Slashdot Mirror
Slashback: Snapshots, Amends, Bazaarity
Microsoft is just as secure as the competition, says Microsoft. Jon_E writes: "According to this article Microsoft is responding to the Gartner Report which recommends that enterprises drop IIS by claiming unfair targeting due to their popularity."
Whether because of better-trained or more vigilant administrators, or some other factors, the Apache servers running many web sites certainly haven't seen the devastating outages in the past month (Code Red, Nimda) as certain large IIS installations have.
If animated, this might make a really good Saturday cartoon. cconnell writes "Last September, slashdot published my critique of Eric Raymond's essay The Cathedral and the Bazaar. There was a lively (and sometimes scorching) discussion that followed. Here is Eric's reply to my critique, which Slashdot readers might enjoy. And here is my reply to Eric."
This was not faked in the same studio as the "lunar landings." mrsmalkav writes "Deep Space 1 has passed by Comet Borrelly within 1400 miles and took some very pretty pictures of the comet's core, all while collecting lots of data about said comet. NASA's press release discusses some of the details and findings of the flyby.
This is actually really impressive given that there was very little hope for this mission. From the Mission Logs on DS1's site, '[T]o be honest, DS1's visit with the comet simply is unlikely to work as well as we hope. Many mission logs have described the difficulty of keeping this aged and wounded bird aloft, and the encounter with Borrelly will present Deep Space 1 with the greatest challenge yet in its historic trek through the solar system.'"
Saint Aardvark writes "Space.com has an article about the images taken by DS-1, and they're stunning." And eldurbarn points to the NASA Images of comet Borrelly online at JPL.
How to satisfy customers with license objections, Part II brtb writes: "Soon after Slashdot posted my DiscZerver-GPL writeup last week, xStore added a link in their Download section for information about the use of GPL software in their products. Below is the e-mail I received in response (address changed to protect the spamless). Congratulations to xStore for supporting Free Software and bringing the DiscZervers into compliance with the GPL.
From: "Support" [support@xstoreonline.com]
To: "brtb" [slashdot@brtb.org]
Subject: "RE: GPL SOURCE CODE"xStore is committed to complying to the full letter and spirit of the GPL. We are currently investigating the allegations of non-GPL compliance and communicating with the GNU.ORG and Free Software Foundation on this issue. We will produce a response to your request that is mutually acceptable to the copyright holders of the programs we have used that fall under the GPL and xStore itself. Due to the recent acquisition of this product, we are still in the process of preparing the required source code for distribution. xStore is commited to bring the DiscZerver product into GPL compliance, if it is indeed found to be not in compliance.
In the meantime, please provide xStore with information so that we can send you, the user of this product, the package that you are entitled to. Please provide the serial number of your DiscZerver product and the 'system page' with your response. The 'system page' is located at [http://your_Zerver_name_or_IP_address/admin-cgi/s ystem]. In addition, please send us a self addressed stamped envelope suitable for mailing a CD-ROM along with $14.95 to:
xStore, Inc.
Federal Highway Center
1200 North Federal Highway
Suite 200
Boca Raton, FL 33432After we receive your written request along with the above items, we will process it and promptly send you the disc when it becomes available.
This thanks to the mostly behind-the-scenes work of people at the FSF. Congratulations to xStore for respecting the intent of the programmers whose work they're consolidating and packaging.
MS gets targeted cause of their wide open security holes as well ...
Is this a first post ?
Just out of curiousity...how does this engine work...what principles of physics does this satellite use and what would it's benefits be?..first time I heard of one is when I found that's what powers TIE fighters
: ) - It's true...TIE = Twin Ion Engine
----------
ah honey, we're all resplendent - Bill Mallonee
Microsoft may be secure, but when everyone is trying to crack YOUR software, it don't matter if your competition is half as secure as you... You are the target, and you will be breached...
When will they get that through their thick skulls???
---
Programming is like sex... Make one mistake and support it the rest of your life.
Oh, wow; never heard that one before...
There's another article in the NYT about the encryption restrictions being brought up for debate and it includes a nice jab at the Washington Post for misquoting Zimmermann on his PGP interview. Check it out here:
D E.html
http://www.nytimes.com/2001/09/25/technology/25CO
+1 Insightful, -1 Troll. What can I say, I'm an Insightful Troll.
Now, I know this isn't a time to pontificate on the merits of apache hosting...
so I will give Microsoft some benefit of the doubt.
People like us, linux advocates, write these viruses for this sort of thing to occur.
Bad k1dd135, bad.
- z;)Bu911
PayPal $$ if you sign up for free offers (eBay, cred cards, e
From the IIS article:
I couldn't agree more. Apache just can't compete with the speed of Microsoft's PR department in spinning every horrendous hole as "innovation".
That's "Mr. Soulless Automaton" to you, Bub.
I hate the .95 thing. It's everywhere you look. Oh wow that's only fourteen dollars! Oh wait...
I could almost understand it on standard retail stuff, but in this case... Does it not seem a little frivolous?
Not the best solution, but as the article says, there aren't a lot of virsuses for the mac for this reason. So one thing that can make your servers more secure is to use a more obscure OS and know it really well.
One other note: I thought a majority of web servers run a varient of linux. So because they have the market share, wouldn't hackers attack them more? I just think it's harder to attack something that is open source because so many bugs can can be found by the community and fixed by the community, while bugs for IIS can rarely be fixed by the community.
Plus a lot of people just hate microsoft in general.
F-bacher
James Tiberius Kirk: "Spock, the women on your planet are logical. No other planet in the galaxy can make that claim."
Microsofts Windows XP is not secure at all. like linux is. so no Microsoft is not better. :)
(My Bad) ln -s
Before you flame: yes, I know that was meant as a joke, and yes, this post is more than slightly off topic (but Slashback threads often are), but this is probably going to be discussed here sooner or later anyhow so I might as well take some preventative measures.
The lunar landings were not fake. The "evidence" is poor at best, and just blatantly stupid otherwise. I won't reiterate all arguments against this silly conspiracy theorys validity, as you can read all about it, for example, here or here.
There are lots of nice conspiracy theories that really have some nice arguments that actually speak for them, but this is not one of those. This one should really die. Seriously, I'd go for Illuminati or Elvis any day of the week if this was my only alternative.
"If you think education is expensive, try ignorance" - Derek Bok
http://directory.google.com/Top/Science/Technology /Mechanical_Engineering/Propulsion/Aerospace/Space /Electric/
They're targeted because they're the most vulnerable target. That's all.
Unlimited growth == Cancer.
This is simple physics, boys and girls.
First things first, you need a spacecraft as light as possible. Anything not needed goes away. Basically, you're left with the instrumentation, the navigation, the cameras, solar panels, batteries, and a couple of sizeable tanks of xenon.
Yes. Xenon. The heaviest non-radioactive noble gas.
Now, xenon is normally inert like other noble gases. I mean, there are no natural compounds containing any noble gas because they have no natural need to enhance their electron shell configuration.
However, xenon is pretty large (as atoms go) and, given enough juice (courtesy our light and ability to live, the sun, hence the solar panels), you can ionize xenon. You can strip off an electron or two and it's useful (For example, the compound XeF6, xenon hexafloride. What it's good for? Dunno. Still doesn't change the fact it exists.) More importantly, it's charged and can be directed.
