None of this really matters unless you have a legal expense budget. Once again politicians have passed a bill which gives big corporations more ammunition in their pyramid scheme of greed.
I'm all for natural selection but I really don't want my taxpayer dollars to continue funding someone else's advancement at my expense. Then again, what can we do about it? Vote? *snicker* That was the first system to be rigged thousands of years ago.
I already tried living in a tent in the Yukon for three months. It just wasn't worth the hassle. The scenery was beautiful and the air was clean but, in today's rapidly modernizing world, it just wasn't worth it to deal with the street bums just to try and find a day's work so that I could continue to buy bread for the next week. The Salvation Army was helpful but the clientele that hangs around that place is simply intolerable.
I suppose you're a troll that wants me to quote direct lines of code from the Win32.dll and then diagram how they fit into the overall architecture. Yet you and I both know that I'd be legally liable for decompiling a proprietary Microsoft library without their express written consent if I did that.
You're saying you've seen the memory management parts of the Windows kernel. Have you seen it in the form of source code, decompiled? Or do you expect me to believe that you just watch it in active memory, in real time? In either case you would need to be a real technical programmer to have any clue what you're looking at. If you were a technical programmer then you wouldn't need me to tell you that the Windows kernel code is bloated and inefficient compared to a Linux kernel.
My Linux 2.4.23 kernel is still less than 1 mb. Six plugins later, each of around 100k, all of my hardware is accessible from the bash prompt. I've never seen a Windows system that can do that.
I'm not a rarity. I'm a relic. A dinosaur with an appreciation for the methods which genuinely work in the interest of doing things right. I actually stick with low level flowcharting. You know, the kind with the boxes, circles, and parallelograms where each figure on the flowchart translates into about 1-2 lines of real code.
You're taking this way out of context. You sound like you've been wanting to have something to fry Debian's feet with for a long time.
Think of things this way. This was one attack that was identified and fixed in light speed time. If this were any Windows product it would still make for a prime exploit two years from now. Script-kiddies would have it packaged into an email and sent around to everyone using Outlook. Parents would be compromised because their children wouldn't know any better. Cell phone networks would be done. We might even have experienced another power grid failure.
So chill off for a few moments. It was a handful of Debian servers and the entire community knew about it right away. There was no corporate coverup and no massive e-mail sweep.
Before you demand humility from the Open Source community you might want to check relative numbers. How many available kernel exploits have been identified over the last 5 years of Linux? How many available kernel exploits have been identified over the last 5 years of Windows?
It's not really a fair polling system, though. Microsoft can spend millions to squelch the public notification of any severe exploits if they need to. The fact is that unless we're actually the ones writing exploits we'd never know.
There are some basic principles which point towards secure code. Proper flowcharting. Proper logic design. Efficient code. Time and again Microsoft has demonstrated its disregard for proper flowcharting and logic design (eg. "We have a deadline to meet. Make that code work any way you can so we can put this sh*t on the shelves and sell it!") and the code is blatantly bloated. Where Microsoft fails on all three criteria Linux makes a comprehensive effort of achievement. It may not be very technical or factually based but, in the absence of any real or reliable numbers, it's the best benchmark to use to compare the two.
You can bet your bottom dollar that people who write exploits spend more time monitoring changelogs than they do actually writing exploits.
I'm more concerned about the security of the computing world as a whole. The Windows kernel is significantly more bloated and full of overlapping loops, crappy memory management, and all sorts of extra junk that just doesn't need to be in a kernel. With that in mind--how many kernel level exploits do you suppose exist in Windows? Knowing the lack of punctuality with which MS addresses the issues what do you suppose the proportion of cracked computers across the globe is?
It'd be a perfect escape route for all of those people who have been accused of insider trading: "I never told them anything. They must've been using an unknown Microsoft Windows exploit to monitor my private transactions in real time."
Oh yeah. I'm completely in favor of live CDs. I never understood why the world moved away from bootable portable media. Hard drives revolutionalized the way operating systems were stored on local machines but hard drives are a fixed media for all practical purposes. When I began pursuing my interest in Linux in earnest I was amazed that there really was no easily accessible portable bootable media. A large part of that was due to my novice nature--I knew nothing of what it actually took to put together a boot disc. Regardless, having a bootable CD that can't be infected by a virus is awesome.
Even Win95 was bootable from the distributed CD. But Win95 sucked and Win98 began requiring an installation.
That's some pretty deep stuff.:-) I agree. There's little that we can do but continue trying to educate people who want everything for nothing even if it means taking it from those of us who work hard just to get something.
