BTW, I routinely remove Outlook Express from every server I set up, and its well documented, and pretty easy to find if you actually get off your lazy ass and look for it... but its so much easier to just complain!

Give me their raw kernel, and I mnight be able to make a secure system, but not with the crap they ship with it.

Somehow, I find it hard to believe that you alone are way better than all the programmers they have working on this stuff at MS. What OS kernels have YOU developed, again? BTW, I did a little looking, and the only kernel exploits were corrected on Feb. 9 and Apr. 4-5 of 2002. Otherwise, no kernel exploits. So much for the claim that open source produces better quality. If you are so bloody good, why didnt you find this, any of these... or maybe some of this or that, or the other thing???

As fordue dilligence, you are probably aware of it as a clapped out VC buzzword.

Unlike yourself, who apparently brags that he can deploy servers right after loading the os (which updates to current with the patches, whoopy do! It saves you a tiny amount of time!). Maybe Im too conservative; I like to test my hardware and applications prior to deployment. But then again, Im not fixing the linux kernel and all those buggy web browsers in my spare time, either, so maybe I just have more free time than yourself. ...oh wait, you arent fixing them either...

You start with a policy defining data and service avail

Its called Windows Update. You can also schedule it; but you already knew that, seeing how you are such an expert on what MS products can and cant do.

Can I download and compile XP in a secure environment?

I dont know; I guess it depends on how secure your environment is... MS isnt responsible for that. you seem to THINK your environment is pretty secure, but I cant say I have EVER heard of an exploit in the NT kernel which allowed somebody to compromise the system. So apparently you are less secure than you are trying to claim.

Was it ever compiled in a secure environment? Probably not because MS actively discourages quality and security because it compromises their bottom line

and you know this because you worked there, right? Otherwise you are just blathering stupid, ignorant nonsense.

which is why I can't extract the worlds most buggy browser from the operating system without a major headache

Oh, you mean Mozilla?. Or perhaps you were refering to Nutscrape... um, I mean Netscape? Or were you, by chance, refering to Opera? You need to be a little less vague. Actually, I have never used any of those, so I cant account for how shitty their uninstall programs are (aside from seeing how shitty their application security is).

True I believe Moz gives you an Email client as well but Moz's Email client is flawed by outlook standard - no arbitrary execution of code.

Oh really? Seems the open source community is trying to keep pace... BTW, I routinely remove Outlook Express from every server I set up, and its well documented, and pretty easy to find if you actually get off your lazy ass and look for it... but its so much easier to just complain!

Give me their raw kernel, and I mnight be able to make a secure system, but not with the crap they ship with it.

Somehow, I find it hard to believe that you alone are way better than all the programmers they have working on this stuff at MS. What OS kernels have YOU developed, again? BTW, I did a little looking, and the only kernel exploits were corrected on Feb. 9 and Apr. 4-5 of 2002. Otherwise, no kernel exploits. So much for the claim that open source produces better quality. If you are so bloody good, why didnt you find this, any of these... or maybe some of this or that, or the other thing???

As fordue dilligence, you are probably aware of it as a clapped out VC buzzword.

Unlike yourself, who apparently brags that he can deploy servers right after loading the os (which updates to current with the patches, whoopy do! It saves you a tiny amount of time!). Maybe Im too conservative; I like to test my hardware and applications prior to deployment. But then again, Im not fixing the linux kernel and all those buggy web browsers in my spare time, either, so maybe I just have more free time than yourself. ...oh wait, you arent fixing them either...

You start with a policy defining data and service avail

Its called Windows Update. You can also schedule it; but you already knew that, seeing how you are such an expert on what MS products can and cant do.

Can I download and compile XP in a secure environment?

I dont know; I guess it depends on how secure your environment is... MS isnt responsible for that. you seem to THINK your environment is pretty secure, but I cant say I have EVER heard of an exploit in the NT kernel which allowed somebody to compromise the system. So apparently you are less secure than you are trying to claim.

Was it ever compiled in a secure environment? Probably not because MS actively discourages quality and security because it compromises their bottom line

and you know this because you worked there, right? Otherwise you are just blathering stupid, ignorant nonsense.

which is why I can't extract the worlds most buggy browser from the operating system without a major headache

Oh, you mean Mozilla?. Or perhaps you were refering to Nutscrape... um, I mean Netscape? Or were you, by chance, refering to Opera? You need to be a little less vague. Actually, I have never used any of those, so I cant account for how shitty their uninstall programs are (aside from seeing how shitty their application security is).

True I believe Moz gives you an Email client as well but Moz's Email client is flawed by outlook standard - no arbitrary execution of code.

