As you can see, there are very few documents that mention NAT firewalls.
In some ways OpenVPN appears to be a typical Open Source project. Documentation is often more work than writing the program, and most Open Source developers don't want to do the documentation, and don't want anyone else to do it, because of perceived loss of credit.
We looked at OpenVPN. It looked like a lot of work to get it to function behind a NAT firewall. A google search restricted to the OpenVPN web site brings up many, many questions, and not many answers.
Insecurity: Hamachi uses a very sensible technique for getting
around firewalls and NAT. So does Skype
VOIP. Of course, that means firewalls and NAT are not really protecting
us.
In no way am I saying that Hamachi itself is insecure. I don't think
that. They say all traffic is encrypted, and normally none passes through
their servers. I am only saying that these techniques show the insecurity of
our present protections.
ZoneAlarm Security Suite: We use
ZoneAlarm Security Suite, a software firewall
that notifies users every time something happens that might be an indication
of a security breach.
If the users don't cooperate, and don't call us every time they see a
notification, there is no security. ZoneAlarm's notifications are written in
pure Geek, an unusual language which is used not to communicate but to
pretend to communicate, while actually trying to avoid providing any useful
information. Geek is a job security language, not a language for communication.
The real answer, of course, is to have a secure operating system, not
one in which there is a lot of profit to be made selling the next version by
criticizing
the present version. We need an OS that is designed to be secure, not one that is allowed
to be sloppy so that it is insecure.
Router VPN -- Netgear: We have had an enormous amount of
trouble with Netgear router VPNs. We've had a lot of trouble with Netgear
technical support. The Netgear products don't seem finished. Once they are
working, our experience is that they stay working, with some quirks.
(Interestingly, Netgear is the worst company for avoiding sending
rebates. We almost always have to go to the management of the store from which
we bought Netgear equipment and have them get our rebates for us.)
I've been trying Hamachi. It seems to work as advertised. It makes a connection between a computer behind a hardware and software firewall with a cable ISP and another computer behind a hardware and software firewall with a DSL ISP. Both hardware firewalls have NAT (Network Address Translation. I know not everyone who reads Slashdot works with this.)
However, the cable ISP is Comcast. Comcast, in this area, seems to throttle or stop anything besides HTTP traffic.
You didn't read the part about it being a boot CD. It could boot from a CD supplied by Microsoft, so that there could be no possibility of the OS that was active during hash collection being compromised.
Linux has the capability of reading NTFS files, so it is possible to make a Linux CD to do the checking. However, no one outside Microsoft has all the file variations.
While waiting to determine why Microsoft is going to such trouble to advertise the insecurity of its present operating systems, you can use the free RootKit Revealer from SysInternals.
My guess is that Microsoft's effort is an attempt to create a demand for some future operating system that will be hardened against rootkits.
It seems to me this is an issue of Microsoft not wanting people to be
happy with any present version of Windows, so that there will be customers for
future versions.
It's not difficult to make a boot CD that checks the MD5 or SHA1 hash
of all the files on a hard drive, and compares the results with correct
hashes.
I was told by a top-level Microsoft technical support representative
that ALL information on a hard drive in Windows is stored in files, except for
the partition information, boot record, and file system structures.
Microsoft has access to all the files and file variations that are
used in Windows, and all the common drivers used by manufacturers, too. It
would be easy for Microsoft to make a hash database. It would be difficult for
anyone else.
It seems to me that part of the problem with corruption of the
operating system comes from the fact that Microsoft deliberately corrupted its
own operating systems to achieve copy protection. Microsoft mixes OS files
with program files. That makes it more difficult to make illegal copies of
program files, and easier to hide attack files.
I never had access to the pre-Internet Inter-network myself, but I talked with people at Tektronix who had access. The pre-cursor to the Internet was a very limited resource compared to what resulted because of the funding arranged by Mr. Gore.
My understanding is that there was no HTML in those days, and there were no generally useful browsers. People used Gopher and Archie to access resources. Numerous provisions needed to be made before what became the Internet could be an enormously useful, and public, resource.
Back then many, many technically knowledgeable people were actually against the idea that their semi-private inter-network would become a public utility. Then Senator Gore had the vision that most people didn't have, including Bill Gates.
Quote from Marc L. Andreessen about Senator Gore: "He had people buying into the concept of the information superhighway before anybody had an idea about what it would be." (This quote is just one I found on the first page of a Google search.)
