Talking about their distro, consider this: If they put the kernel under a different license (however legal that would be), it's quite possible they get themselves into more trouble by linking other code (such as i2c/lm-sensors/...) against their kernel - ILLEGALLY, since this other code is still under gpl version 2, and thus can't be linked to non-free code as they claim their kernel to be.
I can certainly imagine life without the net (and it's nice to try it sometimes)... but for computer use, I definitelly feel naked without it.
There you go. If we use computers, then the Internet is very clearly a very useful improvement... communication, ubiquitious access to information, access to work, etc etc. So actually it boils down to the question "why do we need computers?" And I think we have that one answered for quite a while -- of course, discussions with Joseph Weizenbaum might be interesting too in that context.
But, leaving Weizenbaum out for a moment, it all boils down to this: Do we have a good reason to use computers? Yes. Do we have a good reason to use the Internet? Yes, because it simply follows by logic from the first 'yes'.
But still it would have to find a flaw in a Linux mail client to be able to pop up such a message... I know it'll be kinda hard in mutt, or even evolution, mozilla-mail or kmail -- try to write a mail that will easily let the recipient execute something without doing 'save attachment' - chmod +x attachment -./attachment...
And then there's that other problem. There's no single dominant e-mail software used on Linux systems. So currently any virus exploiting a flaw on Linux will most likely be for a particular mail client only, thus affecting only so many percent of all users.
Of course this would different if Linux really were a Joe Sixpack OS. But I don't see it being all that bad - and that's precisely _because_ of the Linux/UNIX design!
Yes, stupid or careless users can achieve a lot ("...someone will build a better idiot..."), but actually you have to be pretty intelligent to manage to be stupid enough for a virus attacking a Linux system.:-)
It's nice of them to print that, but it's only half correct then too. They define 1 GB to 10^9 bytes. But then when they mention that their SO-Dimm slots support up to 2 GB of RAM, they're meaning 1 GB = 2^30 bytes.
Of course, with their definition, they're only claiming to have less capacity than they actually do have, so there's nothing to complain about, really.
Yeah, but look who they're suing. Not really many HD manufacturers. Apple, Dell, Gateway, HP, IBM, Sharp, Sony, Toshiba. OK, IBM does make HDs. But these companies sell complete PC systems. And therein lies the problem.
Another poster has pointed out that some components are measured in SI-unit GigaBytes (=10^9 bytes), such as RAM or CD-Rs, while others are measured in Binary-unit Gigabytes (=2^30 bytes = 1 GiB), such as HDs.
Now, the plain hard drive manufacturers haven't been sued because they are consistently using only SI units. But the desktop PC sellers are advertising using MBs and GBs everywhere, (deliberately? unknowingly?) not paying attention to the differences, thereby misleading the consumer.
They'll say "look, it's got 512MB of RAM and 80 GB hard drive space," but that is actually 536,870,912 bytes vs. 80,000,000,000 bytes (which is closer to 74.5 GB). And that is some good ground to sue on.
Hm, depends on what you want to do I guess. I used to run Mozilla and OOo and listen to mp3s/oggs on my AMD K6/233 just fine. For most work tasks, including office-type work, programming, and general internet tasks, that was enough power - and 533 MHz should be too. The only tasks requiring a >1GHz computer are modern games, video editing, and maybe 3D software. As a system for most daily work (unless you do lots of multimedia), anything from 200 to 1000 MHz serves just fine. My 1533 MHz desktop sits idle most of the time unless I play an occasional game. And I could give a shit about OOo or Mozilla taking 20 instead of 5 seconds to start up. Who cares?
But shouldn't a control group be otherwise exposed to the same environmental circumstances than the group of people affected by mobile phones? People in a third-world country for sure do not compare well to first-world people, and you can not judge for sure whether any differences in health are related to using or not using cell phones. You would have to find a representative control group in the first-world countries that lives in a similar environment as regular cellular phone users. And that is pretty much impossible since most people are either using cellular phones, or are surrounded by them so much that they could be affected by them as well.
Does anyone know why phones' keys are upside down compared to a computer keyboard and a calculator?
Dunno, but what I find most interesting that this has never been a problem for me or anyone I know - and I do use both computers/calculaters and phones quite often... for some reason I can type numbers on my keyboard number pad fairly fast, and can do just as well on my phone, not recalling a single time where I've mistaken the layouts. Funny.
