http://www.linuxsecurity.com/articles/forums_article-34.html

In just two weeks, I've seen over 80 brand new Linux security
vulnerabilities reported on www.linuxsecurity.com.

So, when you say Linux is secure, exactly what are you talking about?

On Tue, 15 Jun 2004 00:40:51 -0400, DFS wrote:

> http://www.linuxsecurity.com/articles/forums_article-34.html
> 
> In just two weeks, I've seen over 80 brand new Linux security
> vulnerabilities reported on www.linuxsecurity.com.
> 
> So, when you say Linux is secure, exactly what are you talking about?

80?  Let's see.  I'm going to look at the distro I actually use most:
Mandrake.

The first item listed isn't a security issue at all.

xpcd.  Can't say I've ever used it, so it's not like I've ever been
vulnerable.  Should I decide to install it, the patched version is in the
application list, ready to go.

mod_ssl.  Yes, well, in theory, since I do some web work, this might
matter.  On the other hand, it's for Apache 1.3, which I don't use, and if
I were to downgrade to 1.3, the fixed ssl package is ready to install.

Apache 2.  Yup, I use that one.  Didn't even know this vulnerability
existed - yet I'm running a version with the fix.

This is typical, though.  Updates available - even installed - before
you're even aware you need 'em.

On the other hand, I'd like to point out something you're conveniently
overlooking.  Specifically, what's included in those "lists of 80
vulnerabilities".

What's listed there is, effectively, all known issues in all known
applications for each distro.  That is to say, in Windows terms, this is
about like having a central repository listing all known issues in
Windows *plus* the combined bug lists from every well-known (and a lot of
lesser-known) Windows applications - winzip, Amaya, MS Office, Corel Draw,
whatever - all in one place.

Debian, for example, comprises something like eleven *thousand* packages. 
Most distros come in between about 2,000 and 7,000.  Many include not just
entire office suites, but often include _several_ such.  As well as
several web and database servers, etc.

So.  Pick a distro.  Any distro.  Mandrake, if you'd like.  You say
there's 80 vulnerabilities for it, right?  Fine.  Now fire up your
favorite web spidering tool and hunt down every vulnerability report for
ever Windows application out there, for the same period.  Feel free to
stop after listing all the bugs in, say, the 3,000 most popular
applications.

Think you can keep _that_ below 80 items?  Even though there's little
reason to expect a lot of those reports to be available at all?  I
wouldn't bet on it.

begin On Tue, 15 Jun 2004 00:40:51 -0400, DFS posted:

> http://www.linuxsecurity.com/articles/forums_article-34.html
> 
> In just two weeks, I've seen over 80 brand new Linux security
> vulnerabilities reported on www.linuxsecurity.com.
> 
> So, when you say Linux is secure, exactly what are you talking about?

It's been explained to you before, but you *obviously* didn't read it or
chose to ignore it, just proving what a bozo you really are.
Now let me see, SuSE linux... only 2 security vulnerabilities
cvs...nope, don't use it.
Squid....nope, not installed.

Well that FUD got shot down. 

-- 
The short life and hard times of a Linux virus
http://librenix.com/?inode=21
Linux vs. Windows Viruses
http://www.securityfocus.com/columnists/188

DFS is alleged to have said in comp.os.linux.advocacy:

> http://www.linuxsecurity.com/articles/forums_article-34.html
> 
> In just two weeks, I've seen over 80 brand new Linux security
> vulnerabilities reported on www.linuxsecurity.com.
> 
> So, when you say Linux is secure, exactly what are you talking about?

That site is listing *BSD issues on that page as well. So when we say linux,
what exactly makes you think we're talking about BSD? It also lists the
same vulnerability multiple times, since it breaks the list out by
distribution. This latter tactic is often seen from droolers, so that when
an issue is found that affects, say, 10 different distributions, the
droolers call it 10 issues, when it's actually 1. Math doesn't seem to be
the long suit of  droolers.

-- 
Gates' Law: Every 18 months the speed of software halves.

Error BR-549: MS DRM 1.0 rejects the following post from Rob Hughes:

> DFS is alleged to have said in comp.os.linux.advocacy:
>
> droolers call it 10 issues, when it's actually 1. Math doesn't seem to be
> the long suit of  droolers.

"windroolers"...  I like that.

-- 
Free as in freedom

"Kelsey Bjarnason" <kelseyb@xxnospamyy.lightspeed.bc.ca> wrote in message
news:pan.2004.06.15.05.58.15.29588@xxnospamyy.lightspeed.bc.ca...
> On Tue, 15 Jun 2004 00:40:51 -0400, DFS wrote:
>
> > http://www.linuxsecurity.com/articles/forums_article-34.html
> >
> > In just two weeks, I've seen over 80 brand new Linux security
> > vulnerabilities reported on www.linuxsecurity.com.
> >
> > So, when you say Linux is secure, exactly what are you talking about?
>
> 80?  Let's see.  I'm going to look at the distro I actually use most:
> Mandrake.

But that's just you.  Other Linux users work with different distros.

The point is each week dozens of new security vulnerabilities are found in
Linux code, yet the Linux moron community continues to blast Windows for
being insecure.



> The first item listed isn't a security issue at all.
>
> xpcd.  Can't say I've ever used it, so it's not like I've ever been
> vulnerable.  Should I decide to install it, the patched version is in the
> application list, ready to go.
>
> mod_ssl.  Yes, well, in theory, since I do some web work, this might
> matter.  On the other hand, it's for Apache 1.3, which I don't use, and if
> I were to downgrade to 1.3, the fixed ssl package is ready to install.
>
> Apache 2.  Yup, I use that one.  Didn't even know this vulnerability
> existed - yet I'm running a version with the fix.
>
> This is typical, though.  Updates available - even installed - before
> you're even aware you need 'em.
>
> On the other hand, I'd like to point out something you're conveniently
> overlooking.  Specifically, what's included in those "lists of 80
> vulnerabilities".
>
> What's listed there is, effectively, all known issues in all known
> applications for each distro.  That is to say, in Windows terms, this is
> about like having a central repository listing all known issues in
> Windows *plus* the combined bug lists from every well-known (and a lot of
> lesser-known) Windows applications - winzip, Amaya, MS Office, Corel Draw,
> whatever - all in one place.

Very useful, actually.  Can't find anything like it for Windows software
(didn't search very hard, though).



> Debian, for example, comprises something like eleven *thousand* packages.

Yes, someone said that yesterday.  That's truly absurd: 11,000 pieces of
slopware.




> Most distros come in between about 2,000 and 7,000.  Many include not just
> entire office suites, but often include _several_ such.  As well as
> several web and database servers, etc.
>
> So.  Pick a distro.  Any distro.  Mandrake, if you'd like.  You say
> there's 80 vulnerabilities for it, right?  Fine.  Now fire up your
> favorite web spidering tool and hunt down every vulnerability report for
> ever Windows application out there, for the same period.  Feel free to
> stop after listing all the bugs in, say, the 3,000 most popular
> applications.
>
> Think you can keep _that_ below 80 items?  Even though there's little
> reason to expect a lot of those reports to be available at all?  I
> wouldn't bet on it.

Don't know.  They're closed source, of course, and the vendors don't seem to
report security issues to a security clearinghouse.

begin On Tue, 15 Jun 2004 08:56:45 -0400, DFS posted:

> "Kelsey Bjarnason" <kelseyb@xxnospamyy.lightspeed.bc.ca> wrote in message
> news:pan.2004.06.15.05.58.15.29588@xxnospamyy.lightspeed.bc.ca...
>> On Tue, 15 Jun 2004 00:40:51 -0400, DFS wrote:
>>
>> > http://www.linuxsecurity.com/articles/forums_article-34.html
>> >
>> > In just two weeks, I've seen over 80 brand new Linux security
>> > vulnerabilities reported on www.linuxsecurity.com.
>> >
>> > So, when you say Linux is secure, exactly what are you talking about?
>>
>> 80?  Let's see.  I'm going to look at the distro I actually use most:
>> Mandrake.
> 
> But that's just you.  Other Linux users work with different distros.

Exactly! It's like saying last week there were 200 vulnerbilities in
Windows, except it was omitted to say they apply to different *versions*
of windows. So you *cannot* say there were 80 linux security
vulnerabilities as a blanket statement, or you *will* have to include
*all* windows vulnerabilities for *every* windows version when talking
about M$ Windows.


> The point is each week dozens of new security vulnerabilities are found in
> Linux code, 

Wrong, linux code is the kernel.

> yet the Linux moron community continues to blast Windows for
> being insecure.

The windows OS itself is far more insecure then any linux distro OS,
& I've left out the applications of course, which *you* keep including.

>> The first item listed isn't a security issue at all.
>>
>> xpcd.  Can't say I've ever used it, so it's not like I've ever been
>> vulnerable.  Should I decide to install it, the patched version is in
>> the application list, ready to go.
>>
>> mod_ssl.  Yes, well, in theory, since I do some web work, this might
>> matter.  On the other hand, it's for Apache 1.3, which I don't use, and
>> if I were to downgrade to 1.3, the fixed ssl package is ready to
>> install.
>>
>> Apache 2.  Yup, I use that one.  Didn't even know this vulnerability
>> existed - yet I'm running a version with the fix.
>>
>> This is typical, though.  Updates available - even installed - before
>> you're even aware you need 'em.
>>
>> On the other hand, I'd like to point out something you're conveniently
>> overlooking.  Specifically, what's included in those "lists of 80
>> vulnerabilities".
>>
>> What's listed there is, effectively, all known issues in all known
>> applications for each distro.  That is to say, in Windows terms, this is
>> about like having a central repository listing all known issues in
>> Windows *plus* the combined bug lists from every well-known (and a lot
>> of lesser-known) Windows applications - winzip, Amaya, MS Office, Corel
>> Draw, whatever - all in one place.
> 
> Very useful, actually.  Can't find anything like it for Windows software
> (didn't search very hard, though).
> 
> 
> 
>> Debian, for example, comprises something like eleven *thousand*
>> packages.
> 
> Yes, someone said that yesterday.  That's truly absurd: 11,000 pieces of
> slopware.

You've *used* Debian then, & you know for *sure* it's slopware?

>> Most distros come in between about 2,000 and 7,000.  Many include not
>> just entire office suites, but often include _several_ such.  As well as
>> several web and database servers, etc.
>>
>> So.  Pick a distro.  Any distro.  Mandrake, if you'd like.  You say
>> there's 80 vulnerabilities for it, right?  Fine.  Now fire up your
>> favorite web spidering tool and hunt down every vulnerability report for
>> ever Windows application out there, for the same period.  Feel free to
>> stop after listing all the bugs in, say, the 3,000 most popular
>> applications.
>>
>> Think you can keep _that_ below 80 items?  Even though there's little
>> reason to expect a lot of those reports to be available at all?  I
>> wouldn't bet on it.
> 
> Don't know.  They're closed source, of course, and the vendors don't seem
> to report security issues to a security clearinghouse.

-- 
The short life and hard times of a Linux virus
http://librenix.com/?inode=21
Linux vs. Windows Viruses
http://www.securityfocus.com/columnists/188

"William Poaster" <willpoast@jvyycbnfg.zr.hx> wrote in message
news:pan.2004.06.15.13.14.54.449794@jvyycbnfg.zr.hx...
> begin On Tue, 15 Jun 2004 08:56:45 -0400, DFS posted:
>
> > "Kelsey Bjarnason" <kelseyb@xxnospamyy.lightspeed.bc.ca> wrote in
message
> > news:pan.2004.06.15.05.58.15.29588@xxnospamyy.lightspeed.bc.ca...
> >> On Tue, 15 Jun 2004 00:40:51 -0400, DFS wrote:
> >>
> >> > http://www.linuxsecurity.com/articles/forums_article-34.html
> >> >
> >> > In just two weeks, I've seen over 80 brand new Linux security
> >> > vulnerabilities reported on www.linuxsecurity.com.
> >> >
> >> > So, when you say Linux is secure, exactly what are you talking about?
> >>
> >> 80?  Let's see.  I'm going to look at the distro I actually use most:
> >> Mandrake.
> >
> > But that's just you.  Other Linux users work with different distros.
>
> Exactly! It's like saying last week there were 200 vulnerbilities in
> Windows, except it was omitted to say they apply to different *versions*
> of windows. So you *cannot* say there were 80 linux security
> vulnerabilities as a blanket statement,

Sure I can.  They were all Linux-related, weren't they?





> or you *will* have to include
> *all* windows vulnerabilities for *every* windows version when talking
> about M$ Windows.

We're not talking about Windows.




> > The point is each week dozens of new security vulnerabilities are found
in
> > Linux code,
>
> Wrong, linux code is the kernel.

A new excuse.  Any installation problems or app viruses or security issues
are not Linux, 'cause Linux is the kernel.





> > yet the Linux moron community continues to blast Windows for
> > being insecure.
>
> The windows OS itself is far more insecure then any linux distro OS,
> & I've left out the applications of course, which *you* keep including.
>
> >> The first item listed isn't a security issue at all.
> >>
> >> xpcd.  Can't say I've ever used it, so it's not like I've ever been
> >> vulnerable.  Should I decide to install it, the patched version is in
> >> the application list, ready to go.
> >>
> >> mod_ssl.  Yes, well, in theory, since I do some web work, this might
> >> matter.  On the other hand, it's for Apache 1.3, which I don't use, and
> >> if I were to downgrade to 1.3, the fixed ssl package is ready to
> >> install.
> >>
> >> Apache 2.  Yup, I use that one.  Didn't even know this vulnerability
> >> existed - yet I'm running a version with the fix.
> >>
> >> This is typical, though.  Updates available - even installed - before
> >> you're even aware you need 'em.
> >>
> >> On the other hand, I'd like to point out something you're conveniently
> >> overlooking.  Specifically, what's included in those "lists of 80
> >> vulnerabilities".
> >>
> >> What's listed there is, effectively, all known issues in all known
> >> applications for each distro.  That is to say, in Windows terms, this
is
> >> about like having a central repository listing all known issues in
> >> Windows *plus* the combined bug lists from every well-known (and a lot
> >> of lesser-known) Windows applications - winzip, Amaya, MS Office, Corel
> >> Draw, whatever - all in one place.
> >
> > Very useful, actually.  Can't find anything like it for Windows software
> > (didn't search very hard, though).
> >
> >
> >
> >> Debian, for example, comprises something like eleven *thousand*
> >> packages.
> >
> > Yes, someone said that yesterday.  That's truly absurd: 11,000 pieces of
> > slopware.
>
> You've *used* Debian then, & you know for *sure* it's slopware?


I made a long post about Debian slopware last week.  It was titled "Open
source code superior because of peer review and testing?"

Look it up, if you want.





> >> Most distros come in between about 2,000 and 7,000.  Many include not
> >> just entire office suites, but often include _several_ such.  As well
as
> >> several web and database servers, etc.
> >>
> >> So.  Pick a distro.  Any distro.  Mandrake, if you'd like.  You say
> >> there's 80 vulnerabilities for it, right?  Fine.  Now fire up your
> >> favorite web spidering tool and hunt down every vulnerability report
for
> >> ever Windows application out there, for the same period.  Feel free to
> >> stop after listing all the bugs in, say, the 3,000 most popular
> >> applications.
> >>
> >> Think you can keep _that_ below 80 items?  Even though there's little
> >> reason to expect a lot of those reports to be available at all?  I
> >> wouldn't bet on it.
> >
> > Don't know.  They're closed source, of course, and the vendors don't
seem
> > to report security issues to a security clearinghouse.
>
> -- 
> The short life and hard times of a Linux virus
> http://librenix.com/?inode=21
> Linux vs. Windows Viruses
> http://www.securityfocus.com/columnists/188

On Tue, 15 Jun 2004 09:30:56 -0400, the wintroll known as DFS posted this drivel:

> "William Poaster" <willpoast@jvyycbnfg.zr.hx> wrote in message
> news:pan.2004.06.15.13.14.54.449794@jvyycbnfg.zr.hx...
>> begin On Tue, 15 Jun 2004 08:56:45 -0400, DFS posted:
>>
>> > "Kelsey Bjarnason" <kelseyb@xxnospamyy.lightspeed.bc.ca> wrote in
> message
>> > news:pan.2004.06.15.05.58.15.29588@xxnospamyy.lightspeed.bc.ca...
>> >> On Tue, 15 Jun 2004 00:40:51 -0400, DFS wrote:
>> >>
>> >> > http://www.linuxsecurity.com/articles/forums_article-34.html
>> >> >
>> >> > In just two weeks, I've seen over 80 brand new Linux security
>> >> > vulnerabilities reported on www.linuxsecurity.com.
>> >> >
>> >> > So, when you say Linux is secure, exactly what are you talking
>> >> > about?
>> >>
>> >> 80?  Let's see.  I'm going to look at the distro I actually use most:
>> >> Mandrake.
>> >
>> > But that's just you.  Other Linux users work with different distros.
>>
>> Exactly! It's like saying last week there were 200 vulnerbilities in
>> Windows, except it was omitted to say they apply to different *versions*
>> of windows. So you *cannot* say there were 80 linux security
>> vulnerabilities as a blanket statement,
> 
> Sure I can.  They were all Linux-related, weren't they?

Are you being deliberately stupid, or were you born that way?

So according to you, I can post this - all M$ vulnerabilities:
Worm Exploits Multiple Windows Vulnerabilities
http://www.techweb.com/wire/story/TWB20040603S0007

CRITICAL WINDOWS VULNERABILITIES
http://www.unh.edu/computer-security/win_vuln.html

WINDOWS VULNERABILITIES
http://faculty.ncwc.edu/toconnor/426/426lect12.htm

Multiple Vulnerabilities in Microsoft ASN.1 Library
http://www.us-cert.gov/cas/techalerts/TA04-041A.html

ITC Announcement/Security Alert/Microsoft Office Vulnerabilities
http://www.itc.virginia.edu/pubs/postnews/itemDisplay.phtml?itemID=42

CERT: Cross-Domain Redirect Vulnerability in Internet Explorer
http://mcse-training.woosy.com/resources/computer-education-certification-traini
ng-microsoft/dallas-microsoft-office-2003-certification-testing-tx.html

 These updates address various bugs and security problems found in the Microsoft
Operating System.
http://www.depts.ttu.edu/helpcentral/safecomputing/information/vuln.php

Multiple New Microsoft Vulnerabilities
http://www.more.net/security/advisories/2004/040414.html

Microsoft Outlook
http://www.idefense.com/application/poi/display?id=79&type=vulnerabilities&flash
status=false

Microsoft Outlook Arbitrary Code Execution Vulnerability
http://www.trusecure.com/knowledge/hype/20040311_outlook.shtml

Windows Security Update for June 2004
http://www.microsoft.com/security/bulletins/200406_windows.mspx

Office Security Update
http://www.microsoft.com/security/bulletins/200403_office.mspx

>> or you *will* have to include *all* windows vulnerabilities 
>> for *every* windows version when talking
>> about M$ Windows.
> 
> We're not talking about Windows.

You just don't get it, do you!

>> > The point is each week dozens of new security vulnerabilities are
>> > found in Linux code,
>>
>> Wrong, linux code is the kernel.
> 
> A new excuse.  Any installation problems or app viruses or security issues
> are not Linux, 'cause Linux is the kernel.

Name an application virus! 

<snip>
>> > Yes, someone said that yesterday.  That's truly absurd: 11,000 pieces
>> > of slopware.
>>
>> You've *used* Debian then, & you know for *sure* it's slopware?
> 
> 
> I made a long post about Debian slopware last week.  It was titled "Open
> source code superior because of peer review and testing?"
> 
> Look it up, if you want.

I can't be bothered, it's probably BS anyway.

-- 
The short life and hard times of a Linux virus
http://librenix.com/?inode=21
Linux vs. Windows Viruses
http://www.securityfocus.com/columnists/188

DFS wrote:

> "William Poaster" <willpoast@jvyycbnfg.zr.hx> wrote in message
> news:pan.2004.06.15.13.14.54.449794@jvyycbnfg.zr.hx...
>> begin On Tue, 15 Jun 2004 08:56:45 -0400, DFS posted:
>>
>> > "Kelsey Bjarnason" <kelseyb@xxnospamyy.lightspeed.bc.ca> wrote in
> message
>> > news:pan.2004.06.15.05.58.15.29588@xxnospamyy.lightspeed.bc.ca...
>> >> On Tue, 15 Jun 2004 00:40:51 -0400, DFS wrote:
>> >>
>> >> > http://www.linuxsecurity.com/articles/forums_article-34.html
>> >> >
>> >> > In just two weeks, I've seen over 80 brand new Linux security
>> >> > vulnerabilities reported on www.linuxsecurity.com.
>> >> >
>> >> > So, when you say Linux is secure, exactly what are you talking
>> >> > about?
>> >>
>> >> 80?  Let's see.  I'm going to look at the distro I actually use most:
>> >> Mandrake.
>> >
>> > But that's just you.  Other Linux users work with different distros.
>>
>> Exactly! It's like saying last week there were 200 vulnerbilities in
>> Windows, except it was omitted to say they apply to different *versions*
>> of windows. So you *cannot* say there were 80 linux security
>> vulnerabilities as a blanket statement,
> 
> Sure I can.  They were all Linux-related, weren't they?

Some of the distros are radically different from eachother, so no, not in
the sense you meant it. A vulnerability affecting only Win2000, say,
doesn't apply to Win98, or vice versa. No more than one affecting only
certain distributions of Linux. Or for example something affecting the 2.4
kernel but not the 2.6. 
 
> 
>> or you *will* have to include
>> *all* windows vulnerabilities for *every* windows version when talking
>> about M$ Windows.
> 
> We're not talking about Windows.

But you are suggesting by implication that Windows doesn't have this problem
of vulnerabilities.

> 
>> > The point is each week dozens of new security vulnerabilities are found
> in
>> > Linux code,
>>
>> Wrong, linux code is the kernel.
> 
> A new excuse.  Any installation problems or app viruses or security issues
> are not Linux, 'cause Linux is the kernel.

He is, essentially, correct, though. Linux *is* only the kernel. What we
generally call Linux, is the whole shebang - apps, windowing system, etc,
etc, as provided by distributions. It's been debated before whether when we
talk about Linux in the sense of the whole packaged system, we should
distinguish it by calling in Gnu/Linux, or whatever, so that there's less
confusion.

Linux apps can be used on FreeBSD, too, and on Windows, remember.
 
> 
>> > yet the Linux moron community continues to blast Windows for
>> > being insecure.
>>
>> The windows OS itself is far more insecure then any linux distro OS,
>> & I've left out the applications of course, which *you* keep including.
>>
>> >> The first item listed isn't a security issue at all.
>> >>
>> >> xpcd.  Can't say I've ever used it, so it's not like I've ever been
>> >> vulnerable.  Should I decide to install it, the patched version is in
>> >> the application list, ready to go.
>> >>
>> >> mod_ssl.  Yes, well, in theory, since I do some web work, this might
>> >> matter.  On the other hand, it's for Apache 1.3, which I don't use,
>> >> and if I were to downgrade to 1.3, the fixed ssl package is ready to
>> >> install.
>> >>
>> >> Apache 2.  Yup, I use that one.  Didn't even know this vulnerability
>> >> existed - yet I'm running a version with the fix.
>> >>
>> >> This is typical, though.  Updates available - even installed - before
>> >> you're even aware you need 'em.
>> >>
>> >> On the other hand, I'd like to point out something you're conveniently
>> >> overlooking.  Specifically, what's included in those "lists of 80
>> >> vulnerabilities".
>> >>
>> >> What's listed there is, effectively, all known issues in all known
>> >> applications for each distro.  That is to say, in Windows terms, this
> is
>> >> about like having a central repository listing all known issues in
>> >> Windows *plus* the combined bug lists from every well-known (and a lot
>> >> of lesser-known) Windows applications - winzip, Amaya, MS Office,
>> >> Corel Draw, whatever - all in one place.
>> >
>> > Very useful, actually.  Can't find anything like it for Windows
>> > software (didn't search very hard, though).
>> >
>> >
>> >
>> >> Debian, for example, comprises something like eleven *thousand*
>> >> packages.
>> >
>> > Yes, someone said that yesterday.  That's truly absurd: 11,000 pieces
>> > of slopware.
>>
>> You've *used* Debian then, & you know for *sure* it's slopware?
> 
> 
> I made a long post about Debian slopware last week.  It was titled "Open
> source code superior because of peer review and testing?"
> 
> Look it up, if you want.

Since you haven't proved any of it *is* 'slopware', that doesn't count as a
serious argument. And you cannot judge Linux software with any accuracy
until you've used it on a daily basis for some time. Get yourself a distro
and then you may be able to make judgements.

The sofware included as standard with WinXP is okay, but hardly much to get
excited about. With Mandrake 9.1, my distro, there is loads of nice stuff
to choose from. I get an office suite (more than one if I like), various
browswers, excellent text editors to suit all levels of experience; I use
Xemacs, and Kate, as my own personal preference. If you claim Kate is
'slopware' you are certainly an idiot. I find it to be one of the very best
I've ever used, and I didn't even have to go looking for it.

On this box I'm using now (not my main one) I've just installed Gkrellim, a
cool little monitoring app. On my dual-booter I'm trying out Enlightenment,
a windowmanager very different from KDE or Icewm, for a change of scene.

These apps are not 'slopware'. Nor are a great many others produced for use
with the Linux operating system.

Before you sling mud *use Linux*. Try Knoppix, if you can't be bothered with
an install - it's a good way to try out the latest software.
 
<snip remainder>

-- 
Kier

begin On Tue, 15 Jun 2004 16:47:03 +0100, spike1 posted:

> William Poaster <willpoast@jvyycbnfg.zr.hx> wrote:
>>> A new excuse.  Any installation problems or app viruses or security
>>> issues are not Linux, 'cause Linux is the kernel.
> 
>> Name an application virus!
> 
> Name *ANY* virus...
> (Bet he can't, and if he does, it's probably 4 or more years old and no
> longer viable on any version of linux released within the last 4 years)

He's grasping at straws as usual.

-- 
The short life and hard times of a Linux virus
http://librenix.com/?inode=21
Linux vs. Windows Viruses
http://www.securityfocus.com/columnists/188

William Poaster <willpoast@jvyycbnfg.zr.hx> wrote:
>> A new excuse.  Any installation problems or app viruses or security issues
>> are not Linux, 'cause Linux is the kernel.

> Name an application virus! 

Name *ANY* virus...
(Bet he can't, and if he does, it's probably 4 or more years old and
no longer viable on any version of linux released within the last 4 years)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, 15 Jun 2004 16:45:53 +0100,
 William Poaster <willpoast@jvyycbnfg.zr.hx> wrote:
> begin On Tue, 15 Jun 2004 16:47:03 +0100, spike1 posted:
>
>> William Poaster <willpoast@jvyycbnfg.zr.hx> wrote:
>>>> A new excuse.  Any installation problems or app viruses or security
>>>> issues are not Linux, 'cause Linux is the kernel.
>> 
>>> Name an application virus!
>> 
>> Name *ANY* virus...
>> (Bet he can't, and if he does, it's probably 4 or more years old and no
>> longer viable on any version of linux released within the last 4 years)
>
> He's grasping at straws as usual.
>


It's all he's got. 

The only way he can make Linux look half as bad as the redmond stuff, is
to count the same vulnerabilities multiple times (once for each distro)
and include all apps and packages in the distros. Compared to one
version of MS-Ware, with few or no apps. Sad really. 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFAzyQVd90bcYOAWPYRAl+jAKCqf64ZxejA6TyyKpyXLXn+ddh8pQCcCpPE
IkDf9sjdYU0LJpcQyD7eC4Q=
=nIC9
-----END PGP SIGNATURE-----

-- 
Jim Richardson     http://www.eskimo.com/~warlock
If you think education is expensive, TRY IGNORANCE!!!

begin On Tue, 15 Jun 2004 09:30:13 -0700, Jim Richardson posted:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> On Tue, 15 Jun 2004 16:45:53 +0100,
>  William Poaster <willpoast@jvyycbnfg.zr.hx> wrote:
>> begin On Tue, 15 Jun 2004 16:47:03 +0100, spike1 posted:
>>
>>> William Poaster <willpoast@jvyycbnfg.zr.hx> wrote:
>>>>> A new excuse.  Any installation problems or app viruses or security
>>>>> issues are not Linux, 'cause Linux is the kernel.
>>> 
>>>> Name an application virus!
>>> 
>>> Name *ANY* virus...
>>> (Bet he can't, and if he does, it's probably 4 or more years old and no
>>> longer viable on any version of linux released within the last 4 years)
>>
>> He's grasping at straws as usual.
>
> It's all he's got.
> 
> The only way he can make Linux look half as bad as the redmond stuff, is
> to count the same vulnerabilities multiple times (once for each distro)
> and include all apps and packages in the distros. Compared to one version
> of MS-Ware, with few or no apps. Sad really.

Yes, it is. 
That's why I said that in comparing the vulnerabilities of windows &
linux the way *he* does it, he should also include *all* the windows OS
*&* applications too. He doesn't seem to get the idea, or doesn't want to:
- "DFS" - Message-ID: <10ctupeajfhu52c@corp.supernews.com>           
"Sure I can. They were all Linux-related, weren't they?"



-- 
The short life and hard times of a Linux virus
http://librenix.com/?inode=21
Linux vs. Windows Viruses
http://www.securityfocus.com/columnists/188

"William Poaster" <willpoast@jvyycbnfg.zr.hx> wrote in message
news:pan.2004.06.15.17.18.48.789438@jvyycbnfg.zr.hx...
> begin On Tue, 15 Jun 2004 09:30:13 -0700, Jim Richardson posted:
>
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > On Tue, 15 Jun 2004 16:45:53 +0100,
> >  William Poaster <willpoast@jvyycbnfg.zr.hx> wrote:
> >> begin On Tue, 15 Jun 2004 16:47:03 +0100, spike1 posted:
> >>
> >>> William Poaster <willpoast@jvyycbnfg.zr.hx> wrote:
> >>>>> A new excuse.  Any installation problems or app viruses or security
> >>>>> issues are not Linux, 'cause Linux is the kernel.
> >>>
> >>>> Name an application virus!
> >>>
> >>> Name *ANY* virus...
> >>> (Bet he can't, and if he does, it's probably 4 or more years old and
no
> >>> longer viable on any version of linux released within the last 4
years)
> >>
> >> He's grasping at straws as usual.
> >
> > It's all he's got.
> >
> > The only way he can make Linux look half as bad as the redmond stuff, is
> > to count the same vulnerabilities multiple times (once for each distro)
> > and include all apps and packages in the distros. Compared to one
version
> > of MS-Ware, with few or no apps. Sad really.

Liar.  I didn't count anything more than once, or across multiple distros,
and you know it.  I reported the number of entries on the last two security
advisory web pages found at http://www.linuxsecurity.com.








> Yes, it is.
> That's why I said that in comparing the vulnerabilities of windows &
> linux the way *he* does it, he should also include *all* the windows OS
> *&* applications too. He doesn't seem to get the idea, or doesn't want to:
> - "DFS" - Message-ID: <10ctupeajfhu52c@corp.supernews.com>
> "Sure I can. They were all Linux-related, weren't they?"


I never said anything about how I count Windows or Linux viruses.  I just
pointed out that Linux (meaning the Linux kernel and Linux apps) has dozens
of new security vulnerabilities uncovered and reported each week.

Linux isn't nearly as secure as you cola nuts claim it is.

That's the whole point.

begin On Tue, 15 Jun 2004 13:25:47 -0400, DFS posted:

> "William Poaster" <willpoast@jvyycbnfg.zr.hx> wrote in message
> news:pan.2004.06.15.17.18.48.789438@jvyycbnfg.zr.hx...
>> begin On Tue, 15 Jun 2004 09:30:13 -0700, Jim Richardson posted:
>>
>> > -----BEGIN PGP SIGNED MESSAGE-----
>> > Hash: SHA1
>> >
>> > On Tue, 15 Jun 2004 16:45:53 +0100,
>> >  William Poaster <willpoast@jvyycbnfg.zr.hx> wrote:
>> >> begin On Tue, 15 Jun 2004 16:47:03 +0100, spike1 posted:
>> >>
>> >>> William Poaster <willpoast@jvyycbnfg.zr.hx> wrote:
>> >>>>> A new excuse.  Any installation problems or app viruses or
>> >>>>> security issues are not Linux, 'cause Linux is the kernel.
>> >>>
>> >>>> Name an application virus!
>> >>>
>> >>> Name *ANY* virus...
>> >>> (Bet he can't, and if he does, it's probably 4 or more years old and
> no
>> >>> longer viable on any version of linux released within the last 4
> years)
>> >>
>> >> He's grasping at straws as usual.
>> >
>> > It's all he's got.
>> >
>> > The only way he can make Linux look half as bad as the redmond stuff,
>> > is to count the same vulnerabilities multiple times (once for each
>> > distro) and include all apps and packages in the distros. Compared to
>> > one version of MS-Ware, with few or no apps. Sad really.
> 
> Liar.  I didn't count anything more than once, or across multiple distros,
> and you know it.  I reported the number of entries on the last two
> security advisory web pages found at http://www.linuxsecurity.com.

Except of course that.....
Kernel flaw makes Linux crash easily 
New Linux Security Hole Found
New Kernel Crash-Exploit discovered
........are all the *same* story reported by different people!

CVS was know to be a security risk for sometime. You use it at your *own*
risk.

http://www.linuxsecurity.com/articles/forums_article-34.html
You've posted *already*
Q.E.D

-- 
The short life and hard times of a Linux virus
http://librenix.com/?inode=21
Linux vs. Windows Viruses
http://www.securityfocus.com/columnists/188

[snips]

On Tue, 15 Jun 2004 09:30:56 -0400, DFS wrote:

>> >> 80?  Let's see.  I'm going to look at the distro I actually use most:
>> >> Mandrake.
>> >
>> > But that's just you.  Other Linux users work with different distros.
>>
>> Exactly! It's like saying last week there were 200 vulnerbilities in
>> Windows, except it was omitted to say they apply to different *versions*
>> of windows. So you *cannot* say there were 80 linux security
>> vulnerabilities as a blanket statement,
> 
> Sure I can.  They were all Linux-related, weren't they?

Yes, but you're being intentionally obtuse.

What is the risk to a given Linux user - eg me?  The risk is in the distro
I actually _use_.  If I don't use RH, then as far as relates to me, there
are _zero_ RH vulnerabilities, even if the bug lists show 1,000 of them. 
My exposure, my risk, my level of concern, is zero.

So, I run Mandrake.  Never mind "80 vulnerabilities", how many are there
that actually _matter_ to me?  6?  How many are there in services or
application I run - indeed, that I have ever run?  3?  How many of those
require shell accounts, which I don't give to untrusted users?  2?  How
many of the lot have no fixes available, or, more to the point, of the
affected apps, how many of them are running here, rather than the updated
versions?  Zero?

