By your logic we should all be paranoid that are computers are all hijacked by undetectable spyware
Well, duh.
i wont bother arguing wether a scenario like this is likely.
You have seen BO, netbus, and Sub7 haven't you? Not to mention the dozens of commercial "network administration tools" out there. What about the tools employers use to monitor employees? At the core they're all just trojans designed to hide themselves.
I managed to determine exactly in less then 20 minutes after getting it how it got in
So this qualifies you to detect and diagnose every custom remote exploit/rootkit combination that I can write? Impressive...
But if your still worried about the internet maybe you should lock the door and put on some protective gear before you turn your computer on
Actually I run an OS that doesn't make a profit driven marketing policy out of hiding the internal workings from me.
I tried doing this for a few years but I didn't have the privelege of being a sysadmin. My ACK ratio was about 1 out of 20, and 80% of the time it was a letter which told me that I was obviously wrong in reading the e-mail headers and that I had obviously misidentified the IP.
Still, best of luck to you.:) It takes effort from all of us.
In a topic which acknowledges the difference between bird and human (with respect to the disease) you're citing an article which studies the effectiveness of Tamiflu in MICE?
I know... I know... That's the way the FDA does things...
The security is lax so we should remove useful utilities?
The security is so lax that, prior to playing catch up with the *nix community, you should fix the inherent security problems in the Windows design.
It's as simple as that. MSH is a marketing catch up. It's a solution to the "they have a functionality we don't" problem. It's evidence of wasted resources. MS would've done better spending the money on fixing inherent brokenness and sticking with it's GUI.
You can disagree all you want. You can plug SELinux all you want (Yes, SELinux is pretty much a kludge as well, and you can tell that to the NSA). You're wrong.
A familiarity with BASIC or PASCAL lends itself quite well to BASH. You can look up the Advanced Bash Scripting guide on tldp.org, or you can check out my own Linux installer written in 15k of BASH shellcode.
The only person who's looking silly is the person who's defending the security model of Windows. Most notably, the security model of Windows coupled with (finally) a semi-functional shell environment.
Giving Windows to script kiddies is giving them the gun. Giving them MSH is giving them the bullets.
I never said it was a fault of MSH. I said, given the Windows track record of security, MSH is fuel on the fire for script kiddies. You're 100% correct. This adds no new vulns. What it does is makes existing vulns that much easier for Window script kiddies to get to. Once they find a 'sploit, they no longer need to operate from the level of binary code. One quick hack and *POOF* Look! An interactive scripting shell!
You could say that this is also a problem with Moz exploits but, to date, we still don't have hordes of script kiddies hitting up Moz the way they hit up IE through web pages making use of bad JS/JVM/AX. To date, Moz still doesn't have the number of vulns that IE does. To date, even if Moz did have the vulns that IE does, GNU/Linux distros still don't have the level of big-brother all-encompassing integrated security nightmare OS oversight that Windows has.
If I were less in control I'd call you all sorts of insulting and intellectually degrading names and every single one of them would be applicable.
Your reply makes perfect sense if I put my fingers in my ears and scream "Blahblahblah!" for the last 4 years of reading about ActiveX exploits through IE.
Scripting them with a functional shell will only make it easier for the script kiddies.
C=64 BASIC MacOS QBASIC AmigaOS QBASIC translate AmigaOS QBASIC to MacOS QBASIC for a simple word processor (yes, a number of idiosyncracies in both) a little AREXX PASCAL ... insert 10 years of no programming... BASH (this installer) C (current hobby)
because *real* programmers would rather maintain unreadable parsers than just tell the environment to retrieve one labeled part of the output
If `grep | cut` is beyond your understanding then you're not a real programmer.
Linux/BSD + BASH + grep/sed/textutils still has WIndows + MSH beat six ways to Sunday. If you're really dependent on a object oriented crutch you can have python, perl, or ruby, which is a two-minute install on any standard distro. If you really want it bad enough you can install Java. What does Windows offer, by default, to interface with all of these fine programming languages?