Well, you could probably conclude that, because vulnerabilities in Linux and Linux software are usually detected and fixed sooner, and Windows vulnerabilities depend on Microsoft deploying the fix (which might take a while, as we know), we have different cases of who is to blame.
First, In the Windows case, shit might happen because it takes longer for a proper fix to appear (though, on the last DCOM-related vulnerabilities, we should give credit to MS for the quick response to the problem). If a patch does not exist, the admin can not do as much (unless he has a proper firewall).
In the Linux case, patches are generally avilable quicker, and upgrade functionality like Debian's apt-get makes it fairly easy to update the systems. I would guess that most holes that lead to the attacks mentioned in the article have long been patched, and it was merely the admin's fault for not watching his system.
So, I would say (though it's a subjective opinion) that Linux systems can be much more secure, even if attack _attempts_ on Linux systems were to occur more often than on Windows systems. But it all depends on the administrators. Windows systems, on the other hand, might let you get in a situation where you depend solely on Microsoft to respond to the security problem -- not a very nice situation.
Oh, and yes, there are more viruses for Windows, but that includes the 'dumb end-user' type such as SoBig, which are purely unrelated to server attacks. And those, I'm more than sure, will _not_ appear an Linux systems since I do not know of an email client that makes it so easy for a user to execute incoming garbage straight away.
I really wonder whether there are more known attacks to Windows _server_ systems than to Linux systems if you exclude all those Desktop-user viruses. Anybody know?
Of course you're right. The bounces are becoming a problem because most new worm variants fake the From: header anyway. The question would be, what percentage of total SoBig.F-related traffic comes from bounces? It might, of course, be as high as 50% if every message sent is bounced; but Frisk didn't really point out how much the Bounce problem contributed to the general worm traffic.
I'd be happy if bounces in SoBig-like cases were reduced, but I find it a weak argument to blame the worm problem on anti-virus software without giving numbers of how much bounces actually added to the problem. (Well, it's another anti-virus software producer writing this statement, so this open letter could be considered a PR statement to some extent.)
Somehow this also reminds me of those stupid Windows firewall products that by default alert you of every single stupid network packet...
I like his point about Linux being successful on the Desktop:
The final step (for the home user) is to have the support mechanism that they normally use be in place. This is NOT having a contact with IBM or HP, but having the person in their church, club, next door neighbor, etc. who is more advanced with Linux than they are, ready to answer questions. This will happen when Linux is firmly on the desktop in the company, university and high school.
Very true. This is the big advantage Windows and, to a lesser extent, MacOS have - a tight social net for support, so-to-speak. And having Linux systems pop up in more and more places - work, school, maybe some popular embedded devices - creates the basis. That way, it is at first not the people coming to Linux, but Linux coming to the people, who are then (hopefully) pleased with the advantages of the system, and slowly find more and more people around them who can provide helpful knowledge. I suppose this could even be more important than most of the discussions on where desktop systems like GNOME or KDE are headed.
It's possibly a good idea to get logged in directly as root, at least for the first-time connect... somehow you'll have to get in the first time. I guess it should be feasible enough to change to ssh with user/password after that (only need a way to store the changed setup before power-cycling).
And I'm really, really glad that Google has this influence. Before Google, most search engines were getting cluttered with advertisements and nasty, slowly-loading designs (yes, that was when modems were prevalent). Google did the one right thing and focused on the important stuff, building a good and fast search engine with a pragmatic, to-the-point, minimalist design and about every function you'd need to find what you're looking for.
That's why I love Google. And also, I for one never really had censoring problems with my searches. And what can Google do when others threaten them with lawsuits? It's those others that we should criticize, not Google itself... I'm rather glad when Google makes a small adjustment (though I don't like it either) that at least allows them to continue to exist instead of being driven out of money.
But bringing up Alltheweb is also interesting in this regard; it shows that nobody can really stop the spread of information, whatever kind it is... if Google is sued, somebody else will link to KaZaA Lite. In this regard, the Web is like a Hydra for free information.
Well, you have to admit that it is a little bit unfair since it is not a company on the free market developing a competing product, but it is the governments of those nations doing it. So, Microsoft has something of a point, since the nations do hinder free competition.
