what do you mean by "cluster"? if you mean splitting (for example) 20 independent virutal web sites from one server to two, than you are right. if you mean some more complicated solution (something like 20 servers are visible as one from outside), than i think you are wrong because i think such solution do not exists for NT for now.
how much of NT admins are competent? (if we take 'competent' as 'he KNOW what he is clicking at')
Most systems built today (and the systems that we want Linux to run on) are built for Microsoft.
you are buying system so you choose what you'll get for your money. so you just tell your HW manufacturer you want linux box or chooose manufacturer which is producing linux boxes. if such option is less available because of microsoft's "natural" monopoly and ugly business practises, then you have to ask more loudly to what you want. do not gave up just because of most systems built today are built for Microsoft's OS
Security
i agree that more of system security depends on administrator, not the system. as MS themselves proove, it is able to setup B2 (or some C? can't remember well) compliant NT system. what i see as problem is fact, that NT admins are mostly undereducated (with strong nod from MS itself - it's only better if some "techie" thinks same about MS products as managers, whom MS is dealing with (it is better to sell something to someone which do know nothing about product)) and they just do not care much about security because they do not know what it is. that's why most NT systems are very vulnerable.
Stability
yes, data about stability are not verified for now. friend of mine, which is programming under NT told me, that NT kernel is very stable thus you can make stable application over it. what is making problems is "this bloody GUI" (as he named it, 'bloody' meant as 'buggy') and some other stuff made to be sold (not to work properly). so you just have to not to rely on such stuff when doing stable thinks for NT. but this is very similar to NT admin problem: how much of NT programmers do care about correctnes of their product? how much of NT programmers know to make (and are making) correct/reliable/... code? (i mean not 100% correct - for now it's unprovable whether code is without any error - but correct enought not to cause problems every day/week/month)
Change real world needs
Frater 219 did not talks about "with this setup is this OS the best, this one 2nd, another one third,...". IMHO frater219 talks about changing need in progress. for example i buy web server for static pages. after few months/years i get a need for CGI scripts. what then? buy another server specificaly tuned for CGIs? what about my current web server? and again, after some time, i may start to need web based database access. again buy new server for that? that's the real-world-needs-changes.
The Future
i see more feature for product which is supported by many people, organisations and even companies than products supported by only his manufacturer. also source-code availability makes diference: will you place your business/healt/life/... at stake of system you can mainain even after manufacturer's death or system which disapiers right after his manufacturer?
i have RH6 now but when i was installing my old ESS1688 is: 1) look for free IRQ 2) switch this IRQ on that ISA sound card 3) tell the 2.2.X kernel i have ESS1688 with IRQ X, I/O Y and compiled it 4) reboot
i'm getting it quickly... do not take it as audit nor explicitly choosen files:
/ - everyone change (at least annoying while anobody can make mess in root directory) /winnt - everyone full access (-"-) /winnt/explorer.exe - everyone read (uff, at least something) /winnt/notepad.exe - everyone full access /winnt/system/system.drv - everyone full access (that's driver, isn't it?) /winnt/system32/format.exe - everyone read (OK) /winnt/system32/ipconfig.exe - everyone change /winnt/system32/setup.exe - everyone change /winnt/system32/user.exe - everyone change /winnt/system32/winlogon.exe - everyone read (OK) /program files - everyone full access (somebody can "spoof" apps - upload trojan here and others thinks it's regular app installed by admin) /program files/microsoft office/.../winword.exe - everyone full access (huh?!)
i'm not expert on NT security (or security as whole) but after very quick search through c:\ i found few programs i can change/modify and wait 'till admin (or user with admin rights) execute it (some.drv, winword.exe, setup.exe, ipconfig.exe,...). and do not forget that a LOT of NT users have admin rights because without them it is pain-in-the-ass to use them
those are not holes but DOORS!
of course only if i do not know about all those GET_ADMIN utilities:)
the problem with "the one" (call it that way - do not want to advertise:) OS is that making it "multiuser" (i.e. splitting things into "root/admin" and "user") broke almost whole system - nothing will work; it'll take a lot of time and work to get it to the same usability as before this "secure patch"
they can then nail greater than 90% of the systems with knowledge of one code base. that's why if mentioned 34% limit applies you can get to knees only those 34% with one code base (if counting only native binary code)
Of course that would diminish the benefits of having a shared network: interchange of information would now be much more difficult. you're kidding. if we both use mail clients which implements e-mail standards correctly, than we have no problem to send e-mails to each other.
your statement clearly talks about MS-like systems, which introduces incompatibilities also called "features" (by manufacturer).
i'm repeating: intechange of information is no problem in heterogenous environments IF your tools conform standards!
