Mainstream versions of Windows is a concept you can't seem to grasp, apparently.
Then you repeat yourself again, not even actually trying to respond to anything actually from the post you're replying to. I assume you have lots more spamtroll posts to copy and paste together.
1st. You state that vendors "cater to [Windows] immensely" and less to Linux because Windows is "running the show" and therefore they don't support Linux to the same degree. But you were providing this as an example of how Linux is supposedly worse than Windows. You specifically said "Linux is in last place because it's not as good as Windows", then I asked in what ways is Linux worse than Windows and you provided these four points. I'm truly confused as to how you can't understand that this first example is circular reasoning. It basically boils down to: "Linux is in last place because it's worse than Windows because it's in last place". That's circular.
We can disagree on drivers plenty, I'm sure. One of us might have had good experiences where the other has had bad experiences and so forth. I've had some truly horrendous driver experiences on Windows, some of which were far worse than any experience I've had in Windows. I remember waiting for some of my hardware to be supported in NT 4.0. It never was, but Linux worked with it right out of the box (well, sleeve, I was ordering from Cheapbytes back in those days if I recall correctly).
2nd. It is circular logic, not just logic. You're just listing another secondary effect (the same one as your first example, really) of being a less prolific OS. It is true, but it's not a way that Linux is somehow intrinsically worse than Windows, which is what you claimed to be providing. The fact is, Linux can play any of those games if they're ported to Linux. The fact that most of them haven't been ported isn't some intrinsic property of Linux
3rd. I can't believe you're actually defending this one. At least the first two examples had an intermediate step in the circular logic chain. This one was just pure circular logic. You can't claim that there are intrinsic reasons for something to have low marketshare, then quote an externality, like the fact that it has low marketshare as one of those intrinsic reasons. You just can't. A five year old would understand that you can't. It's a giant logical fallacy. How can you be so free of the ravages of intellect that you can't see that? Or is it that you can see that, but you choose not to because you're a liar?
Also, what is it about you that gives you such a huge ego? The fact that you're not running Linux is supposed to prove that it's no good. Are you secretly some multiple nobel prize winning superspy astronaut cowboy? What shining qualities do you posses that we should all know to line up behind you and do exactly as you do?
4th. "Meaningful comparison". Not anecdotes. "Meaningful comparison". You've consistently proven yourself incapable of any sort of actual analysis. You know that you're not going to convince me posting the same tired old links. Why even bother? You claimed in your 4th example of how much worse Linux supposedly is than Windows that it has some significantly larger portion of security flaws than Windows, but you still haven't provided any real analysis to support your opinion. That leads me to believe that your opinion is unfounded.
Facts, even when you capitalize and bold the word, do not equal logic. I don't want to have to teach you what logic is. For example, simply stating that Linux has a lower marketshare than Windows doesn't prove anything intrinsic about Linux. That would only be the case if certain bizarre theories about the invisible hand making markets infallible were true. Oh. I just realized. You're probably one of those idiots who feels awe in the presence of simple emergent properties and actually believes that about economic markets. Sigh. Well, anyway, it's pretty obvious from your posts that you couldn't string together a logical argument to save your life.
I know what an Ad Hominem attack is. My comments to you are certainly becoming more personally abusive. It's sort of hard not to considering how rude you've been. Despite that, commenting on your posting style is not an Ad Hominem attack. The content of your pos
Ah, of course, it's a huge mistake of mine not to realize that you're the type who likes to paint the bullseye around the hole after firing the shot. Obviously you were never talking about any other kind. Sure I believe you. After all, you've been so honest so far.
I hate to break it to you, but the windows NT family wasn't mainstream until Windows XP. I ran NT and 2000, and they never had the driver support to be mainstream versions of windows. Before XP, the previous mainstream version of Windows was 98 (I'm pretending ME never happened in the same way I pretend Highlander 2 never happened). The vast majority of Windows users had as little idea of the existence of NT and 2000 as they did of the existence of Linux.
File attributes like read-only are only security features if anyone using the system can't write to the file at will, otherwise they're just file attributes. When I said "file permissions", I imagined you'd understand that the concept of permission would actually have to be involved. Obviously I was wrong. I seem to be wrong every time I assume you'll understand something that should be obvious. Also, Linux didn't steal the concept of ACLs from windows. Windows ACLs are just an implementation of ideas Butler Lambert put forth in the 70's. By and large, there's nothing new under the sun in the computing world, no matter who wants to take credit for "inventing" what.
Autorun again (and you repeating yourself). You don't address the fact that it only affected certain distros, not the core Linux OS itself. Also, the Linux distros it affected actually cleaned up their act. Windows allowed blind autorun with no warning for years and years.
Yes, Windows NT was designed with a multi-user model in mind. Your ex-post facto declaration that it's the only version of windows you've been talking about rings a bit hollow to me. You might have made some indication that's what you meant at some point before this. The fact that you didn't makes this look like backpedalling on your part.
As for my supposed "mistakes" continuing. Just saying it doesn't make it so. Your style of self-involved rhetoric is pretty transparent. The fact that you can't see that is just plain sad. Just as is your habit of figuratively covering your ears and humming when someone says something that disproves one of your statements.
As for who cares about the past... _YOU_ care about the past. Or at least, you cared about the past up until the point that you decided to change your position, yet again, but pretend it had been your position all along. You are the one who was complaining about supposed FUD from Linux users and wrote: "For years here I kept reading from people that Linux is secure and earlier than 2005 to the present day."
You repeat your list of compromised Linux systems again. How did we get on this anyway? I've never claimed that Linux has some magical perfect security. I've repeatedly pointed out also that security is an end to end process. It's not just the OS. Setups running Linux, Windows, FreeBSD, other Unix variants, OS X, whatever, have all been breached. Your slapdash, anecdotal methodology doesn't prove anything. Your bizarre claim that security breaches should "never happen", despite the obvious reality that systems running all kinds of operating systems have been breached. Just look at Stuxnet, which ended up affecting a load of systems that, by rights, should have been completely shielded from the Internet.
You go on and claim that I said that autorun issues were "UNIQUE TO WINDOWS" you lying, worthless piece of dirt. I've listened to you spew a lot of vileness in this pointless thread, but inventing quotes from me takes the cake. Tell me you puling, vomitous mass, just where did I say that? Will you actually admit that you just made it up, or can you prove it somehow? I think you're just a worthless trolling _LIAR_. I think you're incapable of understanding the most basic concepts and you overcompensate by constantly claiming victory even when there's no competition. Are you
There's a good list of real life occurrences of this on tvtropes. Just scroll down and look for the Real Life section.
WARNING!!! This is a link to tvtropes.org. While there, don't click on any links to any other sections of tvtropes. Tvtropes is a trap! I say again, it is a trap! Start following links there, and next thing you know it will be a week from now and you'll have a thousand tabs open and still be reading. You have been warned!
Read-only as a an example of security? Seriously? Any user of the system could change that with the attrib command. Read-only was only there so the absolutely clueless couldn't accidentally del things they shouldn't.
Additional security granularity from SELinux is nice, but was hardly necessary to have more security than Windows in the old days. Windows simply wasn't designed as a multi-user system from the start. It wasn't until Windows NT that it started to get real security, and those features didn't make it into mainstream windows until XP.
Linux isn't a "RIPOFF" of Unix. It is, as you state, a Unix system, descended from other Unix variants. That's not ripping off, that's just carrying the torch. Whether Linux has been killing off the other versions of Unix is an interesting question. I'd have to say that it's a big factor. The closed nature of many traditional Unix shops just couldn't compete with the open nature of Linux among the kind of people who prefer a Unix variant. The increasing complexity and expense of developing high-powered processors which has driven the desktop field pretty much entirely to Intel and AMD is a major factor as well. DEC, Sun, SGI and others all used to build their own hardware and provide their own Unix variants to go with their hardware. Now those days are gone, and those old school Unix variants are going with them.
Autorun from inserted media without warning is always a bad idea. Those Linux distros that do it hopefully learn their lesson fast. Years of it being a problem on Windows should have been all the lesson they needed. It's not an intrinsic Linux feature, fortunately.
I was thinking more of mainstream Windows than NT/2000. The fact that Microsoft saw security as a special extra feature for professionals only doesn't exactly make me think any better of their attitude towards security in that era.
The difference between the derision from the Linux side for Windows and the derision from the Windows side for Linux has always seemed to me to be how much from the Windows side actually came, through various avenues, from Microsoft itself. The dislike of Microsoft from many Linux users was well founded. Attitudes like yours towards Linux, I've never understood. No-one seems to be forcing Linux on you or the public at large, but the same can't be said for Windows. The security case against Microsoft has, however, traditionally been a pretty good one.
The autorun thing is quite shameful for those distros that implemented such features. It was especially shameful precisely because Windows had that gaping hole, that consistently caused major security issues over and over and over for years without doing anything about it. Nothing you can say now can change the fact that, in the past, Microsoft didn't have its security act together. A list of security breaches regarding Linux that you assembled wouldn't change it. For that matter, with your terrible record of checking your data, I'd be hard-pressed to pay attention to any list you've provided. I've spent way too much time in this thread doing your research for you while you make yourself look ridiculous deriding me over your incorrect information.