Actually the problem is just that corporate-sponsored schools are not really a good idea, because it opens schools for branding and marketing. This concerns MS as well as Apple, Coke, Pepsi, ChannelOne, and more. The problem with this is that kids are being brainwashed early to buy these products, and the brands dictate culture and behavior. (Think not? Consider how some sponsored Universities lose their sponsoring contract if the sponsor's product is criticized too much, or consider the story about a high school student from a Coke-sponsored school turned up in a Pepsi shirt when everyone was supposed to wear a Coke shirt and got expelled for a couple of days)
So yes, anyone writing 'M$ is EEEVILLL' is uttering an uninformed opinion. But the dangers of brands invading education really are a problem, be it Apple, MS or any other brand.
You could write something in winamp that randomly changed bits in your music, and that would change the hash, but it would also slowly corrupt your music until you had static. If the hash is using ID3 tags, you could change some unused field in there, but there would be a much smaller number of permutations available (although probelby still enough to be useful)
You could sure do that. If you simply add random characters to the ID3 comment every time you re-share a file, you change enough... the md5 will be a totally different one, that's the point of md5. But then you defeat the file-sharing scheme, since people can not simultaneously download their mp3s from several people of everyone has different md5 sums. Which is what the RIAA wants, and from a law standpoint, it's their perfect right in many cases...
Yes, and? The question is, "wherefore art thou?" -- in other words, "why are you?" -- which fits pretty well. Why does the site exist, practically? Wasn't that the point?
Btw, wherefore is probably related to the German "wofur" meaning "what for," as in "what's that for?" -- similar enough to "why does that exist?".
Hm. Why does/. replace the u-Umlaut in "wofur" with a regular 'u'?..."wofuer," then.:)
Hmm, actually I hadn't intended my post to be funny... still got modded that way, oh well. It was actually very serious... my switch to Linux was strongly influenced by my exposure to Windows and the urge to have something better. Especially since I programmed a lot. Coding for DOS was OK with Turbo Pascal or Borland C, but coding for Windows is imo a real PITA. But once you sit at a Linux box and have everything you need to go hacking easily (and Freely) available (including good documentation), you can start coding and never look back.
1. Many of the people doing open source work started (and continue) because of their exposure to open source, GNU, etc. Which will be limited if the initial exposure is completely proprietary.
Also, many of the people doing open source work started (and continue) because of their exposure to Windows.
I think the whole point is not about changing the boolean logic, but merely changing the representation of numbers, such as considering a number as octal and thinking of the values 0..7 as different voltages. Building an adder of course requires new logic circuits, but no one will take away boolean logic from you.
Besides, there exist many non-binary logic ideas with AND/OR etc. operations (such as the ternary Lukasiewicz logic), even continuous logic (see, for instance, the lecture slides here -- German unfortunately), but they are/not/ Boolean as they can not satisfy the Boolean axioms.
So, for you writing software, nothing changes really... but internally, numbers would be represented differently. (Of course, when switching a whole CPU to n-valued calculation, you still need a way to do simple Boolean calculations since that is needed for conditionals.)
The other question was, "Are there other reasons why the likelihood of a 'Sobig' or an 'ILUVYOU' would be lower for Linux than Windows?"
They are a little lower, because:
Holes that allow email attachments to executed automatically practically don't exist (no execute rights, hardly any scripting support in mail clients for potentially malicious programs).
The trick "please open the attached file" will not work for the same reason, basically (no execute permission, need to save it first, chmod, then execute it)
So, most of those social-engineering kind of attacks will technically not work, unless somebody manages to convince you to do the whole save/chmod/execute procedure to start his worm. Which I think is rather unlikely. That leaves us with attacks through software vulnerabilities. As said, there hardly exist any in MUAs, which means that exploits for running services must be used. Given a higher popularity of Linux systems, new exploits are likely to be the cause of an attack much quicker, and we would of course see more malicious programs.
But would that be a problem? This concerns server systems which are at least a bit safer that Joe Schmoe desktop computers for their (hopefully) better maintenance. By the time a distro for true mass use of Linux appears and gets installed on, say, 25% of all home computers, we can at least expect a better patch availability for remote exploits, and probably a whole community of geeks working harder to avoid big holes. I would even expect that better default settings for services and firewall settings could be expected.
Of course, if some company puts out that Linux and ends up being very popular but very careless, this could be a problem and would most likely shed a bad light on Linux-based systems as a whole. That is clearly something to be avoided.
