Slashdot Mirror

← Back to Stories (view on slashdot.org)

Apache 2.0 r00ted on NetWare, Windows, OS/2

Posted by Hemos on from the cracking-it dept.

An anonymous reader writes "A flaw in Apache 2.0's interpretation of the backslash delimiter allows for a remote r00ting on NetWare, Windows, and OS/2. InfoWorld has an overview; the attack was discoverd by PivX's Auriemma Luigi, and he describes it in this technical document. I don't know whether there is such a thing as an OS/2 shop anymore, and most Microsoft shops probably run IIS, but Apache now ships as the default web server for NetWare 6, so Novell shops: Take note. A patch is available from Apache, and Luigi describes a workaround in his article."

58 comments

  1. Windows by Anonymous Coward · · Score: 0

    Quite a few shops run windows Apache. Partly to reduce the rate at which they have to patch web servers.

  2. running apache as root? by Inominate · · Score: 0, Flamebait

    First off, how can you get root on windows?

    Second, What idiot runs apache as a superuser? If you do, you deserve what you get.

    1. Re:running apache as root? by Glytch · · Score: 2, Funny

      First off, how can you get root on windows?

      Turn it on.

    2. Re:running apache as root? by stefanlasiewski · · Score: 2

      Well, most people start up apache as root, since it's the easiest way to run apache as 'nobody/nogroup'...

      --
      "Can of worms? The can is open... the worms are everywhere."
    3. Re:running apache as root? by agnosonga · · Score: 0

      basically everything is root on windows

    4. Re:running apache as root? by Anonymous Coward · · Score: 0

      basically everything is root on windows

      Huh? Maybe you are talking about Windows 9x/ME. NT has permissions just like any other real OS.

    5. Re:running apache as root? by adb · · Score: 1

      And each service runs as a different user?

    6. Re:running apache as root? by Anonymous Coward · · Score: 0

      Yes.

    7. Re:running apache as root? by adb · · Score: 1

      OK, so why is it not generally considered sufficient to reinstall IIS when you get 0wned by one of the ubiquitous worms? And then, of course, there's this issue.

    8. Re:running apache as root? by MattCohn.com · · Score: 1

      You can't just reinstall IIS when you get '0wned' because people are stupid. If they set their permissions right, then IUSR_MACHINENAME wouldn't have any rights to anything outside of the web root. Therefore, code red would have gotten a big fat access denied when it tried to spread. And yes, that issue is a big one, but you must be AT the local machine. This meens that a couple of middle-school kids will be able to get around the security of their class room Compaqs.

    9. Re:running apache as root? by styrotech · · Score: 1

      But IIS doesn't run as IUSR_MACHINENAME - it runs as LOCALSYSTEM. IUSR_MACHINENAME is the account an anonymous user gets to access the system as for ACLs etc.

      It needs LOCALSYSTEM so it can switch to another users security context (eg IUSR_MACHINENAME for anonymous access).

      A buffer overflow in IIS will get you LOCALSYSTEM

    10. Re:running apache as root? by Anonymous Coward · · Score: 0

      a=b ; a^2=ab ; a^2-b^2=ab-b^2 ; (a+b)(a-b)=b(a-b) ; (a+b)=b ; 2b=b ; 2=1

      The third step in your "proof" essentially says 0 = 0, by your first proclaimation. You then factor both sides, then divide both sides by a-b, which is also 0.

      Yes that's right, you just divided by zero.
      Two does not equal one.

      Well, maybe for very small values of 2

  3. Yet Another Slashdot Repeat... by earthdark · · Score: 2, Informative

    Cough, another repeat. http://apache.slashdot.org/article.pl?sid=02/08/10 /0058246&mode=thread&tid=148

  4. well by fredopalus · · Score: 0

    This is because the software is most likely written on unix-based machine. They only port the software and make subtle changes to other OSes. Anyway, it's a good thing I'm running Linux.

    --
    Jonahweb.com has stuff.
  5. This has been fixed for a month now by alanjstr · · Score: 5, Informative

    Apache 2.0.40 was released August 9th, fixing the hole. You can read the advisory, but you should have upgraded already. The real news is that many Apache web servers are still unpatched. Won't admin's ever learn?

