Other things that make it difficult for people to even bother with WEP is that unless someone is using a wireless NIC and access point/wireless router from the same vendor there's no common passphrase mechanism that allows WEP keys to be easily set. Instead people have to enter cryptic keys into their wireless profiles to access a network that has WEP enabled. I've seen a number of quick start guides that ship with 802.11 gear that says use the "default" values for everything so it just works. That means the factory default SSID is broadcast and WEP is disabled.
From sitting in my home with my laptop on with a wireless card, I pickup no less than 3 of my neighbor's networks and several of them don't have WEP enabled and in some cases they're still using the factory default SSID. Perhaps they've turned on MAC address filtering I don't know since I only survey the networks and never try to connect to any of them.
I portscanned my Linksys WAP54G access point and I got the following:
Starting nmap V. 2.54BETA25 ( www.insecure.org/nmap/ ) Host (192.168.1.245) appears to be up... good. Initiating SYN Stealth Scan against (192.168.1.245) Adding TCP port 80 (state open). The SYN Stealth Scan took 1 second to scan 1544 ports. For OSScan assuming that port 80 is open and port 1 is closed and neither are firewalled Interesting ports on (192.168.1.245): (The 1543 ports scanned but not shown below are in state: closed) Port State Service 80/tcp open http
Remote operating system guess: Linux Kernel 2.4.0 - 2.4.5 (X86) Uptime 8.568 days (since Fri May 30 22:34:18 2003) TCP Sequence Prediction: Class=random positive increments
Difficulty=2465770 (Good luck!) IPID Sequence Generation: All zeros
Nmap run completed -- 1 IP address (1 host up) scanned in 4 seconds
Agreed...Both Netscape and Mozilla work fine for configuring the WAP54G and WAP11 access points. I've tried using Konquorer and while it can display the basic page many of the radio buttons and stuff that show some of the settings infomration come up empty.
Linksys' web configuration screens are fairly simple and so I don't know why they can't support other reasonable web browsers. If they asked for voluteeers from Linux and other non-windows users in testing browser capatibility I bet they'd get pretty decent response back.
I guess that raises the question is if there's any support for the Linksys Wireless-G NICs? I have a WPC54G but right now and I only have support for it by using Win2K on my laptop. I'm hoping to have a Linux laptop but I don't know if I'll be able to use the WPC54G card I already have with it.
Re:one of the most secure
on
Absolute OpenBSD
·
· Score: 3, Informative
I've been using OpenBSD for nearly a year now after switching out a 4 year old Linux system that was still using ipchains. I subscribed to the OpenBSD "misc" list just to see how people were treated. While it's true there are some people that flame a newbie I see a number of helpful posts from people on that list even for stupid things that could have been looked up in the man pages. The OpenBSD man pages are kept reasonably up to date and are quite useful if people actually take the time to read them IMHO. I must say that some people that post for help are rather lazy and don't even bother to research anything on their own. They know what command or package they're having problems with and they seem too damn lazy to read the man page or research anything first before posting for help.
I applaud the work of Theo and others that have taken up the task of ensuring that all of the code in OpenBSD is free. Any code that has licensing issues from the original author and the auther is unwilling to change their license appears to get removed and replaced in the OpenBSD source code. I recall the author of "IPFilter" changed his license so that derivative or modified works of "IPFilter" were not allowed without the author's concent and so "IPFilter" was removed from OpenBSD and "pf" was written to replace it.
OpenSSH and "pf" are fantastic and I've never looked back after switching my firewall over to OpenBSD.
Given that more lawyers are graduating from college than engineers in the U.S. what else can a company do? They'll have a hard time finding any domestic engineering talent to create anything new. In the end it may not matter though since the current trend appears to be to either move or outsource engineering work overseas where labor rates are much lower. If that trend continues there may not be much engineering work for anyone to do in this country.
I recall using a different version of DOS called "Turbo-DOS" I think it was that loaded programs way faster than Apple DOS 3.3. Obviously that came at a price in terms of what features where available. IIRC the code that had to deal with formatting a floppy was removed from Turbo-DOS so I had to go back to Apple DOS 3.3 to format a floppy.
This was a pain so I wrote my own diskcopy program and using the "Beneath Apple DOS" book I managed to gleen all of the disk format code out of Apple DOS and into my diskcopy program. What a hack as the format code within Apple DOS used NOPs all over the place for timing. I used the Randall Hyde's "Laser Interactive Symbolic Assembler" aka "LISA" to do all of my 6502 coding work on the Apple ][.