On to Android again. It doesn't matter if it has a Linux kernel, it's still not in the same family as a regular distro. Its security can't be compared to mainstream versions of Windows, as you try to do, any more than Windows Mobile or IOS can be compared to mainstream Windows or mainstream Linux Distros.
Finally, you smugly state, after I point out that you're incapable of admitting when you've made a mistake:
Plenty of that from you though here... a few times now in this conversation
Wow. It's absolutely incredible what an unabashed little troll you are. You actually think it's a badge of honor that you can't admit that you've made a mistake even when it's clearly proven. And you think that someone else having the maturity and basic decency to agree with you when you make a correct statement is somehow some sort of great victory for you? What kind of utter moron are you? I am more and more certain that you really do have some serious psychological problem.
1st. Circular reasoning. You're claiming that Linux is worse because vendors don't pay as much attention to it because it's a smaller market because it's worse. In any case, Linux drivers for most things seem to be more than acceptable.
2nd. Games? Seriously? I like games, really, but it's not a convincing argument for which OS to use. Get a console. Oh, and also, that's the circular argument again. Game makers make games for Windows because Windows is the most popular (and also they enter into sweetheart deals with Microsoft in some cases) . So, if people use Windows because it has more games, then it's a self-fulfilling prophecy.
3rd. You're big on circular reasoning. As evidence for why Linux is worse because it has less marketshare, you present the fact that it has less marketshare. Brilliant, truly.
4th. "Open 'SORES'". Lovely. You haven't provided any meaningful comparison of bugs and vulnerabilities in Windows vs Linux. All you've done is present a link to a Secunia page (what is with you and Secunia?) that lists all kinds of advisories, including the three invalid ones you were touting in earlier posts. A list, by the way, that goes back to Linux kernel version 2.2, so it's hardly a valid comparison with just Windows 7. You would need to compare with all Windows versions in that time period. For that matter, you'd have to use some better methodology than just... Actually, you didn't use any methodology at all, you just made an unfounded statement and gave a link to a list of Secunia advisories for Linux. Also, if, as you claim, closed source is harder to exploit by hackers/crackers, then the bugs should be harder for third parties to find as well, hence fewer third party security advisories.
Your logic is invalid. You've sadly fallen back into your bizarre posting style. It's hard to take anything you say seriously when you apparently don't know how to mark a footnote with an asterisk properly.
As for your postscript, you fail to realize that most Windows users don't even actually know what Windows or an Operating System is, let alone what Linux is. It isn't dead last in their eyes because they're not even aware of anything else.
Well, the Linux vs Windows security argument goes back a long way. All the way to the early days of Linux, which back to the first big version of Windows: 3.1. 3.1 didn't really have any security to speak of. A Unix variant, just by virtue of having file permissions, was light years ahead in terms of security. For about the first decade of the existence of Linux, Microsoft quite evidently took security for granted in its operating systems. The fact that, for the longest time, autorun would run any executable an autorun.bat file told it to without prompting the user and without an easy option to disable it shows that. Since around XP SP2 or so, Microsoft has been getting its security act together more. I will certainly grant that, at the moment, Microsoft seems to pay attention to security in Windows as much as the Linux community pays attention to security in Linux. Right now, I couldn't, with any confidence, say that either is more secure than the other. We see security goofs from both Windows and Linux, but we no longer see the gaping, security-blind holes that Microsoft was formerly known for. Many of the people using Linux still remember the lousy security record Microsoft had in the old days. Some things form a persistent opinion that doesn't change easily.
As for Android, which you keep bringing up, it's a completely different beast than standard Linux. It uses a version of the Linux kernel, but it's not a typical distro. It's still pretty immature, and it suffers from the same problem that Microsoft used to (and many are sure that it still does): the notion that user convenience is more important than security. Android is still relatively immature and should improve with time.
I wonder, how do you expect anyone to take you seriously in a conversation if you never bother to address their points and keep pushing your own? The best you seem to be able to manage about the fact that all of your examples from Secunia (which you have some strange obsession with) were out of date and already fixed (most of them half a decade ago), is to remain silent on them. No mea culpa from you. No admission that you could have been mistaken. You posted them again and again and again even in the face of direct evidence (in many cases right in the linked page itself, or in its sub-pages) that they weren't valid any more, along with childish declarations that you'd "KICKED [my] ASS", or that half-decade advisories say I'm "FULL OF IT" or that I'm "crying like a 2 year old" or that "[I] can't do it" (regarding working around already fixed security holes), or that I'm "telling lies". You said all of those things, but you don't offer so much as an admission that you're mistaken. I've gotten into long, sometimes heated, discussions like this one before (although, frankly this one was only so long because you were apparently incapable of keeping track of which of your assertions had already been concretely disproven), and they usually actually end fairly amicably when people with differing viewpoints listen to what I have to say and I listen to what they have to say. That works with rational people. You haven't shown any sign of being a rational person. You just have some sort of bizarre anti-Linux agenda to push and you'll push it, deriding anyone who disagrees with you, and ignoring reality even when it's carefully shown to you.
Oh well. At least you've shown that you're capable of posting without all the bolding and writing in all caps and bizarre punctuation.
Linux isn't actually in last place. There are diehards out there still using Amigas and people running their desktops on BSD variants and Solaris. But, yes, it's certainly a long way from mainstream. By and large, that's the way I prefer it actually. For one reason, for exactly the reason you gave about more exploit attempts appearing for more popular Operating Systems. I prefer my OS to be less of a target. Also, being mainstream, or trying to be (a la Unity in the latest Ubuntu), can lead to some really bad design decisions. At least, to me they're bad design decisions. To the general public they may be great, but I've long since realized that the average computer user doesn't represent me at all.
As for Linux not being as good as Windows, in what sense? I can do everything I need and want to do with Linux. My systems seem to be stable and secure. What else is there? Your assertion that market share is directly proportional to quality is laughable when you look at how people actually buy things. Wal~Mart is a leviathan for a reason.
Finally, I find it laughable that you say to argue with the numbers. Incredibly hypocritical from the guy who continuously refused to accept that a nearly six year old advisory might not be current any more. Frankly, you just don't have much credibility in my eyes.
I think the answer to your first question is fairly obvious. It's because the vast majority of people don't even know what an Operating system is, let alone that they have a choice, and Windows comes pre-installed on just about every computer. Also, what is with you replying twice to my post and linking to your first reply in your second reply? Seriously, there's something wrong with you.
This, verbatim -> Solution Secunia is currently not aware of an updated kernel version addressing the vulnerabilities.
This, verbatim -> Last Update 2005-12-01
Now, try to put those two things together. I know you can if you really, really try. See, the way it works is that, when they wrote "currently", they meant in 2005. Then they never updated the page again. In the meantime, the security problems were fixed, but the page remained the same. Do you grasp that concept? So, the advisory doesn't say I'm full of it, as your subject line states, because it's from nearly 6 years ago, but I'm talking about the present.
As for your examples of Certificate Authorities being hacked, I should point out that I never claimed that Linux was somehow unhackable. All I ever claimed was that the three links you provided of supposed unpatched security vulnerabilities were not in fact unpatched. Given that one of the links you gave said right on the Secunia page that it was already fixed, the other two said that most of the issues had been fixed and that I then showed that all of the outstanding issues had been fixed, I think that I'm completely vindicated there. You're clearly not mature enough to admit when you were wrong. All you seem to know how to do is evade and move on to new claims.
So, there are ways to break into a Linux system, just as there are ways to break into a Windows system. Many of those ways don't rely on flaws in the Operating System. Security is about a lot more than just the OS. The CA's that were compromised clearly had bad security overall.
I should also point out that, although the attack on those CA's could have started through their web servers, and their web servers could have also been the actual key signing boxes (perfect example of stupid security design), it's naive of you to assume that their entire infrastructure used the same OS as their web server.
As with the other sites you listed that were compromised, all I can do is repeat myself. Linux itself and server software that runs on it can be insecure, or poorly secured, just like Windows or Mac OS, or any other Operating System you care to name. Linux is neither significantly better or significantly worse than Windows in that regard.
As for your postscript about Android, I am once again not shocked in the slightest that an OS for cell phones has security issues. What you say about any popular Operating System being subjected to more attacks is also true. As for "fud" about Linux being secure and Windows not being so, I should point out that Linux users have never been in a position to actually spread much Fear, Uncertainty and Doubt about Windows due to the marketplace dominance of Windows. There's been plenty of FUD from Windows users and Microsoft itself about Linux over the years. Overall, I try not to pay too much attention to hyperbole from either side and simply use what I prefer.
Although slavery hasn't actually been constitutionally banned in the US. There's still an exception allowing it as a punishment. There may be various state and federal laws against sentencing those convicted of crimes to being sold to the highest bidder as labourers, but the constitution itself doesn't forbid it. Cruel and unusual punishment should apply, but it doesn't seem likely that any court would let it.
You are such a duplicitous idiot. I'm sorry to feed a troll. I'm especially sorry I went to so much trouble to feed a troll. Here goes anyway. You say that:
NOT A SINGLE ONE IS FIXED HERE (& there's 18 OF THEM!) & I'll even QUOTE secunia on that now:
"Secunia is currently not aware of an updated kernel version addressing the vulnerabilities."