You forget that Linux software updates are fast _and_ reliable; damned few
updates have any negative effects.  Couple that with the ability to update
the whole system in one fell swoop, rather than an app at a time, and it's
trivally easy to ensure you're always up to date, with all the latest
fixes.

Net result?  While there may be 80 reported issues in "Linux" and, say, 6
in Mandrake... my actual risk is virtually non-existant.

Just for comparison' sake... how many vulnerabilities are there in
whatever Windows version you use, in the same period?  Whoops - did you
include all the bugs for all the *apps* as well?  Check again.

>> >> Debian, for example, comprises something like eleven *thousand*
>> >> packages.
>> >
>> > Yes, someone said that yesterday.  That's truly absurd: 11,000 pieces
>> > of slopware.
>>
>> You've *used* Debian then, & you know for *sure* it's slopware?
> 
> 
> I made a long post about Debian slopware last week.  It was titled "Open
> source code superior because of peer review and testing?"

Based, no doubt, on a thorough testing of each of those 11,000
applications.

"kier" <vallon@tiscali.co.uk> wrote in message
news:40cf1852$0$17782$cc9e4d1f@news.dial.pipex.com...
> DFS wrote:
>
> > "William Poaster" <willpoast@jvyycbnfg.zr.hx> wrote in message
> > news:pan.2004.06.15.13.14.54.449794@jvyycbnfg.zr.hx...
> >> begin On Tue, 15 Jun 2004 08:56:45 -0400, DFS posted:
> >>
> >> > "Kelsey Bjarnason" <kelseyb@xxnospamyy.lightspeed.bc.ca> wrote in
> > message
> >> > news:pan.2004.06.15.05.58.15.29588@xxnospamyy.lightspeed.bc.ca...
> >> >> On Tue, 15 Jun 2004 00:40:51 -0400, DFS wrote:
> >> >>
> >> >> > http://www.linuxsecurity.com/articles/forums_article-34.html
> >> >> >
> >> >> > In just two weeks, I've seen over 80 brand new Linux security
> >> >> > vulnerabilities reported on www.linuxsecurity.com.
> >> >> >
> >> >> > So, when you say Linux is secure, exactly what are you talking
> >> >> > about?
> >> >>
> >> >> 80?  Let's see.  I'm going to look at the distro I actually use
most:
> >> >> Mandrake.
> >> >
> >> > But that's just you.  Other Linux users work with different distros.
> >>
> >> Exactly! It's like saying last week there were 200 vulnerbilities in
> >> Windows, except it was omitted to say they apply to different
*versions*
> >> of windows. So you *cannot* say there were 80 linux security
> >> vulnerabilities as a blanket statement,
> >
> > Sure I can.  They were all Linux-related, weren't they?
>
> Some of the distros are radically different from eachother, so no, not in
> the sense you meant it. A vulnerability affecting only Win2000, say,
> doesn't apply to Win98, or vice versa. No more than one affecting only
> certain distributions of Linux. Or for example something affecting the 2.4
> kernel but not the 2.6.

??? Each security vulnerability is for a Linux kernel or a Linux app.
Therefore, all 80 are Linux vulnerabilities.

You can hem and haw all day and say "they're not Linux kernel 2.6," or
"they're only on Red Hat!" but that still doesn't change the fact that the
Linux architecture is now, and always will be, full of security problems.
Just like Windows.







> >> or you *will* have to include
> >> *all* windows vulnerabilities for *every* windows version when talking
> >> about M$ Windows.
> >
> > We're not talking about Windows.
>
> But you are suggesting by implication that Windows doesn't have this
problem
> of vulnerabilities.

Not at all.  I'm proving Linux isn't nearly as secure as the cola nuts claim
it to be.





> >> > The point is each week dozens of new security vulnerabilities are
found
> > in
> >> > Linux code,
> >>
> >> Wrong, linux code is the kernel.
> >
> > A new excuse.  Any installation problems or app viruses or security
issues
> > are not Linux, 'cause Linux is the kernel.
>
> He is, essentially, correct, though. Linux *is* only the kernel. What we
> generally call Linux, is the whole shebang - apps, windowing system, etc,
> etc, as provided by distributions.

You guys should get your terminology straight.



> It's been debated before whether when we
> talk about Linux in the sense of the whole packaged system, we should
> distinguish it by calling in Gnu/Linux, or whatever, so that there's less
> confusion.

And if there's one thing that defines Linux, it's confusion.



> Linux apps can be used on FreeBSD, too, and on Windows, remember.

A very, very few can be used on Windows, but that app is not properly termed
a Linux app.





> >> > yet the Linux moron community continues to blast Windows for
> >> > being insecure.
> >>
> >> The windows OS itself is far more insecure then any linux distro OS,
> >> & I've left out the applications of course, which *you* keep including.
> >>
> >> >> The first item listed isn't a security issue at all.
> >> >>
> >> >> xpcd.  Can't say I've ever used it, so it's not like I've ever been
> >> >> vulnerable.  Should I decide to install it, the patched version is
in
> >> >> the application list, ready to go.
> >> >>
> >> >> mod_ssl.  Yes, well, in theory, since I do some web work, this might

> >> >> matter.  On the other hand, it's for Apache 1.3, which I don't use,
> >> >> and if I were to downgrade to 1.3, the fixed ssl package is ready to
> >> >> install.
> >> >>
> >> >> Apache 2.  Yup, I use that one.  Didn't even know this vulnerability
> >> >> existed - yet I'm running a version with the fix.
> >> >>
> >> >> This is typical, though.  Updates available - even installed -
before
> >> >> you're even aware you need 'em.
> >> >>
> >> >> On the other hand, I'd like to point out something you're
conveniently
> >> >> overlooking.  Specifically, what's included in those "lists of 80
> >> >> vulnerabilities".
> >> >>
> >> >> What's listed there is, effectively, all known issues in all known
> >> >> applications for each distro.  That is to say, in Windows terms,
this
> > is
> >> >> about like having a central repository listing all known issues in
> >> >> Windows *plus* the combined bug lists from every well-known (and a
lot
> >> >> of lesser-known) Windows applications - winzip, Amaya, MS Office,
> >> >> Corel Draw, whatever - all in one place.
> >> >
> >> > Very useful, actually.  Can't find anything like it for Windows
> >> > software (didn't search very hard, though).
> >> >
> >> >
> >> >
> >> >> Debian, for example, comprises something like eleven *thousand*
> >> >> packages.
> >> >
> >> > Yes, someone said that yesterday.  That's truly absurd: 11,000 pieces
> >> > of slopware.
> >>
> >> You've *used* Debian then, & you know for *sure* it's slopware?
> >
> >
> > I made a long post about Debian slopware last week.  It was titled "Open
> > source code superior because of peer review and testing?"
> >
> > Look it up, if you want.

Didn't even read it, eh?


> Since you haven't proved any of it *is* 'slopware', that doesn't count as
> a erious argument.

Oh, I have proven some of it is slopware, and you know some of it is
slopware.



> And you cannot judge Linux software with any accuracy
> until you've used it on a daily basis for some time. Get yourself a distro
> and then you may be able to make judgements.

I think I will.  Back when I used RedHat 4.2, it was pretty much a mess.
Most of my installation was text-based.  To Linux' and my credit, I got it
up and running with no memorable difficulties.  It was a vanilla Dell
Pentium 1, 166mhz system with a CD ROM drive.  Don't remember if I got the
CD working or not.  I seem to remember some problems mounting a device.




> The sofware included as standard with WinXP is okay, but hardly much to
get
> excited about. With Mandrake 9.1, my distro, there is loads of nice stuff
> to choose from. I get an office suite (more than one if I like), various
> browswers, excellent text editors to suit all levels of experience; I use
> Xemacs, and Kate, as my own personal preference. If you claim Kate is
> 'slopware' you are certainly an idiot. I find it to be one of the very
best
> I've ever used, and I didn't even have to go looking for it.
>
> On this box I'm using now (not my main one) I've just installed Gkrellim,
a
> cool little monitoring app. On my dual-booter I'm trying out
Enlightenment,
> a windowmanager very different from KDE or Icewm, for a change of scene.

And that "freedom" seems to be important to Linux users.  Certainly I
wouldn't mind being able to change interfaces from time to time.



> These apps are not 'slopware'. Nor are a great many others produced for
> use with the Linux operating system.

And how many of the 11,000 Debian apps are even worth looking at?  1% or so?
If that...



> Before you sling mud *use Linux*. Try Knoppix, if you can't be bothered
> with an install - it's a good way to try out the latest software.

OK.


> <snip remainder>
>
> -- 
> Kier

"William Poaster" <willpoast@jvyycbnfg.zr.hx> wrote in message
news:pan.2004.06.15.18.38.04.120777@jvyycbnfg.zr.hx...
> begin On Tue, 15 Jun 2004 13:25:47 -0400, DFS posted:
>
> > "William Poaster" <willpoast@jvyycbnfg.zr.hx> wrote in message
> > news:pan.2004.06.15.17.18.48.789438@jvyycbnfg.zr.hx...
> >> begin On Tue, 15 Jun 2004 09:30:13 -0700, Jim Richardson posted:
> >>
> >> > -----BEGIN PGP SIGNED MESSAGE-----
> >> > Hash: SHA1
> >> >
> >> > On Tue, 15 Jun 2004 16:45:53 +0100,
> >> >  William Poaster <willpoast@jvyycbnfg.zr.hx> wrote:
> >> >> begin On Tue, 15 Jun 2004 16:47:03 +0100, spike1 posted:
> >> >>
> >> >>> William Poaster <willpoast@jvyycbnfg.zr.hx> wrote:
> >> >>>>> A new excuse.  Any installation problems or app viruses or
> >> >>>>> security issues are not Linux, 'cause Linux is the kernel.
> >> >>>
> >> >>>> Name an application virus!
> >> >>>
> >> >>> Name *ANY* virus...
> >> >>> (Bet he can't, and if he does, it's probably 4 or more years old
and
> > no
> >> >>> longer viable on any version of linux released within the last 4
> > years)
> >> >>
> >> >> He's grasping at straws as usual.
> >> >
> >> > It's all he's got.
> >> >
> >> > The only way he can make Linux look half as bad as the redmond stuff,
> >> > is to count the same vulnerabilities multiple times (once for each
> >> > distro) and include all apps and packages in the distros. Compared to
> >> > one version of MS-Ware, with few or no apps. Sad really.
> >
> > Liar.  I didn't count anything more than once, or across multiple
distros,
> > and you know it.  I reported the number of entries on the last two
> > security advisory web pages found at http://www.linuxsecurity.com.
>
> Except of course that.....
> Kernel flaw makes Linux crash easily
> New Linux Security Hole Found
> New Kernel Crash-Exploit discovered
> .......are all the *same* story reported by different people!

What does that have to do with me?  I posted only once a thread titled
"Linux kernel crash-exploits"



> CVS was know to be a security risk for sometime.
> You use it at your *own* risk.

Sounds like a new Linux tagline....




> http://www.linuxsecurity.com/articles/forums_article-34.html
> You've posted *already*
> Q.E.D

What are you babbling about, boy?

In comp.os.linux.advocacy, DFS
<nospam@nospam.com>
 wrote
on Tue, 15 Jun 2004 00:40:51 -0400
<10csvng3p2ns7cd@corp.supernews.com>:
> http://www.linuxsecurity.com/articles/forums_article-34.html
>
> In just two weeks, I've seen over 80 brand new Linux security
> vulnerabilities reported on www.linuxsecurity.com.
>
> So, when you say Linux is secure, exactly what are you talking about?
>
>

INC: incompatibility/incomplete implementation causes service failure
DOS: denial of service
KOS: killer of service
ILK: sensitive information leakage
LSE: local server exploit: non-root files may be overwritten if they
     have correct ownership
LRE: local root exploint: root files may be overwritten!
RSE: remote server exploit *** Possibility of a problem ****
RRE: remote root exploit **** EXTREMELY DANGEROUS ***

Debian vulnerabilities:
2004-06-08 gatos - privilege escalation vulnerability in xatitv (?)
2004-06-08 jftpgw - format string vulnerability (LSE)
2004-06-08 etherial - buffer overflows (?)
2004-06-08 gallery - unauthenticated access (RSE?)
2004-06-08 rsync - directory traversal vulnerability (RSE)
2004-06-08 log2mail - format string vulnerability (LSE)
2004-06-08 kernel - privilege escalation vulnerability (LRE/sparc only)
2004-06-08 lha - multiple vulnerabilities (LSE/LRE)
2004-06-08 postgresql (KOS)
2004-06-10 cvs - buffer overflow (RSE?)

Fedora vulnerabilities:
2004-06-08 cups - non-encryption vulnerability (?)
2004-06-08 etherial - same as above
2004-06-08 net-tools (RSE)
2004-06-08 krb5 - buffer overflows (LRE)
2004-06-08 squirrelmail (?)
2004-06-08 squid (RRE)

FreeBSD:
2004-06-08 kernel routing table flaw (DOS/RRE?)

Gentoo:
2004-06-08 tla - heap overflow (LRE?)
2004-06-08 MPlayer/xine-lib (LSE)
2004-06-08 Etherial - same as above
2004-06-08 tripwire - format string vulnerability (LSE/LRE)
2004-06-08 sitecopy - multiple (RRE)
2004-06-08 mailman - password leak (ILK)
2004-06-08 apache - buffer overflow (RRE)
2004-06-08 cvs - same as above?

Mandrake:
2004-06-08 mdkonline - incompatibility (INC)
2004-06-08 xpcd - buffer overflow (LRE)
2004-06-08 mod_ssl - buffer overflow (RRE)
2004-06-08 apache2 - same as mod_ssl (RRE)
2004-06-08 krb5 - same as above
2004-06-08 tripwire - same as above
2004-06-08 krb5 - patch fix
2004-06-08 mdkonline - patch fix
2004-06-08 cvs - same as above
2004-06-08 squid - long password buffer overflow (RRE)
2004-06-08 ksymoops - insecure tempfile (LSE)

NetBSD:
2004-06-08 cvs - same as above

OpenBSD:
2004-06-10 cvs - same as above

RedHat:
2004-06-08 cvs - same as above
2004-06-09 etherial - same as above
2004-06-09 krb5 - same as above
2004-06-09 squid - same as above
2004-06-09 cvs - same as above

Slackware:
2004-06-08 mod_ssl - same as above
2004-06-08 php - insecure path vulnerability (LSE)
2004-06-10 cvs - same as above

SuSE:
2004-06-08 cvs - same as above
2004-06-10 squid - same as above

Trustix:
2004-06-08 apache - same as above
2004-06-08 kerberos5 - same as above (krb5)
2004-06-08 squid - same as above

Turbolinux:
2004-06-08 cvs -- same as above
2004-06-08 tcpdump -- buffer overflows (RSE/RRE)
2004-06-08 apache -- same as above


* * *

It is clear that there are a large number of duplicates here.
I count 32 unique issues, of which two are indications of
patch fixes so that leaves 30.

All of these have available patches.

How many outstanding issues does XP, 2k, NT, Me, and 98 have?
(I don't count 95.)

-- 
#191, ewill3@earthlink.net
It's still legal to go .sigless.

DFS wrote:

> "kier" <vallon@tiscali.co.uk> wrote in message
> news:40cf1852$0$17782$cc9e4d1f@news.dial.pipex.com...
>> DFS wrote:
>>
>> > "William Poaster" <willpoast@jvyycbnfg.zr.hx> wrote in message
>> > news:pan.2004.06.15.13.14.54.449794@jvyycbnfg.zr.hx...
>> >> begin On Tue, 15 Jun 2004 08:56:45 -0400, DFS posted:
>> >>
>> >> > "Kelsey Bjarnason" <kelseyb@xxnospamyy.lightspeed.bc.ca> wrote in
>> > message
>> >> > news:pan.2004.06.15.05.58.15.29588@xxnospamyy.lightspeed.bc.ca...
>> >> >> On Tue, 15 Jun 2004 00:40:51 -0400, DFS wrote:
>> >> >>
>> >> >> > http://www.linuxsecurity.com/articles/forums_article-34.html
>> >> >> >
>> >> >> > In just two weeks, I've seen over 80 brand new Linux security
>> >> >> > vulnerabilities reported on www.linuxsecurity.com.
>> >> >> >
>> >> >> > So, when you say Linux is secure, exactly what are you talking
>> >> >> > about?
>> >> >>
>> >> >> 80?  Let's see.  I'm going to look at the distro I actually use
> most:
>> >> >> Mandrake.
>> >> >
>> >> > But that's just you.  Other Linux users work with different distros.
>> >>
>> >> Exactly! It's like saying last week there were 200 vulnerbilities in
>> >> Windows, except it was omitted to say they apply to different
> *versions*
>> >> of windows. So you *cannot* say there were 80 linux security
>> >> vulnerabilities as a blanket statement,
>> >
>> > Sure I can.  They were all Linux-related, weren't they?
>>
>> Some of the distros are radically different from eachother, so no, not in
>> the sense you meant it. A vulnerability affecting only Win2000, say,
>> doesn't apply to Win98, or vice versa. No more than one affecting only
>> certain distributions of Linux. Or for example something affecting the
>> 2.4 kernel but not the 2.6.
> 
> ??? Each security vulnerability is for a Linux kernel or a Linux app.
> Therefore, all 80 are Linux vulnerabilities.
> 
> You can hem and haw all day and say "they're not Linux kernel 2.6," or
> "they're only on Red Hat!" but that still doesn't change the fact that the
> Linux architecture is now, and always will be, full of security problems.
> Just like Windows.

Sure. I've never claimed Linux is totally secure. Nothing is. But Windows
has more problems, it's design is not good in the area of security, and
Linux is better. The way Linux is put together makes it less vulnerable in
the first place.

> 
>> >> or you *will* have to include
>> >> *all* windows vulnerabilities for *every* windows version when talking
>> >> about M$ Windows.
>> >
>> > We're not talking about Windows.
>>
>> But you are suggesting by implication that Windows doesn't have this
> problem
>> of vulnerabilities.
> 
> Not at all.  I'm proving Linux isn't nearly as secure as the cola nuts
> claim it to be.

Well, it's certainly better than Windows.


> 
>> >> > The point is each week dozens of new security vulnerabilities are
> found
>> > in
>> >> > Linux code,
>> >>
>> >> Wrong, linux code is the kernel.
>> >
>> > A new excuse.  Any installation problems or app viruses or security
> issues
>> > are not Linux, 'cause Linux is the kernel.
>>
>> He is, essentially, correct, though. Linux *is* only the kernel. What we
>> generally call Linux, is the whole shebang - apps, windowing system, etc,
>> etc, as provided by distributions.
> 
> You guys should get your terminology straight.

So should you.
 
> 
> 
>> It's been debated before whether when we
>> talk about Linux in the sense of the whole packaged system, we should
>> distinguish it by calling in Gnu/Linux, or whatever, so that there's less
>> confusion.
> 
> And if there's one thing that defines Linux, it's confusion.

For you, maybe. But there's another issue here, too. Linux/Gnu is not one
monolithic structure, it's a large community, or perhaps more accurately a
group of communities. And at times, not surprisingly, we're not all singing
from the same hymn sheet. Linus and his team guide the kernel, while others
get on with their part/s. It's all part of the free software ethos. It
seems confused to you because you're not in tune with any of it.

> 
>> Linux apps can be used on FreeBSD, too, and on Windows, remember.
> 
> A very, very few can be used on Windows, but that app is not properly
> termed a Linux app.

That's true, admittedly. And personally I don't know just how many 'Linux'
apps are actually available to Windows. There's the Gimp, OpenOffice,
firefox, mozilla, but those are the well-known ones. Emacs exists for
windows and has for many years, I believe. There's Vim for Windows, too,
though I haven't tried it - I'm an emacs/xemacs fan myself and I can't get
into vi/vim, etc at all. My brother is the hardcore vi user in our
family :-) 

> 
>> >> > yet the Linux moron community continues to blast Windows for
>> >> > being insecure.
>> >>
>> >> The windows OS itself is far more insecure then any linux distro OS,
>> >> & I've left out the applications of course, which *you* keep
>> >> including.
>> >>
>> >> >> The first item listed isn't a security issue at all.
>> >> >>
>> >> >> xpcd.  Can't say I've ever used it, so it's not like I've ever been
>> >> >> vulnerable.  Should I decide to install it, the patched version is
> in
>> >> >> the application list, ready to go.
>> >> >>
>> >> >> mod_ssl.  Yes, well, in theory, since I do some web work, this
>> >> >> might
> 
>> >> >> matter.  On the other hand, it's for Apache 1.3, which I don't use,
>> >> >> and if I were to downgrade to 1.3, the fixed ssl package is ready
>> >> >> to install.
>> >> >>
>> >> >> Apache 2.  Yup, I use that one.  Didn't even know this
>> >> >> vulnerability existed - yet I'm running a version with the fix.
>> >> >>
>> >> >> This is typical, though.  Updates available - even installed -
> before
>> >> >> you're even aware you need 'em.
>> >> >>
>> >> >> On the other hand, I'd like to point out something you're
> conveniently
>> >> >> overlooking.  Specifically, what's included in those "lists of 80
>> >> >> vulnerabilities".
>> >> >>
>> >> >> What's listed there is, effectively, all known issues in all known
>> >> >> applications for each distro.  That is to say, in Windows terms,
> this
>> > is
>> >> >> about like having a central repository listing all known issues in
>> >> >> Windows *plus* the combined bug lists from every well-known (and a
> lot
>> >> >> of lesser-known) Windows applications - winzip, Amaya, MS Office,
>> >> >> Corel Draw, whatever - all in one place.
>> >> >
>> >> > Very useful, actually.  Can't find anything like it for Windows
>> >> > software (didn't search very hard, though).
>> >> >
>> >> >
>> >> >
>> >> >> Debian, for example, comprises something like eleven *thousand*
>> >> >> packages.
>> >> >
>> >> > Yes, someone said that yesterday.  That's truly absurd: 11,000
>> >> > pieces of slopware.
>> >>
>> >> You've *used* Debian then, & you know for *sure* it's slopware?
>> >
>> >
>> > I made a long post about Debian slopware last week.  It was titled
>> > "Open source code superior because of peer review and testing?"
>> >
>> > Look it up, if you want.
> 
> Didn't even read it, eh?
> 
> 
>> Since you haven't proved any of it *is* 'slopware', that doesn't count as
>> a erious argument.
> 
> Oh, I have proven some of it is slopware, and you know some of it is
> slopware.

Have you? I hadn't noticed. No one seems to agree with you. I certainly
don't.

> 
>> And you cannot judge Linux software with any accuracy
>> until you've used it on a daily basis for some time. Get yourself a
>> distro and then you may be able to make judgements.
> 
> I think I will.  Back when I used RedHat 4.2, it was pretty much a mess.
> Most of my installation was text-based.  To Linux' and my credit, I got it
> up and running with no memorable difficulties.  It was a vanilla Dell
> Pentium 1, 166mhz system with a CD ROM drive.  Don't remember if I got the
> CD working or not.  I seem to remember some problems mounting a device.

We've come a very long way since the days of 4.2. You'll be pleasantly
surprised. If you really mean to try installing a distro, my own
recommendation - because I like it - would be Mandrake. 9.1 is nice and
stable, and 10 isn't bad (I've only used CE, not Official). But any major
distro should work. There's nothing wrong with RedHat 9.0, though it's no
longer offcially supported; the advantage here is the large number of books
on the distro. I have a three-CD publisher's edition of RH9, with a thick
tome of a book covering just about all the starter user needs to know.
 
> 
>> The sofware included as standard with WinXP is okay, but hardly much to
> get
>> excited about. With Mandrake 9.1, my distro, there is loads of nice stuff
>> to choose from. I get an office suite (more than one if I like), various
>> browswers, excellent text editors to suit all levels of experience; I use
>> Xemacs, and Kate, as my own personal preference. If you claim Kate is
>> 'slopware' you are certainly an idiot. I find it to be one of the very
> best
>> I've ever used, and I didn't even have to go looking for it.
>>
>> On this box I'm using now (not my main one) I've just installed Gkrellim,
> a
>> cool little monitoring app. On my dual-booter I'm trying out
> Enlightenment,
>> a windowmanager very different from KDE or Icewm, for a change of scene.
> 
> And that "freedom" seems to be important to Linux users.  Certainly I
> wouldn't mind being able to change interfaces from time to time.

Exactly. This is what Linux offers over Windows, to a great many people. The
freedom to change, and to choose.
 
> 
>> These apps are not 'slopware'. Nor are a great many others produced for
>> use with the Linux operating system.
> 
> And how many of the 11,000 Debian apps are even worth looking at?  1% or
> so? If that...

How do you know till you've actually looked? I've been reading some posts
about debian in another group. The real hack and slay work goes on in
testing, and is passed on to unstable when deemed ready. Only when it's in
a proper fit state for general use does it reach the stable branch. That's
why debian's developement is slow compared to most other distros, and why
its stable releases are fewer and without a fixed schedule: they are
released when they're ready, and not before. All of this effort is
community-based. Debian is less 'cutting-edge', but in return, you get
reliable, tested packages, and great stability.

> 
> 
> 
>> Before you sling mud *use Linux*. Try Knoppix, if you can't be bothered
>> with an install - it's a good way to try out the latest software.
> 
> OK.

That's a better attitude to take., Approach with an open mind and a
willingness to learn, rather than pre-conceived ideas. My Windows
experiences have not been bad - but my Linux experiences have been better.
Part of what Linux is about is handing control of your PC back to *you*,
allowing you and it to do anything you want.

-- 
Kier

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, 15 Jun 2004 14:50:44 -0400,
 DFS <nospam@nospam.com> wrote:

> ??? Each security vulnerability is for a Linux kernel or a Linux app.
> Therefore, all 80 are Linux vulnerabilities.
>


Many of the apps also run on MS-Windows, does that make them Windows
vulnerabilities also? 

<snip>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFAz1bId90bcYOAWPYRAqJvAKCyrE5H1THGlhUwByGb+kN8vnXb4wCfb7rc
qaye7aEcOCj6xlDwTgCTW5w=
=mKr7
-----END PGP SIGNATURE-----

-- 
Jim Richardson     http://www.eskimo.com/~warlock
Will of iron, nerves of steel, heart of gold, balls of brass.... 
No wonder I set off metal detectors.

"The Ghost In The Machine" <ewill@aurigae.athghost7038suus.net> wrote in
message news:cup3q1-spn.ln1@lexi2.athghost7038suus.net...
> In comp.os.linux.advocacy, DFS
> <nospam@nospam.com>
>  wrote
> on Tue, 15 Jun 2004 00:40:51 -0400
> <10csvng3p2ns7cd@corp.supernews.com>:
> > http://www.linuxsecurity.com/articles/forums_article-34.html
> >
> > In just two weeks, I've seen over 80 brand new Linux security
> > vulnerabilities reported on www.linuxsecurity.com.
> >
> > So, when you say Linux is secure, exactly what are you talking about?
> >
> >
>
> INC: incompatibility/incomplete implementation causes service failure
> DOS: denial of service
> KOS: killer of service
> ILK: sensitive information leakage
> LSE: local server exploit: non-root files may be overwritten if they
>      have correct ownership
> LRE: local root exploint: root files may be overwritten!
> RSE: remote server exploit *** Possibility of a problem ****
> RRE: remote root exploit **** EXTREMELY DANGEROUS ***
>
> Debian vulnerabilities:
> 2004-06-08 gatos - privilege escalation vulnerability in xatitv (?)
> 2004-06-08 jftpgw - format string vulnerability (LSE)
> 2004-06-08 etherial - buffer overflows (?)
> 2004-06-08 gallery - unauthenticated access (RSE?)
> 2004-06-08 rsync - directory traversal vulnerability (RSE)
> 2004-06-08 log2mail - format string vulnerability (LSE)
> 2004-06-08 kernel - privilege escalation vulnerability (LRE/sparc only)
> 2004-06-08 lha - multiple vulnerabilities (LSE/LRE)
> 2004-06-08 postgresql (KOS)
> 2004-06-10 cvs - buffer overflow (RSE?)
>
> Fedora vulnerabilities:
> 2004-06-08 cups - non-encryption vulnerability (?)
> 2004-06-08 etherial - same as above
> 2004-06-08 net-tools (RSE)
> 2004-06-08 krb5 - buffer overflows (LRE)
> 2004-06-08 squirrelmail (?)
> 2004-06-08 squid (RRE)
>
> FreeBSD:
> 2004-06-08 kernel routing table flaw (DOS/RRE?)
>
> Gentoo:
> 2004-06-08 tla - heap overflow (LRE?)
> 2004-06-08 MPlayer/xine-lib (LSE)
> 2004-06-08 Etherial - same as above
> 2004-06-08 tripwire - format string vulnerability (LSE/LRE)
> 2004-06-08 sitecopy - multiple (RRE)
> 2004-06-08 mailman - password leak (ILK)
> 2004-06-08 apache - buffer overflow (RRE)
> 2004-06-08 cvs - same as above?
>
> Mandrake:
> 2004-06-08 mdkonline - incompatibility (INC)
> 2004-06-08 xpcd - buffer overflow (LRE)
> 2004-06-08 mod_ssl - buffer overflow (RRE)
> 2004-06-08 apache2 - same as mod_ssl (RRE)
> 2004-06-08 krb5 - same as above
> 2004-06-08 tripwire - same as above
> 2004-06-08 krb5 - patch fix
> 2004-06-08 mdkonline - patch fix
> 2004-06-08 cvs - same as above
> 2004-06-08 squid - long password buffer overflow (RRE)
> 2004-06-08 ksymoops - insecure tempfile (LSE)
>
> NetBSD:
> 2004-06-08 cvs - same as above
>
> OpenBSD:
> 2004-06-10 cvs - same as above
>
> RedHat:
> 2004-06-08 cvs - same as above
> 2004-06-09 etherial - same as above
> 2004-06-09 krb5 - same as above
> 2004-06-09 squid - same as above
> 2004-06-09 cvs - same as above
>
> Slackware:
> 2004-06-08 mod_ssl - same as above
> 2004-06-08 php - insecure path vulnerability (LSE)
> 2004-06-10 cvs - same as above
>
> SuSE:
> 2004-06-08 cvs - same as above
> 2004-06-10 squid - same as above
>
> Trustix:
> 2004-06-08 apache - same as above
> 2004-06-08 kerberos5 - same as above (krb5)
> 2004-06-08 squid - same as above
>
> Turbolinux:
> 2004-06-08 cvs -- same as above
> 2004-06-08 tcpdump -- buffer overflows (RSE/RRE)
> 2004-06-08 apache -- same as above
>
>
> * * *
>
> It is clear that there are a large number of duplicates here.

I can't say that with certainty, but I have done a little digging, and in
the two I checked (the krb5 buffer overflow issue that appears in Fedora,
Mandrake, RedHat and Trustix, and the apache issue appearing in Gentoo and
Trustix), they do appear to point to the same set of problems with the
respective apps (MIT Kerberos 5, and apache mod_ssl).

krb5 issue: http://marc.theaimsgroup.com/?l=bugtraq&m=108612325909496&w=2





> I count 32 unique issues, of which two are indications of
> patch fixes so that leaves 30.

I won't check all your work; I checked two and you were correct.

How did you decipher them so quickly?  The descriptions aren't specific
enough; maybe you just knew they listed the same bugs across all affected
distros?  I'll know next time - but I still won't take the time to find out
how many are dupes.  I'll just report the raw number.

Regardless, that's at least 30 new security vulnerabilities; not 52.
Neither number is encouraging for such a "secure" platform.





> All of these have available patches.

Great.  That leaves the open sourcers twiddling their thumbs until the next
security issues are found (later today).




> How many outstanding issues does XP, 2k, NT, Me, and 98 have?
> (I don't count 95.)

You'll have to ask MS about that.

DFS, after spending 3 minutes figuring out which end of the pen to use, wrote:

> "William Poaster" <willpoast@jvyycbnfg.zr.hx> wrote in message
> news:pan.2004.06.15.17.18.48.789438@jvyycbnfg.zr.hx...
>> begin On Tue, 15 Jun 2004 09:30:13 -0700, Jim Richardson posted:
>>
>> > -----BEGIN PGP SIGNED MESSAGE-----
>> > Hash: SHA1
>> >
>> > On Tue, 15 Jun 2004 16:45:53 +0100,
>> >  William Poaster <willpoast@jvyycbnfg.zr.hx> wrote:
>> >> begin On Tue, 15 Jun 2004 16:47:03 +0100, spike1 posted:
>> >>
>> >>> William Poaster <willpoast@jvyycbnfg.zr.hx> wrote:
>> >>>>> A new excuse.  Any installation problems or app viruses or security
>> >>>>> issues are not Linux, 'cause Linux is the kernel.
>> >>>
>> >>>> Name an application virus!
>> >>>
>> >>> Name *ANY* virus...
>> >>> (Bet he can't, and if he does, it's probably 4 or more years old and
> no
>> >>> longer viable on any version of linux released within the last 4
> years)
>> >>
>> >> He's grasping at straws as usual.
>> >
>> > It's all he's got.
>> >
>> > The only way he can make Linux look half as bad as the redmond stuff, is
>> > to count the same vulnerabilities multiple times (once for each distro)
>> > and include all apps and packages in the distros. Compared to one
> version
>> > of MS-Ware, with few or no apps. Sad really.
> 
> Liar.  I didn't count anything more than once, or across multiple distros,
> and you know it.  I reported the number of entries on the last two security
> advisory web pages found at http://www.linuxsecurity.com.
> 
>> Yes, it is.
>> That's why I said that in comparing the vulnerabilities of windows &
>> linux the way *he* does it, he should also include *all* the windows OS
>> *&* applications too. He doesn't seem to get the idea, or doesn't want to:
>> - "DFS" - Message-ID: <10ctupeajfhu52c@corp.supernews.com>
>> "Sure I can. They were all Linux-related, weren't they?"
> 
> 
> I never said anything about how I count Windows or Linux viruses.  I just
> pointed out that Linux (meaning the Linux kernel and Linux apps) has dozens
> of new security vulnerabilities uncovered and reported each week.
> 
> Linux isn't nearly as secure as you cola nuts claim it is.
> 
> That's the whole point.

