> It seems that governments are getting involved with Lunix...
This is strange ( and I speak as a Linux convert living in France). After
all, France has very strict separation of state and religion - far stricter
than in the US - and we all know that operating systems are a religious
issue ;-)
> Imhotep wrote:
>
>> It seems that governments are getting involved with Lunix...
>
> This is strange ( and I speak as a Linux convert living in France). After
> all, France has very strict separation of state and religion - far
> stricter than in the US - and we all know that operating systems are a
> religious issue ;-)
> * Imhotep <Imhotep@nospam.com>:
>> It seems that governments are getting involved with Lunix...
>>
>> http://lwn.net/Articles/147174/
>>
>> Im
>
> Which my govt would do that. Would be a heck of a lot more fun then
> fixing xp boxs all damn day.
>
> Jason
....I am also sick of the spyware trap...just not fun anymore.
"Imhotep" <Imhotep@nospam.com> wrote in message
news:X_rLe.13758$dJ5.5078@tornado.tampabay.rr.com. ..
> Jason wrote:
>
> > * Imhotep <Imhotep@nospam.com>:
> >> It seems that governments are getting involved with Lunix...
> >>
> >> http://lwn.net/Articles/147174/
> >>
> >> Im
> >
> > Which my govt would do that. Would be a heck of a lot more fun then
> > fixing xp boxs all damn day.
> >
> > Jason
>
> ...I am also sick of the spyware trap...just not fun anymore.
(Cough) Spyware is written for the platform that most people are using.
Which happens to be Windows.
If there is ever that big shift to Linux (due in 1996, if memory serves),
then it'll get written for Linux. And /please/ don't try to convince me that
it's somehow magically immune from bugs - there's *always* one more bug.
According to the analysts, it's split 50-50 between security-by-obscurity
and security-by-peer-review (which, judging by my experience, is something
more talked about than performed). Mind you, these are probably the same
analysts that predicted a dominant Linux desktop, and missed the fact that
it's likely to be the dominant mainframe OS in a decade or so ;o)
--
Hairy One Kenobi
Disclaimer: the opinions expressed in this opinion do not necessarily
reflect the opinions of the highly-opinionated person expressing the opinion
in the first place. So there!
> "Imhotep" <Imhotep@nospam.com> wrote in message
> news:X_rLe.13758$dJ5.5078@tornado.tampabay.rr.com. ..
>> Jason wrote:
>>
>> > * Imhotep <Imhotep@nospam.com>:
>> >> It seems that governments are getting involved with Lunix...
>> >>
>> >> http://lwn.net/Articles/147174/
>> >>
>> >> Im
>> >
>> > Which my govt would do that. Would be a heck of a lot more fun then
>> > fixing xp boxs all damn day.
>> >
>> > Jason
>>
>> ...I am also sick of the spyware trap...just not fun anymore.
>
> (Cough) Spyware is written for the platform that most people are using.
> Which happens to be Windows.
You are partially right and wrong. I have many friends that, well, partake
in "security testing and coding adventures". They are opportunists and as
such will code for whatever is the easiest to hack/crack. They do not care
what the os is...
The problem with windows is that they constructed a lot of their technology
with the focus to enforce their business strategy. Rather than staying pure
to using the best technology. For example Window's registry is a POS. It
was designed to force companies into being a "business partner" of
Microsoft. They intentionally made it cryptic. By doing that they also
caused many problems for the OS....
> If there is ever that big shift to Linux (due in 1996, if memory serves),
> then it'll get written for Linux. And /please/ don't try to convince me
> that it's somehow magically immune from bugs - there's *always* one more
> bug.
Never said Linux/BSD is perfect. I said Linux/BSD is BETTER...
>
> According to the analysts, it's split 50-50 between security-by-obscurity
> and security-by-peer-review (which, judging by my experience, is something
> more talked about than performed). Mind you, these are probably the same
> analysts that predicted a dominant Linux desktop, and missed the fact that
> it's likely to be the dominant mainframe OS in a decade or so ;o)
>
Not true. Many of Linux/BSD is coded to the standards which are designed by
many, many qualified individuals around the World. These are very, very
talented individuals. Furthermore, since the code is written using the
standards, and you can view it for yourself, it is security that way it
should be.