And MSH still won't fix the fact that, at its core, ActiveX (which MSH purports to interface with) on Windows with a central registry is one of the biggest security FUBARs which the planet has ever seen. Give all those script kiddies a nice scripting environment. Script kiddies are accustomed to object oriented languages. I'm sure they'll pick up MSH quite quickly.
You can't change a business model with sudo--nice touch of changing the topic to something completely unrelated. Apple does have a track record of balancing user's rights with profit. MS will outright sell the desktop and the user's rights to corporate marketing.
I did RTFA. If you remember my first comment, all I see in TFA is a horribly tortured object oriented syntax. You're the one who brought up all this necessity for the object oriented equipment because, according to the current thread of arguments, most programmers just don't seem to be capable of post-processing of plaintext output from the standard set of command line tools. Oh the slavery of putting the brain to work.
Of which, in Linux, there are multitudes and, in Windows, you have a few handfuls.
If you want to talk about extra features then you must know that the supporting framework of Linux is already fully capable of anything that MSH can do. MSH does not have the supporting framework of text processing utilities. MSH and BASH both have the same whizz-bang functionality available and MSH is lacking in some basic functionality. Looks like MSH is 0-1-1 on the scorecard.
As for piping an HTML file directly to firefox you're wrong on two points. MSH can't pipe directly to IE either. There's no difference in the direct approach. The correct way is to echo > $filename && firefox $filename. Don't blame BASH for your ignorance.
You'll probably have to wait until MSH ships with every copy of Win but I can honestly tell you that, with the number of script kiddies out there, as soon as it ships you will see the four-hit combo of IE+ActiveX+MSH+Registry.
People can demonstrate security all they want. A shell environment is a dangerous thing. A shell environment which can talk to ActiveX in the Windows platform is just asking for it. The two hit IE+ActiveX exploits which are known are bad enough without the ease of a shell scripting capability.
I already dislike JS + Moz/FF and, to me, JVM inside of a web browser is absolutely frightening. I don't care how they think they've sandboxed it--someone will figure a way around it. Linux isn't perfect either but at least the vulns stay in a user-space program and are not magically integrated with the OS. There's the odd chance that someone could couple a Moz 'sploit with a kernel or a suid root 'sploit... but that's not nearly as common as IE+ActiveX or even admin access through IE alone.
You're right. I'm taking my philosophy to an extreme. At the end of the day, however, the bottom line is user readability in the easiest and most readily available way. From my standpoint that's "cat". If I have to filter out a mass of markup tags with a standard monochrome 132x80 cat of a text file there is no more user readability.
How is an engine supposed to know how your text is supposed to look? Well, if it's a word processing program destined for the printer that's between you, the word processor, and the printer. The discussion was about config files, though. I can't think of any time when I cared how the text looks in a config file as long as I can cat it and read it. Personally, I had no problem using the web as just another way to fetch plain text files.
I'm not off base with my attack on HTML. HTML has morphed into something completely outside the scope of its legitimate use.
if he understood that XML is nothing more than a variable record comma delimited file on steroids
I'm glad someone else sees that.
If you had limited your attack to just XML
You may call me a purist wanker. After using word processors, with full font and type capabilities, long before HTML came into existence I really can't see the point of a markup language marketed towards general use. In my opinion, as it's marketed now, it promotes clutter and useless flair and has been expanded so that it's almost indecipherable unless you have a graphical browser. While lynx/links are readily available the majority of the web is completely unusable in plaintext format. At a fundamental level that bothers me since I'm one of the taxpayers who paid to create the darn thing.
You've got that backwards. MIcrosoft hasn't implemented anything new. Everything that MS is doing is an idea that they've pirated from University students who didn't have the time or the resources to patent/copyright their ideas while they were writing their graduate theses. MS may have expanded it some or made the GUI a little more consistent but there's nothing new in the corporate world. The only reason why you don't see massive disputes between academia and MS is that the computing industry is relatively young and Universities weren't on the intellectual property bandwagon until fairly recently.
Yes, any code can be malware. There are far more security advisories related to ActiveX and misuse of the registry than anything else on Linux. The registry has not "always been there". And, as soon as it was there, it became a perfect place to hide things from the users. That's a security issue that Linux does not have.