I know there were some problems with the online update system but after the first update to the online update program is installed I haven't had any problems with it. My gripe with the 8.x online update was that it is alot slower than the updater was in SuSE 7.x. I've watched it run and it is seems very inefficient in that it downloads a huge list of little files one byone.
It would seem to me that a single download of a compressed tar file or something would work alot better. I'm still using SuSE 8.1 on the systems I maintain and haven't been having any problems with any of the online update stuff.
For 8 bit micro processors I have programmed 6502, 8080 and Z80. IMHO the Z80 was the best 8 bit processor I ever programmed when I was doing assembly language. The 68000 looked pretty decent too but I only used it for writing an operating system in college and a majority of the OS code was in Modula-2 with some small use of embedded opcodes in the code. Because I was using a high level language, I wasn't doing vast amounts of assembly language coding like I had done previously with 8bit processors. I still had to understand how the 68000 worked for my OS to work with it.
Seems like all those users that whine about there not being ISO images can't even bother to go visit the OpenBSD website and read any of the online documentation that is available there. I've done several FTP based installs myself and it only required me to make a boot floppy. Once you have a running system you can download all of the source via AnonCVS and compile your own OpenBSD release and burn your own CDROMs of it if you want.
One thing that is different about OpenBSD is that the patches are released in source code form and so you have to compile the system yourself to keep it up to date. I keep an up to date source code tree of the latest OpenBSD stable release and with a couple of shell scripts that automate the process I've been building my own OpenBSD releases for a while now. I even put together a old PPro 200 system that I use as a dedicated build system. I download the created tarballs from my build system and use them to update my live BSD systems when I need to.
I can't help but think of Dijkstra when I think back to my collge days. I remember the class discussion about Semaphores in the operating systems principles class I was taking as part of my C/S coursework.
While this isn't always the case I have certainly worked on my shared of projects that some BS-er got management all excited about but they didn't really have the techinical skills to make the project successful but knew how to talk to management. The BS-er's real motive was to get management to buy-off on the use of unproven new technology so the BS-er could use the project to aquire experirence with the latest hot job skills. The BS-er used this experience so they could leave for a higher paying job elsewhere and start the same cycle again at another company.
These BS-ers had no problem leaving a big mess at their old job which is where I spent my time getting the project to actually work. I know that some of the BS-er types I knew eventually had to leave town in search of fresh victims in other cities since they had finally burned all of their bridges in their current city and could no longer find any work.
There was a time in the pre-dot.com days before all the "IT Wannabes" screwed everything up when you didn't have to have all bazillion skills an employer was looking for on your resume to get a job. I remember getting programming jobs years ago and got the job for having solid C/C++, RDBMS/SQL experience, and shell scripting skills. For skills and experience I didn't have I was expected pick this stuff up as needed. I got into programming Tandem NonStop systems this way even through I originally signed up for a C/C++, with/embedded SQL Unix job. A person with good programming and software development skills with good refererence materials available can easily pickup other skills on the fly for a given project.
I sometimes wonder if jobs are so scarce because companies are tired of paying big bucks for IT people and getting know-nothings in return. There are so many people that have no business being in IT and only did it for the money not for the love and enjoyment of the technology.
Maybe I don't hangout in the right circle of programming frieds but besides seeing an impossible number of years worth of experience in new technology, I see crazy mixes of skills. I see jobs where they want some Unix C/C++ guru and then they want the person to also have experience with Visual Basic. I don't know about anyone else but the people I've meet that were really good in Unix didn't have any interest in learning VB. Other jobs I see they a great deal of Win32 C++ development and also want the person to have experience with COBOL on mainframes. Again I've worked with a few good Windows developers but most of them were too young to ever had been around a and all their experience revolved around PCs.
I guess I'm not going to be complaining about my wife printing so many pages through our laser printer anymore. I spend $60 something dollars for a new toner cartridge maybe once a year or so and that one cartridge allows her to go through many reams of paper before I need to replace the toner cartridge again.
We also have a Lexmark Optra 40 color printer that we only use when we want something in color. Lexmark included high yield ink cartridges with the printer when I bought it. The replacement cartridges aren't cheap either so I guess we're reamed as bad as HP users are in the end as well.
I wonder how the thing handles going downhill on some of the streets in downtown Seattle? Some of the streets are pretty steep from west of I-5 down to the waterfront.