Oh really? Seems the open source community is trying to keep pace... BTW, I routinely remove Outlook Express from every server I set up, and its well documented, and pretty easy to find if you actually get off your lazy ass and look for it... but its so much easier to just complain!

Give me their raw kernel, and I mnight be able to make a secure system, but not with the crap they ship with it.

Somehow, I find it hard to believe that you alone are way better than all the programmers they have working on this stuff at MS. What OS kernels have YOU developed, again? BTW, I did a little looking, and the only kernel exploits were corrected on Feb. 9 and Apr. 4-5 of 2002. Otherwise, no kernel exploits. So much for the claim that open source produces better quality. If you are so bloody good, why didnt you find this, any of these... or maybe some of this or that, or the other thing???

As fordue dilligence, you are probably aware of it as a clapped out VC buzzword.

Unlike yourself, who apparently brags that he can deploy servers right after loading the os (which updates to current with the patches, whoopy do! It saves you a tiny amount of time!). Maybe Im too conservative; I like to test my hardware and applications prior to deployment. But then again, Im not fixing the linux kernel and all those buggy web browsers in my spare time, either, so maybe I just have more free time than yourself. ...oh wait, you arent fixing them either...

You start with a policy defining data and service avail

Its called Windows Update. You can also schedule it; but you already knew that, seeing how you are such an expert on what MS products can and cant do.

Can I download and compile XP in a secure environment?

I dont know; I guess it depends on how secure your environment is... MS isnt responsible for that. you seem to THINK your environment is pretty secure, but I cant say I have EVER heard of an exploit in the NT kernel which allowed somebody to compromise the system. So apparently you are less secure than you are trying to claim.

Was it ever compiled in a secure environment? Probably not because MS actively discourages quality and security because it compromises their bottom line

and you know this because you worked there, right? Otherwise you are just blathering stupid, ignorant nonsense.

which is why I can't extract the worlds most buggy browser from the operating system without a major headache

Oh, you mean Mozilla?. Or perhaps you were refering to Nutscrape... um, I mean Netscape? Or were you, by chance, refering to Opera? You need to be a little less vague. Actually, I have never used any of those, so I cant account for how shitty their uninstall programs are (aside from seeing how shitty their application security is).

True I believe Moz gives you an Email client as well but Moz's Email client is flawed by outlook standard - no arbitrary execution of code.

Oh really? Seems the open source community is trying to keep pace... BTW, I routinely remove Outlook Express from every server I set up, and its well documented, and pretty easy to find if you actually get off your lazy ass and look for it... but its so much easier to just complain!

Give me their raw kernel, and I mnight be able to make a secure system, but not with the crap they ship with it.

Somehow, I find it hard to believe that you alone are way better than all the programmers they have working on this stuff at MS. What OS kernels have YOU developed, again? BTW, I did a little looking, and the only kernel exploits were corrected on Feb. 9 and Apr. 4-5 of 2002. Otherwise, no kernel exploits. So much for the claim that open source produces better quality. If you are so bloody good, why didnt you find this, any of these... or maybe some of this or that, or the other thing???

As fordue dilligence, you are probably aware of it as a clapped out VC buzzword.

Unlike yourself, who apparently brags that he can deploy servers right after loading the os (which updates to current with the patches, whoopy do! It saves you a tiny amount of time!). Maybe Im too conservative; I like to test my hardware and applications prior to deployment. But then again, Im not fixing the linux kernel and all those buggy web browsers in my spare time, either, so maybe I just have more free time than yourself. ...oh wait, you arent fixing them either...

You start with a policy defining data and service avail

Its called Windows Update. You can also schedule it; but you already knew that, seeing how you are such an expert on what MS products can and cant do.

Can I download and compile XP in a secure environment?

I dont know; I guess it depends on how secure your environment is... MS isnt responsible for that. you seem to THINK your environment is pretty secure, but I cant say I have EVER heard of an exploit in the NT kernel which allowed somebody to compromise the system. So apparently you are less secure than you are trying to claim.

Was it ever compiled in a secure environment? Probably not because MS actively discourages quality and security because it compromises their bottom line

and you know this because you worked there, right? Otherwise you are just blathering stupid, ignorant nonsense.

which is why I can't extract the worlds most buggy browser from the operating system without a major headache

Oh, you mean Mozilla?. Or perhaps you were refering to Nutscrape... um, I mean Netscape? Or were you, by chance, refering to Opera? You need to be a little less vague. Actually, I have never used any of those, so I cant account for how shitty their uninstall programs are (aside from seeing how shitty their application security is).

