I know what that sound is. It is the sound of a thousand Microsoft Apologists typing on their keyboards. But they are NOT in fact recreating the complete works of shakespeare. They are preparing to click in the submit button. They'll have enlighting things to say like: This means nothing.
This is a publicity stunt.
Microsoft will stop them.
They are just trying to save money.
Balmer will be on a plane.
They'll offer huge discounts.
I hurt my winky.
And so on. In the end the thing that escapes them is the fact that things like this are happening at all is significant. It is a displayed desire to change things.:) And that my friends is very cool indeed.
I don't think it matters. Much. Until this story I'd never even heard of pivx before. I'd hardly call them famous. It's not like they are the only site keeping a list of IE vulnerabilities and other embarassing things that need patched or fixed. It's not like Microsoft security issues aren't anything but common knowlege. If you asked 100 random people on the street about how secure Windows is, I'm sure you'd get at least 95 people that said something like "well, you can get a virus" or "email can take over your computer!" or some such thing. It's fairly common knowlege that Microsoft has serious security problems at this point thanks to TV and writted press articles. I'd really have to say whether these guys take their list of IE problems down matters about as much as a warm bucket of gerbil vomit.
"The original title of this book was 'Jimmy James, Capitalist Lion Tamer' but I see now that it's... 'Jimmy James, Macho Business Donkey Wrestler'... you know what it is... I had the book translated in to Japanese then back in again into English. Macho Business Donkey Wrestler... well there you go... it's got kind of a ring to it don't it? Anyway, I wanted to read from chapter three... which is the story of my first rise to financial prominence... I had a small house of brokerage on Wall Street... many days no business come to my hut... my hut... but Jimmy has fear? A thousand times no. I never doubted myself for a minute for I knew that my monkey strong bowels were girded with strength like the loins of a dragon ribboned with fat and the opulence of buffalo... dung....Glorious sunset of my heart was fading. Soon the super karate monkey death car would park in my space. But Jimmy has fancy plans... and pants to match. The monkey clown horrible karate round and yummy like cute small baby chick would beat the donkey."
Do you guys have anything Visio compatible? That would be a "killer app" for *NIX right now. Right now for Visio, the options are vmware with MS and Visio, CxOffice with Visio, or some serious winex breakdancing to get Visio working.
Good posting Michael. Even though you seem to have this band of traveling yoddelers that follow you around bitching about your posts, I appreciate this one. Anything having to do with job outsourcing is timely and topical as far as I'm concerned. Thanks.
I was surprised months ago at the number of posts predicting Nintendo's demise. I never saw that happening. They have been in business forever. Unlike other companys that come and go, they adapt rapidly to changing market conditions. They are a huge, massive brand name with ferocious legal and monetary muscle. The "rodzilla!!!" of the console gaming world. Not that I'll be parting with my PS2 anytime soon, but I'm definitely buying a few GameCubes for christmas presents this year.
Please stop publishing stories by Rob Enderle as it is hurting your reputation and "technology street cred". His stories are filled with obvious bias and fanboyism. Even though his error packed rants may generate a lot of page hits, I guarantee that they are not generating any sort of revenue. It probably would not be very hard to look into it for sure and find out I'm right. If you do your own investigation, you'll find out that the "Enderle Group" is made up of one person: Rob Enderle. He has never been taken very seriously and will never be considered an expert. The amusing nickname that people in the industry that do know security have given him is "Microsoft's Sock Puppet". Please consider doing your fine publication the strong service of issuing a retraction and apology for the ridiculous article you published by this supposed "expert" and never publish anything by him again. It still may not be too late to mend the damage this has done to your reputation.
Generate ssh key file. Put pub key file in $HOME/.ssh/authorized_keys2 on the remote machines.
Have a text file with a list of all the names the machines resolve to.
for i in `cat machinelist.txt`; do echo "running blah on $i"; ssh user@$i 'some command I want to run on all machines'; echo " "; done
It comes in handy for stuff like checking the mail queues or doing a tail -50 on a log file. Mundane stuff like that. Everyone once in a while I'll do basically the same thing with scp instead. It can get as complicated as you want. I used a for loop like this to remount 150/tmp dirs noexec and make the edits to fstab.
Ok, lets put it this way. I *HAD* a lot of money in New Bridge Strategies. And I mean a lot. You can find some reality here That and I've known Karl Rove since grade school and he has always been a shmuck. He is completely behind this anti-trueconservative presidency. He would have been much better suited as a marketing guru. He has turned the notion of being a conservative into some cool marketing buzzword and gotten an idiot elected president. In the process, he has gotten every professional wresting cum nascar fan cum jerry springer fan behind him. You can tell them because they'll have no idea that I'm not using "cum" in a porn sense. The idiot fucking morons in this country that can unfortunately vote and have the fucking nerve to call themselves republicans simply because they bought the sales pitch after 9/11. Look. I've killed woman and children in the name of democracy. I'm not about to fall for the stupid bullshit Karl and friends have used to brainwash the majority of America in the past 3 years. To a true flag waving Conservative such as myself and a lot of vets I know, Bush is a fucking idiot anacronysm and we can't wait for his pointless ass to go away.