  The only point you have, is the one on the top of your head. You have got a
serious reading comprehension problem along with the pointy head also. 
  If you had gone here <http://www.linuxsecurity.com/advisories/index.html> ,
you'd have seen that in five days there were only *15* advisories, and each of
them were for packages/apps for *seperate* distros, meaning the advisories for
SuSE (squid was the *only* one) didn't affect the other distros using the same
app. To also reiterate for your addle-brained idiocy, many of those apps with
those advisories only are *possibly* a vulnerability to ones system *IF* that
app is actually installed.
  Fuck, but you make even hammers cringe at your idiocy.
-- 
Linux 2.4.20-4GB-athlon
  4:25pm  up 4 days 19:50,  2 users,  load average: 0.00, 0.00, 0.00

DFS, after spending 3 minutes figuring out which end of the pen to use, wrote:

> "William Poaster" <willpoast@jvyycbnfg.zr.hx> wrote in message
> news:pan.2004.06.15.18.38.04.120777@jvyycbnfg.zr.hx...
>> begin On Tue, 15 Jun 2004 13:25:47 -0400, DFS posted:
>>
>> > "William Poaster" <willpoast@jvyycbnfg.zr.hx> wrote in message
>> > news:pan.2004.06.15.17.18.48.789438@jvyycbnfg.zr.hx...
>> >> begin On Tue, 15 Jun 2004 09:30:13 -0700, Jim Richardson posted:
>> >>
>> >> > -----BEGIN PGP SIGNED MESSAGE-----
>> >> > Hash: SHA1
>> >> >
>> >> > On Tue, 15 Jun 2004 16:45:53 +0100,
>> >> >  William Poaster <willpoast@jvyycbnfg.zr.hx> wrote:
>> >> >> begin On Tue, 15 Jun 2004 16:47:03 +0100, spike1 posted:
>> >> >>
>> >> >>> William Poaster <willpoast@jvyycbnfg.zr.hx> wrote:
>> >> >>>>> A new excuse.  Any installation problems or app viruses or
>> >> >>>>> security issues are not Linux, 'cause Linux is the kernel.
>> >> >>>
>> >> >>>> Name an application virus!
>> >> >>>
>> >> >>> Name *ANY* virus...
>> >> >>> (Bet he can't, and if he does, it's probably 4 or more years old
> and
>> > no
>> >> >>> longer viable on any version of linux released within the last 4
>> > years)
>> >> >>
>> >> >> He's grasping at straws as usual.
>> >> >
>> >> > It's all he's got.
>> >> >
>> >> > The only way he can make Linux look half as bad as the redmond stuff,
>> >> > is to count the same vulnerabilities multiple times (once for each
>> >> > distro) and include all apps and packages in the distros. Compared to
>> >> > one version of MS-Ware, with few or no apps. Sad really.
>> >
>> > Liar.  I didn't count anything more than once, or across multiple
> distros,
>> > and you know it.  I reported the number of entries on the last two
>> > security advisory web pages found at http://www.linuxsecurity.com.
>>
>> Except of course that.....
>> Kernel flaw makes Linux crash easily
>> New Linux Security Hole Found
>> New Kernel Crash-Exploit discovered
>> .......are all the *same* story reported by different people!
> 
> What does that have to do with me?  I posted only once a thread titled
> "Linux kernel crash-exploits"
> 
> 
> 
>> CVS was know to be a security risk for sometime.
>> You use it at your *own* risk.
> 
> Sounds like a new Linux tagline....
> 
> 
> 
> 
>> http://www.linuxsecurity.com/articles/forums_article-34.html
>> You've posted *already*
>> Q.E.D
> 
> What are you babbling about, boy?

  Good. It's about time you admitted your lack of any kind of intelligence. A
fucking amoeba could spnak you with ease!
-- 
Linux 2.4.20-4GB-athlon
  4:38pm  up 4 days 20:02,  2 users,  load average: 0.08, 0.12, 0.04

begin On Tue, 15 Jun 2004 14:55:51 -0400, DFS posted:

> 
> What are you babbling about, boy?

You're the one babbling &, unlike you, I'm not a boy.
Now run along & play your games, sonny.

-- 
The short life and hard times of a Linux virus
http://librenix.com/?inode=21
Linux vs. Windows Viruses
http://www.securityfocus.com/columnists/188

begin On Tue, 15 Jun 2004 20:33:54 +0000, Jim Richardson posted:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> On Tue, 15 Jun 2004 14:50:44 -0400,
>  DFS <nospam@nospam.com> wrote:
> 
>> ??? Each security vulnerability is for a Linux kernel or a Linux app.
>> Therefore, all 80 are Linux vulnerabilities.
>>
>>
> 
> Many of the apps also run on MS-Windows, does that make them Windows
> vulnerabilities also?

Of *course* it does, according to *his* logic! <g>

-- 
The short life and hard times of a Linux virus
http://librenix.com/?inode=21
Linux vs. Windows Viruses
http://www.securityfocus.com/columnists/188

"Norwegian Formula" <R@bastards.com> wrote in message
news:40cf6ac1_1@newspeer2.tds.net...
> DFS, after spending 3 minutes figuring out which end of the pen to use,
wrote:

> > I never said anything about how I count Windows or Linux viruses.  I
just
> > pointed out that Linux (meaning the Linux kernel and Linux apps) has
dozens
> > of new security vulnerabilities uncovered and reported each week.
> >
> > Linux isn't nearly as secure as you cola nuts claim it is.
> >
> > That's the whole point.
>
>   The only point you have, is the one on the top of your head. You have
got a
> serious reading comprehension problem along with the pointy head also.

It's a FACT new Linux viruses, exploits, hacks, vulnerabilities, etc are
found EVERY DAY, and Linux servers and desktops are compromised and shut
down by same EVERY DAY.  The same holds true for Windows (to a greater
degree).

I think blind lust for Linux has made you morons into robots programmed to
store Linux security and vulnerability reports in a tiny room in your brain
that holds only one problem at a time.  When a new kernel fixes it, you
flush that memory and start over.



> If you had gone here <http://www.linuxsecurity.com/advisories/index.html>
,
> you'd have seen that in five days there were only *15* advisories,

Yes, I see that.  And I also see "in five days".  And in the five days
prior, there were 15 other advisories, and in the next five days, another
15, and so on...



> and each of
> them were for packages/apps for *seperate* distros, meaning the advisories
for
> SuSE (squid was the *only* one) didn't affect the other distros using the
same
> app.

That's bullshit.  The June 11th krb5 advisory on
http://www.linuxsecurity.com/articles/forums_article-34.html affected four
distros (Fedora, RedHat, Mandrake and Trustix) using kerberos.  In fact, it
actually affected many more than that; it affected all releases of MIT
Kerberos 5, up to and including krb5-1.3.3.
http://marc.theaimsgroup.com/?l=bugtraq&m=108612325909496&w=2


And then there's this
http://www.computerworld.com/softwaretopics/os/linux/story/0,10801,93833,00.html,
where "...anyone with an ordinary user account on a Linux machine can crash
the entire server, according to Oyvind Saether, who discovered the bug along
with Stian Skjelstad. Administrator access isn't required."

What's next for Linux?  I'll tell you what's next: anti-virus software,
automatic updating, constant security patches, etc.  Sound familiar?



> To also reiterate for your addle-brained idiocy, many of those apps with
> those advisories only are *possibly* a vulnerability to ones system *IF*
that
> app is actually installed.

Duh... who ever claimed differently, asshole?  If Outlook Express isn't
installed on my Win2K system, how can I get all these worms you Linux morons
howl about?




>  Fuck, but you make even hammers cringe at your idiocy.

Typical Linux moron.  Can't defend the supposed "security" of his OS, so he
resorts to calling me names.





> -- 
> Linux 2.4.20-4GB-athlon
>   4:25pm  up 4 days 19:50,  2 users,  load average: 0.00, 0.00, 0.00
>

begin On Tue, 15 Jun 2004 18:13:17 -0400, DFS posted:

> What's next for Linux?  I'll tell you what's next: anti-virus software,
> automatic updating, constant security patches, etc.  Sound familiar?

AV software? LOL Yes, to stop windows machines being infected, otherwise a
linux machine doesn't need it. Read the links below, stupid! 

-- 
The short life and hard times of a Linux virus
http://librenix.com/?inode=21
Linux vs. Windows Viruses
http://www.securityfocus.com/columnists/188

"William Poaster" <willpoast@jvyycbnfg.zr.hx> wrote in message
news:pan.2004.06.15.22.28.30.806438@jvyycbnfg.zr.hx...
> begin On Tue, 15 Jun 2004 18:13:17 -0400, DFS posted:
>
> > What's next for Linux?  I'll tell you what's next: anti-virus software,
> > automatic updating, constant security patches, etc.  Sound familiar?
>
> AV software? LOL Yes, to stop windows machines being infected, otherwise a
> linux machine doesn't need it. Read the links below, stupid!

Linux machines don't need anti-virus software?

LOL!  Tell it to
Sophos http://www.sophos.com/products/sav/,
and Vexira http://www.centralcommand.com/linux_server.html,
and Astaro http://www.astaro.com/php/contact/google.php?ref=23,
and F-Secure http://www.f-secure.com/products/anti-virus/linux/samba.shtml
and McAfee... et al

Look who's stupid now.  You really are uninformed, aren't you, Linux moron?







> -- 
> The short life and hard times of a Linux virus
> http://librenix.com/?inode=21
> Linux vs. Windows Viruses
> http://www.securityfocus.com/columnists/188

begin On Tue, 15 Jun 2004 18:40:01 -0400, DFS posted:

> "William Poaster" <willpoast@jvyycbnfg.zr.hx> wrote in message
> news:pan.2004.06.15.22.28.30.806438@jvyycbnfg.zr.hx...
>> begin On Tue, 15 Jun 2004 18:13:17 -0400, DFS posted:
>>
>> > What's next for Linux?  I'll tell you what's next: anti-virus
>> > software, automatic updating, constant security patches, etc.  Sound
>> > familiar?
>>
>> AV software? LOL Yes, to stop windows machines being infected, otherwise
>> a linux machine doesn't need it. Read the links below, stupid!
> 
> Linux machines don't need anti-virus software?
> 
> LOL!  Tell it to
> Sophos http://www.sophos.com/products/sav/, and Vexira
> http://www.centralcommand.com/linux_server.html, and Astaro
> http://www.astaro.com/php/contact/google.php?ref=23, and F-Secure
> http://www.f-secure.com/products/anti-virus/linux/samba.shtml and
> McAfee... et al
> 
> Look who's stupid now.  You really are uninformed, aren't you, Linux
> moron?

Obviously you *didn't* read the links, st00pid!

-- 
The short life and hard times of a Linux virus
http://librenix.com/?inode=21
Linux vs. Windows Viruses
http://www.securityfocus.com/columnists/188

begin On Tue, 15 Jun 2004 16:47:03 +0100, spike1 posted:

> William Poaster <willpoast@jvyycbnfg.zr.hx> wrote:
>>> A new excuse.  Any installation problems or app viruses or security
>>> issues are not Linux, 'cause Linux is the kernel.
> 
>> Name an application virus!
> 
> Name *ANY* virus...
> (Bet he can't, and if he does, it's probably 4 or more years old and no
> longer viable on any version of linux released within the last 4 years)

He can't, but *here's* a good one that the wintroll just posted -

>Linux machines don't need anti-virus software?

> LOL!  Tell it to
> Sophos http://www.sophos.com/products/sav/, and Vexira
> http://www.centralcommand.com/linux_server.html, and Astaro
> http://www.astaro.com/php/contact/google.php?ref=23, and F-Secure
> http://www.f-secure.com/products/anti-virus/linux/samba.shtml and
> McAfee... et al

> Look who's stupid now.  You really are uninformed, aren't you, Linux
> moron?

Of course as *usual* he posted a knee-jerk reaction, &  he hasn't the
foggiest idea that they are to stop Windows viruses being passed on! He
obviously didn't stop to think about it! LOL

-- 
The short life and hard times of a Linux virus
http://librenix.com/?inode=21
Linux vs. Windows Viruses
http://www.securityfocus.com/columnists/188

DFS <nospam@nospam.com> did eloquently scribble:
> It's a FACT new Linux viruses,

Name one.
Just one. In the past year, name one.
-- 
|                          |What to do if you find yourself stuck in a crack|
|  spike1@freenet.co.uk    |in the ground beneath a giant boulder, which you|
|                          |can't move, with no hope of rescue.             |
|Andrew Halliwell BSc(hons)|Consider how lucky you are that life has been   |
|           in             |good to you so far...                           |
|    Computer Science      |   -The BOOK, Hitch-hiker's guide to the galaxy.|

DFS <nospam@nospam.com> did eloquently scribble:
> "William Poaster" <willpoast@jvyycbnfg.zr.hx> wrote in message
> news:pan.2004.06.15.22.28.30.806438@jvyycbnfg.zr.hx...
>> begin On Tue, 15 Jun 2004 18:13:17 -0400, DFS posted:
>>
>> > What's next for Linux?  I'll tell you what's next: anti-virus software,
>> > automatic updating, constant security patches, etc.  Sound familiar?
>>
>> AV software? LOL Yes, to stop windows machines being infected, otherwise a
>> linux machine doesn't need it. Read the links below, stupid!
> 
> Linux machines don't need anti-virus software?
> 
> LOL!  Tell it to
> Sophos http://www.sophos.com/products/sav/,
> and Vexira http://www.centralcommand.com/linux_server.html,
> and Astaro http://www.astaro.com/php/contact/google.php?ref=23,
> and F-Secure http://www.f-secure.com/products/anti-virus/linux/samba.shtml
> and McAfee... et al
> 
> Look who's stupid now.  You really are uninformed, aren't you, Linux moron?

Ever read what they actually DO on linux?
Cos they don't scan for viruses infecting linux itself, if they did, they
wouldn't need massive virus sig files, they'd have none to find.
 

-- 
|                          |What to do if you find yourself stuck in a crack|
|  spike1@freenet.co.uk    |in the ground beneath a giant boulder, which you|
|                          |can't move, with no hope of rescue.             |
|Andrew Halliwell BSc(hons)|Consider how lucky you are that life has been   |
|           in             |good to you so far...                           |
|    Computer Science      |   -The BOOK, Hitch-hiker's guide to the galaxy.|

DFS is alleged to have said in comp.os.linux.advocacy:

> Sure I can.  They were all Linux-related, weren't they?
 
No, some were for a couple different flavors of BSD. Not that I expect you
to understand that, given your self-admitted ignorance.

-- 
Gates' Law: Every 18 months the speed of software halves.

[snips]

On Tue, 15 Jun 2004 20:00:28 +0000, The Ghost In The Machine wrote:

>> So, when you say Linux is secure, exactly what are you talking about?
>>
> Debian vulnerabilities:

These don't affect me, as I'm not running Debian.

> Fedora vulnerabilities:

Nor am I running Fedora.

> FreeBSD:

Nor FreeBSD.

> Gentoo:

Nor Gentoo.

> Mandrake:

Aha.  Finally.

> 2004-06-08 mdkonline - incompatibility (INC)

 Doesn't affect me, as I don't use mkdonline.

> 2004-06-08 xpcd - buffer overflow (LRE)

Doesn't affect me, as I don't use xpcd.

> 2004-06-08 mod_ssl - buffer overflow (RRE)

Doesn't affect me, as I run a more recent Apache.

> 2004-06-08 apache2 - same as mod_ssl (RRE)

Doesn't affect me, as I had the update before I was even aware of the
issue.

> 2004-06-08 krb5 - same as above

Oh, look.  I'm using krb5.  The fixed version.

> 2004-06-08 tripwire - same as above

Not using it, but... yup, there it is.  If I installed tripwire, it'd be
the fixed version.

> 2004-06-08 cvs - same as above

Not using it.  Again, though, the installable version is the updated
version.

> 2004-06-08 squid - long password buffer overflow (RRE) 2004-06-08
> ksymoops - insecure tempfile (LSE)

And again, the version to be installed is the fixed version.

> NetBSD:

I don't use NetBSD.

> OpenBSD:

I don't use OpenBSD.

> RedHat:

I don't use RH.

> Slackware:

I don't use Slack.

> SuSE:

I don't use SuSE.

> Trustix:

I don't use Trustix.

> Turbolinux:

I don't use TurboLinux.

> It is clear that there are a large number of duplicates here. I count 32
> unique issues, of which two are indications of patch fixes so that
> leaves 30.

Actually, it leaves 8.  *All* of which are fixed.

Not too swift, is he?

kier <vallon@tiscali.co.uk> did eloquently scribble:
>> A very, very few can be used on Windows, but that app is not properly
>> termed a Linux app.
> 
> That's true, admittedly. And personally I don't know just how many 'Linux'
> apps are actually available to Windows. 

probably 99% of them, if you're using cygwin.
:)

-- 
______________________________________________________________________________
|   spike1@freenet.co.uk   | "Are you pondering what I'm pondering Pinky?"   |
|Andrew Halliwell BSc(hons)|                                                 |
|            in            | "I think so brain, but this time, you control   |
|     Computer Science     |  the Encounter suit, and I'll do the voice..."  |
------------------------------------------------------------------------------

[snips]

On Tue, 15 Jun 2004 16:48:49 -0400, DFS wrote:

> Regardless, that's at least 30 new security vulnerabilities; not 52.
> Neither number is encouraging for such a "secure" platform.

I realize that hard concepts are a little beyond your grasp, but let's try
anyways.

Nothing, no OS, no computer, is "secure" as an absolute.  Security is
relative, and keeping a system secure is a process.  No system, locked
down today and subsequently left unadministered, is going to remain
secure; application bugs, server bugs, design issues, whatever, all cause
vulnerabilities.

So, we have to compare well-maintained machines to see how they fare
_relative_ to each other to get a concept of how secure the machines can
be... and we might also want to compare more typical machines to see how
secure such systems are with the usual level of half-assed administration.
We should also see how difficult it is to keep a system up to date, as
this is, in part at least, an indicator of how likely it is to be kept up
to date - if  you make it hard to update, it won't be updated, generally.

So, let's see.  You've "discovered" 8 vulnerabilities that are relevant to
my system.  Of those 8, *zero* are applicable.  That is, not a single one
of those vulnerabilities affects my machine one iota.

Just for giggles, I checed Secunia.  In 2004, XP Pro lists some 20 items.
Many of these affect multiple Windows versions.  It should be noted that
these are, apparently, all specific to Windows XP - that is, the list
doesn't include, say, SQL Server.  Or WinAmp.  Or whatever.

So, of those, how many are fixed?  All of them, as with the ones you
posted that could affect my system?  Some of them?  None of them?  What
about all the other programs one uses in Windows?  Are all their
vulnerabilities posted here?  Or anywhere?  Are all those vulnerabilities
also fixed?  Do you have all the latest versions?

So here we have Linux which does, in fact, have all the patches either
applied already, or ready to be applied _when the relevant package is
installed_.  Not a single listed vulnerability is going to affect this
machine one bit.  But how about keeping it that way?

In Windows, there's Windows update.  Which updates... well... Windows. 
Not WinAmp.  Not Corel products.  Not WinZip.  Not Borland products.  Not
MS's products such as Office.  Not MS servers such as Exchange or SQL
Server, apparently.

So... how *do* you update the system?  By "the system", I mean
*everything* in the system - device drivers, servers, applications,
utilities, documentation, whatever needs updating?

Even just using Windows Update is a PITA, as many things that come through
it are "exclusive" updates and require a reboot before you can install the
next one. The sheer annoyance factor is a major reason why many systems
aren't kept up to date.  You'd think - since it's all MS software - that
MS could manage to do it in a somewhat more sane manner, but nope,
apparently not.

Meanwhile, to apply updates in Linux, I can use the GUI tool, or I can do
the following from the command-line:

urpmi.update -a && urpmi --auto-select

Voila.  The first part fetches the latest lists of what's ready to be
installed, the second updates the packages I actually have installed. 
About the only exception to this is kernels - which I can install from the
command line or the GUI.

So, type one line, two commands, wait a bit, zero rebooting, and the whole
bloomin' thing is updated.  Windows doesn't make it that easy to
just update *Windows*, never mind all your apps and other things.

Hell, the process can be automated with a cron entry; every morning when I
sit down at the machine, I can have all relevant updates and fixes applied
for me automatically and ready to use.

So.  Let's compare.

Linux: 8 issues, all fixed, most of which don't affect me in the first
place.

Windows: Unknown number of vulnerabilities, unknown whether they're fixed,
no way to tell, really.

Linux: Keeping up to date requires a one-liner which can be automated.

Windows: Keeping up to date requires manual browsing over anywhere from
tens to hundreds of websites, manual downloads, manual installs, possibly
also uninstalls and, in many cases, reboots.

Where does that leave us?  It leaves _me_ with all the vulnerabilties you
listed _fixed_.  It leaves _me_ with a trivially simple, even automatic,
way to stay on top of updates.  It leaves _you_ with an unknown number of
vulnerabilities, no way to tell if they're fixed, and no hope in hell of
having anything remotely resembling the ease of updating I enjoy.

This, of course, hasn't even touched on viruses and the like.  While
you're busy ensuring your AV software is updated, and praying your AV
vendor comes out with a defense against the latest viruses _before_ your
system gets infected, I don't even run AV software.  Nor spyware blockers,
nor anti-hijack tools.

The conclusion should be obvious even to you: it is not only simpler to
find out if there _is_ a vulnerability that affects your Linux system, it
is *far* easier to keep your system up to date to avoid being affected by
such issues.  If you recall, security is a process - one of monitoring,
one of updating, one of ensuring things you don't need aren't running,
etc.  So far, we've got the monitoring and updating down pat - Linux
incident lists actually include application issues, unlike Windows lists,
and the updating process is trivial - what about the other items?

Well, for monitoring, it is trivially easy to set up your Linux system to
email you if there are security concerns.  Tools such as tripwire can
monitor the system.  Servers write logs.  All of this information can be
e-mailed, automatically.

Disabling things you don't need - services, usually - is also trivial. 
There's a little GUI tool that lists them, along with a brief description
of what they are, and lets you start them, stop them, set them to start at
boot - or not.

Windows, of course, has much the same thing.  However... it also has about
9 other ways for things to start.  For example, Yahoo's IM client, as I
recall, installs itself into your startup folder.  And into the RUN
registry key.  So even if you remove it from the startup folder, it starts
up anyways - annoying.  Worse, if you _do_ clean it out, it _reinstalls_
itself there.

In order to effectively stop such things, your real choice is simply to
stop using them.  Period.  Hardly an effective strategy, especially with
the MSN messenger cilent which seems to have somehow become a "required"
component.

All things considered, it is much, much easier to find out about Linux
vulnerabilities and to ensure that the appropriate fixes are applied than
it is to do the same in Windows.  Which is absolutely horrible for the
user - if you don't even _know_ whether there's a vulnerability, how
can you hope to even try to prevent it?  You can't.

"William Poaster" <willpoast@jvyycbnfg.zr.hx> wrote in message
news:pan.2004.06.15.23.07.04.4138@jvyycbnfg.zr.hx...
> begin On Tue, 15 Jun 2004 16:47:03 +0100, spike1 posted:
>
> > William Poaster <willpoast@jvyycbnfg.zr.hx> wrote:
> >>> A new excuse.  Any installation problems or app viruses or security
> >>> issues are not Linux, 'cause Linux is the kernel.
> >
> >> Name an application virus!
> >
> > Name *ANY* virus...
> > (Bet he can't, and if he does, it's probably 4 or more years old and no
> > longer viable on any version of linux released within the last 4 years)
>
> He can't, but *here's* a good one that the wintroll just posted -
>
> >Linux machines don't need anti-virus software?
>
> > LOL!  Tell it to
> > Sophos http://www.sophos.com/products/sav/, and Vexira
> > http://www.centralcommand.com/linux_server.html, and Astaro
> > http://www.astaro.com/php/contact/google.php?ref=23, and F-Secure
> > http://www.f-secure.com/products/anti-virus/linux/samba.shtml and
> > McAfee... et al
>
> > Look who's stupid now.  You really are uninformed, aren't you, Linux
> > moron?
>
> Of course as *usual* he posted a knee-jerk reaction, &  he hasn't the
> foggiest idea that they are to stop Windows viruses being passed on! He
> obviously didn't stop to think about it! LOL


Willie,

Of course you, a Linux moron, would say that.  It matters not what platform
the virus targeted; the fact is the virus/malware/spyware can be, will be,
and is, spread by Linux servers.  And don't pretend a portion of the
malicious code isn't also targeted at Linux.

Why do I, a total Linux novice, have to school you on your own OS of choice?
Surely you're not that oblivious.







> -- 
> The short life and hard times of a Linux virus
> http://librenix.com/?inode=21
> Linux vs. Windows Viruses
> http://www.securityfocus.com/columnists/188

"Rob Hughes" <rob@robhughes.com> wrote in message
news:kv6dnewFec97GVLdRVn-jg@comcast.com...
> DFS is alleged to have said in comp.os.linux.advocacy:
>
> > Sure I can.  They were all Linux-related, weren't they?
>
> No, some were for a couple different flavors of BSD. Not that I expect you
> to understand that, given your self-admitted ignorance.


I do understand the difference.

Berkeley Software Distribution predates Linux by about 10 or 15 years, and
was developed primarily by Bill Joy (cofounder of Sun, and recently departed
I think) at UCBerkeley.

Yippee!

DFS (Der Flatfish Similie) wrote:

> Linux machines don't need anti-virus software?
> 
> LOL!  Tell it to
> Sophos http://www.sophos.com/products/sav/,
> and Vexira http://www.centralcommand.com/linux_server.html,
> and Astaro http://www.astaro.com/php/contact/google.php?ref=23,
> and F-Secure http://www.f-secure.com/products/anti-virus/linux/samba.shtml
> and McAfee... et al
> 
> Look who's stupid now.  You really are uninformed, aren't you, Linux
> moron?

Well, all of them pitch Linux as being a good base for network file and
email AV scanning, etc. to protect Windows Networks. Did you actually read
the links?

And yes, I have actually deployed astaro, vexira and f-secure for that
purpose, and know of many other installations with the other names you
mention in many client sites.

What is your point, to show your ignorance? Are you from AdTI too?

Cheers,
WS

-- 
Change to leews to mail.
Linux user #61399
The beginning of the
end

[snips]

On Tue, 15 Jun 2004 21:42:06 -0400, DFS wrote:

>> Of course as *usual* he posted a knee-jerk reaction, &  he hasn't the
>> foggiest idea that they are to stop Windows viruses being passed on! He
>> obviously didn't stop to think about it! LOL
> 
> 
> Willie,
> 
> Of course you, a Linux moron, would say that.  It matters not what platform
> the virus targeted; the fact is the virus/malware/spyware can be, will be,
> and is, spread by Linux servers.

Sure.  Any mail or file server will serve mails and files; that's what
they do.  What's *in* those files is SEP - somebody else's problem.  A
mailer processes mail, that's it.  If the mail happens to contain a virus,
then the recipient will get the virus.  It doesn't matter if the mailer
runs in DOS, Windows, Linux, OS/2 or VMS.

However...

Systems which handle mail can _also_ have additional functionality added,
such as virus scanning.  Mail tossers nowadays often do.  Including Linux
ones.  File servers might, too.  But it's *Windows* viruses they're
scanning for, destined for *Windows* based clients.

> And don't pretend a portion of the
> malicious code isn't also targeted at Linux.

Most unlikely.  The paltry few Linux viruses are long dead, so they
won't be there, and worms and the like tend to travel by other means.

"Kelsey Bjarnason" <kelseyb@xxnospamyy.lightspeed.bc.ca> wrote in message
news:pan.2004.06.16.00.14.24.796596@xxnospamyy.lightspeed.bc.ca...
> [snips]
>
> On Tue, 15 Jun 2004 16:48:49 -0400, DFS wrote:
>
> > Regardless, that's at least 30 new security vulnerabilities; not 52.
> > Neither number is encouraging for such a "secure" platform.
>
> I realize that hard concepts are a little beyond your grasp, but let's try
> anyways.

Please.


> Nothing, no OS, no computer, is "secure" as an absolute.  Security is
> relative, and keeping a system secure is a process.  No system, locked
> down today and subsequently left unadministered, is going to remain
> secure; application bugs, server bugs, design issues, whatever, all cause
> vulnerabilities.

Well there you go.  Most Linux morons make it sound like they install their
kernels, then go to sleep in their chairs.



> So, we have to compare well-maintained machines to see how they fare
> _relative_ to each other to get a concept of how secure the machines can
> be... and we might also want to compare more typical machines to see how
> secure such systems are with the usual level of half-assed administration.

Good point.  Windows comes out on bottom, but a good Windows network admin
can make his systems very safe.  You know this better than I.



> We should also see how difficult it is to keep a system up to date, as
> this is, in part at least, an indicator of how likely it is to be kept up
> to date - if  you make it hard to update, it won't be updated, generally.
>
> So, let's see.  You've "discovered" 8 vulnerabilities that are relevant to
> my system.

First, I didn't discover anything.  I just reminded the cola nuts about 52
vulnerabilities reported/discovered by others.  It turns out the web page
lists the same vulnerability multiple times across different Linux distros.
Ghost in the Machine kindly did the analysis, and I confirmed a few.

Great!   It's not 52 unique/new vulnerabilities, it's 30 unique/new Linux
vulnerabilities reported in the last week.  Hip hip hoorah!  It still should
be cause for concern, and is clear evidence Linux has vulnerabilities that
can be exploited to cripple your networks and cause serious financial
damage.

For instance, just today a new Linux security problem was reported: "The
problem means that anyone with an ordinary user account on a Linux machine
can crash the entire server, according to Oyvind Saether, who discovered the
bug along with Stian Skjelstad. Administrator access isn't required."

http://www.computerworld.com/softwaretopics/os/linux/story/0,10801,93833,00.html




> Of those 8, *zero* are applicable.  That is, not a single one
> of those vulnerabilities affects my machine one iota.

Why do you keep harping on and on about _your_ machine and _your_
distributions?  Are you the only user in the world?


> Just for giggles, I checed Secunia.  In 2004, XP Pro lists some 20 items.
> Many of these affect multiple Windows versions.  It should be noted that
> these are, apparently, all specific to Windows XP - that is, the list
> doesn't include, say, SQL Server.  Or WinAmp.  Or whatever.
>
> So, of those, how many are fixed?  All of them, as with the ones you
> posted that could affect my system?  Some of them?  None of them?  What
> about all the other programs one uses in Windows?  Are all their
> vulnerabilities posted here?  Or anywhere?  Are all those vulnerabilities
> also fixed?  Do you have all the latest versions?

Dont' know.  Don't know.  Don't know.
Dont' know.  Don't know.  Don't know.
Dont' know.  Don't know.  Don't know.

Isn't that what you wanted to hear?


> So here we have Linux which does, in fact, have all the patches either
> applied already, or ready to be applied _when the relevant package is
> installed_.  Not a single listed vulnerability is going to affect this
> machine one bit.  But how about keeping it that way?
>
> In Windows, there's Windows update.  Which updates... well... Windows.
> Not WinAmp.  Not Corel products.  Not WinZip.  Not Borland products.  Not
> MS's products such as Office.  Not MS servers such as Exchange or SQL
> Server, apparently.

And that's because MS sells the OS, and other companies sell those other
apps.

See, you guys live and work in a different level of reality, a really warped
one I think, one where software is shared and mostly free, and people not
beholden to MS build tools and processes to automate those network security
issues, then give them away to others.

Unix was built almost from the beginning as networkable software, and
Windows was built as a user-friendly interface on top of DOS.  Nobody should
be surprised Unix/Linux is superior at handling security.


> So... how *do* you update the system?  By "the system", I mean
> *everything* in the system - device drivers, servers, applications,
> utilities, documentation, whatever needs updating?
>
> Even just using Windows Update is a PITA, as many things that come through
> it are "exclusive" updates and require a reboot before you can install the
> next one. The sheer annoyance factor is a major reason why many systems
> aren't kept up to date.  You'd think - since it's all MS software - that
> MS could manage to do it in a somewhat more sane manner, but nope,
> apparently not.

It's mind-numbingly easy to use Windows update; you can schedule updates to
run automatically at any time of the day or night.

Now, they don't give much info on what is being fixed, and what caused it.
Typically it's like this "A security issue has been identified that could
allow an attacker to cause DirectX, or applications using DirectX, to become
unresponsive.  You can help protect your computer by installing this update
from Microsoft.  After you install this item, you may have to restart your
computer."

Not enough info to scare people.  No FUD :)



> Meanwhile, to apply updates in Linux, I can use the GUI tool, or I can do
> the following from the command-line:
>
> urpmi.update -a && urpmi --auto-select
>
> Voila.  The first part fetches the latest lists of what's ready to be
> installed, the second updates the packages I actually have installed.
> About the only exception to this is kernels - which I can install from the
> command line or the GUI.
>
> So, type one line, two commands, wait a bit, zero rebooting, and the whole
> bloomin' thing is updated.

Sounds good.


> Windows doesn't make it that easy to
> just update *Windows*, never mind all your apps and other things.

Yes it does.


> Hell, the process can be automated with a cron entry; every morning when I
> sit down at the machine, I can have all relevant updates and fixes applied
> for me automatically and ready to use.
>
> So.  Let's compare.
>
> Linux: 8 issues, all fixed, most of which don't affect me in the first
> place.
>
> Windows: Unknown number of vulnerabilities, unknown whether they're fixed,
> no way to tell, really.
>
> Linux: Keeping up to date requires a one-liner which can be automated.
>
> Windows: Keeping up to date requires manual browsing over anywhere from
> tens to hundreds of websites, manual downloads, manual installs, possibly
> also uninstalls and, in many cases, reboots.

You're exaggerating about tens to hundreds of websites.


> Where does that leave us?  It leaves _me_ with all the vulnerabilties you
> listed _fixed_.  It leaves _me_ with a trivially simple, even automatic,
> way to stay on top of updates.  It leaves _you_ with an unknown number of
> vulnerabilities, no way to tell if they're fixed, and no hope in hell of
> having anything remotely resembling the ease of updating I enjoy.
>
> This, of course, hasn't even touched on viruses and the like.  While
> you're busy ensuring your AV software is updated, and praying your AV
> vendor comes out with a defense against the latest viruses _before_ your
> system gets infected, I don't even run AV software.  Nor spyware blockers,
> nor anti-hijack tools.

You do if you have Windows machines anywhere on your network - and you most
likely do.


> The conclusion should be obvious even to you: it is not only simpler to
> find out if there _is_ a vulnerability that affects your Linux system, it
> is *far* easier to keep your system up to date to avoid being affected by
> such issues.  If you recall, security is a process - one of monitoring,
> one of updating, one of ensuring things you don't need aren't running,
> etc.  So far, we've got the monitoring and updating down pat - Linux
> incident lists actually include application issues, unlike Windows lists,
> and the updating process is trivial - what about the other items?
>
> Well, for monitoring, it is trivially easy to set up your Linux system to
> email you if there are security concerns.  Tools such as tripwire can
> monitor the system.  Servers write logs.  All of this information can be
> e-mailed, automatically.

I believe Windows Server 2003 does much of the same.