Once again, your reading comprehension and comprehension in general are simply broken. That is an advisory from nearly 6 years ago with incomplete information in the summary. If you bothered to dig deeper than the summary, the links to the CVE's on that page directly state that 9 of those 18 problems are fixed. The other 9 are also fixed, although the information directly on that Secunia page doesn't say so, but other sources do. Since you asked me to "KINDLY SHOW US PROOF THEY ARE FIXED (all 18 of them) as you stated..." (even though the responsibility is yours to prove that information that old is actually correct rather than mine to prove it wrong), here's some additional information:
NOT A SINGLE ONE IS FIXED HERE (& there's 18 OF THEM!) & I'll even QUOTE secunia on that now:
"Secunia is currently not aware of an updated kernel version addressing the vulnerabilities."
You really are just sticking your fingers in your ears and saying "LA LA LA I can't hear you", aren't you? That notice is completely out of date. All of those issues are fixed. When they say that they are "currently not aware of an updated kernel version addressing the vulnerabilities", they're writing that nearly 6 years ago. They created the notice, then they abandoned it and didn't update it when fixes for the issue came about. I already listed the kernel versions where all of those were fixed, and I'll do it again:
Issues 4-18 from that page are fixed in kernel 2.6.11. Issue 3 is only for 2.4 kernels and is fixed in 2.4.32-rc1. Issue 2 is fixed in 2.6.11.2. Issue 1 is apparently fixed in 2.6.8.1.
You haven't disproven that at all. All you've done is repeated your tired old outdated, obsolete Secunia link over and over again without any rational analysis of it.
Still has issues #'s 3,4,8 & 9 are STILL UNRESOLVED - you SCREWED UP LARGE!
You complete moron! Can't you even read, in the very notice you're linking to, that issues 3 and 4 on that list are resolved? It says "Vulnerabilities #2 through #5 and #10 are fixed in version 2.6.35.14". In case you weren't aware (although you should, because I've already told you more than once) "#2 through #5" parses as #2,3,4,5. That includes 3 and 4. Do you understand that? Do you have some sort of argument as to how it doesn't, or are you capable of admitting that you made a mistake? As for 8 and 9, I discussed how those could be worked around, but I did a little more digging and found out that it's unnecessary anyway. I downloaded the source for 2.6.39.4 and had a look at l2cap_core.c which includes a version of Dan Rosenberg's patch: /* Reject if config buffer is too small. */
len = cmd_len - sizeof(*req);
if (l2cap_pi(sk)->conf_len + len > sizeof(l2cap_pi(sk)->conf_req)) {
l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
l2cap_build_conf_rsp(sk, rsp,
L2CAP_CONF_REJECT, flags), rsp);
goto unlock;
}
nl802.11.c includes:
i = 0;
if (info->attrs[NL80211_ATTR_SCAN_SSIDS]) {
nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp) {
request->ssids[i].ssid_len = nla_len(attr);
if (request->ssids[i].ssid_len > IEEE80211_MAX_SSID_LEN) {
err = -EINVAL;
goto out_free;
}
http://secunia.com/advisories/44754/ (still has issues #'s 3,4,8 & 9 are STILL UNRESOLVED - show us how you can work-around them, as I did in the 2 single unpatched security vulnerabilities in Windows Server 2008 & I did so without disabling functionality in the colorui.dll issue (headless/servercore mode, OR unregistering said DLL)
Ok. Considering that you've claimed I have reading comprehension difficulties, I find this amusing. From the same page you linked to:
Vulnerabilities #1, #6, and #7 are fixed in version version 2.6.39.3 and 2.6.35.14. Vulnerabilities #2 through #5 and #10 are fixed in version 2.6.35.14.
So, that's vulnerabilities #1,2,3,4,5,6,7 and 10, fixed in version 2.6.35.14. I previously mentioned that there was a patch for 8, and 9 requires special capabilities applied to the user or application.
For http://secunia.com/advisories/14295/, all 18 of those issues have been fixed, not none of them. This is the one that hasn't been updated on the secunia site in nearly 6 years. What a shocker that a notice that hasn't been updated doesn't have up to date information. I previously wrote:
Issues 4-18 from that page are fixed in kernel 2.6.11. Issue 3 is only for 2.4 kernels and is fixed in 2.4.32-rc1. Issue 2 is fixed in 2.6.11.2. Issue 1 is apparently fixed in 2.6.8.1.
Once again, the ball is in your court to prove that those 18 issues from an out of date notice are still issues since they're listed as fixed in other sources.
As for the third link you were proudly posting before and now seem to be silently ignoring: http://secunia.com/advisories/19402/, despite the many times you posted it, you were apparently incapable of reading the part of it that said:
Solution Update to version 2.6.16.1.
As for your fixes to the Windows issues disabling functionality, you're not actually saying that they don't disable functionality, just that you don't think the functionality is important. I agree that it's probably not very important functionality, but it's still functionality that's being disabled. I'm only making an issue of this because you attempted to lambast me and label me a liar for saying that your fixes disabled functionality. Your fixes do, so my statement, which wasn't of any real importance anyway, was accurate.
How did I not live up to what was asked of me? The easy workaround to the issues you mentioned is to use the automatic update tool in the distro you're using to get the latest kernel that doesn't have the security issue in it. I showed you where all of the issues you mentioned had actually been fixed. Your assertion is ridiculous. You also seem to ignore pretty much every question I've asked of you, whereas I've made a good faith effort to answer yours.
As for disabling functionality, your two solutions for the colorui.dll problem are either to run in headless mode, which at least counts as not making use of functionality, or to unregister and remove the offending DLL. Tell me, if you do this, how do you use the color control panel applet? You can argue that it's functionality you don't need, but there's no sane way you can argue that it isn't disabling some functionality. For the other issue, you said that it would be a "GOOD IDEA to disallow apps that run by batch using SET statements". Once again, hard to argue that setting up a situation where some things can't run isn't disabling some functionality.
I really would be interested in you actually addressing some of the things I've said rather than just evading.
Anonymous Coward, apparently also known as APK wrote:
I show easy workarounds for the 2 single problems in WinSrv2k8 though
Good for you. Really. You get a biscuit. I don't recall ever saying that you couldn't.
First: It's not MY fault that Linux's remotely exploitable unpatched security vulnerabilities are SO NUMEROUS (and multi-part, beyond merely 3 issues)...
Second: You cannot produce what was asked of you: Show easy work-arounds the end-user can perform to fix said remotely exploitable security vulnerabilities in Linux's latest mainstream kernel (whereas I can for Windows Server 2008 a full "distro" no less)...
First: It's not your fault that the security vulnerabilities are so numerous. It is your fault that you didn't do the research to make sure that the vulnerabilities you're going on about still exist. It should occur to anyone capable of basic reasoning that a security notice that hasn't been updated in nearly 6 years might be out of date.
Second: Have you stopped beating your wife? Yes or no? Why should I produce workarounds the end user can perform beyond updating the kernel through the regular update tool. If you had actually provided a single exploit that wasn't already fixed or worked around, then you might have a point, but none of the exploits in the links you provided fit into that category. If you'd actually read what I'd written, you might know that. You keep writing that there are outstanding issues that have existed for "6++" years, as you put it. I already gave you the kernel release numbers where all of those issues were fixed. You can't just keep claiming that those are still outstanding issues. The fact that you still insist that they are just shows that you either have poor comprehension, or some sort of bizarre pathology. If you insist that those issues are still outstanding, the ball is in your court for you to prove it with some valid source.
Then, dear me, you do the loud crowing about supposed victory again. That's something people with a mental age of five do. Declaring victory in a debate by loudly repeating yourself with your fingers in your ears doesn't make it so. Also, when did I rib on you about posting as AC?
Wow. Two replies from you to my reply. Well then. With regards to Desktop market share, there aren't really any big surprises there. People have to actually know what an Operating System even is before they can actually choose one. In my experience, a good 70% of computer users don't even know what an OS is, let alone that they have a choice of what to use. I feel a bit dirty even visiting that site since they're affiliated with Alexa. I've removed their adware/spyware from hundreds of Windows machines and don't exactly have fuzzy feelings towards them. If the numbers from that site actually come from the Alexa spyware, then I would think there's a bias towards reporting the operating system of the kind of people who allow that spyware to be installed on their systems in the first place.
The low cost is a plus for servers, but it's also popular because it's a Unix variant. Also, because the kinds of people who become system administrators tend to be the kind of people who are enthusiasts for computer technology and like playing around with it. Linux is ideal for that. I've addressed the supposed 3 vulnerabilities you've talked about relentlessly in your many posts. You're using outdated information. That said, I'm sure there are other vulnerabilities in Linux, just as I'm sure there are other vulnerabilities in Windows and in Mac OS, and any other OS out there.
As for being unable to show workarounds to the issues you listed. I showed that the issues you listed aren't issues anymore. What more could you reasonably want?
As for websites being exploited. Happens all the time regardless of OS or web server software. Once again, it comes down more to security practices than to particular choice of OS. Take the recent Certificate Authority exploits as an example. It shouldn't have even been possible to compromise the keys in the first place as they shouldn't have been on machines connected to the Internet. That it could happen was a failure of security process.