wow, what a blind motherfucker. Just because I'm a REAL conservative and don't automatically agree with everything the bush regime says about things does not make me a fucking tree hugging liberal. You have issues. I'm very sorry. Agreeing with this current ridiculous regime does not make you a republican. It makes you an idiot just like the people that blindly followed his father. Quit listening to fucking morons like hannity and rush and coutier and grow the fuck up. You are an AMERICAN first and a conservative second. Until you pick up a gun LIKE I HAVE and defend this country in two wars and 3 "conflicts", you don't know SHIT. Period. Get a fucking clue and pray like I do that in 2008 a true conservative candidate comes along that people other than fucking idiots like you and the "nascar dads" and pathetic poor whitetrash brainwashed morons can get behind. I have no respect for a fucking action dodging president that spent a year AWOL from fucking national guard duty for christ sakes while I shot and killed aggressors in a foreign land. The nerve this illiterate moron had going fucking AWOL while I was fighting because of his rich, politically connected father looking out for him. FUCK dubya. You are too young and too fucking stupid to have a GOD damn clue what you are talking about. Just pray with me that we get a republican candidate that isn't a fucking coward in 2008.
Reality check, I'm a moderate conservative. It doesn't change the fact the election was stolen and Dubya is a piss poor President. Not all us conservatives are fucking blind.
This is really getting boring. I'm drunk at this point THANK SUZ! so I'm probably going to swear and be rather unreasonable. Please take that into account.
As *nix takes hold in the home I guarantee you most boxes will have if you're lucky 2 accounts, and if you're unlucky 1 account (Lindows?)
This is pure fantasy. Neither here nore there. GNU/Linux(pat me on the back Stallman) isn't going to take hold of the home market in my lifetime. The pathetic (TAKE OVER THE WORLD!!!) GNU/Linux pundits are dreaming. The only thing that could possibly replace a Microsoft offering in the home is an equally easy to use offering. Apple has an easier to use offering and it isn't going anywhere. How the hell is a free offering going to accomplish more with a zero marketing effort? People believe the marketing rhetoric. Microsoft isn't going anywhere anytime soon. The only hope is for Microsoft to fix their broken shit. Period. They will be in control of the desktop market for the forseeable future. I'm sorry, but that is reality. It doesn't have anything to do with the fact that their security is fucking laughable and needs fixed. A *NIX user got there because of the type of person they are AT THIS POINT. *NIX is getting easier to install, but you have to understand the type of extremely pissed off and motivated person that takes the time to install it. Microsoft has to have seriously pissed them off at some point. That ideology represents a majority of your pissed off Linux Zealots here on slashdot. They somehow got totally fucked by Microsoft and said "fuck this". "Fuck this" is a hell of a motivator. That's why they don't get "owned". Mentality has a lot to do with it.
The figures you're pulling out, aren't backed up with evidence, so I'm not going to take them seriously
Look, you can attempt to use my own mechanisms against me, but assume I'm 10 steps ahead. Kudos for learning something. Either way, sure. That's based on my experience supporting Windows since Dos 3.x. Totally my experience. Debate it at will. If you should take the time to do some research you'll probably find out I'm not far off the mark.
I average around 3 patches a year that screw something up
The ones I quoted were within a 4 month period.
But you're still generating straw men totally irrelevant to my statement that you cwhereas I'm only interested in discussing security, and discussing facts rather than half truths. I couldn't care less if your OS is faster, more secure and has a bigger dick than mine, as one of the few decent admins out there, I'm only interested in cutting through the hype and dicussing security of all OS's with mature intelligent peoplean patch 200 machines in a few minutes following successful testing.
Once again, nice try at attempting to use my tactics against me, but you were seriously flawed in execution. You have to assume that I'd think this far ahead. I covered myself very clearly in my last post. Please reread then commence smacking yourself on the forehead.
instead going off on a tangent about crap patches.
That pretty much makes the point. It did for anybody else reading the thread.
Er, You're agreeing with me again
Good lord how? you said All admins know this and accept this whatever the OS they're managing and that kinda threw me. You should understand why.
When Linux gets an exploit that patch gets rolled out usually within 1 day, far faster than MS. But how many people review that patch before it's rolled out?
That's yet another strawman. Show me a single instance in the past 10 years where they had to review a damn thing. Furthermore, it's more like hours and not a single day at least where FreeBSD and Gentoo are concerned. It's a completely different ballgame when geek pride and reputation are on the line. That's the beauty of open source. Immediate negative motivation to do your shit right the first time.
On a single user home machine that is devestating.
Because of the ease of setting up multiple user accounts on Linux, most of them are multiuser. Hell, I'm in Vegas and most of my family is in Pennsylvania but when I visit them I still have a login with my favorite setup on 3 out of 4 machines, and they all have a login on this machine when they visit here. The FreeBSD server has backup configured with rsync. Having a good backup is your first concern. Perhaps with windows it's usually a single user affair, but the same is not usually true of *NIX. It's a good thing that Windows 2000 on has a very user friendly and admin friendly way of configuring multiple logins, but utterly pathetic that a security problem can wipe out everyones files. They finally fixed this on Windows 2003. They learned the lesson that UNIX learned two decades ago. Good for Microsoft. I'd definitely try out a desktop oriented operating system based on the logic that's finally built into win 2k3.
What's that got to do with my statement that a decent admin can distribute patches to 200 machines in a few minutes?
Everything because of this statement...
Patches regularly break things.
