OK, so it's your regular retention policy to shred documents that incriminate you... big surprise. And when did the shredding begin? As soon as the IP claim was filed. Very sleazy.
It doesn't matter how many users it has because they users won't be looking for security holes in the first place....Apache has 60-70 per cent of the web server market. IIS has less than 30 at the moment.
Rigggght, but let me, as a windows sysadmin point out the lop-sidedness of that statistic. There are MILLIONS of IIS installations that don't get read into that stat: the hordes of home users who have had some form of the MS web server, be it PWS or IIS (all basically same core) installed on machines that had no business having it. And to make it worse, these machines tended to be poorly secured if at all, which made it easier to expose a vulnerability unless you are the die-hard hacker who sets up a box himself just to hack it... That is more the way it is done now, now that we have "security specialists" instead of hackers. That is not the way it was done back in the day when hackers didn't bother setting up their own boxes; they just learned on someone else's exposed server in the wild.
I guess my point is the same as it is every time I reply to the folks who automatically assume that any security battle between GNU and Redmond is going to go to the free OS: More and more, MS's biggest security risk is the large number of people using their products who have no business doing so and no idea how to. Their products have matured well, but the user base flounders. I use lots and lots of MS servers and some GNU servers too, but I know what I'm doing because I've always been in the position where someone needed to know WTH was going on but no one did. So I just decided to become that person. GNU/WIN, doesn't matter. What's important is that you know the strengths and limitations of whatever you're using and use it accordingly.
MS's achilles heel is their popularity on the desktop and among users with lots of technical need/appetite and no prowess. And if GNU steals that away, then GNU will have the same problem
It's a well-known fact [mi2g.com] that Microsoft's security problems are not due to exposure alone.
Maybe, but it is generally the track record for a generation of their product line that has since met its demise or at least the end of its collective support lifecycle.
With a few notable exceptions, properly patched configurations of NT4,W2k,WXP can all be quite secure, regardless of what the opinion of/. GNUbies might be. Sure, there are the fair share of exploits (worth noting that all the famous ones had been fixed many months previous to the attacks which gained their notoriety) and released patches, but that's part of being the distributor of an OS. You can't get around it. I get as many patches from RHN as I do from WU these days, and I have to maintain alot more MS infrastructure than I do RH.
Microsoft's development model is fundamentally flawed from a security perspective, because it squarely places featureset additions above security.
I'm soo tired of hearing this baseless bullshit. How can you say it places any more emphasis on featureset than, say, Debian does? Just because it has a wide array of features built into its "distro" that you *may* want to install on a server doesn't mean you should. If you select every checkbox in the "Add/Remove Windows Components", then you'll get exactly what you deserve. Most of the major GNU distros have at least matched Redmond's capacity for bloat from install time at this stage in the game, and it's getting worse. No windows setup program that I've seen (and I've seen 'em all since they were handed DOS from IBM) has ever had a checkbox that said "I Want It All", but that exact feature is creeping into almost every major GNU distro out here.
There used to be a time when GNU products were the darling only of smart individuals who knew how to configure a server, a client, a subnet, a router and a network as well as script the configuration or gcc their own modules/kernels if need be. It seems more and more (if the opinions voiced on/. are representative of the community that primarily supports GNU efforts) that the scene is degenerating into more of a "script kiddie" type dynamic where the fact that the software is free of charge is more important than that the code is free of encumberment. I bet 90% of these posters who bash MS unrelentingly -- for either their old product line or the slackness of some of the installed user base of the newer, more powerful (and hence dangerous) systems -- still keep a windoze b0x at h0me so they can run all their KaZaa and warez apps on because, while there is decent software-libre out there to do anything they (your typical DSL home user who needs jack out of real computing power) need to do, they dig downloading software and fiddling with it but really don't know how to use it to any effective good. That's part of why they like GNU -- because they can tweak it forever. It's also why they like D00M.
And the latest version of your favorite Adobe DTP apps.
And Serv-U.
And anything else that leaked onto EFFNET three months ago.