Yep, and it's quite powerful and has not suffered too much from exploits. Personally, I've been running on exim for quite a while, and exclusively after I ditched my last Red Hat installation in 2001.
But in many cases postfix might be preferable since it is even easier to use... although I think exim configuration is simple and well-documented. Bigger servers running Sendmail should at least consider switching to exim...
Slashdot Mirror
Talking about their distro, consider this: If they put the kernel under a different license (however legal that would be), it's quite possible they get themselves into more trouble by linking other code (such as i2c/lm-sensors/...) against their kernel - ILLEGALLY, since this other code is still under gpl version 2, and thus can't be linked to non-free code as they claim their kernel to be.
Has nothing to do with computers, but I read it on a Murphy's Law poster once: "Celibacy is hereditary." That just killed me.
There you go. If we use computers, then the Internet is very clearly a very useful improvement... communication, ubiquitious access to information, access to work, etc etc. So actually it boils down to the question "why do we need computers?" And I think we have that one answered for quite a while -- of course, discussions with Joseph Weizenbaum might be interesting too in that context.
But, leaving Weizenbaum out for a moment, it all boils down to this: Do we have a good reason to use computers? Yes. Do we have a good reason to use the Internet? Yes, because it simply follows by logic from the first 'yes'.
But still it would have to find a flaw in a Linux mail client to be able to pop up such a message... I know it'll be kinda hard in mutt, or even evolution, mozilla-mail or kmail -- try to write a mail that will easily let the recipient execute something without doing 'save attachment' - chmod +x attachment - ./attachment ...
:-)
And then there's that other problem. There's no single dominant e-mail software used on Linux systems. So currently any virus exploiting a flaw on Linux will most likely be for a particular mail client only, thus affecting only so many percent of all users.
Of course this would different if Linux really were a Joe Sixpack OS. But I don't see it being all that bad - and that's precisely _because_ of the Linux/UNIX design!
Yes, stupid or careless users can achieve a lot ("...someone will build a better idiot..."), but actually you have to be pretty intelligent to manage to be stupid enough for a virus attacking a Linux system.
It's nice of them to print that, but it's only half correct then too. They define 1 GB to 10^9 bytes. But then when they mention that their SO-Dimm slots support up to 2 GB of RAM, they're meaning 1 GB = 2^30 bytes.
Of course, with their definition, they're only claiming to have less capacity than they actually do have, so there's nothing to complain about, really.
Yeah, but look who they're suing. Not really many HD manufacturers. Apple, Dell, Gateway, HP, IBM, Sharp, Sony, Toshiba. OK, IBM does make HDs. But these companies sell complete PC systems. And therein lies the problem.
Another poster has pointed out that some components are measured in SI-unit GigaBytes (=10^9 bytes), such as RAM or CD-Rs, while others are measured in Binary-unit Gigabytes (=2^30 bytes = 1 GiB), such as HDs.
Now, the plain hard drive manufacturers haven't been sued because they are consistently using only SI units. But the desktop PC sellers are advertising using MBs and GBs everywhere, (deliberately? unknowingly?) not paying attention to the differences, thereby misleading the consumer.
They'll say "look, it's got 512MB of RAM and 80 GB hard drive space," but that is actually 536,870,912 bytes vs. 80,000,000,000 bytes (which is closer to 74.5 GB). And that is some good ground to sue on.
Hm, depends on what you want to do I guess. I used to run Mozilla and OOo and listen to mp3s/oggs on my AMD K6/233 just fine. For most work tasks, including office-type work, programming, and general internet tasks, that was enough power - and 533 MHz should be too. The only tasks requiring a >1GHz computer are modern games, video editing, and maybe 3D software. As a system for most daily work (unless you do lots of multimedia), anything from 200 to 1000 MHz serves just fine. My 1533 MHz desktop sits idle most of the time unless I play an occasional game. And I could give a shit about OOo or Mozilla taking 20 instead of 5 seconds to start up. Who cares?
But shouldn't a control group be otherwise exposed to the same environmental circumstances than the group of people affected by mobile phones? People in a third-world country for sure do not compare well to first-world people, and you can not judge for sure whether any differences in health are related to using or not using cell phones. You would have to find a representative control group in the first-world countries that lives in a similar environment as regular cellular phone users. And that is pretty much impossible since most people are either using cellular phones, or are surrounded by them so much that they could be affected by them as well.