I've found the support on #debian to be adequate, given the price. There are always 15-20 jerks who are there just to flame. There usually are two or three people who can genuinely point a person in the right direction. I don't think Debian should be responsible for moderating anything.
Perhaps what it boils down to is that this is not a problem with Open Source Software. Rather, this is a problem with the whining, silver-spoonfed constituency of the American public which demands to be given everything without any sort of reciprocal work.
Could it be said, then, that the leeches are complaining that they can't get any blood out of OSS? That's what it looks like to me. At the same time it is true that OSS needs the money from at least a few of those leeches if it's going to compete with the proprietary giant, MS.
In any normal situation the corporate ladder would've prevented this sort of thing. There should always be enough levels of separation where it would take too much effort to involve enough people in the slander. In the situation to which I was referring the corporate ladder went from the new guy to a senior group leader to a department head. The new guy was fscked.
Stay warm and keep breathing. That's how he sees life now.
GoofyBoy's post is a prime example of the premise. It is much easier to bash my post than to make a post of their own. s/post/OS.
I've tried Linux advocacy based upon its technological superiority over Windows. The average Joe doesn't understand and outright doesn't care. Honestly one can only hope that, like the wheel, over time the best technology for the task will prevail.
The sobering part is identification of the task. As time goes on it seems the task of the computer is to entertain people--like Big Brother's babysitter while Big Brother goes out on the town with the taxpayers' money. As Big Brother's babysitter Windows, with its mass of code faults and potential security compromises, is much more suited to the task.
I've found that managers like to wield the paper trail over their employees. I've had experience with managers who even used the paper trail as a harassment tool. Generating enough sheets of paper--good, bad, or indifferent--causes stress for a relatively large number of people. That stress coming from multiple directions can be used to harass an employee.
For example: Generating an HR complaint for an employee who shows up at 8:35 AM every day. Technically it's FLEX time but the manager has registered a previous complaint with HR that he wants the employee in by 8:30 AM. No justification is needed. No questions are asked. After a year of this the targeted employee starts getting the evil eye of scrutiny from the department head and the HR managers. As water-cooler conversation expands the targeted employee starts getting the evil eye of scrutiny from managers who aren't even in his chain of command. After a year or two of this an employee can be harassed into a state of frustration at which point the management can turn up the heat and run the poor fellow out on a rail.
Wow. Wasn't that fun? Didn't you see how he twisted and squirmed, how he started getting real nervous and furtive towards the end, how we drove him into snapping people's heads off until we could write him up for feeling isolated and antisocial?
I really don't like paper trails. From my experience, anyone who either asks for a paper trail or insists on keeping a paper trail is covering up for something that their conscience tells them is wrong.
Of course you're not going to Freenode for WinXP advice. WinXP isn't in the open source community. We know exactly where the WinXP developers are. They're locked inside of Bill Gates' monolith and no, they will never be seen outside.
On the other hand, if one goes to www.debian.org and reads through the support pages, #debian on the Freenode IRC network is listed as a valid contact point.
Accusing someone with a legitimate point of being a troll is a _VERY_ bad thing to do.
----- Anti-Windows fanaticism is just unpleasant to hear. ----- True enough. However, what are the chances of educating the average street Joe on the elegant art of writing code? Can you convince him that libraries are even an important part of his operating system or that Linux uses a more comprehensive and efficient set of libraries than Windows? Is it easy to get Joe to identify with the very real possibility that, at this moment, someone may be using his computer with its high-speed connection to harass their enemies, trade files, watch bank accounts, steal passwords, or watch stock investments? Joe average doesn't believe you. Even if Joe believes that it's possible it's not of any immediate concern to him because his bank statements are still all in line. Joe doesn't care if the guy across the country is being slowly driven nuts by a group of rich script-kiddies who have no need to do anything productive for society.
Unless the Linux community can come up with some comprehensive propaganda about the technological superiority of Linux, and why that superiority is beneficial to the average consumer, then Windows bashing is the best sales pitch we have.
If you join any mainstream software company from the bottom level and ask a question which requires any thought to answer, you're going to get beaten up by assholes (managers). I don't see how it's any different.
Such is life. You're going to get beaten up by assholes, repeatedly, and no, you have no rights, and no, no one is here to help. Stay warm, keep breathing, keep your head down, and don't attract any attention.
Honestly, I think most of the "acker stories are complete FUD that's passed around only because 99% of the recipients will never have a verification vector anyways.