    1. Re:This has been fixed for a month now by babbage · · Score: 5, Insightful
      Won't admin's ever learn?

      Learn what, how to use apostrophes? ;-)

      Seriously though, keeping on the bleeding edge of updates isn't always feasible. A lot of companies might be running third party software that is explicitly not supported unless you're running a particular version of Apache, or a particular version of the Linux kernel, C libraries, etc. (And likewise for Windows software, etc.)

      Please be generous and accept that negligence isn't the only explanation for failure to keep up with the latest patches of all the major & minor components of a modern computer system...

      --
      DO NOT LEAVE IT IS NOT REAL
    2. Re:This has been fixed for a month now by gmack · · Score: 2

      If your running the experimental version you should expect to upgrade often. It's a simple fact of beta.

    3. Re:This has been fixed for a month now by babbage · · Score: 1

      All the more reason not to run experimental versions on things that matter :-)

      --
      DO NOT LEAVE IT IS NOT REAL
    4. Re:This has been fixed for a month now by alanjstr · · Score: 2

      I was kidding about admins keeping their sites updated. Once software is released it still needs to go through rigorous testing. Hopefully they have a good method for making sure that everything does work and for handling problems such as this. At least this problem is easier to fix than most IIS bugs.

  6. Not Important by clifforch · · Score: 2, Insightful

    The bug only provides information about the target server, that's not a root exploit last time I checked. Also it's a repeat story

    Move along. Nothing here

    --
    In SOVIET RUSSIA the hot grits profit you!
    1. Re:Not Important by MattCohn.com · · Score: 1

      Read the article. All of it. TWO bugs. FIRST is the LOW RISK info bug, the second is the root exploit.

  7. The Rare OS/2 by setzman · · Score: 1

    Not too many people would have this under OS/2. I haven't seen OS/2 used by web servers (except for certain OS/2 supporter sites), but I did see it just 2 or 3 weeks at a local ATM. I only knew it was OS/2 because it was crashed, and I remember the Trap screen well from when I used it on my system.

    --
    C:\>
    1. Re:The Rare OS/2 by XO · · Score: 1

      I highly doubt you saw the OS/2 screen "crashed".. I've seen many an ATM left in "Admin" mode, where you can obviously tell it's OS/2,b ut can't do shit because it's expecting input from something locked up in the cabinet.. but i've never seen an OS/2 box crash. Ever.

      --
      "Champagne for my real friends - and real pain for my sham friends!" http://ericblade.postalboard.com/
    2. Re:The Rare OS/2 by XO · · Score: 1

      ....and I was a beta tester for 3.0 and 4.0.

      Just to add some qualification to that.

      OS/2 is freaking bulletproof. It's too bad it requires 512MB ram to run slow.
      *sigh*

      --
      "Champagne for my real friends - and real pain for my sham friends!" http://ericblade.postalboard.com/
    3. Re:The Rare OS/2 by setzman · · Score: 1

      Trust me, I DO remember what the trap screens looked like. This machine was in text mode with information about the trap. It was/still is a good operating system, but it wasn't completely bulletproof (like any other system). I would still be using it today if I didn't have to reboot into Win98 to play my favorite games (maybe either I will stop being too lazy to reboot or the project Odin will solve this one day).

      --
      C:\>
    4. Re:The Rare OS/2 by bedessen · · Score: 2

      Having worked for a handful of years in a small office that ran OS/2 on all machines, I had quite a chuckle when I walked past an ATM machine one day and immediately recognised the old "Trap D" blue screen. It happens. OS/2 is (was) pretty nice, but no OS is immune from lockups. This was in May of 1998, in the lobby of an airport in Munich.

    5. Re:The Rare OS/2 by golan · · Score: 1

      I've used OS/2 for nearly 7 years, and believe me, It crashed often (but not as often as win9x though). It had some sort of problem with the message queue that usually ended up in WPS frozen.
      I also remember watching an OS/2 ATM showing a Trap e.