The mis-interpretation of Gore's words came from a dishonest political
attack.
Anyone wanting to read more may be interested in a quote from
Wikipedia's History of the Internet: "Funding for Mosaic [the first
browser] came from the High-Performance Computing and Communications
Initiative, a funding program initiated by then-Senator Al Gore's High
Performance Computing Act of 1991."
Here's a quote from one of Wikipedia's
articles about Al Gore: 'His [Al Gore's] statement caused no
surprise at the time, and none of the journalists who covered it thought it
worth including in their stories. However, two days later, the Republican
Party began issuing press releases and statements denouncing Gore for claiming
to have "invented the Internet".'
Another Wikipedia
article about Gore quotes Robert Kahn and Vinton Cerf: "...as the two
people who designed the basic architecture and the core protocols that make
the Internet work, we would like to acknowledge VP Gore's contributions as a
Congressman, Senator and as Vice President. No other elected official, to our
knowledge, has made a greater contribution over a longer period of time."
Interesting fact: IMDB says that the character Oliver in the movie "Love Story" was partly
based on Al Gore. Al Gore had been a roommate of Tommy Lee Jones, who appears
in the movie.
In a private email message, Vint Cerf told me that it was true that Al Gore was instrumental in the development of the Internet. Before Mr. Gore's involvement, it was a semi-private utility known as ArpaNet and NSFNet. Mr. Gore championed the development of the private network as a public utility. This was years before Bill Gates, for example, recognized its importance.
Is there any way I can get a copy of DeltaNow? The earliest version of DeployCenter I have is 5011b.
Does Unattended allow automation of installation parameters like font choices in Open Office? I read some of the web site, and it looked like the answer was no.
Use AutoHotkey to make
keyboard shortcuts to run programs and enter text.
Use AutoIt to simulate keyboard entries and mouse clicks and when you
need complicated decision-making. Download AutoIt with the
SciTE auto-completion IDE. The SciTE editor makes writing and testing
AutoIt programs and compiling the finished results very easy.
Both these programs are very sophisticated, the best available, and
FREE. AutoHotKey comes with source code. Both are programmable.
For example, I've written an AutoHotKey program that uses a shortcut
to toggle between Windows shortcut keys and WordStar/Brief control-key editing
commands. I like to avoid taking the time to touch the mouse.
AutoIt is great for automating installations of software.
"This thread is what I keep reading/. for. I really need to hit this thread with Acrobat for safe keeping so I can reference it later."
Your insightful comment is the reason I read Slashdot. I had never heard of Unattended. I've only had time to read a little of the web site, but I agree with what I have read.
I have not had good luck with using SysInternal's free utility NewSID. However, other utilities from SysInternals are best in class, and NewSID was updated after I tried it.
One simple way to make one image work with differing computers is to restore a
standard image and then re-install Windows over the restored image. During the
re-install Windows XP re-enumerates the hardware.
After that, as others have said, you MUST run Sysprep to change the
SID. These are the commands:
My experience with disk imaging is that Acronis is far better than Symantec Ghost, which is actually the old
PowerQuest DeployCenter.
Symantec did something that amazes me. Symantec bought PowerQuest.
Symantec abandoned their own product, called Ghost, and substituted a product
from another company. The substituted product, PowerQuest DeployCenter, now
called "Ghost", had numerous completely different quirks and issues.
The new "Ghost" box, which I just bought about month ago, includes the
"new version of Ghost" which is DeployCenter, I'm told, and a second CD that
includes the last version of the old, real Ghost, called on the CD "Ghost
2003". This old, real Ghost is a dead product, apparently.
(I just checked the box again. I have the "Norton Ghost" box and CDs
in front of me. I bought the new copy for $9.99 after update rebate and
another rebate.)
It's a new low in software company abuse: A software company has
switched products without telling its users.
My experience of Symantec technical support is that the company is
undergoing a social breakdown. Symantec technical support people have found
that they can reduce their work load by being hostile to callers.
Our experience with Acronis is that it has its own issues,
insufficiencies, unexplained failures, sales people lacking any
technical knowledge, and very sloppy technical support. However, many people,
including me, are recommending Acronis TrueImage over "Ghost".
There are more issues here than those of adhesion contracts. The biggest is that "Terms of Service" and EULAs often are changed unilaterally, and users are told that they are bound to the new contract.