... which can detect and respond to software threats autonomously... without real AI you can't do that; because such a system have to be more inteligent and educated as (almost) all hackers/crackers in the world; otherwise it is limiting users abilities
so i think the only way out of this is education: tell the users basic rules! (like if you are applying for driver licence)
all this "heterogenou environment" argument is based on same principles as nature itself: if all people are same than one desease is enought to kill us all. but while we are all slightly diferent, there's still somebody who survive.
how many of O2000 users will click on "run only signed content"? (i think it'll not be set at default as it broke backward "compatibility")
and how many of users will sign their documents (i mean users, not developers, or is some macro supposed to be signed by developer even if it is used in another person's document)?
and how secure will this signing be when cryptography is almost out-lawed?
and even with good cryptography how eficient it'll be if you count "i wont learn" attitude of windows users?
and after that, how secure will be sing-checking? will it be error free enought so no exploits can be used to run unsigned content when it is not supposed to be run?
Windows NT has only been out since 1993. The file permission system is argueably better than unix's.
but those file permissions are set the way that almost everyone can write/delete everything (at least at default, but if you take a time and correct this i would like to know which apps keeps running).
1)...If Outlook were ported to Linux... first, someone have to want it there
2)... What do you want us to do? Say it twice? yes, even 4,5,6,... times untill people do get it. your company is directly responsible for people do not taking their windows based tools seriosly.
some people compare car driving to windows-usage but i have to say that before people get in car (officialy; with driver licence) they are teached some basics about functionality and rules. i would gladly see some of those in computers/windows too because people are blindly doing what's apears on display first or as default option without knowing what does it mean (what does it causing them, what they are loosing,...) and are ignoring rules (well, if MS is ignoring them it's "OK" but teaching others to do the same is not OK).
for now i'm just curious why people do not sue MS for those "features" as we are hearing a lot of so called FUD which talks about "who-do-you-sue". without those court-actions it looks like nobody is doing serious work with windows (no serious work, no serious looses).
3)... Power can always be abused. why your company company do not tell it to users of MS products? why MS do not tells them they are using "blade"? MS is just repeating "our productsare easy to use, they save you time, they are the best,..." and dangers mention only at the bottom ith small letter (if mention it at all). people (windows users) are ignoring warning messages because you teach them to do that!
... never even seen Outlook's splash screen let alone written a VBA... if i want to send some message to somebody, i'm not interested in perfect-nice-powerfull-configurable-scriptable-eas y-quick-hot-toolbarized-lots_of_buttons- safe-eror_prone-... e-mail agent. i'm perfectly happy with pine (do you know what i'm talking about? just asking before you (or somebody else) try to argue that pine (or elm or whatever) is useless)
now some example: person (call it W1) wants to write a message: clicks 'Word' icon, write one sentence, then perform that easy i(hany)-do-not-know-this-operation and sends this message to person W2. both persons got T1 lines and and 'word' so they are not bothered they are wasting bandwidth (because this one-sentence-message is 100 KB long) and that they are limiting ability of (standardised) e-mail to be read with whatever agent you have. try then imagine on of thos Ws to comunicate with some U or M or whatever (U, M,... do not have fat pipe and/or do not have 'word').
is attachment supposed to be supplement or replacment of e-mail body?
i hope and thing almost same about linux "dominance" in the future.
i just want to add, that running untrusted executables is maybe common about windows users BUT it's silly/bad/dangerous/.... are those people handling EACH piece of mail like that? i.e. they receive something which says "run me" so they run it (they want make their job faster,...). so if they receive something saying "do not read me and sign me" will they do that (skip reading what they are signing just to perform it quicker)???
some things can't be optimised for speed because something else is more important (like eating - you have to eat good stuff and have time to eat it; making children - it's not just fuck, it's up-bringing too; lending a lot of money - you can make it quick, but then you can lost them; backuping your work - you can make it quick and do not check, but then you can damage/destroy all your work;...)
Office 2000 (released just now) supposedly contains features which prevents Macro viruses.
maybe.