Then, it's a simple matter of a small aperture (which can be directed), a positively-charged grid, and the xenon leaves in the direction opposite the spacecraft goes.
Don't expect this to power any spacefighters, however. At full power, the force this produces will barely move a piece of paper in front of it. The beauty of ion engine, though, is that because in space, inertia isn't hampered except by collision or a gravity field, this little bit gets larger as time increases. It's not much force, but given time it gets zooming.
I used to be someone else. Now I'm someone better.
Real life is underrated.
Sorry, couldn't resist. But seriously:
The attempt to rank vendors according to their security success rate is a risky business. The aim of most virus writers is usually for their worm to achieve its biggest impact, and so will target platforms that are widely used. "Microsoft is targetted as it is so popular, rather than the system being the least secure," said Cluley.
You have to love how they pull the "everyone is jealous so they pick on us" stuff everytime they screw up. Suprise, shitstreak, Microsoft does not make the world's most popular Web server. That's Apache. "Hackers", as you call these jerks, do not target Microsoft because they're the most popular. They target Microsoft because Microsoft has made itself an easy target by making it really easy to hack their products. If popularity made you a target, we'd see scores of Apache worms.
How many security holes so far discovered in XP?
How many security holes so far discovered in Linux?
0 for XP.
Hundreds for Linux.
Therefore, XP is better. Currently, XP is the more secure OS ever. That record will last about a week, so get it while it's hot.
How many beneficial software projects simply wouldn't exist without this sans-management stucture?
Here are NASA engineers, squeezing every last drop of science and knowledge out of projects which had justified themselves and their cost before the end of the Cold War- the possibilities presented by a modern project would now be so exponentially greater, due to increased technology, that it's ludicrous Congress doesn't invest in such more heavily. Perhaps one could add this to the list of things /. could become a million-strong lobby for.
Acutally, it is Cluely, someone from a firm called Sophos, who claims IIS is being targetted because it is widespread. The only Microsoft quote is from some Peon saying "IIS is as secure as our competitors' products, and what differentiates Microsoft is our industry-leading response process" Now, as to the first point, as some earlier poster pointed out Apache is still a leading webserver as hasn't had nearly the compromise. Sure, crackers will go after widespread targets. But they'll also go after the easier ones. As to Microsoft being distinguished by its response process, I couldn't agree more. Few other companies respond with as much hot air (This flaw would be very technically difficult to exploit...) and as cruddy patches. Just read through SecurityFocus.
Since an Ion engine ionizes its supply of onboard gas (so it gets an electrical charge), then electrically accrelerates it out the back, that's why TIE fighters make that wooshing noise. All the gas they expel makes for enough of an atmosphere for sound to carry to the nearby cameras :)
A.
According to The Register, their reaction also includes the following:
Timeo idiotikOS et dona ferentes
subject says it all.
http://www.msnbc.com/news/206711.asp
pw: testtest
'Nuff said.
"If you think education is expensive, try ignorance" - Derek Bok
Am I the only one that sees half of a face in the released picture of Comet Borely?
This is the biggest image of it:
http://nmp.jpl.nasa.gov/ds1/img/borrelly_1.jpg
Then I must conclude that there are twice as many worms developed for Apache, than IIS. I feel sorry for all you poor Apache users. Your worm problems haven't received nearly as much publicity and sympathy. It must be a conspiracy.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
Worms dont happen to Mac web servers running WebStar.
.exe because macintoshes do not have file suffixes. The mac OS (9,x and older) uses a four byte file type designator that the user never sees and cannot be set carelessly.
EVER.
Thats why no reports of ANY exploit has ever been published regarding the secure Mac OS. !
consult bugtraq if you doubt this.
This Gartner report is a sham unless it really discusses techical issues regarding the macs securuity as a web server.
C Language alone is not the sole reason but the types of STRINGs used in ANSI C libraries certainly adds risk.
Worms dont happen to Macs because Mac programmers rarely have buffer overrun problems because mac apps typically NEVER use null terminated strings and intead use "pascal" style strings that have a bounds of 255 and a marker in the front.
Additionally mac programmers tend to know that there is no false sense of security because all code is running at supervisor level so programs, like Webstar, are careful not to do foolish things.
Mac programs and executables NEVER can run merely from a data file named with a suffix such as
A further reason macs are more secure than unix (hundreds of documented exploits) and Win NT (almost as many exploits documented over the years), is because the mac does not have a command line shell and has no path to hijack. No command line and a modern type of interprogram communication prevent the silly weaknesses in other OSs.
Yet another reason the Mac is secure is vecause a mac program (either 68k or PowerPC) needs TWO files to execute and not one file. The second file is called the resource fork and it is genreally an invisible file kept tightly associated with a file. classic internet apps do not create or allow creation of these resource forks as side effects of merely storing data files. Macs are very secure from infiltration by dynamic creation of apps by rouge products on a server
Another reason macs have NEVER been broken into running the WebStar server is because the mighty Mac OS Webstar server, (which typically costs over 400 dollars unfortunately), avoids ever executing cgi code files from directories where they ought not to be. A clever set of directory and folder control prevent the webserver from being hijacked unlike earlier versions of apache.
The US army switched to Webstar webservers on macs when MS NT webservers kept getting hacked.
There are thousands of major webstar servers out there. I think many are colocated at reprahduce.com cages.
And mac NEVER get hacked. EVER. and NEVER have, even with public challenges and reward money.
Sure, there may be some defects that might get discoverred one day, and surely any mac not runnning mac os such as ppcLinux, or MAc OS X (freeBSD derivitive) are hackable.
But face it. Macs have NEVER been hacked and that is because of modern and sound design principles.
Myself and other mac programmers I know have NEVER shipped a product containing a single null terminated C string, and do lots of paranoid error checking as well.
Unix is hackable not because of open source, not because of popularity (both of which help) but because of all the things I mentioned here.
But I agree about the other OS's sucking. parts of the older Mac OS itself is written using pascal strings, in fact the original ROMs were written using only pascal compilers and some assembly, and no C. But string overruns alone are not the ONLY reasons mac servers have never been hacked, (command line, dual fork, no extensions, etc etc).
Wake up and quite being bigoted. "Never" is a good enough abosolute ajective for most logical people to draw up reasoned conclusions from.
When is Mr Katz going to do a film review of the new movie everyone is talking about
the movie is called Glitter and I would like to know Mr Katz' opinion
MS had its roots in BASIC on small hobby computers. Much of what they have done since is summed up by their home-grown product: GeeWhizz Basic.
The network that they have now is based on IBM OS/2 Lan Server, which they got in code sharing arangements with IBM. I mean, the OS/2 1.3 help file still serves me well under NT4.
Their main contribution has to lay all sorts of flash in fanciful languages, purpose designed to ensure upgrades. Excel, for example, has had three entirely different languages in five years. Most people could not be bothered to learn the new language. A lot less macro writing happens now then in the days of Lotus 123 for DOS. Mind you, it does not stop the script kiddies, who are learning the latest exploits.