I had a chance to view Microsoft code in College. My school was working with
Microsoft on a project and I was a team member. It was the worse code I
have ever viewed...can you say the same? Probably not as they hide their
code then sell you crap like "Get the Facts". I am really surprised at how
well Microsoft zombiefies a lot of people....I would love to study the
psychology behind it some day. That company can convice an Eskimo that he
should buy a 1/2 ton of ice cubes every month. I guess most people really
are quite stupid....
"Imhotep" <Imhotep@nospam.com> wrote in message
news:ysNLe.15663$Yx1.6942@tornado.tampabay.rr.com. ..
> Hairy One Kenobi wrote:
>
> > "Imhotep" <Imhotep@nospam.com> wrote in message
> > news:X_rLe.13758$dJ5.5078@tornado.tampabay.rr.com. ..
<snip>
> >> ...I am also sick of the spyware trap...just not fun anymore.
> >
> > (Cough) Spyware is written for the platform that most people are using.
> > Which happens to be Windows.
>
> You are partially right and wrong. I have many friends that, well, partake
> in "security testing and coding adventures". They are opportunists and as
> such will code for whatever is the easiest to hack/crack. They do not care
> what the os is...
Spyware != hack/crack attempts
> The problem with windows is that they constructed a lot of their
technology
> with the focus to enforce their business strategy. Rather than staying
pure
> to using the best technology. For example Window's registry is a POS. It
> was designed to force companies into being a "business partner" of
> Microsoft. They intentionally made it cryptic. By doing that they also
> caused many problems for the OS....
(Cough) Speaking as one who used Windows 2 in anger (that many lock ups and
freezes would get *anyone* angry, believe me ;o), th plethora of PIF and INI
files was a right PITA. The registry concept is quite a bit older than
Win95. Can't remember where it first came from (PARC wouldn't surprise me).
<snip>
> > According to the analysts, it's split 50-50 between
security-by-obscurity
> > and security-by-peer-review (which, judging by my experience, is
something
> > more talked about than performed). Mind you, these are probably the same
> > analysts that predicted a dominant Linux desktop, and missed the fact
that
> > it's likely to be the dominant mainframe OS in a decade or so ;o)
> >
>
> Not true. Many of Linux/BSD is coded to the standards which are designed
by
> many, many qualified individuals around the World. These are very, very
> talented individuals. Furthermore, since the code is written using the
> standards, and you can view it for yourself, it is security that way it
> should be.
Actually, read what I wrote. An analyst isn't anything to do with
programming - I'm talking people like Gartner, IDC, et al.
Neither Linux or BSD have adopted any *coding* standards that I am aware
of - just standards for things like protocols. Which everyone has to use in
order to interoperate (with greater or lesser degree of compliance).
> I had a chance to view Microsoft code in College. My school was working
with
> Microsoft on a project and I was a team member. It was the worse code I
> have ever viewed...can you say the same?
Say what? That I've been to college (yes), that I've worked on a shared
product with MS (no, but my company have), that I've been a member or a team
(yes), or that I've seen MS source code (yes, at a previous company)?
It most certainly wasn't the worst code that I've seen; that dubious
privilege goes to one Ravi Patel, late of CAP Gemini Sogeti. The man had a
goddamn' GOTO fetish.. my personal record was ripping-out three pages of
FORTRAN and replacing it with five lines of code.
> Probably not as they hide their
> code then sell you crap like "Get the Facts". I am really surprised at how
> well Microsoft zombiefies a lot of people....I would love to study the
> psychology behind it some day. That company can convice an Eskimo that he
> should buy a 1/2 ton of ice cubes every month. I guess most people really
> are quite stupid....
Quite possibly.. like those who believe *nix to be in any way.. new.
> "Imhotep" <Imhotep@nospam.com> wrote in message
> news:ysNLe.15663$Yx1.6942@tornado.tampabay.rr.com. ..
>> Hairy One Kenobi wrote:
>>
>> > "Imhotep" <Imhotep@nospam.com> wrote in message
>> > news:X_rLe.13758$dJ5.5078@tornado.tampabay.rr.com. ..
>
> <snip>
>
>> >> ...I am also sick of the spyware trap...just not fun anymore.
>> >
>> > (Cough) Spyware is written for the platform that most people are using.
>> > Which happens to be Windows.
>>
>> You are partially right and wrong. I have many friends that, well,
>> partake in "security testing and coding adventures". They are
>> opportunists and as such will code for whatever is the easiest to
>> hack/crack. They do not care what the os is...