It's sad to see the community devolve from a group looking for a better UNIX into teeming masses of dowload junkies. Just once I'd like to run
Jesus fucking Christ, man, where are the MOD buttons when I need them? You are so troll it's not funny. At least post as yourself. Maybe I'm being untrusting, but how do I know you're a WU admin? And if you were, I would imagine you're a fool. I feel certain that if you are telling the truth you have violated some kind of NDA which could cost you alot more than your job. So I'm skeptical. Convince me.
Then again, maybe I'm the troll and you know full well what would happen if you divulged enough info for MS to identify you.
It could mean you're the evil man and I'm the righteous man and Mr..45 here, he's the shepherd protecting my righteous ass in the valley of darkness. Or it could be you're the righteous man and I'm the shepherd and it's the world that's evil and selfish... I'd like that. But that shit ain't the truth: The truth is you're the weak. And I'm the tyranny of evil men. But I'm tryin, Ringo. I'm tryin' real hard to be the shepherd.
I wish you were logged in so I could mod you up. I said the same thing. MS is finally getting a grip on good ways to manage updates for such a huge user base and all the blind GNUbies can do is bitch about the sacrifices made by the people who take the lazy way of doing it (i.e., going to v4.windowsupdate.com instead of installing SUS). If that's your approach, then too fuckin' bad... that's the price you pay for being a lazy-ass.
I know I'll lose major karma for saying it, but grow up. They're so busy trying to piss on the fire they've soaked their sneakers.
On the humorous side, maybe some industrious, trustworthy soul wants to make a public SUS server that folks would be less hesitant about sending data to than MS. In fact, there just might be a buck in selling "anonymized" SUS service on the internet. Aw, too late, BillG read my post and wrote the next EULA.
MS has been springing up left and right with all kinds of x86 hardware besides just mice and game controllers. Of particular note is their foray into producing networking gear, which, IIRC, seems to be the type of device driver I find most often available when updating my work systems from WU. Coincidence?
I would say "I think not", but if I did and if Descartes were right, I would then vanish into a puff of smoke.
If you want to get serious about patch management (and download privacy) on MS systems (client or server), get Software Update Server from MS and quit bitching here! They're really trying to catch up and I think they're making some progress. Not to say more is needed, but they sure are making RedCarpet look more like the cobbled-together mess it is. I'm all for bashing MS for things that truly suck, but, let's face it... managing updates for that kind of user base with that vast of a set of S/W offerings has got to be a bitch!
Even GNU geeks without the socialogical prowess of ESR must have investigated the etymology of the word Bonobo at some point. That an individual (whose name is a homynym of the name of the family of simians thought to be most closely related to humans because of their social habits and also happens to be the name of one of the most recognized GNU projects) is discussing animal-kingdom sociological theory applied to business process and application cycles is uhh... fishy in a very non-darwinian kind of way.
Wait -- his first name is Eric... maybe he is ESR!!!
Nah, I decided to really RTFA. Just coincidence. But it does make you wonder about monkeys and typewriters, although it appears they're more likely to produce "Origin of Species" than "King Lear"
No, it's not the item that's secretive, it's the owners... read carefully:
Written instructions given to the searchers in Bronson showed a picture of a faceplate from the device, which in white letters on a black background spelled out "Secret Government Property."
Grammatically speaking, that means it is the property of the secret government. You paranoiacs were right!
We've disagreed before, but you're spot-on here. Back in my youth when I was quasi-athletic, we on the soccer team decried the poor slobs who invariably devastated our shins with their poor technique... they, the hacks/hackers and we, the hacked.
In all fairness, it may be that KM is the one who got hacked in this story.
Remember, the appeals court is just handing this back to the lower court for reconsideration. All the appeals court has said is the prosecution hasn't made a clear enough case. Also, remember the FTC is hard against RAMBUS in this:
The FTC has asked an administrative law judge to rule immediately against Rambus, saying the company engaged in a campaign of "massive" document destruction at least partly out of concern that some internal documents could be used to press antitrust charges against the company and invalidate its valuable patents.
Rambus maintains the document destruction was part of the company's regular document retention policy...
