Heads I win. Tails I win.
If he was right, there is some objective evidence that he was.
If he was wrong, that's maybe the only way of getting right.
In any event, he gets some free publicity and (after patches) a fairly secure product.
Good thread!
For me at least, the why is escape from the mess that Microsoft Windows is becoming. The perception is that the transition to Linux is easier. Reality can be different. Linux tends to be a bit more bleeding edge. I have the impression that BSD doesn't like to bleed. Because it wouldn't show on the mascot?
Stability is not an absolute, except maybe VM on big iron. BSD comes pretty close. The thing about the high Linux up-times was staying up through configurations, misconfigurations, things where the expectation is at least a few kernel panics. I have panicked FreeBSD. Once. Uninstalling after installing a few hundred megs on about 40 meg free disk space. That's still "rock-solid" in my book.
Oh, and BSD will learn from Linux, at least a few things not to do;-)
Sorry but using XP or Win2K does not lead one to make intelligent well-thought out anythings. Fact. Reinstall XP on boss's new laptop. 1gHz P3, 512Meg. Performance so pathetic it was actually funny. Fact. Win2K can't keep keyboard CapsLock and Dos-mode Caps-Lock state in sync. Fact. FBI issues security warning about XP because Microsoft cannot assure them that the hole is actually plugged.
Surely you don't think these posts are coming from people using just Linux/BSD/real-OSs?
All non-trivial programs have bugs.
With the possible exception of some stuff by Donald Knuth.
Intel had a problem with division on some of their chips. That stuff is well defined and analyzed extremely carefully, but occasionally something slips through the cracks. Software always tends to be buggier than hardware.
Having bugs is not the same as a user being able to encounter one. Mostly they lurk in the shadows waiting for a chance encounter with another bug. If a user encounters a bug, there are usually at least two bugs in the program that are responsible.
that people understand precisely by messing with things they don't understand. In fact only for very unimportant things does anyone stand a chance of understanding prior to messing with.
People fall off the cliff. Somebody builds a fence.
Nobody falls off the cliff. Why bother.
No stats, but there is a god-awful amount of cliffs with no fences. Or people for that matter.
Deriving Cause and Effect from two effects with a third common cause...
He has a point. You tend to get into accidents when things look safer than they are and stay out of them when things look more dangerous than they are.
"Click here to _permanently_ destroy your computer" (with just an OK button)
Well, they'll click on most anything else. I think the Chernobyl virus did effectively do just that, erasing BIOS or some such.
If you have just one kernel, it should be the precompiled, distribution supplied kernel.
Unless you really know what you are doing, the customized kernel is an alternative.
In general, tech support only supports the precompiled, distribution supplied kernel. If you have problems, you demonstrate them on that kernel.
Happiness.
Aunt Tillie does not need to build a kernel, ever.
Aunt Tillie can easily build a kernel if she feels like it.
Misery.
Aunt Tillie needs to build a kernel.
Aunt Tillie cannot build the kernel she needs.
It's been a long time since I've compiled a kernel except. The last kernel I compiled was to get an NTFS read-only module so I could ftp it to a "rescue". I wish any other configuration was as easy and straightforward. Need to get the "right" starting point and extremely explicit directions, including all the "remember to...". Needs to describe how to have multiple kernels, in case something wasn't quite 100% safe. Needs to be concise enough so that a total newbie WILL read it.
Besides, when Aunt Tillie has reconfigured her kernel, she knows the "My" of "My Computer" now really means Aunt Tillie's computer.
And when you discover someone in a 3rd floor window snooping with binoculars and writing down license plate numbers,....
What is benign about writing down people's license plate numbers?
OK, MS provided a check-box somewhere for this. What guarantee is there that MS provides a check-box somewhere for everything affecting my privacy? Do I have any way of knowing if I have found all of them?
Sure you will. Just rename a FOO.COM to FOO.EXE. Still works. A real.EXE file has to start with the magic token 'MZ', but it works equally well if it is renamed to.COM
Depending on scripting languages and extensions, there are an awful lot of Run-Me running loose.