It is grossly unfair, for example, for Microsoft to sell a copy of an operating system and then change the conditions under which it is supplied. The cost of implementing the OS is far greater than the purchase cost of the license, so it is not easy to switch to something else.
"Terms of Service" and EULAs are interesting from a legal perspective. They
say:
1) You have a contract with us.
2) You have no control over what the contract says.
3) We can change the contract at any time. You are bound to the new
provisions of the contract, even though you became involved after acceptance
of the old contract.
4) We throw in some terms of the contract that try to show that the
contract is balanced, and that we are contracting to do something for you.
However, there is no balance; if we decide we don't like what we have said we
will do for you, we will just write a new contract and leave out the provision
we don't like.
It is a measure of the corruption in the legal system that the issues
surrounding one-sided contracts like this have never been fully considered
either in courts or in Congress. The rich and powerful do what they like, even
though what they like is definitely against the spirit of contract law.
One of the problems is that, once you are involved with an online
service or an operating system, for example, the cost of changing is very
high. Typically online services require investing considerable time to be
useful. Typically the cost of software is a small part of the total cost of
involvement with an operating system.
Another problem is that Terms of Service and EULAs are usually written
in extremely tricky language; it would require a legal professional many hours
to understand them. So, users "agree" to a contract they cannot understand.
'The responding note read: "Hi jackass, RTFM and stop wasting our time trying to help you children learn." '
He was being especially gentle. You should read what they say when they are being rough.
I've found that often those who are especially knowledgeable about computing think of themselves as part of an in-group, and believe that acting out their anger toward others is acceptable.
That Tech Report article is so infested with Flash ads that it discourages me from reading it, or even taking Tech Report seriously.
It seems to me that a company has to be very, very stupid to believe that trying to force people to read ads is productive.
I was trying to do without the FlashBlock extension because Firefox developers tend to blame the instability and CPU hogging of Firefox on extensions. However, I've installed it now.
-- Before, Saddam got Iraq oil profits & paid part to kill Iraqis.
Now a few Americans share Iraq oil profits, & U.S. citizens pay to kill
Iraqis. Improvement?
You said, "... [the U.S. government] TRAINED Bin Laden and gave him stinger
missiles during the Soviet Afghan war."
Actually, the consensus is that Laden was likely never funded, trained or armed directly by the CIA. But, that's not relevant.
Osama bin Laden did not need money or arms. He had millions of dollars
of his own money; he was extremely wealthy and had connections with other
extremely wealthy people who wanted to fund his ideas.
Here's part of what the CIA gave bin Laden, perhaps completely
indirectly:
A deep understanding of how to be an efficient terrorist: What bin Laden needed was the CIA's manuals that tell how to be a terrorist. There was a news story about an
Arab terrorist manual that had been found, and some of the text was quoted.
The U.S. government stopped the quoting. However, before it was stopped, it
was completely obvious that the original language of the terrorist manual was
certainly not Arab and it seemed obvious to me that it was American English.
Jobless people trained in violence: When the U.S. government's
largely secret support for aggression against Russia was finished, all those
trained in violence and CIA terrorist methods needed work. Their resumes did
not support getting jobs as rug merchants; all they knew was violence. That
was the CIA's second biggest contribution to OBL: A huge group of people
trained in and looking for violence.
Followers who hated U.S. government interference and violence:
Other incidents of what the CIA calls "Blowback" provided strong reasons
to hate U.S. government intervention. Also, many people in the U.S. government
have a difficult time understanding this, but Arabs don't like to be killed.
A huge cache of modern missiles and explosives: Sure, maybe
there was never a formal transfer of weapons to OBL, with contracts signed and
handshakes, but a huge number of weapons and a huge amount of weapons material were left, and
became available to OBL.
We tried a Google search that eliminates mailing list messages, which mostly seem to be answered in a very limited way.
As you can see, there are very few documents that mention NAT firewalls.
In some ways OpenVPN appears to be a typical Open Source project. Documentation is often more work than writing the program, and most Open Source developers don't want to do the documentation, and don't want anyone else to do it, because of perceived loss of credit.
We looked at OpenVPN. It looked like a lot of work to get it to function behind a NAT firewall. A google search restricted to the OpenVPN web site brings up many, many questions, and not many answers.
Anyone have experience?
Other issues:
Hamachi setup: The setup time for Hamachi is exactly what they say: A few minutes. The interface is a bit quirky, and the documentaton is limited.