Which leads one to wonder... what is that policy? Destroy it before the prosecution gets ahold of it? Sure they started shredding before the investigation, but then again, wouldn't you if you knew what you had done? I imagine the shredding began on the eve of the first injunction they (RAMBUS) filed!
Grow up. SQL/MSDE are not WMP. Learn that serious software requires more vigilance than clicking OK on an automatic update dialog that pops up when your program automatically downloaded its hotfix. Critical services can only be updated when the regression testing is through or else your customers will get pissed when their whole DB goes south.
I guarantee you won't hear any first-rate linux sysadmins complaining if they have to use CLI rpm or apt (or, god forbid, tar) to fix their vulns. As long as the update works as advertised and their app and data live on, they take it in stride. Why, because they understand. I don't administer many *NIX boxes myself, but maintaining the few I do has taught me alot about what to expect out of a server and what is expected out of an admin. An update system can be as effortless, pretty and GUI-fied as you want, but if it breaks the app/data, it is worth zero and is more dangerous than the vulnerability you're patching. If you need pretty screens and GUIs to keep your apps up-to-date, you'd better stick to IE, MSOffice and WMP.
Sorry, you have to have broadband to meet up with her. AOL does not count. Besides, she's not in your immediate family anyways, so your mating rules will not allow it. Get back in your end of the gene pool.
No troll here, n00b. I mean every word of what I say.
As for my sister, she's 280 hideous lbs. of recovering addict with a contagious immunodeficiency and a serious attitude problem. Methinks you'd make a nice pair. Care to get hitched? I'll bring the shotgun.
Now, see, THAT was informative! If you're going to extoll the supremacy of your free OS, do it and don't umm, bash, the other guy. That was an interesting post. Mod that guy up!
If you have to do that kind of SQL work, wrap it in a web service like a REAL developer.
You say your client wouldn't consider the COST of using a VPN? If they're running SQL2K, they must also be running an OS fully capable of handling a trivial little PPTP dialin.
This patch has been out for ages; if you didn't know about it, you're not doing your homework on what is running on your PC.
It sounds to me like a developer has services on his machine that require the vigilance of an admin, and none was present.
If you don't play an admin at your job, don't assume to know the opinions of them on/.
Good to see balanced discussion on the real issues here, not the general "MS sux" we were getting early on. Yes, these servers should've been patched and yes, they should be firewalled effectively. Put the onus where it belongs... on slacker admins!
Well, you might think again... the MS Data Engine (a.k.a MSDE) is the redistributable version of SQL Server for developers, and it is freely distributable. It has all the functionality of SQL server (standard), with a few limitations on DB size, etc.
I personally believe the installer should include a short "aptitude quiz" regarding the administering of the services you're about to install... get at least 80% right or the install aborts. Tired of lazy home luser idiots giving
admins a bad name and eating my bandwidth to boot!
We seem to agree more than we diverge. But you just echoed what I said while trying to make it sound like it's the other way around: let's be clear... the last two iterations of OS from Redmond have been fairly stable and powerful. Like any impressive improvement from a previous version, there have been (and continue to be) bugs found and patches released. If an admin doesn't apply the patch, it's not the OS's fault, or even indirectly Microsoft's, regardless of how "easy" anyone has been led to believe managing critical servers can be. If you skimp when you hire your admin staff, you reap what you sow, regardless of the OSes they'll be handling. Period.
We definitely are in alignment on the whole MSCE/MSCP/etc. situation. I have met so many of these I could puke. And there are a lot of imbeciles among them. I am fighting the urge to label the whole lot useless, but the temptation is there. But you'll find the same thing among Netware certs, Oracle, Cisco, etc. There are folks who have a piece of paper to demonstrate their knowledge of a subject, and there are those who can show you themselves in no time. The groups are not necessarily mutually exclusive, but they are nearly so.
Your assessment of the publications on security for Windows, while off the mark, has a grain of truth -- most of them are superficial. I imagine part of the reason is because the code is not accessible and few people "play" with securing windows the way they do with the free OSes enough to understand the inner workings. But my assertion stands that all the *NIX security experts can properly secure a Windows box with their eyes closed.