>
> Spyware != hack/crack attempts
if(Spyware == Microsoft problem )
{
while(1)
printf("I am a idiot for purchasing a Microsoft product\n");
}
>> The problem with windows is that they constructed a lot of their
> technology
>> with the focus to enforce their business strategy. Rather than staying
> pure
>> to using the best technology. For example Window's registry is a POS. It
>> was designed to force companies into being a "business partner" of
>> Microsoft. They intentionally made it cryptic. By doing that they also
>> caused many problems for the OS....
>
> (Cough) Speaking as one who used Windows 2 in anger (that many lock ups
> and freezes would get *anyone* angry, believe me ;o), th plethora of PIF
> and INI files was a right PITA. The registry concept is quite a bit older
> than Win95. Can't remember where it first came from (PARC wouldn't
> surprise me).
>
> <snip>
>
>> > According to the analysts, it's split 50-50 between
> security-by-obscurity
>> > and security-by-peer-review (which, judging by my experience, is
> something
>> > more talked about than performed). Mind you, these are probably the
>> > same analysts that predicted a dominant Linux desktop, and missed the
>> > fact
> that
>> > it's likely to be the dominant mainframe OS in a decade or so ;o)
>> >
>>
>> Not true. Many of Linux/BSD is coded to the standards which are designed
> by
>> many, many qualified individuals around the World. These are very, very
>> talented individuals. Furthermore, since the code is written using the
>> standards, and you can view it for yourself, it is security that way it
>> should be.
>
> Actually, read what I wrote. An analyst isn't anything to do with
> programming - I'm talking people like Gartner, IDC, et al.
Not following you on this. Please explain...
> Neither Linux or BSD have adopted any *coding* standards that I am aware
> of - just standards for things like protocols. Which everyone has to use
> in order to interoperate (with greater or lesser degree of compliance).
I am talking about coding to protocol standards....Having an OS/Application
that is standards based, to me, is the most important thing....
>> I had a chance to view Microsoft code in College. My school was working
> with
>> Microsoft on a project and I was a team member. It was the worse code I
>> have ever viewed...can you say the same?
>
> Say what? That I've been to college (yes), that I've worked on a shared
> product with MS (no, but my company have), that I've been a member or a
> team (yes), or that I've seen MS source code (yes, at a previous company)?
>
> It most certainly wasn't the worst code that I've seen; that dubious
> privilege goes to one Ravi Patel, late of CAP Gemini Sogeti. The man had a
> goddamn' GOTO fetish.. my personal record was ripping-out three pages of
> FORTRAN and replacing it with five lines of code.
>
>> Probably not as they hide their
>> code then sell you crap like "Get the Facts". I am really surprised at
>> how well Microsoft zombiefies a lot of people....I would love to study
>> the psychology behind it some day. That company can convice an Eskimo
>> that he should buy a 1/2 ton of ice cubes every month. I guess most
>> people really are quite stupid....
>
> Quite possibly.. like those who believe *nix to be in any way.. new.
True. I have meet many people who say "Red Hat" that is a computer language
right? I usually just laugh...
On Sat, 13 Aug 2005 10:32:12 +0200, Phil <rotsky@nospam.org> wrote:
>Imhotep wrote:
>
>> It seems that governments are getting involved with Lunix...
>
>This is strange ( and I speak as a Linux convert living in France). After
>all, France has very strict separation of state and religion - far stricter
>than in the US - and we all know that operating systems are a religious
>issue ;-)
>
The French hate Microsoft (even more than most people hate Microsoft)
because they are jealous of its success. The fact that it is an
American Company really irks them, especially government officials.
There are many more examples.
1. Many French are sensitive about American Movies, but again there
is this jealousy because American Movies are the most popular in the
world. They even sabotaged a movie that was French made (A Fairly
Long Engagement) from awards and recognition because the production
was funded partially with American money from an American studio.
2. The one American many French profess to admire (besides Jerry
Lewis) is Walt Disney. Yet when Disneyland Paris opened in France,
many critics claimed it would be a "Cultural Chernobyl".
3. The French hate the fact that Boeing (again an American Company)
is a dominant manufacturer of aircraft in the aviation industry and
were instrumental in creating Airbus (Headquartered in Toulouse,
France) to compete, constantly drawing on heavy government subsidies.
4. France is heavily dependant upon tourism for its economy and a
large number of those tourists used to be Americans. Guess what?