Most MS products ship badly configured. Like, who would put a spell checker on a function key (F7), if spell checking is done live anyway. I mean, you either do it live because you have the juice, or you do it from the tools menu because you don't have the resources to run it all the time. Putting it on a function key is silly. Except to bring it up on sales promotions. "Yes, we have spell checker [press F7]".
So their network stuff is full of flashing chrome designed to sell the thing to executives, and the scripts that run this chrome is by this set up, already in a form ready for remote exploits. Yes, you can configure it, if you want to stuff around in the registry and hidden settings. But most people dont have the knowledge or time to do something that should be a default or available choice.
MS is a small system maker that is attempting to do big time: all they do is big time damage.
OS/2 - because choice is a terrible thing to waste.
No mac eb server has EVER been exploited or hacked.
EVER. Consult bugtraq if you doubt this.
But its not because of unpopularity.... its because of secure desing principles... no command line... no filename extensions... no c string buffer overruns... etc etc.
Microsoft products are rarely considered to be secure. Outlook is a laughing stock, and IIS is a running joke in the industry I'm in (managed services). So much so that we've been wondering whether or not to charge customers who insist on using IIS an extra fee for all the time we spend monitoring and patching their boxes. History has shown that if we get a new customer who demands to use IIS, then we can be reasonably assured that we'll have multiple headaches dealing with it so we might as well charge them. We (thankfully) never even considered supporting Exchange. We're going to ban IE from all NOC machines as well. Weaning people off Outlook may be harder, though. (Mirapoints help us mitigate that threat.)
The "competition"? That would be Apache, Opera, Eudora (or Pine for some of us), qmail, etc. The "competition" is not half as secure. It is far more secure, everything else being equal (i.e., everything is installed properly, configured correctly, etc). That's my opinion, to be sure, but a colo full of servers running about everything you can think of formed it for me and I stand by it.
You are the target, and you will be breached...
That statement is specious at best. The only way to be completely secure is to have a standalone box. Which isn't an option, and therefore silly to say.
MS software will never be completely secure. Yes, things like wu-ftp and such can be insecure as well. Anything can be. But at least most free/OS packages try to be secure. MS software isn't even trying to be secure. Hell, they apparently aren't even trying to be half-assed.
When will they get that through their thick skulls???
I'm wondering when people will stop drinking the MS koolaid and realize that there are many better, cheaper, more stable and more secure options available to them.
-B
Ash and Hickory, straight-grained and true, make excellent bludgeons, dandy for the cudgeling of vegetarians.
Just kidding, but tell me one thing. I don't really care WHY the platform has more viruses, if its because its insecure or just more popular. There is clear account of HAVING more viruses and thus BEING more insecure and thus HAVING bigger
TCO. In other words, reasons enough for replacing
this unreliable service.
If programs would be read like poetry, most programmers would be Vogons.
Could we, in fact, turn a Disney DVD into a terrorist tool? Has it already been done? Should we be encouraging Congress to ban the CSS encryption scheme because it could have been used in such a way? Interesting questions, no?
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
I thought a majority of web servers run a varient of linux
Here's the key to it. The majority of servers run some variant of Linux. Most buffer overflow bugs require a specific offset and known layouts in memory. If you look at the specific versions out there IIS is probably the most common single version of any product out there (can you get this info from Netcraft?)
On the other hand, it could just be stupid admins - check out http://www.netcraft.com/Survey/vuln.gif. I'm sorry, but those numbers make me puke when I think any of those people seriously call themselves admins...
Fear: When you see B8 00 4C CD 21 and know what it means
Here is a sneak peek at the documentation for the new IIS rewrite. Of course there are a lot of bugs in this version of the document and it'll have to be edited quite heavily before the final release...
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
That's because no one would notice. A mac being down because it has been rooted is indistinguishable from a mac that is down because it has no concept of protected memory or because the only mouse button got stuck and the system is won't respond until the button is released.
Considering the pathethic stability of mac OS pre X, compromising a mac would be pointless - it wouldn't stay up long enough to do anything with once it had been owned. If everyone used Macs, DDoS attacks would be impossible. Hey, that's a good thing. Everybody, start saving.
</troll>
Connell's essay was spot on. Maybe ESR needs to clarify some of his points, since he's either flat-out wrong or else he isn't explaining himself clearly enough. But just being a twat about it helps no-one.
Still, after reading his "I'm a millionaire" essay I'm thinking maybe ESR just can't help acting like a twat.
In quite a number of the responses I've seen there has been discussion about whether IIS is simply more targetted, or really insecure.
Some have discounted the more targetted point of view because Apache is reportedly far more popular. Ok, granted. But now for my sad analogy... Single family homes are far more popular in the United States than skyscrapers, but when terrorists want to make a point, what types of buildings do they attack?
People who write viruses may not be "terrorists" as they aren't trying to kill people. Sometimes they don't even have a point to make, but they most certainly want to cause financial damage, so who better to target?
After we receive your written request along with the above items ($14.95 & A S.A.S.E), we will process it and promptly send you the disc when it becomes available.
Seems like they want to not make it as easy as possible for people to get the code...
So, brtb, when you receive the disk, could you set up a sourceforge project and upload the files..? so otehrs can have a peak without the $ and snail-mail bother...
Every day I get about 10,000 attempts by various people to execute CMD.EXE on my server (a FreeBSD box!) and so compromise it. I consider each of these attempts to be an attack. Can I sue these attackers? If not can they be tried in a criminal court? If not can I sue the morons who are negligent enough to run a server with known and well publicised bugs without patching. Surely someone can be sued here. Anyone out there a lawyer?
-- SIGFPE
It's called an Enigma Machine. :)
Maybe the approach and landing on a comet in that movie isn't that bad afterall...
Well okay so you can't fly like they did, but if DS1 survived that close, I'd imagine that NASA could build some sort of craft that could land on those rolling hills in the middle of nucleus. Those pictures make you wonder where all the dust comes from, given the fact that the coma is the size of earth!
So Microsoft is claiming "unfair targeting due to their popularity"?
:)
Do they mean popularity as a target of Internet worm/virus/trojan attacks?
Virus writers aren't the brightest bunch of people.
It is easier to attack IIS which is preinstalled on their sparkly new downloaded copy of 2K than Apache on linux - both of which need an IQ point or two to use and understand.
Why pretend that virus writers are stupid?
...I once received an email that read something to this effect:
Hi! This email virus works on the honor system. Delete some random files and then forward this email to everybody in your address book.
Hmmm... I wonder if sending this email to a bunch of random people constitutes setting off a virus?
I suggest that, instead of suing those poor children, you just display a list of IP addresses of IIS servers, along with the information that your server is NOT an IIS whenever they try to attack. This way they will be informed and won't come back, and in addition (gosh, 10,000 a day !) they will go do some clean-up job in IIS servers.
-- javaDragon is an instance of JavaDragon.
"According to this article Microsoft is responding to the Gartner Report which recommends that enterprises drop IIS by claiming unfair targeting due to their popularity."
Would that be popularity among virus authors?
Considering Apache runs the vast majority of the web, exactly how popular is IIS? Lets figure this mathematically. If you take (default.ida?X) to the 10th power... oh, nevermind.
Could somebody please help these people out of the fog...