I also agree that the perception of Windows as being the only viable PC gaming platform is lamentable. But it is in part due to the OSS community's clear focus on invading the server market first. Not to say that it has been misplaced, because it certainly has been the easiest place to get a foot in the door, especially considering the large space of real UNIX which has been ripe for revolution for ages.
It is worth noting as well that all the free support you refer to in the free OS arena exists in the form of newsgroups and forums, and much of the same reources can be found for Windows if you know where to look. You have to wade through alot of lamerz looking for serialz to their downloaded warez, but that's just the nature of the beast. Personally, I have noticed a growth of losers in the OSS forums too,/. not withstanding. You'll agree with me as time goes on, believe me. Furthermore, as someone who PAYS for my software, I and my developer team have both found MS support to not always be totally unresponsive. Twice we have found verifiable bugs for which no patch yet existed. Both times, MS support was very gracious and was quick to do something about it. That's not to say they are a super-friendly bunch, but they have, on occasion showed redeeming qualities.
Lastly, before you start slamming the intelligent seven-year-olds of the world, check your own spelling. It's atrocious!
If you are a moderator, it is understandable how the misconceptions persist.
You jack-ass. Microsoft allows you to do whatever you want to short of raw sockets manipulation, and you can get to that in an API if you're abmbitious and malevolent.
Just because you can't get to it in the GUI doesn't mean you can't do it -- I'd think a true GNU user would know that. If you're using a real Redmond OS (not just a DOS extension), you have the wonderful NetShell (NETSH/? for more) utility to make all your network tasks more straightforward.
I'm getting a little fed up with the glib attitude of the/. blind faith in OSS and the bash of anything MS. I work for a company that has been a 100% MS shop for years. I was not happy to learn that that was the whole enchilada, but I took the job because of good pay, advancement opportunity and challenge. At the time, there were actually two *NIX servers on the network: an LRP gateway and a box running SENDMAIL and BIND. The admin of those boxes refused to patch them because he had "worked too hard to get them like he wanted". They were owned within months. Since then I have replaced them both with MS products: the gateway now runs MS RRAS (Win2k) and not only does firewall (with just as complete filtering as you favorite piece of free OS software), nat and logging but also provides a nice PPTP dial in point as well. In the three years I have run it, many have tried to own it, but all fail. Why? Because it is locked down tighter than a tick. Over-zealous hacks like you fail to realize the true reason most MS installations are insecure: because corporations have bought the MS "lower TCO" bullshit and think that it means they can hire less-competent admins for their boxes and get away with it. The problem isn't with the software as much as it is with the people managing these boxes.
For the guy suggesting the patches can't be used because they will break something, ESAD. MS hasn't broken anything significant with a patch to their real OSes (2k, XP) in years. Further, if it has as big a hole as the one that enabled this exploit, it's already broke -- patch the motherfucker!
And as to the moron who suggests that firewalls make admins lazy, FOAD. Admins are not lazy; some who pretend to be are. Take any of the guys talking here who know what they're talking about, give them a three hour crash-course (no pun) in how MS RRAS works on Win2k, and cut them loose. I guarantee they make it work and they make it safe. Why? Because they know what they're doing. Ask the same task out of your average Windows "admin" and he'll give you something that half works and can be penetrated in minutes. It has nothing to do with the software; it's the user. It really chaps my arse that you guys get so anti-MS, because most of you would make really excellent Windows admins! The side benefits would be that I wouldn't be alone among the AOL-users-turned-admins and my payscale would go up. So what are you waiting for? Come on over!
Slashdot Mirror
OK, so it's your regular retention policy to shred documents that incriminate you... big surprise. And when did the shredding begin? As soon as the IP claim was filed. Very sleazy.
I guess my point is the same as it is every time I reply to the folks who automatically assume that any security battle between GNU and Redmond is going to go to the free OS: More and more, MS's biggest security risk is the large number of people using their products who have no business doing so and no idea how to. Their products have matured well, but the user base flounders. I use lots and lots of MS servers and some GNU servers too, but I know what I'm doing because I've always been in the position where someone needed to know WTH was going on but no one did. So I just decided to become that person. GNU/WIN, doesn't matter. What's important is that you know the strengths and limitations of whatever you're using and use it accordingly.