> Disabling things you don't need - services, usually - is also trivial.
> There's a little GUI tool that lists them, along with a brief description
> of what they are, and lets you start them, stop them, set them to start at
> boot - or not.
>
> Windows, of course, has much the same thing.  However... it also has about
> 9 other ways for things to start.  For example, Yahoo's IM client, as I
> recall, installs itself into your startup folder.  And into the RUN
> registry key.  So even if you remove it from the startup folder, it starts
> up anyways - annoying.  Worse, if you _do_ clean it out, it _reinstalls_
> itself there.
>
> In order to effectively stop such things, your real choice is simply to
> stop using them.  Period.  Hardly an effective strategy, especially with
> the MSN messenger cilent which seems to have somehow become a "required"
> component.

It's really not all that difficult to remove software from Windows boxes.


> All things considered, it is much, much easier to find out about Linux
> vulnerabilities and to ensure that the appropriate fixes are applied than
> it is to do the same in Windows.  Which is absolutely horrible for the
> user - if you don't even _know_ whether there's a vulnerability, how
> can you hope to even try to prevent it?  You can't.

OK.  Very well put, I must say.  I can't and won't argue, except to say
keeping Windows secured isn't nearly as difficult as you make it sound.

I don't do much network admin for Windows (none for Linux), but I am
learning more about both, and it _sounds_ like the process of securing Linux
networks/servers is easier than the Windows version.  But I haven't heard
from any experienced Windows network admins.  When I do, I'll be back to
argue.

<spike1@freenet.co.uk> wrote in message
news:3qc4q1-qbu.ln1@ridcully.fsnet.co.uk...
> DFS <nospam@nospam.com> did eloquently scribble:
> > It's a FACT new Linux viruses,
>
> Name one.
> Just one. In the past year, name one.


I can't find any new Linux viruses released in the past year - which
certainly doesn't mean there have been 0 new Linux viruses released in the
past year.

However, I can easily find a new Linux security issue released/exposed
earlier today.

"The problem means that anyone with an ordinary user account on a Linux
machine can crash the entire server, according to Oyvind Saether, who
discovered the bug along with Stian Skjelstad. Administrator access isn't
required."

http://www.computerworld.com/softwaretopics/os/linux/story/0,10801,93833,00.html
..
Enjoy!







> -- 
> |                          |What to do if you find yourself stuck in a
crack|
> |  spike1@freenet.co.uk    |in the ground beneath a giant boulder, which
you|
> |                          |can't move, with no hope of rescue.
|
> |Andrew Halliwell BSc(hons)|Consider how lucky you are that life has been
|
> |           in             |good to you so far...
|
> |    Computer Science      |   -The BOOK, Hitch-hiker's guide to the
galaxy.|

DFS wrote:


> I don't do much network admin for Windows (none for Linux), but I am
> learning more about both, and it _sounds_ like the process of securing
> Linux
> networks/servers is easier than the Windows version.  But I haven't heard
> from any experienced Windows network admins.  When I do, I'll be back to
> argue.

Securing Windos is impossible.  It's like trying to plug a dike made of
sand.

Linux security is more complicated and challenging -- because it's so robust
and steady that any /exploit/ will have to be really crafty...

-- 
w:4

In comp.os.linux.advocacy, DFS
<nospam@nospam.com>
 wrote
on Tue, 15 Jun 2004 16:48:49 -0400
<10cuoef85g1fd8@corp.supernews.com>:
> "The Ghost In The Machine" <ewill@aurigae.athghost7038suus.net> wrote in
> message news:cup3q1-spn.ln1@lexi2.athghost7038suus.net...
>> In comp.os.linux.advocacy, DFS
>> <nospam@nospam.com>
>>  wrote
>> on Tue, 15 Jun 2004 00:40:51 -0400
>> <10csvng3p2ns7cd@corp.supernews.com>:
>> > http://www.linuxsecurity.com/articles/forums_article-34.html
>> >
>> > In just two weeks, I've seen over 80 brand new Linux security
>> > vulnerabilities reported on www.linuxsecurity.com.
>> >
>> > So, when you say Linux is secure, exactly what are you talking about?
>> >
>> >
>>
>> INC: incompatibility/incomplete implementation causes service failure
>> DOS: denial of service
>> KOS: killer of service
>> ILK: sensitive information leakage
>> LSE: local server exploit: non-root files may be overwritten if they
>>      have correct ownership
>> LRE: local root exploint: root files may be overwritten!
>> RSE: remote server exploit *** Possibility of a problem ****
>> RRE: remote root exploit **** EXTREMELY DANGEROUS ***
>>
>> Debian vulnerabilities:
>> 2004-06-08 gatos - privilege escalation vulnerability in xatitv (?)
>> 2004-06-08 jftpgw - format string vulnerability (LSE)
>> 2004-06-08 etherial - buffer overflows (?)
>> 2004-06-08 gallery - unauthenticated access (RSE?)
>> 2004-06-08 rsync - directory traversal vulnerability (RSE)
>> 2004-06-08 log2mail - format string vulnerability (LSE)
>> 2004-06-08 kernel - privilege escalation vulnerability (LRE/sparc only)
>> 2004-06-08 lha - multiple vulnerabilities (LSE/LRE)
>> 2004-06-08 postgresql (KOS)
>> 2004-06-10 cvs - buffer overflow (RSE?)
>>
>> Fedora vulnerabilities:
>> 2004-06-08 cups - non-encryption vulnerability (?)
>> 2004-06-08 etherial - same as above
>> 2004-06-08 net-tools (RSE)
>> 2004-06-08 krb5 - buffer overflows (LRE)
>> 2004-06-08 squirrelmail (?)
>> 2004-06-08 squid (RRE)
>>
>> FreeBSD:
>> 2004-06-08 kernel routing table flaw (DOS/RRE?)
>>
>> Gentoo:
>> 2004-06-08 tla - heap overflow (LRE?)
>> 2004-06-08 MPlayer/xine-lib (LSE)
>> 2004-06-08 Etherial - same as above
>> 2004-06-08 tripwire - format string vulnerability (LSE/LRE)
>> 2004-06-08 sitecopy - multiple (RRE)
>> 2004-06-08 mailman - password leak (ILK)
>> 2004-06-08 apache - buffer overflow (RRE)
>> 2004-06-08 cvs - same as above?
>>
>> Mandrake:
>> 2004-06-08 mdkonline - incompatibility (INC)
>> 2004-06-08 xpcd - buffer overflow (LRE)
>> 2004-06-08 mod_ssl - buffer overflow (RRE)
>> 2004-06-08 apache2 - same as mod_ssl (RRE)
>> 2004-06-08 krb5 - same as above
>> 2004-06-08 tripwire - same as above
>> 2004-06-08 krb5 - patch fix
>> 2004-06-08 mdkonline - patch fix
>> 2004-06-08 cvs - same as above
>> 2004-06-08 squid - long password buffer overflow (RRE)
>> 2004-06-08 ksymoops - insecure tempfile (LSE)
>>
>> NetBSD:
>> 2004-06-08 cvs - same as above
>>
>> OpenBSD:
>> 2004-06-10 cvs - same as above
>>
>> RedHat:
>> 2004-06-08 cvs - same as above
>> 2004-06-09 etherial - same as above
>> 2004-06-09 krb5 - same as above
>> 2004-06-09 squid - same as above
>> 2004-06-09 cvs - same as above
>>
>> Slackware:
>> 2004-06-08 mod_ssl - same as above
>> 2004-06-08 php - insecure path vulnerability (LSE)
>> 2004-06-10 cvs - same as above
>>
>> SuSE:
>> 2004-06-08 cvs - same as above
>> 2004-06-10 squid - same as above
>>
>> Trustix:
>> 2004-06-08 apache - same as above
>> 2004-06-08 kerberos5 - same as above (krb5)
>> 2004-06-08 squid - same as above
>>
>> Turbolinux:
>> 2004-06-08 cvs -- same as above
>> 2004-06-08 tcpdump -- buffer overflows (RSE/RRE)
>> 2004-06-08 apache -- same as above
>>
>>
>> * * *
>>
>> It is clear that there are a large number of duplicates here.
>
> I can't say that with certainty, but I have done a little digging, and in
> the two I checked (the krb5 buffer overflow issue that appears in Fedora,
> Mandrake, RedHat and Trustix, and the apache issue appearing in Gentoo and
> Trustix), they do appear to point to the same set of problems with the
> respective apps (MIT Kerberos 5, and apache mod_ssl).
>
> krb5 issue: http://marc.theaimsgroup.com/?l=bugtraq&m=108612325909496&w=2
>
>
>
>
>
>> I count 32 unique issues, of which two are indications of
>> patch fixes so that leaves 30.
>
> I won't check all your work; I checked two and you were correct.
>
> How did you decipher them so quickly?  The descriptions aren't specific
> enough; maybe you just knew they listed the same bugs across all affected
> distros?  I'll know next time - but I still won't take the time to find out
> how many are dupes.  I'll just report the raw number.

Most of the distros use common source code with maybe a patch or two.
I basically assumed that they were the same; without extensive
checking, though, there's no way to be sure.  But the wording
isn't all that unique for most of these anyway.

>
> Regardless, that's at least 30 new security vulnerabilities; not 52.
> Neither number is encouraging for such a "secure" platform.

Correct, it's not.  Of course Linux has yet to achieve C2
certification anyway -- and it never can (C2 certification
is applied to a software/hardware *combo*, not to the
OS alone -- NT's C2 certification applied to a specific
machine, and IIRC the floppy was epoxied shut), but that
won't stop it from being less vulnerabile to "clickware",
because of a totally different design.

>
>
>> All of these have available patches.
>
> Great.  That leaves the open sourcers twiddling their thumbs until the next
> security issues are found (later today).
>

No, we will be downloading more patches.  It's a never-ending process.

>
>
>
>> How many outstanding issues does XP, 2k, NT, Me, and 98 have?
>> (I don't count 95.)
>
> You'll have to ask MS about that.
>

I was certain you knew. :-)  Obviously, you would have been
crowing that, say, XP only had 3 already-patched security
vulnerabilities, had you known that XP only had 3 already-patched
security vulnerabilities.  Obviously, you don't know how many
vulnerabilities are in there -- a bad sign.

-- 
#191, ewill3@earthlink.net
It's still legal to go .sigless.

In comp.os.linux.advocacy, Kelsey Bjarnason
<kelseyb@xxnospamyy.lightspeed.bc.ca>
 wrote
on Tue, 15 Jun 2004 16:23:25 -0700
<pan.2004.06.15.23.23.24.101832@xxnospamyy.lightspeed.bc.ca>:
> [snips]
>
> On Tue, 15 Jun 2004 20:00:28 +0000, The Ghost In The Machine wrote:
>
>>> So, when you say Linux is secure, exactly what are you talking about?
>>>
>> Debian vulnerabilities:
>
> These don't affect me, as I'm not running Debian.

I am of course transcribing the webpage.  :-)  The only
ones potentially affecting me are Debian and Gentoo, and
that's because I'm running them.

>
>> Fedora vulnerabilities:
>
> Nor am I running Fedora.
>
>> FreeBSD:
>
> Nor FreeBSD.
>
>> Gentoo:
>
> Nor Gentoo.
>
>> Mandrake:
>
> Aha.  Finally.
>
>> 2004-06-08 mdkonline - incompatibility (INC)
>
>  Doesn't affect me, as I don't use mkdonline.
>
>> 2004-06-08 xpcd - buffer overflow (LRE)
>
> Doesn't affect me, as I don't use xpcd.
>
>> 2004-06-08 mod_ssl - buffer overflow (RRE)
>
> Doesn't affect me, as I run a more recent Apache.
>
>> 2004-06-08 apache2 - same as mod_ssl (RRE)
>
> Doesn't affect me, as I had the update before I was even aware of the
> issue.
>
>> 2004-06-08 krb5 - same as above
>
> Oh, look.  I'm using krb5.  The fixed version.
>
>> 2004-06-08 tripwire - same as above
>
> Not using it, but... yup, there it is.  If I installed tripwire, it'd be
> the fixed version.
>
>> 2004-06-08 cvs - same as above
>
> Not using it.  Again, though, the installable version is the updated
> version.
>
>> 2004-06-08 squid - long password buffer overflow (RRE) 2004-06-08
>> ksymoops - insecure tempfile (LSE)
>
> And again, the version to be installed is the fixed version.
>
>> NetBSD:
>
> I don't use NetBSD.
>
>> OpenBSD:
>
> I don't use OpenBSD.
>
>> RedHat:
>
> I don't use RH.
>
>> Slackware:
>
> I don't use Slack.
>
>> SuSE:
>
> I don't use SuSE.
>
>> Trustix:
>
> I don't use Trustix.
>
>> Turbolinux:
>
> I don't use TurboLinux.
>
>> It is clear that there are a large number of duplicates here. I count 32
>> unique issues, of which two are indications of patch fixes so that
>> leaves 30.
>
> Actually, it leaves 8.  *All* of which are fixed.
>
> Not too swift, is he?
>

Well, part of the problem is that your specific issues
count is 8; *the* issues which may (or most likely may not)
apply to everybody are 30, but only under very certain
conditions -- as you commented briefly above.

They are concerns, but how they compare to Windows' malware is
not entirely clear, mostly because I'm not sure what comparison
method to use: Windows malware costs millions, if not hundreds
of millions, to eradicate, partly because of the sheer number
of Windows boxes out there, and partly because of the number
of Windows patches out there -- some of which work -- and partly
because of the number of idiots out there who click on things
without thinking just because they look like official Earthlink
e-mail.  (I know.  I got one.  However, because I use mailx,
I could easily see the headers and was immune to whatever it
contained.)

If one wants to compare just the *problem* reports, they
are just about equal -- but one has to squint a bit as the
ones I've transcribed above *have already been patched*;
in many cases the Windows ones have merely been identified
as potential issues, AFAIK.

Compared to Windows' malware, Lion and Ramen were ridiculously small.
Score one for a highly compartmentalized software system -- but DFS
had better be careful as he's comparing apples to hand grenades. :-)

-- 
#191, ewill3@earthlink.net
It's still legal to go .sigless.

"The Ghost In The Machine" <ewill@aurigae.athghost7038suus.net> wrote in
message news:ani4q1-t3o.ln1@lexi2.athghost7038suus.net...
> In comp.os.linux.advocacy, DFS
> <nospam@nospam.com>
>  wrote
> on Tue, 15 Jun 2004 16:48:49 -0400
> <10cuoef85g1fd8@corp.supernews.com>:
> > "The Ghost In The Machine" <ewill@aurigae.athghost7038suus.net> wrote in
> > message news:cup3q1-spn.ln1@lexi2.athghost7038suus.net...
> >> In comp.os.linux.advocacy, DFS
> >> <nospam@nospam.com>
> >>  wrote
> >> on Tue, 15 Jun 2004 00:40:51 -0400
> >> <10csvng3p2ns7cd@corp.supernews.com>:
> >> > http://www.linuxsecurity.com/articles/forums_article-34.html
> >> >
> >> > In just two weeks, I've seen over 80 brand new Linux security
> >> > vulnerabilities reported on www.linuxsecurity.com.
> >> >
> >> > So, when you say Linux is secure, exactly what are you talking about?
> >> >
> >> >
> >>
> >> INC: incompatibility/incomplete implementation causes service failure
> >> DOS: denial of service
> >> KOS: killer of service
> >> ILK: sensitive information leakage
> >> LSE: local server exploit: non-root files may be overwritten if they
> >>      have correct ownership
> >> LRE: local root exploint: root files may be overwritten!
> >> RSE: remote server exploit *** Possibility of a problem ****
> >> RRE: remote root exploit **** EXTREMELY DANGEROUS ***
> >>
> >> Debian vulnerabilities:
> >> 2004-06-08 gatos - privilege escalation vulnerability in xatitv (?)
> >> 2004-06-08 jftpgw - format string vulnerability (LSE)
> >> 2004-06-08 etherial - buffer overflows (?)
> >> 2004-06-08 gallery - unauthenticated access (RSE?)
> >> 2004-06-08 rsync - directory traversal vulnerability (RSE)
> >> 2004-06-08 log2mail - format string vulnerability (LSE)
> >> 2004-06-08 kernel - privilege escalation vulnerability (LRE/sparc only)
> >> 2004-06-08 lha - multiple vulnerabilities (LSE/LRE)
> >> 2004-06-08 postgresql (KOS)
> >> 2004-06-10 cvs - buffer overflow (RSE?)
> >>
> >> Fedora vulnerabilities:
> >> 2004-06-08 cups - non-encryption vulnerability (?)
> >> 2004-06-08 etherial - same as above
> >> 2004-06-08 net-tools (RSE)
> >> 2004-06-08 krb5 - buffer overflows (LRE)
> >> 2004-06-08 squirrelmail (?)
> >> 2004-06-08 squid (RRE)
> >>
> >> FreeBSD:
> >> 2004-06-08 kernel routing table flaw (DOS/RRE?)
> >>
> >> Gentoo:
> >> 2004-06-08 tla - heap overflow (LRE?)
> >> 2004-06-08 MPlayer/xine-lib (LSE)
> >> 2004-06-08 Etherial - same as above
> >> 2004-06-08 tripwire - format string vulnerability (LSE/LRE)
> >> 2004-06-08 sitecopy - multiple (RRE)
> >> 2004-06-08 mailman - password leak (ILK)
> >> 2004-06-08 apache - buffer overflow (RRE)
> >> 2004-06-08 cvs - same as above?
> >>
> >> Mandrake:
> >> 2004-06-08 mdkonline - incompatibility (INC)
> >> 2004-06-08 xpcd - buffer overflow (LRE)
> >> 2004-06-08 mod_ssl - buffer overflow (RRE)
> >> 2004-06-08 apache2 - same as mod_ssl (RRE)
> >> 2004-06-08 krb5 - same as above
> >> 2004-06-08 tripwire - same as above
> >> 2004-06-08 krb5 - patch fix
> >> 2004-06-08 mdkonline - patch fix
> >> 2004-06-08 cvs - same as above
> >> 2004-06-08 squid - long password buffer overflow (RRE)
> >> 2004-06-08 ksymoops - insecure tempfile (LSE)
> >>
> >> NetBSD:
> >> 2004-06-08 cvs - same as above
> >>
> >> OpenBSD:
> >> 2004-06-10 cvs - same as above
> >>
> >> RedHat:
> >> 2004-06-08 cvs - same as above
> >> 2004-06-09 etherial - same as above
> >> 2004-06-09 krb5 - same as above
> >> 2004-06-09 squid - same as above
> >> 2004-06-09 cvs - same as above
> >>
> >> Slackware:
> >> 2004-06-08 mod_ssl - same as above
> >> 2004-06-08 php - insecure path vulnerability (LSE)
> >> 2004-06-10 cvs - same as above
> >>
> >> SuSE:
> >> 2004-06-08 cvs - same as above
> >> 2004-06-10 squid - same as above
> >>
> >> Trustix:
> >> 2004-06-08 apache - same as above
> >> 2004-06-08 kerberos5 - same as above (krb5)
> >> 2004-06-08 squid - same as above
> >>
> >> Turbolinux:
> >> 2004-06-08 cvs -- same as above
> >> 2004-06-08 tcpdump -- buffer overflows (RSE/RRE)
> >> 2004-06-08 apache -- same as above
> >>
> >>
> >> * * *
> >>
> >> It is clear that there are a large number of duplicates here.
> >
> > I can't say that with certainty, but I have done a little digging, and
in
> > the two I checked (the krb5 buffer overflow issue that appears in
Fedora,
> > Mandrake, RedHat and Trustix, and the apache issue appearing in Gentoo
and
> > Trustix), they do appear to point to the same set of problems with the
> > respective apps (MIT Kerberos 5, and apache mod_ssl).
> >
> > krb5 issue:
http://marc.theaimsgroup.com/?l=bugtraq&m=108612325909496&w=2
> >
> >
> >> I count 32 unique issues, of which two are indications of
> >> patch fixes so that leaves 30.
> >
> > I won't check all your work; I checked two and you were correct.
> >
> > How did you decipher them so quickly?  The descriptions aren't specific
> > enough; maybe you just knew they listed the same bugs across all
affected
> > distros?  I'll know next time - but I still won't take the time to find
out
> > how many are dupes.  I'll just report the raw number.
>
> Most of the distros use common source code with maybe a patch or two.

That website should list those vulnerabilities differently, to make it
easier for me to use when I'm beating up on Linux morons.  They should list
them by app, then distro/platform.



> I basically assumed that they were the same; without extensive
> checking, though, there's no way to be sure.  But the wording
> isn't all that unique for most of these anyway.

I see that now.




> > Regardless, that's at least 30 new security vulnerabilities; not 52.
> > Neither number is encouraging for such a "secure" platform.
>
> Correct, it's not.  Of course Linux has yet to achieve C2
> certification anyway -- and it never can (C2 certification
> is applied to a software/hardware *combo*, not to the
> OS alone -- NT's C2 certification applied to a specific
> machine, and IIRC the floppy was epoxied shut),

So that was just artistic license when the hot female CIA trainee in "The
Recruit" copied sensitive files to a USB key and smuggled them out via a
lead-lined lid in her coffee cup?  Man, I am gullible...




> but that
> won't stop it from being less vulnerabile to "clickware",
> because of a totally different design.



> >> All of these have available patches.
> >
> > Great.  That leaves the open sourcers twiddling their thumbs until the
next
> > security issues are found (later today).
> >
>
> No, we will be downloading more patches.  It's a never-ending process.

Of course it is.  Linux security isn't nearly the bulletproof foundation the
Linux morons keep crowing about.




> >> How many outstanding issues does XP, 2k, NT, Me, and 98 have?
> >> (I don't count 95.)
> >
> > You'll have to ask MS about that.
> >
>
> I was certain you knew. :-)  Obviously, you would have been
> crowing that, say, XP only had 3 already-patched security
> vulnerabilities, had you known that XP only had 3 already-patched
> security vulnerabilities.

You can bet on that...



> Obviously, you don't know how many
> vulnerabilities are in there -- a bad sign.

I'm sure you're not looking to me for the State of Windows.  I doubt more
than a single handful of MS people know about all the Win vulnerabilities -
Gates sure isn't one of them.





> -- 
> #191, ewill3@earthlink.net
> It's still legal to go .sigless.

"The Ghost In The Machine" <ewill@aurigae.athghost7038suus.net> wrote in
message news:25j4q1-t3o.ln1@lexi2.athghost7038suus.net...

> Well, part of the problem is that your specific issues
> count is 8; *the* issues which may (or most likely may not)
> apply to everybody are 30, but only under very certain
> conditions -- as you commented briefly above.
>
> They are concerns, but how they compare to Windows' malware is
> not entirely clear, mostly because I'm not sure what comparison
> method to use: Windows malware costs millions, if not hundreds
> of millions, to eradicate, partly because of the sheer number
> of Windows boxes out there, and partly because of the number
> of Windows patches out there -- some of which work -- and partly
> because of the number of idiots out there who click on things
> without thinking just because they look like official Earthlink
> e-mail.  (I know.  I got one.  However, because I use mailx,
> I could easily see the headers and was immune to whatever it
> contained.)
>
> If one wants to compare just the *problem* reports, they
> are just about equal -- but one has to squint a bit as the
> ones I've transcribed above *have already been patched*;
> in many cases the Windows ones have merely been identified
> as potential issues, AFAIK.
>
> Compared to Windows' malware, Lion and Ramen were ridiculously small.
> Score one for a highly compartmentalized software system -- but DFS
> had better be careful as he's comparing apples to hand grenades. :-)

And you can choke to death on an apple just as surely as on a hand
grenade....





> -- 
> #191, ewill3@earthlink.net
> It's still legal to go .sigless.

[snips]

Hit the wrong key - if there's another copy of this out there, ignore it.

On Tue, 15 Jun 2004 22:41:18 -0400, DFS wrote:

> Great!   It's not 52 unique/new vulnerabilities, it's 30 unique/new Linux
> vulnerabilities reported in the last week.

Across about 3,000 applications, for a defect rate of 0.01 defects per
application per week.  Which amounts to each application having, on
average, one vulnerability every two years.  Hardly a catastrophic failure
rate - especially when you roll in the fact that at least some of those
apps are sufficiently infrequently used that someone such as me - a fairly
regular Linux user, both desktop and server side - has never even heard of
them until now.

> Hip hip hoorah!  It still should
> be cause for concern, and is clear evidence Linux has vulnerabilities
> that can be exploited to cripple your networks and cause serious
> financial damage.

Except that it shows no such thing.  *Every* vulnerability listed for my
system, for example, is patched.  The ones I have installed were patched -
locally - before I ever read the list.

> For instance, just today a new Linux security problem was reported: "The
> problem means that anyone with an ordinary user account on a Linux
> machine can crash the entire server

Which, of course, requires that users _have_ such accounts.  Untrusted
users.  Reading a little further:

"Using this exploit to crash Linux systems requires the (ab)user to have
shell access or other means of uploading and running the program (like
cgi-bin and FTP access),"

Umm... who out there is stupid enough to set up an FTP server (or allow
CGI access) such that remote users can *execute* arbitrary things they've
uploaded?  Nobody I know of.  Not even in Windows land.

"The bug is in the way the kernel handles floating point exceptions,
developers said. While it is serious, two factors limit the danger: It can
be exploited only by someone with a valid user account, and it doesn't
allow the attacker to gain control of the system."

So at most, it's a DOS issue.  *If* they have shell access.  *If* they're
allowed to execute arbitrary code.

>> Of those 8, *zero* are applicable.  That is, not a single one of those
>> vulnerabilities affects my machine one iota.
> 
> Why do you keep harping on and on about _your_ machine and _your_
> distributions?  Are you the only user in the world?

You seem to miss the point; I take no particular actions, I go to no
particular lengths, to keep this box locked down and secure.  Yet despite
my rather lackadaisical approach, *every* item listed is *already* dealt
with.

Anyone actually serious about security would be in at least as good
straits as I'm in - and I'm in very good straits indeed.


> Dont' know.  Don't know.  Don't know. Dont' know.  Don't know.  Don't
> know. Dont' know.  Don't know.  Don't know.
> 
> Isn't that what you wanted to hear?

So, for all you know, you have 500 active vulnerabilities.  Oh, I may,
too.  Difference is, I at least know where to look to find out about known
ones - and I can update my packages so easily that getting the fixes is
child's play.

> And that's because MS sells the OS, and other companies sell those other
> apps.

So?  Mandrake sells _Mandrake_.  They actually make comparatively little
of their distro.  Same's true of RH, SuSE, etc.

> See, you guys live and work in a different level of reality, a really
> warped one I think, one where software is shared and mostly free, and
> people not beholden to MS build tools and processes to automate those
> network security issues, then give them away to others.

Which only makes sense; they're building them on an OS given to them free,
using development and testing tools given to them free.

> Unix was built almost from the beginning as networkable software, and
> Windows was built as a user-friendly interface on top of DOS.  Nobody
> should be surprised Unix/Linux is superior at handling security.

Except, apparently, you, who keep harping on about how bad Linux security
is, for some as-yet unexplained reason.

> It's mind-numbingly easy to use Windows update; you can schedule updates
> to run automatically at any time of the day or night.

Good.  Now, this updates, say, SQL Server?  MS Office?  Visual Studio? 
Borland's development tools?  Corel's apps?  WinAmp?  No, didn't think so.

>> Windows doesn't make it that easy to
>> just update *Windows*, never mind all your apps and other things.
> 
> Yes it does.

No, it doesn't.  As can be readily demonstrated by installing a new,
unpatched version of Windows then performing Windows Update on it until
_all_ the listed updates are applied.  Count the reboots.  Count the
number of times you have to run and rerun Windows Update to accomplish
this.

>> Windows: Keeping up to date requires manual browsing over anywhere from
>> tens to hundreds of websites, manual downloads, manual installs,
>> possibly also uninstalls and, in many cases, reboots.
> 
> You're exaggerating about tens to hundreds of websites.

Really?  Let's see. On the Wife's machine, she currently has installed:

1st Page.
AdAware
Adobe Acrobat Reader
Asus tools (monitors, etc)
Avant Browser
AVG
CoffeeCup Zip Wizard
Corel Draw
HP Photo and Imaging (and assorted bits)
Something called iGrafx System
iTunes
Java 2 RE
LeechFTP
Logitech iTouch (and assorted bits)
MacroMedia Shockwave
Mall Tycoon 2
MS Office
MS Rise of Nations
MS Visual Studio 6
Mozilla FireFox
Mozilla Thunderbird
MusicMatch Jukebox
nVidia's display drivers
PC-Cillin
HP PhotoSmart printer tools
Plaxo Contacts
Radio@Netscape Plus (whatever that is)
RealArcade
RealPlayer
RegAlyzer
TightVNC
ViewPoint Media Player
WinAmp
Yahoo Messenger

That's just the stuff listed in Control panel/Add remove programs.  It
doesn't include third-party drivers, for example, nor does it include
several command-line tools.  It doesn't include Putty and the assorted
bits related to that.  For whatever reason, it didn't list Quicktime. 
Also, I skipped a few items - MS XML 4.0 Parser, for example.

So, without even bothering to go hunting for bits that need updating,
we're already at 35 items.  To update the lot would require visits to an
estimated 30 different web sites.  A few - AVG, for example - will update
themselves, so we'll call it 25.  Which definitely qualifies as "tens",
and her system is a fairly lightly loaded system.  Hardly any games, for
example.  Nor file-sharing apps.  A very few utilities.  No backup
software (I do that for her, across the LAN, from one of the Linux boxes).

You get a heavily-laden developer's machine, such as I run, you'd be
talking easily 5 times that number of things, just in utilities.  Version
control.  Scripting systems.  ICEs.  Assorted debugging, profiling and
other such tools.  Compressors.  File converters.  Various servers, for
testing purposes.  Monitoring tools.  Logging tools.  Project management
apps.  I've been there, I've done it; systems absolutely _loaded_ with
such stuff.  And trying to keep it all updated is an absolute nightmare.

Oddly, I have _more_ such things installed now - and updating the whole
bloomin' lot of it is trivially easy.  Takes seconds of interaction and
anywhere from a couple of minutes to an hour or so of the computer working
(mostly downloading) while I get on with doing other things.


>> This, of course, hasn't even touched on viruses and the like.  While
>> you're busy ensuring your AV software is updated, and praying your AV
>> vendor comes out with a defense against the latest viruses _before_
>> your system gets infected, I don't even run AV software.  Nor spyware
>> blockers, nor anti-hijack tools.
> 
> You do if you have Windows machines anywhere on your network - and you
> most likely do.

She runs Windows.  I don't run AV or anti-spyware or anything of the sort.
No need.  None whatsoever.

>> Well, for monitoring, it is trivially easy to set up your Linux system
>> to email you if there are security concerns.  Tools such as tripwire
>> can monitor the system.  Servers write logs.  All of this information
>> can be e-mailed, automatically.
> 
> I believe Windows Server 2003 does much of the same.

Oh, bully.  Linux has been doing this for years.  Unix has been doing it
for decades.  Windows has been doing it for weeks.  Maybe.  If your belief
is correct.

Wake me up when Windows gets to the point Linux is at today.  I figure
that'll be about 2053.

>> In order to effectively stop such things, your real choice is simply to
>> stop using them.  Period.  Hardly an effective strategy, especially
>> with the MSN messenger cilent which seems to have somehow become a
>> "required" component.
> 
> It's really not all that difficult to remove software from Windows
> boxes.

It is if it doesn't want to be uninstalled.  However, the issue isn't
removing it; it's keeping it, but in such a way that it runs when _you_
want it to run, not when _it_ thinks it should.
 
> OK.  Very well put, I must say.  I can't and won't argue, except to say
> keeping Windows secured isn't nearly as difficult as you make it sound.
> 
> I don't do much network admin for Windows (none for Linux)

I do both.  Windows is a nightmare.  Even worse is when you have to keep,
say, 100 machines up to date.

Here's an example.  Suppose I want to maintain 100 Win2K machines.  I have
one which I use as a testbed, to ensure that patches, etc, don't break
anything.  Now that I've tested them all... how do I roll them out,
automatically, to every system on the network?  Invisibly?  Without user
interaction?  Without interfering with their work by, say, forcing reboots?

With Linux, it's easy.  I can either do it, say, 10 at a time manually
using tools such as screen, or I can write a little script, applied to
each machine once, which subsequently looks at a specified network share
point and, if there's any packages there, applies them.  How?  Well, let's
see.  First, for each machine, I define a new package repository -
trivially easy.  The cron job now does our usual set of things:

  urpmi.update -a && urpmi --auto-select

Voila.  Done.  Drop that into a crontab on each machine, once, when
rolling the machines out, and from that point on, they will automatically
update themselves.  With tested updates only.  Unobtrusively.  The user's
total knowledge of the process occurring at all is, generally speaking,
noticing that when they run application X, it's a new version.

Yes, there always the potential for problems - in both systems. 
Difference is, Linux makes it easy to do the parts that *should* be easy. 
Windows doesn't.  So doing this in Linux leaves you that much more time to
spend fixing the problems, rather than fighting the system.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, 15 Jun 2004 18:40:01 -0400,
 DFS <nospam@nospam.com> wrote:
> "William Poaster" <willpoast@jvyycbnfg.zr.hx> wrote in message
> news:pan.2004.06.15.22.28.30.806438@jvyycbnfg.zr.hx...
>> begin On Tue, 15 Jun 2004 18:13:17 -0400, DFS posted:
>>
>> > What's next for Linux?  I'll tell you what's next: anti-virus software,
>> > automatic updating, constant security patches, etc.  Sound familiar?
>>
>> AV software? LOL Yes, to stop windows machines being infected, otherwise a
>> linux machine doesn't need it. Read the links below, stupid!
>
> Linux machines don't need anti-virus software?
>
> LOL!  Tell it to
> Sophos http://www.sophos.com/products/sav/,
> and Vexira http://www.centralcommand.com/linux_server.html,
> and Astaro http://www.astaro.com/php/contact/google.php?ref=23,
> and F-Secure http://www.f-secure.com/products/anti-virus/linux/samba.shtml
> and McAfee... et al
>
> Look who's stupid now.  You really are uninformed, aren't you, Linux moron?
>

It's amusing to see you shoot yourself in the foot so often. 


Those AV programmes, are to filter out viruses affecting MS-Windows
machines. The programmes are meant to be used on a
mailserver/fileserver, to protect the MS-Windows machines. 

So yeah, you do look stupid now. 



>
>
>
>> -- 
>> The short life and hard times of a Linux virus
>> http://librenix.com/?inode=21
>> Linux vs. Windows Viruses
>> http://www.securityfocus.com/columnists/188
>
>


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFA0ABKd90bcYOAWPYRAo+DAKCtwFxTnZFMXy1W7nXL/Kw4FH7mrwCg09/4
ZmlBz3V+NQRbdA9kFzH68AQ=
=XBET
-----END PGP SIGNATURE-----

-- 
Jim Richardson     http://www.eskimo.com/~warlock
I wasn't born Republican, Democrat, or yesterday.