    6. Re:The Rare OS/2 by os2fan · · Score: 2

      Yes, I have seen OS/2 GPF screens too.

      OS/2 did a whole lot better running on a 486 with 20 MB than Windows NT. [yes, I did this :)] It also runs quite nicely without having a paging file greater than installed memory. That is, you can run OS/2 quite nicely with a 10M swapper.dat.

      It's fairly easy to optimise: I burnt cdroms under OS/2 on my 486, using a specially modified (ie thinned out) version of OS/2 3.0,

      Also, there is a neat little program called allocmem, which unloads unused dlls in core to the swap file, giving heaps more usable ram..

      --
      OS/2 - because choice is a terrible thing to waste.
  8. It'sa me! by Anonymous Coward · · Score: 0, Offtopic

    ...and Luigi describes a workaround in his article.

    Mama mia!

    Mario? MARIO!

    Someone get that man a dustbuster, there's a mansion full of ghosts he should know about!

  9. I submitted this... by Anonymous Coward · · Score: 0

    ...about three weeks ago.

    To emphasize: NOVELL SHOPS, TAKE HEED!

  10. Why raising goats is fun by Anonymous Coward · · Score: 1
    Goats are fun because they all have different personalities and have different little habits that can be amusing or interesting. Goats are very affectionate and especially during the summer, when they are too hot to be active, they like to just hang around people and get a good scratch. Most goats' favorite scratchy spot is around their shoulder but some even liked to be scratched in between their toes.

    It is very rewarding to see a goat you have raised from a baby grow up and have kids and grandkids of her own. With goats that doesn't have to take too long, maybe about 3 or 4 years at most, because they are able to breed when they are just a year old. It's also neat to learn how to milk or trim hooves and other things that you wouldn't ordinarily be able to do.

  11. Re:Typical by Anonymous Coward · · Score: 0

    The same homos who use the word "pr0n". That's what regualar exposure to the GNU/Linux philosophy will do to you... your speech changes, your sexual orientation changes, you stop taking baths, and you play with Legos all day.

  12. On NetWare? by RevAaron · · Score: 2, Interesting

    What is the deal with NetWare, exactly?

    The term "Apache 2.0 r00ted on NetWare" implies that NetWare is an operating system- I was under the impression NetWare ran as a bunch of services on top of Win NT or something like that. Is that the case, or does NetWare run as an OS, directly on the hardware?

    If it is the former, is there a special version of Apache that uses NetWare on top of Windows? If this is the case, I assume that it is using the IPX protocol instead of TCP/IP... what is the advantage of this? If it's not this, what is the difference? What makes Apache on NetWare different than Apache on Windows?

    Any insight would be much appreciated- :)

    --

    Working toward a usable PDA environment in the spirit of Newton OS: Dynapad
    1. Re:On NetWare? by narf · · Score: 1

      NetWare is indeed it's own operating system, complete with drivers, memory management, etc. It does require DOS to boot, but typically removes DOS from memory after starting. Newer version of NetWare support TCP/IP as well as IPX.

    2. Re:On NetWare? by Dahan · · Score: 4, Informative
      Is that the case, or does NetWare run as an OS, directly on the hardware?

      NetWare is an operating system and has nothing to do with Windows at all. Last time I used it, it did still require you to boot into MSDOS first, but once you ran its EXE, it kicked DOS out and completely took over. It used to be the most popular network operating system, but NT has pretty much killed it. It's still around though....

    3. Re:On NetWare? by joshuac · · Score: 2

      Not at all, Netware is it's own OS, long before the only "windows" OS, NT (later called 2000, then called XP...) was available (and no, windows 95, 98, ME are not "windows" OS's, they still use the same model as Win 3.11 (and win 2.x, win 2.x 386, etc, etc.) before, boot a basic DOS, then load the graphical shell).