MS's achilles heel is their popularity on the desktop and among users with lots of technical need/appetite and no prowess. And if GNU steals that away, then GNU will have the same problem
Maybe, but it is generally the track record for a generation of their product line that has since met its demise or at least the end of its collective support lifecycle.
With a few notable exceptions, properly patched configurations of NT4,W2k,WXP can all be quite secure, regardless of what the opinion of
I'm soo tired of hearing this baseless bullshit. How can you say it places any more emphasis on featureset than, say, Debian does? Just because it has a wide array of features built into its "distro" that you *may* want to install on a server doesn't mean you should. If you select every checkbox in the "Add/Remove Windows Components", then you'll get exactly what you deserve. Most of the major GNU distros have at least matched Redmond's capacity for bloat from install time at this stage in the game, and it's getting worse. No windows setup program that I've seen (and I've seen 'em all since they were handed DOS from IBM) has ever had a checkbox that said "I Want It All", but that exact feature is creeping into almost every major GNU distro out here.
There used to be a time when GNU products were the darling only of smart individuals who knew how to configure a server, a client, a subnet, a router and a network as well as script the configuration or gcc their own modules/kernels if need be. It seems more and more (if the opinions voiced on
And the latest version of your favorite Adobe DTP apps
And Serv-U.
And anything else that leaked onto EFFNET three months ago.
It's sad to see the community devolve from a group looking for a better UNIX into teeming masses of dowload junkies. Just once I'd like to runand not get
Then again, maybe I'm the troll and you know full well what would happen if you divulged enough info for MS to identify you.
I wish you were logged in so I could mod you up. I said the same thing. MS is finally getting a grip on good ways to manage updates for such a huge user base and all the blind GNUbies can do is bitch about the sacrifices made by the people who take the lazy way of doing it (i.e., going to v4.windowsupdate.com instead of installing SUS). If that's your approach, then too fuckin' bad... that's the price you pay for being a lazy-ass.
I know I'll lose major karma for saying it, but grow up. They're so busy trying to piss on the fire they've soaked their sneakers.
On the humorous side, maybe some industrious, trustworthy soul wants to make a public SUS server that folks would be less hesitant about sending data to than MS. In fact, there just might be a buck in selling "anonymized" SUS service on the internet. Aw, too late, BillG read my post and wrote the next EULA.
MS has been springing up left and right with all kinds of x86 hardware besides just mice and game controllers. Of particular note is their foray into producing networking gear, which, IIRC, seems to be the type of device driver I find most often available when updating my work systems from WU. Coincidence?
I would say "I think not", but if I did and if Descartes were right, I would then vanish into a puff of smoke.
If you want to get serious about patch management (and download privacy) on MS systems (client or server), get Software Update Server from MS and quit bitching here! They're really trying to catch up and I think they're making some progress. Not to say more is needed, but they sure are making RedCarpet look more like the cobbled-together mess it is. I'm all for bashing MS for things that truly suck, but, let's face it... managing updates for that kind of user base with that vast of a set of S/W offerings has got to be a bitch!
Who thinks that Bonabeau has to be an alias?
Even GNU geeks without the socialogical prowess of ESR must have investigated the etymology of the word Bonobo at some point. That an individual (whose name is a homynym of the name of the family of simians thought to be most closely related to humans because of their social habits and also happens to be the name of one of the most recognized GNU projects) is discussing animal-kingdom sociological theory applied to business process and application cycles is uhh... fishy in a very non-darwinian kind of way.
Wait -- his first name is Eric... maybe he is ESR!!!
Nah, I decided to really RTFA. Just coincidence. But it does make you wonder about monkeys and typewriters, although it appears they're more likely to produce "Origin of Species" than "King Lear"
Grammatically speaking, that means it is the property of the secret government. You paranoiacs were right!