A really really really good hacker, capable of doing anything notable, probably knows how to bounce from system to system, hide/mask/fabricate his IP and MAC accress, and cover his tracks.
The problem is not about the offender. The problem is with the mediocrity of the system administrators. Most sysadmins hold their position because they have political kneepads and five or six certifications. They're in the business for the paycheck. They're not going to stay late at night to personally address security holes within their network, sift through.logs to track down suspicious activity, or do anything which shows that they have even the slightest bit of real interest in their jobs.
The world is run by clowns, charlatans, and wannabes who are lucky if they passed algebra or ever examined the logic structure of code that did more than input two numbers and perform some mathematical function on them.
There are hackers that find and report the security holes for free. Often they're ignored. Sometimes they're dragged into court with a lawsuit supported by some mundane digital security law. I imagine that the Antiterrorism Act would give nearly anyone all the excuse that they need to file a formal lawsuit.
----- Cure the sickness; don't treat the symptoms ----- All politicians know that there is far more money to be made in treating symptoms. Curing sicknesses results in leisure. It is of the utmost importance to stimulate the economy. It is also of the utmost importance to generate funds which will support MediCare, Social Security, and individual retirement funds. It is of the utmost importance to make our tax dollars work for our elderly and for the next generations to come.
Curing the sickness would do very little to achieve these goals. Therefore it is not in the best interests of the country, the government, or the people. Therefore, by making a suggestion to do something that is not in line with the goals of the United States of America...... You must be a terrorist.:-)
I agree. I can see that happening too. The problem really lies in our mediocre pool of system administrators who have no interest in their jobs other than showing up, telling other people what to do, and collecting the large paycheck.
I wouldn't mind the large paycheck but I'd be a sysadmin who would ensure that security wasn't a problem by personally doing something about it.
I'm not surprised that you bring this up pairo. You're trolling and you know it. It's all in historical context.. Anyone who claims to have definitions which are any clearer than a glass of mud is buffing their own ego, nothing more.
Slashdot Mirror
Here's a guy with the correct take on the issue.
None of this really matters unless you have a legal expense budget. Once again politicians have passed a bill which gives big corporations more ammunition in their pyramid scheme of greed.
I'm all for natural selection but I really don't want my taxpayer dollars to continue funding someone else's advancement at my expense. Then again, what can we do about it? Vote? *snicker* That was the first system to be rigged thousands of years ago.
I already tried living in a tent in the Yukon for three months. It just wasn't worth the hassle. The scenery was beautiful and the air was clean but, in today's rapidly modernizing world, it just wasn't worth it to deal with the street bums just to try and find a day's work so that I could continue to buy bread for the next week. The Salvation Army was helpful but the clientele that hangs around that place is simply intolerable.
Hahahaha! Awesome...
What would it be like to play an old campaign with a 2000 year old d20? Heaven...
I suppose you're a troll that wants me to quote direct lines of code from the Win32.dll and then diagram how they fit into the overall architecture. Yet you and I both know that I'd be legally liable for decompiling a proprietary Microsoft library without their express written consent if I did that.
You're saying you've seen the memory management parts of the Windows kernel. Have you seen it in the form of source code, decompiled? Or do you expect me to believe that you just watch it in active memory, in real time? In either case you would need to be a real technical programmer to have any clue what you're looking at. If you were a technical programmer then you wouldn't need me to tell you that the Windows kernel code is bloated and inefficient compared to a Linux kernel.
My Linux 2.4.23 kernel is still less than 1 mb. Six plugins later, each of around 100k, all of my hardware is accessible from the bash prompt. I've never seen a Windows system that can do that.
I'm not a rarity. I'm a relic. A dinosaur with an appreciation for the methods which genuinely work in the interest of doing things right. I actually stick with low level flowcharting. You know, the kind with the boxes, circles, and parallelograms where each figure on the flowchart translates into about 1-2 lines of real code.
:-)
Thank you for the comments. I feel honored.
Bronaugh!
:-)
Are you calling me a liar or just trolling me, as usual?
I'm not making an error. It's not my fault that the terminology has been changed because people have become intimidated by the size of their own code.
When I write something I still flowchart it. My logic is flawless.
You're taking this way out of context. You sound like you've been wanting to have something to fry Debian's feet with for a long time.
Think of things this way. This was one attack that was identified and fixed in light speed time. If this were any Windows product it would still make for a prime exploit two years from now. Script-kiddies would have it packaged into an email and sent around to everyone using Outlook. Parents would be compromised because their children wouldn't know any better. Cell phone networks would be done. We might even have experienced another power grid failure.