Anyone using Hamachi may want to run it as a service; see this explanation from Cyberonica.
Insecurity: Hamachi uses a very sensible technique for getting around firewalls and NAT. So does Skype VOIP. Of course, that means firewalls and NAT are not really protecting us.
In no way am I saying that Hamachi itself is insecure. I don't think that. They say all traffic is encrypted, and normally none passes through their servers. I am only saying that these techniques show the insecurity of our present protections.
ZoneAlarm Security Suite: We use ZoneAlarm Security Suite, a software firewall that notifies users every time something happens that might be an indication of a security breach.
If the users don't cooperate, and don't call us every time they see a notification, there is no security. ZoneAlarm's notifications are written in pure Geek, an unusual language which is used not to communicate but to pretend to communicate, while actually trying to avoid providing any useful information. Geek is a job security language, not a language for communication.
The real answer, of course, is to have a secure operating system, not one in which there is a lot of profit to be made selling the next version by criticizing the present version. We need an OS that is designed to be secure, not one that is allowed to be sloppy so that it is insecure.
Router VPN -- Netgear: We have had an enormous amount of trouble with Netgear router VPNs. We've had a lot of trouble with Netgear technical support. The Netgear products don't seem finished. Once they are working, our experience is that they stay working, with some quirks.
(Interestingly, Netgear is the worst company for avoiding sending rebates. We almost always have to go to the management of the store from which we bought Netgear equipment and have them get our rebates for us.)
I've been trying Hamachi. It seems to work as advertised. It makes a connection between a computer behind a hardware and software firewall with a cable ISP and another computer behind a hardware and software firewall with a DSL ISP. Both hardware firewalls have NAT (Network Address Translation. I know not everyone who reads Slashdot works with this.)
However, the cable ISP is Comcast. Comcast, in this area, seems to throttle or stop anything besides HTTP traffic.
You didn't read the part about it being a boot CD. It could boot from a CD supplied by Microsoft, so that there could be no possibility of the OS that was active during hash collection being compromised.
Linux has the capability of reading NTFS files, so it is possible to make a Linux CD to do the checking. However, no one outside Microsoft has all the file variations.
While waiting to determine why Microsoft is going to such trouble to advertise the insecurity of its present operating systems, you can use the free RootKit Revealer from SysInternals.
My guess is that Microsoft's effort is an attempt to create a demand for some future operating system that will be hardened against rootkits.
It seems to me this is an issue of Microsoft not wanting people to be happy with any present version of Windows, so that there will be customers for future versions.
It's not difficult to make a boot CD that checks the MD5 or SHA1 hash of all the files on a hard drive, and compares the results with correct hashes.
I was told by a top-level Microsoft technical support representative that ALL information on a hard drive in Windows is stored in files, except for the partition information, boot record, and file system structures.
Microsoft has access to all the files and file variations that are used in Windows, and all the common drivers used by manufacturers, too. It would be easy for Microsoft to make a hash database. It would be difficult for anyone else.
It seems to me that part of the problem with corruption of the operating system comes from the fact that Microsoft deliberately corrupted its own operating systems to achieve copy protection. Microsoft mixes OS files with program files. That makes it more difficult to make illegal copies of program files, and easier to hide attack files.
I never had access to the pre-Internet Inter-network myself, but I talked with people at Tektronix who had access. The pre-cursor to the Internet was a very limited resource compared to what resulted because of the funding arranged by Mr. Gore.
... the Internet's "most determined congressional
advocate"
My understanding is that there was no HTML in those days, and there were no generally useful browsers. People used Gopher and Archie to access resources. Numerous provisions needed to be made before what became the Internet could be an enormously useful, and public, resource.
Back then many, many technically knowledgeable people were actually against the idea that their semi-private inter-network would become a public utility. Then Senator Gore had the vision that most people didn't have, including Bill Gates.
Quote from Marc L. Andreessen about Senator Gore: "He had people buying into the concept of the information superhighway before anybody had an idea about what it would be." (This quote is just one I found on the first page of a Google search.)
Here's another quickly found web page which discusses the issue:
Back then, most people who had access to what would become the Internet were VERY much against letting it be open to other people.
It was a big leap of thinking that it should be a public utility.
Back then, people accessed the resources using gopher. Gore sponsered the bill that created the first browser.
The mis-interpretation of Gore's words came from a dishonest political attack.