You can do it with one server and two NICS. I found it relatively easy to setup a system that acts both as a firewall and file/print server on my home network. I don't really have the room to have two separate systems so all I did was setup some firewall rules that blocks access to any and all running services on the box on the external network interface I have connected to my cable modem. Access to all running services is allowed on the second interface which is on my private network.
This gives me a pretty nice system that protects my home network and is flexible enough that I can share files and a laser printer with my other client systems on my network. It also makes it easy to do any maintenance on my system since I don't have to dig my way to the system as it sits in a small corner in a downstairs den. About the only time I physically touch the system is if I'm installing a new Linux kernel or opening the case to give the system its once a year dust blow out.
Well got an automated phone call on 12/2 saying that my service was restored and to reboot. I shutdown and restarted "dhcpcd" and sure enough things were back working again. I updated all of my old userids to use the @attbi.com and things were great for about 3 hours. After that I haven't been able to do anything as the DNS servers they are giving out from their DHCP server are either bogus or are unreachable.
The network appears to be up since my system can obtain a lease from the DHCP server and I see the occasional script kiddie port probing my firewall.
Well if you keep getting your Red Hat box hacked perheps you should considering setting up a firewall and disabling unncessary services if you haven't already done so. An open box with running services is quickly hacked if not secured properly.
I've had @Home service for nearly two years and haven't had to reload the box at all since I haven't been hacked. I follow @Home's EULA and don't run any publicly available services on my Linux system. My firewall logs show a lot of script kiddie activity sometimes with port probes but with disabled services a a good set of firewall rules it is possible to keep the system reasonably secure.
Having first started with Slackware, and then later moved to SuSE, I decided to give OpenBSD a try as I wanted a smaller installed system for my firewall/gateway system I have on my network.
Right now I'm running a patched up version of SuSE 6.4 which isn't too fat but after seeing what SuSE 7.x installs by default it just seems like too much bloat for a firewall/gateway box.
I've got OpenBSD 2.9 installed on a new test system that I plan to try out as my new firewall/gateway system. The install process and setup reminded me a lot of my early Slackware days but better in someways in that OpenBSD is setup to be quite secure by default. The number of configuration files I had to edit for my system was trival and easily backed up to floppy so I can quickly rebuild my system.
I am unfamilar with OpenBSD packet filter mechanism so that has been where most of my learning curve as been. I know Linux's ipchains very well but the rule syntax is differnt with "ipf". The rule syntax is rather nice once I got used to it and figured out how to setup similar rules as what I used with ipchains.
You forget Nova 9 which was the sequel to Stellar 7. I actually still have my copy of Nova 9 but I haven't ever tried to see if it will run under Win95 or not. It might as I've played Aces over the Pacific and A10 under Win95.
And I was hoping the removal of these newsgroups might free up enough space so @Home's news servers could retain postings longer. Thanks goodness for deja.com if you can't always keep up with a newsgroup. @Home's newsgroup rentention is the worst I've ever seen from an ISP.
My first machine was a Franklin Ace 1000 Apple ][ clone. It has a full 64K on the motherboard and the power supply even had a fan in it. The keyboard also included a numberic keyboard something the Apple ][ didn't have.
Another thing I heard about this cases was that one of the reasons the monitary reward for this "hot coffee" case so large is that there had been many previous complaints by customers that the coffee was being served too hot and those complaints were ignored.
Nothing new here when it comes to a large company knowing that something is wrong with a product and ignoring it...
Ford Motor Company did the same thing regarding the gas tanks on their Pinto. They knew there was a risk of the tank exploding if the car was hit from behind but instead they figured the legal consequences were cheaper than fixing the gas tank. In the end they ended up having to recall their Pintos and put plastic liners inside the gas tank to fix the problem. Cost them quite a bit between the lawsuits and all of the recalls as I recall.
It's been a while but as I recall the Z80 only had a program counter that was 16 bits wide so it would only handle 64K of memory. This was great when all we ran was CP/M on the Z80. The 8086/8088 had something like 20 bits for address so a whopping 1MB could be accessed although some of that memory space was reserved for BIOS and stuff so that left 640K to work with.
As for IBM choice of the 8088 rather than the 8086 I heard they wanted an 8 bit data path since 8 bit devices were much more common and cheaper at the time than 16 bit devices were.