True I believe Moz gives you an Email client as well but Moz's Email client is flawed by outlook standard - no arbitrary execution of code.

Oh really? Seems the open source community is trying to keep pace... BTW, I routinely remove Outlook Express from every server I set up, and its well documented, and pretty easy to find if you actually get off your lazy ass and look for it... but its so much easier to just complain!

Give me their raw kernel, and I mnight be able to make a secure system, but not with the crap they ship with it.

Somehow, I find it hard to believe that you alone are way better than all the programmers they have working on this stuff at MS. What OS kernels have YOU developed, again? BTW, I did a little looking, and the only kernel exploits were corrected on Feb. 9 and Apr. 4-5 of 2002. Otherwise, no kernel exploits. So much for the claim that open source produces better quality. If you are so bloody good, why didnt you find this, any of these... or maybe some of this or that, or the other thing???

As fordue dilligence, you are probably aware of it as a clapped out VC buzzword.

Unlike yourself, who apparently brags that he can deploy servers right after loading the os (which updates to current with the patches, whoopy do! It saves you a tiny amount of time!). Maybe Im too conservative; I like to test my hardware and applications prior to deployment. But then again, Im not fixing the linux kernel and all those buggy web browsers in my spare time, either, so maybe I just have more free time than yourself. ...oh wait, you arent fixing them either...

You start with a policy defining data and service avail

Its called Windows Update. You can also schedule it; but you already knew that, seeing how you are such an expert on what MS products can and cant do.

Can I download and compile XP in a secure environment?

I dont know; I guess it depends on how secure your environment is... MS isnt responsible for that. you seem to THINK your environment is pretty secure, but I cant say I have EVER heard of an exploit in the NT kernel which allowed somebody to compromise the system. So apparently you are less secure than you are trying to claim.

Was it ever compiled in a secure environment? Probably not because MS actively discourages quality and security because it compromises their bottom line

and you know this because you worked there, right? Otherwise you are just blathering stupid, ignorant nonsense.

which is why I can't extract the worlds most buggy browser from the operating system without a major headache

Oh, you mean Mozilla?. Or perhaps you were refering to Nutscrape... um, I mean Netscape? Or were you, by chance, refering to Opera? You need to be a little less vague. Actually, I have never used any of those, so I cant account for how shitty their uninstall programs are (aside from seeing how shitty their application security is).

True I believe Moz gives you an Email client as well but Moz's Email client is flawed by outlook standard - no arbitrary execution of code.

Oh really? Seems the open source community is trying to keep pace... BTW, I routinely remove Outlook Express from every server I set up, and its well documented, and pretty easy to find if you actually get off your lazy ass and look for it... but its so much easier to just complain!

Give me their raw kernel, and I mnight be able to make a secure system, but not with the crap they ship with it.

Somehow, I find it hard to believe that you alone are way better than all the programmers they have working on this stuff at MS. What OS kernels have YOU developed, again? BTW, I did a little looking, and the only kernel exploits were corrected on Feb. 9 and Apr. 4-5 of 2002. Otherwise, no kernel exploits. So much for the claim that open source produces better quality. If you are so bloody good, why didnt you find this, any of these... or maybe some of this or that, or the other thing???

As fordue dilligence, you are probably aware of it as a clapped out VC buzzword.

Unlike yourself, who apparently brags that he can deploy servers right after loading the os (which updates to current with the patches, whoopy do! It saves you a tiny amount of time!). Maybe Im too conservative; I like to test my hardware and applications prior to deployment. But then again, Im not fixing the linux kernel and all those buggy web browsers in my spare time, either, so maybe I just have more free time than yourself. ...oh wait, you arent fixing them either...

You start with a policy defining data and service avail

Its called Windows Update. You can also schedule it; but you already knew that, seeing how you are such an expert on what MS products can and cant do.

Can I download and compile XP in a secure environment?

I dont know; I guess it depends on how secure your environment is... MS isnt responsible for that. you seem to THINK your environment is pretty secure, but I cant say I have EVER heard of an exploit in the NT kernel which allowed somebody to compromise the system. So apparently you are less secure than you are trying to claim.

Was it ever compiled in a secure environment? Probably not because MS actively discourages quality and security because it compromises their bottom line

and you know this because you worked there, right? Otherwise you are just blathering stupid, ignorant nonsense.

which is why I can't extract the worlds most buggy browser from the operating system without a major headache

Oh, you mean Mozilla?. Or perhaps you were refering to Nutscrape... um, I mean Netscape? Or were you, by chance, refering to Opera? You need to be a little less vague. Actually, I have never used any of those, so I cant account for how shitty their uninstall programs are (aside from seeing how shitty their application security is).