I'd only change that to say Microsoft patches regularly break things. And I wouldn't even say regularly. They seem to have about a 66 percent success rate with their first patch out the door, and then perhaps 2 out of 5 of those messed up patches actually break something that effects a huge number of people. That's still a very high amount of bad patches. Significantly higher than anybody else by far. Apple had their recent OSX patch fiasco much to their embarassment, but even Apple doesn't release really bad patches that often. It's almost unheard of for a *NIX patch to outright break things. That has a lot to do with the couple of levels magnitude higher amount of peer review and "number of eyes" on things. It's also why *NIX is much more secure than Microsoft can hope to be anytime soon. Microsoft simply can't compete with the sheer number of people working on *NIX. It's the reality of the security failures inherant in the closed source model of development. That's simply how things are.
All admins know this and accept this whatever the OS they're managing.
I'd have to strongly disagree with this. All admins are definitely not created equal. An Operating System with ease of use as its primary goal instead of excellent security and raw horsepower and torque as their focus is not going to inspire the zealous level of attention to detail necessary to keep up with security concerns. If this were the case, there would never have been a code red or a nimbda, etc. You have a supposed Server OS that advertises ease of use but has consistantly had more security problems in the past 10 years than *NIX has in the past 30. From my very considerable experience, I have to agree with the experts that say a qualified UNIX admin can admin easily triple the same number of machines that a qualified Microsoft admin can. And it's no wonder considering how much extra work and patch testing and whatnot you have to do with a Microsoft platform. My hat goes off to anyone that has to deal with 1000+ machine Windows networks. I can remember about 6 years ago I was having lunch with Mark Minasi and he was complaining about 15 different security problems and how he was constantly fighting users over installing things they shouldn't be. How it was this nonstop fight to add new things to the list of things they couldn't run. I'm sure you know who he is. Even he is on record stating the huge difference in the workload associated with managing a large Microsoft server environment as apposed to something better suited to the enterprise. It's amazing Mark found the time to write the excellent books I have on my shelf.
But seeing as I'm arguing with someone who uses terms like "astroturf" because someone has a slightly alternative viewpoint, and admits they actually "care" about OS pissing contests r
Any claim that somehow *nix is secure because most users don't run as root is nonsense.
How do you figure? That's entirely the point. The line between admin/user is heavily blurred on Microsoft platforms and requires significant point and click time to rectify it, and you still can't be sure the next security bomb isn't right around the corner, or in your mailbox already. You simply can't debate this. As a Microsoft user, you have to fear your email. You are heavily downplaying the significance of having this very deeply drawn line in the sand with *NIX platforms. Not having access to the root account means you can only effect the files that are owned by that user. You can cause massive damage to/home/thatuser. That's about it. You can delete/var/spool/mail/thatusr. You could potentially fill up/tmp with crap. That's about it. The file descriptor limits that are part of any current *NIX distribution are even going to stop a fork bomb. UNIX has had a lot more time to consider security, and had it's security crisis. Microsoft is in the midst of theirs, and slowly getting the idea. Win2k3 is a huge step in the right direction. Of course, it's very UNIXlike. Microsoft should have taken the right steps to remake UNIX a long time ago.
An admin who knows what they are doing should take around 10 minutes to serve the patch to 200 machines
Hmmm...
MS02-023 Patch Breaks JAVASCRIPT IE security patch breaks ASP.NET on XP SP4 Breaks Blaster Patch from Microsoft Q313450 and Q319733 breaks Microsoft Site Server 3.0 membership authentication
That took about 10 seconds to find. I could list another 100 examples but I'm sure you get the point. Those are pretty recent. No offence, but Microsoft appears to put the same attention to detail into making their patches as they do with crafting their security. It's no wonder people are wary of their patches. Do a google search for "patch breaks microsoft" without the quotes.
then you are in fact agreeing with me
Actually, you replied to me so it's more like you've been agreeing with me while astroturfing your way into a questionable side argument to try to make some house of cards argument for Microsoft having something more than very poor security. I hate to mention that the foremost security experts in the world tend to agree with my position.
My family like to play games on their PCs, so *nix isn't an option.
Very true. My sister is completely addicted to Id FPS games thanks to me. She's a "rails only" addict. Id developes all their games on UNIX first, then ports them. But yeah. Mandrake is perfect if you are like most older people and simply want to send and receive email and surf the net and print letters and whatnot. It's definitely not a serious gaming platform unless you go the transgaming route, and even then the performance is horrible by comparison. The games that run natively usually do run faster on Linux given the same hardware, but sadly they are few and far between. My family generally are a bunch of aggressive overachievers that don't have much time for games. Two lawyers, a CPA, and a small business person. Mandrake with commercial StarOffice does pretty much everything they need with greatly enhanced security. I have one sis that is the "Mandrake Expert". So basically I've set up an auto-update function that she understands how to use to keep the systems patched via an ftp server. And they all sit behind a FreeBSD firewall with no ports open. Zero problems in 3 years. I haven't even had to lift a finger to admin them.
As for the honesty of the article, I think it was dead on. They were not talking about locked down windows machines. You brought that up. They were talking about typical windows users. If you don't stay on topic and insist on strawman type arguments, it's easy to attempt to make some point not relevant to the story. As it stands, the facts in the story check out. There is a massive
I think that's a rather weak rebuttle with this strawman argument:
There is a common misconception that the end goal of the hacker has to be to root the box so he can claim 0wzership of it. Which is simply not true. Sometimes you don't need root to do some "useful" things on a box.