Many of those Americans are no longer considered spending their
tourist money in France. One reason is that the Euro (again, an
invention that was mostly promoted by France) is so high, that the
American Dollar is mostly in the dumps as far as exchange rate. Who
wants to be ripped off for a cup of coffee or a hotel room? If you
do, you might like visiting France.
"Imhotep" <Imhotep@nospam.com> wrote in message
news:fzSLe.15697$Oy2.5608@tornado.tampabay.rr.com. ..
> Hairy One Kenobi wrote:
<snip>
> > Actually, read what I wrote. An analyst isn't anything to do with
> > programming - I'm talking people like Gartner, IDC, et al.
>
> Not following you on this. Please explain...
Take a look at Gartner.com, or one of the mainstream IT news sites - you'll
soon get the idea.
> > Neither Linux or BSD have adopted any *coding* standards that I am aware
> > of - just standards for things like protocols. Which everyone has to use
> > in order to interoperate (with greater or lesser degree of compliance).
>
> I am talking about coding to protocol standards....Having an
OS/Application
> that is standards based, to me, is the most important thing....
Personally, I prefer something that just /works/.
Either way, if one has knowledge of a particular standard, one can always
code to it *and* handle exceptions (like a few *nix types forgetting that
many RFCs have CR+LF terminators, rather than just LF. That's surprisingly
common).
Pick the platform that does the job best for your particular application. I
usually have a mix of Windows, virtual IBM mainframe, Linux, and Solaris at
home; no RH at the moment, though - some idiot broke the installer, so that
it doesn't cope with my LCD panel. Must get around to fixing that at some
point...
Beachcomber wrote:
<SNIP>
> The French hate Microsoft (even more than most people hate Microsoft)
> because they are jealous of its success.
<SNIP>
Can you please refer me to the research to back this up, also I
would love to see pictures of some of the millions of French PC
users reluctantly using Windows.
>
> 1. Many French are sensitive about American Movies, but again there
> is this jealousy because American Movies are the most popular in the
> world.
It does not pay to confuse popularity with quality :)
>
> 2. The one American many French profess to admire (besides Jerry
> Lewis) is Walt Disney. Yet when Disneyland Paris opened in France,
> many critics claimed it would be a "Cultural Chernobyl".
But Disneyland *is* naff! (Unless you are under 10 years old.)
> 3. The French hate the fact that Boeing (again an American Company)
> is a dominant manufacturer of aircraft in the aviation industry and
> were instrumental in creating Airbus (Headquartered in Toulouse,
> France) to compete, constantly drawing on heavy government subsidies.
>
We brits make the wings - very good wings they are too and the
planes are as much a pleasure to fly in as jumbos. The reality is
that America and Europe can each afford to have only one
manufacturer of large aircraft and they both need to be subsidised
in one way or another.
<SNIP>
One reason is that the Euro (again, an
> invention that was mostly promoted by France)is so high, that the
> American Dollar is mostly in the dumps as far as exchange rate.
The *low* value of the Euro has been a joke here for years. You need
to look nearer to home, the dollar fell with the American economy -
the Euro has been pretty stable against sterling (60-70 pence)over
recent years whilst the dollar fell like lead towards 2 to the pound
sterling. (It has risen somewhat lately.)
> Beachcomber wrote:
> <SNIP>
>> The French hate Microsoft (even more than most people hate Microsoft)
>> because they are jealous of its success.
> <SNIP>
> Can you please refer me to the research to back this up, also I
> would love to see pictures of some of the millions of French PC
> users reluctantly using Windows.
>
>>
>> 1. Many French are sensitive about American Movies, but again there
>> is this jealousy because American Movies are the most popular in the
>> world.
>
> It does not pay to confuse popularity with quality :)
>
>>
>> 2. The one American many French profess to admire (besides Jerry
>> Lewis) is Walt Disney. Yet when Disneyland Paris opened in France,
>> many critics claimed it would be a "Cultural Chernobyl".
>
> But Disneyland *is* naff! (Unless you are under 10 years old.)
>
>> 3. The French hate the fact that Boeing (again an American Company)
>> is a dominant manufacturer of aircraft in the aviation industry and
>> were instrumental in creating Airbus (Headquartered in Toulouse,
>> France) to compete, constantly drawing on heavy government subsidies.
>>
>
> We brits make the wings - very good wings they are too and the
> planes are as much a pleasure to fly in as jumbos. The reality is
> that America and Europe can each afford to have only one
> manufacturer of large aircraft and they both need to be subsidised
> in one way or another.