Dunno, but what I find most interesting that this has never been a problem for me or anyone I know - and I do use both computers/calculaters and phones quite often... for some reason I can type numbers on my keyboard number pad fairly fast, and can do just as well on my phone, not recalling a single time where I've mistaken the layouts. Funny.
Well, you could probably conclude that, because vulnerabilities in Linux and Linux software are usually detected and fixed sooner, and Windows vulnerabilities depend on Microsoft deploying the fix (which might take a while, as we know), we have different cases of who is to blame.
First, In the Windows case, shit might happen because it takes longer for a proper fix to appear (though, on the last DCOM-related vulnerabilities, we should give credit to MS for the quick response to the problem). If a patch does not exist, the admin can not do as much (unless he has a proper firewall).
In the Linux case, patches are generally avilable quicker, and upgrade functionality like Debian's apt-get makes it fairly easy to update the systems. I would guess that most holes that lead to the attacks mentioned in the article have long been patched, and it was merely the admin's fault for not watching his system.
So, I would say (though it's a subjective opinion) that Linux systems can be much more secure, even if attack _attempts_ on Linux systems were to occur more often than on Windows systems. But it all depends on the administrators. Windows systems, on the other hand, might let you get in a situation where you depend solely on Microsoft to respond to the security problem -- not a very nice situation.
Oh, and yes, there are more viruses for Windows, but that includes the 'dumb end-user' type such as SoBig, which are purely unrelated to server attacks. And those, I'm more than sure, will _not_ appear an Linux systems since I do not know of an email client that makes it so easy for a user to execute incoming garbage straight away.
I really wonder whether there are more known attacks to Windows _server_ systems than to Linux systems if you exclude all those Desktop-user viruses. Anybody know?
Of course you're right. The bounces are becoming a problem because most new worm variants fake the From: header anyway. The question would be, what percentage of total SoBig.F-related traffic comes from bounces? It might, of course, be as high as 50% if every message sent is bounced; but Frisk didn't really point out how much the Bounce problem contributed to the general worm traffic.
I'd be happy if bounces in SoBig-like cases were reduced, but I find it a weak argument to blame the worm problem on anti-virus software without giving numbers of how much bounces actually added to the problem. (Well, it's another anti-virus software producer writing this statement, so this open letter could be considered a PR statement to some extent.)
Somehow this also reminds me of those stupid Windows firewall products that by default alert you of every single stupid network packet...
...traffic than you'd have if the worm got to its target and continued spreading.
I like his point about Linux being successful on the Desktop:
Very true. This is the big advantage Windows and, to a lesser extent, MacOS have - a tight social net for support, so-to-speak. And having Linux systems pop up in more and more places - work, school, maybe some popular embedded devices - creates the basis. That way, it is at first not the people coming to Linux, but Linux coming to the people, who are then (hopefully) pleased with the advantages of the system, and slowly find more and more people around them who can provide helpful knowledge. I suppose this could even be more important than most of the discussions on where desktop systems like GNOME or KDE are headed.
It's possibly a good idea to get logged in directly as root, at least for the first-time connect... somehow you'll have to get in the first time. I guess it should be feasible enough to change to ssh with user/password after that (only need a way to store the changed setup before power-cycling).
For a more serious one, you might want to try out Gringotts. I really like it, and I would say it's adequately secure.
Alltheweb is quite good. But even there do you see the effects of Google. Just look at the page design and layout. Same thing goes for Altavista and even Yahoo! search.
And I'm really, really glad that Google has this influence. Before Google, most search engines were getting cluttered with advertisements and nasty, slowly-loading designs (yes, that was when modems were prevalent). Google did the one right thing and focused on the important stuff, building a good and fast search engine with a pragmatic, to-the-point, minimalist design and about every function you'd need to find what you're looking for.
That's why I love Google. And also, I for one never really had censoring problems with my searches. And what can Google do when others threaten them with lawsuits? It's those others that we should criticize, not Google itself... I'm rather glad when Google makes a small adjustment (though I don't like it either) that at least allows them to continue to exist instead of being driven out of money.
But bringing up Alltheweb is also interesting in this regard; it shows that nobody can really stop the spread of information, whatever kind it is... if Google is sued, somebody else will link to KaZaA Lite. In this regard, the Web is like a Hydra for free information.