Something I never even brought up or alluded to. My point was this one that you made:
It's more difficult to expand privileges up to root in Linux
Thanks. That pretty much sums up the point of the story as well. Good show.
You get additional points for pointing out:
The Windows security model for home use is broken
But you make some assumptions that can't possibly be backed up by fact here:
but it isn't for office use: CONTEXT (The Windows security model for home use is broken)
And earlier in the thread here:
office PCs with limited users and sensible group policies are locked down tighter than the average Linux box, but home machines aren't
Which hasn't been my experience at all, but I'll be fair enough to admit that I suppose it's possible. I'd have to see some numbers. It's kind of irrelevant considering the topic.
You truly shine here though:
Like I said, the problem is getting ease of use for the home user, and balancing it with decent security.
Which is ultimately my point and the point of the story as well. I'd have to say that currently Mandrake Linux comes closer to providing that experience than any out of the box Microsoft offering does. It's probably why I have my 3 sisters, Mother, Mother-In-Law, and Father-In-Law using it instead of Windows. Just yesturday my sister called me and asked my why she has 40 email in her inbox claiming to be security updates from Microsoft, and I had to explain that it was yet another email virus and that she should delete them. I also explained that they were never a threat in the first place. Very ironic. You can't beat a real world example of how someone that just needs to surf the net and check email can benefit from something like Mandrake, and it's inherant security prowess over Windows.
Interesting. However, much like the author of the story exagerated his point, you did here:
people think it's stupid when they have to save, chmod, rename a file just to look a their new baby granddaughter's photo.
Either you have no Linux experience and you are going by what you've heard, or you are intentionally interjecting some hyperbole for effect. I can assure you that with KMail or Thunderbird (what I use and love at the moment) you don't need to chown, rename, or even save a photo to view it as an attachment. And neither of them will execute an exe as an attachment. And if they did it wouldn't take over my entire operating system because my email client doesn't run as root. That is the point of the story. That can't be changed through arguement. Microsoft is going to have to change their permissions models to mitigate nonsense like this.
Looking at my Station Casinos Preferred Membership Card, I can tell you exactly what the cards are for. It's to get you to come back to the same Casinos. The cool thing about the Station card is you can use it at any of their Casinos. And they have quite a few. The card gets you stuff like free plays, discounted drinks, and automatically registered for a jackpot drawing. My father-in-law hit it for 35 grand recently on a dollar slot. This is the only card I'm familiar with, but I'm sure they are all pretty much the same thing. My card is valid at Boulder Station, Palace Station, Texas Station, Sunset Station(my fav), and Santa Fe Station.
That argument is stupid. That says nothing about Windows. I can write a Linux email client that takes executables when you receive them and run them without the user ever reading them.
Sure. But who would use it? Ok, lets take that a step further. Assuming some people used it, only those people would be effected by some potential Microsoft style virus/trojan that exploited it. Because of the nature of Linux, most people would be using some other email client. More importantly, only their user account would be effected. This pretty much null and voids this argument.
Likewise I can make a Windows client that changes the access rights for all mail such that you must type in a password and take a test before reading them.
Sure, but who would use it? Ok, lets take that a step further. Assuming some people did use it, how are you going to stop your typical windows user from typing in their password and attempting to install "COOL SCREENSAVER!" or "Latest Microsoft Update!". Short answer, you aren't. Microsoft is going to have to fix their broken security model with their email client(s).
Why are Windows apps the way they are? Because they are meant to be used by everyone. Not someone who knows what chmod 644 means. Linux clearly is not the answer, at least not the way it looks now.
Windows apps are the way they are because that is the way that Microsoft made them. Period. Unlike Linux or other operating systems that rely on many other codebases where you have massive amounts of choice regarding what you are going to run. It has little to do with "meant to be used by everyone". Most people buy their PC with Windows preinstalled and don't know any better than to use what comes with it. Therein lies the problem. Because of this, Microsoft has a GREATER responsibility to make sure that their default clients are secure since it's what most newbies are forced to use. The fact that the average Windows user has no idea what chmod means has nothing to do with the fact that Microsoft needs to tighten up their email clients and stop doing stupid stuff. But nice strawman argument.:) As for whether or not Linux is "clearly" anything, I'll sidestep your poor attempt at FUD and concentrate on the facts of the matter.:) You were saying something about a stupid argument?
The problem with your core point is that it is the same flawed logic the story addresses. I think what you are forgetting is that UNIX already had it's "security crisis" over a decade ago and has had much more time to relearn, retool, and do things the right way. The whole point with UNIX or *NIX is that the mentality to do things securely has been in place for a very very long time. Microsoft has been in the midst of their security crisis for a while now, and up until recently chose to market their way around it instead of addressing it. That's downright obnoxious considering that they have 50 billion dollars in the bank. They could probably spend less than 5 percent of that and fix their insecure operating systems. Things are coming along. Windows Server 2003 is very secure (and very UNIXlike big surprise). They are slowly learning the security lessons that UNIX learned well over a decade ago.
Slashdot Mirror
I know what that sound is. It is the sound of a thousand Microsoft Apologists typing on their keyboards. But they are NOT in fact recreating the complete works of shakespeare. They are preparing to click in the submit button. They'll have enlighting things to say like:
:) And that my friends is very cool indeed.
This means nothing.
This is a publicity stunt.
Microsoft will stop them.
They are just trying to save money.