Skiers and Riders -- http://www.snowjournal.com
Ok, I'm tired of seeing people always throw out that since Apache has more market share than IIS there are more Apache servers sitting on the Internet. This is simply not true, IIRC, from the numbers we saw for code red.
.. it worked because of the tens of thousands of IIS servers running by people who didn't know they were there.
.. and probably never knew they had it.
There are thousands of people running IIS on Win2k server, many of which are 31337 warez puppies on cable modems who installed win2k server because it was the biggest Win2k download and hence had the most stuff. These people are not included in the "market share" of IIS webservers.
The exploits for IIS worked not because of the relatively small number of sysadmins who did not update their IIS servers eventually
No competent sysadmin had their system compromised by Code Red, and if they did, they had it patched quickly. The people who got Code Red 2 were not part of the "market share"
--
Hmm... where do I remember him from?
Always nice to have a few staunch supporters ready to jump to your defense
I/O Error G-17: Aborting Installation
I'm not sure, but isn't that against one or more of MS's EULA's? I mean if I can't use Front Page to poke fun at MS, then I'm sure there is probably some such clause in IIS's or win2K's EULA.
Shift happens. Fire it up.
Further proof that the last sentence can redeem any post.
Umm... about 6.5 years ago many university Mac labs were completely overrun -- shut down -- because of fast spreading viruses that moved like wildfire. I remember watching a lab shut down within 15 minutes (25 machines). Cleaned by the next day and then shut down again in another 15 minutes.
The Mac is not invulnerable. Far from it. Webstar hasn't been hacked yet -- congratulations! That's good news and the developers deserve thanks.
Of course if the Mac were in any way a significant platform for web serving it might make more of an impact. Right now it isn't nor does it look like it will be in the near future. As a matter of fact it is an extremely tiny server platform.
The reasons that the Mac is a marginal platform for servers are many but center around a few significant facts. In the past they have not been built as true servers that can compete on a price/performance module -- not the cpu but the entire system. The development platforms for open source (Linux, etc.) and NT (IIS/ASP/etc.) implementations are easy, powerful and productive -- the Mac is not really superior and in some areas doesn't come close to the base functionality of either Linux or NT/2000.
Frankly the Mac is a marginal system. Always has been. May always be. To move away from marginality it needs to present a compelling technical ability (i.e.: price/performance must soundly trounce the competition), an ability to deliver solutions swiftly and/or an ability to deliver web solutions that no other platform can do.
Doesn't look good for the Mac.
Hrm, interesting; I had not thought about that when I read it the first time. When I send in a request for the code (sans serial number, now), I'll ask them about it.
Or do you proud Mac Users forget the magic keys of good ole At Ease. Damn thing didn't even need a friggin buffer overflow. We won't even get into the whole virtual memory issue.
Back in elementary school, we used Macs and they were just as pityful as windows machines are today.
I will never understand MacUsers... People say Linux people are crazy but atleast they have something to be proud of.
int func(int a);
func((b += 3, b));
Both OS/2 and Linux have thriving communities because people care enough about them to make them work. People joining together to get a driver to work, or to replicate SMB addressing, or whatever.
The source is the force, because it's been eyeballed by people who have the problem, and people care enough to fix it today, not tomorrow, or next service pack. Linux patches come out a lot faster because it is open source. And because many people look over it and listen, it is now more robust than the commercial stuff.
And if you don't understand that, then you don't understand why Linux got to where it is without some company driving it. Windows and OS/2 and AIX had to be driven by companies. Linux is driven by the people.
OS/2 - because choice is a terrible thing to waste.
Don't get me wrong....I'm NOT saying that Apache is perfect. Apache does however, seem to have a MUCH better track record for security breaches than IIS does.
Hell, that's one of the reasons I started using Linux, and applications like Apache and Qmail that run on Linux.
This happens in ONE INSTANCE, and ONE INSTANCE only. Windows 9x people who upgrade to Windows 2000 Pro who were running PWS. At NO OTHER TIME is IIS installed automatically.
Have you even thought about how rare that occasion is? I would be you a heck of a lot of money that very few of the computers that were infected by CR/Nimda can use that excuse. Heck, your averge Win9x/Frontpage manic probably doesn't know what the heck Win2K is to begin with.
Also, it's terribly obvious when IIS is running on a Win2K box. Heck, you could write a simple app to discover if any of the network machines are running web servers PERIOD. But, beside that...who's not gonna see the IIS and related "services" in admin consoles, or notice that the "Internet Services Manager" is in with the Administrative Tools. If an admin can't figure that out, they aren't an admin.
To be perfectly honest, Microsoft admins are mostly a bung of slackers who think that because the OS has a nice GUI that it must be easy to admin. The average MS admin is easily 3 steps below the average *nix admin simply because they think they know it all when they don't.
-Jayde
What's a sig?
Yup, Macs were certianly ahead of their time. Windows has taken years to suck as much as Macs did back in the late eighties.
The problem with surveys like Netcraft is that they only take into account web servers. But because IIS is an integral part of the operating system (tm), it gets installed on all sorts of things which aren't web servers, making it thus more popular than Apache, and a better target for worms.
Of course, you can't really blame these people for not keeping the web server they didn't know about (but probably paid for) up to date, and you may wonder why the server has to include features that MS can't make secure the first time when it does not, in fact, have to include any features at all.
Correct me if I'm wrong, but I didn't think IIS (or Personal Web Services) was installed by default on Win2k Pro? This is all supposition because I can't remember whether I deliberately turned it on when I installed my machine or not (it's set to only accept on 127.0.0.1 though).
Fear: When you see B8 00 4C CD 21 and know what it means
Excerpted from Netcraft's Web Server Survey http://www.netcraft.com/survey/
Take that, marketroid!
Snickersnee3: Build your own 3-watt Luxeon Star headlamp from scratch
He was talking solely about web servers.
Higher Logics: where programming meets science.
There must be intelligent alien life on the comet.
Quick, alert the editors at that fine scientific magazine " Weekly World News."
KFG
Thus, using Internet-exposed IIS Web servers securely has a high cost of ownership. Enterprises using Microsoft's IIS Web server software have to update every IIS server with every Microsoft security patch that comes out ? almost weekly.
This is the biggest problem with maintaining Microsoft networks. Exploits in IIS or Windows are far too frequent, and almost all patches require reboots. You can imagine the response I get when I call management every other week and say "I need emergency downtime to patch 65 of our servers...".
Microsoft loves to talk about how their software has a lower TCO than other operating systems. Perhaps they don't count the cost of man-hours spent applying patches, or the downtime involved?
xStore is only obligated to provide source code to those people who received binaries. If they don't want to give the source to anyone else, then they don't have to. The serial number is probably to verify that you have the hardware. However, once you have the source code, you can do what you want within the confines of the GPL, including post it on SourceForge, your website, or the door of your local church with a tack.
The IBM Public License is interesting in its source code distribution policy. It states that source code must be distributed in a format typically used for storing program code. In other words, unlike some Open Source licenses, the IBM license prevents you from distributing the source carved into a grain of rice, or coded into the DNA of an engineered bacterium.
A solution to the problem with music today
On a G3, MacOSX has proven to be slowish (Dog slow, in my not so humble opinion...) compared to Linux. If you don't have apps that are OSX only and have a NewWorld Mac, you will run about as well or better with YDL or one of the other distributions. I'd not say many are moving. The Linux users seem to be staying where they are in my area.