Well, you have to admit that it is a little bit unfair since it is not a company on the free market developing a competing product, but it is the governments of those nations doing it. So, Microsoft has something of a point, since the nations do hinder free competition.
Actually the problem is just that corporate-sponsored schools are not really a good idea, because it opens schools for branding and marketing. This concerns MS as well as Apple, Coke, Pepsi, ChannelOne, and more. The problem with this is that kids are being brainwashed early to buy these products, and the brands dictate culture and behavior. (Think not? Consider how some sponsored Universities lose their sponsoring contract if the sponsor's product is criticized too much, or consider the story about a high school student from a Coke-sponsored school turned up in a Pepsi shirt when everyone was supposed to wear a Coke shirt and got expelled for a couple of days)
So yes, anyone writing 'M$ is EEEVILLL' is uttering an uninformed opinion. But the dangers of brands invading education really are a problem, be it Apple, MS or any other brand.
Time to read a good book...
You could sure do that. If you simply add random characters to the ID3 comment every time you re-share a file, you change enough... the md5 will be a totally different one, that's the point of md5. But then you defeat the file-sharing scheme, since people can not simultaneously download their mp3s from several people of everyone has different md5 sums. Which is what the RIAA wants, and from a law standpoint, it's their perfect right in many cases...
Yes, and? The question is, "wherefore art thou?" -- in other words, "why are you?" -- which fits pretty well. Why does the site exist, practically? Wasn't that the point?
/. replace the u-Umlaut in "wofur" with a regular 'u'? ..."wofuer," then. :)
Btw, wherefore is probably related to the German "wofur" meaning "what for," as in "what's that for?" -- similar enough to "why does that exist?".
Hm. Why does
Hmm, actually I hadn't intended my post to be funny... still got modded that way, oh well. It was actually very serious... my switch to Linux was strongly influenced by my exposure to Windows and the urge to have something better. Especially since I programmed a lot. Coding for DOS was OK with Turbo Pascal or Borland C, but coding for Windows is imo a real PITA. But once you sit at a Linux box and have everything you need to go hacking easily (and Freely) available (including good documentation), you can start coding and never look back.
Also, many of the people doing open source work started (and continue) because of their exposure to Windows.
;-)
I think the whole point is not about changing the boolean logic, but merely changing the representation of numbers, such as considering a number as octal and thinking of the values 0..7 as different voltages. Building an adder of course requires new logic circuits, but no one will take away boolean logic from you.
Besides, there exist many non-binary logic ideas with AND/OR etc. operations (such as the ternary Lukasiewicz logic), even continuous logic (see, for instance, the lecture slides here -- German unfortunately), but they are /not/ Boolean as they can not satisfy the Boolean axioms.
So, for you writing software, nothing changes really... but internally, numbers would be represented differently. (Of course, when switching a whole CPU to n-valued calculation, you still need a way to do simple Boolean calculations since that is needed for conditionals.)
The other question was, "Are there other reasons why the likelihood of a 'Sobig' or an 'ILUVYOU' would be lower for Linux than Windows?"
They are a little lower, because:
So, most of those social-engineering kind of attacks will technically not work, unless somebody manages to convince you to do the whole save/chmod/execute procedure to start his worm. Which I think is rather unlikely. That leaves us with attacks through software vulnerabilities. As said, there hardly exist any in MUAs, which means that exploits for running services must be used. Given a higher popularity of Linux systems, new exploits are likely to be the cause of an attack much quicker, and we would of course see more malicious programs.
But would that be a problem? This concerns server systems which are at least a bit safer that Joe Schmoe desktop computers for their (hopefully) better maintenance. By the time a distro for true mass use of Linux appears and gets installed on, say, 25% of all home computers, we can at least expect a better patch availability for remote exploits, and probably a whole community of geeks working harder to avoid big holes. I would even expect that better default settings for services and firewall settings could be expected.
Of course, if some company puts out that Linux and ends up being very popular but very careless, this could be a problem and would most likely shed a bad light on Linux-based systems as a whole. That is clearly something to be avoided.
Yep, and it's quite powerful and has not suffered too much from exploits. Personally, I've been running on exim for quite a while, and exclusively after I ditched my last Red Hat installation in 2001.
But in many cases postfix might be preferable since it is even easier to use... although I think exim configuration is simple and well-documented. Bigger servers running Sendmail should at least consider switching to exim...