Android has security vulnerabilities for sure. As do IOS, Windows Mobile (my current phone is a Windows Mobile phone, overall I'm unimpressed), Blackberry, etc. No big surprises there.
As to "extinction", you're back-pedalling. You're the one who brought it up, implying that Linux folks were going to reprehensible lengths to avoid it. So, I'll ask again, what reprehensible lengths are they going to? Also, how can you justify claiming that there's nothing to worry about, while simultaneously claiming that there's some sort of extinction to avoid?
P.S. It's confusing when you reply multiple times to my reply. It makes the thread complicated to follow.
Since you don't read well, look for this "2005-02-16" on this page:
I read fairly well, but I refuse to do some large research project for you when you clearly can't be bothered. Some summary says "remote" in it, but you don't make an attempt to list which parts are actually remote exploits. In any case, you clearly also couldn't be bothered to check out the part that said that the last update was 2005-12-01. Issues 4-18 from that page are fixed in kernel 2.6.11. Issue 3 is only for 2.4 kernels and is fixed in 2.4.32-rc1. Issue 2 is fixed in 2.6.11.2. Issue 1 is apparently fixed in 2.6.8.1. You didn't even address the problems with the other two links you provided, so I assume you're conceding that they're non-issues. The fact that you don't comprehend that something that hasn't been updated in nearly 6 years might just possibly be out of date means that anything you say might have to be taken with a pretty huge grain of salt. Also, what do you mean by "++"? You keep using it. Are you using it to mean "increment"? So, by "6++", do you mean 7? Also, in what way do I "show the remotely exploitable unpatched security vulnerabilities in Linux aren't fixable by the end user!"?
You then go on about some security issues in Windows and how to work around them by disabling features and claim that, by pointing out that the listed issues are fixed or patched already that I'm providing excuses, not fixes. I don't have to provide new fixes for them, since the old fixes work fine. Then you go on about 3 supposed vulnerabilities in the latest Linux kernel being 20. Which 3 vulnerabilities? The ones from the links you provided which are all fixed already? And what do you mean they're in the "latest kernel"? They were all in the 2.6 or 2.4 series.
As for Windows or Linux being more secure. Frankly, absent gaping flaws, I generally see security these days as having more to do with the user and usage profile of the machine than the particular operating system. Microsoft has mostly gotten their act together on security. As for security bugs, all major operating systems have them, both discovered and as yet undiscovered. It's a simple fact of life.
In your first link, 8 of the 10 problems listed are listed as fixed (most of them only apply to alpha CPUs anyway). The remaining two only affect 2.6 series kernels. One of them requires an application or user with special networking privileges to exploit and the other is patched.
Your second link also only applies to 2.6 series kernels and is listed as fixed as of 2.6.16.1
Your third link is just under six years out of date and doesn't include any remote exploits in any case.
In regards to your postscript, I'd like to re-iterate that Linux users have a genuine concern about being locked out of their own hardware. As I've already stated, journalists like Ed Botts have massive conflicts of interest that we take into account. Dell and HP don't need to be part of a conspiracy to lock out Linux users to carelessly and lazily kludge their UEFI implementation just to the point where Windows boots, but other Operating systems run into problems. We've seen that sort of thing often enough in the past.
P.S. What reprehensible lengths ("LENGTHS", no less) are Linux folks going to in order to avoid extinction? Also, how do you reconcile saying that Linux users are in danger of extinction with your claims that Linux users concerns about implementations of secure boot are unfounded?
If you say that whatever someone chooses to do is in their "best interest" because they chose to do it, then you've just defined "best interest" circularly. By that definition it's not even possible for anyone to do anything that isn't in their best interest.
Have you ever been diagnosed with a mental illness? Seriously, your posts come across like something from the time cube guy. You can call my post an "illogical off topic ad hominum attack", but it was the nature of your numerous posts I was attacking, not really you, per se. You yourself seem to have no trouble getting personal with attacks on people, I notice. The majority of your posts in this article seem to be repetitive rants. You gloat over imagined victories. I didn't address your so-called points because they were, for the most part, off topic. For some reason being off topic isn't such a sin when you do it. Also, I really honestly wasn't sure at first if your posts weren't coming from some sort of wacky content generator. I'm reminded of early print advertising, with its inexplicable font shifts, underlining, size changes, etc. My comments were not illogical. Your comments simply struck me as bizarre and I said so. Logic didn't really enter into it on way or another.
Seriously, your reply that "THE TRUTH COMES OUT" to my statement that I do, in fact, use Linux is bizarre. Linux users aren't exactly unusual on this site, much less in the comments of articles regarding Linux specifically. I'm not a member of some cult, I just use a particular operating system and you've apparently already pegged all Linux users into some particular niche in your mind and hold yourself up as superior to them. From my perspective, it looks like some sort of childlike egomania on your part.
Folks in the Linux world don't want useful security features stopped. What they want is for them to be implemented in such a way that the hardware still belongs to the person who paid good money for it and not to the original hardware manufacturer or their financial partners. There's nothing wrong with the concept of secure booting, but, if I'm buying a walled garden, I want the keys as well. The kind of people who are enthusiasts for free software tend to be the kind of people who don't like to be locked out of the things they own. I feel the same way about phones, and music players, and cars. You can imagine how I feel about laws that make it illegal to hack your own hardware, repair your own car, etc.
As for security of Linux vs. Windows in general, I don't think we're going to agree on those ever. I've used MS Windows since 2.0.3 I believe. Before I used Linux or it even existed. I also used various Unix variants before Linux. My personal computer for most of high school was a Silicon Graphics machine running Irix. When I first heard about Linux, I actually bought into some of the things people were saying comparing it to so called "real" Unix systems, and I didn't try it for a while. Since then, however, I've mostly been a Linux person. I mean, let's face it, Windows 95, 98, and ME were junk compared to Linux (Windows ME was junk compared to 98 and even 95, of course). Windows NT and its descendants were more impressive, but if we're talking about security, Microsoft never managed to impress me. The tight integration of the security hole otherwise known as Internet Explorer into Windows. Autorun, for crying out loud. I've just seen Microsoft do too many security brain dead things to take them seriously on the security front. Linux isn't some shining panacea, but it's what I use. It's given me plenty of problems over the years, but never as many as Windows.
As for disproving the points in the post you provided the link to. What points? You mentioned 3 remote unpatched vulnerabilities in the latest Linux kernel, but didn't say what they were. Then you went on about some Windows vulnerabilities and how to work around them. I haven't read anything I can think of by Ed Bott, and I don't know if he's a liar or not. He's a writer for a periodical who has managed to keep his job in this day and age, so that pretty much automatically makes him a shill. My mother has a newspaper reporter friend, and I was quite impressed by the multiple Pulitzer prizes he had on his wall when I met him, but, despite that I saw articles writt
Well, the article says it's for less than a trillionth of a second, so, based on your 100,000 times, that's one 10 millionth of the world's power generation over one second. Over a minute and 40 seconds it's one billionth of the worlds power generation. It's just a matter of finding a way to store it up temporarily and release it in one precisely timed laser burst. Of course, that "just a matter of" encompasses a pretty huge technological challenge. I assume that's why the $1.6 billiion is needed.
It was my understanding that Hawking Radiation had actually been confirmed and that it was caused by virtual particle pairs being created and one of them passing the event horizon and the other escaping.
Just observing the large number of formulaic posts, often with little or no bearing on the parent post, made by an AC, apparently signing at the end as apk. The posts are long, rambling, bizarrely formatted, with lots of pointless bolding and capitalization as well as excessive punctuation. Forgive me if the posts aren't being generated by some sort of near random content generator, but they really look like they are.
I think calling me a Linux "groupie", I think that's going a bit far. It is certainly true that I primarily use Linux. I got used to a Unix environment early on, so Linux was a natural progression for me. I think it would be fair to say I'm a fan. "groupie" is unfair, especially with the snide, condescending tone you seem to have intended. As for FUD, I don't think I was intending to spread fear, but I supposed I did have uncertainty and doubt about whether the spam-like flood of those posts came from a real human being. My reply was also no more off topic than the reply to my reply was. I admit I wasn't adding any new information or arguments to the conversation. I was providing a critique of someone else's "contribution", however, and I believe that still qualifies as on topic.
Slashdot Mirror
Mainstream versions of Windows is a concept you can't seem to grasp, apparently.
Then you repeat yourself again, not even actually trying to respond to anything actually from the post you're replying to. I assume you have lots more spamtroll posts to copy and paste together.
Ok. Moron, try to follow, please?
1st. You state that vendors "cater to [Windows] immensely" and less to Linux because Windows is "running the show" and therefore they don't support Linux to the same degree. But you were providing this as an example of how Linux is supposedly worse than Windows. You specifically said "Linux is in last place because it's not as good as Windows", then I asked in what ways is Linux worse than Windows and you provided these four points. I'm truly confused as to how you can't understand that this first example is circular reasoning. It basically boils down to: "Linux is in last place because it's worse than Windows because it's in last place". That's circular.
We can disagree on drivers plenty, I'm sure. One of us might have had good experiences where the other has had bad experiences and so forth. I've had some truly horrendous driver experiences on Windows, some of which were far worse than any experience I've had in Windows. I remember waiting for some of my hardware to be supported in NT 4.0. It never was, but Linux worked with it right out of the box (well, sleeve, I was ordering from Cheapbytes back in those days if I recall correctly).