MSO2000 supposedly contains new "features" to exploit too.
p.s.: if something is supposed to correct broken thing, i do not call it feature but bug-fix or patch or update. so you better say "... supposedly contains patches to macro-virus hole."
you just did not mention reason why to boycott new linuxHQ.
sure it looks suspicious and the "replacement" has been not done the "clean" way, but until now nothing that wrong happend to take this kind of action against author.
so i recommend "normal" operation (i.e. browse this page which you are interested in) for now.
changing the meaning of one word (guru) to fix bad usage of another word (hacker) is IMHO not that good idea.
it reminds me how those famous windows bugs, problems, shortcommings,... are solved (ussualy renamed to "feature" and then another "features" are made to overstep previous ones).
slovak telecom (ST) have guaranteed monopoly for voice connetctions and cables till 2003 (by law). and what's worse, they are trying to get another monopoly as ISP. maybe they are trying to secure theire position against foreign companies before they enter our market BUT they are doing it very ignorantly: they ignore existing infrastructure and existing organizations! ST acts like they are bringing internet to slovakia, like iternet is not here. for example ST hold an thumb on international connectivity (through ebone - second foreign-connectivity provider is telenor, which is slightly more expansive and has end-user-ISP interests too (it buys netlab ISP with 20% market share)), they are forcing customers to switch from analog to digital lines which are charged 2-3 more (even that cost asociated with digital lines are lower than that related to analog lines).
there hase been one boycot of ST alredy - blocking of it's customers from a lot of web content. on first days ST just made some cracking/hacking (outside proxies, anonymizers, even attacks against web sites) - it shows they do not understand and they do not want understand nor solve problems they cause. and after all, no consenzus has been made with us.
so there is petition organized to make a referendum to cut the law which guarantee them monopoly. for those of you from slovak republic... viac informacii + peticne harky najdete na http://www.sis.sk/Referendum/.
i like when people are forming communities but only as long as it is for good purpose: when all member benefits. the "ultimate" goal (at least for now, while we do not know any extraterrestials:) should be the global earth community.
maybe governments have the same goal (they are people too) but they make it wrong way: mostly, they are making communities (a.k.a nations, states,...) where (almost) everybody works (produce value) BUT only small group is taking profit (mostly politicians themselves + rich and/or powerfull people). this private-info-selling is perfect example of such attitude.
and why they are doing so? are they braind-damaged? do they forget that they are people and citizens too? power corrupts.
that's why we have to watch our politicians very close and carefully, give them advices AND criticize them when they do something wrong. and (of course) take more action when they are ignoring us.
democracy is not perfect but something better has not been invented yet (nor taken in practise). but we have to try to achieve better living. at least for our children (and their children,...).
why do people bring children to live when they cause them suffer then? (why i'm asking that? take a look at poluted environment, screwed laws, dumb policies, problems solved short-sightedly,...)
Slashdot Mirror
if you mean some more complicated solution (something like 20 servers are visible as one from outside), than i think you are wrong because i think such solution do not exists for NT for now.
how much of NT admins are competent? (if we take 'competent' as 'he KNOW what he is clicking at')
Most systems built today (and the systems that we want Linux to run on) are built for Microsoft.
you are buying system so you choose what you'll get for your money. so you just tell your HW manufacturer you want linux box or chooose manufacturer which is producing linux boxes.
if such option is less available because of microsoft's "natural" monopoly and ugly business practises, then you have to ask more loudly to what you want. do not gave up just because of most systems built today are built for Microsoft's OS
Security
i agree that more of system security depends on administrator, not the system. as MS themselves proove, it is able to setup B2 (or some C? can't remember well) compliant NT system.
what i see as problem is fact, that NT admins are mostly undereducated (with strong nod from MS itself - it's only better if some "techie" thinks same about MS products as managers, whom MS is dealing with (it is better to sell something to someone which do know nothing about product)) and they just do not care much about security because they do not know what it is. that's why most NT systems are very vulnerable.
Stability
yes, data about stability are not verified for now.
friend of mine, which is programming under NT told me, that NT kernel is very stable thus you can make stable application over it. what is making problems is "this bloody GUI" (as he named it, 'bloody' meant as 'buggy') and some other stuff made to be sold (not to work properly). so you just have to not to rely on such stuff when doing stable thinks for NT.
but this is very similar to NT admin problem: how much of NT programmers do care about correctnes of their product? how much of NT programmers know to make (and are making) correct/reliable/... code? (i mean not 100% correct - for now it's unprovable whether code is without any error - but correct enought not to cause problems every day/week/month)
Change real world needs
Frater 219 did not talks about "with this setup is this OS the best, this one 2nd, another one third, ...". IMHO frater219 talks about changing need in progress.
for example i buy web server for static pages. after few months/years i get a need for CGI scripts. what then? buy another server specificaly tuned for CGIs? what about my current web server? and again, after some time, i may start to need web based database access. again buy new server for that?
that's the real-world-needs-changes.