I am not merely a "consumer" or a "taxpayer". I am a Citizen of the State of Texas
This is also true of the GPL:
At some point, of course, it was decided that distributing source in a 650MB CD-ROM image was OK under these terms (!?), but that's another argument for another day. ;)
The only way you can get away with never shipping a product containing a single null terminated C string is to not use C. Also, what does a lack of a command line interface have to do with cracking a system? Most exploits are done without the user's interaction. A worm/virus that requires you to type something in won't spread far.
I have been thinking about this as well as one of the places I do contract work for is getting pounded daily with Nimda and Code Red I/II attacks as well. Since the box is running Linux, the attacks don't matter but I have been wondering if there is some way that a sysadmin could take advantage of these requests to stop the attacking system.
Various people have mentioned writing a white hat virus that would shut down the attacker and all that - but in reality that just puts you in the same boat as someone attacking their system - and its therefore illegal.But if someone's computer makes an http request for a file from my server, am I responsible if what they get is not what they might expect to get?
What if I was to create a file consisting of nothing but the letter X that was, say, 1Gb in size, and leave it on my linux webserver with a name like "root.exe"? It wouldn't take all that many requests for the attacking system to run out of HD space. Granted service on my server might suck for a bit, but eventually if enough linux admins did this the target systems would simply shutdown for lack of swap space or HD space or whathaveyou.
Or perhaps I tell Apache to treat .exe files as PHP files and process them accordingly. Then I create a PHP script that sends prints nothing but Xs or random numbers in a long string back to the requesting server (with the execution time limit for PHP turned off). It would be like 5 lines of code total.
After all, its my server, so presumeably I put the file there for my own purposes, indicated in robots.txt that I dont want it indexed etc. If some other system makes a request for that file which I have in no way indicated is present on my system, isn't there fault/problem if the file is too big, or causes problems at their end?
I am sure the clever folks at /. could think of other things that could be done in this manner.
Just food for thought, and I would love to see some suggestions...
"The first time I got drunk, I got married. The second time I bought a chimpanzee, after that I stayed sober" Arian Seid
http:// www.zdnet.com/zdnn/content/mcwo/0818/mcwo0001.html
I'm sure more astute individuals will find more. If you'd have spent five minutes with Google instead of simply spouting off in a public forum, you would not appear as nearly the zealot that you do now.
If it's got the fileshare for an entire group of machines, I'll bet you money that it'd be infected almost immediately and anyone else that's hooked to the machine by nature.
All it takes is for the virus to inject itself in the CODE fork of one of several files to "properly" infect a machine and then start randomly infecting everything (Remember, some of the magic of MacOS comes from all files potentially having a CODE resource fork and MacOS acting on the same... Simply inserting a floppy into an unprotected machine can infect the machine in many cases...).
Once that's happened on the fileshare machine, all the other machines are only a matter of time before they're infected too.
Sadly, I DO believe him- it's entirely possible. Just not directly from off the Internet like it is with Windows machines.
I am not merely a "consumer" or a "taxpayer". I am a Citizen of the State of Texas
IIS also runs on HPUX. I'm too lazy to find the links at microsoft or HP, but for an example, see: www.uidaho.edu. It's sad, really. The only reason UI switched from apache was for frontpage extentions.
I thought they were called TIE fighters, because they looked like little bow-ties. Silly me.
root access is root access regardless of the distribution. CodeRed and Nimbda cracked IIS to get "root" access on NT servers. They did not crack Apache to get root access on the Apache boxen.
First look above may99, apache goes up, and IIS goes down. Right after that, apache slightly drops while IIS slightly peaks.
The same thing happens right above the J in july00 and halfway between july00 and aug01 as well as right above the U in aug01.
Offtopic, but still amusingly interesting. It almost seems as if few new webservers are being added in the results -- possibly companies shifting back and forth. (since we know that Apache also runs on windows and IIS also runs on HPUX and other unicies.)
The actual reason that Macs don't get buffer overflow exploits, is because Macs (both PPC and 68k) use modern processors whose stacks grow the right way. So even if local storage overflows and corrupts the stack, it doesn't overwrite a return address.
Windows, on the other hand, mainly just runs on archaic processors from the 1970s, whose stack is back-asswards, so that return addresses and other important stuff are easily splattered.
Some day, Motorola's lamenless and inability to deliver sufficient quantity of chips will finally break the camel's back, and Apple will port MacOS to Intel/AMD processors. Then Macs will suck just as much as today's Wintel boxes. So enjoy those Macs while you still can.
Now that Windows XP is here does that make Windows NT and Windows 2000 a legacy product?
Yeah, but this was probably before sales tax was introduced in the US.
Taxes grew grew by 1000-2000% during the 20th censtury. At least that won't happen this century...
From the time I read about it on /., it took Microsoft over three days before a search on Microsoft.com for Code Red Virus or Code Red Worm would turn up anything. I don't know what industry they're leading, but it sure has nothing to do with computer security.
One mail server - Unix scales.
One web server - Unix scales.
One print server - Unix scales.
One file server - Unix scales.
One Oracle database server - Unix scales.
One middleware hub - Unix scales.
Three DNS servers - On different networks.
And one system to manage them all.
I have no second level admins. For a similar number of users - about 800.
It's just me and "It all just works". You feel free to go on running yourself ragged with crap systems. Eventually you'll get fired or burnt out and someone who knows what they're doing will fix it.
Deleted
The windows platform is very popular. Most common desktop by far; sheer numbers makes it a target. Add in that the average user has little IT experience and (either because of design or end user maintenance... or both) that a lot of these machines will be full of holes... great target.
Lets say its not IIS that's under scrutiny but Apache. Very popular. Lots of holes. And a large percentage of the user base tends not to patch holes as they're announced. Great target.
Just because Apache tends to be ran on non-Windows hosts does not mean we can't put them togeather. sadmind did just that. It spread on Solaris systems to attack and deface IIS servers. No reason we can't launch a new Nimda-a-like that propogates amoung windows machines and attackes Apache (on whaterver OS its sitting on) hosts.
But, of course, that's not what is going on. IIS is being attacked because of the virtues of IIS, not because its usually sitting on Windows hosts.
So, I guess use of Apache must not be too widespread, eh? Now I'm not going to try to make the uneducated claim that Apache is really more secure than IIS, but for some reason there are far fewer security breaches on Apache. Maybe it's because virus writers are more supportive of Apache. Who knows? Unless something has changed in the last year, Apache still has the largest install base out there, and based on Microsoft's reasoning it should have the largest number of exploits.
I read the entire Gartner release, and I thought it was very insightful. They didn't say, "Take down your IIS servers." Instead, they carefully qualified it, suggesting that "...enterprises hit by both Code Red and Nimda immediately investigate alternatives to IIS, including moving Web applications to Web server software from other vendors, such as iPlanet and Apache." Note the key word investigate. Also note that they only suggest this for people hit by both viruses.