>
> <SNIP>
> One reason is that the Euro (again, an
>> invention that was mostly promoted by France)is so high, that the
>> American Dollar is mostly in the dumps as far as exchange rate.
>
> The *low* value of the Euro has been a joke here for years. You need
> to look nearer to home, the dollar fell with the American economy -
> the Euro has been pretty stable against sterling (60-70 pence)over
> recent years whilst the dollar fell like lead towards 2 to the pound
> sterling. (It has risen somewhat lately.)
>
>
>
>
> Charlie.
>
>
>>
>> Beachcomber
>>
>>
>>
>
>
The point is that linux is moving forward...That is the point.
> "Imhotep" <Imhotep@nospam.com> wrote in message
> news:fzSLe.15697$Oy2.5608@tornado.tampabay.rr.com. ..
>> Hairy One Kenobi wrote:
>
> <snip>
>
>> > Actually, read what I wrote. An analyst isn't anything to do with
>> > programming - I'm talking people like Gartner, IDC, et al.
>>
>> Not following you on this. Please explain...
>
> Take a look at Gartner.com, or one of the mainstream IT news sites -
> you'll soon get the idea.
I have used Gartner over the years. Yes, I am very famalar with them.
However, I am asking you to restate your point, that is what I do not
understand.
>> > Neither Linux or BSD have adopted any *coding* standards that I am
>> > aware of - just standards for things like protocols. Which everyone has
>> > to use in order to interoperate (with greater or lesser degree of
>> > compliance).
>>
>> I am talking about coding to protocol standards....Having an
> OS/Application
>> that is standards based, to me, is the most important thing....
>
> Personally, I prefer something that just /works/.
>
> Either way, if one has knowledge of a particular standard, one can always
> code to it *and* handle exceptions (like a few *nix types forgetting that
> many RFCs have CR+LF terminators, rather than just LF. That's surprisingly
> common).
>
> Pick the platform that does the job best for your particular application.
> I usually have a mix of Windows, virtual IBM mainframe, Linux, and Solaris
> at home; no RH at the moment, though - some idiot broke the installer, so
> that it doesn't cope with my LCD panel. Must get around to fixing that at
> some point...
>
>
> The point is that linux is moving forward...That is the point.
>
> Imhotep
I've no argument with that - just his inept prejudices!
I had good experiences with Suse 8.2 and I expect it's come on since
then, hope to have a spare box shortly so I intend to load that with
the latest version of Suse. I like XP but when it creases to be
supported I won't be forking out for tarted up version of the same!
> Imhotep wrote:
>> Management wrote:
>
>>
>>
>> The point is that linux is moving forward...That is the point.
>>
>> Imhotep
>
> I've no argument with that - just his inept prejudices!
>
> I had good experiences with Suse 8.2 and I expect it's come on since
> then, hope to have a spare box shortly so I intend to load that with
> the latest version of Suse. I like XP but when it creases to be
> supported I won't be forking out for tarted up version of the same!
>
> Charlie.
>
What pisses me off even more than forcing people to "upgrade or attrition"
that Microsoft suckers people into, is the "Trusted Computing" scam that
they are gearing up to force down peoples mouths. The idea that any
company, even Red Hat, has ultimate control over my PC is the most angering
of thoughts...I have a feeling that they are going to severely shoot
themselves in the foot (hopefully head)
Imhotep wrote:
> Management wrote:
>
>
>>Imhotep wrote:
>>
>>>Management wrote:
>>
>>>
>>>The point is that linux is moving forward...That is the point.
>>>
>>>Imhotep
>>
>>I've no argument with that - just his inept prejudices!
>>
>>I had good experiences with Suse 8.2 and I expect it's come on since
>>then, hope to have a spare box shortly so I intend to load that with
>>the latest version of Suse. I like XP but when it creases to be
>>supported I won't be forking out for tarted up version of the same!
>>
>>Charlie.
>>
>
>
> What pisses me off even more than forcing people to "upgrade or attrition"
> that Microsoft suckers people into, is the "Trusted Computing" scam that
> they are gearing up to force down peoples mouths. The idea that any
> company, even Red Hat, has ultimate control over my PC is the most angering
> of thoughts...I have a feeling that they are going to severely shoot
> themselves in the foot (hopefully head)
Agree! Trusted computing? According to Emporer Bill, or who? Holywood?
