Because Microsoft is a monopoly, the assumption is that the free market forces that affect most everybody else have been rendered inoperative. Being a monopoly is not wrong in itself, but every action by or for a monopoly demands extreme scrutiny. If a single individual from a linux group does it, hell, even if the entire linux group does it, it's no big deal. Plenty of others, plenty of competition. The facts are that Microsoft is a monopoly and any plausible connection to Microsoft or any of its employs is sufficient to discredit any "grass-roots" campaign.
To borrow from you analogy, the real risk is not so much the lunatic that throws a match into the leaking gasoline as some innocent bystander that light up a cigarette.
Re:But it's not OK when it's Microsoft!
on
$1200 Cheap!
·
· Score: 1
So you have a monopoly looking for fresh territory. Methinks this bears a lot of scrutiny.
With the exception of internally within Bell Labs, early Unix was exclusively within Universities, will full source. For a long time you couldn't get it commercially.
Re:would you buy a used car from this model?
on
Mob Software
·
· Score: 1
the nature of a tool is that it solves a restricted problem domain very predictably. The problem is that the relevant problem domain refuses to stay so restricted. Each answer grows three new questions.
...the fact that any operating system is only as secure as the person using it. Wrong. The security of VM/CMS has rather little to do with the security of the person using it. I would imagine that Trusted Solaris is much the same.
The user is one aspect of security, granted the major aspect on single-users systems.
Patch? Nah, too much trouble. Control Panel, Services, Shutdown (both Manual Startup and Stop) both Content Index and World Wide Web Publishing Service.
Front Page extensions run as a nobody?
You are thinking about IUSR_machine-name, for Internet Server Anonymous Access. Probably some things in IIS do run as that user. IIS runs as user SYSTEM which is rather rootier that Administrator.
BTW, Apache runs as root. It has to run as root to attach to port 80. The child processes, the ones that do the work, run as nobody or apache or some such.
Nope, it's the platform. With outbreaks of Code Red at Hotmail, FedEx, internally in Microsoft, Lucent, and possibly in Computer Associates, all of which can be presumed to be professionally administered, it's not the administrators, it's the platform. If the administrators can not or will not do the well-publicized patches it's the platform.
For new and different, try LISP. Well new to you, it's actually very old.
Incredibly simple syntax. Open and Close parens, white-space, dot, quotes, other-chars. Most Lisps will recognize numerics, but that is not essential. Characterized by lines with 30-odd close parens. The parens are NOT optional.
Coding style can be pure lisp, functional and possibly without any variables. Coding style can be prog-style, more like the "normal" languages. The styles can be mixed.
Don't discount Assembly as a high-level language. It's probably still the only decent way to implement (recursive) co-routines.
If I was running a browser on an IIS machine that that script would shut down, then yes, I would want it to shut my machine down. Probably safer than whatever Microsoft is putting out.
it's not microsoft's fault if their userbase are composed of clueless morons... When Microsoft has a monopoly on PC Desktops, it is Microsoft's fault. When that monopoly is used to spread into other areas, it is Microsoft's fault.
IIS is NOT installed by default on Win2K Pro. Now how exactly does that protect NT Workstation, NT Server, W2K Server, Advanced Server or Datacenter Server from Code Red.
Well you know, different results from identical inputs. I would guess that most installations of IIS, intentional or otherwise, have nothing to do with Add/Remove Programs.
Re:CodeRed and SirCam: Free Software Plot?
on
Code Red III
·
· Score: 1
why don't we see far more Linux-specific hacks? The exploit is not in IIS but in some Index Server thingee, with no rational explanation as to what it is or why it is. To fix the problem, the right patch has to be found on Microsoft's servers. This seems to be too much trouble for Microsoft to do with Hot Mail and their own internal servers.
If we did have a CodeRed for RedHat, it would play out much differently. Lots of explanations and fixes. If I'm feeling paranoid, I can download the fix from some random site instead of priority.redhat.com, or even better, just kill the service that I don't want or need. The main difference is that the steps necessary to clip its wings will be taken.
Not totally different, but with Linux, with minimal effort I've got a pretty good idea of what the patch does and if I even care about it. With a reasonable amount of effort I could find out more about it than I really want to know. With Microsoft, it is essentially impossible to know what the patch does or what it affects.
Re:CR written by a linux zealot?
on
Code Red III
·
· Score: 1
Lost or corrupt data is a scourge. Exactly. The problem persists until the root cause is eliminated. I think the major risks from the holes is the inadvertent corruption of data in the normal course of events. Because of the "admirable job of damage control", I would be extremely reluctant to trust any data to Microsoft's keeping. This is not the only hole in existence.
Nah, Windows 95, the patched OEM version. (The stable Windows 95 that you couldn't buy from Microsoft ;-) It's been downhill ever since.