Microsoft's rebuttal also fails to properly address a serious issue: "cost of ownership." They make the wonderous claim about how fast they release patches to fix these security holes. What they missed entirely was the fact that a company can't be paying for the resources and downtime to apply a patch WEEKLY, not to mention the need for somebody to constantly watch for a security update so that it can be installed before somebody exploits it.
What Microsoft *should* have done (IMHO) is kept their mouths shut and swing some resources into either rewriting IIS or truly removing security holes, and then have a surprise release to counter Gartner's arguments.
GreyPoopon
--
Why is it I can write insightful comments but can't come up with a clever signature?
Both Raymond and Connell agreed that Open Source projects have 'management' or 'leadership'.
As Connell says in his reply - what you mean by 'sans-management' is really 'sans-BAD-management'.
I honestly don't care about it my OS so much -- grew out of that idealism around 23.
Does it get the job done? Is it supported and supportable? Is the company and product going to be here long term? Good enough!
Is it cost effective? Will I need to hire a team of crack programmers to make it work tommorrow?
The business of business is business -- not open source which by definition at this point is NOT a business.
Unix works and has. Linux works for what it does today and should be used as such. Windows has worked for several iterations and is the main stream user experience -- well earned may I add.
Don't ask me to contribute to open source, I'm not interested. I am interested in using what works and if an open source product works the license allows me to take it. There is no profit for businesses in contribution.
you are wrong. you can use all the c you want to and never have null terminated strings.
All the mac c compilers support "Pascal" static strings.
But even lacking those niceties, merely by avoiding ANSI C library strings and using the mac OS alone, you can write massive apps without a single null terminated string.
plus pascal strings are much mucha faster than null terminated, obviously.
Why the hell did this article get marked this TROLL today?
ITs 100% factually and not meant to troll but to educate.
I guess linux brained moderators are uneducatable and have to denounce the truth as "troll" whnever they can't face reality.
Here's a pdf article from The Industrial Physicist that talks not only about ion engines, but also other future engine concepts.
Does anyone know what the PR guy was trying
to say here?
No competent sysadmin had their system compromised by Code Red, and if they did, they had it patched quickly. The people who got Code Red 2 were not part of the "market share" .. and probably never knew they had it.
On that note, I would like to point out that the State Government of south Australia's network was down for much of last week and the beginning of this week because of Nimda. the network is maintained by EDS Australia, who once again have shown they haven't a clue about how to actually administer systems or networks.
portions of the network are currently still offline, as the company responsible for the security sufficiently lax to allow Nimda to render it inoperable is apparently unable to rid some segments of the LAN and restore connectivity.
disgusting. and they call themselves an IT company.
" son, you can never really forgive a person.
but you can kill 'em "
You have "8 clueless admins and 6 semi-knowledgable ones" and can't assign this rather important task to one of them?
I mean, isn't that the argument for closed source? How is it that all the source code is out there for apache, and the open source operating systems that it runs on most of the time, but microsoft + IIS is still the exploit king?
The most important thing any republican needs to know.
FrontPage Extensions are suid root. The soft underbelly of Apache. Apache may run as nobody, but the FrontPage Extensions own the machine.
Kidding of course, but my first thought was that.
stored on computers from birth to the grave
That's because no one really cares about the three machines that are running it.
What an obvious troll.
The Anti-Blog
As I went from desk to desk here applying patches to our various IE versions, I began to fantasize about what this job would be like if the clients had a different operating system, one which I could start a remote shell on. It would be great if I could use one of the several scripting languages I know to write a script which would run from my machine and patch all of the clients. It would be great if I could trust the patch to run from a logon script. Maybe I will learn Visual Basic some day. I still don't think that will get me there, though, because I have no idea what many of the patches I apply are actually doing. I keep seeing security advisories on Microsoft's support site that say you can: a. Change the following three registry entries or b. Apply this 3 meg patch.
HTF can those be equivalent actions? What exactly am I turning on or off with these cryptic registry keys?
But life with Microsoft is not so easy, is it? They keep sending you patches that require you to physically sit at each machine and click your way through dialog boxes, and you don't have time for that.
Where your Apache admin, who has fewer machines to patch and fewer patches to apply, can write a PERL script to do the job for him, you have to sit at each IIS box, open the control panel for each site, and click your way through the changes. Wouldn't it be great if you could SSH in and apply patches or make configuration changes from home while you watch the ball game? Of course it would.
I feel your pain, because I am dealing with it every day. The hardest decision I ever made here was to sit down with my boss, put my reputation (and job) on the line, and get permission to bring in some free technology on a trial basis. After some testing and configuration, I have replaced three NT boxes with Linux. Samba and the smb_auth libraries have made it possible to replace many NT services completely transparently. The main difference is I no longer have to come in on the weekends for "maintenance reboots" or just to make sure everything is working. My current hurdle is figuring out how to replace Exchange in a way that won't irritate my users and/or bosses. Every NT box I pull the plug on reduces my workload. What are you doing about yours?
I am not trying to be combative, but you did mention that your boss has asked you for things that used to be easy to get from his old VAX cluster. Have you explained to him the limitations imposed by the decision to move from VMS or Unix (free or otherwise) to NT? What is NT giving you guys that other systems do not? Make sure your evalutation of NT includes an accurate picture of the increased administration effort it requires.
You sound like you are pretty high in the food chain over there-- politely ask for the tools you need to make your job easier. The push for better technology has got to come from our end-- management will not do it for us. As Linux and FreeBSD gain more market share, it forces Microsoft to evolve. Believe me, they have the resources. They aren't writing cheesy hacks because they can't do any better. They are writing chessy hacks because it pays a lot more than sweating the details does. Show them you won't settle for that and we can all go back to the good old days of sysadmins who had time for the occasional game of DOOM.
Another good example would be the gcc/egcs history, where the release structure split repeatedly (386gcc, g77,djgpp,etc.), and later merged again (in a fork! -- egcs-1.0 which a few releases later became the main branch). If you examine the overlapping hierarchies of release management of that project over the last 13 years, you will see that any concept of a single flat hierarchy completely misses the actual dynamics involved.
- "History shows again and again how nature points out the folly of men" -- Blue Oyster Cult, 'Godzilla'
MS may *say* they own 95% of the server market, but they are *lying*.
They may very well be correct. Economists define "market share" along the lines of "fraction of the total amount of money spent by consumers in return for products," excluding software available for no charge such as AOLserver and Apache HTTP Server. Microsoft's IIS is the most popular HTTP (etc.) server software that's not at least free as in beer, and it may very well have over 90 percent of that market.
Will I retire or break 10K?
The 'reply' to ESR's reply was nothing more that a warbling last-ditch attempt at saving face. Relax, get involved and see what it's really like or don't. In the meantime, making a name for yourself by nipping at the heels of those who have worked harder and longer than you is not the way to go, IMHO.
**>>BELCH
All the comments I looked at were very pro-microsoft in the talkback section of the zdnet article. They're pretty funny to read, is Microsoft's PR group posting these or are there really this many clueless people reading zdnet?
Among my favourite is one comment that says that microsoft is targetted because it's a popular server OS as opposed to linux which barely has any share of the desktop market.
Help find a cure for cancer!
>>root access is root access regardless of the distribution.
A hardened OpenBSD with the right partitions mounted read/only and append only would be pretty hard to mess with without leaving lots of tracks.