Identity forged by forged Globally "Unique" Identifier in Windows Media Player. Could be more effective that forged IP return addresses.
If this post is any indication of the resources Microsoft will bring to bear on the problem,... backup your data. Offline.
Unlikely. Now there's an understatement.
An unsafe scripting interpreter is more powerful and easier to use than a safe scripting interpreter. To be safe, it probably easiest to run the interpreter in a sandbox where one does not need to trust the interpreter, let alone the script.
(if it is even possible to write useful scripts in such a limited environment) Possible? Yes. Necessary? Yes. Easy? No.
Gives an idea why Sun gets all uptight about people screwing around with Java. They aren't about to let anybody turn their baby into some sort of Viral Basic.
Name recognition. Plus being able to fairly easily position yourself at about the right point on the Stability-CuttingEdge-BleedingEdge continuum. 2.4 is *supposed* to be the stable branch, but 2.4 was long overdue, and unless the jump is made, it takes careful selecting of 2.3.xxx. *is* stable can only be determined after it has been in production for a while. Pre's and Beta's are not useless, but the are not a substitute for being in production.
This isn't bad for BSD. They watch and learn from other peoples mistakes (How to avoid the Bleeding Edge). Also it's rather easy to explain a snuck-in BSD as a special kind of Linux;)
Where are the userids and file system permissions for files on a FAT partition?
How do I get a directory listing with owner and file permissions for files on an NTFS partition?
Right-Click, Properties, Security tab, Permissions. File-by-file. Thousands of files. No cigar.
"Security Features" is too much like putting a steel security door on a tar-paper shack. Looks impressive, but there are too many ways around it. OpenBSD's security doesn't come from "features". It's there because they've taken the trouble to secure the perimeter.
The thing to watch is diversity. If AOL/TW is a threat to such as CSPAN and PBS then it's time to be concerned. If senior management is convinced that diversity is a "Good Thing", particularly when it dissents from the "corporate view", there is less to be concerned about. Things like Turner Classic Movies. I don't know if it's run at a profit or a loss. I expect that Ted Turner doesn't even care much, as long as he can afford it.
(Multics) where everyone had access to everyone else's data Under controlled circumstances, only. Multics had better security than anything you are like to find now. Probably the only system where you would even consider putting the CIA and the KGB with sensitive data on the same mainframe.
For buffer overflows, it's not the endianness, it's the Unix/C trick of null-terminated strings that allow strings to be handled by a 1-tuple instead of 3-tuples. It also applies to any storing that is done without bounds checking.
You're very right about the significance of Unix being multi-user. The constant source of security issues are those complicated programs which must cross user boundaries. Microsoft Windows has the problem that Solitaire fundamentally has all the potential for damage as sendmail.
It cracks me up that Microsoft disabled Java support in XP for "security reasons". Even with Microsoft's broken "Java", it was too secure. Of course Microsoft removed it for security reasons. Microsoft didn't say it was to increase security, did they?
Red Hat 7.0, Professional Server at least, came with a Green CD and a very obvious piece of paper saying to update the RedHat Update. Wasn't long after it was first released either. Seems they put UPDATE notices on their front page on occasion, too.
I think there was a comparison (long ago) between the Radio Shack TRS-80 running the best known algorithm and a Cray solving the 9-body problem straightforwardly, with the Trash80 winning.
For FORTRAN on an old PDP to assembly on an Athlon, a few million record sort should do the trick.
Standard tactics for new upper management. If it's centralized, then decentralize it. If it's spread out, then centralize it. It's really more of a spring cleaning type of thing. It's drastic enough so that some necessary changes can be made because the status quo in "not" an option. The "saving maintenance" sounds more like an excuse than a reason.
Slashdot Mirror
Heads I win. Tails I win.
If he was right, there is some objective evidence that he was.
If he was wrong, that's maybe the only way of getting right.
In any event, he gets some free publicity and (after patches) a fairly secure product.