Balmer will be on a plane.
They'll offer huge discounts.
I hurt my winky.
And so on. In the end the thing that escapes them is the fact that things like this are happening at all is significant. It is a displayed desire to change things.
I don't think it matters. Much. Until this story I'd never even heard of pivx before. I'd hardly call them famous. It's not like they are the only site keeping a list of IE vulnerabilities and other embarassing things that need patched or fixed. It's not like Microsoft security issues aren't anything but common knowlege. If you asked 100 random people on the street about how secure Windows is, I'm sure you'd get at least 95 people that said something like "well, you can get a virus" or "email can take over your computer!" or some such thing. It's fairly common knowlege that Microsoft has serious security problems at this point thanks to TV and writted press articles. I'd really have to say whether these guys take their list of IE problems down matters about as much as a warm bucket of gerbil vomit.
"The original title of this book was 'Jimmy James, Capitalist Lion Tamer' but I see now that it's... 'Jimmy James, Macho Business Donkey Wrestler'... you know what it is... I had the book translated in to Japanese then back in again into English. Macho Business Donkey Wrestler... well there you go... it's got kind of a ring to it don't it? Anyway, I wanted to read from chapter three... which is the story of my first rise to financial prominence... I had a small house of brokerage on Wall Street... many days no business come to my hut... my hut... but Jimmy has fear? A thousand times no. I never doubted myself for a minute for I knew that my monkey strong bowels were girded with strength like the loins of a dragon ribboned with fat and the opulence of buffalo... dung. ...Glorious sunset of my heart was fading. Soon the super karate monkey death car would park in my space. But Jimmy has fancy plans... and pants to match. The monkey clown horrible karate round and yummy like cute small baby chick would beat the donkey."
-- Jimmy James
You win.
:) We probably could have a kickass discussion in real life.
I win.
You lose.
I lose.
Whatever. I'm adding you to my friends list now.
Do you guys have anything Visio compatible? That would be a "killer app" for *NIX right now. Right now for Visio, the options are vmware with MS and Visio, CxOffice with Visio, or some serious winex breakdancing to get Visio working.
Smack yourself on the forehead now.
Firebird does websites
Thunderbird does mail
Good posting Michael. Even though you seem to have this band of traveling yoddelers that follow you around bitching about your posts, I appreciate this one. Anything having to do with job outsourcing is timely and topical as far as I'm concerned. Thanks.
I was surprised months ago at the number of posts predicting Nintendo's demise. I never saw that happening. They have been in business forever. Unlike other companys that come and go, they adapt rapidly to changing market conditions. They are a huge, massive brand name with ferocious legal and monetary muscle. The "rodzilla!!!" of the console gaming world. Not that I'll be parting with my PS2 anytime soon, but I'm definitely buying a few GameCubes for christmas presents this year.
Dear Internet Week,
Please stop publishing stories by Rob Enderle as it is hurting your reputation and "technology street cred". His stories are filled with obvious bias and fanboyism. Even though his error packed rants may generate a lot of page hits, I guarantee that they are not generating any sort of revenue. It probably would not be very hard to look into it for sure and find out I'm right. If you do your own investigation, you'll find out that the "Enderle Group" is made up of one person: Rob Enderle. He has never been taken very seriously and will never be considered an expert. The amusing nickname that people in the industry that do know security have given him is "Microsoft's Sock Puppet". Please consider doing your fine publication the strong service of issuing a retraction and apology for the ridiculous article you published by this supposed "expert" and never publish anything by him again. It still may not be too late to mend the damage this has done to your reputation.
I do pretty much the same thing this way:
/tmp dirs noexec and make the edits to fstab.
Generate ssh key file.
Put pub key file in $HOME/.ssh/authorized_keys2 on the remote machines.
Have a text file with a list of all the names the machines resolve to.
for i in `cat machinelist.txt`; do echo "running blah on $i"; ssh user@$i 'some command I want to run on all machines'; echo " "; done
It comes in handy for stuff like checking the mail queues or doing a tail -50 on a log file. Mundane stuff like that. Everyone once in a while I'll do basically the same thing with scp instead. It can get as complicated as you want. I used a for loop like this to remount 150
Ok, lets put it this way. I *HAD* a lot of money in New Bridge Strategies. And I mean a lot. You can find some reality here
That and I've known Karl Rove since grade school and he has always been a shmuck. He is completely behind this anti-trueconservative presidency. He would have been much better suited as a marketing guru. He has turned the notion of being a conservative into some cool marketing buzzword and gotten an idiot elected president. In the process, he has gotten every professional wresting cum nascar fan cum jerry springer fan behind him. You can tell them because they'll have no idea that I'm not using "cum" in a porn sense. The idiot fucking morons in this country that can unfortunately vote and have the fucking nerve to call themselves republicans simply because they bought the sales pitch after 9/11. Look. I've killed woman and children in the name of democracy. I'm not about to fall for the stupid bullshit Karl and friends have used to brainwash the majority of America in the past 3 years. To a true flag waving Conservative such as myself and a lot of vets I know, Bush is a fucking idiot anacronysm and we can't wait for his pointless ass to go away.