We've disagreed before, but you're spot-on here. Back in my youth when I was quasi-athletic, we on the soccer team decried the poor slobs who invariably devastated our shins with their poor technique... they, the hacks/hackers and we, the hacked.
In all fairness, it may be that KM is the one who got hacked in this story.
The only thing they're chasing is the guy with the money.
Grow up. SQL/MSDE are not WMP. Learn that serious software requires more vigilance than clicking OK on an automatic update dialog that pops up when your program automatically downloaded its hotfix. Critical services can only be updated when the regression testing is through or else your customers will get pissed when their whole DB goes south.
I guarantee you won't hear any first-rate linux sysadmins complaining if they have to use CLI rpm or apt (or, god forbid, tar) to fix their vulns. As long as the update works as advertised and their app and data live on, they take it in stride. Why, because they understand. I don't administer many *NIX boxes myself, but maintaining the few I do has taught me alot about what to expect out of a server and what is expected out of an admin. An update system can be as effortless, pretty and GUI-fied as you want, but if it breaks the app/data, it is worth zero and is more dangerous than the vulnerability you're patching. If you need pretty screens and GUIs to keep your apps up-to-date, you'd better stick to IE, MSOffice and WMP.
Sorry, you have to have broadband to meet up with her. AOL does not count. Besides, she's not in your immediate family anyways, so your mating rules will not allow it. Get back in your end of the gene pool.
No troll here, n00b. I mean every word of what I say.
As for my sister, she's 280 hideous lbs. of recovering addict with a contagious immunodeficiency and a serious attitude problem. Methinks you'd make a nice pair. Care to get hitched? I'll bring the shotgun.
Then blame the admins. Do you blame Mercedes because a lawyer in a convertible is an accident waiting to happen?
Now, see, THAT was informative! If you're going to extoll the supremacy of your free OS, do it and don't umm, bash, the other guy. That was an interesting post. Mod that guy up!
And this gets modded +5 insightful? STFU.
/.
If you have to do that kind of SQL work, wrap it in a web service like a REAL developer.
You say your client wouldn't consider the COST of using a VPN? If they're running SQL2K, they must also be running an OS fully capable of handling a trivial little PPTP dialin.
This patch has been out for ages; if you didn't know about it, you're not doing your homework on what is running on your PC.
It sounds to me like a developer has services on his machine that require the vigilance of an admin, and none was present.
If you don't play an admin at your job, don't assume to know the opinions of them on
Good to see balanced discussion on the real issues here, not the general "MS sux" we were getting early on. Yes, these servers should've been patched and yes, they should be firewalled effectively. Put the onus where it belongs... on slacker admins!
Well, you might think again... the MS Data Engine (a.k.a MSDE) is the redistributable version of SQL Server for developers, and it is freely distributable. It has all the functionality of SQL server (standard), with a few limitations on DB size, etc.
I personally believe the installer should include a short "aptitude quiz" regarding the administering of the services you're about to install... get at least 80% right or the install aborts. Tired of lazy home luser idiots giving admins a bad name and eating my bandwidth to boot!
If your internal machines were affected, it might be time to re-think your packet-filtering strategy :-p
Smart guy, why don't you scan the box and find out what OS it's running. Report back here with youur findings.
Idiot.
We seem to agree more than we diverge. But you just echoed what I said while trying to make it sound like it's the other way around: let's be clear... the last two iterations of OS from Redmond have been fairly stable and powerful. Like any impressive improvement from a previous version, there have been (and continue to be) bugs found and patches released. If an admin doesn't apply the patch, it's not the OS's fault, or even indirectly Microsoft's, regardless of how "easy" anyone has been led to believe managing critical servers can be. If you skimp when you hire your admin staff, you reap what you sow, regardless of the OSes they'll be handling. Period.
/. not withstanding. You'll agree with me as time goes on, believe me. Furthermore, as someone who PAYS for my software, I and my developer team have both found MS support to not always be totally unresponsive. Twice we have found verifiable bugs for which no patch yet existed. Both times, MS support was very gracious and was quick to do something about it. That's not to say they are a super-friendly bunch, but they have, on occasion showed redeeming qualities.