Fritz Hollings?
_I_ run my machines - not Bill, not Linus, not anybody. When the time
comes that all the kit is going to be chipped to 'phone home', I'll buy
several items of the last available pre-phone-home kit, and just go on
the 'darkside'.
> Imhotep wrote:
>> Management wrote:
>>
>>
>>>Imhotep wrote:
>>>
>>>>Management wrote:
>>>
>>>>
>>>>The point is that linux is moving forward...That is the point.
>>>>
>>>>Imhotep
>>>
>>>I've no argument with that - just his inept prejudices!
>>>
>>>I had good experiences with Suse 8.2 and I expect it's come on since
>>>then, hope to have a spare box shortly so I intend to load that with
>>>the latest version of Suse. I like XP but when it creases to be
>>>supported I won't be forking out for tarted up version of the same!
>>>
>>>Charlie.
>>>
>>
>>
>> What pisses me off even more than forcing people to "upgrade or
>> attrition" that Microsoft suckers people into, is the "Trusted Computing"
>> scam that they are gearing up to force down peoples mouths. The idea that
>> any company, even Red Hat, has ultimate control over my PC is the most
>> angering of thoughts...I have a feeling that they are going to severely
>> shoot themselves in the foot (hopefully head)
>
> Agree! Trusted computing? According to Emporer Bill, or who? Holywood?
> Fritz Hollings?
>
> _I_ run my machines - not Bill, not Linus, not anybody. When the time
> comes that all the kit is going to be chipped to 'phone home', I'll buy
> several items of the last available pre-phone-home kit, and just go on
> the 'darkside'.
>
> Steve
"Imhotep" <Imhotep@nospam.com> wrote in message
news:NFpMe.34749$dJ5.4455@tornado.tampabay.rr.com. ..
> Hairy One Kenobi wrote:
> > "Imhotep" <Imhotep@nospam.com> wrote in message
> > news:fzSLe.15697$Oy2.5608@tornado.tampabay.rr.com. ..
<snip>
> > Take a look at Gartner.com, or one of the mainstream IT news sites -
> > you'll soon get the idea.
>
> I have used Gartner over the years. Yes, I am very famalar with them.
> However, I am asking you to restate your point, that is what I do not
> understand.
Hmm. maybe it's a language thing? Time to quote...
"Hairy One Kenobi" <abuse@[127.0.0.1]> wrote in message
news:h%KLe.8368$Mf6.7813@newsfe2-gui.ntli.net...
> According to the analysts, it's split 50-50 between security-by-obscurity
> and security-by-peer-review (which, judging by my experience, is something
> more talked about than performed).
Now, by "50-50" I meant that it's evenly split between the two sides: that
no being open source is approximately as effecive as being open source, when
it comes to security. Thus spake the analysts.
From my own POV, I keep hearing how much better it is that people inspect
other people's code, and fix it. But I've never met anyone that did that. Or
anyone that knew someone that did that. Or anyone who had a friend who know
someone...
Hell, I contribute (at at least /have/ contributed) to OS myself - people
tend to find a bug when they are using a particular aspect.
With literally millions of downloads, how could even 0.01% (hundreds of
dedicated techies) have missed the holes in OpenSSL and the Linux kernel?
Assuming, of course, that these people actually exist, as opposed to the
couple of people involved in the development of specific aspects or
products. Or developers breaking that precise aspect of the code?
> > Pick the platform that does the job best for your particular
application.
> > I usually have a mix of Windows, virtual IBM mainframe, Linux, and
Solaris
> > at home; no RH at the moment, though - some idiot broke the installer,
so
> > that it doesn't cope with my LCD panel. Must get around to fixing that
at
> > some point...
>
> That has been fixed.
Glad to hear that. Could you point me towards the patch that fixed my
particular version...? (Cough)
H1K
P.S. Being marginally less cruel, it seemed to have been a major problem
with Gnome - even manually editing the files to match the monitor
characteristics failed to help. After a couple of months, I temporarily
stuck MSDN Windoze on there, just to be able to run Ethereal (couldn't find
my old installation CDs).
> "Imhotep" <Imhotep@nospam.com> wrote in message
> news:NFpMe.34749$dJ5.4455@tornado.tampabay.rr.com. ..
>> Hairy One Kenobi wrote:
>> > "Imhotep" <Imhotep@nospam.com> wrote in message
>> > news:fzSLe.15697$Oy2.5608@tornado.tampabay.rr.com. ..