Most people clueful enough to use apache wouldn't waste it on such a crappy OS.
On my Dell box that came with Windows ME, to which my school has assigned a semistatic IP address with DHCP, I use Apache HTTP Server for Windows to share files that are too big to send to the average user's e-mail inbox because it's the best free static file server that users can access by clicking on a URL in an e-mail, and it also handles my personal home page without the annoying porn/gambling popups and file size limits that most free hosting providers impose.
By now, you probably asked "why don't you use BSD or Linux?" Easy. The last time I tried Linux, the kernel had trouble talking to my 3COM network card. (Granted, this was to be expected of Red Hat 7 with a 2.4.1 kernel.) I haven't had much available time since then (e.g. to install a more recent Red Hat distro) because over summer vacation, I couldn't make much use of Linux anyway because my computer came with a winmodem, and I don't exactly have the $$$ right now to shell out for a computer designed to run GNU/Linux as its primary operating system.
Will I retire or break 10K?
Hmmm...now I'm no heavy duty sysadmin or anything, just a lowly coder. However, most of these patches can be installed through the use of (a) SMS scripts; (b) Windows Installer packages automated via domain policies; (c) plain old shell scripts written in VB, JavaScript, Perl, or any other scripting language. I do this sort of thing all the time as I do not have physical access to many of the servers I use.
The tools are available. It's a shame (and a recurring theme) that most Windows admins have not learned to use them.
BRENT ROCKWOOD, EST'd 1975
If you want a REALLY secure system, try WebSphere on an IBM AS/400... uh... IBM iSeries box or run Apache under their PASE subsystem. Most secure system in the world (perhaps even more secure than the S/390... uh... zSeries) and can even be auto-configured to a C2-secure level out of the box - just set your QSECLVL system variable to 50 (I think, it's been a while).
That is all.
Eeeeh.. why not:
Install VNC so you can take over your clients or servers from the comfort of your own desk?
Use the free Kixstart scripting language so you can do all the loginscript tricks you want to?
Make a scripted install for all the different hardware configurations you have so all you have to do is boot the machine with a bootdisk type in a unique computer name and go drink coffee while the machine is brought up fresh. User messed up his computer? Just put in the floppy and bring the machine up clean its quicker than troubleshooting the damned thing. If there are only a few hardware configurations to support you could also use ghost to make images for this.
Forget about replacing Exchange if your users are into heavy Outlook use they will not be reasonable about it. Try to disable all unnecessary services on that box and schedule a preventive reboot so it's only down when it's convenient to you.
I used all these tricks and they are not particular difficult. Linux is great but a good Windows Administrator has other alternatives that fit in the chosen environment.
I think they're worth reading for a different reason: learning, through positive and negative examples, how one can put forward a claim that the ideas in someone's essay are not well supported (either by reality or by the arguments made in that essay), without making the (necessary) references to the essay's author sufficiently colorful and witty that it becomes imperative to add an aside of the form "I don't actually think the author is an idiot, just wrong-headed" to prevent readers from drawing the wrong conclusion. (The matter of whether either side in this instance is in fact correct, I found actually to be of less interest than this intriguing, if subtle, contrast in tone.)
"The Crystal Wind is the Storm, and the Storm is Data, and the Data is Life"
One other note: I thought a majority of web servers run a varient of linux.
This has been a pet peeve of mine for awhile. Just because NetCraft says "Apache" DOES NOT MEAN IT'S LINUX! The MAJORITY of the web servers run Solaris and BSD. Linux is still trailing. But they DO RUN APACHE! Let me clarify one more time:
APACHE != LINUX
Ok, next punk to tell me that Linux owns the 'net gets a bloody lip.
Javascript + Nintendo DSi = DSiCade
Those who have received binaries, although not necessarily from xStore, must be able to receive the source code. Take, for example, the PS2-Linux kit. No source code is made available to anyone except those who purchased one. However, some (very few) owners of the kit are distributing that source just like the GPL says they can, and that's how PS2 support is being added to the MIPS kernel tree.
A solution to the problem with music today
I believe that the only people that you are obliged to provide the source to are those that already have a legitimate copy of the binary. What you can't do is limit their right to redistribute. This generally leads to folk distributing the source freely, but there is no such obligation.
I think we've pushed this "anyone can grow up to be president" thing too far.
I was hoping that I would get some responses in this vein.
/etc/hostname or some similar and you can go home.
I often wonder if I am guilty of clinging to the tools I think I know as opposed to learning appropriate tools for the job at hand.
I have often thought that learning VB could make my job *much* easier, because VB and its variations very much seem to be Microsoft's answer to automation (I don't believe other options have the object model support you need to be truly useful, except maybe Perl::OLE). I have been hacking Perl for a while, and I am learning Python now to let me play with Zope on a more functional level.
I have made one abortive attempt to learn VBA from one of O'Reilly's nutshell books (I have had great luck with these), and I found the syntax annoyed me to the point that I lost interest fairly quickly.
I have always been a self-taught programmer, but it seems like my knowledge builds critical mass much faster with other tools than with VB. Is there an unfair bias here? I would like to think that there isn't, and that the following two things are generally true:
1. The windows automation object model is fairly complex, and there is a steep learning curve. It seems like you have to know an awful lot of it to get past the "cut and paste" coding level. I also believe certain components (is IIS server configuration one of them?) are not exposed (documented?) for script manipulation.
2. Most of the documentation out there is geared more towards the "cut and paste" approach than the "understand everything that is happening" approach. For better or for worse, I am wired to resist the former and embrace the latter.
One of the things that really scared me off of VB were the negative comments I ran across in the book I was learning from. Things like "sometimes this works, sometimes it doesn't, no one knows why" and "Performance problems can result if you don't perform some other operations in between these two."
The more I see out there, the more I feel like my prejudices might be making life harder on me than it should be. I have been working from the assumption that automating Windows takes a lot of knowledge, a lot of code (as in many lines of code to do simple things), and in the end it still falls short in comparison to other platforms. I prolly need quit whining and dig in to the resource kits and reams of paper/ electronic docs.
I would *really* appreciate pointers to a good, basic WSH or VBA primer (bonus points if it is available online/free.) I hope that with just the right piece of information I will suddenly "get it", and then Windows will take a giant step towards being a tool I am neutral towards rather than biased against.
Still, I think there is a lot more effort required to administer Windows than Unix. As an example, I would offer the Microsoft knowledge base article on changing the name of an Exchange Server. It is several pages of procedure and requires that you have two machines. On Unix? Edit
"Whether because of better-trained or more vigilant administrators, or some other factors, the Apache servers running many web sites certainly haven't seen the devastating outages in the past month (Code Red, Nimda) as certain large IIS installations have."
The reason why this is so bad is because everyone and their fucking uncle is setup as a full administrator on their Win2000 systems. The typical MS meat-bag can't be bothered to update their systems with the latest patches.
Feature rich == leaks like a damn sieve.
There is no such thing as an illegitimate copy of the binary. If you have a copy of the binary, and distribute it non-commercially, you must pass along the offer xStore made to you, and xStore must honor it. Only if you distribute it commercially do you have to make available the source yourself.