wow, what a blind motherfucker. Just because I'm a REAL conservative and don't automatically agree with everything the bush regime says about things does not make me a fucking tree hugging liberal. You have issues. I'm very sorry. Agreeing with this current ridiculous regime does not make you a republican. It makes you an idiot just like the people that blindly followed his father. Quit listening to fucking morons like hannity and rush and coutier and grow the fuck up. You are an AMERICAN first and a conservative second. Until you pick up a gun LIKE I HAVE and defend this country in two wars and 3 "conflicts", you don't know SHIT. Period. Get a fucking clue and pray like I do that in 2008 a true conservative candidate comes along that people other than fucking idiots like you and the "nascar dads" and pathetic poor whitetrash brainwashed morons can get behind. I have no respect for a fucking action dodging president that spent a year AWOL from fucking national guard duty for christ sakes while I shot and killed aggressors in a foreign land. The nerve this illiterate moron had going fucking AWOL while I was fighting because of his rich, politically connected father looking out for him. FUCK dubya. You are too young and too fucking stupid to have a GOD damn clue what you are talking about. Just pray with me that we get a republican candidate that isn't a fucking coward in 2008.
Reality check, I'm a moderate conservative. It doesn't change the fact the election was stolen and Dubya is a piss poor President. Not all us conservatives are fucking blind.
This is really getting boring. I'm drunk at this point THANK SUZ! so I'm probably going to swear and be rather unreasonable. Please take that into account.
As *nix takes hold in the home I guarantee you most boxes will have if you're lucky 2 accounts, and if you're unlucky 1 account (Lindows?)
This is pure fantasy. Neither here nore there. GNU/Linux(pat me on the back Stallman) isn't going to take hold of the home market in my lifetime. The pathetic (TAKE OVER THE WORLD!!!) GNU/Linux pundits are dreaming. The only thing that could possibly replace a Microsoft offering in the home is an equally easy to use offering. Apple has an easier to use offering and it isn't going anywhere. How the hell is a free offering going to accomplish more with a zero marketing effort? People believe the marketing rhetoric. Microsoft isn't going anywhere anytime soon. The only hope is for Microsoft to fix their broken shit. Period. They will be in control of the desktop market for the forseeable future. I'm sorry, but that is reality. It doesn't have anything to do with the fact that their security is fucking laughable and needs fixed. A *NIX user got there because of the type of person they are AT THIS POINT. *NIX is getting easier to install, but you have to understand the type of extremely pissed off and motivated person that takes the time to install it. Microsoft has to have seriously pissed them off at some point. That ideology represents a majority of your pissed off Linux Zealots here on slashdot. They somehow got totally fucked by Microsoft and said "fuck this". "Fuck this" is a hell of a motivator. That's why they don't get "owned". Mentality has a lot to do with it.
The figures you're pulling out, aren't backed up with evidence, so I'm not going to take them seriously
Look, you can attempt to use my own mechanisms against me, but assume I'm 10 steps ahead. Kudos for learning something. Either way, sure. That's based on my experience supporting Windows since Dos 3.x. Totally my experience. Debate it at will. If you should take the time to do some research you'll probably find out I'm not far off the mark.
I average around 3 patches a year that screw something up
The ones I quoted were within a 4 month period.
But you're still generating straw men totally irrelevant to my statement that you cwhereas I'm only interested in discussing security, and discussing facts rather than half truths. I couldn't care less if your OS is faster, more secure and has a bigger dick than mine, as one of the few decent admins out there, I'm only interested in cutting through the hype and dicussing security of all OS's with mature intelligent peoplean patch 200 machines in a few minutes following successful testing.
Once again, nice try at attempting to use my tactics against me, but you were seriously flawed in execution. You have to assume that I'd think this far ahead. I covered myself very clearly in my last post. Please reread then commence smacking yourself on the forehead.
instead going off on a tangent about crap patches.
That pretty much makes the point. It did for anybody else reading the thread.
Er, You're agreeing with me again
Good lord how? you said All admins know this and accept this whatever the OS they're managing and that kinda threw me. You should understand why.
When Linux gets an exploit that patch gets rolled out usually within 1 day, far faster than MS. But how many people review that patch before it's rolled out?
That's yet another strawman. Show me a single instance in the past 10 years where they had to review a damn thing.
Furthermore, it's more like hours and not a single day at least where FreeBSD and Gentoo are concerned. It's a completely different ballgame when geek pride and reputation are on the line. That's the beauty of open source. Immediate negative motivation to do your shit right the first time.
For every paper MCSE t
It's pretty shaky how he won. Click on the link in my sig then shush. :) That's history for ya.
HEY SUZ
drinks?
crown and anchor (by unlv, topher knows)? IM me. topher has me id. See if he can come too. NO GOD DAMN TRIVIA OR KAREOKE. K?
GET BACK TO WORK BUMS
topher?
On a single user home machine that is devestating.
Because of the ease of setting up multiple user accounts on Linux, most of them are multiuser. Hell, I'm in Vegas and most of my family is in Pennsylvania but when I visit them I still have a login with my favorite setup on 3 out of 4 machines, and they all have a login on this machine when they visit here. The FreeBSD server has backup configured with rsync. Having a good backup is your first concern. Perhaps with windows it's usually a single user affair, but the same is not usually true of *NIX. It's a good thing that Windows 2000 on has a very user friendly and admin friendly way of configuring multiple logins, but utterly pathetic that a security problem can wipe out everyones files. They finally fixed this on Windows 2003. They learned the lesson that UNIX learned two decades ago. Good for Microsoft. I'd definitely try out a desktop oriented operating system based on the logic that's finally built into win 2k3.