2nd. It is circular logic, not just logic. You're just listing another secondary effect (the same one as your first example, really) of being a less prolific OS. It is true, but it's not a way that Linux is somehow intrinsically worse than Windows, which is what you claimed to be providing. The fact is, Linux can play any of those games if they're ported to Linux. The fact that most of them haven't been ported isn't some intrinsic property of Linux
3rd. I can't believe you're actually defending this one. At least the first two examples had an intermediate step in the circular logic chain. This one was just pure circular logic. You can't claim that there are intrinsic reasons for something to have low marketshare, then quote an externality, like the fact that it has low marketshare as one of those intrinsic reasons. You just can't. A five year old would understand that you can't. It's a giant logical fallacy. How can you be so free of the ravages of intellect that you can't see that? Or is it that you can see that, but you choose not to because you're a liar?
Also, what is it about you that gives you such a huge ego? The fact that you're not running Linux is supposed to prove that it's no good. Are you secretly some multiple nobel prize winning superspy astronaut cowboy? What shining qualities do you posses that we should all know to line up behind you and do exactly as you do?
4th. "Meaningful comparison". Not anecdotes. "Meaningful comparison". You've consistently proven yourself incapable of any sort of actual analysis. You know that you're not going to convince me posting the same tired old links. Why even bother? You claimed in your 4th example of how much worse Linux supposedly is than Windows that it has some significantly larger portion of security flaws than Windows, but you still haven't provided any real analysis to support your opinion. That leads me to believe that your opinion is unfounded.
Facts, even when you capitalize and bold the word, do not equal logic. I don't want to have to teach you what logic is. For example, simply stating that Linux has a lower marketshare than Windows doesn't prove anything intrinsic about Linux. That would only be the case if certain bizarre theories about the invisible hand making markets infallible were true. Oh. I just realized. You're probably one of those idiots who feels awe in the presence of simple emergent properties and actually believes that about economic markets. Sigh. Well, anyway, it's pretty obvious from your posts that you couldn't string together a logical argument to save your life.
I know what an Ad Hominem attack is. My comments to you are certainly becoming more personally abusive. It's sort of hard not to considering how rude you've been. Despite that, commenting on your posting style is not an Ad Hominem attack. The content of your pos
Ah, of course, it's a huge mistake of mine not to realize that you're the type who likes to paint the bullseye around the hole after firing the shot. Obviously you were never talking about any other kind. Sure I believe you. After all, you've been so honest so far.
I hate to break it to you, but the windows NT family wasn't mainstream until Windows XP. I ran NT and 2000, and they never had the driver support to be mainstream versions of windows. Before XP, the previous mainstream version of Windows was 98 (I'm pretending ME never happened in the same way I pretend Highlander 2 never happened). The vast majority of Windows users had as little idea of the existence of NT and 2000 as they did of the existence of Linux.
File attributes like read-only are only security features if anyone using the system can't write to the file at will, otherwise they're just file attributes. When I said "file permissions", I imagined you'd understand that the concept of permission would actually have to be involved. Obviously I was wrong. I seem to be wrong every time I assume you'll understand something that should be obvious. Also, Linux didn't steal the concept of ACLs from windows. Windows ACLs are just an implementation of ideas Butler Lambert put forth in the 70's. By and large, there's nothing new under the sun in the computing world, no matter who wants to take credit for "inventing" what.
Autorun again (and you repeating yourself). You don't address the fact that it only affected certain distros, not the core Linux OS itself. Also, the Linux distros it affected actually cleaned up their act. Windows allowed blind autorun with no warning for years and years.
Yes, Windows NT was designed with a multi-user model in mind. Your ex-post facto declaration that it's the only version of windows you've been talking about rings a bit hollow to me. You might have made some indication that's what you meant at some point before this. The fact that you didn't makes this look like backpedalling on your part.
As for my supposed "mistakes" continuing. Just saying it doesn't make it so. Your style of self-involved rhetoric is pretty transparent. The fact that you can't see that is just plain sad. Just as is your habit of figuratively covering your ears and humming when someone says something that disproves one of your statements.
As for who cares about the past... _YOU_ care about the past. Or at least, you cared about the past up until the point that you decided to change your position, yet again, but pretend it had been your position all along. You are the one who was complaining about supposed FUD from Linux users and wrote: "For years here I kept reading from people that Linux is secure and earlier than 2005 to the present day."
You repeat your list of compromised Linux systems again. How did we get on this anyway? I've never claimed that Linux has some magical perfect security. I've repeatedly pointed out also that security is an end to end process. It's not just the OS. Setups running Linux, Windows, FreeBSD, other Unix variants, OS X, whatever, have all been breached. Your slapdash, anecdotal methodology doesn't prove anything. Your bizarre claim that security breaches should "never happen", despite the obvious reality that systems running all kinds of operating systems have been breached. Just look at Stuxnet, which ended up affecting a load of systems that, by rights, should have been completely shielded from the Internet.
You go on and claim that I said that autorun issues were "UNIQUE TO WINDOWS" you lying, worthless piece of dirt. I've listened to you spew a lot of vileness in this pointless thread, but inventing quotes from me takes the cake. Tell me you puling, vomitous mass, just where did I say that? Will you actually admit that you just made it up, or can you prove it somehow? I think you're just a worthless trolling _LIAR_. I think you're incapable of understanding the most basic concepts and you overcompensate by constantly claiming victory even when there's no competition. Are you
There's a good list of real life occurrences of this on tvtropes. Just scroll down and look for the Real Life section.
WARNING!!! This is a link to tvtropes.org. While there, don't click on any links to any other sections of tvtropes. Tvtropes is a trap! I say again, it is a trap! Start following links there, and next thing you know it will be a week from now and you'll have a thousand tabs open and still be reading. You have been warned!
Read-only as a an example of security? Seriously? Any user of the system could change that with the attrib command. Read-only was only there so the absolutely clueless couldn't accidentally del things they shouldn't.
Additional security granularity from SELinux is nice, but was hardly necessary to have more security than Windows in the old days. Windows simply wasn't designed as a multi-user system from the start. It wasn't until Windows NT that it started to get real security, and those features didn't make it into mainstream windows until XP.
Linux isn't a "RIPOFF" of Unix. It is, as you state, a Unix system, descended from other Unix variants. That's not ripping off, that's just carrying the torch. Whether Linux has been killing off the other versions of Unix is an interesting question. I'd have to say that it's a big factor. The closed nature of many traditional Unix shops just couldn't compete with the open nature of Linux among the kind of people who prefer a Unix variant. The increasing complexity and expense of developing high-powered processors which has driven the desktop field pretty much entirely to Intel and AMD is a major factor as well. DEC, Sun, SGI and others all used to build their own hardware and provide their own Unix variants to go with their hardware. Now those days are gone, and those old school Unix variants are going with them.
Autorun from inserted media without warning is always a bad idea. Those Linux distros that do it hopefully learn their lesson fast. Years of it being a problem on Windows should have been all the lesson they needed. It's not an intrinsic Linux feature, fortunately.
I was thinking more of mainstream Windows than NT/2000. The fact that Microsoft saw security as a special extra feature for professionals only doesn't exactly make me think any better of their attitude towards security in that era.
The difference between the derision from the Linux side for Windows and the derision from the Windows side for Linux has always seemed to me to be how much from the Windows side actually came, through various avenues, from Microsoft itself. The dislike of Microsoft from many Linux users was well founded. Attitudes like yours towards Linux, I've never understood. No-one seems to be forcing Linux on you or the public at large, but the same can't be said for Windows. The security case against Microsoft has, however, traditionally been a pretty good one.
The autorun thing is quite shameful for those distros that implemented such features. It was especially shameful precisely because Windows had that gaping hole, that consistently caused major security issues over and over and over for years without doing anything about it. Nothing you can say now can change the fact that, in the past, Microsoft didn't have its security act together. A list of security breaches regarding Linux that you assembled wouldn't change it. For that matter, with your terrible record of checking your data, I'd be hard-pressed to pay attention to any list you've provided. I've spent way too much time in this thread doing your research for you while you make yourself look ridiculous deriding me over your incorrect information.
On to Android again. It doesn't matter if it has a Linux kernel, it's still not in the same family as a regular distro. Its security can't be compared to mainstream versions of Windows, as you try to do, any more than Windows Mobile or IOS can be compared to mainstream Windows or mainstream Linux Distros.
Finally, you smugly state, after I point out that you're incapable of admitting when you've made a mistake:
Plenty of that from you though here... a few times now in this conversation
Wow. It's absolutely incredible what an unabashed little troll you are. You actually think it's a badge of honor that you can't admit that you've made a mistake even when it's clearly proven. And you think that someone else having the maturity and basic decency to agree with you when you make a correct statement is somehow some sort of great victory for you? What kind of utter moron are you? I am more and more certain that you really do have some serious psychological problem.
1st. Circular reasoning. You're claiming that Linux is worse because vendors don't pay as much attention to it because it's a smaller market because it's worse. In any case, Linux drivers for most things seem to be more than acceptable.