The "live" checking does not autofix it, but if you right click on it, it does give suggestions that will be put in if you select it. That's what makes the F7 key so stupid. Autofix actually is a hazard if you regularly use double caps eg "JSmith said ...". Tab is bound to something that most people find absolutely irritating. I know I have to fix their docs up.
Most of my typing is done straight in markup. That is, when I type this in bold, I go {control-B}this{control-B} or {b}this{/b}. Amipro had a clever idea of putting styles onto the function keys: so if I want a header, I press F7, and if I want a body, this is F2. The table is stored in the template.
With control-c, v, and x, the easy way to remember these is that x is sissors (cut), v is glue pen tip, and c is copy. That might help.
Spell checking a document, like printing it, is a separate activity, and not something you want activated on a wrong key stroke. Going Alt-T-S, especially if you watch the menus as you do it, is not a big ask, especially if the machine does a lot of paging as it does it.
As far as your data files go, I have found a way around this is to store them in one tree, and then create an icon with the command line "explorer.exe /n,/e,/root=d:\path,folder" does wonders for file management. You can change the icon view to "List", and arange by date to get the latest to the end. Whichever way, it's better than "Large icon". Also, the back space backs up the tree. Also counter intuitive, but consistant.
OS/2 - because choice is a terrible thing to waste.
Well, I believe a chief part of his argument to the security of the Mac web server was that since Mac didn't pretend to have any sense of security at all, all application programmers would make sure they work there software to be secure. At Ease is a good example of why this isn't true.
Again though, I've heard this same argument in support of windows too. The fact of the matter is, that even if there were a buffer overflow in apache somewhere, this would only allow an exploit to run as whatever apache was running as!
By the same respect, if C++ programmers used STL strings, we would also have no buffer overflows. The fact of the matter is that C is C. A C program can be written for a Mac that will cause just as much of a buffer overflow as any other system
int func(int a);
func((b += 3, b));
And yet Mac still hasn't gotten any better...
It wasn't a bad system in it's time. Is was made to be for end-users though. And that's why it is not valid to argue that it is more useful as an enterprise OS than a system specifically designed to be an enterprise system.
int func(int a);
func((b += 3, b));
Star Office follows the Word menu, because it is intended to be bug compatable with Word. I would not be supprised if other programs do the same either. I mean, Word has a WP switch kit, and many people followed the Lotus menu system for spreadsheets. Still does not get around my earlier point that a separate task activity should be on the primary key.
The Windows and Menu key are so badly placed that they often pull focus away from the current program, yet people make out they're so wonderful.
As for file navigation. You can see even in this conversation, that different people have found different secrets for getting around the system. This is more to do with the buggy interface design, which makes this all less than obvious. With a little forethought, the Win95 interface can be made to do wonders, and be easily edited at one point only (ie you are not trashing it unintentionally).
Computer savvy people navigate in these ways because they don't know better, or it's too much trouble to set up, or for a host of reasons that all point to MS thinking everyone's a dummy who has no idea on file structure. Oh for the days of 3.1, when they did not do such stupid things.
Like, if you turn on the toolbar, you can change to higher directories in a drop and click action, or otherwise navigate with the mouse. But there's no "parent" icon in a folder. This is not obvious. You have to poke around in the properties to see this.
It can't all be blamed on the user, the interface sucks. Badly
OS/2 - because choice is a terrible thing to waste.
I don't find that easily believable, then again, I've only managed POSIX compliant systems, and therefore, cannot judge.
I'm not talking about one or two, I'm talking about four universities, from MSEO to Madison itself. And in setting up their system, I didn't have to setup a whole new system for each, every single day. It was a great nine months for me, of course, as I said, I didn't have to setup multicasting (which will lead to another security leak for you), write policies for four areas and bring an informational thoughts to three meetings. If I had to do that every single day, I probably wouldn't have time to patch the system. Luckily for me, most POSIX systems have semi-intelligent patch automation, and, oh yes, NFS + cpuui.o + SSH2 + VI + tdmake would've made that last kvetch relatively short.
In fact, I did have time to give, for the first month, two times a week, classes to teachers, secretaries and attendants how to use POSIX commands, GNOME and KDE along with a few of the necessary applications, including Corel Word, Netscape, Mozilla and Konqueror, GNumeric and GIMP. The most stressful thing was upgrading from 2.0 to 2.2, and the most time consuming was importing TTF's.
I guess I'll never know what it's like to do that every single day....ah well...
"Yeah...it was the numbers that were irrational, not the murderous cult of vegetarians...." -- Hippasus of Metapontum
Nobody has received any binaries who hasn't purchased the kit, since there'd be no use for them anyway... The only way to get the binaries is by buying a kit from Sony (because nobody else is distributing them). That kit contains the source code for all GPL elements. So, they are complying with the GPL, since nobody else has the binaries.
A solution to the problem with music today
I thought a majority of web servers run a varient of linux
The majority run systems that are POSIX compliant. This tends to be a problem to people who are new to Linux, or for whom that Linux was their gateway OS. BSD, the most popular general brand of POSIX compliant systems, came over a decade before Linux and therefore cannot be as a Linux variant. The fact that most applications compiled for Solaris don't run on Linux should be a sign that Solaris isn't exactly a variant on Linux. You can only call an OS a variant of Linux if the actual Linux kernel is involved, as that is the only part of the GNU/Linux operating systems that can be referred to as just "linux."There are two sets of POSIX standards: The first was the original "theoretical model" of what a multi-user OS should be like, and the latter was formed after a long time of seeing how such systems evolved and where they were lacking. It's understandable for people who have just started using Linux to put all of POSIX systems under that name, and even more so for those that have no experience on any POSIX system, but it is something that people should learn and understand. It's just as offensive for a BSD developer to be told that, say, OpenBSD is just another version of Linux as it is for me to write to Dickie Stallman, "Hey man, I hear you're a hacker; it's jackasses like you that keep cracking my server and I demand reperation!"
*unable to find "THE" letter*
"Yeah...it was the numbers that were irrational, not the murderous cult of vegetarians...." -- Hippasus of Metapontum
Yes, but if you buffer overflowed a Mac server you wouldn't actually be able to DO anything to or with the system. Classic Mac OS has no remote command execution facilities. You can't send AppleScript events, you can't move things, you can't do anything that the system doesn't have an extension for. If someone installed an extension which allowed Mac OS to recieve and process Apple events from the network adapter, then it's possible. Not otherwise.
Higher Logics: where programming meets science.
An alternative is to look at PDF formats. Adobe Acrobat installs itself as a print driver, and you can then lay the document out as a single PDF, with all the necessary cross platform support, especially if you stick to version 3 output.
TeX is a lot of hard work, from what I recall, but the results are spectular. It's sort of like Word => Word Perfect for DOS => TeX. [Increasing power and decreasing friendlyness].
You would be better going for LaTeX. This is a wrapper around TeX, but more intended for authors, rather than fiddly page layout.
Spell checking, editing and other luxuries are done externally. So you have to hunt around. I found that the CTAN archives are good to start at, or a 4CD-ROM TeX cd, which has all the required goodies on it at a fraction of the download costs.
Anyway, Best of Luck with your endeavours, and it has been nice talking to you. I even learnt things :)
OS/2 - because choice is a terrible thing to waste.