So chill off for a few moments. It was a handful of Debian servers and the entire community knew about it right away. There was no corporate coverup and no massive e-mail sweep.
Before you demand humility from the Open Source community you might want to check relative numbers. How many available kernel exploits have been identified over the last 5 years of Linux? How many available kernel exploits have been identified over the last 5 years of Windows?
It's not really a fair polling system, though. Microsoft can spend millions to squelch the public notification of any severe exploits if they need to. The fact is that unless we're actually the ones writing exploits we'd never know.
There are some basic principles which point towards secure code. Proper flowcharting. Proper logic design. Efficient code. Time and again Microsoft has demonstrated its disregard for proper flowcharting and logic design (eg. "We have a deadline to meet. Make that code work any way you can so we can put this sh*t on the shelves and sell it!") and the code is blatantly bloated. Where Microsoft fails on all three criteria Linux makes a comprehensive effort of achievement. It may not be very technical or factually based but, in the absence of any real or reliable numbers, it's the best benchmark to use to compare the two.
You can bet your bottom dollar that people who write exploits spend more time monitoring changelogs than they do actually writing exploits.
I'm more concerned about the security of the computing world as a whole. The Windows kernel is significantly more bloated and full of overlapping loops, crappy memory management, and all sorts of extra junk that just doesn't need to be in a kernel. With that in mind--how many kernel level exploits do you suppose exist in Windows? Knowing the lack of punctuality with which MS addresses the issues what do you suppose the proportion of cracked computers across the globe is?
It'd be a perfect escape route for all of those people who have been accused of insider trading: "I never told them anything. They must've been using an unknown Microsoft Windows exploit to monitor my private transactions in real time."
Oh yeah. I'm completely in favor of live CDs. I never understood why the world moved away from bootable portable media. Hard drives revolutionalized the way operating systems were stored on local machines but hard drives are a fixed media for all practical purposes. When I began pursuing my interest in Linux in earnest I was amazed that there really was no easily accessible portable bootable media. A large part of that was due to my novice nature--I knew nothing of what it actually took to put together a boot disc. Regardless, having a bootable CD that can't be infected by a virus is awesome.
Even Win95 was bootable from the distributed CD. But Win95 sucked and Win98 began requiring an installation.
That's some pretty deep stuff. :-) I agree. There's little that we can do but continue trying to educate people who want everything for nothing even if it means taking it from those of us who work hard just to get something.
Thanks for the chat.
I've found the support on #debian to be adequate, given the price. There are always 15-20 jerks who are there just to flame. There usually are two or three people who can genuinely point a person in the right direction. I don't think Debian should be responsible for moderating anything.
Perhaps what it boils down to is that this is not a problem with Open Source Software. Rather, this is a problem with the whining, silver-spoonfed constituency of the American public which demands to be given everything without any sort of reciprocal work.
Could it be said, then, that the leeches are complaining that they can't get any blood out of OSS? That's what it looks like to me. At the same time it is true that OSS needs the money from at least a few of those leeches if it's going to compete with the proprietary giant, MS.
In any normal situation the corporate ladder would've prevented this sort of thing. There should always be enough levels of separation where it would take too much effort to involve enough people in the slander. In the situation to which I was referring the corporate ladder went from the new guy to a senior group leader to a department head. The new guy was fscked.
Stay warm and keep breathing. That's how he sees life now.
GoofyBoy's post is a prime example of the premise. It is much easier to bash my post than to make a post of their own. s/post/OS.
I've tried Linux advocacy based upon its technological superiority over Windows. The average Joe doesn't understand and outright doesn't care. Honestly one can only hope that, like the wheel, over time the best technology for the task will prevail.
The sobering part is identification of the task. As time goes on it seems the task of the computer is to entertain people--like Big Brother's babysitter while Big Brother goes out on the town with the taxpayers' money. As Big Brother's babysitter Windows, with its mass of code faults and potential security compromises, is much more suited to the task.
I've found that managers like to wield the paper trail over their employees. I've had experience with managers who even used the paper trail as a harassment tool. Generating enough sheets of paper--good, bad, or indifferent--causes stress for a relatively large number of people. That stress coming from multiple directions can be used to harass an employee.