      The old bindery netware (3.x generation) _has_ been ported to run as a process under a host operating system; OS/2, Linux come to mind (but never windows; perhaps you are thinking of Banyan Vines). To further confuse the issue, it was possible to have a DOS FAT partition on your server marked as primary, boot into a DOS, then run a utility (usually named "server.exe" to boot into netware. This was a popular option as it gave you an MS/PC/DR-DOS partition to run external recovery tools if something "bad" happened your Netware server. However, Netware never ran _under_ DOS. Netware 2 and higher could boot with no DOS partition whatsoever, if desired.

      ---snip
      If this is the case, I assume that it is using the IPX protocol instead of TCP/IP
      ---snip

      Nope, Apache uses TCP/IP under netware, just like other modern netware apps.

      ---snip
      What makes Apache on NetWare different than Apache on Windows?
      ---snip

      Uptime and speed (better asked as "What makes Apache on Windows different from Apache on any other OS?") :)

      Netware is an ultra-simple, text-mode only (for years anyway, somewhere along the line they added the rarely used option to run a stripped clone of X with a very simple window manager; I don't think anyone actually uses it though), quite peppy file server (with mature directory services, to boot). Netware 3.2 (the free, y2k compliant, bindery only version) for example, runs fine quite adequately on a 386 (although if anyone were to use this, I would recommend at least a 486, as then VLB/PCI becomes available for disk and network subsystems). With a small foot print, simple design, it gives great uptimes, and great speed.

      That said, I personally have not deployed Netware in years, and probably never will again.

    4. Re:On NetWare? by askegg · · Score: 1

      It amazes me how little people know about Netware.
      It is still very relevant to todays networked world. It is fast, reliable and secure with the best directory service available in the market today (something MS has just recently realised they need with AD).
      Read what you can do with Netware, download a trial version. You will be suprised.

      --
      I don't make predictions, and I never will.
    5. Re:On NetWare? by Anonymous Coward · · Score: 0

      is sucks period. it has its day when client server was still king, can't be an app server for running installed apps or i should say not too many 3rd party NLM's out there developed for netware. it has hands down the best Directory services but sucks to integrate into the web with MS but i forget this isn't an MS channel. if your a all inclusive netware shop it's ok but it sucks trying to integrate that piece of shit client they deliver.

  13. Dead embarassing... by joto · · Score: 2
    This is dead embarassing for the Apache group. Both bugs described in Luigi's article are really architectural flaws, not simply buffer overflows, or anything else that can happen to anyone, no matter how careful you are...

    The first bug was a "helpful" error message, giving you the _exact_ path of the apache installation, when asking for a file in the error-directory. This is really the kind of fault we expect from Microsoft (always trying to be more "user-friendly" then secure).

    The second bug was even worse. Apache didn't interpret '\' as a "dangerous" character in urls. And neither was \..\..\..\WINNT\system32\ looked at as especially suspicious. With all the press nimda and code red got, it wouldn't be so hard to think that Apache wouldn't do the same mistake AFTER Microsoft, but did they do... Oh, yes...

    In IIS, the final nail in the coffin when it comes to security is the fact that it runs under the privileges of SYSTEM. Anyone knows what Apache on NT/2k runs as?

    1. Re:Dead embarassing... by tlhf · · Score: 1
      Well, on my Win2k box Apache/2.0.40 installed itself as a '.\LocalSystem'. Which will give Apache far more rights than you'd expect. Effectively not far from root.

      I had to set up a seperate user, '.\Apache', - you'd expect Apache to create a restrictive user by default on install.

      tlhf

    2. Re:Dead embarassing... by TheCabal · · Score: 1

      In IIS, the final nail in the coffin when it comes to security is the fact that it runs under the privileges of SYSTEM. Anyone knows what Apache on NT/2k runs as?

      Wrong. All accesses via IIS are in the context of the IUSR_ unless explicitly defined otherwise. The IUSR account has minimal permissions, although a lot of admins forget to lock down the file permissions (IUSR being a part of the Everyone group)

  14. Re:Typical by Anonymous Coward · · Score: 0

    I was just going to post that.

    This is supposed to be a place for sysadmins/developers/nerds/programmers/ect

    Not some cracker BBS. What kind of a self respecting person would say "r00ted"?