Because Microsoft is a monopoly, the assumption is that the free market forces that affect most everybody else have been rendered inoperative. Being a monopoly is not wrong in itself, but every action by or for a monopoly demands extreme scrutiny. If a single individual from a linux group does it, hell, even if the entire linux group does it, it's no big deal. Plenty of others, plenty of competition. The facts are that Microsoft is a monopoly and any plausible connection to Microsoft or any of its employs is sufficient to discredit any "grass-roots" campaign.
To borrow from you analogy, the real risk is not so much the lunatic that throws a match into the leaking gasoline as some innocent bystander that light up a cigarette.
So you have a monopoly looking for fresh territory. Methinks this bears a lot of scrutiny.
With the exception of internally within Bell Labs, early Unix was exclusively within Universities, will full source. For a long time you couldn't get it commercially.
the nature of a tool is that it solves a restricted problem domain very predictably.
The problem is that the relevant problem domain refuses to stay so restricted. Each answer grows three new questions.
...the fact that any operating system is only as secure as the person using it.
Wrong. The security of VM/CMS has rather little to do with the security of the person using it. I would imagine that Trusted Solaris is much the same.
The user is one aspect of security, granted the major aspect on single-users systems.
Patch? Nah, too much trouble. Control Panel, Services, Shutdown (both Manual Startup and Stop) both Content Index and World Wide Web Publishing Service.
Right, like the professional admins at HotMail, Microsoft, FedEx, Lucent, Computer Associates?
Yeah, but for how much longer?
Front Page extensions run as a nobody?
You are thinking about IUSR_machine-name, for Internet Server Anonymous Access. Probably some things in IIS do run as that user. IIS runs as user SYSTEM which is rather rootier that Administrator.
BTW, Apache runs as root. It has to run as root to attach to port 80. The child processes, the ones that do the work, run as nobody or apache or some such.
Nope, it's the platform. With outbreaks of Code Red at Hotmail, FedEx, internally in Microsoft, Lucent, and possibly in Computer Associates, all of which can be presumed to be professionally administered, it's not the administrators, it's the platform. If the administrators can not or will not do the well-publicized patches it's the platform.
And is it a mess when the same applications are installed in different directories.
For new and different, try LISP. Well new to you, it's actually very old.
Incredibly simple syntax. Open and Close parens, white-space, dot, quotes, other-chars. Most Lisps will recognize numerics, but that is not essential. Characterized by lines with 30-odd close parens. The parens are NOT optional.
Coding style can be pure lisp, functional and possibly without any variables. Coding style can be prog-style, more like the "normal" languages. The styles can be mixed.
Don't discount Assembly as a high-level language. It's probably still the only decent way to implement (recursive) co-routines.
No, it's like you bought plexiglass and instead got that break-away stuff they use in the movies.
If I was running a browser on an IIS machine that that script would shut down, then yes, I would want it to shut my machine down. Probably safer than whatever Microsoft is putting out.
it's not microsoft's fault if their userbase are composed of clueless morons...
When Microsoft has a monopoly on PC Desktops, it is Microsoft's fault. When that monopoly is used to spread into other areas, it is Microsoft's fault.
IIS is NOT installed by default on Win2K Pro. Now how exactly does that protect NT Workstation, NT Server, W2K Server, Advanced Server or Datacenter Server from Code Red.
Well you know, different results from identical inputs. I would guess that most installations of IIS, intentional or otherwise, have nothing to do with Add/Remove Programs.
Even if everybody get patched for Code Red, I'm sure there are plenty more holes waiting for discovery.
Win2K doesn't run on real systems like S/390.
why don't we see far more Linux-specific hacks?
The exploit is not in IIS but in some Index Server thingee, with no rational explanation as to what it is or why it is. To fix the problem, the right patch has to be found on Microsoft's servers. This seems to be too much trouble for Microsoft to do with Hot Mail and their own internal servers.
If we did have a CodeRed for RedHat, it would play out much differently. Lots of explanations and fixes. If I'm feeling paranoid, I can download the fix from some random site instead of priority.redhat.com, or even better, just kill the service that I don't want or need. The main difference is that the steps necessary to clip its wings will be taken.
Not totally different, but with Linux, with minimal effort I've got a pretty good idea of what the patch does and if I even care about it. With a reasonable amount of effort I could find out more about it than I really want to know. With Microsoft, it is essentially impossible to know what the patch does or what it affects.
Besides, it seems that Microsoft can't even patch their own servers. MS internal network whacked by Code Red
Lost or corrupt data is a scourge.
Exactly. The problem persists until the root cause is eliminated. I think the major risks from the holes is the inadvertent corruption of data in the normal course of events. Because of the "admirable job of damage control", I would be extremely reluctant to trust any data to Microsoft's keeping. This is not the only hole in existence.