Anyone wanting to read more may be interested in a quote from Wikipedia's History of the Internet: "Funding for Mosaic [the first browser] came from the High-Performance Computing and Communications Initiative, a funding program initiated by then-Senator Al Gore's High Performance Computing Act of 1991."
Here's a quote from one of Wikipedia's articles about Al Gore: 'His [Al Gore's] statement caused no surprise at the time, and none of the journalists who covered it thought it worth including in their stories. However, two days later, the Republican Party began issuing press releases and statements denouncing Gore for claiming to have "invented the Internet".'
Another Wikipedia article about Gore quotes Robert Kahn and Vinton Cerf: "...as the two people who designed the basic architecture and the core protocols that make the Internet work, we would like to acknowledge VP Gore's contributions as a Congressman, Senator and as Vice President. No other elected official, to our knowledge, has made a greater contribution over a longer period of time."
Interesting fact: IMDB says that the character Oliver in the movie "Love Story" was partly based on Al Gore. Al Gore had been a roommate of Tommy Lee Jones, who appears in the movie.
In a private email message, Vint Cerf told me that it was true that Al Gore was instrumental in the development of the Internet. Before Mr. Gore's involvement, it was a semi-private utility known as ArpaNet and NSFNet. Mr. Gore championed the development of the private network as a public utility. This was years before Bill Gates, for example, recognized its importance.
Is there any way I can get a copy of DeltaNow? The earliest version of DeployCenter I have is 5011b.
Does Unattended allow automation of installation parameters like font choices in Open Office? I read some of the web site, and it looked like the answer was no.
You probably know this:
Use AutoHotkey to make keyboard shortcuts to run programs and enter text.
Use AutoIt to simulate keyboard entries and mouse clicks and when you need complicated decision-making. Download AutoIt with the SciTE auto-completion IDE. The SciTE editor makes writing and testing AutoIt programs and compiling the finished results very easy.
Both these programs are very sophisticated, the best available, and FREE. AutoHotKey comes with source code. Both are programmable.
For example, I've written an AutoHotKey program that uses a shortcut to toggle between Windows shortcut keys and WordStar/Brief control-key editing commands. I like to avoid taking the time to touch the mouse.
AutoIt is great for automating installations of software.
Both allow programming your own GUIs.
If your girlfriend has broadband, try BroadVoice. She can call 35 countries for $28.27 per month.
"This thread is what I keep reading /. for. I really need to hit this thread with Acrobat for safe keeping so I can reference it later."
Your insightful comment is the reason I read Slashdot. I had never heard of Unattended. I've only had time to read a little of the web site, but I agree with what I have read.
Windows Server 2003 Service Pack 1 32-bit Deployment Tools work with Windows XP, also. Maybe these are better, since they have been recently updated, and work with all Windows releases.
I have not had good luck with using SysInternal's free utility NewSID. However, other utilities from SysInternals are best in class, and NewSID was updated after I tried it.
Also see PsGetSID.
After that, as others have said, you MUST run Sysprep to change the SID. These are the commands:Install Sysprep into a folder sysprep2 and copy to C:\Sysprep. Sysprep deletes its folder after it is finished.
Sysprep -bmsd rebuilds sysprep.ini, which holds the information that Sysprep uses.
Any tips about this experienced users have would be appreciated. Microsoft's documentation is VERY sloppy.
My experience with disk imaging is that Acronis is far better than Symantec Ghost, which is actually the old PowerQuest DeployCenter.
Symantec did something that amazes me. Symantec bought PowerQuest. Symantec abandoned their own product, called Ghost, and substituted a product from another company. The substituted product, PowerQuest DeployCenter, now called "Ghost", had numerous completely different quirks and issues.
The new "Ghost" box, which I just bought about month ago, includes the "new version of Ghost" which is DeployCenter, I'm told, and a second CD that includes the last version of the old, real Ghost, called on the CD "Ghost 2003". This old, real Ghost is a dead product, apparently.
(I just checked the box again. I have the "Norton Ghost" box and CDs in front of me. I bought the new copy for $9.99 after update rebate and another rebate.)
It's a new low in software company abuse: A software company has switched products without telling its users.
My experience of Symantec technical support is that the company is undergoing a social breakdown. Symantec technical support people have found that they can reduce their work load by being hostile to callers.