"What's MS actually doing to MITIGATE these problems?"
Answer: Nothing. Because the fundamental premise of their business model requires them to wrest control of the system from the end user and hide that control from anyone who looks for it.
I'm sorry. I don't follow your opinion. I have no problem reading, interpreting, and manipulating plain text as its output from any number of command line utilities.
I've always disliked markup languages. To me they're a kludge for all but the simplest and most basic uses. Hyperlinking, for example, is a nice concept... text properties, however, should be in the rendering engine and not in the data language. Yes, I know I just told the entire WWW that it's overrated but, if you look at what happened to the stock market after the sudden hyperpopularity of the WWW, you would see that I'm correct (as usual). In the implementation which you speak of they'd be a crutch for people too brain damaged to post process text output.
The shell doesn't need to understand the output. The user does.
You don't understand. It's not about the command line. It's what the command line does.
MS will never produce an OS which allows you, the end user, to have control over your own property. You will never have control over your own system, your own files, your own hard drive. MS is too interested in pandering to corporate interests.
Even if MSH was more functional than BASH (which seems to be infinitely debatable) the fact of the matter is that, if your Windows system catches a cold, the best you can hope for is that your virus scanner knows what it is. You have absolutely no chance to investigate what it did or how it did it because you will never have access to the source code of the libs which were modified. Say your system catches a cold and you find out about it and you want to watch that process and the network to analyze what it does. At best you can pray that you have Cygwin around for the network monitoring. Maybe you can hope to pay $100 for some diagnostic utility which is similarly closed sourced and which doesn't have the functionality to interoperate with every other command line utility available.
Face it. MSH is too little, too late, and doesn't fix the underlying problem that MS has a vested profit interest in keeping the end user locked out of their own system.
Stashing stuff in plaintext files is a cheap design decision, grossly inefficient
100% flaming opinion. I gather you feel the registry is so much better.
What about escape characters? What about when you start supporting line splits?
What about when people start burying crap in undocumented keys that nobody else can ever find? Most config files have a man page. I can't ever remember a Win app giving me, the user, a list of all the registry keys that it planned on adding or modifying.
What I believe is needed in the solution, and what it seems.NET and msh are providing, is a "common language"
Just like the registry was going to be a common access point for everything on the system.
But look at what a "common language" for shell-level data representation can do
And look how many people are going to jump to rewrite their software to support it. At least in BASH we already have a common language: it's called unformatted text. Oh, and look, we have the tools readily available to manipulate that text in any way we want.
In a shell like bash, and reading text files, you have to parse the file to find your data, filter the results somehow
Yeah... because foo=`grep | cut` is so hard. God I hope someone writes an object oriented library to help me with that because this functional programming is just too much for my brain to handle.
You want to store that 2000x2000 matrix of double-precision floating point numbers that you got from a circuit simulator to a file in your home directory?
Choose the best tool for the task. If they're working with a 2000x2000 matrix of floats from a circuit simulator the best tool is NOT a shell environment. Hopefully the circuit simulator has the capability to save the data to a file. If it doesn't then it's the wrong circuit simulator to be using. Every molecular modeling program that I've ever used, for example, has the ability to output the data file to disk... most even have several formats to choose from. What sort of contrived situation are you trying to invent to justify an object oriented shell?
Making the shell into a complete, dynamic, modern programming language has other benefits, as the article shows
The article demonstrates some obscure examples of academic manipulations. Anyone who actually needs to do a complex task will probably turn back to one of the aforementioned modern programming languages to get it done. Aside from that, BASH already is fully functional. It's not as elegant and effective as C and BASH programming relies on a few other binaries being available. Sed, grep, and textutils aren't really too much to ask.
You're pretty good at marketing but we've heard all of this stuff before. It's always the newer better way to do things, much better than the old way, and it always breaks down within 3 months of implementation. $20 says it flops unless MS begins tying critical system capability to it.