For example: Generating an HR complaint for an employee who shows up at 8:35 AM every day. Technically it's FLEX time but the manager has registered a previous complaint with HR that he wants the employee in by 8:30 AM. No justification is needed. No questions are asked. After a year of this the targeted employee starts getting the evil eye of scrutiny from the department head and the HR managers. As water-cooler conversation expands the targeted employee starts getting the evil eye of scrutiny from managers who aren't even in his chain of command. After a year or two of this an employee can be harassed into a state of frustration at which point the management can turn up the heat and run the poor fellow out on a rail.
Wow. Wasn't that fun? Didn't you see how he twisted and squirmed, how he started getting real nervous and furtive towards the end, how we drove him into snapping people's heads off until we could write him up for feeling isolated and antisocial?
I really don't like paper trails. From my experience, anyone who either asks for a paper trail or insists on keeping a paper trail is covering up for something that their conscience tells them is wrong.
Of course you're not going to Freenode for WinXP advice. WinXP isn't in the open source community. We know exactly where the WinXP developers are. They're locked inside of Bill Gates' monolith and no, they will never be seen outside.
On the other hand, if one goes to www.debian.org and reads through the support pages, #debian on the Freenode IRC network is listed as a valid contact point.
Accusing someone with a legitimate point of being a troll is a _VERY_ bad thing to do.
-----
Anti-Windows fanaticism is just unpleasant to hear.
-----
True enough. However, what are the chances of educating the average street Joe on the elegant art of writing code? Can you convince him that libraries are even an important part of his operating system or that Linux uses a more comprehensive and efficient set of libraries than Windows? Is it easy to get Joe to identify with the very real possibility that, at this moment, someone may be using his computer with its high-speed connection to harass their enemies, trade files, watch bank accounts, steal passwords, or watch stock investments? Joe average doesn't believe you. Even if Joe believes that it's possible it's not of any immediate concern to him because his bank statements are still all in line. Joe doesn't care if the guy across the country is being slowly driven nuts by a group of rich script-kiddies who have no need to do anything productive for society.
Unless the Linux community can come up with some comprehensive propaganda about the technological superiority of Linux, and why that superiority is beneficial to the average consumer, then Windows bashing is the best sales pitch we have.
If you join any mainstream software company from the bottom level and ask a question which requires any thought to answer, you're going to get beaten up by assholes (managers). I don't see how it's any different.
Such is life. You're going to get beaten up by assholes, repeatedly, and no, you have no rights, and no, no one is here to help. Stay warm, keep breathing, keep your head down, and don't attract any attention.
Honestly, I think most of the "acker stories are complete FUD that's passed around only because 99% of the recipients will never have a verification vector anyways.
A really really really good hacker, capable of doing anything notable, probably knows how to bounce from system to system, hide/mask/fabricate his IP and MAC accress, and cover his tracks.
.logs to track down suspicious activity, or do anything which shows that they have even the slightest bit of real interest in their jobs.
The problem is not about the offender. The problem is with the mediocrity of the system administrators. Most sysadmins hold their position because they have political kneepads and five or six certifications. They're in the business for the paycheck. They're not going to stay late at night to personally address security holes within their network, sift through
The world is run by clowns, charlatans, and wannabes who are lucky if they passed algebra or ever examined the logic structure of code that did more than input two numbers and perform some mathematical function on them.
There are hackers that find and report the security holes for free. Often they're ignored. Sometimes they're dragged into court with a lawsuit supported by some mundane digital security law. I imagine that the Antiterrorism Act would give nearly anyone all the excuse that they need to file a formal lawsuit.
-----
... :-)
Cure the sickness; don't treat the symptoms
-----
All politicians know that there is far more money to be made in treating symptoms. Curing sicknesses results in leisure. It is of the utmost importance to stimulate the economy. It is also of the utmost importance to generate funds which will support MediCare, Social Security, and individual retirement funds. It is of the utmost importance to make our tax dollars work for our elderly and for the next generations to come.
Curing the sickness would do very little to achieve these goals. Therefore it is not in the best interests of the country, the government, or the people. Therefore, by making a suggestion to do something that is not in line with the goals of the United States of America...
You must be a terrorist.
Have a nice day!
A resistant strain of hacker... hehehe.
I agree. I can see that happening too. The problem really lies in our mediocre pool of system administrators who have no interest in their jobs other than showing up, telling other people what to do, and collecting the large paycheck.
I wouldn't mind the large paycheck but I'd be a sysadmin who would ensure that security wasn't a problem by personally doing something about it.
I'm not surprised that you bring this up pairo. You're trolling and you know it. It's all in historical context.. Anyone who claims to have definitions which are any clearer than a glass of mud is buffing their own ego, nothing more.