    Go ahead and downmod me, I don't care since I'm not posting under my real UID. But the fact of the matter is, it looks very fucking stupid and irresponsible allowing idiot kids post articles with stupid hax0r language on /. frontpage.

    I lost my faith in /.

  15. Experimental version of what? by crisco · · Score: 2

    Apache 2.0? It's been marked for release for months now. In fact, if you go to the Apache download page linked in the article header you'll see that they list 2.0.40 as the 'best available version'.

    --

    Bleh!

    1. Re:Experimental version of what? by jaymz168 · · Score: 0

      'best available' does not mean 'stable for production servers'

  16. Excuses for Apache, blame for Windows by 0x0d0a · · Score: 3, Interesting

    While I'm sure this will look like anti-MS propoganda, there are certain points to be made here. I have strong negative feelings about the quality of MS's security approach in (1) minimizing local break-in damage, (2) keeping software from having holes, (3) keeping software from being attacked, and (4) vendor bug response approach.

    MINIMIZING BREAK-IN DAMAGE

    Yes

    Yes, services on Windows *can* run as all different users, a la UNIX -- I have ftp, pdnsd, apache, junkbust, squid, xfs, postfix, and sshd set up on my Linux box by default. However, in Windows, *usually*, and *by default* they don't.

    Dunno whether Apache for Windows is set up as its own user by default, but most services for Windows don't take advantage of this. You could say that this isn't MS's fault, that there's just less of a multi-user culture around Windows than UNIX, but the fact is that Windows boxes are generally more vulnerable to full compromise in a break-in.

    Second, Windows has no concept of "chroot". If I lock something in a chroot jail on UNIX, a hole in a server means next to nothing to me. You broke the server? The files served by the server had better be valuable in and of themself, since you can't get at or see anything else. This doesn't affect most out-of-box distros, since most distros don't go to the trouble of using chroot -- but sites that really value security do use chroot. On Windows, there is no such available option.

    Basically, UNIX has a better ability to sandbox, and its capabilities are much more widely used than on Windows -- your average server software developer takes advantage of them on UNIX -- but not on Windows.

    KEEPING APPLICATIONS FROM BEING BUGGY

    This is a Windows-specific pathname issue. There have been more Windows-specific pathname exploits in Windows servers than I can count. The MS approach of having an extremely convoluted pathname system (particularly files having non-unique names with the backwards compatible 8.3 support) has led to many, many issues with servers. IIS has had numerous holes involving this, and it seems like just about every Windows FTP or Web server has suffered from this at one point or another.

    Next, people often complain that UNIX doesn't have ACLs, whereas Windows does. ACLs seem really attractive -- a very easy way to do security work. The problem is that they are much more complicated, and orders of magnitude harder to audit for holes, than the minimalist UNIX security model. Most break-ins are not due to someone literally not having fine-grained enough security -- they're almost always the fault of misconfiguration, which a simpler security model makes massive improvements in. If anyone's every admined a VMS box, you know what I'm talking about -- trying to assure that your box has *no* routes for someone to gain control of the box can be interesting, despite VMS's very fine-grained security model.

    Out of box Windows file and registry permissions still hurt the security of Windows boxes -- they aren't as insanely bad as in NT 4.0 out of box any more, but most application vendors are still living in a 9x world, and are focused on adding features, not on maintaining the security model.

    Too many Windows subsystems break the Windows security model. I wouldn't trust DirectX and all the non-core stuff on Windows not to have holes -- any yet they post a threat to local security.

    As mentioned a while ago in the "shatter attack" article on Slashdot, the windowing model for Windows that worked so well for writing GUI applications easily (well, easily compared to raw Xlib, though Lord knows gtk knocks Win32 into a cocked hat) isn't a very good system from a security standpoint.

    KEEPING BUGGY APPLICATIONS FROM BEING ATTACKED

    Linux has powerful (granted, not very easy to use, at least without a wrapper) firewalling/routing capabilities through iptables. If your box is ignoring everying from port 22 from outside the computers on your three-person-team at your company, it's rather harder to exploit, say, SSH buffer overflows, or even find a vulnerable server.