On Tue, 15 Jun 2004 22:57:44 -0400, the wintroll known as DFS posted this
drivel:

> 
> <spike1@freenet.co.uk> wrote in message
> news:3qc4q1-qbu.ln1@ridcully.fsnet.co.uk...
>> DFS <nospam@nospam.com> did eloquently scribble:
>> > It's a FACT new Linux viruses,
>>
>> Name one.
>> Just one. In the past year, name one.
> 
> 
> I can't find any new Linux viruses released in the past year - which
> certainly doesn't mean there have been 0 new Linux viruses released in the
> past year.
> 
> However, I can easily find a new Linux security issue released/exposed
> earlier today.
> 
> "The problem means that anyone with an ordinary user account on a Linux
> machine can crash the entire server, according to Oyvind Saether, who
> discovered the bug along with Stian Skjelstad. Administrator access isn't
> required."
> 
> http://www.computerworld.com/softwaretopics/os/linux/story/0,10801,93833,00.html
> .
> Enjoy!

Well it just goes to show how much research you *really* do! 
Posted *yesterday* by me, but here's a repeat -

This was posted just 9 hours *after* you tried to gloat!
 
"Linux bug discovered - Linus has fixed it"
http://www.theinquirer.net/?article=16596
[....]
On the site Linuxreviews.org the discoverer �yvind S�ther, from Norway,
said that using the exploit requires...etc.
Along with the code needed to use the exploit, S�ther also posted several
patches to 2.4 and 2.6 kernels that will keep the exploit from crashing
systems. The 2.4.xx kernel patch can be found here. A patch for the 2.6
kernel can be found here.

Enjoy!
 
-- 
The short life and hard times of a Linux virus
http://librenix.com/?inode=21
Linux vs. Windows Viruses
http://www.securityfocus.com/columnists/188

On Tue, 15 Jun 2004 21:42:06 -0400, the wintroll known as DFS posted this
drivel:


> Willie,
> 
> Of course you, a Linux moron, would say that.  It matters not what
> platform the virus targeted; the fact is the virus/malware/spyware can be,
> will be, and is, spread by Linux servers.  

It can be, but these are *Windows* virus/malware/spyware designed to hit
*Windows*, not linux. Any responsible person running a mail/file server
would install an AV to stop them being spread to Windows machines. They
wouldn't do *anything* to a linux machine.

>And don't pretend a portion of the malicious code isn't also targeted at Linux.

DooFuS,

Well of course you, a Wintroll moron, would say that.
Any linux viruses were long since rendered useless, & there is a *much*
faster way of delivering them through the Swiss cheese that is windows.

 
> Why do I, a total Linux novice, 

Which shows.....

>have to school you on your own OS of choice? 

*You* can't, that much *is* obvious.

-- 
The short life and hard times of a Linux virus
http://librenix.com/?inode=21
Linux vs. Windows Viruses
http://www.securityfocus.com/columnists/188

On Wed, 16 Jun 2004 08:34:00 +0000, Jim Richardson posted this:

> On Tue, 15 Jun 2004 18:40:01 -0400,
>  DFS <nospam@nospam.com> wrote:
>> "William Poaster" <willpoast@jvyycbnfg.zr.hx> wrote in message
>> news:pan.2004.06.15.22.28.30.806438@jvyycbnfg.zr.hx...
>>> begin On Tue, 15 Jun 2004 18:13:17 -0400, DFS posted:
>>>
>>> > What's next for Linux?  I'll tell you what's next: anti-virus
>>> > software, automatic updating, constant security patches, etc.  Sound
>>> > familiar?
>>>
>>> AV software? LOL Yes, to stop windows machines being infected,
>>> otherwise a linux machine doesn't need it. Read the links below,
>>> stupid!
>>
>> Linux machines don't need anti-virus software?
>>
>> LOL!  Tell it to
>> Sophos http://www.sophos.com/products/sav/, and Vexira
>> http://www.centralcommand.com/linux_server.html, and Astaro
>> http://www.astaro.com/php/contact/google.php?ref=23, and F-Secure
>> http://www.f-secure.com/products/anti-virus/linux/samba.shtml and
>> McAfee... et al
>>
>> Look who's stupid now.  You really are uninformed, aren't you, Linux
>> moron?
>>
>>
> It's amusing to see you shoot yourself in the foot so often.
 
Very much so! He just keeps digging himself deeper...
 
> Those AV programmes, are to filter out viruses affecting MS-Windows
> machines. The programmes are meant to be used on a mailserver/fileserver,
> to protect the MS-Windows machines.
> 
> So yeah, you do look stupid now.

Bet he doesn't think so!

-- 
The short life and hard times of a Linux virus
http://librenix.com/?inode=21
Linux vs. Windows Viruses
http://www.securityfocus.com/columnists/188

begin On Wed, 16 Jun 2004 09:56:07 +0800, Lee Wei Shun posted:

> DFS (Der Flatfish Similie) wrote:
> 
>> Linux machines don't need anti-virus software?
>> 
>> LOL!  Tell it to
>> Sophos http://www.sophos.com/products/sav/, and Vexira
>> http://www.centralcommand.com/linux_server.html, and Astaro
>> http://www.astaro.com/php/contact/google.php?ref=23, and F-Secure
>> http://www.f-secure.com/products/anti-virus/linux/samba.shtml and
>> McAfee... et al
>> 
>> Look who's stupid now.  You really are uninformed, aren't you, Linux
>> moron?
> 
> Well, all of them pitch Linux as being a good base for network file and
> email AV scanning, etc. to protect Windows Networks. Did you actually read
> the links?

No, of course he didn't. He just likes to think he knows better!

> And yes, I have actually deployed astaro, vexira and f-secure for that
> purpose, and know of many other installations with the other names you
> mention in many client sites.
> 
> What is your point, to show your ignorance? 

At least he does *that* well.

> Are you from AdTI too?

LOL

-- 
The short life and hard times of a Linux virus
http://librenix.com/?inode=21
Linux vs. Windows Viruses
http://www.securityfocus.com/columnists/188

DFS <nospam@nospam.com> wrote:
>> So, type one line, two commands, wait a bit, zero rebooting, and the whole
>> bloomin' thing is updated.

> Sounds good.

It's better than that though. yast online update (for suse) has options for
auto-running at specified times. cron (the scheduling daemon) can be used to
apt-get update && apt-get upgrade (for debian), urpmi (for mandrake) or
up2date (for redhat/fedora), etc.

So, us linux people CAN just install, configure and then sleep in our chairs
most of the time, the system keeps itself up to date, and cleans up after
itself.

Oh, we may need to give it the odd tweak here and there, but unless anything
new needs doing or some emergency crops up, like a DOS attack, linux just
keeps on going.

>> Windows doesn't make it that easy to
>> just update *Windows*, never mind all your apps and other things.

> Yes it does.

Try it on a dialup connection. I hear some of those patches would take DAYS
to download on 56k. Some of them almost take up an entire CD.

> You're exaggerating about tens to hundreds of websites.

Why? He's stating that because he doesn't know what software people have
installed, some might have hundreds of different programs from hundreds of
different locations installed.

(I know someone who sold a bloke a PC last month, the next day he got a
support call saying it was being slow, went to check and he'd got over 400
spyware and viruses on it... in just 24 hours! the mind boggles)

>> In order to effectively stop such things, your real choice is simply to
>> stop using them.  Period.  Hardly an effective strategy, especially with
>> the MSN messenger cilent which seems to have somehow become a "required"
>> component.

> It's really not all that difficult to remove software from Windows boxes.

It isn't? What about all the registry hacking required to remove the most
stubborn ones? 

Is it possible to remove software and return the machine to the same state
it was before the software was installed? Or does the software leave little
presents for you in the registry? 

In many cases, you'll find it's the latter.

DFS <nospam@nospam.com> wrote:
> And you can choke to death on an apple just as surely as on a hand
> grenade....

You can't fit a whole hand grenade down your gullet.
And you certainly can't take a bite out of one, unless you're like Jaws from
Bond films.

"Kelsey Bjarnason" <kelseyb@xxnospamyy.lightspeed.bc.ca> wrote in message
news:pan.2004.06.16.06.20.12.345987@xxnospamyy.lightspeed.bc.ca...
> [snips]
>
> Hit the wrong key - if there's another copy of this out there, ignore it.
>
> On Tue, 15 Jun 2004 22:41:18 -0400, DFS wrote:
>
> > Great!   It's not 52 unique/new vulnerabilities, it's 30 unique/new
Linux
> > vulnerabilities reported in the last week.
>
> Across about 3,000 applications, for a defect rate of 0.01 defects per
> application per week.  Which amounts to each application having, on
> average, one vulnerability every two years.  Hardly a catastrophic failure
> rate - especially when you roll in the fact that at least some of those
> apps are sufficiently infrequently used that someone such as me - a fairly
> regular Linux user, both desktop and server side - has never even heard of
> them until now.

But those vulnerabilities were there, for undetermined periods, leaving you
just as open to various exploits and hacks as any Windows network.



> > Hip hip hoorah!  It still should
> > be cause for concern, and is clear evidence Linux has vulnerabilities
> > that can be exploited to cripple your networks and cause serious
> > financial damage.
>
> Except that it shows no such thing.  *Every* vulnerability listed for my
> system, for example, is patched.  The ones I have installed were patched -
> locally - before I ever read the list.

Patched when?  You have no idea how long your Linux system was exposed.




> > For instance, just today a new Linux security problem was reported: "The
> > problem means that anyone with an ordinary user account on a Linux
> > machine can crash the entire server
>
> Which, of course, requires that users _have_ such accounts.  Untrusted
> users.  Reading a little further:
>
> "Using this exploit to crash Linux systems requires the (ab)user to have
> shell access or other means of uploading and running the program (like
> cgi-bin and FTP access),"
>
> Umm... who out there is stupid enough to set up an FTP server (or allow
> CGI access) such that remote users can *execute* arbitrary things they've
> uploaded?  Nobody I know of.  Not even in Windows land.
>
> "The bug is in the way the kernel handles floating point exceptions,
> developers said. While it is serious, two factors limit the danger: It can
> be exploited only by someone with a valid user account, and it doesn't
> allow the attacker to gain control of the system."
>
> So at most, it's a DOS issue.  *If* they have shell access.  *If* they're
> allowed to execute arbitrary code.

So?  The vulnerability still resulted in several Linux servers being
incapacitated.



> >> Of those 8, *zero* are applicable.  That is, not a single one of those
> >> vulnerabilities affects my machine one iota.
> >
> > Why do you keep harping on and on about _your_ machine and _your_
> > distributions?  Are you the only user in the world?
>
> You seem to miss the point; I take no particular actions, I go to no
> particular lengths, to keep this box locked down and secure.  Yet despite
> my rather lackadaisical approach, *every* item listed is *already* dealt
> with.
>
> Anyone actually serious about security would be in at least as good
> straits as I'm in - and I'm in very good straits indeed.

Sounds like it.



> > Dont' know.  Don't know.  Don't know. Dont' know.  Don't know.  Don't
> > know. Dont' know.  Don't know.  Don't know.
> >
> > Isn't that what you wanted to hear?
>
> So, for all you know, you have 500 active vulnerabilities.  Oh, I may,
> too.  Difference is, I at least know where to look to find out about known
> ones - and I can update my packages so easily that getting the fixes is
> child's play.

Again, that's 'cause you use open source code.  And how often should you
have to update your software, anyway?  Seems Linux slopware is updated
almost weekly in a lot of cases.

Because of superior testing, commercial programs don't have to be updated
all the time.  It's clear to me most CSS is better software than OSS.




> > And that's because MS sells the OS, and other companies sell those other
> > apps.
>
> So?  Mandrake sells _Mandrake_.  They actually make comparatively little
> of their distro.  Same's true of RH, SuSE, etc.

So you should thank them for making updating so easy.




> > See, you guys live and work in a different level of reality, a really
> > warped one I think, one where software is shared and mostly free, and
> > people not beholden to MS build tools and processes to automate those
> > network security issues, then give them away to others.
>
> Which only makes sense; they're building them on an OS given to them free,
> using development and testing tools given to them free.

Free software?  Does not compute.  Why not donate your time and cut my grass
instead?




> > Unix was built almost from the beginning as networkable software, and
> > Windows was built as a user-friendly interface on top of DOS.  Nobody
> > should be surprised Unix/Linux is superior at handling security.
>
> Except, apparently, you, who keep harping on about how bad Linux security
> is, for some as-yet unexplained reason.

I never said it was bad.  It's just not as great as the average Linux moron
claims it to be.




> > It's mind-numbingly easy to use Windows update; you can schedule updates
> > to run automatically at any time of the day or night.
>
> Good.  Now, this updates, say, SQL Server?  MS Office?  Visual Studio?
> Borland's development tools?  Corel's apps?  WinAmp?  No, didn't think so.

What does Borland have to do with MS, except to make applications that run
on Windows?  Why do you think the OS vendor should help you update your 3rd
party apps?  You're spoiled because of free software.



> >> Windows doesn't make it that easy to
> >> just update *Windows*, never mind all your apps and other things.
> >
> > Yes it does.
>
> No, it doesn't.  As can be readily demonstrated by installing a new,
> unpatched version of Windows then performing Windows Update on it until
> _all_ the listed updates are applied.  Count the reboots.  Count the
> number of times you have to run and rerun Windows Update to accomplish
> this.

I run Windows Update one time, then [maybe] one reboot.  That's it.  No
intermediate reboots necessary, ever.  Not sure where you get this from.




> >> Windows: Keeping up to date requires manual browsing over anywhere from
> >> tens to hundreds of websites, manual downloads, manual installs,
> >> possibly also uninstalls and, in many cases, reboots.
> >
> > You're exaggerating about tens to hundreds of websites.
>
> Really?  Let's see. On the Wife's machine, she currently has installed:
>
> 1st Page.
> AdAware
> Adobe Acrobat Reader
> Asus tools (monitors, etc)
> Avant Browser
> AVG
> CoffeeCup Zip Wizard
> Corel Draw
> HP Photo and Imaging (and assorted bits)
> Something called iGrafx System
> iTunes
> Java 2 RE
> LeechFTP
> Logitech iTouch (and assorted bits)
> MacroMedia Shockwave
> Mall Tycoon 2
> MS Office
> MS Rise of Nations
> MS Visual Studio 6
> Mozilla FireFox
> Mozilla Thunderbird
> MusicMatch Jukebox
> nVidia's display drivers
> PC-Cillin
> HP PhotoSmart printer tools
> Plaxo Contacts
> Radio@Netscape Plus (whatever that is)
> RealArcade
> RealPlayer
> RegAlyzer
> TightVNC
> ViewPoint Media Player
> WinAmp
> Yahoo Messenger
>
> That's just the stuff listed in Control panel/Add remove programs.  It
> doesn't include third-party drivers, for example, nor does it include
> several command-line tools.  It doesn't include Putty and the assorted
> bits related to that.  For whatever reason, it didn't list Quicktime.
> Also, I skipped a few items - MS XML 4.0 Parser, for example.
>
> So, without even bothering to go hunting for bits that need updating,
> we're already at 35 items.  To update the lot would require visits to an
> estimated 30 different web sites.  A few - AVG, for example - will update
> themselves, so we'll call it 25.  Which definitely qualifies as "tens",
> and her system is a fairly lightly loaded system.  Hardly any games, for
> example.  Nor file-sharing apps.  A very few utilities.  No backup
> software (I do that for her, across the LAN, from one of the Linux boxes).
>
> You get a heavily-laden developer's machine, such as I run, you'd be
> talking easily 5 times that number of things, just in utilities.  Version
> control.  Scripting systems.  ICEs.  Assorted debugging, profiling and
> other such tools.  Compressors.  File converters.  Various servers, for
> testing purposes.  Monitoring tools.  Logging tools.  Project management
> apps.  I've been there, I've done it; systems absolutely _loaded_ with
> such stuff.  And trying to keep it all updated is an absolute nightmare.

And how often do you need to update all that stuff, anyway?  What's the
point?  If it's being upgraded constantly, as Linux software seems to be, it
wasn't very good in the first place.

With closed source programs, if a new version comes out that has sufficient
improvements to warrant an upgrade, you can usually purchase and download
and upgrade online.  Otherwise you use what you paid for.




> Oddly, I have _more_ such things installed now - and updating the whole
> bloomin' lot of it is trivially easy.  Takes seconds of interaction and
> anywhere from a couple of minutes to an hour or so of the computer working
> (mostly downloading) while I get on with doing other things.
>
>
> >> This, of course, hasn't even touched on viruses and the like.  While
> >> you're busy ensuring your AV software is updated, and praying your AV
> >> vendor comes out with a defense against the latest viruses _before_
> >> your system gets infected, I don't even run AV software.  Nor spyware
> >> blockers, nor anti-hijack tools.
> >
> > You do if you have Windows machines anywhere on your network - and you
> > most likely do.
>
> She runs Windows.  I don't run AV or anti-spyware or anything of the sort.

> No need.  None whatsoever.
>
> >> Well, for monitoring, it is trivially easy to set up your Linux system
> >> to email you if there are security concerns.  Tools such as tripwire
> >> can monitor the system.  Servers write logs.  All of this information
> >> can be e-mailed, automatically.
> >
> > I believe Windows Server 2003 does much of the same.
>
> Oh, bully.  Linux has been doing this for years.  Unix has been doing it
> for decades.  Windows has been doing it for weeks.  Maybe.  If your belief
> is correct.

Don't know.




> Wake me up when Windows gets to the point Linux is at today.  I figure
> that'll be about 2053.

Yet Windows expensive, proprietary server OSes have twice the market share
of free/low cost Linux/Unix server OSes?  Sounds like a lot of people think
Windows is already far beyond Linux, and are willing to pay for the
privilege.

[insert whining about MS monopoly, MS marketing, or uneducated admins]




> >> In order to effectively stop such things, your real choice is simply to
> >> stop using them.  Period.  Hardly an effective strategy, especially
> >> with the MSN messenger cilent which seems to have somehow become a
> >> "required" component.
> >
> > It's really not all that difficult to remove software from Windows
> > boxes.
>
> It is if it doesn't want to be uninstalled.  However, the issue isn't
> removing it; it's keeping it, but in such a way that it runs when _you_
> want it to run, not when _it_ thinks it should.

I do have to wonder why the average Linux user, who claims to be (and might
be) so technically competent, has such difficulties working with Windows.




> > OK.  Very well put, I must say.  I can't and won't argue, except to say
> > keeping Windows secured isn't nearly as difficult as you make it sound.
> >
> > I don't do much network admin for Windows (none for Linux)
>
> I do both.  Windows is a nightmare.  Even worse is when you have to keep,
> say, 100 machines up to date.
>
> Here's an example.  Suppose I want to maintain 100 Win2K machines.  I have
> one which I use as a testbed, to ensure that patches, etc, don't break
> anything.  Now that I've tested them all... how do I roll them out,
> automatically, to every system on the network?  Invisibly?  Without user
> interaction?  Without interfering with their work by, say, forcing
reboots?

I would think there's an easy way for a Windows network admin to distribute
updates to all machines in a domain.  If I find out so, I'll be back to tell
you.




> With Linux, it's easy.  I can either do it, say, 10 at a time manually
> using tools such as screen, or I can write a little script, applied to
> each machine once, which subsequently looks at a specified network share
> point and, if there's any packages there, applies them.  How?  Well, let's
> see.  First, for each machine, I define a new package repository -
> trivially easy.  The cron job now does our usual set of things:
>
>   urpmi.update -a && urpmi --auto-select
>
> Voila.  Done.  Drop that into a crontab on each machine, once, when
> rolling the machines out,

Wait a minute.  Sounds like you have to manually visit/touch each of the 100
machines?  Or am I missing something?



> and from that point on, they will automatically
> update themselves.  With tested updates only.  Unobtrusively.  The user's
> total knowledge of the process occurring at all is, generally speaking,
> noticing that when they run application X, it's a new version.
>
> Yes, there always the potential for problems - in both systems.
> Difference is, Linux makes it easy to do the parts that *should* be easy.
> Windows doesn't.  So doing this in Linux leaves you that much more time to
> spend fixing the problems, rather than fighting the system.

Yet with all these supposed Linux advantages, including low or no cost, they
have just one-third the server OS market share of  MS?  (Wired Mag, June 04,
pg.154, source: IDC)

<spike1@freenet.co.uk> wrote in message news:dtdpac.d2p.ln@freenet.co.uk...
> DFS <nospam@nospam.com> wrote:
> >> So, type one line, two commands, wait a bit, zero rebooting, and the
whole
> >> bloomin' thing is updated.
>
> > Sounds good.
>
> It's better than that though. yast online update (for suse) has options
for
> auto-running at specified times. cron (the scheduling daemon) can be used
to
> apt-get update && apt-get upgrade (for debian), urpmi (for mandrake) or
> up2date (for redhat/fedora), etc.
>
> So, us linux people CAN just install, configure and then sleep in our
chairs
> most of the time, the system keeps itself up to date, and cleans up after
> itself.

Thus we would expect Linux to have a better market share than Windows (for
server OSes); instead the reverse is true, and Linux has about one-third the
Windows server OS market share (Wired Magazine, June 04, pg 154, source:
IDC).



> Oh, we may need to give it the odd tweak here and there, but unless
anything
> new needs doing or some emergency crops up, like a DOS attack, linux just
> keeps on going.
>
> >> Windows doesn't make it that easy to
> >> just update *Windows*, never mind all your apps and other things.
>
> > Yes it does.
>
> Try it on a dialup connection. I hear some of those patches would take
DAYS
> to download on 56k. Some of them almost take up an entire CD.

???  Do Linux updates download faster than Windows on a dialup connection?
I guess time might pass a little faster while you're sitting there sifting
through all that Linux crapware, wondering why this program was written and
why it was included on your distro and where you can file bug reports.




> > You're exaggerating about tens to hundreds of websites.
>
> Why? He's stating that because he doesn't know what software people have
> installed, some might have hundreds of different programs from hundreds of
> different locations installed.
>
> (I know someone who sold a bloke a PC last month, the next day he got a
> support call saying it was being slow, went to check and he'd got over 400
> spyware and viruses on it... in just 24 hours! the mind boggles)

Somewhere out there many Linux morons are giggling about the Win32 viruses
they released.





> >> In order to effectively stop such things, your real choice is simply to
> >> stop using them.  Period.  Hardly an effective strategy, especially
with
> >> the MSN messenger cilent which seems to have somehow become a
"required"
> >> component.
>
> > It's really not all that difficult to remove software from Windows
boxes.
>
> It isn't? What about all the registry hacking required to remove the most
> stubborn ones?
>
> Is it possible to remove software and return the machine to the same state
> it was before the software was installed? Or does the software leave
little
> presents for you in the registry?
>
> In many cases, you'll find it's the latter.

Where is all your Linux slopware installed?  Do you know the name and
location of every file that was installed from all the thousands of
packages, and then supposedly removed?  Or do you just trust Linux 'cause
it's Linux?  That's my bet.

DFS <nospam@nospam.com> did eloquently scribble:
> Thus we would expect Linux to have a better market share than Windows (for
> server OSes); instead the reverse is true, and Linux has about one-third the
> Windows server OS market share (Wired Magazine, June 04, pg 154, source:
> IDC).

How did they calculate this? Sales? LOL

> ???  Do Linux updates download faster than Windows on a dialup connection?
> I guess time might pass a little faster while you're sitting there sifting
> through all that Linux crapware, wondering why this program was written and
> why it was included on your distro and where you can file bug reports.

Yes, they do, specially with suse, because it only updates the files that've
change rather than the entire package in most cases.

>> (I know someone who sold a bloke a PC last month, the next day he got a
>> support call saying it was being slow, went to check and he'd got over 400
>> spyware and viruses on it... in just 24 hours! the mind boggles)
> 
> Somewhere out there many Linux morons are giggling about the Win32 viruses
> they released.

Yeah, riiiight. We've got better things to do than learn how to program for
windows and write shitty viruses.

>> In many cases, you'll find it's the latter.
> 
> Where is all your Linux slopware installed?  Do you know the name and
> location of every file that was installed from all the thousands of
> packages, and then supposedly removed?  Or do you just trust Linux 'cause
> it's Linux?  That's my bet.

With an rpm or a deb, running with the uninstall switch will remove
everything that was in the rpm. if you make && make install, you can make
uninstall. and even if there's no make uninstall option in the makefile it's
not hard to find out where everything went.

Added to that the filesystem hierarchy in linux, where there's a place for
everything, it's easy enough to track down things.

windows installers dump files all over the shop with no rhyme or reason, and
linux has no registry to worry about.

-- 
-----------------------------------------------------------------------------
|   spike1@freenet.co.uk   |   Windows95 (noun): 32 bit extensions and a    |
|                          | graphical shell for a 16 bit patch to an 8 bit |
|Andrew Halliwell BSc(hons)| operating system originally  coded for a 4 bit |
|            in            |microprocessor, written by a 2 bit company, that|
|     Computer Science     |        can't stand 1 bit of competition.       |
-----------------------------------------------------------------------------

DFS wrote:

> "William Poaster" <willpoast@jvyycbnfg.zr.hx> wrote in message
> news:pan.2004.06.15.23.07.04.4138@jvyycbnfg.zr.hx...
> 
>>begin On Tue, 15 Jun 2004 16:47:03 +0100, spike1 posted:
>>
>>
>>>William Poaster <willpoast@jvyycbnfg.zr.hx> wrote:
>>>
>>>>>A new excuse.  Any installation problems or app viruses or security
>>>>>issues are not Linux, 'cause Linux is the kernel.
>>>
>>>>Name an application virus!
>>>
>>>Name *ANY* virus...
>>>(Bet he can't, and if he does, it's probably 4 or more years old and no
>>>longer viable on any version of linux released within the last 4 years)
>>
>>He can't, but *here's* a good one that the wintroll just posted -
>>
>>
>>>Linux machines don't need anti-virus software?
>>
>>>LOL!  Tell it to
>>>Sophos http://www.sophos.com/products/sav/, and Vexira
>>>http://www.centralcommand.com/linux_server.html, and Astaro
>>>http://www.astaro.com/php/contact/google.php?ref=23, and F-Secure
>>>http://www.f-secure.com/products/anti-virus/linux/samba.shtml and
>>>McAfee... et al
>>
>>>Look who's stupid now.  You really are uninformed, aren't you, Linux
>>>moron?
>>
>>Of course as *usual* he posted a knee-jerk reaction, &  he hasn't the
>>foggiest idea that they are to stop Windows viruses being passed on! He
>>obviously didn't stop to think about it! LOL
> 
> 
> 
> Willie,
> 
> Of course you, a Linux moron, would say that.

So, your method is to use adhominem attacks.  Yeah, that really promotes 
your viewpoint.  Guffaw!

> It matters not what platform
> the virus targeted; the fact is the virus/malware/spyware can be, will be,
> and is, spread by Linux servers.

Of course it can... it just doesn't affect the Linux o/s, just M$ 
windows.  That's their problem, not Linux.

> And don't pretend a portion of the
> malicious code isn't also targeted at Linux.
>

Haven't seen any damages yet done by a virus explicitly targeted at 
Linux.  I have heard that windows zombie spam-bots can flood the 
internet with garbage to slog down a Linux server, but then that would 
also slog down a windows server as well.  So if M$ o/s were not allowed 
to access the internet, then it would be very fast as intended.

[snips]

On Wed, 16 Jun 2004 12:44:34 -0400, DFS wrote:

>> So, us linux people CAN just install, configure and then sleep in our
> chairs
>> most of the time, the system keeps itself up to date, and cleans up after
>> itself.
> 
> Thus we would expect Linux to have a better market share than Windows (for
> server OSes)

Why?  Why would you expect Linux to have a better market share in any
segment?

2K3 is, supposedly, better than 2K, right?  Do a quick check - see how
many copies of each are running.  I'll bet you'll find that,
comparatively, 2K3 is non-existant.

You're overlooking some significant points.  First, Linux is relatively
new and, to many people, "unproven", technology - so they're not going to
be in a hurry to adopt, especially if keeping things running is critical
to their business.

Second, Linux is different.  Even if they regard it as a better solution,
they still need to learn it, learn how to administer it, secure it,
performance-tune it, etc.

Third, a lot of businesses have been running servers since before Linux
started getting mainstream exposure.  Many of them on Windows.  Which
means they face the cost of converting, recoding, redesigning, in order to
use Linux.  Some will, some won't, some will wait.  Heck, upgrading from
Windows to a nwe version of Windows is often problematic - certainly not
something you do on a whim for a production server.  Do you really think
migrating to a considerably different platform is going to _reduce_
migration hassles?

Adoption of a new technology takes time, no matter how good that
technology is.  Here we are in the age of DVDs and CDs... but many people
still have their old casette tapes, and even their old LPs.  I've got a
DVD player, but I've still got a mess of VHS tapes - including some I've
bought _since_ I got the DVD player.  Some of these were because the movie
isn't available, some simply because I didn't feel like paying $30 for a
movie I could get for $12.

HDTV is available.  Check the average household - think most people have
it?

A new technology takes time to be adopted.  It helps if it has mainstream
media exposure, advertising, etc, which Linux largely lacks.  Even if it
had that, though, it wouldn't replace Windows overnight. Nor in 10 years.

> ???  Do Linux updates download faster than Windows on a dialup
> connection?

Actually... yes, generally.  Thing is, Linux packages are small,
generally. Let's see.  There are, currently, 2339 packages in my local
repository.  Total storage required: 2.1Gb.  That means an average of
897,819 bytes per package.  Less than a meg.  KDevelop 3.0 is some
9,086,468 bytes - call it 10 Mb. SP5 for Visual Studio 6 was something
like 20 times as large.

Most Windows packages *still* bundle their own installers - InstallShield,
Wise, whatever.  Typical overhead _per application_ is close to a meg -
about the size of the average Linux package - but that's just for the
installer, not the application itself.

>> In many cases, you'll find it's the latter.
> 
> Where is all your Linux slopware installed?

In one of the bin folders.  /bin.  /sbin. /usr/local/bin.  Depending on
the package, it may have additional files, such as configs in /etc.

> Do you know the name and
> location of every file that was installed from all the thousands of
> packages, and then supposedly removed?  Or do you just trust Linux
> 'cause it's Linux?  That's my bet.

Umm... actually... see... when I look at a package in the handy little GUI
install program, one of the things it'll show me is a complete list of all
the files contained in the package.  Which means I can, indeed, check to
see if they're _all_ gone or not.

Generally, you'll find the only things left behind are modified
configuration files. 

For some reason, when I run various registry-checking tools in Windows,
I'll often find reports of things such as references to DLLs that don't
exist - meaning the program that installed the DLL has been removed,
taking the DLL with it - but the registry hasn't been cleaned up. 
Application paths are often left behind.  Hell, in a lot of cases, largish
portions of the program files folder that the application lived in is left
behind.

Leave the config information, sure.  But why leave the dross?

DFS, after spending 3 minutes figuring out which end of the pen to use, wrote:

> "William Poaster" <willpoast@jvyycbnfg.zr.hx> wrote in message
> news:pan.2004.06.15.23.07.04.4138@jvyycbnfg.zr.hx...
>> begin On Tue, 15 Jun 2004 16:47:03 +0100, spike1 posted:
>>
>> > William Poaster <willpoast@jvyycbnfg.zr.hx> wrote:
>> >>> A new excuse.  Any installation problems or app viruses or security
>> >>> issues are not Linux, 'cause Linux is the kernel.
>> >
>> >> Name an application virus!
>> >
>> > Name *ANY* virus...
>> > (Bet he can't, and if he does, it's probably 4 or more years old and no
>> > longer viable on any version of linux released within the last 4 years)
>>
>> He can't, but *here's* a good one that the wintroll just posted -
>>
>> >Linux machines don't need anti-virus software?
>>
>> > LOL!  Tell it to
>> > Sophos http://www.sophos.com/products/sav/, and Vexira
>> > http://www.centralcommand.com/linux_server.html, and Astaro
>> > http://www.astaro.com/php/contact/google.php?ref=23, and F-Secure
>> > http://www.f-secure.com/products/anti-virus/linux/samba.shtml and
>> > McAfee... et al
>>
>> > Look who's stupid now.  You really are uninformed, aren't you, Linux
>> > moron?
>>
>> Of course as *usual* he posted a knee-jerk reaction, &  he hasn't the
>> foggiest idea that they are to stop Windows viruses being passed on! He
>> obviously didn't stop to think about it! LOL
> 
> 
>  Well, to prove to you Linuxers that I'm not as stupid as you all keep proving
> me to be, I'll give you some good advice, *then* we'll see who comes out
>smelling like a rose and who doesn't (it'll be those who don't take my
>advice).
>  I've been doing some research, and you all know that's what I do best, even
>if I don't ever finish up what I start to read. Anyway, I've discovered that
>there are *many* arab/muslim countries where few, if any, people have invested
>in pork bellies. So, before I told you people, I paid a broker in Afghanistan
>to invest $3000 in the stock, and asked if he could contact other brokers in
>all those other countries to invest $1000 in each country's stock of pork
>bellies. Ha! I'm going to be RICH, since I'm the first to discover this! I
>just thought I'd tell you all *after* I already invested, so the price of the
>stock wouldn't go up before I got mine! That way I'll be better off than
>anyone else!
>  Now try and tell me I'm stupid and that my research is worthless, you future
>bunch of poor people!

  Damn, what rotten luck. We just can't keep up with you.
-- 
Linux 2.4.20-4GB-athlon
  2:03pm  up 5 days 17:27,  3 users,  load average: 0.00, 0.00, 0.00

DFS, after spending 3 minutes figuring out which end of the pen to use, wrote:

> 
> "Rob Hughes" <rob@robhughes.com> wrote in message
> news:kv6dnewFec97GVLdRVn-jg@comcast.com...
>> DFS is alleged to have said in comp.os.linux.advocacy:
>>
>> > Sure I can.  They were all Linux-related, weren't they?
>>
>> No, some were for a couple different flavors of BSD. Not that I expect you
>> to understand that, given your self-admitted ignorance.
> 
> 
> I do understand the difference.
> 
> Berkeley Software Distribution predates Linux by about 10 or 15 years, and
> was developed primarily by Bill Joy (cofounder of Sun, and recently departed
> I think) at UCBerkeley.
> 
> And it only took me 3 hours to research that on google so I could answer you!