2nd. Games? Seriously? I like games, really, but it's not a convincing argument for which OS to use. Get a console. Oh, and also, that's the circular argument again. Game makers make games for Windows because Windows is the most popular (and also they enter into sweetheart deals with Microsoft in some cases) . So, if people use Windows because it has more games, then it's a self-fulfilling prophecy.
3rd. You're big on circular reasoning. As evidence for why Linux is worse because it has less marketshare, you present the fact that it has less marketshare. Brilliant, truly.
4th. "Open 'SORES'". Lovely. You haven't provided any meaningful comparison of bugs and vulnerabilities in Windows vs Linux. All you've done is present a link to a Secunia page (what is with you and Secunia?) that lists all kinds of advisories, including the three invalid ones you were touting in earlier posts. A list, by the way, that goes back to Linux kernel version 2.2, so it's hardly a valid comparison with just Windows 7. You would need to compare with all Windows versions in that time period. For that matter, you'd have to use some better methodology than just... Actually, you didn't use any methodology at all, you just made an unfounded statement and gave a link to a list of Secunia advisories for Linux. Also, if, as you claim, closed source is harder to exploit by hackers/crackers, then the bugs should be harder for third parties to find as well, hence fewer third party security advisories.
Your logic is invalid. You've sadly fallen back into your bizarre posting style. It's hard to take anything you say seriously when you apparently don't know how to mark a footnote with an asterisk properly.
As for your postscript, you fail to realize that most Windows users don't even actually know what Windows or an Operating System is, let alone what Linux is. It isn't dead last in their eyes because they're not even aware of anything else.
Well, the Linux vs Windows security argument goes back a long way. All the way to the early days of Linux, which back to the first big version of Windows: 3.1. 3.1 didn't really have any security to speak of. A Unix variant, just by virtue of having file permissions, was light years ahead in terms of security. For about the first decade of the existence of Linux, Microsoft quite evidently took security for granted in its operating systems. The fact that, for the longest time, autorun would run any executable an autorun.bat file told it to without prompting the user and without an easy option to disable it shows that. Since around XP SP2 or so, Microsoft has been getting its security act together more. I will certainly grant that, at the moment, Microsoft seems to pay attention to security in Windows as much as the Linux community pays attention to security in Linux. Right now, I couldn't, with any confidence, say that either is more secure than the other. We see security goofs from both Windows and Linux, but we no longer see the gaping, security-blind holes that Microsoft was formerly known for. Many of the people using Linux still remember the lousy security record Microsoft had in the old days. Some things form a persistent opinion that doesn't change easily.
As for Android, which you keep bringing up, it's a completely different beast than standard Linux. It uses a version of the Linux kernel, but it's not a typical distro. It's still pretty immature, and it suffers from the same problem that Microsoft used to (and many are sure that it still does): the notion that user convenience is more important than security. Android is still relatively immature and should improve with time.
I wonder, how do you expect anyone to take you seriously in a conversation if you never bother to address their points and keep pushing your own? The best you seem to be able to manage about the fact that all of your examples from Secunia (which you have some strange obsession with) were out of date and already fixed (most of them half a decade ago), is to remain silent on them. No mea culpa from you. No admission that you could have been mistaken. You posted them again and again and again even in the face of direct evidence (in many cases right in the linked page itself, or in its sub-pages) that they weren't valid any more, along with childish declarations that you'd "KICKED [my] ASS", or that half-decade advisories say I'm "FULL OF IT" or that I'm "crying like a 2 year old" or that "[I] can't do it" (regarding working around already fixed security holes), or that I'm "telling lies". You said all of those things, but you don't offer so much as an admission that you're mistaken. I've gotten into long, sometimes heated, discussions like this one before (although, frankly this one was only so long because you were apparently incapable of keeping track of which of your assertions had already been concretely disproven), and they usually actually end fairly amicably when people with differing viewpoints listen to what I have to say and I listen to what they have to say. That works with rational people. You haven't shown any sign of being a rational person. You just have some sort of bizarre anti-Linux agenda to push and you'll push it, deriding anyone who disagrees with you, and ignoring reality even when it's carefully shown to you.
Oh well. At least you've shown that you're capable of posting without all the bolding and writing in all caps and bizarre punctuation.
Linux isn't actually in last place. There are diehards out there still using Amigas and people running their desktops on BSD variants and Solaris. But, yes, it's certainly a long way from mainstream. By and large, that's the way I prefer it actually. For one reason, for exactly the reason you gave about more exploit attempts appearing for more popular Operating Systems. I prefer my OS to be less of a target. Also, being mainstream, or trying to be (a la Unity in the latest Ubuntu), can lead to some really bad design decisions. At least, to me they're bad design decisions. To the general public they may be great, but I've long since realized that the average computer user doesn't represent me at all.
As for Linux not being as good as Windows, in what sense? I can do everything I need and want to do with Linux. My systems seem to be stable and secure. What else is there? Your assertion that market share is directly proportional to quality is laughable when you look at how people actually buy things. Wal~Mart is a leviathan for a reason.
Finally, I find it laughable that you say to argue with the numbers. Incredibly hypocritical from the guy who continuously refused to accept that a nearly six year old advisory might not be current any more. Frankly, you just don't have much credibility in my eyes.
I think the answer to your first question is fairly obvious. It's because the vast majority of people don't even know what an Operating system is, let alone that they have a choice, and Windows comes pre-installed on just about every computer. Also, what is with you replying twice to my post and linking to your first reply in your second reply? Seriously, there's something wrong with you.
An Anonymous Coward signing as APK wrote:
This, verbatim -> Solution Secunia is currently not aware of an updated kernel version addressing the vulnerabilities.
This, verbatim -> Last Update 2005-12-01
Now, try to put those two things together. I know you can if you really, really try. See, the way it works is that, when they wrote "currently", they meant in 2005. Then they never updated the page again. In the meantime, the security problems were fixed, but the page remained the same. Do you grasp that concept? So, the advisory doesn't say I'm full of it, as your subject line states, because it's from nearly 6 years ago, but I'm talking about the present.
As for your examples of Certificate Authorities being hacked, I should point out that I never claimed that Linux was somehow unhackable. All I ever claimed was that the three links you provided of supposed unpatched security vulnerabilities were not in fact unpatched. Given that one of the links you gave said right on the Secunia page that it was already fixed, the other two said that most of the issues had been fixed and that I then showed that all of the outstanding issues had been fixed, I think that I'm completely vindicated there. You're clearly not mature enough to admit when you were wrong. All you seem to know how to do is evade and move on to new claims.
So, there are ways to break into a Linux system, just as there are ways to break into a Windows system. Many of those ways don't rely on flaws in the Operating System. Security is about a lot more than just the OS. The CA's that were compromised clearly had bad security overall.
I should also point out that, although the attack on those CA's could have started through their web servers, and their web servers could have also been the actual key signing boxes (perfect example of stupid security design), it's naive of you to assume that their entire infrastructure used the same OS as their web server.
As with the other sites you listed that were compromised, all I can do is repeat myself. Linux itself and server software that runs on it can be insecure, or poorly secured, just like Windows or Mac OS, or any other Operating System you care to name. Linux is neither significantly better or significantly worse than Windows in that regard.
As for your postscript about Android, I am once again not shocked in the slightest that an OS for cell phones has security issues. What you say about any popular Operating System being subjected to more attacks is also true. As for "fud" about Linux being secure and Windows not being so, I should point out that Linux users have never been in a position to actually spread much Fear, Uncertainty and Doubt about Windows due to the marketplace dominance of Windows. There's been plenty of FUD from Windows users and Microsoft itself about Linux over the years. Overall, I try not to pay too much attention to hyperbole from either side and simply use what I prefer.
Although slavery hasn't actually been constitutionally banned in the US. There's still an exception allowing it as a punishment. There may be various state and federal laws against sentencing those convicted of crimes to being sold to the highest bidder as labourers, but the constitution itself doesn't forbid it. Cruel and unusual punishment should apply, but it doesn't seem likely that any court would let it.
You are such a duplicitous idiot. I'm sorry to feed a troll. I'm especially sorry I went to so much trouble to feed a troll. Here goes anyway.
You say that:
NOT A SINGLE ONE IS FIXED HERE (& there's 18 OF THEM!) & I'll even QUOTE secunia on that now:
http://secunia.com/advisories/14295/
"Secunia is currently not aware of an updated kernel version addressing the vulnerabilities."
Once again, your reading comprehension and comprehension in general are simply broken. That is an advisory from nearly 6 years ago with incomplete information in the summary. If you bothered to dig deeper than the summary, the links to the CVE's on that page directly state that 9 of those 18 problems are fixed. The other 9 are also fixed, although the information directly on that Secunia page doesn't say so, but other sources do. Since you asked me to "KINDLY SHOW US PROOF THEY ARE FIXED (all 18 of them) as you stated..." (even though the responsibility is yours to prove that information that old is actually correct rather than mine to prove it wrong), here's some additional information:
#1 is covered by CVE-2005-0176, which is addressed at http://secunia.com/advisories/cve_reference/CVE-2005-0176/, which specifically says that it affects only kernel versions 2.6.9 and earlier.
#2 is covered by CVE-2005-0178, which is addressed at http://secunia.com/advisories/cve_reference/CVE-2005-0178/, which specifically says that it affects only kernel versions before 2.6.8.1.