We definitely are in alignment on the whole MSCE/MSCP/etc. situation. I have met so many of these I could puke. And there are a lot of imbeciles among them. I am fighting the urge to label the whole lot useless, but the temptation is there. But you'll find the same thing among Netware certs, Oracle, Cisco, etc. There are folks who have a piece of paper to demonstrate their knowledge of a subject, and there are those who can show you themselves in no time. The groups are not necessarily mutually exclusive, but they are nearly so.
Your assessment of the publications on security for Windows, while off the mark, has a grain of truth -- most of them are superficial. I imagine part of the reason is because the code is not accessible and few people "play" with securing windows the way they do with the free OSes enough to understand the inner workings. But my assertion stands that all the *NIX security experts can properly secure a Windows box with their eyes closed.
I also agree that the perception of Windows as being the only viable PC gaming platform is lamentable. But it is in part due to the OSS community's clear focus on invading the server market first. Not to say that it has been misplaced, because it certainly has been the easiest place to get a foot in the door, especially considering the large space of real UNIX which has been ripe for revolution for ages.
It is worth noting as well that all the free support you refer to in the free OS arena exists in the form of newsgroups and forums, and much of the same reources can be found for Windows if you know where to look. You have to wade through alot of lamerz looking for serialz to their downloaded warez, but that's just the nature of the beast. Personally, I have noticed a growth of losers in the OSS forums too,
Lastly, before you start slamming the intelligent seven-year-olds of the world, check your own spelling. It's atrocious!
If you are a moderator, it is understandable how the misconceptions persist.
Mod that down: ignorant.
/? for more) utility to make all your network tasks more straightforward.
/. blind faith in OSS and the bash of anything MS. I work for a company that has been a 100% MS shop for years. I was not happy to learn that that was the whole enchilada, but I took the job because of good pay, advancement opportunity and challenge. At the time, there were actually two *NIX servers on the network: an LRP gateway and a box running SENDMAIL and BIND. The admin of those boxes refused to patch them because he had "worked too hard to get them like he wanted". They were owned within months. Since then I have replaced them both with MS products: the gateway now runs MS RRAS (Win2k) and not only does firewall (with just as complete filtering as you favorite piece of free OS software), nat and logging but also provides a nice PPTP dial in point as well. In the three years I have run it, many have tried to own it, but all fail. Why? Because it is locked down tighter than a tick. Over-zealous hacks like you fail to realize the true reason most MS installations are insecure: because corporations have bought the MS "lower TCO" bullshit and think that it means they can hire less-competent admins for their boxes and get away with it. The problem isn't with the software as much as it is with the people managing these boxes.
You jack-ass. Microsoft allows you to do whatever you want to short of raw sockets manipulation, and you can get to that in an API if you're abmbitious and malevolent.
Just because you can't get to it in the GUI doesn't mean you can't do it -- I'd think a true GNU user would know that. If you're using a real Redmond OS (not just a DOS extension), you have the wonderful NetShell (NETSH
I'm getting a little fed up with the glib attitude of the
For the guy suggesting the patches can't be used because they will break something, ESAD. MS hasn't broken anything significant with a patch to their real OSes (2k, XP) in years. Further, if it has as big a hole as the one that enabled this exploit, it's already broke -- patch the motherfucker!
And as to the moron who suggests that firewalls make admins lazy, FOAD. Admins are not lazy; some who pretend to be are. Take any of the guys talking here who know what they're talking about, give them a three hour crash-course (no pun) in how MS RRAS works on Win2k, and cut them loose. I guarantee they make it work and they make it safe. Why? Because they know what they're doing. Ask the same task out of your average Windows "admin" and he'll give you something that half works and can be penetrated in minutes. It has nothing to do with the software; it's the user. It really chaps my arse that you guys get so anti-MS, because most of you would make really excellent Windows admins! The side benefits would be that I wouldn't be alone among the AOL-users-turned-admins and my payscale would go up. So what are you waiting for? Come on over!
Stupid, inanimate carbon rod! Why, I'll...