Slashdot Mirror
Other things that make it difficult for people to even bother with WEP is that unless someone is using a wireless NIC and access point/wireless router from the same vendor there's no common passphrase mechanism that allows WEP keys to be easily set. Instead people have to enter cryptic keys into their wireless profiles to access a network that has WEP enabled. I've seen a number of quick start guides that ship with 802.11 gear that says use the "default" values for everything so it just works. That means the factory default SSID is broadcast and WEP is disabled.
From sitting in my home with my laptop on with a wireless card, I pickup no less than 3 of my neighbor's networks and several of them don't have WEP enabled and in some cases they're still using the factory default SSID. Perhaps they've turned on MAC address filtering I don't know since I only survey the networks and never try to connect to any of them.
I portscanned my Linksys WAP54G access point and I got the following:
... good.
Starting nmap V. 2.54BETA25 ( www.insecure.org/nmap/ )
Host (192.168.1.245) appears to be up
Initiating SYN Stealth Scan against (192.168.1.245)
Adding TCP port 80 (state open).
The SYN Stealth Scan took 1 second to scan 1544 ports.
For OSScan assuming that port 80 is open and port 1 is closed and neither are firewalled
Interesting ports on (192.168.1.245):
(The 1543 ports scanned but not shown below are in state: closed)
Port State Service
80/tcp open http
Remote operating system guess: Linux Kernel 2.4.0 - 2.4.5 (X86)
Uptime 8.568 days (since Fri May 30 22:34:18 2003)
TCP Sequence Prediction: Class=random positive increments
Difficulty=2465770 (Good luck!)
IPID Sequence Generation: All zeros
Nmap run completed -- 1 IP address (1 host up) scanned in 4 seconds
Agreed...Both Netscape and Mozilla work fine for configuring the WAP54G and WAP11 access points. I've tried using Konquorer and while it can display the basic page many of the radio buttons and stuff that show some of the settings infomration come up empty.
Linksys' web configuration screens are fairly simple and so I don't know why they can't support other reasonable web browsers. If they asked for voluteeers from Linux and other non-windows users in testing browser capatibility I bet they'd get pretty decent response back.
I guess that raises the question is if there's any support for the Linksys Wireless-G NICs? I have a WPC54G but right now and I only have support for it by using Win2K on my laptop. I'm hoping to have a Linux laptop but I don't know if I'll be able to use the WPC54G card I already have with it.
I've been using OpenBSD for nearly a year now after switching out a 4 year old Linux system that was still using ipchains. I subscribed to the OpenBSD "misc" list just to see how people were treated. While it's true there are some people that flame a newbie I see a number of helpful posts from people on that list even for stupid things that could have been looked up in the man pages. The OpenBSD man pages are kept reasonably up to date and are quite useful if people actually take the time to read them IMHO. I must say that some people that post for help are rather lazy and don't even bother to research anything on their own. They know what command or package they're having problems with and they seem too damn lazy to read the man page or research anything first before posting for help.
I applaud the work of Theo and others that have taken up the task of ensuring that all of the code in OpenBSD is free. Any code that has licensing issues from the original author and the auther is unwilling to change their license appears to get removed and replaced in the OpenBSD source code. I recall the author of "IPFilter" changed his license so that derivative or modified works of "IPFilter" were not allowed without the author's concent and so "IPFilter" was removed from OpenBSD and "pf" was written to replace it.
OpenSSH and "pf" are fantastic and I've never looked back after switching my firewall over to OpenBSD.
Tony
Given that more lawyers are graduating from college than engineers in the U.S. what else can a company do? They'll have a hard time finding any domestic engineering talent to create anything new. In the end it may not matter though since the current trend appears to be to either move or outsource engineering work overseas where labor rates are much lower. If that trend continues there may not be much engineering work for anyone to do in this country.
I recall using a different version of DOS called "Turbo-DOS" I think it was that loaded programs way faster than Apple DOS 3.3. Obviously that came at a price in terms of what features where available. IIRC the code that had to deal with formatting a floppy was removed from Turbo-DOS so I had to go back to Apple DOS 3.3 to format a floppy.
This was a pain so I wrote my own diskcopy program and using the "Beneath Apple DOS" book I managed to gleen all of the disk format code out of Apple DOS and into my diskcopy program. What a hack as the format code within Apple DOS used NOPs all over the place for timing. I used the Randall Hyde's "Laser Interactive Symbolic Assembler" aka "LISA" to do all of my 6502 coding work on the Apple ][.