#3 is covered by CVE-2005-0204, which is addressed at http://secunia.com/advisories/cve_reference/CVE-2005-0204/, which specifically says that it affects only kernel versions before 2.6.9
#4 is covered by CVE-2005-0177, which is addressed at http://secunia.com/advisories/cve_reference/CVE-2005-0177/, which specifically says that it affects only kernel versions before 2.6.8.1.
#5 is covered by CVE-2005-0209, which is addressed at http://secunia.com/advisories/cve_reference/CVE-2005-0209/, which specifically says that it affects only kernel version 2.6.8.1.
#6 is covered by CVE-2005-0210, which is addressed at http://secunia.com/advisories/cve_reference/CVE-2005-0210/, which specifically says that it affects only kernel version 2.6.8.1.
#7 is covered by CVE-2005-0449, which is addressed at http://secunia.com/advisories/cve_reference/CVE-2005-0449/, which specifically says that it affects only kernel versions before 2.6.8.1.
#8 is covered by CVE-2005-0839, which is addressed at http://secunia.com/advisories/cve_reference/CVE-2005-0839/, which specifically says that it affects only kernel versions before 2.6.11.
#9 is covered by CVE-2005-0937, which is addressed at http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0937, updated 08/21/2010. It It lists affected kernel versions and they stop at 2.6.9.
#10 is covered by CVE-2005-0867, which is addressed at http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0867 updated 08/21/2010. It lists affected kernel versions and the only version is 2.6.0. Confirmed fixed in 2.6.9.
#11 is covered by CVE-2005-0135, which is addressed at http://web.nvd.nist.gov/view/vuln/
You double posted. My reply to the first version of this you posted is at 37958398.
An anonymous coward signing as APK wrote:
NO FIXES @ ALL ARE PRESENT HERE:
http://secunia.com/advisories/14295/
NOT A SINGLE ONE IS FIXED HERE (& there's 18 OF THEM!) & I'll even QUOTE secunia on that now:
"Secunia is currently not aware of an updated kernel version addressing the vulnerabilities."
You really are just sticking your fingers in your ears and saying "LA LA LA I can't hear you", aren't you? That notice is completely out of date. All of those issues are fixed. When they say that they are "currently not aware of an updated kernel version addressing the vulnerabilities", they're writing that nearly 6 years ago. They created the notice, then they abandoned it and didn't update it when fixes for the issue came about. I already listed the kernel versions where all of those were fixed, and I'll do it again:
Issues 4-18 from that page are fixed in kernel 2.6.11. Issue 3 is only for 2.4 kernels and is fixed in 2.4.32-rc1. Issue 2 is fixed in 2.6.11.2. Issue 1 is apparently fixed in 2.6.8.1.
You haven't disproven that at all. All you've done is repeated your tired old outdated, obsolete Secunia link over and over again without any rational analysis of it.
As for where you wrote:
PARTIAL FIXES ONLY PRESENT HERE:
http://secunia.com/advisories/44754/
Still has issues #'s 3,4,8 & 9 are STILL UNRESOLVED - you SCREWED UP LARGE!
You complete moron! Can't you even read, in the very notice you're linking to, that issues 3 and 4 on that list are resolved? It says "Vulnerabilities #2 through #5 and #10 are fixed in version 2.6.35.14". In case you weren't aware (although you should, because I've already told you more than once) "#2 through #5" parses as #2,3,4,5. That includes 3 and 4. Do you understand that? Do you have some sort of argument as to how it doesn't, or are you capable of admitting that you made a mistake? As for 8 and 9, I discussed how those could be worked around, but I did a little more digging and found out that it's unnecessary anyway. I downloaded the source for 2.6.39.4 and had a look at l2cap_core.c which includes a version of Dan Rosenberg's patch:
/* Reject if config buffer is too small. */
len = cmd_len - sizeof(*req);
if (l2cap_pi(sk)->conf_len + len > sizeof(l2cap_pi(sk)->conf_req)) {
l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
l2cap_build_conf_rsp(sk, rsp,
L2CAP_CONF_REJECT, flags), rsp);
goto unlock;
}
nl802.11.c includes:
i = 0;
if (info->attrs[NL80211_ATTR_SCAN_SSIDS]) {
nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp) {
request->ssids[i].ssid_len = nla_len(attr);
if (request->ssids[i].ssid_len > IEEE80211_MAX_SSID_LEN) {
err = -EINVAL;
goto out_free;
}
Anonymous Coward signing as APK wrote:
http://secunia.com/advisories/44754/ (still has issues #'s 3,4,8 & 9 are STILL UNRESOLVED - show us how you can work-around them, as I did in the 2 single unpatched security vulnerabilities in Windows Server 2008 & I did so without disabling functionality in the colorui.dll issue (headless/servercore mode, OR unregistering said DLL)
Ok. Considering that you've claimed I have reading comprehension difficulties, I find this amusing. From the same page you linked to:
So, that's vulnerabilities #1,2,3,4,5,6,7 and 10, fixed in version 2.6.35.14. I previously mentioned that there was a patch for 8, and 9 requires special capabilities applied to the user or application.
For http://secunia.com/advisories/14295/, all 18 of those issues have been fixed, not none of them. This is the one that hasn't been updated on the secunia site in nearly 6 years. What a shocker that a notice that hasn't been updated doesn't have up to date information. I previously wrote:
Once again, the ball is in your court to prove that those 18 issues from an out of date notice are still issues since they're listed as fixed in other sources.
As for the third link you were proudly posting before and now seem to be silently ignoring: http://secunia.com/advisories/19402/, despite the many times you posted it, you were apparently incapable of reading the part of it that said:
As for your fixes to the Windows issues disabling functionality, you're not actually saying that they don't disable functionality, just that you don't think the functionality is important. I agree that it's probably not very important functionality, but it's still functionality that's being disabled. I'm only making an issue of this because you attempted to lambast me and label me a liar for saying that your fixes disabled functionality. Your fixes do, so my statement, which wasn't of any real importance anyway, was accurate.
How did I not live up to what was asked of me? The easy workaround to the issues you mentioned is to use the automatic update tool in the distro you're using to get the latest kernel that doesn't have the security issue in it. I showed you where all of the issues you mentioned had actually been fixed. Your assertion is ridiculous. You also seem to ignore pretty much every question I've asked of you, whereas I've made a good faith effort to answer yours.
As for disabling functionality, your two solutions for the colorui.dll problem are either to run in headless mode, which at least counts as not making use of functionality, or to unregister and remove the offending DLL. Tell me, if you do this, how do you use the color control panel applet? You can argue that it's functionality you don't need, but there's no sane way you can argue that it isn't disabling some functionality. For the other issue, you said that it would be a "GOOD IDEA to disallow apps that run by batch using SET statements". Once again, hard to argue that setting up a situation where some things can't run isn't disabling some functionality.
I really would be interested in you actually addressing some of the things I've said rather than just evading.
Anonymous Coward, apparently also known as APK wrote:
I show easy workarounds for the 2 single problems in WinSrv2k8 though
Good for you. Really. You get a biscuit. I don't recall ever saying that you couldn't.
First: It's not MY fault that Linux's remotely exploitable unpatched security vulnerabilities are SO NUMEROUS (and multi-part, beyond merely 3 issues)...
Second: You cannot produce what was asked of you: Show easy work-arounds the end-user can perform to fix said remotely exploitable security vulnerabilities in Linux's latest mainstream kernel (whereas I can for Windows Server 2008 a full "distro" no less)...
First: It's not your fault that the security vulnerabilities are so numerous. It is your fault that you didn't do the research to make sure that the vulnerabilities you're going on about still exist. It should occur to anyone capable of basic reasoning that a security notice that hasn't been updated in nearly 6 years might be out of date.
Second: Have you stopped beating your wife? Yes or no? Why should I produce workarounds the end user can perform beyond updating the kernel through the regular update tool. If you had actually provided a single exploit that wasn't already fixed or worked around, then you might have a point, but none of the exploits in the links you provided fit into that category. If you'd actually read what I'd written, you might know that. You keep writing that there are outstanding issues that have existed for "6++" years, as you put it. I already gave you the kernel release numbers where all of those issues were fixed. You can't just keep claiming that those are still outstanding issues. The fact that you still insist that they are just shows that you either have poor comprehension, or some sort of bizarre pathology. If you insist that those issues are still outstanding, the ball is in your court for you to prove it with some valid source.
Then, dear me, you do the loud crowing about supposed victory again. That's something people with a mental age of five do. Declaring victory in a debate by loudly repeating yourself with your fingers in your ears doesn't make it so. Also, when did I rib on you about posting as AC?
Wow. Two replies from you to my reply. Well then. With regards to Desktop market share, there aren't really any big surprises there. People have to actually know what an Operating System even is before they can actually choose one. In my experience, a good 70% of computer users don't even know what an OS is, let alone that they have a choice of what to use. I feel a bit dirty even visiting that site since they're affiliated with Alexa. I've removed their adware/spyware from hundreds of Windows machines and don't exactly have fuzzy feelings towards them. If the numbers from that site actually come from the Alexa spyware, then I would think there's a bias towards reporting the operating system of the kind of people who allow that spyware to be installed on their systems in the first place.