What's that got to do with my statement that a decent admin can distribute patches to 200 machines in a few minutes?
Everything because of this statement...
Patches regularly break things.
I'd only change that to say Microsoft patches regularly break things. And I wouldn't even say regularly. They seem to have about a 66 percent success rate with their first patch out the door, and then perhaps 2 out of 5 of those messed up patches actually break something that effects a huge number of people. That's still a very high amount of bad patches. Significantly higher than anybody else by far. Apple had their recent OSX patch fiasco much to their embarassment, but even Apple doesn't release really bad patches that often. It's almost unheard of for a *NIX patch to outright break things. That has a lot to do with the couple of levels magnitude higher amount of peer review and "number of eyes" on things. It's also why *NIX is much more secure than Microsoft can hope to be anytime soon. Microsoft simply can't compete with the sheer number of people working on *NIX. It's the reality of the security failures inherant in the closed source model of development. That's simply how things are.
All admins know this and accept this whatever the OS they're managing.
I'd have to strongly disagree with this. All admins are definitely not created equal. An Operating System with ease of use as its primary goal instead of excellent security and raw horsepower and torque as their focus is not going to inspire the zealous level of attention to detail necessary to keep up with security concerns. If this were the case, there would never have been a code red or a nimbda, etc. You have a supposed Server OS that advertises ease of use but has consistantly had more security problems in the past 10 years than *NIX has in the past 30. From my very considerable experience, I have to agree with the experts that say a qualified UNIX admin can admin easily triple the same number of machines that a qualified Microsoft admin can. And it's no wonder considering how much extra work and patch testing and whatnot you have to do with a Microsoft platform. My hat goes off to anyone that has to deal with 1000+ machine Windows networks. I can remember about 6 years ago I was having lunch with Mark Minasi and he was complaining about 15 different security problems and how he was constantly fighting users over installing things they shouldn't be. How it was this nonstop fight to add new things to the list of things they couldn't run. I'm sure you know who he is. Even he is on record stating the huge difference in the workload associated with managing a large Microsoft server environment as apposed to something better suited to the enterprise. It's amazing Mark found the time to write the excellent books I have on my shelf.
But seeing as I'm arguing with someone who uses terms like "astroturf" because someone has a slightly alternative viewpoint, and admits they actually "care" about OS pissing contests r
Any claim that somehow *nix is secure because most users don't run as root is nonsense.
/home/thatuser. That's about it. You can delete /var/spool/mail/thatusr. You could potentially fill up /tmp with crap. That's about it. The file descriptor limits that are part of any current *NIX distribution are even going to stop a fork bomb. UNIX has had a lot more time to consider security, and had it's security crisis. Microsoft is in the midst of theirs, and slowly getting the idea. Win2k3 is a huge step in the right direction. Of course, it's very UNIXlike. Microsoft should have taken the right steps to remake UNIX a long time ago.
How do you figure? That's entirely the point. The line between admin/user is heavily blurred on Microsoft platforms and requires significant point and click time to rectify it, and you still can't be sure the next security bomb isn't right around the corner, or in your mailbox already. You simply can't debate this. As a Microsoft user, you have to fear your email. You are heavily downplaying the significance of having this very deeply drawn line in the sand with *NIX platforms. Not having access to the root account means you can only effect the files that are owned by that user. You can cause massive damage to
An admin who knows what they are doing should take around 10 minutes to serve the patch to 200 machines
Hmmm...
MS02-023 Patch Breaks JAVASCRIPT
IE security patch breaks ASP.NET on XP
SP4 Breaks Blaster Patch from Microsoft
Q313450 and Q319733 breaks Microsoft Site Server 3.0 membership authentication
That took about 10 seconds to find. I could list another 100 examples but I'm sure you get the point. Those are pretty recent. No offence, but Microsoft appears to put the same attention to detail into making their patches as they do with crafting their security. It's no wonder people are wary of their patches. Do a google search for "patch breaks microsoft" without the quotes.
then you are in fact agreeing with me
Actually, you replied to me so it's more like you've been agreeing with me while astroturfing your way into a questionable side argument to try to make some house of cards argument for Microsoft having something more than very poor security. I hate to mention that the foremost security experts in the world tend to agree with my position.
My family like to play games on their PCs, so *nix isn't an option.
Very true. My sister is completely addicted to Id FPS games thanks to me. She's a "rails only" addict. Id developes all their games on UNIX first, then ports them. But yeah. Mandrake is perfect if you are like most older people and simply want to send and receive email and surf the net and print letters and whatnot. It's definitely not a serious gaming platform unless you go the transgaming route, and even then the performance is horrible by comparison. The games that run natively usually do run faster on Linux given the same hardware, but sadly they are few and far between. My family generally are a bunch of aggressive overachievers that don't have much time for games. Two lawyers, a CPA, and a small business person. Mandrake with commercial StarOffice does pretty much everything they need with greatly enhanced security. I have one sis that is the "Mandrake Expert". So basically I've set up an auto-update function that she understands how to use to keep the systems patched via an ftp server. And they all sit behind a FreeBSD firewall with no ports open. Zero problems in 3 years. I haven't even had to lift a finger to admin them.
As for the honesty of the article, I think it was dead on. They were not talking about locked down windows machines. You brought that up. They were talking about typical windows users. If you don't stay on topic and insist on strawman type arguments, it's easy to attempt to make some point not relevant to the story. As it stands, the facts in the story check out. There is a massive
Very true.