>
> <snip>
>
>> > Take a look at Gartner.com, or one of the mainstream IT news sites -
>> > you'll soon get the idea.
>>
>> I have used Gartner over the years. Yes, I am very famalar with them.
>> However, I am asking you to restate your point, that is what I do not
>> understand.
>
> Hmm. maybe it's a language thing? Time to quote...
>
> "Hairy One Kenobi" <abuse@[127.0.0.1]> wrote in message
> news:h%KLe.8368$Mf6.7813@newsfe2-gui.ntli.net...
>
>
>> According to the analysts, it's split 50-50 between security-by-obscurity
>> and security-by-peer-review (which, judging by my experience, is
>> something more talked about than performed).
>
> Now, by "50-50" I meant that it's evenly split between the two sides: that
> no being open source is approximately as effecive as being open source,
> when it comes to security. Thus spake the analysts.
>
First, Gartner is not the Gospel. I used to have an account with the for
many years. They do have some good people and info but, they are not
perfect. When researching I take their point of view into account, but I
also take it "with a grain of sand".
> From my own POV, I keep hearing how much better it is that people inspect
> other people's code, and fix it. But I've never met anyone that did that.
> Or anyone that knew someone that did that. Or anyone who had a friend who
> know someone...
Not true. You should have been taught from college about peer code review. I
personally have been all over the BSD IP protocol stack not just looking
for bugs but also to better understand socket/server programming.
Many theoretical security holes have been patched, BEFORE ANY CODE WAS
WRITTEN, by code review.
1) sendmail about 2 years ago. It was theorized that the structure of
sendmail be split into a client and server within the same server because
of a theoretical security hole
2) Recently ssh was being looked at. It was discovered that because of the
way Intel has designed it's hyperthreading CPU it COULD be possible for one
thread to "peek" at data for another thread (within the same thread
"family").
3) Other open source applications have benefited from code review also, but
I will leave that for the readers homework. :-)
....the point is that open source works in many ways. First, it allows anyone
who is writting application code to view how the code (underneath the API
level) is structured. Resulting in tighter and more secure code. Second,
there are people who do review the code looking for possible problems
(again review #1 and #2 above).
> Hell, I contribute (at at least /have/ contributed) to OS myself - people
> tend to find a bug when they are using a particular aspect.
Sure sometimes people find a problem when writting code for a particular
application. There again, they can verify that it is really a security hole
by looking at the code below.
> With literally millions of downloads, how could even 0.01% (hundreds of
> dedicated techies) have missed the holes in OpenSSL and the Linux kernel?
Be more specific. Which holes?
> Assuming, of course, that these people actually exist, as opposed to the
> couple of people involved in the development of specific aspects or
> products. Or developers breaking that precise aspect of the code?
Yes, these people really exist...
>> > Pick the platform that does the job best for your particular
> application.
>> > I usually have a mix of Windows, virtual IBM mainframe, Linux, and
> Solaris
>> > at home; no RH at the moment, though - some idiot broke the installer,
> so
>> > that it doesn't cope with my LCD panel. Must get around to fixing that
> at
>> > some point...
>>
>> That has been fixed.
>
> Glad to hear that. Could you point me towards the patch that fixed my
> particular version...? (Cough)
Ah....why all the coughing, gota cold? You patch is included in Red Hat FC
4...
>
> H1K
>
> P.S. Being marginally less cruel, it seemed to have been a major problem
> with Gnome - even manually editing the files to match the monitor
> characteristics failed to help. After a couple of months, I temporarily
> stuck MSDN Windoze on there, just to be able to run Ethereal (couldn't
> find my old installation CDs).
"Imhotep" <Imhotep@nospam.com> wrote in message
news:5KSMe.20388$Yx1.17568@tornado.tampabay.rr.com ...
> Hairy One Kenobi wrote:
>
> > "Imhotep" <Imhotep@nospam.com> wrote in message
> > news:NFpMe.34749$dJ5.4455@tornado.tampabay.rr.com. ..
> >> Hairy One Kenobi wrote:
> >> > "Imhotep" <Imhotep@nospam.com> wrote in message
> >> > news:fzSLe.15697$Oy2.5608@tornado.tampabay.rr.com. ..
> >
> > <snip>
> >
> >> > Take a look at Gartner.com, or one of the mainstream IT news sites -
> >> > you'll soon get the idea.