What's a common Windows admin task that you can honestly see yourself using MSH for? Windows has made it ten years without a competent shell. I find it hard to believe that adding MSH is anything more than keeping up: Not because it's needed but because the competition has it. Yes. One of the reasons I left Windows is because it didn't have a competent shell. Even if it did have a competent shell, though, it still wouldn't have allowed me to do the things which I wanted to do--take control of my system. In that respect Windows was then and will always be like the initial MacOSs. If they don't put it in a control panel its because they don't want you to see it.
I use cut heavily. My system installer, 15k of BASH, operates like a mini db client. The db format is comma separated. To retrieve entries from the db, I use grep | cut.
I bet the majority of the world would thank us if we'd go back to pen and paper and quit pushing computers at them all the time. You make a good suggestion.
What you said was "Monad is better because it has an object oriented design". That's an opinion--one that I don't agree with because I don't really see the need for anything object oriented in the realm of shell tasks. My point was that you don't have any.
Slashdot Mirror
You have seen BO, netbus, and Sub7 haven't you? Not to mention the dozens of commercial "network administration tools" out there. What about the tools employers use to monitor employees? At the core they're all just trojans designed to hide themselves.
So this qualifies you to detect and diagnose every custom remote exploit/rootkit combination that I can write? Impressive...
Actually I run an OS that doesn't make a profit driven marketing policy out of hiding the internal workings from me.
I tried doing this for a few years but I didn't have the privelege of being a sysadmin. My ACK ratio was about 1 out of 20, and 80% of the time it was a letter which told me that I was obviously wrong in reading the e-mail headers and that I had obviously misidentified the IP.
:) It takes effort from all of us.
Still, best of luck to you.
Let me get this correct...
In a topic which acknowledges the difference between bird and human (with respect to the disease) you're citing an article which studies the effectiveness of Tamiflu in MICE?
I know... I know... That's the way the FDA does things...
But doesn't anyone use their noggin anymore?
But Apple's never lied about it. There's no secret that Macs are computers for people who hate computers.
Evidence? Jesus Christ on a pogo stick... since when do MS apologists resort to invoking evidence?
The world must be ending...
It's as simple as that. MSH is a marketing catch up. It's a solution to the "they have a functionality we don't" problem. It's evidence of wasted resources. MS would've done better spending the money on fixing inherent brokenness and sticking with it's GUI.
You can disagree all you want. You can plug SELinux all you want (Yes, SELinux is pretty much a kludge as well, and you can tell that to the NSA). You're wrong.
A familiarity with BASIC or PASCAL lends itself quite well to BASH. You can look up the Advanced Bash Scripting guide on tldp.org, or you can check out my own Linux installer written in 15k of BASH shellcode.
The only person who's looking silly is the person who's defending the security model of Windows. Most notably, the security model of Windows coupled with (finally) a semi-functional shell environment.
Giving Windows to script kiddies is giving them the gun. Giving them MSH is giving them the bullets.
I never said it was a fault of MSH. I said, given the Windows track record of security, MSH is fuel on the fire for script kiddies. You're 100% correct. This adds no new vulns. What it does is makes existing vulns that much easier for Window script kiddies to get to. Once they find a 'sploit, they no longer need to operate from the level of binary code. One quick hack and *POOF* Look! An interactive scripting shell!
You could say that this is also a problem with Moz exploits but, to date, we still don't have hordes of script kiddies hitting up Moz the way they hit up IE through web pages making use of bad JS/JVM/AX. To date, Moz still doesn't have the number of vulns that IE does. To date, even if Moz did have the vulns that IE does, GNU/Linux distros still don't have the level of big-brother all-encompassing integrated security nightmare OS oversight that Windows has.
If I were less in control I'd call you all sorts of insulting and intellectually degrading names and every single one of them would be applicable.
Your reply makes perfect sense if I put my fingers in my ears and scream "Blahblahblah!" for the last 4 years of reading about ActiveX exploits through IE.
Scripting them with a functional shell will only make it easier for the script kiddies.
What part of reality do you live in?
C=64 BASIC
... insert 10 years of no programming ...