The Future
i see more feature for product which is supported by many people, organisations and even companies than products supported by only his manufacturer.
also source-code availability makes diference: will you place your business/healt/life/... at stake of system you can mainain even after manufacturer's death or system which disapiers right after his manufacturer?
then maybe we have to give arms and legs to those AIs so they can work for us.
and then, we shall silently die, we are not necessary anymore.
:)
MS do not need to thank for help?
i make a quick search through NT installed from start on NTFS and list some files in this post.
1) look for free IRQ
2) switch this IRQ on that ISA sound card
3) tell the 2.2.X kernel i have ESS1688 with IRQ X, I/O Y and compiled it
4) reboot
now i'm enjoying sound :)
/ - everyone change (at least annoying while anobody can make mess in root directory)
/winnt - everyone full access (-"-)
/winnt/explorer.exe - everyone read (uff, at least something)
/winnt/notepad.exe - everyone full access
/winnt/system/system.drv - everyone full access (that's driver, isn't it?)
/winnt/system32/format.exe - everyone read (OK)
/winnt/system32/ipconfig.exe - everyone change
/winnt/system32/setup.exe - everyone change
/winnt/system32/user.exe - everyone change
/winnt/system32/winlogon.exe - everyone read (OK)
/program files - everyone full access (somebody can "spoof" apps - upload trojan here and others thinks it's regular app installed by admin)
/program files/microsoft office/.../winword.exe - everyone full access (huh?!)
i'm not expert on NT security (or security as whole) but after very quick search through c:\ i found few programs i can change/modify and wait 'till admin (or user with admin rights) execute it (some .drv, winword.exe, setup.exe, ipconfig.exe, ...). and do not forget that a LOT of NT users have admin rights because without them it is pain-in-the-ass to use them
those are not holes but DOORS!
of course only if i do not know about all those GET_ADMIN utilities :)
but IMHO for a long time we will be still using Internet without that so some midd-solution would be appreciated.
i think, this midd-solution is education: teach the people that running untrusted code is like signing something they did not read.
and some sand boxes for such code would be nice too.
the problem with "the one" (call it that way - do not want to advertise :) OS is that making it "multiuser" (i.e. splitting things into "root/admin" and "user") broke almost whole system - nothing will work; it'll take a lot of time and work to get it to the same usability as before this "secure patch"
that's not enought. outlook and co. is asking whether to run or not so definite solution is ONLY education.
people have to know that running untrusted code is like signing something they did not read!!!
people have to know that running untrusted code is like signing something they did not read!!!
like repeatedly lost work because of error in system? (not necessarily virus :)
that's why if mentioned 34% limit applies you can get to knees only those 34% with one code base (if counting only native binary code)
Of course that would diminish the benefits of having a shared network: interchange of information would now be much more difficult.
you're kidding. if we both use mail clients which implements e-mail standards correctly, than we have no problem to send e-mails to each other.
your statement clearly talks about MS-like systems, which introduces incompatibilities also called "features" (by manufacturer).
i'm repeating: intechange of information is no problem in heterogenous environments IF your tools conform standards!
without real AI you can't do that; because such a system have to be more inteligent and educated as (almost) all hackers/crackers in the world; otherwise it is limiting users abilities
so i think the only way out of this is education: tell the users basic rules! (like if you are applying for driver licence)
all this "heterogenou environment" argument is based on same principles as nature itself: if all people are same than one desease is enought to kill us all. but while we are all slightly diferent, there's still somebody who survive.
why is nature avoiding monocultures?
and how many of users will sign their documents (i mean users, not developers, or is some macro supposed to be signed by developer even if it is used in another person's document)?
and how secure will this signing be when cryptography is almost out-lawed?
and even with good cryptography how eficient it'll be if you count "i wont learn" attitude of windows users?
and after that, how secure will be sing-checking? will it be error free enought so no exploits can be used to run unsigned content when it is not supposed to be run?
what you write is refinment: not only outlook users can be affected but anybody reading e-mails on windows system.
but those file permissions are set the way that almost everyone can write/delete everything (at least at default, but if you take a time and correct this i would like to know which apps keeps running).
same applies to nature: nature is mainaining variety even amongs same kinds to minimise effects of disasters.
when peole realize that?
unification leads to great risks (i.e. high eventuality of one disaster destroing everything).