I think that's a rather weak rebuttle with this strawman argument:
There is a common misconception that the end goal of the hacker has to be to root the box so he can claim 0wzership of it. Which is simply not true. Sometimes you don't need root to do some "useful" things on a box.
Something I never even brought up or alluded to. My point was this one that you made:
It's more difficult to expand privileges up to root in Linux
Thanks. That pretty much sums up the point of the story as well. Good show.
You get additional points for pointing out:
The Windows security model for home use is broken
But you make some assumptions that can't possibly be backed up by fact here:
but it isn't for office use: CONTEXT (The Windows security model for home use is broken)
And earlier in the thread here:
office PCs with limited users and sensible group policies are locked down tighter than the average Linux box, but home machines aren't
Which hasn't been my experience at all, but I'll be fair enough to admit that I suppose it's possible. I'd have to see some numbers. It's kind of irrelevant considering the topic.
You truly shine here though:
Like I said, the problem is getting ease of use for the home user, and balancing it with decent security.
Which is ultimately my point and the point of the story as well. I'd have to say that currently Mandrake Linux comes closer to providing that experience than any out of the box Microsoft offering does. It's probably why I have my 3 sisters, Mother, Mother-In-Law, and Father-In-Law using it instead of Windows. Just yesturday my sister called me and asked my why she has 40 email in her inbox claiming to be security updates from Microsoft, and I had to explain that it was yet another email virus and that she should delete them. I also explained that they were never a threat in the first place. Very ironic. You can't beat a real world example of how someone that just needs to surf the net and check email can benefit from something like Mandrake, and it's inherant security prowess over Windows.
Interesting. However, much like the author of the story exagerated his point, you did here:
people think it's stupid when they have to save, chmod, rename a file just to look a their new baby granddaughter's photo.
Either you have no Linux experience and you are going by what you've heard, or you are intentionally interjecting some hyperbole for effect. I can assure you that with KMail or Thunderbird (what I use and love at the moment) you don't need to chown, rename, or even save a photo to view it as an attachment. And neither of them will execute an exe as an attachment. And if they did it wouldn't take over my entire operating system because my email client doesn't run as root. That is the point of the story. That can't be changed through arguement. Microsoft is going to have to change their permissions models to mitigate nonsense like this.
Looking at my Station Casinos Preferred Membership Card, I can tell you exactly what the cards are for. It's to get you to come back to the same Casinos. The cool thing about the Station card is you can use it at any of their Casinos. And they have quite a few. The card gets you stuff like free plays, discounted drinks, and automatically registered for a jackpot drawing. My father-in-law hit it for 35 grand recently on a dollar slot. This is the only card I'm familiar with, but I'm sure they are all pretty much the same thing. My card is valid at Boulder Station, Palace Station, Texas Station, Sunset Station(my fav), and Santa Fe Station.
Ok, lets break that all down rationally.
:) As for whether or not Linux is "clearly" anything, I'll sidestep your poor attempt at FUD and concentrate on the facts of the matter. :) You were saying something about a stupid argument?
That argument is stupid. That says nothing about Windows. I can write a Linux email client that takes executables when you receive them and run them without the user ever reading them.
Sure. But who would use it? Ok, lets take that a step further. Assuming some people used it, only those people would be effected by some potential Microsoft style virus/trojan that exploited it. Because of the nature of Linux, most people would be using some other email client. More importantly, only their user account would be effected. This pretty much null and voids this argument.
Likewise I can make a Windows client that changes the access rights for all mail such that you must type in a password and take a test before reading them.
Sure, but who would use it? Ok, lets take that a step further. Assuming some people did use it, how are you going to stop your typical windows user from typing in their password and attempting to install "COOL SCREENSAVER!" or "Latest Microsoft Update!". Short answer, you aren't. Microsoft is going to have to fix their broken security model with their email client(s).
Why are Windows apps the way they are? Because they are meant to be used by everyone. Not someone who knows what chmod 644 means. Linux clearly is not the answer, at least not the way it looks now.
Windows apps are the way they are because that is the way that Microsoft made them. Period. Unlike Linux or other operating systems that rely on many other codebases where you have massive amounts of choice regarding what you are going to run. It has little to do with "meant to be used by everyone". Most people buy their PC with Windows preinstalled and don't know any better than to use what comes with it. Therein lies the problem. Because of this, Microsoft has a GREATER responsibility to make sure that their default clients are secure since it's what most newbies are forced to use. The fact that the average Windows user has no idea what chmod means has nothing to do with the fact that Microsoft needs to tighten up their email clients and stop doing stupid stuff. But nice strawman argument.
The problem with your core point is that it is the same flawed logic the story addresses. I think what you are forgetting is that UNIX already had it's "security crisis" over a decade ago and has had much more time to relearn, retool, and do things the right way. The whole point with UNIX or *NIX is that the mentality to do things securely has been in place for a very very long time. Microsoft has been in the midst of their security crisis for a while now, and up until recently chose to market their way around it instead of addressing it. That's downright obnoxious considering that they have 50 billion dollars in the bank. They could probably spend less than 5 percent of that and fix their insecure operating systems. Things are coming along. Windows Server 2003 is very secure (and very UNIXlike big surprise). They are slowly learning the security lessons that UNIX learned well over a decade ago.