> >>
> >> I have used Gartner over the years. Yes, I am very famalar with them.
> >> However, I am asking you to restate your point, that is what I do not
> >> understand.
> >
> > Hmm. maybe it's a language thing? Time to quote...
> >
> > "Hairy One Kenobi" <abuse@[127.0.0.1]> wrote in message
> > news:h%KLe.8368$Mf6.7813@newsfe2-gui.ntli.net...
<snip; seen it al before>
> First, Gartner is not the Gospel. I used to have an account with the for
> many years. They do have some good people and info but, they are not
> perfect. When researching I take their point of view into account, but I
> also take it "with a grain of sand".
In that case (he asks rethorically), then why the misunderstanding about
what an analyse is, and does? Subject closed, methinks.
> > From my own POV, I keep hearing how much better it is that people
inspect
> > other people's code, and fix it. But I've never met anyone that did
that.
> > Or anyone that knew someone that did that. Or anyone who had a friend
who
> > know someone...
>
> Not true. You should have been taught from college about peer code review.
I
> personally have been all over the BSD IP protocol stack not just looking
> for bugs but also to better understand socket/server programming.
Well done! That makes /two/ such people that I've met (the other had a party
piece about the Solaris kernel, and the bit that says "you aren't supposed
to understand the next 20 lines of code". Or somesuch. It's been a while.
> Many theoretical security holes have been patched, BEFORE ANY CODE WAS
> WRITTEN, by code review.
Approximately none. Or are you one of those "true believers" that think that
Pseudo code is executable..? Hate to break it to you, but...
<snip examples; Sendmail has been patched any number of times - just like
IE, and for exactly the same reasons.
Seem to remember that OpenSSL [in particular] was cracked rather widely
open, rather than the theoretical and obscure multi-thread thang. Memory
affected by consumption of Merlot at this point, I'm afraid, but I also seem
to remember that my particular OpenSSL implementation "just stopped working"
at some point. Got reminded of that yesterday, when Indy returned a vague
"invalid handle" exception. A naked exception, I might add (shudder)>
> 3) Other open source applications have benefited from code review also,
but
> I will leave that for the readers homework. :-)
Well, if you're /that/ stuck for examples, you might consider the Open
Source SMTP server object on my own web site... as I (think) I said, I'm not
anti-OS, just anti-Not Thinking. Hell, noone's even thought about asking me
about my own preferred development platform... ;o)
> ...the point is that open source works in many ways. First, it allows
anyone
> who is writting application code to view how the code (underneath the API
> level) is structured. Resulting in tighter and more secure code. Second,
> there are people who do review the code looking for possible problems
Cite! Cite! Cite!
Millions of lines of code out there, and all we can come up between us is
(what?) three examples?
> Sure sometimes people find a problem when writting code for a particular
> application. There again, they can verify that it is really a security
hole
> by looking at the code below.
>
> > With literally millions of downloads, how could even 0.01% (hundreds of
> > dedicated techies) have missed the holes in OpenSSL and the Linux
kernel?
>
> Be more specific. Which holes?
IIRC, attitudes to the security-oriented Debian and SUSE platforms were the
most dented. (Again) IIRC, it was a suspected Apache flaw that allowed
uncontrolled access to source code, which basically permitted a root exploit
to be included and - oops - distrinuted both as source and binary to the
world at large.
It was a while ago, and not my core area of interest: anyone should be able
to Google a result within a few minutes. Unfortunately, like so often, I'm
relying on wetware storage technology for the details :o)
> > Assuming, of course, that these people actually exist, as opposed to the
> > couple of people involved in the development of specific aspects or
> > products. Or developers breaking that precise aspect of the code?
>
> Yes, these people really exist...
Name a couple... ;o)
Better yet, put up a significant stake on (say) PayPal, name an OS package
of your choice with at least a thousand lines of 3GL code, and I'll have a
go at finding a bug. There's *always* one more bug, no matter what the
platform ;o) My own code very much included.
> Ah....why all the coughing, gota cold? You patch is included in Red Hat FC
> 4...
Excellent. Now, about that precise link for my vague problem statement...?
I'm particularly interested, as it looked like a fundamental problem with
Gnome in general - anything that I could use to tweak my existing config
would be welcome.
H1K
P.S. Nothing personal in all this - software evolution makes us stronger..
and you have good arguments.
French Gov handing out Linux in schools 
Linear Mode