MacOS QBASIC
AmigaOS QBASIC
translate AmigaOS QBASIC to MacOS QBASIC for a simple word processor (yes, a number of idiosyncracies in both)
a little AREXX
PASCAL
BASH (this installer)
C (current hobby)
Linux/BSD + BASH + grep/sed/textutils still has WIndows + MSH beat six ways to Sunday. If you're really dependent on a object oriented crutch you can have python, perl, or ruby, which is a two-minute install on any standard distro. If you really want it bad enough you can install Java. What does Windows offer, by default, to interface with all of these fine programming languages?
And MSH still won't fix the fact that, at its core, ActiveX (which MSH purports to interface with) on Windows with a central registry is one of the biggest security FUBARs which the planet has ever seen. Give all those script kiddies a nice scripting environment. Script kiddies are accustomed to object oriented languages. I'm sure they'll pick up MSH quite quickly.
You can't change a business model with sudo--nice touch of changing the topic to something completely unrelated. Apple does have a track record of balancing user's rights with profit. MS will outright sell the desktop and the user's rights to corporate marketing.
I did RTFA. If you remember my first comment, all I see in TFA is a horribly tortured object oriented syntax. You're the one who brought up all this necessity for the object oriented equipment because, according to the current thread of arguments, most programmers just don't seem to be capable of post-processing of plaintext output from the standard set of command line tools. Oh the slavery of putting the brain to work.
Of which, in Linux, there are multitudes and, in Windows, you have a few handfuls.
If you want to talk about extra features then you must know that the supporting framework of Linux is already fully capable of anything that MSH can do. MSH does not have the supporting framework of text processing utilities. MSH and BASH both have the same whizz-bang functionality available and MSH is lacking in some basic functionality. Looks like MSH is 0-1-1 on the scorecard.
As for piping an HTML file directly to firefox you're wrong on two points. MSH can't pipe directly to IE either. There's no difference in the direct approach. The correct way is to echo > $filename && firefox $filename. Don't blame BASH for your ignorance.
You'll probably have to wait until MSH ships with every copy of Win but I can honestly tell you that, with the number of script kiddies out there, as soon as it ships you will see the four-hit combo of IE+ActiveX+MSH+Registry.
People can demonstrate security all they want. A shell environment is a dangerous thing. A shell environment which can talk to ActiveX in the Windows platform is just asking for it. The two hit IE+ActiveX exploits which are known are bad enough without the ease of a shell scripting capability.
I already dislike JS + Moz/FF and, to me, JVM inside of a web browser is absolutely frightening. I don't care how they think they've sandboxed it--someone will figure a way around it. Linux isn't perfect either but at least the vulns stay in a user-space program and are not magically integrated with the OS. There's the odd chance that someone could couple a Moz 'sploit with a kernel or a suid root 'sploit... but that's not nearly as common as IE+ActiveX or even admin access through IE alone.
How is an engine supposed to know how your text is supposed to look? Well, if it's a word processing program destined for the printer that's between you, the word processor, and the printer. The discussion was about config files, though. I can't think of any time when I cared how the text looks in a config file as long as I can cat it and read it. Personally, I had no problem using the web as just another way to fetch plain text files.
I'm not off base with my attack on HTML. HTML has morphed into something completely outside the scope of its legitimate use.
I'm glad someone else sees that.
You may call me a purist wanker. After using word processors, with full font and type capabilities, long before HTML came into existence I really can't see the point of a markup language marketed towards general use. In my opinion, as it's marketed now, it promotes clutter and useless flair and has been expanded so that it's almost indecipherable unless you have a graphical browser. While lynx/links are readily available the majority of the web is completely unusable in plaintext format. At a fundamental level that bothers me since I'm one of the taxpayers who paid to create the darn thing.
You've got that backwards. MIcrosoft hasn't implemented anything new. Everything that MS is doing is an idea that they've pirated from University students who didn't have the time or the resources to patent/copyright their ideas while they were writing their graduate theses. MS may have expanded it some or made the GUI a little more consistent but there's nothing new in the corporate world. The only reason why you don't see massive disputes between academia and MS is that the computing industry is relatively young and Universities weren't on the intellectual property bandwagon until fairly recently.
Answer: Nothing. Because the fundamental premise of their business model requires them to wrest control of the system from the end user and hide that control from anyone who looks for it.