  Good doggy.
-- 
Linux 2.4.20-4GB-athlon
  2:26pm  up 5 days 17:51,  3 users,  load average: 0.14, 0.08, 0.04

In comp.os.linux.advocacy, DFS
<nospam@nospam.com>
 wrote
on Wed, 16 Jun 2004 00:13:05 -0400
<10cviffniqnos71@corp.supernews.com>:
> "The Ghost In The Machine" <ewill@aurigae.athghost7038suus.net> wrote in
> message news:ani4q1-t3o.ln1@lexi2.athghost7038suus.net...
>> In comp.os.linux.advocacy, DFS
>> <nospam@nospam.com>
>>  wrote
>> on Tue, 15 Jun 2004 16:48:49 -0400
>> <10cuoef85g1fd8@corp.supernews.com>:
>> > "The Ghost In The Machine" <ewill@aurigae.athghost7038suus.net> wrote in
>> > message news:cup3q1-spn.ln1@lexi2.athghost7038suus.net...
>> >> In comp.os.linux.advocacy, DFS
>> >> <nospam@nospam.com>
>> >>  wrote
>> >> on Tue, 15 Jun 2004 00:40:51 -0400
>> >> <10csvng3p2ns7cd@corp.supernews.com>:
>> >> > http://www.linuxsecurity.com/articles/forums_article-34.html
>> >> >
>> >> > In just two weeks, I've seen over 80 brand new Linux security
>> >> > vulnerabilities reported on www.linuxsecurity.com.
>> >> >
>> >> > So, when you say Linux is secure, exactly what are you talking about?
>> >> >
>> >> >
>> >>
>> >> INC: incompatibility/incomplete implementation causes service failure
>> >> DOS: denial of service
>> >> KOS: killer of service
>> >> ILK: sensitive information leakage
>> >> LSE: local server exploit: non-root files may be overwritten if they
>> >>      have correct ownership
>> >> LRE: local root exploint: root files may be overwritten!
>> >> RSE: remote server exploit *** Possibility of a problem ****
>> >> RRE: remote root exploit **** EXTREMELY DANGEROUS ***
>> >>
>> >> Debian vulnerabilities:
>> >> 2004-06-08 gatos - privilege escalation vulnerability in xatitv (?)
>> >> 2004-06-08 jftpgw - format string vulnerability (LSE)
>> >> 2004-06-08 etherial - buffer overflows (?)
>> >> 2004-06-08 gallery - unauthenticated access (RSE?)
>> >> 2004-06-08 rsync - directory traversal vulnerability (RSE)
>> >> 2004-06-08 log2mail - format string vulnerability (LSE)
>> >> 2004-06-08 kernel - privilege escalation vulnerability (LRE/sparc only)
>> >> 2004-06-08 lha - multiple vulnerabilities (LSE/LRE)
>> >> 2004-06-08 postgresql (KOS)
>> >> 2004-06-10 cvs - buffer overflow (RSE?)
>> >>
>> >> Fedora vulnerabilities:
>> >> 2004-06-08 cups - non-encryption vulnerability (?)
>> >> 2004-06-08 etherial - same as above
>> >> 2004-06-08 net-tools (RSE)
>> >> 2004-06-08 krb5 - buffer overflows (LRE)
>> >> 2004-06-08 squirrelmail (?)
>> >> 2004-06-08 squid (RRE)
>> >>
>> >> FreeBSD:
>> >> 2004-06-08 kernel routing table flaw (DOS/RRE?)
>> >>
>> >> Gentoo:
>> >> 2004-06-08 tla - heap overflow (LRE?)
>> >> 2004-06-08 MPlayer/xine-lib (LSE)
>> >> 2004-06-08 Etherial - same as above
>> >> 2004-06-08 tripwire - format string vulnerability (LSE/LRE)
>> >> 2004-06-08 sitecopy - multiple (RRE)
>> >> 2004-06-08 mailman - password leak (ILK)
>> >> 2004-06-08 apache - buffer overflow (RRE)
>> >> 2004-06-08 cvs - same as above?
>> >>
>> >> Mandrake:
>> >> 2004-06-08 mdkonline - incompatibility (INC)
>> >> 2004-06-08 xpcd - buffer overflow (LRE)
>> >> 2004-06-08 mod_ssl - buffer overflow (RRE)
>> >> 2004-06-08 apache2 - same as mod_ssl (RRE)
>> >> 2004-06-08 krb5 - same as above
>> >> 2004-06-08 tripwire - same as above
>> >> 2004-06-08 krb5 - patch fix
>> >> 2004-06-08 mdkonline - patch fix
>> >> 2004-06-08 cvs - same as above
>> >> 2004-06-08 squid - long password buffer overflow (RRE)
>> >> 2004-06-08 ksymoops - insecure tempfile (LSE)
>> >>
>> >> NetBSD:
>> >> 2004-06-08 cvs - same as above
>> >>
>> >> OpenBSD:
>> >> 2004-06-10 cvs - same as above
>> >>
>> >> RedHat:
>> >> 2004-06-08 cvs - same as above
>> >> 2004-06-09 etherial - same as above
>> >> 2004-06-09 krb5 - same as above
>> >> 2004-06-09 squid - same as above
>> >> 2004-06-09 cvs - same as above
>> >>
>> >> Slackware:
>> >> 2004-06-08 mod_ssl - same as above
>> >> 2004-06-08 php - insecure path vulnerability (LSE)
>> >> 2004-06-10 cvs - same as above
>> >>
>> >> SuSE:
>> >> 2004-06-08 cvs - same as above
>> >> 2004-06-10 squid - same as above
>> >>
>> >> Trustix:
>> >> 2004-06-08 apache - same as above
>> >> 2004-06-08 kerberos5 - same as above (krb5)
>> >> 2004-06-08 squid - same as above
>> >>
>> >> Turbolinux:
>> >> 2004-06-08 cvs -- same as above
>> >> 2004-06-08 tcpdump -- buffer overflows (RSE/RRE)
>> >> 2004-06-08 apache -- same as above
>> >>
>> >>
>> >> * * *
>> >>
>> >> It is clear that there are a large number of duplicates here.
>> >
>> > I can't say that with certainty, but I have done a little digging, and
> in
>> > the two I checked (the krb5 buffer overflow issue that appears in
> Fedora,
>> > Mandrake, RedHat and Trustix, and the apache issue appearing in Gentoo
> and
>> > Trustix), they do appear to point to the same set of problems with the
>> > respective apps (MIT Kerberos 5, and apache mod_ssl).
>> >
>> > krb5 issue:
> http://marc.theaimsgroup.com/?l=bugtraq&m=108612325909496&w=2
>> >
>> >
>> >> I count 32 unique issues, of which two are indications of
>> >> patch fixes so that leaves 30.
>> >
>> > I won't check all your work; I checked two and you were correct.
>> >
>> > How did you decipher them so quickly?  The descriptions aren't specific
>> > enough; maybe you just knew they listed the same bugs across all
> affected
>> > distros?  I'll know next time - but I still won't take the time to find
> out
>> > how many are dupes.  I'll just report the raw number.
>>
>> Most of the distros use common source code with maybe a patch or two.
>
> That website should list those vulnerabilities differently, to make it
> easier for me to use when I'm beating up on Linux morons.  They should list
> them by app, then distro/platform.
>
>
>
>> I basically assumed that they were the same; without extensive
>> checking, though, there's no way to be sure.  But the wording
>> isn't all that unique for most of these anyway.
>
> I see that now.
>
>
>
>
>> > Regardless, that's at least 30 new security vulnerabilities; not 52.
>> > Neither number is encouraging for such a "secure" platform.
>>
>> Correct, it's not.  Of course Linux has yet to achieve C2
>> certification anyway -- and it never can (C2 certification
>> is applied to a software/hardware *combo*, not to the
>> OS alone -- NT's C2 certification applied to a specific
>> machine, and IIRC the floppy was epoxied shut),
>
> So that was just artistic license when the hot female CIA trainee in "The
> Recruit" copied sensitive files to a USB key and smuggled them out via a
> lead-lined lid in her coffee cup?  Man, I am gullible...

Not familiar with "The Recruit" (or for that matter any hot female CIA
trainees -- though JBailo will no doubt oblige us :-) ), but that's
extremely simple to do with current Linux software, and probably not
all that difficult with a standard corporate-based Windows system.

I happen to have a dangling memstick myself.  (I figured it might
be useful and it wasn't too expensive.)  Plug it in, mount, and
copy.  In a pinch one can skip the mount if one has
an appropriate daemon.

How does one stop that?  Well, with Linux, it's actually
fairly easy: if one has no root access and there's no
supermount daemon and there's no entry in /etc/fstab,
and the /dev entries are locked down properly, one
can't use the memstick.

I don't know what Windows will do, admittedly, though hopefully
one can lock it down in a similar fashion.

>
>
>
>
>> but that
>> won't stop it from being less vulnerabile to "clickware",
>> because of a totally different design.
>
>
>
>> >> All of these have available patches.
>> >
>> > Great.  That leaves the open sourcers twiddling their thumbs until the
> next
>> > security issues are found (later today).
>> >
>>
>> No, we will be downloading more patches.  It's a never-ending process.
>
> Of course it is.  Linux security isn't nearly the bulletproof foundation the
> Linux morons keep crowing about.

Correct, although I for one am wondering how the leak in the
Linux bucket compares to the Windows collander you seem to be using... :-)

>
>
>
>
>> >> How many outstanding issues does XP, 2k, NT, Me, and 98 have?
>> >> (I don't count 95.)
>> >
>> > You'll have to ask MS about that.
>> >
>>
>> I was certain you knew. :-)  Obviously, you would have been
>> crowing that, say, XP only had 3 already-patched security
>> vulnerabilities, had you known that XP only had 3 already-patched
>> security vulnerabilities.
>
> You can bet on that...

So...how many security vulnerabilities does XP have?

>
>
>
>> Obviously, you don't know how many
>> vulnerabilities are in there -- a bad sign.
>
> I'm sure you're not looking to me for the State of Windows.

Well, we're sure not looking at you for the State of Linux. :-)

> I doubt more
> than a single handful of MS people know about all the Win vulnerabilities -
> Gates sure isn't one of them.

There used to be a bunch calling themselves l0pht -- they've
since changed their name -- who might know a few of 'em... :-)

>
>
>
>
>
>> -- 
>> #191, ewill3@earthlink.net
>> It's still legal to go .sigless.
>
>


-- 
#191, ewill3@earthlink.net
It's still legal to go .sigless.

In comp.os.linux.advocacy, DFS
<nospam@nospam.com>
 wrote
on Wed, 16 Jun 2004 00:14:32 -0400
<10cvii6c0uabce8@corp.supernews.com>:
> "The Ghost In The Machine" <ewill@aurigae.athghost7038suus.net> wrote in
> message news:25j4q1-t3o.ln1@lexi2.athghost7038suus.net...
>
>> Well, part of the problem is that your specific issues
>> count is 8; *the* issues which may (or most likely may not)
>> apply to everybody are 30, but only under very certain
>> conditions -- as you commented briefly above.
>>
>> They are concerns, but how they compare to Windows' malware is
>> not entirely clear, mostly because I'm not sure what comparison
>> method to use: Windows malware costs millions, if not hundreds
>> of millions, to eradicate, partly because of the sheer number
>> of Windows boxes out there, and partly because of the number
>> of Windows patches out there -- some of which work -- and partly
>> because of the number of idiots out there who click on things
>> without thinking just because they look like official Earthlink
>> e-mail.  (I know.  I got one.  However, because I use mailx,
>> I could easily see the headers and was immune to whatever it
>> contained.)
>>
>> If one wants to compare just the *problem* reports, they
>> are just about equal -- but one has to squint a bit as the
>> ones I've transcribed above *have already been patched*;
>> in many cases the Windows ones have merely been identified
>> as potential issues, AFAIK.
>>
>> Compared to Windows' malware, Lion and Ramen were ridiculously small.
>> Score one for a highly compartmentalized software system -- but DFS
>> had better be careful as he's comparing apples to hand grenades. :-)
>
> And you can choke to death on an apple just as surely as on a hand
> grenade....
>

Yeah, but apples are edible, at least (although one might want
to slice them first).  I wouldn't recommend ingesting a hand grenade.

Did you have a point here or are you just trying to sell the
idea that Windows XP security is superior?  If so, I'd call
for intellectual backup; you're not doing very well... :-)

>
>> -- 
>> #191, ewill3@earthlink.net
>> It's still legal to go .sigless.
>

-- 
#191, ewill3@earthlink.net
It's still legal to go .sigless.

In comp.os.linux.advocacy, Jim Richardson
<warlock@eskimo.com>
 wrote
on Wed, 16 Jun 2004 08:34:00 GMT
<arb5q1-edh.ln1@grendel.myth>:
>
> On Tue, 15 Jun 2004 18:40:01 -0400,
>  DFS <nospam@nospam.com> wrote:
>> "William Poaster" <willpoast@jvyycbnfg.zr.hx> wrote in message
>> news:pan.2004.06.15.22.28.30.806438@jvyycbnfg.zr.hx...
>>> begin On Tue, 15 Jun 2004 18:13:17 -0400, DFS posted:
>>>
>>> > What's next for Linux?  I'll tell you what's next: anti-virus software,
>>> > automatic updating, constant security patches, etc.  Sound familiar?
>>>
>>> AV software? LOL Yes, to stop windows machines being infected, otherwise a
>>> linux machine doesn't need it. Read the links below, stupid!
>>
>> Linux machines don't need anti-virus software?
>>
>> LOL!  Tell it to
>> Sophos http://www.sophos.com/products/sav/,
>> and Vexira http://www.centralcommand.com/linux_server.html,
>> and Astaro http://www.astaro.com/php/contact/google.php?ref=23,
>> and F-Secure http://www.f-secure.com/products/anti-virus/linux/samba.shtml
>> and McAfee... et al
>>
>> Look who's stupid now.  You really are uninformed, aren't you, Linux moron?
>>
>
> It's amusing to see you shoot yourself in the foot so often. 

It would be more amusing if he had any feet *left*... :-)

>
>
> Those AV programmes, are to filter out viruses affecting MS-Windows
> machines. The programmes are meant to be used on a
> mailserver/fileserver, to protect the MS-Windows machines. 
>
> So yeah, you do look stupid now. 

Still a neat idea, though -- catch the virus on a different system.
I can't fault them for that -- and it might make the downstream
Windows boxes safer.

>
>
>
>>
>>
>>
>>> -- 
>>> The short life and hard times of a Linux virus
>>> http://librenix.com/?inode=21
>>> Linux vs. Windows Viruses
>>> http://www.securityfocus.com/columnists/188
>>
>>
>
>
>


-- 
#191, ewill3@earthlink.net
It's still legal to go .sigless.

"Kelsey Bjarnason" <kelseyb@xxnospamyy.lightspeed.bc.ca> wrote in message
news:pan.2004.06.16.18.47.31.364331@xxnospamyy.lightspeed.bc.ca...
> [snips]
>
> On Wed, 16 Jun 2004 12:44:34 -0400, DFS wrote:
>
> >> So, us linux people CAN just install, configure and then sleep in our
> > chairs
> >> most of the time, the system keeps itself up to date, and cleans up
after
> >> itself.
> >
> > Thus we would expect Linux to have a better market share than Windows
(for
> > server OSes)
>
> Why?  Why would you expect Linux to have a better market share in any
> segment?

Because it's free or very low cost, and in some cases functionally
equivalent and easy enough to use.  It's based on Unix, which has been
around for much longer than Windows.  It has better security.  It's easier
to update, etc.  You've been droning on about Linux superiority for years
now, I would guess.  But the market, which is composed of many, many smart
people (not that you're not intelligent - you are), has chosen Windows.



> 2K3 is, supposedly, better than 2K, right?  Do a quick check - see how
> many copies of each are running.  I'll bet you'll find that,
> comparatively, 2K3 is non-existant.

Win2003 just came out around a year ago, and it's not a free upgrade.  Were
it free, what percent of users do you think would have upgraded?  80% to
90%, at least, I think.



> You're overlooking some significant points.  First, Linux is relatively
> new

Introduced in '91, about 6 months to a year after Windows 3.0.  Of course,
it didn't have a decent UI for quite a while afterwards.  And Intel hardware
support was small.  And it was tough to get installed.  (hey, not much has
changed in Linux!)



> and, to many people, "unproven", technology - so they're not going to
> be in a hurry to adopt, especially if keeping things running is critical
> to their business.

Unproven?  Unix is proven, and it has a smaller market share than Linux.



> Second, Linux is different.  Even if they regard it as a better solution,
> they still need to learn it, learn how to administer it, secure it,
> performance-tune it, etc.

It's a Unix clone, and Unix has been around for a long time.



> Third, a lot of businesses have been running servers since before Linux
> started getting mainstream exposure.  Many of them on Windows.  Which
> means they face the cost of converting, recoding, redesigning, in order to
> use Linux.  Some will, some won't, some will wait.  Heck, upgrading from
> Windows to a nwe version of Windows is often problematic - certainly not
> something you do on a whim for a production server.  Do you really think
> migrating to a considerably different platform is going to _reduce_
> migration hassles?
>
> Adoption of a new technology takes time, no matter how good that
> technology is.  Here we are in the age of DVDs and CDs... but many people
> still have their old casette tapes, and even their old LPs.  I've got a
> DVD player, but I've still got a mess of VHS tapes - including some I've
> bought _since_ I got the DVD player.  Some of these were because the movie
> isn't available, some simply because I didn't feel like paying $30 for a
> movie I could get for $12.

According to you nuts, Linux is the CD to Windows VHS.  And your free CD
implementation is finally starting to take off, 10 years after its
introduction.


> HDTV is available.  Check the average household - think most people have
> it?

Bad analogy, pal.  HDTV is around 3x the cost of standard TV, and few
programs are broadcast in it.


> A new technology takes time to be adopted.  It helps if it has mainstream
> media exposure, advertising, etc, which Linux largely lacks.  Even if it
> had that, though, it wouldn't replace Windows overnight. Nor in 10 years.

Your "community" of cola maniacs thinks the Sun deal with China means MS
will be dead in a few years.  I predict differently.



> > ???  Do Linux updates download faster than Windows on a dialup
> > connection?
>
> Actually... yes, generally.  Thing is, Linux packages are small,
> generally. Let's see.  There are, currently, 2339 packages in my local
> repository.  Total storage required: 2.1Gb.  That means an average of
> 897,819 bytes per package.  Less than a meg.  KDevelop 3.0 is some
> 9,086,468 bytes - call it 10 Mb. SP5 for Visual Studio 6 was something
> like 20 times as large.
>
> Most Windows packages *still* bundle their own installers - InstallShield,
> Wise, whatever.  Typical overhead _per application_ is close to a meg -
> about the size of the average Linux package - but that's just for the
> installer, not the application itself.

Yes, Windows programs can be big.  Not like Windows games, though.  Some
games are on the order of 4 to 5 gigabytes nowadays.


> >> In many cases, you'll find it's the latter.
> >
> > Where is all your Linux slopware installed?
>
> In one of the bin folders.  /bin.  /sbin. /usr/local/bin.  Depending on
> the package, it may have additional files, such as configs in /etc.
>
> > Do you know the name and
> > location of every file that was installed from all the thousands of
> > packages, and then supposedly removed?  Or do you just trust Linux
> > 'cause it's Linux?  That's my bet.
>
> Umm... actually... see... when I look at a package in the handy little GUI
> install program, one of the things it'll show me is a complete list of all
> the files contained in the package.  Which means I can, indeed, check to
> see if they're _all_ gone or not.

So you do have to go hunting around your machine to ensure they're all gone.



> Generally, you'll find the only things left behind are modified
> configuration files.

Generally?  What?  It doesn't remove them all for you?  You have to go
hunting around to remove Linux installations?

That's what I thought.




> For some reason, when I run various registry-checking tools in Windows,
> I'll often find reports of things such as references to DLLs that don't
> exist - meaning the program that installed the DLL has been removed,
> taking the DLL with it - but the registry hasn't been cleaned up.

It can be a mess; no doubt, and there's no excuse for it.



> Application paths are often left behind.  Hell, in a lot of cases, largish
> portions of the program files folder that the application lived in is left
> behind.
>
> Leave the config information, sure.  But why leave the dross?

'Cause the closed source vendors wrote poor uninstall routines.

<spike1@freenet.co.uk> wrote in message
news:t7e6q1-li1.ln1@ridcully.fsnet.co.uk...
> DFS <nospam@nospam.com> did eloquently scribble:
> > Thus we would expect Linux to have a better market share than Windows
(for
> > server OSes); instead the reverse is true, and Linux has about one-third
the
> > Windows server OS market share (Wired Magazine, June 04, pg 154, source:
> > IDC).
>
> How did they calculate this? Sales? LOL

Installations, of course.



> > ???  Do Linux updates download faster than Windows on a dialup
connection?
> > I guess time might pass a little faster while you're sitting there
sifting
> > through all that Linux crapware, wondering why this program was written
and
> > why it was included on your distro and where you can file bug reports.
>
> Yes, they do, specially with suse, because it only updates the files
that've
> change rather than the entire package in most cases.

The update files don't download faster.



> >> (I know someone who sold a bloke a PC last month, the next day he got a
> >> support call saying it was being slow, went to check and he'd got over
400
> >> spyware and viruses on it... in just 24 hours! the mind boggles)
> >
> > Somewhere out there many Linux morons are giggling about the Win32
viruses
> > they released.
>
> Yeah, riiiight. We've got better things to do than learn how to program
for
> windows and write shitty viruses.

Those of you that have been caught don't have anything better to do, except
try to pass several years in jail without access to a computer.



> >> In many cases, you'll find it's the latter.
> >
> > Where is all your Linux slopware installed?  Do you know the name and
> > location of every file that was installed from all the thousands of
> > packages, and then supposedly removed?  Or do you just trust Linux
'cause
> > it's Linux?  That's my bet.
>
> With an rpm or a deb, running with the uninstall switch will remove
> everything that was in the rpm. if you make && make install, you can make
> uninstall. and even if there's no make uninstall option in the makefile
it's
> not hard to find out where everything went.

How do you know where everything went?  Without looking at the installation
source code, you don't know.



> Added to that the filesystem hierarchy in linux, where there's a place for
> everything, it's easy enough to track down things.

And why is it important to know where every file was installed to, or
uninstalled from?



> windows installers dump files all over the shop with no rhyme or reason,
and
> linux has no registry to worry about.

The programmers have their various rhymes and reasons, but yes, they're not
real orderly in some cases.




> --------------------------------------------------------------------------
---
> |   spike1@freenet.co.uk   |   Windows95 (noun): 32 bit extensions and a
|
> |                          | graphical shell for a 16 bit patch to an 8
bit |
> |Andrew Halliwell BSc(hons)| operating system originally  coded for a 4
bit |
> |            in            |microprocessor, written by a 2 bit company,
that|
> |     Computer Science     |        can't stand 1 bit of competition.
|
> --------------------------------------------------------------------------
---

That's a clever sig, Linux moron.  I'll have to come up with my own.

"Norwegian Formula" <R@bastards.com> wrote in message
news:40d09dfd_1@newspeer2.tds.net...
> DFS, after spending 3 minutes figuring out which end of the pen to use,
wrote:
>
> >
> > "Rob Hughes" <rob@robhughes.com> wrote in message
> > news:kv6dnewFec97GVLdRVn-jg@comcast.com...
> >> DFS is alleged to have said in comp.os.linux.advocacy:
> >>
> >> > Sure I can.  They were all Linux-related, weren't they?
> >>
> >> No, some were for a couple different flavors of BSD. Not that I expect
you
> >> to understand that, given your self-admitted ignorance.
> >
> >
> > I do understand the difference.
> >
> > Berkeley Software Distribution predates Linux by about 10 or 15 years,
and
> > was developed primarily by Bill Joy (cofounder of Sun, and recently
departed
> > I think) at UCBerkeley.
> >
> > And it only took me 3 hours to research that on google so I could answer
you!

Give me a little more credit, Linux morons.  I was probably using Linux, in
1997, before you were.




>   Good doggy.
> -- 
> Linux 2.4.20-4GB-athlon
>   2:26pm  up 5 days 17:51,  3 users,  load average: 0.14, 0.08, 0.04
>

"The Ghost In The Machine" <ewill@aurigae.athghost7038suus.net> wrote in
message news:lp76q1-49p.ln1@lexi2.athghost7038suus.net...

> In comp.os.linux.advocacy, DFS

> > So that was just artistic license when the hot female CIA trainee in
"The
> > Recruit" copied sensitive files to a USB key and smuggled them out via a
> > lead-lined lid in her coffee cup?  Man, I am gullible...
>
> Not familiar with "The Recruit" (or for that matter any hot female CIA
> trainees -- though JBailo will no doubt oblige us :-) ), but that's
> extremely simple to do with current Linux software, and probably not
> all that difficult with a standard corporate-based Windows system.
>
> I happen to have a dangling memstick myself.  (I figured it might
> be useful and it wasn't too expensive.)  Plug it in, mount, and
> copy.  In a pinch one can skip the mount if one has
> an appropriate daemon.
>
> How does one stop that?  Well, with Linux, it's actually
> fairly easy: if one has no root access and there's no
> supermount daemon and there's no entry in /etc/fstab,
> and the /dev entries are locked down properly, one
> can't use the memstick.
>
> I don't know what Windows will do, admittedly, though hopefully
> one can lock it down in a similar fashion.

Haven't tried it, but you have to have administrative privileges to run
certain Plug-n-Play devices on Windows.




> >> >> All of these have available patches.
> >> >
> >> > Great.  That leaves the open sourcers twiddling their thumbs until
the
> > next
> >> > security issues are found (later today).
> >> >
> >>
> >> No, we will be downloading more patches.  It's a never-ending process.
> >
> > Of course it is.  Linux security isn't nearly the bulletproof foundation
the
> > Linux morons keep crowing about.
>
> Correct, although I for one am wondering how the leak in the
> Linux bucket compares to the Windows collander you seem to be using... :-)

Either way, we're all wet.





> >> >> How many outstanding issues does XP, 2k, NT, Me, and 98 have?
> >> >> (I don't count 95.)
> >> >
> >> > You'll have to ask MS about that.
> >> >
> >>
> >> I was certain you knew. :-)  Obviously, you would have been
> >> crowing that, say, XP only had 3 already-patched security
> >> vulnerabilities, had you known that XP only had 3 already-patched
> >> security vulnerabilities.
> >
> > You can bet on that...
>
> So...how many security vulnerabilities does XP have?

One... the user.





> >> Obviously, you don't know how many
> >> vulnerabilities are in there -- a bad sign.
> >
> > I'm sure you're not looking to me for the State of Windows.
>
> Well, we're sure not looking at you for the State of Linux. :-)

Kernel 2.6.7-RC3 is coming out soon.  I can't wait!  There will be lots of
new articles on kernel panics, failed upgrades, broken packages, etc.







> > I doubt more
> > than a single handful of MS people know about all the Win
vulnerabilities -
> > Gates sure isn't one of them.
>
> There used to be a bunch calling themselves l0pht -- they've
> since changed their name -- who might know a few of 'em... :-)

Never heard of 'em.  Sounds like a hacker name.  Like "The Ghost In The
Machine."

"The Ghost In The Machine" <ewill@aurigae.athghost7038suus.net> wrote in
message news:6t76q1-49p.ln1@lexi2.athghost7038suus.net...
> In comp.os.linux.advocacy, DFS
> <nospam@nospam.com>
>  wrote
> on Wed, 16 Jun 2004 00:14:32 -0400
> <10cvii6c0uabce8@corp.supernews.com>:
> > "The Ghost In The Machine" <ewill@aurigae.athghost7038suus.net> wrote in
> > message news:25j4q1-t3o.ln1@lexi2.athghost7038suus.net...
> >
> >> Well, part of the problem is that your specific issues
> >> count is 8; *the* issues which may (or most likely may not)
> >> apply to everybody are 30, but only under very certain
> >> conditions -- as you commented briefly above.
> >>
> >> They are concerns, but how they compare to Windows' malware is
> >> not entirely clear, mostly because I'm not sure what comparison
> >> method to use: Windows malware costs millions, if not hundreds
> >> of millions, to eradicate, partly because of the sheer number
> >> of Windows boxes out there, and partly because of the number
> >> of Windows patches out there -- some of which work -- and partly
> >> because of the number of idiots out there who click on things
> >> without thinking just because they look like official Earthlink
> >> e-mail.  (I know.  I got one.  However, because I use mailx,
> >> I could easily see the headers and was immune to whatever it
> >> contained.)
> >>
> >> If one wants to compare just the *problem* reports, they
> >> are just about equal -- but one has to squint a bit as the
> >> ones I've transcribed above *have already been patched*;
> >> in many cases the Windows ones have merely been identified
> >> as potential issues, AFAIK.
> >>
> >> Compared to Windows' malware, Lion and Ramen were ridiculously small.
> >> Score one for a highly compartmentalized software system -- but DFS
> >> had better be careful as he's comparing apples to hand grenades. :-)
> >
> > And you can choke to death on an apple just as surely as on a hand
> > grenade....
> >
>
> Yeah, but apples are edible, at least (although one might want
> to slice them first).  I wouldn't recommend ingesting a hand grenade.
>
> Did you have a point here or are you just trying to sell the
> idea that Windows XP security is superior?  If so, I'd call
> for intellectual backup; you're not doing very well... :-)

My point is the better Linux security (relative to Windows) isn't good
enough.  Either system can and will be and has been compromised.




> >
> >> -- 
> >> #191, ewill3@earthlink.net
> >> It's still legal to go .sigless.
> >
>
> -- 
> #191, ewill3@earthlink.net
> It's still legal to go .sigless.

DFS <nospam@nospam.com> did eloquently scribble:
> 
> <spike1@freenet.co.uk> wrote in message
> news:t7e6q1-li1.ln1@ridcully.fsnet.co.uk...
>> DFS <nospam@nospam.com> did eloquently scribble:
>> > Thus we would expect Linux to have a better market share than Windows
> (for
>> > server OSes); instead the reverse is true, and Linux has about one-third
> the
>> > Windows server OS market share (Wired Magazine, June 04, pg 154, source:
>> > IDC).
>>
>> How did they calculate this? Sales? LOL
> 
> Installations, of course.

How do they know who's got what installed? They can't go around every single
company and count each and every server.

>> Yes, they do, specially with suse, because it only updates the files
>> that've change rather than the entire package in most cases.
> 
> The update files don't download faster.

What update files?
The ones I just told you are downloadable using a 56k modem?
 
>> Yeah, riiiight. We've got better things to do than learn how to program
> for
>> windows and write shitty viruses.
> 
> Those of you that have been caught don't have anything better to do, except
> try to pass several years in jail without access to a computer.

So, now it's not just linux that's insecure, it's all the linux users
writing viruses?

Get a life! better yet, get a brain.

>> >> In many cases, you'll find it's the latter.
>> >
>> > Where is all your Linux slopware installed?  Do you know the name and
>> > location of every file that was installed from all the thousands of
>> > packages, and then supposedly removed?  Or do you just trust Linux
> 'cause
>> > it's Linux?  That's my bet.
>>
>> With an rpm or a deb, running with the uninstall switch will remove
>> everything that was in the rpm. if you make && make install, you can make
>> uninstall. and even if there's no make uninstall option in the makefile
> it's
>> not hard to find out where everything went.
> 
> How do you know where everything went?  Without looking at the installation
> source code, you don't know.

Course you fucking do, you LOOK at what make install is doing!
I suggest you learn how to use linux, then maybe, you can learn how to use
make too.

>> Added to that the filesystem hierarchy in linux, where there's a place for
>> everything, it's easy enough to track down things.
> 
> And why is it important to know where every file was installed to, or
> uninstalled from?

Cos it saves time if you know beforehand what the filenames and file paths
were that make install used, idiot.
-- 
______________________________________________________________________________
|   spike1@freenet.co.uk   |                                                 |
|Andrew Halliwell BSc(hons)| "ARSE! GERLS!! DRINK! DRINK! DRINK!!!"          |
|            in            | "THAT WOULD BE AN ECUMENICAL MATTER!...FECK!!!! |
|     Computer Science     | - Father Jack in "Father Ted"                   |
------------------------------------------------------------------------------

DFS wrote:

> My point is the better Linux security (relative to Windows) isn't good
> enough.  Either system can and will be and has been compromised.

Nope.

There is a fundamental difference between an application loader, such as 
Windos, which can convey execute privileges through a browser interface.

And a Linux system -- which, correctly configured, can block such exploits.

The difference is that a good sysadmin can safeguard Linux.

With Windos, because it is a Boot Application Loader, not an OS -- it 
can never be secure.

That's why all those Windope zombies are pinging www.microsoft.com

DFS wrote:

> Never heard of 'em.  Sounds like a hacker name.  Like "The Ghost In The
> Machine."

DFS -- Department of FUD and Shit

DFS wrote:


> Give me a little more credit, Linux morons.  I was probably using Linux, in
> 1997, before you were.

Sure you were, Napoleon.

DFS wrote:

> <spike1@freenet.co.uk> wrote in message

>>linux has no registry to worry about.
> 
> 
> The programmers have their various rhymes and reasons, but yes, they're not
> real orderly in some cases.

The registry is a 1995 era, simple hierachical database.

It was designed for 10 person workgroup apps, but because M$ developers 
had no idea how to write such, it was licensed 3rd party.

The world has been paying the price ever since...

DFS wrote:

> Win2003 just came out around a year ago, and it's not a free upgrade.  Were
> it free, what percent of users do you think would have upgraded?  80% to
> 90%, at least, I think.

Service Packs are free, but many corporations ( Boeing ) hold off on 
installing because Microsoft /Upgrades/ are notorious for crashing 
functional programs and disabling formerly working services.

They evaluate each SP for at least 6 months, and sometimes *skip* an 
upgrade.

So, it would be the same for a /free/ 2003 server.

Face it DFS, M$ can't give it away....

This is a multi-part message in MIME format.

------=_NextPart_000_0121_01C453DE.81C78C00
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

"J. P. Morgan" <nineteenth@century.rules> wrote in message =
news:TB3Ac.3408$w07.108@newsread2.news.pas.earthlink.net...
> DFS wrote:
>=20
> > Win2003 just came out around a year ago, and it's not a free =
upgrade.  Were
> > it free, what percent of users do you think would have upgraded?  =
80% to
> > 90%, at least, I think.
>=20
> Service Packs are free, but many corporations ( Boeing ) hold off on=20
> installing because Microsoft /Upgrades/ are notorious for crashing=20
> functional programs and disabling formerly working services.
>=20
> They evaluate each SP for at least 6 months, and sometimes *skip* an=20
> upgrade.

Yes


=20
> So, it would be the same for a /free/ 2003 server.

No, as you will soon see, boy.



=20
> Face it DFS, M$ can't give it away....

heh... maybe the dumbest statement ever made here on cola. =20

Another uninformed Linux moron can't do his research, and relies on a =
"Windoze" advocate to do it for him.  What is it with you lazy-asses?

"Connors added that Windows 2003 was the most successful Windows server =
rollout by the company to date, with over twice the revenue and =
shipments of prior generations during the same time. "  =
http://www.midrangeserver.com/two/two042804-story01.html

and "Sales of Windows Server 2003 have been triple that of Windows 2000 =
Server since the products' respective launches"  =
http://www.microsoft.com/nz/presscentre/articles/2004/jan_28_ASB_release.=
aspx

and http://techrepublic.com.com/5100-6268-5056199.html

Enjoy!