Our experience with Acronis is that it has its own issues, insufficiencies, unexplained failures, sales people lacking any technical knowledge, and very sloppy technical support. However, many people, including me, are recommending Acronis TrueImage over "Ghost".
Always report computer company abuses to Ed Foster's GripLog.
There are more issues here than those of adhesion contracts. The biggest is that "Terms of Service" and EULAs often are changed unilaterally, and users are told that they are bound to the new contract.
It is grossly unfair, for example, for Microsoft to sell a copy of an operating system and then change the conditions under which it is supplied. The cost of implementing the OS is far greater than the purchase cost of the license, so it is not easy to switch to something else.
"Terms of Service" and EULAs are interesting from a legal perspective. They say:
1) You have a contract with us.
2) You have no control over what the contract says.
3) We can change the contract at any time. You are bound to the new provisions of the contract, even though you became involved after acceptance of the old contract.
4) We throw in some terms of the contract that try to show that the contract is balanced, and that we are contracting to do something for you. However, there is no balance; if we decide we don't like what we have said we will do for you, we will just write a new contract and leave out the provision we don't like.
It is a measure of the corruption in the legal system that the issues surrounding one-sided contracts like this have never been fully considered either in courts or in Congress. The rich and powerful do what they like, even though what they like is definitely against the spirit of contract law.
One of the problems is that, once you are involved with an online service or an operating system, for example, the cost of changing is very high. Typically online services require investing considerable time to be useful. Typically the cost of software is a small part of the total cost of involvement with an operating system.
Another problem is that Terms of Service and EULAs are usually written in extremely tricky language; it would require a legal professional many hours to understand them. So, users "agree" to a contract they cannot understand.
'The responding note read: "Hi jackass, RTFM and stop wasting our time trying to help you children learn." '
He was being especially gentle. You should read what they say when they are being rough.
I've found that often those who are especially knowledgeable about computing think of themselves as part of an in-group, and believe that acting out their anger toward others is acceptable.
I installed FlashBlock and AdBlock and read parts of the article.
Summary: AMD processors are faster.
That Tech Report article is so infested with Flash ads that it discourages me from reading it, or even taking Tech Report seriously.
It seems to me that a company has to be very, very stupid to believe that trying to force people to read ads is productive.
I was trying to do without the FlashBlock extension because Firefox developers tend to blame the instability and CPU hogging of Firefox on extensions. However, I've installed it now.
--
Before, Saddam got Iraq oil profits & paid part to kill Iraqis. Now a few Americans share Iraq oil profits, & U.S. citizens pay to kill Iraqis. Improvement?
Ed Foster's Gripelog is an excellent source of information about abusive EULAs.
Basically, EULAs are software company executives acting like 3-years-olds.
The ultimate EULA and ultimate dream of every 3-year-old:
1) I can do anything I like.
2) You have no power.
3) You will do everything I say.
You said, "... [the U.S. government] TRAINED Bin Laden and gave him stinger missiles during the Soviet Afghan war."
Actually, the consensus is that Laden was likely never funded, trained or armed directly by the CIA. But, that's not relevant.
Osama bin Laden did not need money or arms. He had millions of dollars of his own money; he was extremely wealthy and had connections with other extremely wealthy people who wanted to fund his ideas.
Here's part of what the CIA gave bin Laden, perhaps completely indirectly:
A deep understanding of how to be an efficient terrorist: What bin Laden needed was the CIA's manuals that tell how to be a terrorist. There was a news story about an Arab terrorist manual that had been found, and some of the text was quoted. The U.S. government stopped the quoting. However, before it was stopped, it was completely obvious that the original language of the terrorist manual was certainly not Arab and it seemed obvious to me that it was American English.
Jobless people trained in violence: When the U.S. government's largely secret support for aggression against Russia was finished, all those trained in violence and CIA terrorist methods needed work. Their resumes did not support getting jobs as rug merchants; all they knew was violence. That was the CIA's second biggest contribution to OBL: A huge group of people trained in and looking for violence.
Followers who hated U.S. government interference and violence: Other incidents of what the CIA calls "Blowback" provided strong reasons to hate U.S. government intervention. Also, many people in the U.S. government have a difficult time understanding this, but Arabs don't like to be killed.
A huge cache of modern missiles and explosives: Sure, maybe there was never a formal transfer of weapons to OBL, with contracts signed and handshakes, but a huge number of weapons and a huge amount of weapons material were left, and became available to OBL.