True I believe Moz gives you an Email client as well but Moz's Email client is flawed by outlook standard - no arbitrary execution of code.

Oh really? Seems the open source community is trying to keep pace... BTW, I routinely remove Outlook Express from every server I set up, and its well documented, and pretty easy to find if you actually get off your lazy ass and look for it... but its so much easier to just complain!

Give me their raw kernel, and I mnight be able to make a secure system, but not with the crap they ship with it.

Somehow, I find it hard to believe that you alone are way better than all the programmers they have working on this stuff at MS. What OS kernels have YOU developed, again? BTW, I did a little looking, and the only kernel exploits were corrected on Feb. 9 and Apr. 4-5 of 2002. Otherwise, no kernel exploits. So much for the claim that open source produces better quality. If you are so bloody good, why didnt you find this, any of these... or maybe some of this or that, or the other thing???

As fordue dilligence, you are probably aware of it as a clapped out VC buzzword.

Unlike yourself, who apparently brags that he can deploy servers right after loading the os (which updates to current with the patches, whoopy do! It saves you a tiny amount of time!). Maybe Im too conservative; I like to test my hardware and applications prior to deployment. But then again, Im not fixing the linux kernel and all those buggy web browsers in my spare time, either, so maybe I just have more free time than yourself. ...oh wait, you arent fixing them either...

You start with a policy defining data and service avail

Its called Windows Update. You can also schedule it; but you already knew that, seeing how you are such an expert on what MS products can and cant do.

Can I download and compile XP in a secure environment?

I dont know; I guess it depends on how secure your environment is... MS isnt responsible for that. you seem to THINK your environment is pretty secure, but I cant say I have EVER heard of an exploit in the NT kernel which allowed somebody to compromise the system. So apparently you are less secure than you are trying to claim.

Was it ever compiled in a secure environment? Probably not because MS actively discourages quality and security because it compromises their bottom line

and you know this because you worked there, right? Otherwise you are just blathering stupid, ignorant nonsense.

which is why I can't extract the worlds most buggy browser from the operating system without a major headache

Oh, you mean Mozilla?. Or perhaps you were refering to Nutscrape... um, I mean Netscape? Or were you, by chance, refering to Opera? You need to be a little less vague. Actually, I have never used any of those, so I cant account for how shitty their uninstall programs are (aside from seeing how shitty their application security is).

True I believe Moz gives you an Email client as well but Moz's Email client is flawed by outlook standard - no arbitrary execution of code.

Oh really? Seems the open source community is trying to keep pace... BTW, I routinely remove Outlook Express from every server I set up, and its well documented, and pretty easy to find if you actually get off your lazy ass and look for it... but its so much easier to just complain!

Give me their raw kernel, and I mnight be able to make a secure system, but not with the crap they ship with it.

Somehow, I find it hard to believe that you alone are way better than all the programmers they have working on this stuff at MS. What OS kernels have YOU developed, again? BTW, I did a little looking, and the only kernel exploits were corrected on Feb. 9 and Apr. 4-5 of 2002. Otherwise, no kernel exploits. So much for the claim that open source produces better quality. If you are so bloody good, why didnt you find this, any of these... or maybe some of this or that, or the other thing???

As fordue dilligence, you are probably aware of it as a clapped out VC buzzword.

Unlike yourself, who apparently brags that he can deploy servers right after loading the os (which updates to current with the patches, whoopy do! It saves you a tiny amount of time!). Maybe Im too conservative; I like to test my hardware and applications prior to deployment. But then again, Im not fixing the linux kernel and all those buggy web browsers in my spare time, either, so maybe I just have more free time than yourself. ...oh wait, you arent fixing them either...

You start with a policy defining data and service avail

Ah, another linux kernel exploit. I sure am glad Im running Windows!

Ah, another linux kernel exploit. I sure am glad Im running Windows!

Ah, another linux kernel exploit. I sure am glad Im running Windows!

Ah, another linux kernel exploit. I sure am glad Im running Windows!

Also, I dont consider an 'installation' complete until I have installed, configured, and tested the server anyway. I dont see that any other OS is going to save me significant time on that, since testing really has little to do with the OS: the exact mechanism is just a detail. Its called "due dilligence"- you should try it some time!

It appears like all Microsofties you are deeply confused as to what constitutes an operating system.

Well, moron, we were talking Microsoft, which is a company (not an operating system). Also mentioned were IE, Outlook, IIS, etc. Last time I checked, THOSE werent operating systems either. It appears that like all true idiots, you are deeply confused as to what constitutes reading comprehension.