I know there were some problems with the online update system but after the first update to the online update program is installed I haven't had any problems with it. My gripe with the 8.x online update was that it is alot slower than the updater was in SuSE 7.x. I've watched it run and it is seems very inefficient in that it downloads a huge list of little files one byone.
It would seem to me that a single download of a compressed tar file or something would work alot better. I'm still using SuSE 8.1 on the systems I maintain and haven't been having any problems with any of the online update stuff.
For 8 bit micro processors I have programmed 6502, 8080 and Z80. IMHO the Z80 was the best 8 bit processor I ever programmed when I was doing assembly language. The 68000 looked pretty decent too but I only used it for writing an operating system in college and a majority of the OS code was in Modula-2 with some small use of embedded opcodes in the code. Because I was using a high level language, I wasn't doing vast amounts of assembly language coding like I had done previously with 8bit processors. I still had to understand how the 68000 worked for my OS to work with it.
Seems like all those users that whine about there not being ISO images can't even bother to go visit the OpenBSD website and read any of the online documentation that is available there. I've done several FTP based installs myself and it only required me to make a boot floppy. Once you have a running system you can download all of the source via AnonCVS and compile your own OpenBSD release and burn your own CDROMs of it if you want.
One thing that is different about OpenBSD is that the patches are released in source code form and so you have to compile the system yourself to keep it up to date. I keep an up to date source code tree of the latest OpenBSD stable release and with a couple of shell scripts that automate the process I've been building my own OpenBSD releases for a while now. I even put together a old PPro 200 system that I use as a dedicated build system. I download the created tarballs from my build system and use them to update my live BSD systems when I need to.
I can't help but think of Dijkstra when I think back to my collge days. I remember the class discussion about Semaphores in the operating systems principles class I was taking as part of my C/S coursework.
Rest In Peace E. W. Dijkstra.
While this isn't always the case I have certainly worked on my shared of projects that some BS-er got management all excited about but they didn't really have the techinical skills to make the project successful but knew how to talk to management. The BS-er's real motive was to get management to buy-off on the use of unproven new technology so the BS-er could use the project to aquire experirence with the latest hot job skills. The BS-er used this experience so they could leave for a higher paying job elsewhere and start the same cycle again at another company.
These BS-ers had no problem leaving a big mess at their old job which is where I spent my time getting the project to actually work. I know that some of the BS-er types I knew eventually had to leave town in search of fresh victims in other cities since they had finally burned all of their bridges in their current city and could no longer find any work.
There was a time in the pre-dot.com days before all the "IT Wannabes" screwed everything up when you didn't have to have all bazillion skills an employer was looking for on your resume to get a job. I remember getting programming jobs years ago and got the job for having solid C/C++, RDBMS/SQL experience, and shell scripting skills. For skills and experience I didn't have I was expected pick this stuff up as needed. I got into programming Tandem NonStop systems this way even through I originally signed up for a C/C++, with/embedded SQL Unix job. A person with good programming and software development skills with good refererence materials available can easily pickup other skills on the fly for a given project.
I sometimes wonder if jobs are so scarce because companies are tired of paying big bucks for IT people and getting know-nothings in return. There are so many people that have no business being in IT and only did it for the money not for the love and enjoyment of the technology.
Maybe I don't hangout in the right circle of programming frieds but besides seeing an impossible number of years worth of experience in new technology, I see crazy mixes of skills. I see jobs where they want some Unix C/C++ guru and then they want the person to also have experience with Visual Basic. I don't know about anyone else but the people I've meet that were really good in Unix didn't have any interest in learning VB. Other jobs I see they a great deal of Win32 C++ development and also want the person to have experience with COBOL on mainframes. Again I've worked with a few good Windows developers but most of them were too young to ever had been around a and all their experience revolved around PCs.
Tony
I guess I'm not going to be complaining about my wife printing so many pages through our laser printer anymore. I spend $60 something dollars for a new toner cartridge maybe once a year or so and that one cartridge allows her to go through many reams of paper before I need to replace the toner cartridge again.
We also have a Lexmark Optra 40 color printer that we only use when we want something in color. Lexmark included high yield ink cartridges with the printer when I bought it. The replacement cartridges aren't cheap either so I guess we're reamed as bad as HP users are in the end as well.
I wonder how the thing handles going downhill on some of the streets in downtown Seattle? Some of the streets are pretty steep from west of I-5 down to the waterfront.