    Windows has Zone Alarm (and probably other local firewalls, but this is definitely the popular one). Now, this is probably nice for a workstation, but it doesn't compare with iptables in performance, and it doesn't provide the level of control that iptables does. If my internal web server running Apache isn't exposed to people not in my workgroup, then there isn't going to be much exploitation of the server.

    MS BUG RESPONSE APPROACH

    It's not really all that fair to compare the "46 minute" response time of open-source developers to MS's response time. Yes, in extreme situations someone could get the patch and apply it, in cases of something like the Internet Worm II. Most companies are going to wait for their vendor, be it Red Hat or SuSE or whatever, to come out with a packaged, QAed and supported update. That being said, these fixes still usually come out before MS's fixes. Furthermore, MS eliminates a bunch of their quality guarantees that they provide on Service Packs when you're using HotFixes. Red Hat (at least -- I haven't checked with other vendors) doesn't do that. Their bugfixes are just as fully supported, just as guaranteed to roll back, as their release software. That means that their updates better compare to Service Packs, which take forever and a day to come out after an exploit. So MS usually takes a long time to fix bugs.

    Also, MS's primary to-end-user bugfix distribution format is Windows Update. Windows Update is one of the least impressive update systems I've seen yet -- it's used to update system software, yet it relies on a huge amount of application and system software. If it screws up, you're dead. And I've had a number of unpleasant experiences with Windows Update failing one way or another -- for example, once I had a bluescreen on a reboot after updating and trying to run MSIE (keep in mind that this is an NT-line kernel, not 9x). I've seen error dialogs during updates, and other semi-disturbing blemishes. After two incidents where Windows Update rendered boxes unbootable, I've taken to not running Windows Update (even to fix security issues) unless I have a known free two days to reinstall the OS and get everything running wrinkle-free again if something goes hideously wrong.

    Furthermore, because of the way Windows does file and DLL locking (stupid, stupid -- ever try moving/deleting/renaming an open file under Windows? Combined with Explorer sometimes leaking file handles, this is a royal PITA), low-level updates usually require a reboot. The only Linux update that requires a reboot is a kernel update (though updating a desktop environment or a WM requires logging out and back in again to see the changes). Finally, I've ripped out much of my RPM-based Linux system and put in back in (bits of different distros, bits of devel-branch software) and always had smooth moves, nothing that could make my system unbootable. I feel a lot more confident in an RPM installation or uninstallation than I do in a Windows update.

    Anyway, just my two cents -- just wanted to point out that this issue can still be partly blamed on Windows security issues, and not wanting people to lose sight of the areas in which MS needs to improve.

    --
    May we never see th
  17. Netware by FreeLinux · · Score: 2

    Netware 6 ships with Apache 1.3.22 and Tomcat 3.3. It is NOT vulnerable to this particular exploit. Note that some Netware 6 services also uses the Netware-Enterprise-Web-Server 5.1 from defunct Novonyx, a joint effort of Novell and Netscape.

    Now, Apache does offer a 2.x version that does also run on Netware. So, it is possible for someone to upgrade their Netware server from 1.3.22 to 2.x but, this is not how Novell ships it. Additionally, most Netware shops will take their updates only from Novell therefore, I would be surprised if there were many Apache 2.x servers running on Netware.

  18. Slashdot is getting repetitious. by ajft · · Score: 1

    A month old repeat article is news?

    The infoworld article is a month old.

    Slashdot had it two weeks ago.

    NetWare ships with Apache 1.3.x

    Try to check your sources next time!

  19. Netware is a standalone os by Anonymous Coward · · Score: 0

    It does not require booking DOS before loading the netware kernel. You're thinking of 3.12 (a fantastic LAN NOS, by the way; still ahead of NT for file and print services in some ways).

    Modern netware has a microkernel operating system. It runs TCP/IP natively (it has at least since 5). It also has the most robust directory server available. It's faster and more stable than ActiveDirectory and has been since the later 4 versions.

  20. mod parent up!!! by Anonymous Coward · · Score: 0

    Unlike all the other posters in this thread, this person actually knows something about netware past the 3.x versions. One guy mentions that the last time he ran netware you booted to DOS to start it; haven't had to do that since 4.x (at lest 5 years ago).