1) ...If Outlook were ported to Linux ...
first, someone have to want it there
2) ... What do you want us to do? Say it twice?
yes, even 4,5,6,... times untill people do get it. your company is directly responsible for people do not taking their windows based tools seriosly.
some people compare car driving to windows-usage but i have to say that before people get in car (officialy; with driver licence) they are teached some basics about functionality and rules. i would gladly see some of those in computers/windows too because people are blindly doing what's apears on display first or as default option without knowing what does it mean (what does it causing them, what they are loosing, ...) and are ignoring rules (well, if MS is ignoring them it's "OK" but teaching others to do the same is not OK).
for now i'm just curious why people do not sue MS for those "features" as we are hearing a lot of so called FUD which talks about "who-do-you-sue". without those court-actions it looks like nobody is doing serious work with windows (no serious work, no serious looses).
3) ... Power can always be abused. ..." and dangers mention only at the bottom ith small letter (if mention it at all).
why your company company do not tell it to users of MS products? why MS do not tells them they are using "blade"? MS is just repeating "our productsare easy to use, they save you time, they are the best,
people (windows users) are ignoring warning messages because you teach them to do that!
if i want to send some message to somebody, i'm not interested in perfect-nice-powerfull-configurable-scriptable-ea
now some example: person (call it W1) wants to write a message: clicks 'Word' icon, write one sentence, then perform that easy i(hany)-do-not-know-this-operation and sends this message to person W2. both persons got T1 lines and and 'word' so they are not bothered they are wasting bandwidth (because this one-sentence-message is 100 KB long) and that they are limiting ability of (standardised) e-mail to be read with whatever agent you have. ... do not have fat pipe and/or do not have 'word').
try then imagine on of thos Ws to comunicate with some U or M or whatever (U, M,
is attachment supposed to be supplement or replacment of e-mail body?
i just want to add, that running untrusted executables is maybe common about windows users BUT it's silly/bad/dangerous/.... are those people handling EACH piece of mail like that? i.e. they receive something which says "run me" so they run it (they want make their job faster, ...). so if they receive something saying "do not read me and sign me" will they do that (skip reading what they are signing just to perform it quicker)???
some things can't be optimised for speed because something else is more important (like eating - you have to eat good stuff and have time to eat it; making children - it's not just fuck, it's up-bringing too; lending a lot of money - you can make it quick, but then you can lost them; backuping your work - you can make it quick and do not check, but then you can damage/destroy all your work; ...)
maybe.
MSO2000 supposedly contains new "features" to exploit too.
p.s.: if something is supposed to correct broken thing, i do not call it feature but bug-fix or patch or update. so you better say "... supposedly contains patches to macro-virus hole."
agree
sure it looks suspicious and the "replacement" has been not done the "clean" way, but until now nothing that wrong happend to take this kind of action against author.
so i recommend "normal" operation (i.e. browse this page which you are interested in) for now.
it reminds me how those famous windows bugs, problems, shortcommings, ... are solved (ussualy renamed to "feature" and then another "features" are made to overstep previous ones).
there hase been one boycot of ST alredy - blocking of it's customers from a lot of web content. on first days ST just made some cracking/hacking (outside proxies, anonymizers, even attacks against web sites) - it shows they do not understand and they do not want understand nor solve problems they cause. and after all, no consenzus has been made with us.
so there is petition organized to make a referendum to cut the law which guarantee them monopoly. for those of you from slovak republic ... viac informacii + peticne harky najdete na http://www.sis.sk/Referendum/.
maybe governments have the same goal (they are people too) but they make it wrong way: mostly, they are making communities (a.k.a nations, states, ...) where (almost) everybody works (produce value) BUT only small group is taking profit (mostly politicians themselves + rich and/or powerfull people).
this private-info-selling is perfect example of such attitude.
and why they are doing so? are they braind-damaged? do they forget that they are people and citizens too?
power corrupts.
that's why we have to watch our politicians very close and carefully, give them advices AND criticize them when they do something wrong. and (of course) take more action when they are ignoring us.
democracy is not perfect but something better has not been invented yet (nor taken in practise). but we have to try to achieve better living. at least for our children (and their children, ...).
why do people bring children to live when they cause them suffer then? (why i'm asking that? take a look at poluted environment, screwed laws, dumb policies, problems solved short-sightedly, ...)