You can do it with one server and two NICS. I found it relatively easy to setup a system that acts both as a firewall and file/print server on my home network. I don't really have the room to have two separate systems so all I did was setup some firewall rules that blocks access to any and all running services on the box on the external network interface I have connected to my cable modem. Access to all running services is allowed on the second interface which is on my private network.
This gives me a pretty nice system that protects my home network and is flexible enough that I can share files and a laser printer with my other client systems on my network. It also makes it easy to do any maintenance on my system since I don't have to dig my way to the system as it sits in a small corner in a downstairs den. About the only time I physically touch the system is if I'm installing a new Linux kernel or opening the case to give the system its once a year dust blow out.
Well got an automated phone call on 12/2 saying that my service was restored and to reboot. I shutdown and restarted "dhcpcd" and sure enough things were back working again. I updated all of my old userids to use the @attbi.com and things were great for about 3 hours. After that I haven't been able to do anything as the DNS servers they are giving out from their DHCP server are either bogus or are unreachable.
The network appears to be up since my system can obtain a lease from the DHCP server and I see the occasional script kiddie port probing my firewall.
Well if you keep getting your Red Hat box hacked perheps you should considering setting up a firewall and disabling unncessary services if you haven't already done so. An open box with running services is quickly hacked if not secured properly.
I've had @Home service for nearly two years and haven't had to reload the box at all since I haven't been hacked. I follow @Home's EULA and don't run any publicly available services on my Linux system. My firewall logs show a lot of script kiddie activity sometimes with port probes but with disabled services a a good set of firewall rules it is possible to keep the system reasonably secure.
Tony
Having first started with Slackware, and then later moved to SuSE, I decided to give OpenBSD a try as I wanted a smaller installed system for my firewall/gateway system I have on my network.
Right now I'm running a patched up version of SuSE 6.4 which isn't too fat but after seeing what SuSE 7.x installs by default it just seems like too much bloat for a firewall/gateway box.
I've got OpenBSD 2.9 installed on a new test system that I plan to try out as my new firewall/gateway system. The install process and setup reminded me a lot of my early Slackware days but better in someways in that OpenBSD is setup to be quite secure by default. The number of configuration files I had to edit for my system was trival and easily backed up to floppy so I can quickly rebuild my system.
I am unfamilar with OpenBSD packet filter mechanism so that has been where most of my learning curve as been. I know Linux's ipchains very well but the rule syntax is differnt with "ipf". The rule syntax is rather nice once I got used to it and figured out how to setup similar rules as what I used with ipchains.
You forget Nova 9 which was the sequel to Stellar 7. I actually still have my copy of Nova 9 but I haven't ever tried to see if it will run under Win95 or not. It might as I've played Aces over the Pacific and A10 under Win95.
"Scribe" might be too similar to "DeScribe" which was a commerical word processor I used to use back in my OS/2 days.
And I was hoping the removal of these newsgroups might free up enough space so @Home's news servers could retain postings longer. Thanks goodness for deja.com if you can't always keep up with a newsgroup. @Home's newsgroup rentention is the worst I've ever seen from an ISP.
My first machine was a Franklin Ace 1000 Apple ][ clone. It has a full 64K on the motherboard and the power supply even had a fan in it. The keyboard also included a numberic keyboard something the Apple ][ didn't have.
Another thing I heard about this cases was that one of the reasons the monitary reward for this "hot coffee" case so large is that there had been many previous complaints by customers that the coffee was being served too hot and those complaints were ignored.
Nothing new here when it comes to a large company knowing that something is wrong with a product and ignoring it...
Ford Motor Company did the same thing regarding the gas tanks on their Pinto. They knew there was a risk of the tank exploding if the car was hit from behind but instead they figured the legal consequences were cheaper than fixing the gas tank. In the end they ended up having to recall their Pintos and put plastic liners inside the gas tank to fix the problem. Cost them quite a bit between the lawsuits and all of the recalls as I recall.
It's been a while but as I recall the Z80 only had a program counter that was 16 bits wide so it would only handle 64K of memory. This was great when all we ran was CP/M on the Z80. The 8086/8088 had something like 20 bits for address so a whopping 1MB could be accessed although some of that memory space was reserved for BIOS and stuff so that left 640K to work with.
As for IBM choice of the 8088 rather than the 8086 I heard they wanted an 8 bit data path since 8 bit devices were much more common and cheaper at the time than 16 bit devices were.