  21. A little apostrophe history by Anonymous Coward · · Score: 0

    Since you decided to get picky about this...

    The "apostrophe S" construction in English initially came from the fact that English has two ways to indicate possession. The first is the word "of," for example, "the castle of the king." "I like the castle of the king."

    This is a mouthful, so a shorter method developed: "the king his castle." I like the king his castle.

    Over time, "his" atrophied into a single "s," much in the same fashion that "all right" is about to lose "ll r" and become "a'ight." The king his castle became "the king's castle." Yeah, it's sexist. This was the middle ages. Get over it.

    Now, about that apostrophe. The apostrophe in English stands for something that has been dropped. What has been dropped in "the king his castle" is " hi." This is why we use the apostrophe.

    So, since we seem to be in such a nitpicky mood today, when you write "administrators" as "admin's," the apostrophe is properly there to indicate the dropped letters. Indicating possession actually has nothing to do with it.

    1. Re:A little apostrophe history by babbage · · Score: 2
      A very well made argument :-)

      My only reply is that this breaks down because, especially in this context, the word 'administrator' is commonly abbreviated to 'admin', without having to use punctuation e.g. "admin." So, because the term is commonly & familiarly abbreviated without punctuation, and because using the apostrophe raises ambiguity over whether the writer meant possession, abbreviation, or was just being sloppy, I still stand by my point that the word is better expressed without the apostrophe.

      But still, you make a very entertaining argument and I won't try to change your mind about it if you're that set on it :-)

      --
      DO NOT LEAVE IT IS NOT REAL
    2. Re:A little apostrophe history by Anonymous Coward · · Score: 0

      No, actually, you're right. Common usage holds sway. English has a myriad of examples where common usage actually replaced "proper" grammar. Since "apostrophe S" has indicated possession for the past several hundred years, and "admin" is now a noun by virtue of common usage, more than one admin should be written as "admins."

      I posted the history lesson 'cause I think copyediting Slashdot posts is unsportsmanlike, even though I usually read them from behind thick Oakley sunglasses to spare me from the glare of the errors.

      I read my own posts through the darkest glasses I own.

      I posted anonymously because if anyone ever finds out I actually hold an English degree, my geek creds are toast, CCIE be damned.

      And now you've been so good-humored and gracious about the whole thing, I wish I'd laid off my keyboard to begin with.

  22. Re:The Rare OS/2(STARDOCK PROCESS COMMANDER!!!) by benzapp · · Score: 1

    Yes, remember Stardock's Process Commander or the freeware program WatchCat? I was actually one of perhaps 1000 people that purchased Process Commander, but it actually worked. Stardock wrote a completely new keyboard driver that did not have the limitations of IBM's... Watchcat let you trigger it through a serial port and a switch, which I believe you had to make with help from your local Radio Shack.

    --
    I don't read or respond to AC posts
  23. Say what? by Anonymous Coward · · Score: 0

    I'm a CNI, an MCNI, a CNE, an MCNE, blah blah blah, and I've never heard of running NetWare without SERVER.EXE.

    Please expound.

  24. History: Netware on 68000 by alienmole · · Score: 2
    As a historical note, Novell has been in the OS business since way back. Back around 1985, Novell sold its own custom hardware - the Novell 68B file server used a Motorola 68000 processor and ran a Novell OS called S-Net. I think, but I'm not sure, that might have been before the name NetWare was used.

    The 68000 file servers were needed in the days when PCs weren't quite powerful enough to serve large networks.

  25. For the record... by bkirkby · · Score: 1

    Netware 6.0 comes with Apache 1.3 out of the box. In order to install Apache 2.0, you must follow strict instructions that explicitly warn you that the 2.0 code for Netware is highly experimental:

    "Due to the fact that Apache 2.0 for NetWare has not received the same level of testing as on other platforms, the binaries for Apache 2.0 have been made available for testing purposes only. We DO NOT recommend that Apache 2.0 for NetWare be used in a production environment at this point."

    See this for reference.

    -bk