I haven't seen this mentioned yet so I'll pass this tidbit along.
SecurityTracker has information on a new sudo vulnerability. Only laptops are affected.

OpenSSH buffer_append_space() Error May Let Remote Users Execute Arbitrary Code and OpenSSH "buffer_append_space()" Vulnerability

So how come, nobody is prosecuting a person who discovered hotmail security flaw? that was the easiest to exploit and he showed it to everyone about how to exploit it(see this story). just go to hotmail website using the link information provided and you will be able to reset anyone's password that you wanted to and get a new password delivered to whatever email you wanted to. what is more, the inventor falls in classic "terrorist" profile of FBI/CIA: a muslim male in 16-45 years range from Pakistan.

Cool Mac software that I found while looking for info: ssh and sftp for mac with SSH2 support. License? Well, there's a GNU head on the website :)

More info here.

I run a Domino server. In fact I run lots of Domino websites. And this "Denial of Service" issue that is reported is really due to Admins who don't know what they're doing.

Any system can try and forward to 127.0.0.1 if it is set that way. There is so much information available at all the normal locations that it is really the Admins own fault. Why they should take it out on somebody who has done as all a superb service is anybodies guess.

Where to look for info:
Lotus
Notes.net
DominoHive
SecurityTracker for Domino

OK, yes WMP from version 7 onwards is a nasty beast.

This article is mostly scare tactics, as ever since the beginning of time there's been a file named CDPLAYER.INI in the windows folder that stores CDDB info. A local cache should actually enhance your privacy as it will reduce calls to central servers when you play your CDs or whatever.

WMP 7+ however doesn't use this file. If you look in your Windows folder again, you'll notice a couple of files named WMSysPrx.prx and another one named similarly that actually stores the song database. That's how the 'media library' feature works, it's all stored in there -- you would expect a program that catalogues songs to store a list of media played somewhere, wouldn't you?

It's true WMP does track how many times you play a song. But discovering the fact isn't aexactly a journalistic coup, it's listed in the program itself. Look in the 'Media Library', this is listed along with all the rest of the ID3 information (at least in WMP 7)... not exactly a huge secret. I have never heard of MS sending this info off to its site before... that sounds a lot like how Real got into trouble a few years back, and also a lot like a very inventive and paranoid reporter. If you're worried, delete those files mentioned above every so often.

The unique ID is more interesting. I really recommend turning this off in your WMP options, as it's only really useful if you're buying proprietry WMA files online... and somehow I don't think many slashdotters will be doing that ;).

The worst part is that it opens up the recently discovered SuperCookie exploit in which websites can embed a player in a page and get it's ID number. Since it's globablly unique and installed on most computers, it's a great way of tracking users who are savvy enough to turn off cookies.

So nuke the ID feature quickly from your player options... even if you use *AMP to play your sounds, you could still be vulnerable to this.

> I would certainly hope that a cookie wouldn't
> contain that information. Usually a cookie just
> has an identifying number, and all information
> is stored server side. I can't imagine anyone
> doing otherwise

You don't have to imagine in it. You can just go here . Or here . Or here, or here, or here, or here...

Chris Mattern

I use a little PalmOs utility to store passwords. Its name is Strip. It stores all your passwords encripted with DES or Idea encription algorithms. It's GPLes and very useful.

But don't use the password generator tool. It has a big security flaw.

---

been a long time (3+ years) since I have seen a Linux as stable as Windows

Uhh... Windows 3.1? I have yet to see a properly-configured Win32 (sic) machine hold it's own against a properly-configured Linux machine. Especially considering that any Win32 machine put under any sort of actual use tends to get unstable after, oh, I'll give it 48 hours max.

I get security announcements and patches from Microsoft when problems are discovered. I read about them months after the fact for Linux - and if an RPM patch isn't available oh well.

It all depends on where you go looking for information. There are plenty of security related sites out there that cover Linux.

And what's this bullshit about RPM patches? Have you ever heard of just compiling your own and being done with it? That is why such things are provided for download -- if something goes wrong, you can fix it.

And as far as the level of expertise, I can hire Microsoft engineers all day long. Finding a competent Linux person is near impossible - make sure you add that cost into your evaluation.

I can hire MS engineers all day long too. Can I hire competent engineers of any sort all day long? I highly doubt it. MCSE's are a dime a dozen, but if something just happens to go wrong on that W2k server over there, what are they going to do to fix it? "Oh, reboot the machine, it'll all be fine." Er.. stability?