------=_NextPart_000_0121_01C453DE.81C78C00
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2800.1400" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY>
<DIV><FONT size=3D2>"J. P. Morgan" &lt;</FONT><A=20
href=3D"mailto:nineteenth@century.rules"><FONT=20
size=3D2>nineteenth@century.rules</FONT></A><FONT size=3D2>&gt; wrote in =
message=20
</FONT><A =
href=3D"news:TB3Ac.3408$w07.108@newsread2.news.pas.earthlink.net"><FONT=20
size=3D2>news:TB3Ac.3408$w07.108@newsread2.news.pas.earthlink.net</FONT><=
/A><FONT=20
size=3D2>...</FONT></DIV>
<DIV><FONT size=3D2>&gt; DFS wrote:<BR>&gt; <BR>&gt; &gt; Win2003 just =
came out=20
around a year ago, and it's not a free upgrade.&nbsp; Were<BR>&gt; &gt; =
it free,=20
what percent of users do you think would have upgraded?&nbsp; 80% =
to<BR>&gt;=20
&gt; 90%, at least, I think.<BR>&gt; <BR>&gt; Service Packs are free, =
but many=20
corporations ( Boeing ) hold off on <BR>&gt; installing because =
Microsoft=20
/Upgrades/ are notorious for crashing <BR>&gt; functional programs and =
disabling=20
formerly working services.<BR>&gt; <BR>&gt; They evaluate each SP for at =
least 6=20
months, and sometimes *skip* an <BR>&gt; upgrade.<BR></FONT></DIV>
<DIV><FONT size=3D2>Yes</FONT></DIV>
<DIV><FONT size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT size=3D2>&nbsp;<BR>&gt; So, it would be the same for a /free/ =
2003=20
server.<BR></DIV></FONT>
<DIV><FONT size=3D2>No, as you will soon see, boy.</DIV></FONT>
<DIV><FONT size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT size=3D2>&nbsp;<BR>&gt; Face it DFS, M$ can't give it=20
away....</FONT></DIV>
<DIV><FONT size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT size=3D2>heh... maybe the dumbest statement ever made here on =

cola.&nbsp; </FONT></DIV>
<DIV><FONT size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT size=3D2>Another uninformed Linux moron can't do his =
research, and=20
relies on a "Windoze" advocate to do it for him.&nbsp; What is it with =
you=20
lazy-asses?</FONT></DIV>
<DIV><FONT size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT size=3D2>"Connors added that Windows 2003 was the most =
successful=20
Windows server rollout by the company to date, with over twice the =
revenue and=20
shipments of prior generations during the same time. "&nbsp; <A=20
href=3D"http://www.midrangeserver.com/two/two042804-story01.html">http://=
www.midrangeserver.com/two/two042804-story01.html</A></FONT></DIV>
<DIV><FONT size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT size=3D2>and "Sales of Windows Server 2003 have been triple =
that of=20
Windows 2000 Server since the products' respective launches"&nbsp; <A=20
href=3D"http://www.microsoft.com/nz/presscentre/articles/2004/jan_28_ASB_=
release.aspx">http://www.microsoft.com/nz/presscentre/articles/2004/jan_2=
8_ASB_release.aspx</A></FONT></DIV>
<DIV><FONT size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT size=3D2>and </FONT><A=20
href=3D"http://techrepublic.com.com/5100-6268-5056199.html"><FONT=20
size=3D2>http://techrepublic.com.com/5100-6268-5056199.html</FONT></A></D=
IV>
<DIV><FONT size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT size=3D2>Enjoy!</FONT></DIV>
<DIV><FONT size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT size=3D2></FONT>&nbsp;</DIV></BODY></HTML>

------=_NextPart_000_0121_01C453DE.81C78C00--

<spike1@freenet.co.uk> wrote in message
news:ths6q1-lc2.ln1@ridcully.fsnet.co.uk...
> DFS <nospam@nospam.com> did eloquently scribble:
> >
> > <spike1@freenet.co.uk> wrote in message
> > news:t7e6q1-li1.ln1@ridcully.fsnet.co.uk...
> >> DFS <nospam@nospam.com> did eloquently scribble:
> >> > Thus we would expect Linux to have a better market share than Windows
> > (for
> >> > server OSes); instead the reverse is true, and Linux has about
one-third
> > the
> >> > Windows server OS market share (Wired Magazine, June 04, pg 154,
source:
> >> > IDC).
> >>
> >> How did they calculate this? Sales? LOL
> >
> > Installations, of course.
>
> How do they know who's got what installed? They can't go around every
single
> company and count each and every server.

Ask IDC.  But before dismissing them because everything they say isn't
pro-Linux (as another cola nut recently did), understand that many big
corporations pay large sums for their research.




> >> Yes, they do, specially with suse, because it only updates the files
> >> that've change rather than the entire package in most cases.
> >
> > The update files don't download faster.
>
> What update files?
> The ones I just told you are downloadable using a 56k modem?
>
> >> Yeah, riiiight. We've got better things to do than learn how to program
> > for
> >> windows and write shitty viruses.
> >
> > Those of you that have been caught don't have anything better to do,
except
> > try to pass several years in jail without access to a computer.
>
> So, now it's not just linux that's insecure, it's all the linux users
> writing viruses?

I don't know about ALL the Linux users... that's probably exaggerating a
bit.




> Get a life! better yet, get a brain.
>
> >> >> In many cases, you'll find it's the latter.
> >> >
> >> > Where is all your Linux slopware installed?  Do you know the name and
> >> > location of every file that was installed from all the thousands of
> >> > packages, and then supposedly removed?  Or do you just trust Linux
> > 'cause
> >> > it's Linux?  That's my bet.
> >>
> >> With an rpm or a deb, running with the uninstall switch will remove
> >> everything that was in the rpm. if you make && make install, you can
make
> >> uninstall. and even if there's no make uninstall option in the makefile
> > it's
> >> not hard to find out where everything went.
> >
> > How do you know where everything went?  Without looking at the
installation
> > source code, you don't know.
>
> Course you fucking do, you LOOK at what make install is doing!
> I suggest you learn how to use linux, then maybe, you can learn how to use
> make too.
>
> >> Added to that the filesystem hierarchy in linux, where there's a place
for
> >> everything, it's easy enough to track down things.
> >
> > And why is it important to know where every file was installed to, or
> > uninstalled from?
>
> Cos it saves time if you know beforehand what the filenames and file paths
> were that make install used, idiot.
> -- 
>
____________________________________________________________________________
__
> |   spike1@freenet.co.uk   |
|
> |Andrew Halliwell BSc(hons)| "ARSE! GERLS!! DRINK! DRINK! DRINK!!!"
|
> |            in            | "THAT WOULD BE AN ECUMENICAL
MATTER!...FECK!!!! |
> |     Computer Science     | - Father Jack in "Father Ted"
|
> --------------------------------------------------------------------------
----

DFS wrote:

> Ask IDC.  But before dismissing them because everything they say isn't
> pro-Linux (as another cola nut recently did), understand that many big
> corporations pay large sums for their research.

EXACTLY !

They pay them to /create/ statistics that favor them.

What a maroon !!!!

DFS <nospam@nospam.com> did eloquently scribble:
>> So, now it's not just linux that's insecure, it's all the linux users
>> writing viruses?
> 
> I don't know about ALL the Linux users... that's probably exaggerating a
> bit.

s/ALL/any/

-- 
______________________________________________________________________________
|   spike1@freenet.co.uk   |                                                 |
|Andrew Halliwell BSc(hons)| "ARSE! GERLS!! DRINK! DRINK! DRINK!!!"          |
|            in            | "THAT WOULD BE AN ECUMENICAL MATTER!...FECK!!!! |
|     Computer Science     | - Father Jack in "Father Ted"                   |
------------------------------------------------------------------------------

[snips]

On Tue, 15 Jun 2004 18:40:01 -0400, DFS wrote:

> Linux machines don't need anti-virus software?

No, they don't.

> LOL!  Tell it to
> Sophos http://www.sophos.com/products/sav/,
> and Vexira http://www.centralcommand.com/linux_server.html,
> and Astaro http://www.astaro.com/php/contact/google.php?ref=23,
> and F-Secure http://www.f-secure.com/products/anti-virus/linux/samba.shtml
> and McAfee... et al

Why?  They know it.

> Look who's stupid now.  You really are uninformed, aren't you, Linux moron?

Actually, that'd be you.  Simple test for you: see what viruses are
targetted by those tools.  Now check against the list of *Windows*
viruses.  You know, the ones that don't affect Linux?  See if you can spot
any similarities in the lists.

J. P. Morgan, after spending 3 minutes figuring out which end of the pen to use,
wrote:

> DFS wrote:
> 
>> Never heard of 'em.  Sounds like a hacker name.  Like "The Ghost In The
>> Machine."
> 
> DFS -- Department of FUD and Shit

  *AND* proves what a liar he is, when up a few threads he tells us all he was
using linux in 1997 before any of us were! LMAO! DumbFuckingShit is so *full*
of shit, the whites of his eyes are actually brown.
-- 
Linux 2.4.20-4GB-athlon
 10:55pm  up 6 days  2:20,  2 users,  load average: 0.01, 0.03, 0.00

DFS wrote:

> "Kelsey Bjarnason" <kelseyb@xxnospamyy.lightspeed.bc.ca> wrote in message
> news:pan.2004.06.16.18.47.31.364331@xxnospamyy.lightspeed.bc.ca...
> 
>>[snips]
>>
>>On Wed, 16 Jun 2004 12:44:34 -0400, DFS wrote:
>>
>>
>>>>So, us linux people CAN just install, configure and then sleep in our
>>>
>>>chairs
>>>
>>>>most of the time, the system keeps itself up to date, and cleans up
> 
> after
> 
>>>>itself.
>>>
>>>Thus we would expect Linux to have a better market share than Windows
> 
> (for
> 
>>>server OSes)
>>
>>Why?  Why would you expect Linux to have a better market share in any
>>segment?
> 
> 
> Because it's free or very low cost, and in some cases functionally
> equivalent and easy enough to use.  It's based on Unix, which has been
> around for much longer than Windows.  It has better security.  It's easier
> to update, etc.  You've been droning on about Linux superiority for years
> now, I would guess.  But the market, which is composed of many, many smart
> people (not that you're not intelligent - you are), has chosen Windows.
> 
> 
> 
> 
>>2K3 is, supposedly, better than 2K, right?  Do a quick check - see how
>>many copies of each are running.  I'll bet you'll find that,
>>comparatively, 2K3 is non-existant.
> 
> 
> Win2003 just came out around a year ago, and it's not a free upgrade.  Were
> it free, what percent of users do you think would have upgraded?  80% to
> 90%, at least, I think.
> 
> 
> 
> 
>>You're overlooking some significant points.  First, Linux is relatively
>>new
> 
> 
> Introduced in '91, about 6 months to a year after Windows 3.0.  Of course,
> it didn't have a decent UI for quite a while afterwards.  And Intel hardware
> support was small.  And it was tough to get installed.  (hey, not much has
> changed in Linux!)
> 
> 
> 
> 
>>and, to many people, "unproven", technology - so they're not going to
>>be in a hurry to adopt, especially if keeping things running is critical
>>to their business.
> 
> 
> Unproven?  Unix is proven, and it has a smaller market share than Linux.
> 
> 
> 
> 
>>Second, Linux is different.  Even if they regard it as a better solution,
>>they still need to learn it, learn how to administer it, secure it,
>>performance-tune it, etc.
> 
> 
> It's a Unix clone, and Unix has been around for a long time.
> 
> 
> 
> 
>>Third, a lot of businesses have been running servers since before Linux
>>started getting mainstream exposure.  Many of them on Windows.  Which
>>means they face the cost of converting, recoding, redesigning, in order to
>>use Linux.  Some will, some won't, some will wait.  Heck, upgrading from
>>Windows to a nwe version of Windows is often problematic - certainly not
>>something you do on a whim for a production server.  Do you really think
>>migrating to a considerably different platform is going to _reduce_
>>migration hassles?
>>
>>Adoption of a new technology takes time, no matter how good that
>>technology is.  Here we are in the age of DVDs and CDs... but many people
>>still have their old casette tapes, and even their old LPs.  I've got a
>>DVD player, but I've still got a mess of VHS tapes - including some I've
>>bought _since_ I got the DVD player.  Some of these were because the movie
>>isn't available, some simply because I didn't feel like paying $30 for a
>>movie I could get for $12.
> 
> 
> According to you nuts, Linux is the CD to Windows VHS.  And your free CD
> implementation is finally starting to take off, 10 years after its
> introduction.
> 
> 
> 
>>HDTV is available.  Check the average household - think most people have
>>it?
> 
> 
> Bad analogy, pal.  HDTV is around 3x the cost of standard TV, and few
> programs are broadcast in it.
> 
> 
> 
>>A new technology takes time to be adopted.  It helps if it has mainstream
>>media exposure, advertising, etc, which Linux largely lacks.  Even if it
>>had that, though, it wouldn't replace Windows overnight. Nor in 10 years.
> 
> 
> Your "community" of cola maniacs thinks the Sun deal with China means MS
> will be dead in a few years.  I predict differently.
> 
> 
> 
> 
>>>???  Do Linux updates download faster than Windows on a dialup
>>>connection?
>>
>>Actually... yes, generally.  Thing is, Linux packages are small,
>>generally. Let's see.  There are, currently, 2339 packages in my local
>>repository.  Total storage required: 2.1Gb.  That means an average of
>>897,819 bytes per package.  Less than a meg.  KDevelop 3.0 is some
>>9,086,468 bytes - call it 10 Mb. SP5 for Visual Studio 6 was something
>>like 20 times as large.
>>
>>Most Windows packages *still* bundle their own installers - InstallShield,
>>Wise, whatever.  Typical overhead _per application_ is close to a meg -
>>about the size of the average Linux package - but that's just for the
>>installer, not the application itself.
> 
> 
> Yes, Windows programs can be big.  Not like Windows games, though.  Some
> games are on the order of 4 to 5 gigabytes nowadays.
> 
> 
> 
>>>>In many cases, you'll find it's the latter.
>>>
>>>Where is all your Linux slopware installed?
>>
>>In one of the bin folders.  /bin.  /sbin. /usr/local/bin.  Depending on
>>the package, it may have additional files, such as configs in /etc.
>>
>>
>>>Do you know the name and
>>>location of every file that was installed from all the thousands of
>>>packages, and then supposedly removed?  Or do you just trust Linux
>>>'cause it's Linux?  That's my bet.
>>
>>Umm... actually... see... when I look at a package in the handy little GUI
>>install program, one of the things it'll show me is a complete list of all
>>the files contained in the package.  Which means I can, indeed, check to
>>see if they're _all_ gone or not.
> 
> 
> So you do have to go hunting around your machine to ensure they're all gone.
> 
> 
> 
> 
>>Generally, you'll find the only things left behind are modified
>>configuration files.
> 
> 
> Generally?  What?  It doesn't remove them all for you?  You have to go
> hunting around to remove Linux installations?
> 
> That's what I thought.
> 
> 
> 
> 
> 
>>For some reason, when I run various registry-checking tools in Windows,
>>I'll often find reports of things such as references to DLLs that don't
>>exist - meaning the program that installed the DLL has been removed,
>>taking the DLL with it - but the registry hasn't been cleaned up.
> 
> 
> It can be a mess; no doubt, and there's no excuse for it.
> 
> 
> 
> 
>>Application paths are often left behind.  Hell, in a lot of cases, largish
>>portions of the program files folder that the application lived in is left
>>behind.
>>
>>Leave the config information, sure.  But why leave the dross?
> 
> 
> 'Cause the closed source vendors wrote poor uninstall routines.
> 

Do us all a favor and go get OE Quote Fix.

J. P. Morgan wrote:
> DFS wrote:
>
>
>> Give me a little more credit, Linux morons.  I was probably using
>> Linux, in 1997, before you were.
>
> Sure you were, Napoleon.


I understand, Huckleberry.  You're embarrassed a "Windoze" user is beating
up on cola morons, and on top of that was hacking around in Linux way before
you were - way back when it was easy to fry the monitor if I set the refresh
rate wrong.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wed, 16 Jun 2004 12:44:34 -0400,
 DFS <nospam@nospam.com> wrote:
><spike1@freenet.co.uk> wrote in message news:dtdpac.d2p.ln@freenet.co.uk...
>> DFS <nospam@nospam.com> wrote:
>> >> So, type one line, two commands, wait a bit, zero rebooting, and the
> whole
>> >> bloomin' thing is updated.
>>
>> > Sounds good.
>>
>> It's better than that though. yast online update (for suse) has options
> for
>> auto-running at specified times. cron (the scheduling daemon) can be used
> to
>> apt-get update && apt-get upgrade (for debian), urpmi (for mandrake) or
>> up2date (for redhat/fedora), etc.
>>
>> So, us linux people CAN just install, configure and then sleep in our
> chairs
>> most of the time, the system keeps itself up to date, and cleans up after
>> itself.
>
> Thus we would expect Linux to have a better market share than Windows (for
> server OSes); instead the reverse is true, and Linux has about one-third the
> Windows server OS market share (Wired Magazine, June 04, pg 154, source:
> IDC).
>
>

Is that number based on number of actual installs? or numbers or dollars
shipped from OEMs? Does it take into account the whitebox installs that
many such Linux machines are?  


>
>> Oh, we may need to give it the odd tweak here and there, but unless
>> anything new needs doing or some emergency crops up, like a DOS
>> attack, linux just keeps on going.
>>
>> >> Windows doesn't make it that easy to just update *Windows*, never
>> >> mind all your apps and other things.
>>
>> > Yes it does.
>>
>> Try it on a dialup connection. I hear some of those patches would
>> take DAYS to download on 56k. Some of them almost take up an entire
>> CD.
>
> ???  Do Linux updates download faster than Windows on a dialup
> connection?  I guess time might pass a little faster while you're
> sitting there sifting through all that Linux crapware, wondering why
> this program was written and why it was included on your distro and
> where you can file bug reports.
>
>

Actually, downloads do often complete faster under Linux. At least
that's been my experience. Linux also has a far better record in my exp
of resuming downloads that were interrupted for some reason. 


>
>
>> > You're exaggerating about tens to hundreds of websites.
>>
>> Why? He's stating that because he doesn't know what software people
>> have installed, some might have hundreds of different programs from
>> hundreds of different locations installed.
>>
>> (I know someone who sold a bloke a PC last month, the next day he got
>> a support call saying it was being slow, went to check and he'd got
>> over 400 spyware and viruses on it... in just 24 hours! the mind
>> boggles)
>
> Somewhere out there many Linux morons are giggling about the Win32
> viruses they released.
>

An interesting claim. Got any evidence? or are you simply spouting off
bullshit? ah, thought so. 


>
>
>
>
>> >> In order to effectively stop such things, your real choice is simply to
>> >> stop using them.  Period.  Hardly an effective strategy, especially
> with
>> >> the MSN messenger cilent which seems to have somehow become a
> "required"
>> >> component.
>>
>> > It's really not all that difficult to remove software from Windows
> boxes.
>>
>> It isn't? What about all the registry hacking required to remove the most
>> stubborn ones?
>>
>> Is it possible to remove software and return the machine to the same state
>> it was before the software was installed? Or does the software leave
> little
>> presents for you in the registry?
>>
>> In many cases, you'll find it's the latter.
>
> Where is all your Linux slopware installed?  Do you know the name and
> location of every file that was installed from all the thousands of
> packages, and then supposedly removed?  Or do you just trust Linux
> 'cause it's Linux?  That's my bet.
>

dpkg -L appname

gives me a full list of all files that were in the package, and where
they were installed. RPM has a similar command option.


How do I find out all the files that a setup.exe installed on
MS-Windows? 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFA0Ui9d90bcYOAWPYRAtF0AJ0SN2Ns0sONowpVjA3KWq9e4+EZ0wCggxaS
pIiAhHGsnrGwv/T0a3HuABk=
=HpNE
-----END PGP SIGNATURE-----

-- 
Jim Richardson     http://www.eskimo.com/~warlock
 Caesar si viveret, ad remum dareris.
<If Caesar were alive, you'd be chained to an oar.>

begin On Wed, 16 Jun 2004 22:57:42 -0500, Norwegian Formula posted:

> J. P. Morgan, after spending 3 minutes figuring out which end of the pen
> to use, wrote:
> 
>> DFS wrote:
>> 
>>> Never heard of 'em.  Sounds like a hacker name.  Like "The Ghost In The
>>> Machine."
>> 
>> DFS -- Department of FUD and Shit
> 
>   *AND* proves what a liar he is, when up a few threads he tells us all he
>   was using linux in 1997 before any of us were! LMAO! DumbFuckingShit is so
>   *full* of shit, the whites of his eyes are actually brown.

ROTFL!!  And what about *this* latest offering from the wintroll -
"..... was hacking around in Linux way before you were - way back when it
was easy to fry the monitor if I set the refresh rate wrong."

Oh, suuuuure he was! 
LOL

-- 
The short life and hard times of a Linux virus
http://librenix.com/?inode=21
Linux vs. Windows Viruses
http://www.securityfocus.com/columnists/188

DFS <nospam@nospam.com> wrote:
> Again, that's 'cause you use open source code.  And how often should you
> have to update your software, anyway?  Seems Linux slopware is updated
> almost weekly in a lot of cases.

And weekly is bad.... why exactly?
What would you prefer? An flaw is found that could open up a theoretical
exploit that then gets fixed and published, and distributed quickly and
cleanly to all interested parties....

or...

A flaw is found that could open up a theoretical exploit but the software
marketters decide to sit on it for 6 months until they've amassed a few more
so that it's worth their while to issue a patch...

Release early and often, or release when we can be arsed?
I know which one I prefer.

> Because of superior testing, commercial programs don't have to be updated
> all the time.  It's clear to me most CSS is better software than OSS.

Bull. Because the beancounters want to maximise their beans by cutting costs
while at the same time, the public relations morons think another flaw and
patch release will impact on their street cred.

>> > See, you guys live and work in a different level of reality, a really
>> > warped one I think, one where software is shared and mostly free, and
>> > people not beholden to MS build tools and processes to automate those
>> > network security issues, then give them away to others.
>>
>> Which only makes sense; they're building them on an OS given to them free,
>> using development and testing tools given to them free.

> Free software?  Does not compute.  Why not donate your time and cut my grass
> instead?

Ah, you don't understand the free software author's mindset...
Understandable coming from you, that. Never heard of the reward of peer
review and self satisfaction of a job well done?

>> > It's mind-numbingly easy to use Windows update; you can schedule updates
>> > to run automatically at any time of the day or night.
>>
>> Good.  Now, this updates, say, SQL Server?  MS Office?  Visual Studio?
>> Borland's development tools?  Corel's apps?  WinAmp?  No, didn't think so.

> What does Borland have to do with MS, except to make applications that run
> on Windows?  Why do you think the OS vendor should help you update your 3rd
> party apps?  You're spoiled because of free software.

What does apache or sendmail have to do with linux? You think our distros
would help us update 3rd party apps?.... um... HELL YES!

>> Wake me up when Windows gets to the point Linux is at today.  I figure
>> that'll be about 2053.

> Yet Windows expensive, proprietary server OSes have twice the market share
> of free/low cost Linux/Unix server OSes?  Sounds like a lot of people think
> Windows is already far beyond Linux, and are willing to pay for the
> privilege.

> [insert whining about MS monopoly, MS marketing, or uneducated admins]

No need, you inserted them for us, but it's true.
The PC started out soley as a microsoft DOS machine, microsoft bundled dos
with IBMs machines and then sold licenses to all the other clone
manufacturers, the rest, as they say, is history.

It may have been a very different world we'd be living in if the bloke from
digital equipment hadn't been on his boat that fateful day.

>> It is if it doesn't want to be uninstalled.  However, the issue isn't
>> removing it; it's keeping it, but in such a way that it runs when _you_
>> want it to run, not when _it_ thinks it should.

> I do have to wonder why the average Linux user, who claims to be (and might
> be) so technically competent, has such difficulties working with Windows.

How about someone who IS competent at working with windows and STILL can't
get rid of the most stubborn spyware? For I know such a man.

Oh, he got rid in the end, but it took him 5 times longer than it should've.


>> > OK.  Very well put, I must say.  I can't and won't argue, except to say
>> > keeping Windows secured isn't nearly as difficult as you make it sound.
>> >
>> > I don't do much network admin for Windows (none for Linux)
>>
>> I do both.  Windows is a nightmare.  Even worse is when you have to keep,
>> say, 100 machines up to date.
>>
>> Here's an example.  Suppose I want to maintain 100 Win2K machines.  I have
>> one which I use as a testbed, to ensure that patches, etc, don't break
>> anything.  Now that I've tested them all... how do I roll them out,
>> automatically, to every system on the network?  Invisibly?  Without user
>> interaction?  Without interfering with their work by, say, forcing
> reboots?

> I would think there's an easy way for a Windows network admin to distribute
> updates to all machines in a domain.  If I find out so, I'll be back to tell
> you.




>> With Linux, it's easy.  I can either do it, say, 10 at a time manually
>> using tools such as screen, or I can write a little script, applied to
>> each machine once, which subsequently looks at a specified network share
>> point and, if there's any packages there, applies them.  How?  Well, let's
>> see.  First, for each machine, I define a new package repository -
>> trivially easy.  The cron job now does our usual set of things:
>>
>>   urpmi.update -a && urpmi --auto-select
>>
>> Voila.  Done.  Drop that into a crontab on each machine, once, when
>> rolling the machines out,

> Wait a minute.  Sounds like you have to manually visit/touch each of the 100
> machines?  Or am I missing something?

you're missing cron.
the daemon that auto runs jobs at specified times of the
day/week/month/year.

All he has to do is put tested patches and updates into a specific directory
on a shared filesystem, the cronjob on the other machines does the rest.

>> and from that point on, they will automatically
>> update themselves.  With tested updates only.  Unobtrusively.  The user's
>> total knowledge of the process occurring at all is, generally speaking,
>> noticing that when they run application X, it's a new version.
>>
>> Yes, there always the potential for problems - in both systems.
>> Difference is, Linux makes it easy to do the parts that *should* be easy.
>> Windows doesn't.  So doing this in Linux leaves you that much more time to
>> spend fixing the problems, rather than fighting the system.

> Yet with all these supposed Linux advantages, including low or no cost, they
> have just one-third the server OS market share of  MS?  (Wired Mag, June 04,
> pg.154, source: IDC)

More IDC bullshit,I see...
You don't get it do you? With windows, you buy one windows disk, you can
install it (legally) on one single machine. That counts as one sale.

You buy a linux boxed set. You can install it in an entire server farm, one
disk all machines... You could even do it over the network so they'd all
install at once. (Try that with windows)

That counts as one sale.

Of course, how does one measure it if even that single CD used to install
that server farm was copied off a friend? Or downloaded off the net?

IDC doesn't have the means to measure the use of linux in the server OR
desktop market because they have no means of counting the number of
installs. And random questionnaires won't cut it.

Oh, they might be able to randomly sample webserver to see what they're
running, but that only counts machines facing the internet, not the machines
behind the firewall on the private net.

begin On Wed, 16 Jun 2004 22:57:42 -0500, Norwegian Formula posted:

> J. P. Morgan, after spending 3 minutes figuring out which end of the pen
> to use, wrote:
> 
>> DFS wrote:
>> 
>>> Never heard of 'em.  Sounds like a hacker name.  Like "The Ghost In The
>>> Machine."
>> 
>> DFS -- Department of FUD and Shit
> 
>   *AND* proves what a liar he is, when up a few threads he tells us all he
>   was
> using linux in 1997 before any of us were! LMAO! DumbFuckingShit is so
> *full* of shit, the whites of his eyes are actually brown.

Not only *that* & what he said in my previous message............
<pan.2004.06.17.09.17.24.86182@jvyycbnfg.zr.hx>                   
Subject: Re: D.F.S. -- Department of FUD and Shit                                  
Thu, 17 Jun 2004 04:17:25 -0500

.........but what about *this*!
<quote>
Why do I, a total Linux novice, have to school you on your own OS of
choice?
<unquote>
From: "DFS" <nospam@nospam.com>
Newsgroups: comp.os.linux.advocacy
Subject: Re: 52 security advisories for the week ending June 11, 2004?
Date: Tue, 15 Jun 2004 21:42:06 -0400
Message-ID: <10cv9kbtd9us9d0@corp.supernews.com>

Now how about that!  

-- 
"Would you buy a used car 
from this person?"

DFS <nospam@nospam.com> wrote:
> Give me a little more credit, Linux morons.  I was probably using Linux, in
> 1997, before you were.

If you've been using linux for so long (even longer than me, although, I had
no trouble switching to linux in 99, cos I started out on REAL operating
systems with SunOS in 95), how is it that you understand so little?

In fact, you don't even appear to know what cron does?

DFS <nospam@nospam.com> wrote:
> J. P. Morgan wrote:
>> DFS wrote:
>>
>>
>>> Give me a little more credit, Linux morons.  I was probably using
>>> Linux, in 1997, before you were.
>>
>> Sure you were, Napoleon.

> I understand, Huckleberry.  You're embarrassed a "Windoze" user is beating
> up on cola morons, and on top of that was hacking around in Linux way before
> you were - way back when it was easy to fry the monitor if I set the refresh
> rate wrong.

Still is, if you have an old monitor.
It's the monitors that improved in this case, not the graphics cards or the
video drivers.

OK then, oh wise one... If you've been using linux for so long, why is it
you know absolutely nothing about it? You were under the impression that
linux virus scanners scanned for LINUX targetted viruses, you thought
someone doing batch updates over the network would need to touch each
individual machine each time, even though he'd explained the process in
detail and said that cron would do it, and that's just the tip of the
iceberg.

What distro did you first install? On what hardware?
How long did you use it before screaming to mummy and reinstalling
windows95?

The Ghost In The Machine <ewill@aurigae.athghost7038suus.net> wrote:
> Not familiar with "The Recruit" (or for that matter any hot female CIA
> trainees 

How about hot CIA female agents?
Mmmm, Sidney Bristow
:)

DFS <nospam@nospam.com> wrote:
> Kernel 2.6.7-RC3 is coming out soon.  I can't wait!  There will be lots of
> new articles on kernel panics, failed upgrades, broken packages, etc.

2.6.7's already out.
Linus released it to fix the oh so inconvenient local DOS attack program
you obsessed about earlier in this thread.

Not bad eh? 1 week between exploit revelation, patch and official update?
Try that with microsoft.

Norwegian Formula <R@bastards.com> wrote:
> J. P. Morgan, after spending 3 minutes figuring out which end of the pen to use,
> wrote:

>> DFS wrote:
>> 
>>> Never heard of 'em.  Sounds like a hacker name.  Like "The Ghost In The
>>> Machine."
>> 
>> DFS -- Department of FUD and Shit

>   *AND* proves what a liar he is, when up a few threads he tells us all he was
> using linux in 1997 before any of us were! LMAO! DumbFuckingShit is so *full*
> of shit, the whites of his eyes are actually brown.

Now now, let's see how he answers my questions...
"What distro was it, and on what hardware? how long did you stick with it
before running back to mummy and reinstalling windows 95?"

:)

begin On Thu, 17 Jun 2004 11:14:55 +0100, spike1 posted:

> DFS <nospam@nospam.com> wrote:
>> Kernel 2.6.7-RC3 is coming out soon.  I can't wait!  There will be lots
>> of new articles on kernel panics, failed upgrades, broken packages, etc.
> 
> 2.6.7's already out.
> Linus released it to fix the oh so inconvenient local DOS attack program
> you obsessed about earlier in this thread.
> 
> Not bad eh? 1 week between exploit revelation, patch and official update?
> Try that with microsoft.

Mm..well there's this "Microsoft drags feet on Windows SP2 features"
http://www.theinquirer.net/?article=16606
<quote>
Microsoft was still evaluating the technical feasibility of providing the 
new IE enhancements for older Windows versions, he said.
However, cynical analysts think that it is possible that Microsoft does 
not want to give the owners of its older software any reason to avoid
upgrading. The idea is that by refusing to give them SP2 upgrades it will
make such systems less secure and force an upgrade. Of course Microsoft
would never, ever, think of doing something as low as that.  
<unquote>

Oh, wouldn't they? Mind you that's *when* they release it.. 
XP SP2 delayed until July
http://www.theinquirer.net/?article=16198
But there again it's been delayed before, & before, &..

-- 
The short life and hard times of a Linux virus
http://librenix.com/?inode=21
Linux vs. Windows Viruses
http://www.securityfocus.com/columnists/188

begin On Thu, 17 Jun 2004 11:04:08 +0100, spike1 posted:

> DFS <nospam@nospam.com> wrote:
>> Give me a little more credit, Linux morons.  I was probably using Linux,
>> in 1997, before you were.
> 
> If you've been using linux for so long (even longer than me, although, I
> had no trouble switching to linux in 99, cos I started out on REAL
> operating systems with SunOS in 95), how is it that you understand so
> little?
> 
> In fact, you don't even appear to know what cron does?

He doesn't & it's all bullshit anyhow.
His reply to me in one post 2 days ago (and hasn't he got a short memory!):-

From: "DFS" <nospam@nospam.com>
Newsgroups: comp.os.linux.advocacy
Subject: Re: 52 security advisories for the week ending June 11, 2004?
Date: Tue, 15 Jun 2004 21:42:06 -0400
Message-ID: <10cv9kbtd9us9d0@corp.supernews.com>
"Why do I, a total Linux novice, have to school you on your own OS of
choice?"


-- 
Deja Moo: The feeling you've heard 
this bullshit before. 

On 2004-06-17, spike1@freenet.co.uk <spike1@freenet.co.uk> sputtered:
> DFS <nospam@nospam.com> wrote:
>> Kernel 2.6.7-RC3 is coming out soon.  I can't wait!  There will be lots of
>> new articles on kernel panics, failed upgrades, broken packages, etc.
>
> 2.6.7's already out.
> Linus released it to fix the oh so inconvenient local DOS attack program
> you obsessed about earlier in this thread.
>
> Not bad eh? 1 week between exploit revelation, patch and official update?
> Try that with microsoft.

MICROS~1 would beat that. 3 days max between somebody getting tired of
waiting for them (6 or more months already passed since notification)
and publishes the exploit they told $BORG about, followed by the
illegally-maintained monopoly publishing all of the things one should
disable and all of the registry hacks needed to keep from being 0wn3d*
by the next-door neighbor's kid within 10 seconds.

Oh, you mean the release of an actual _fix_ for the problem. Well, hell
can't freeze over that often.

* Most of which won't do anything, but they will keep the koolaid
drinkers and PHBs happy about things they can point to that illustrate
just how responsible those loveable MICROS~1 lugs are.