I'm sorry. I don't follow your opinion. I have no problem reading, interpreting, and manipulating plain text as its output from any number of command line utilities.
I've always disliked markup languages. To me they're a kludge for all but the simplest and most basic uses. Hyperlinking, for example, is a nice concept... text properties, however, should be in the rendering engine and not in the data language. Yes, I know I just told the entire WWW that it's overrated but, if you look at what happened to the stock market after the sudden hyperpopularity of the WWW, you would see that I'm correct (as usual). In the implementation which you speak of they'd be a crutch for people too brain damaged to post process text output.
The shell doesn't need to understand the output. The user does.
You don't understand. It's not about the command line. It's what the command line does.
MS will never produce an OS which allows you, the end user, to have control over your own property. You will never have control over your own system, your own files, your own hard drive. MS is too interested in pandering to corporate interests.
Even if MSH was more functional than BASH (which seems to be infinitely debatable) the fact of the matter is that, if your Windows system catches a cold, the best you can hope for is that your virus scanner knows what it is. You have absolutely no chance to investigate what it did or how it did it because you will never have access to the source code of the libs which were modified. Say your system catches a cold and you find out about it and you want to watch that process and the network to analyze what it does. At best you can pray that you have Cygwin around for the network monitoring. Maybe you can hope to pay $100 for some diagnostic utility which is similarly closed sourced and which doesn't have the functionality to interoperate with every other command line utility available.
Face it. MSH is too little, too late, and doesn't fix the underlying problem that MS has a vested profit interest in keeping the end user locked out of their own system.
What about when people start burying crap in undocumented keys that nobody else can ever find? Most config files have a man page. I can't ever remember a Win app giving me, the user, a list of all the registry keys that it planned on adding or modifying.
Just like the registry was going to be a common access point for everything on the system.
And look how many people are going to jump to rewrite their software to support it. At least in BASH we already have a common language: it's called unformatted text. Oh, and look, we have the tools readily available to manipulate that text in any way we want.
Yeah... because foo=`grep | cut` is so hard. God I hope someone writes an object oriented library to help me with that because this functional programming is just too much for my brain to handle.
Choose the best tool for the task. If they're working with a 2000x2000 matrix of floats from a circuit simulator the best tool is NOT a shell environment. Hopefully the circuit simulator has the capability to save the data to a file. If it doesn't then it's the wrong circuit simulator to be using. Every molecular modeling program that I've ever used, for example, has the ability to output the data file to disk... most even have several formats to choose from. What sort of contrived situation are you trying to invent to justify an object oriented shell?
The article demonstrates some obscure examples of academic manipulations. Anyone who actually needs to do a complex task will probably turn back to one of the aforementioned modern programming languages to get it done. Aside from that, BASH already is fully functional. It's not as elegant and effective as C and BASH programming relies on a few other binaries being available. Sed, grep, and textutils aren't really too much to ask.
You're pretty good at marketing but we've heard all of this stuff before. It's always the newer better way to do things, much better than the old way, and it always breaks down within 3 months of implementation. $20 says it flops unless MS begins tying critical system capability to it.
What's a common Windows admin task that you can honestly see yourself using MSH for? Windows has made it ten years without a competent shell. I find it hard to believe that adding MSH is anything more than keeping up: Not because it's needed but because the competition has it. Yes. One of the reasons I left Windows is because it didn't have a competent shell. Even if it did have a competent shell, though, it still wouldn't have allowed me to do the things which I wanted to do--take control of my system. In that respect Windows was then and will always be like the initial MacOSs. If they don't put it in a control panel its because they don't want you to see it.
I use cut heavily. My system installer, 15k of BASH, operates like a mini db client. The db format is comma separated. To retrieve entries from the db, I use grep | cut.
I bet the majority of the world would thank us if we'd go back to pen and paper and quit pushing computers at them all the time. You make a good suggestion.
What you said was "Monad is better because it has an object oriented design". That's an opinion--one that I don't agree with because I don't really see the need for anything object oriented in the realm of shell tasks. My point was that you don't have any.