Good thread! ;-)
For me at least, the why is escape from the mess that Microsoft Windows is becoming. The perception is that the transition to Linux is easier. Reality can be different. Linux tends to be a bit more bleeding edge. I have the impression that BSD doesn't like to bleed. Because it wouldn't show on the mascot?
Stability is not an absolute, except maybe VM on big iron. BSD comes pretty close. The thing about the high Linux up-times was staying up through configurations, misconfigurations, things where the expectation is at least a few kernel panics. I have panicked FreeBSD. Once. Uninstalling after installing a few hundred megs on about 40 meg free disk space. That's still "rock-solid" in my book.
Oh, and BSD will learn from Linux, at least a few things not to do
Sorry but using XP or Win2K does not lead one to make intelligent well-thought out anythings. Fact. Reinstall XP on boss's new laptop. 1gHz P3, 512Meg. Performance so pathetic it was actually funny. Fact. Win2K can't keep keyboard CapsLock and Dos-mode Caps-Lock state in sync. Fact. FBI issues security warning about XP because Microsoft cannot assure them that the hole is actually plugged.
Surely you don't think these posts are coming from people using just Linux/BSD/real-OSs?
All non-trivial programs have bugs.
With the possible exception of some stuff by Donald Knuth.
Intel had a problem with division on some of their chips. That stuff is well defined and analyzed extremely carefully, but occasionally something slips through the cracks. Software always tends to be buggier than hardware.
Having bugs is not the same as a user being able to encounter one. Mostly they lurk in the shadows waiting for a chance encounter with another bug. If a user encounters a bug, there are usually at least two bugs in the program that are responsible.
Now why did that make me think of Enron?
When the "entertainment" becomes more of a hassle, it's time to look elsewhere. Permanently.
I don't think you are alone.
that people understand precisely by messing with things they don't understand. In fact only for very unimportant things does anyone stand a chance of understanding prior to messing with.
People fall off the cliff. Somebody builds a fence. ...
Nobody falls off the cliff. Why bother.
No stats, but there is a god-awful amount of cliffs with no fences. Or people for that matter.
Deriving Cause and Effect from two effects with a third common cause
He has a point. You tend to get into accidents when things look safer than they are and stay out of them when things look more dangerous than they are.
"Click here to _permanently_ destroy your computer" (with just an OK button)
Well, they'll click on most anything else. I think the Chernobyl virus did effectively do just that, erasing BIOS or some such.
Yes.
If you have just one kernel, it should be the precompiled, distribution supplied kernel.
Unless you really know what you are doing, the customized kernel is an alternative.
In general, tech support only supports the precompiled, distribution supplied kernel. If you have problems, you demonstrate them on that kernel.
Happiness.
...". Needs to describe how to have multiple kernels, in case something wasn't quite 100% safe. Needs to be concise enough so that a total newbie WILL read it.
Aunt Tillie does not need to build a kernel, ever.
Aunt Tillie can easily build a kernel if she feels like it.
Misery.
Aunt Tillie needs to build a kernel.
Aunt Tillie cannot build the kernel she needs.
It's been a long time since I've compiled a kernel except. The last kernel I compiled was to get an NTFS read-only module so I could ftp it to a "rescue". I wish any other configuration was as easy and straightforward. Need to get the "right" starting point and extremely explicit directions, including all the "remember to
Besides, when Aunt Tillie has reconfigured her kernel, she knows the "My" of "My Computer" now really means Aunt Tillie's computer.
And when you discover someone in a 3rd floor window snooping with binoculars and writing down license plate numbers, ....
What is benign about writing down people's license plate numbers?
OK, MS provided a check-box somewhere for this. What guarantee is there that MS provides a check-box somewhere for everything affecting my privacy? Do I have any way of knowing if I have found all of them?
Sure you will. Just rename a FOO.COM to FOO.EXE. Still works. A real .EXE file has to start with the magic token 'MZ', but it works equally well if it is renamed to .COM
Depending on scripting languages and extensions, there are an awful lot of Run-Me running loose.