The low cost is a plus for servers, but it's also popular because it's a Unix variant. Also, because the kinds of people who become system administrators tend to be the kind of people who are enthusiasts for computer technology and like playing around with it. Linux is ideal for that. I've addressed the supposed 3 vulnerabilities you've talked about relentlessly in your many posts. You're using outdated information. That said, I'm sure there are other vulnerabilities in Linux, just as I'm sure there are other vulnerabilities in Windows and in Mac OS, and any other OS out there.
As for being unable to show workarounds to the issues you listed. I showed that the issues you listed aren't issues anymore. What more could you reasonably want?
As for websites being exploited. Happens all the time regardless of OS or web server software. Once again, it comes down more to security practices than to particular choice of OS. Take the recent Certificate Authority exploits as an example. It shouldn't have even been possible to compromise the keys in the first place as they shouldn't have been on machines connected to the Internet. That it could happen was a failure of security process.
Android has security vulnerabilities for sure. As do IOS, Windows Mobile (my current phone is a Windows Mobile phone, overall I'm unimpressed), Blackberry, etc. No big surprises there.
As to "extinction", you're back-pedalling. You're the one who brought it up, implying that Linux folks were going to reprehensible lengths to avoid it. So, I'll ask again, what reprehensible lengths are they going to? Also, how can you justify claiming that there's nothing to worry about, while simultaneously claiming that there's some sort of extinction to avoid?
P.S. It's confusing when you reply multiple times to my reply. It makes the thread complicated to follow.
Good grief.
An Anonymous Coward, signing as APK wrote:
Since you don't read well, look for this "2005-02-16" on this page:
I read fairly well, but I refuse to do some large research project for you when you clearly can't be bothered. Some summary says "remote" in it, but you don't make an attempt to list which parts are actually remote exploits. In any case, you clearly also couldn't be bothered to check out the part that said that the last update was 2005-12-01. Issues 4-18 from that page are fixed in kernel 2.6.11. Issue 3 is only for 2.4 kernels and is fixed in 2.4.32-rc1. Issue 2 is fixed in 2.6.11.2. Issue 1 is apparently fixed in 2.6.8.1. You didn't even address the problems with the other two links you provided, so I assume you're conceding that they're non-issues. The fact that you don't comprehend that something that hasn't been updated in nearly 6 years might just possibly be out of date means that anything you say might have to be taken with a pretty huge grain of salt. Also, what do you mean by "++"? You keep using it. Are you using it to mean "increment"? So, by "6++", do you mean 7? Also, in what way do I "show the remotely exploitable unpatched security vulnerabilities in Linux aren't fixable by the end user!"?
You then go on about some security issues in Windows and how to work around them by disabling features and claim that, by pointing out that the listed issues are fixed or patched already that I'm providing excuses, not fixes. I don't have to provide new fixes for them, since the old fixes work fine. Then you go on about 3 supposed vulnerabilities in the latest Linux kernel being 20. Which 3 vulnerabilities? The ones from the links you provided which are all fixed already? And what do you mean they're in the "latest kernel"? They were all in the 2.6 or 2.4 series.
As for Windows or Linux being more secure. Frankly, absent gaping flaws, I generally see security these days as having more to do with the user and usage profile of the machine than the particular operating system. Microsoft has mostly gotten their act together on security. As for security bugs, all major operating systems have them, both discovered and as yet undiscovered. It's a simple fact of life.
In your first link, 8 of the 10 problems listed are listed as fixed (most of them only apply to alpha CPUs anyway). The remaining two only affect 2.6 series kernels. One of them requires an application or user with special networking privileges to exploit and the other is patched.
Your second link also only applies to 2.6 series kernels and is listed as fixed as of 2.6.16.1
Your third link is just under six years out of date and doesn't include any remote exploits in any case.
In regards to your postscript, I'd like to re-iterate that Linux users have a genuine concern about being locked out of their own hardware. As I've already stated, journalists like Ed Botts have massive conflicts of interest that we take into account. Dell and HP don't need to be part of a conspiracy to lock out Linux users to carelessly and lazily kludge their UEFI implementation just to the point where Windows boots, but other Operating systems run into problems. We've seen that sort of thing often enough in the past.
P.S. What reprehensible lengths ("LENGTHS", no less) are Linux folks going to in order to avoid extinction? Also, how do you reconcile saying that Linux users are in danger of extinction with your claims that Linux users concerns about implementations of secure boot are unfounded?
If you say that whatever someone chooses to do is in their "best interest" because they chose to do it, then you've just defined "best interest" circularly. By that definition it's not even possible for anyone to do anything that isn't in their best interest.
Have you ever been diagnosed with a mental illness? Seriously, your posts come across like something from the time cube guy. You can call my post an "illogical off topic ad hominum attack", but it was the nature of your numerous posts I was attacking, not really you, per se. You yourself seem to have no trouble getting personal with attacks on people, I notice. The majority of your posts in this article seem to be repetitive rants. You gloat over imagined victories. I didn't address your so-called points because they were, for the most part, off topic. For some reason being off topic isn't such a sin when you do it. Also, I really honestly wasn't sure at first if your posts weren't coming from some sort of wacky content generator. I'm reminded of early print advertising, with its inexplicable font shifts, underlining, size changes, etc. My comments were not illogical. Your comments simply struck me as bizarre and I said so. Logic didn't really enter into it on way or another.
Seriously, your reply that "THE TRUTH COMES OUT" to my statement that I do, in fact, use Linux is bizarre. Linux users aren't exactly unusual on this site, much less in the comments of articles regarding Linux specifically. I'm not a member of some cult, I just use a particular operating system and you've apparently already pegged all Linux users into some particular niche in your mind and hold yourself up as superior to them. From my perspective, it looks like some sort of childlike egomania on your part.
Folks in the Linux world don't want useful security features stopped. What they want is for them to be implemented in such a way that the hardware still belongs to the person who paid good money for it and not to the original hardware manufacturer or their financial partners. There's nothing wrong with the concept of secure booting, but, if I'm buying a walled garden, I want the keys as well. The kind of people who are enthusiasts for free software tend to be the kind of people who don't like to be locked out of the things they own. I feel the same way about phones, and music players, and cars. You can imagine how I feel about laws that make it illegal to hack your own hardware, repair your own car, etc.
As for security of Linux vs. Windows in general, I don't think we're going to agree on those ever. I've used MS Windows since 2.0.3 I believe. Before I used Linux or it even existed. I also used various Unix variants before Linux. My personal computer for most of high school was a Silicon Graphics machine running Irix. When I first heard about Linux, I actually bought into some of the things people were saying comparing it to so called "real" Unix systems, and I didn't try it for a while. Since then, however, I've mostly been a Linux person. I mean, let's face it, Windows 95, 98, and ME were junk compared to Linux (Windows ME was junk compared to 98 and even 95, of course). Windows NT and its descendants were more impressive, but if we're talking about security, Microsoft never managed to impress me. The tight integration of the security hole otherwise known as Internet Explorer into Windows. Autorun, for crying out loud. I've just seen Microsoft do too many security brain dead things to take them seriously on the security front. Linux isn't some shining panacea, but it's what I use. It's given me plenty of problems over the years, but never as many as Windows.
As for disproving the points in the post you provided the link to. What points? You mentioned 3 remote unpatched vulnerabilities in the latest Linux kernel, but didn't say what they were. Then you went on about some Windows vulnerabilities and how to work around them. I haven't read anything I can think of by Ed Bott, and I don't know if he's a liar or not. He's a writer for a periodical who has managed to keep his job in this day and age, so that pretty much automatically makes him a shill. My mother has a newspaper reporter friend, and I was quite impressed by the multiple Pulitzer prizes he had on his wall when I met him, but, despite that I saw articles writt
Well, the article says it's for less than a trillionth of a second, so, based on your 100,000 times, that's one 10 millionth of the world's power generation over one second. Over a minute and 40 seconds it's one billionth of the worlds power generation. It's just a matter of finding a way to store it up temporarily and release it in one precisely timed laser burst. Of course, that "just a matter of" encompasses a pretty huge technological challenge. I assume that's why the $1.6 billiion is needed.
It was my understanding that Hawking Radiation had actually been confirmed and that it was caused by virtual particle pairs being created and one of them passing the event horizon and the other escaping.
Just observing the large number of formulaic posts, often with little or no bearing on the parent post, made by an AC, apparently signing at the end as apk. The posts are long, rambling, bizarrely formatted, with lots of pointless bolding and capitalization as well as excessive punctuation. Forgive me if the posts aren't being generated by some sort of near random content generator, but they really look like they are.
I think calling me a Linux "groupie", I think that's going a bit far. It is certainly true that I primarily use Linux. I got used to a Unix environment early on, so Linux was a natural progression for me. I think it would be fair to say I'm a fan. "groupie" is unfair, especially with the snide, condescending tone you seem to have intended. As for FUD, I don't think I was intending to spread fear, but I supposed I did have uncertainty and doubt about whether the spam-like flood of those posts came from a real human being. My reply was also no more off topic than the reply to my reply was. I admit I wasn't adding any new information or arguments to the conversation. I was providing a critique of someone else's "contribution", however, and I believe that still qualifies as on topic.