Identity forged by forged Globally "Unique" Identifier in Windows Media Player. Could be more effective that forged IP return addresses. ... backup your data. Offline.
If this post is any indication of the resources Microsoft will bring to bear on the problem,
Unlikely. Now there's an understatement.
An unsafe scripting interpreter is more powerful and easier to use than a safe scripting interpreter. To be safe, it probably easiest to run the interpreter in a sandbox where one does not need to trust the interpreter, let alone the script.
(if it is even possible to write useful scripts in such a limited environment)
Possible? Yes. Necessary? Yes. Easy? No.
Gives an idea why Sun gets all uptight about people screwing around with Java. They aren't about to let anybody turn their baby into some sort of Viral Basic.
Name recognition. Plus being able to fairly easily position yourself at about the right point on the Stability-CuttingEdge-BleedingEdge continuum. 2.4 is *supposed* to be the stable branch, but 2.4 was long overdue, and unless the jump is made, it takes careful selecting of 2.3.xxx. *is* stable can only be determined after it has been in production for a while. Pre's and Beta's are not useless, but the are not a substitute for being in production. ;)
This isn't bad for BSD. They watch and learn from other peoples mistakes (How to avoid the Bleeding Edge). Also it's rather easy to explain a snuck-in BSD as a special kind of Linux
Where are the userids and file system permissions for files on a FAT partition?
How do I get a directory listing with owner and file permissions for files on an NTFS partition?
Right-Click, Properties, Security tab, Permissions. File-by-file. Thousands of files. No cigar.
"Security Features" is too much like putting a steel security door on a tar-paper shack. Looks impressive, but there are too many ways around it. OpenBSD's security doesn't come from "features". It's there because they've taken the trouble to secure the perimeter.
The thing to watch is diversity. If AOL/TW is a threat to such as CSPAN and PBS then it's time to be concerned. If senior management is convinced that diversity is a "Good Thing", particularly when it dissents from the "corporate view", there is less to be concerned about. Things like Turner Classic Movies. I don't know if it's run at a profit or a loss. I expect that Ted Turner doesn't even care much, as long as he can afford it.
(Multics) where everyone had access to everyone else's data
Under controlled circumstances, only. Multics had better security than anything you are like to find now. Probably the only system where you would even consider putting the CIA and the KGB with sensitive data on the same mainframe.
For buffer overflows, it's not the endianness, it's the Unix/C trick of null-terminated strings that allow strings to be handled by a 1-tuple instead of 3-tuples. It also applies to any storing that is done without bounds checking.
You're very right about the significance of Unix being multi-user. The constant source of security issues are those complicated programs which must cross user boundaries. Microsoft Windows has the problem that Solitaire fundamentally has all the potential for damage as sendmail.
Stand in a parking lot with a clipboard and write down the license plate numbers of everybody that enters. ;-)
It cracks me up that Microsoft disabled Java support in XP for "security reasons".
Even with Microsoft's broken "Java", it was too secure. Of course Microsoft removed it for security reasons. Microsoft didn't say it was to increase security, did they?
Red Hat 7.0, Professional Server at least, came with a Green CD and a very obvious piece of paper saying to update the RedHat Update. Wasn't long after it was first released either. Seems they put UPDATE notices on their front page on occasion, too.
You could say that, but what goes in the hexedit is the crack, not the patch. It's not equal.
I think there was a comparison (long ago) between the Radio Shack TRS-80 running the best known algorithm and a Cray solving the 9-body problem straightforwardly, with the Trash80 winning.
For FORTRAN on an old PDP to assembly on an Athlon, a few million record sort should do the trick.
Standard tactics for new upper management. If it's centralized, then decentralize it. If it's spread out, then centralize it. It's really more of a spring cleaning type of thing. It's drastic enough so that some necessary changes can be made because the status quo in "not" an option. The "saving maintenance" sounds more like an excuse than a reason.