-- 
Linux keeps me busy. Windows keeps you stupid. But tomorrow
I'll be finished with this linux installation.

On 2004-06-17, spike1@freenet.co.uk <spike1@freenet.co.uk> sputtered:
> DFS <nospam@nospam.com> wrote:
>> J. P. Morgan wrote:
>>> DFS wrote:
>>>
>>>
>>>> Give me a little more credit, Linux morons.  I was probably using
>>>> Linux, in 1997, before you were.
>>>
>>> Sure you were, Napoleon.
>
>> I understand, Huckleberry.  You're embarrassed a "Windoze" user is beating
>> up on cola morons, and on top of that was hacking around in Linux way before
>> you were - way back when it was easy to fry the monitor if I set the refresh
>> rate wrong.
>
> Still is, if you have an old monitor.
> It's the monitors that improved in this case, not the graphics cards or the
> video drivers.
>
> OK then, oh wise one... If you've been using linux for so long, why is it
> you know absolutely nothing about it? You were under the impression that
> linux virus scanners scanned for LINUX targetted viruses, you thought
> someone doing batch updates over the network would need to touch each
> individual machine each time, even though he'd explained the process in
> detail and said that cron would do it, and that's just the tip of the
> iceberg.
>
> What distro did you first install? On what hardware?
> How long did you use it before screaming to mummy and reinstalling
> windows95?

These trolls are pretty much indistinguishable, but isn't Dumb Flatfish
Sockpuppet the one that installed Redhat and one other for about a
week? If so, that neatly explains all of this expertise he seemingly
has to offer.

Ah, yes, here it is (along with some other gems, such as claims of not
being against linux, ala Ewik Funkybreath):

http://groups.google.com/groups?q=g:thl641592034d&dq=&hl=en&lr=&ie=UTF-8&safe=off&selm=10cao2dpk0m5q4c%40corp.supernews.com

http://tinyurl.com/2q5qc


   > But my experience is my own. If you run Windows and enjoy it, then
   > I'm glad for you--but I would like to ask (and forgive me if this
   > has already been brought up in other threads): have you ever tried
   > Linux? If so, what distro, and how long did your trial last?

   RedHat 4.2 (back whenever, like 6 or 8 years ago I think) and SUSE
   Pro 7.1 a couple of years ago.  Used each for no more than a week. 
   I'm gonna try it again soon, and see what's improved.

-- 
When you boil it down to the essentials, it's because Linux is
designed to be *used* and Windows is designed to be *sold*.

"Jim Richardson" <warlock@eskimo.com> wrote in message
news:uut7q1-hml.ln1@grendel.myth...
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Wed, 16 Jun 2004 12:44:34 -0400,
>  DFS <nospam@nospam.com> wrote:
> ><spike1@freenet.co.uk> wrote in message
news:dtdpac.d2p.ln@freenet.co.uk...
> >> DFS <nospam@nospam.com> wrote:
> >> >> So, type one line, two commands, wait a bit, zero rebooting, and the
> > whole
> >> >> bloomin' thing is updated.
> >>
> >> > Sounds good.
> >>
> >> It's better than that though. yast online update (for suse) has options
> > for
> >> auto-running at specified times. cron (the scheduling daemon) can be
used
> > to
> >> apt-get update && apt-get upgrade (for debian), urpmi (for mandrake) or
> >> up2date (for redhat/fedora), etc.
> >>
> >> So, us linux people CAN just install, configure and then sleep in our
> > chairs
> >> most of the time, the system keeps itself up to date, and cleans up
after
> >> itself.
> >
> > Thus we would expect Linux to have a better market share than Windows
(for
> > server OSes); instead the reverse is true, and Linux has about one-third
the
> > Windows server OS market share (Wired Magazine, June 04, pg 154, source:
> > IDC).
> >
> >
>
> Is that number based on number of actual installs? or numbers or dollars
> shipped from OEMs? Does it take into account the whitebox installs that
> many such Linux machines are?

Don't know what it's based on.  I imagine installations.


> >> Oh, we may need to give it the odd tweak here and there, but unless
> >> anything new needs doing or some emergency crops up, like a DOS
> >> attack, linux just keeps on going.
> >>
> >> >> Windows doesn't make it that easy to just update *Windows*, never
> >> >> mind all your apps and other things.
> >>
> >> > Yes it does.
> >>
> >> Try it on a dialup connection. I hear some of those patches would
> >> take DAYS to download on 56k. Some of them almost take up an entire
> >> CD.
> >
> > ???  Do Linux updates download faster than Windows on a dialup
> > connection?  I guess time might pass a little faster while you're
> > sitting there sifting through all that Linux crapware, wondering why
> > this program was written and why it was included on your distro and
> > where you can file bug reports.
> >
> >
>
> Actually, downloads do often complete faster under Linux. At least
> that's been my experience.

Of course: 56k downloads under Linux are faster than 56k downloads under
Windows.  Gotcha.


> Linux also has a far better record in my exp
> of resuming downloads that were interrupted for some reason.


> >> > You're exaggerating about tens to hundreds of websites.
> >>
> >> Why? He's stating that because he doesn't know what software people
> >> have installed, some might have hundreds of different programs from
> >> hundreds of different locations installed.
> >>
> >> (I know someone who sold a bloke a PC last month, the next day he got
> >> a support call saying it was being slow, went to check and he'd got
> >> over 400 spyware and viruses on it... in just 24 hours! the mind
> >> boggles)
> >
> > Somewhere out there many Linux morons are giggling about the Win32
> > viruses they released.
> >
>
> An interesting claim. Got any evidence? or are you simply spouting off
> bullshit? ah, thought so.

Another uninformed Linux moron.  Do some searching on the web, boy.  Visit
some hacker sites.  Talk to them about their OS of choice.




> >> >> In order to effectively stop such things, your real choice is simply
to
> >> >> stop using them.  Period.  Hardly an effective strategy, especially
> > with
> >> >> the MSN messenger cilent which seems to have somehow become a
> > "required"
> >> >> component.
> >>
> >> > It's really not all that difficult to remove software from Windows
> > boxes.
> >>
> >> It isn't? What about all the registry hacking required to remove the
most
> >> stubborn ones?
> >>
> >> Is it possible to remove software and return the machine to the same
state
> >> it was before the software was installed? Or does the software leave
> > little
> >> presents for you in the registry?
> >>
> >> In many cases, you'll find it's the latter.
> >
> > Where is all your Linux slopware installed?  Do you know the name and
> > location of every file that was installed from all the thousands of
> > packages, and then supposedly removed?  Or do you just trust Linux
> > 'cause it's Linux?  That's my bet.
> >
>
> dpkg -L appname
>
> gives me a full list of all files that were in the package, and where
> they were installed. RPM has a similar command option.

That's what you THINK the command tells you.  Have you ever verified it, or
are you just trusting Linux?  Yes you are.





> How do I find out all the files that a setup.exe installed on
> MS-Windows?

Look at the .inf file, or if the program is installed using msi, there are
other lists of files and locations and rollback data.






> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.4 (GNU/Linux)
>
> iD8DBQFA0Ui9d90bcYOAWPYRAtF0AJ0SN2Ns0sONowpVjA3KWq9e4+EZ0wCggxaS
> pIiAhHGsnrGwv/T0a3HuABk=
> =HpNE
> -----END PGP SIGNATURE-----
>
> -- 
> Jim Richardson     http://www.eskimo.com/~warlock
>  Caesar si viveret, ad remum dareris.
> <If Caesar were alive, you'd be chained to an oar.>

<spike1@freenet.co.uk> wrote in message news:oaqrac.mkr.ln@freenet.co.uk...
> DFS <nospam@nospam.com> wrote:
> > Give me a little more credit, Linux morons.  I was probably using Linux,
in
> > 1997, before you were.
>
> If you've been using linux for so long (even longer than me, although, I
had
> no trouble switching to linux in 99, cos I started out on REAL operating
> systems with SunOS in 95), how is it that you understand so little?

I used it in '97, but just for a couple weeks.


> In fact, you don't even appear to know what cron does?

scheduler.  The Windows Scheduled Tasks feature is better.

"William Poaster" <willpoast@jvyycbnfg.zr.hx> wrote in message
news:pan.2004.06.17.10.47.28.110688@jvyycbnfg.zr.hx...
> begin On Thu, 17 Jun 2004 11:04:08 +0100, spike1 posted:
>
> > DFS <nospam@nospam.com> wrote:
> >> Give me a little more credit, Linux morons.  I was probably using
Linux,
> >> in 1997, before you were.
> >
> > If you've been using linux for so long (even longer than me, although, I
> > had no trouble switching to linux in 99, cos I started out on REAL
> > operating systems with SunOS in 95), how is it that you understand so
> > little?
> >
> > In fact, you don't even appear to know what cron does?
>
> He doesn't & it's all bullshit anyhow.

All bullshit?  Kiss my ass.

Want to buy my old RedHat disks, and my Caldera OpenLinux lite CD from 1997?


> His reply to me in one post 2 days ago (and hasn't he got a short
memory!):-
>
> From: "DFS" <nospam@nospam.com>
> Newsgroups: comp.os.linux.advocacy
> Subject: Re: 52 security advisories for the week ending June 11, 2004?
> Date: Tue, 15 Jun 2004 21:42:06 -0400
> Message-ID: <10cv9kbtd9us9d0@corp.supernews.com>
> "Why do I, a total Linux novice, have to school you on your own OS of
> choice?"
>
>
> -- 
> Deja Moo: The feeling you've heard
> this bullshit before.
>

"William Poaster" <willpoast@jvyycbnfg.zr.hx> wrote in message
news:pan.2004.06.17.10.42.16.683448@jvyycbnfg.zr.hx...
> begin On Thu, 17 Jun 2004 11:14:55 +0100, spike1 posted:
>
> > DFS <nospam@nospam.com> wrote:
> >> Kernel 2.6.7-RC3 is coming out soon.  I can't wait!  There will be lots
> >> of new articles on kernel panics, failed upgrades, broken packages,
etc.
> >
> > 2.6.7's already out.
> > Linus released it to fix the oh so inconvenient local DOS attack program
> > you obsessed about earlier in this thread.
> >
> > Not bad eh? 1 week between exploit revelation, patch and official
update?
> > Try that with microsoft.


And then there's the Linux kernel 2.4, which earned #4 on Wired Magazine's
Vaporware 2000 list
http://www.wired.com/news/technology/0,1282,40484-2,00.html?tw=wn_story_page_next1

It was a year and a half late.



> Mm..well there's this "Microsoft drags feet on Windows SP2 features"
> http://www.theinquirer.net/?article=16606
> <quote>
> Microsoft was still evaluating the technical feasibility of providing the
> new IE enhancements for older Windows versions, he said.
> However, cynical analysts think that it is possible that Microsoft does
> not want to give the owners of its older software any reason to avoid
> upgrading. The idea is that by refusing to give them SP2 upgrades it will
> make such systems less secure and force an upgrade. Of course Microsoft
> would never, ever, think of doing something as low as that.
> <unquote>
>
> Oh, wouldn't they? Mind you that's *when* they release it..
> XP SP2 delayed until July
> http://www.theinquirer.net/?article=16198
> But there again it's been delayed before, & before, &..
>
> -- 
> The short life and hard times of a Linux virus
> http://librenix.com/?inode=21
> Linux vs. Windows Viruses
> http://www.securityfocus.com/columnists/188

<spike1@freenet.co.uk> wrote in message news:o0qrac.mkr.ln@freenet.co.uk...
> DFS <nospam@nospam.com> wrote:
> > Again, that's 'cause you use open source code.  And how often should you
> > have to update your software, anyway?  Seems Linux slopware is updated
> > almost weekly in a lot of cases.
>
> And weekly is bad.... why exactly?

'Cause it shows the software wasn't ready last week, and it won't be ready
this week, and it won't be ready a week from now.  I would be very
suspicious of any software updated every week, or month, etc.




> What would you prefer? An flaw is found that could open up a theoretical
> exploit that then gets fixed and published, and distributed quickly and
> cleanly to all interested parties....
>
> or...
>
> A flaw is found that could open up a theoretical exploit but the software
> marketters decide to sit on it for 6 months until they've amassed a few
more
> so that it's worth their while to issue a patch...
>
> Release early and often, or release when we can be arsed?
> I know which one I prefer.

Yet here I sit, virus-free, hack-free, exploit-free, using buku Windows
programs, few of which have been updated since they were released.

I've been running MS Office Pro 97 for eight years; never a single problem.



> > Because of superior testing, commercial programs don't have to be
updated
> > all the time.  It's clear to me most CSS is better software than OSS.
>
> Bull. Because the beancounters want to maximise their beans by cutting
costs
> while at the same time, the public relations morons think another flaw and
> patch release will impact on their street cred.

"street cred"?  What is this, Pimp My Linux?





> >> > See, you guys live and work in a different level of reality, a really
> >> > warped one I think, one where software is shared and mostly free, and
> >> > people not beholden to MS build tools and processes to automate those
> >> > network security issues, then give them away to others.
> >>
> >> Which only makes sense; they're building them on an OS given to them
free,
> >> using development and testing tools given to them free.
>
> > Free software?  Does not compute.  Why not donate your time and cut my
grass
> > instead?
>
> Ah, you don't understand the free software author's mindset...
> Understandable coming from you, that. Never heard of the reward of peer
> review and self satisfaction of a job well done?

True.  I don't understand free software.  And peer review?  My peers don't
pay my bills; my clients do.





> >> > It's mind-numbingly easy to use Windows update; you can schedule
updates
> >> > to run automatically at any time of the day or night.
> >>
> >> Good.  Now, this updates, say, SQL Server?  MS Office?  Visual Studio?
> >> Borland's development tools?  Corel's apps?  WinAmp?  No, didn't think
so.
>
> > What does Borland have to do with MS, except to make applications that
run
> > on Windows?  Why do you think the OS vendor should help you update your
3rd
> > party apps?  You're spoiled because of free software.
>
> What does apache or sendmail have to do with linux? You think our distros
> would help us update 3rd party apps?.... um... HELL YES!

Spoiled.  Cheap.  Broke.  syn: Linux user.



> >> Wake me up when Windows gets to the point Linux is at today.  I figure
> >> that'll be about 2053.
>
> > Yet Windows expensive, proprietary server OSes have twice the market
share
> > of free/low cost Linux/Unix server OSes?  Sounds like a lot of people
think
> > Windows is already far beyond Linux, and are willing to pay for the
> > privilege.
>
> > [insert whining about MS monopoly, MS marketing, or uneducated admins]
>
> No need, you inserted them for us, but it's true.

Well there you go.  Glad to provide your excuses for you.



> The PC started out soley as a microsoft DOS machine, microsoft bundled dos
> with IBMs machines and then sold licenses to all the other clone
> manufacturers, the rest, as they say, is history.
>
> It may have been a very different world we'd be living in if the bloke
from
> digital equipment hadn't been on his boat that fateful day.

Maybe so.



> >> It is if it doesn't want to be uninstalled.  However, the issue isn't
> >> removing it; it's keeping it, but in such a way that it runs when _you_
> >> want it to run, not when _it_ thinks it should.
>
> > I do have to wonder why the average Linux user, who claims to be (and
might
> > be) so technically competent, has such difficulties working with
Windows.
>
> How about someone who IS competent at working with windows and STILL can't
> get rid of the most stubborn spyware? For I know such a man.
>
> Oh, he got rid in the end, but it took him 5 times longer than it
should've.

That's why it's called spyware.



> >> > OK.  Very well put, I must say.  I can't and won't argue, except to
say
> >> > keeping Windows secured isn't nearly as difficult as you make it
sound.
> >> >
> >> > I don't do much network admin for Windows (none for Linux)
> >>
> >> I do both.  Windows is a nightmare.  Even worse is when you have to
keep,
> >> say, 100 machines up to date.
> >>
> >> Here's an example.  Suppose I want to maintain 100 Win2K machines.  I
have
> >> one which I use as a testbed, to ensure that patches, etc, don't break
> >> anything.  Now that I've tested them all... how do I roll them out,
> >> automatically, to every system on the network?  Invisibly?  Without
user
> >> interaction?  Without interfering with their work by, say, forcing
> > reboots?
>
> > I would think there's an easy way for a Windows network admin to
distribute
> > updates to all machines in a domain.  If I find out so, I'll be back to
tell
> > you.
>
>
>
>
> >> With Linux, it's easy.  I can either do it, say, 10 at a time manually
> >> using tools such as screen, or I can write a little script, applied to
> >> each machine once, which subsequently looks at a specified network
share
> >> point and, if there's any packages there, applies them.  How?  Well,
let's
> >> see.  First, for each machine, I define a new package repository -
> >> trivially easy.  The cron job now does our usual set of things:
> >>
> >>   urpmi.update -a && urpmi --auto-select
> >>
> >> Voila.  Done.  Drop that into a crontab on each machine, once, when
> >> rolling the machines out,
>
> > Wait a minute.  Sounds like you have to manually visit/touch each of the
100
> > machines?  Or am I missing something?
>
> you're missing cron.
> the daemon that auto runs jobs at specified times of the
> day/week/month/year.

He said he had to edit the crontab on each machine when rolling the machines
out.  Sounds like he had to do it manually.



> All he has to do is put tested patches and updates into a specific
directory
> on a shared filesystem, the cronjob on the other machines does the rest.
>
> >> and from that point on, they will automatically
> >> update themselves.  With tested updates only.  Unobtrusively.  The
user's
> >> total knowledge of the process occurring at all is, generally speaking,
> >> noticing that when they run application X, it's a new version.
> >>
> >> Yes, there always the potential for problems - in both systems.
> >> Difference is, Linux makes it easy to do the parts that *should* be
easy.
> >> Windows doesn't.  So doing this in Linux leaves you that much more time
to
> >> spend fixing the problems, rather than fighting the system.
>
> > Yet with all these supposed Linux advantages, including low or no cost,
they
> > have just one-third the server OS market share of  MS?  (Wired Mag, June
04,
> > pg.154, source: IDC)
>
> More IDC bullshit,I see...

LOL!  You Linux morons do live in an alternate world.  If the big boys of
the market research world don't support your fantasies, you dismiss them.
If every study ever done indicates Linux has 3% of the desktop
installations, you dismiss it and claim 16%.  Because it just IS!



> You don't get it do you? With windows, you buy one windows disk, you can
> install it (legally) on one single machine. That counts as one sale.

What are you talking about?  I've installed Win2000 on several machines.
Before WinXP, there were no restrictions on installations.  And even with
WinXP, there are activation hacks.  So who knows how many copies of WinXP
are sold once, but used multiple times.



> You buy a linux boxed set. You can install it in an entire server farm,
one
> disk all machines... You could even do it over the network so they'd all
> install at once. (Try that with windows)

>
> That counts as one sale.

I know, I know - every Linux sale ever made is copied to multiple machines.
This is the ONLY claim you guys can make that supports Linux as 16% of the
desktop installations.  But it's bogus because the same can be said about
Windows until XP, and even now there are plenty of people using activation
hacks to get past that limitation.




> Of course, how does one measure it if even that single CD used to install
> that server farm was copied off a friend? Or downloaded off the net?
>
> IDC doesn't have the means to measure the use of linux in the server OR
> desktop market because they have no means of counting the number of
> installs. And random questionnaires won't cut it.

I don't know what their statistical methodologies are, but I trust them a
heck of a lot more than you cola nuts.



> Oh, they might be able to randomly sample webserver to see what they're
> running, but that only counts machines facing the internet, not the
machines
> behind the firewall on the private net.

You don't know what they can or cannot count.

<spike1@freenet.co.uk> wrote in message news:3kqrac.mkr.ln@freenet.co.uk...
> DFS <nospam@nospam.com> wrote:
> > J. P. Morgan wrote:
> >> DFS wrote:
> >>
> >>
> >>> Give me a little more credit, Linux morons.  I was probably using
> >>> Linux, in 1997, before you were.
> >>
> >> Sure you were, Napoleon.
>
> > I understand, Huckleberry.  You're embarrassed a "Windoze" user is
beating
> > up on cola morons, and on top of that was hacking around in Linux way
before
> > you were - way back when it was easy to fry the monitor if I set the
refresh
> > rate wrong.
>
> Still is, if you have an old monitor.
> It's the monitors that improved in this case, not the graphics cards or
the
> video drivers.
>
> OK then, oh wise one... If you've been using linux for so long,

Not using it for so long, but used it a long time ago.



>why is it
> you know absolutely nothing about it? You were under the impression that
> linux virus scanners scanned for LINUX targetted viruses, you thought
> someone doing batch updates over the network would need to touch each
> individual machine each time, even though he'd explained the process in
> detail and said that cron would do it, and that's just the tip of the
> iceberg.


> What distro did you first install? On what hardware?

RedHat 4.2.  Dell Pentium 1, 166mhz, 256ram.


> How long did you use it before screaming to mummy and reinstalling
> windows95?

Never uninstalled Win95.  Dual-booted for a couple weeks.

"William Poaster" <willpoast@jvyycbnfg.zr.hx> wrote in message
news:pan.2004.06.17.09.17.24.86182@jvyycbnfg.zr.hx...
> begin On Wed, 16 Jun 2004 22:57:42 -0500, Norwegian Formula posted:
>
> > J. P. Morgan, after spending 3 minutes figuring out which end of the pen
> > to use, wrote:
> >
> >> DFS wrote:
> >>
> >>> Never heard of 'em.  Sounds like a hacker name.  Like "The Ghost In
The
> >>> Machine."
> >>
> >> DFS -- Department of FUD and Shit
> >
> >   *AND* proves what a liar he is, when up a few threads he tells us all
he
> >   was using linux in 1997 before any of us were! LMAO! DumbFuckingShit
is so
> >   *full* of shit, the whites of his eyes are actually brown.
>
> ROTFL!!  And what about *this* latest offering from the wintroll -
> "..... was hacking around in Linux way before you were - way back when it
> was easy to fry the monitor if I set the refresh rate wrong."
>
> Oh, suuuuure he was!
> LOL

Tell you what, Linux moron.  I'll sell you my Linux CDs from '97, and I can
probably dig up my RedHat disks (I seem to remember it came on diskettes).
How much you offering?




> -- 
> The short life and hard times of a Linux virus
> http://librenix.com/?inode=21
> Linux vs. Windows Viruses
> http://www.securityfocus.com/columnists/188

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thu, 17 Jun 2004 11:57:09 -0400,
 DFS <nospam@nospam.com> wrote:
> "Jim Richardson" <warlock@eskimo.com> wrote in message
> news:uut7q1-hml.ln1@grendel.myth...
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> On Wed, 16 Jun 2004 12:44:34 -0400,
>>  DFS <nospam@nospam.com> wrote:
>> ><spike1@freenet.co.uk> wrote in message
> news:dtdpac.d2p.ln@freenet.co.uk...
>> >> DFS <nospam@nospam.com> wrote:
>> >> >> So, type one line, two commands, wait a bit, zero rebooting, and the
>> > whole
>> >> >> bloomin' thing is updated.
>> >>
>> >> > Sounds good.
>> >>
>> >> It's better than that though. yast online update (for suse) has options
>> > for
>> >> auto-running at specified times. cron (the scheduling daemon) can be
> used
>> > to
>> >> apt-get update && apt-get upgrade (for debian), urpmi (for mandrake) or
>> >> up2date (for redhat/fedora), etc.
>> >>
>> >> So, us linux people CAN just install, configure and then sleep in our
>> > chairs
>> >> most of the time, the system keeps itself up to date, and cleans up
> after
>> >> itself.
>> >
>> > Thus we would expect Linux to have a better market share than Windows (for
>> > server OSes); instead the reverse is true, and Linux has about
>> > one-third the Windows server OS market share (Wired Magazine, June
>> > 04, pg 154, source: IDC).
> >
>>
>> Is that number based on number of actual installs? or numbers or dollars
>> shipped from OEMs? Does it take into account the whitebox installs that
>> many such Linux machines are?
>
> Don't know what it's based on.  I imagine installations.
>
>

Are you often given to such flights of imagination when referring to
facts? 

I doubt strongly that it's installations. After all, how would they know
how many Linux boxes are installed? there's no licencing to track,
counting sales slips is pointless, as you can install it on numerous
machines from a single CD source. 


>> >> Oh, we may need to give it the odd tweak here and there, but unless
>> >> anything new needs doing or some emergency crops up, like a DOS
>> >> attack, linux just keeps on going.
>> >>
>> >> >> Windows doesn't make it that easy to just update *Windows*, never
>> >> >> mind all your apps and other things.
>> >>
>> >> > Yes it does.
>> >>
>> >> Try it on a dialup connection. I hear some of those patches would
>> >> take DAYS to download on 56k. Some of them almost take up an entire
>> >> CD.
>> >
>> > ???  Do Linux updates download faster than Windows on a dialup
>> > connection?  I guess time might pass a little faster while you're
>> > sitting there sifting through all that Linux crapware, wondering why
>> > this program was written and why it was included on your distro and
>> > where you can file bug reports.
>> >
>> >
>>
>> Actually, downloads do often complete faster under Linux. At least
>> that's been my experience.
>
> Of course: 56k downloads under Linux are faster than 56k downloads under
> Windows.  Gotcha.
>
>


often, yes. MS-Windows used to come configured with a rather high MTU
setting, suitable for LAN work, but a poor setting for dialup. 

>> Linux also has a far better record in my exp
>> of resuming downloads that were interrupted for some reason.
>

and this is a big reason for completing large downloads faster.


>
>> >> > You're exaggerating about tens to hundreds of websites.
>> >>
>> >> Why? He's stating that because he doesn't know what software people
>> >> have installed, some might have hundreds of different programs from
>> >> hundreds of different locations installed.
>> >>
>> >> (I know someone who sold a bloke a PC last month, the next day he got
>> >> a support call saying it was being slow, went to check and he'd got
>> >> over 400 spyware and viruses on it... in just 24 hours! the mind
>> >> boggles)
>> >
>> > Somewhere out there many Linux morons are giggling about the Win32
>> > viruses they released.
>> >
>>
>> An interesting claim. Got any evidence? or are you simply spouting off
>> bullshit? ah, thought so.
>
> Another uninformed Linux moron.  Do some searching on the web, boy.  Visit
> some hacker sites.  Talk to them about their OS of choice.
>

So no, you don't have any evidence, you were just spouting off, and as
usual, when called on it, resort to simple name calling. 

>
>
>
>> >> >> In order to effectively stop such things, your real choice is simply
> to
>> >> >> stop using them.  Period.  Hardly an effective strategy, especially
>> > with
>> >> >> the MSN messenger cilent which seems to have somehow become a
>> > "required"
>> >> >> component.
>> >>
>> >> > It's really not all that difficult to remove software from Windows
>> > boxes.
>> >>
>> >> It isn't? What about all the registry hacking required to remove the
> most
>> >> stubborn ones?
>> >>
>> >> Is it possible to remove software and return the machine to the same
> state
>> >> it was before the software was installed? Or does the software leave
>> > little
>> >> presents for you in the registry?
>> >>
>> >> In many cases, you'll find it's the latter.
>> >
>> > Where is all your Linux slopware installed?  Do you know the name and
>> > location of every file that was installed from all the thousands of
>> > packages, and then supposedly removed?  Or do you just trust Linux
>> > 'cause it's Linux?  That's my bet.
>> >
>>
>> dpkg -L appname
>>
>> gives me a full list of all files that were in the package, and where
>> they were installed. RPM has a similar command option.
>
> That's what you THINK the command tells you.  Have you ever verified it, or
> are you just trusting Linux?  Yes you are.
>

yes, I have verified it. It's quite simple, as .deb packages are easily
taken apart for inspection. As are .rpm and .tgz files. 



>
>
>
>
>> How do I find out all the files that a setup.exe installed on
>> MS-Windows?
>
> Look at the .inf file, or if the program is installed using msi, there are
> other lists of files and locations and rollback data.
>
>

and have you verified them? or are you simply trusting MS and the
appwriter? 


(some of the OE borked formatting fixed for readability)


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFA0ckrd90bcYOAWPYRAmHNAKC4w/J9FApQqM3KtDFknoRgEBJq+ACeLZfR
w/CnbqmyQGNq4wFgjqbtY80=
=oHmn
-----END PGP SIGNATURE-----

-- 
Jim Richardson     http://www.eskimo.com/~warlock
Step by step, day by day, machine by machine, the penguins march forward.

On Thu, 17 Jun 2004 12:05:18 -0400, DFS wrote:

> 
> <spike1@freenet.co.uk> wrote in message
> news:oaqrac.mkr.ln@freenet.co.uk...
>> DFS <nospam@nospam.com> wrote:
>> > Give me a little more credit, Linux morons.  I was probably using
>> > Linux,
> in
>> > 1997, before you were.
>>
>> If you've been using linux for so long (even longer than me, although, I
> had
>> no trouble switching to linux in 99, cos I started out on REAL operating
>> systems with SunOS in 95), how is it that you understand so little?
> 
> I used it in '97, but just for a couple weeks.
> 
> 
>> In fact, you don't even appear to know what cron does?
> 
> scheduler.  The Windows Scheduled Tasks feature is better.

How?

-- 
Rick

On 2004-06-17, DFS <nospam@nospam.com> sputtered:
>
><spike1@freenet.co.uk> wrote in message news:o0qrac.mkr.ln@freenet.co.uk...
>> DFS <nospam@nospam.com> wrote:
>> > Again, that's 'cause you use open source code.  And how often should you
>> > have to update your software, anyway?  Seems Linux slopware is updated
>> > almost weekly in a lot of cases.
>>
>> And weekly is bad.... why exactly?
>
> 'Cause it shows the software wasn't ready last week, and it won't be ready
> this week, and it won't be ready a week from now.  I would be very
> suspicious of any software updated every week, or month, etc.
>
>
>
>
>> What would you prefer? An flaw is found that could open up a theoretical
>> exploit that then gets fixed and published, and distributed quickly and
>> cleanly to all interested parties....
>>
>> or...
>>
>> A flaw is found that could open up a theoretical exploit but the software
>> marketters decide to sit on it for 6 months until they've amassed a few
> more

Look immediately above.....

>> so that it's worth their while to issue a patch...
>>
>> Release early and often, or release when we can be arsed?
>> I know which one I prefer.
>
> Yet here I sit, virus-free, hack-free, exploit-free, using buku Windows
> programs, few of which have been updated since they were released.
>
> I've been running MS Office Pro 97 for eight years; never a single problem.
>
>
>
>> > Because of superior testing, commercial programs don't have to be
> updated

And there......

>> > all the time.  It's clear to me most CSS is better software than OSS.
>>
>> Bull. Because the beancounters want to maximise their beans by cutting
> costs

Again.....

>> while at the same time, the public relations morons think another flaw and
>> patch release will impact on their street cred.
>
> "street cred"?  What is this, Pimp My Linux?
>
>
>
>
>
>> >> > See, you guys live and work in a different level of reality, a really
>> >> > warped one I think, one where software is shared and mostly free, and
>> >> > people not beholden to MS build tools and processes to automate those
>> >> > network security issues, then give them away to others.
>> >>
>> >> Which only makes sense; they're building them on an OS given to them
> free,

Another......

>> >> using development and testing tools given to them free.
>>
>> > Free software?  Does not compute.  Why not donate your time and cut my
> grass
>> > instead?

There's a real gem......

>>
>> Ah, you don't understand the free software author's mindset...
>> Understandable coming from you, that. Never heard of the reward of peer
>> review and self satisfaction of a job well done?
>
> True.  I don't understand free software.  And peer review?  My peers don't
> pay my bills; my clients do.
>
>
>
>
>
>> >> > It's mind-numbingly easy to use Windows update; you can schedule
> updates
>> >> > to run automatically at any time of the day or night.

What the heck is that?

>> >> Good.  Now, this updates, say, SQL Server?  MS Office?  Visual Studio?
>> >> Borland's development tools?  Corel's apps?  WinAmp?  No, didn't think
> so.

Another.....

>> > What does Borland have to do with MS, except to make applications that
> run
>> > on Windows?  Why do you think the OS vendor should help you update your
> 3rd
>> > party apps?  You're spoiled because of free software.

A couple of good ones in a single paragraph.....

>> What does apache or sendmail have to do with linux? You think our distros
>> would help us update 3rd party apps?.... um... HELL YES!
>
> Spoiled.  Cheap.  Broke.  syn: Linux user.
>
>
>
>> >> Wake me up when Windows gets to the point Linux is at today.  I figure
>> >> that'll be about 2053.
>>
>> > Yet Windows expensive, proprietary server OSes have twice the market
> share
>> > of free/low cost Linux/Unix server OSes?  Sounds like a lot of people
> think

Still more......

>> > Windows is already far beyond Linux, and are willing to pay for the
>> > privilege.
>>
>> > [insert whining about MS monopoly, MS marketing, or uneducated admins]
>>
>> No need, you inserted them for us, but it's true.
>
> Well there you go.  Glad to provide your excuses for you.
>
>
>
>> The PC started out soley as a microsoft DOS machine, microsoft bundled dos
>> with IBMs machines and then sold licenses to all the other clone
>> manufacturers, the rest, as they say, is history.
>>
>> It may have been a very different world we'd be living in if the bloke
> from
>> digital equipment hadn't been on his boat that fateful day.

That's the last one. You get the point. Or not.

Your "professional" "newsreader"  is acting pretty amateurish again.
Make it behave if you'd like anyone to take you seriously.

In that vein (you wanting to be taken seriously), you might also
consider not sounding so amateurish yourself.

-- 
Linux: Because life is too short to spend it rebooting.

On Thu, 17 Jun 2004 12:36:15 -0400, DFS wrote:

> 
> <spike1@freenet.co.uk> wrote in message
> news:o0qrac.mkr.ln@freenet.co.uk...
>> DFS <nospam@nospam.com> wrote:
>> > Again, that's 'cause you use open source code.  And how often should
>> > you have to update your software, anyway?  Seems Linux slopware is
>> > updated almost weekly in a lot of cases.
>>
>> And weekly is bad.... why exactly?
> 
> 'Cause it shows the software wasn't ready last week, and it won't be ready
> this week, and it won't be ready a week from now. 

So window$ wasn't ready 5 years ago, and it isn't ready now, and it won't
be ready 5 years from now.

> I would be very
> suspicious of any software updated every week, or month, etc.

Why?

(snip)
>> Ah, you don't understand the free software author's mindset...
>> Understandable coming from you, that. Never heard of the reward of peer
>> review and self satisfaction of a job well done?
> 
> True.  I don't understand free software.

Finally. You make a true statement. You don't understand free software.

> And peer review?  My peers don't  pay my bills; my clients do.

What does that have to do with the fact that many people gain satisfaction
from peer review and from know they have done something good for the
community?

Instead of continuously and ignorantly lashing out at something you don't
understand, maybe you should try to learn about it.
 
>> >> > It's mind-numbingly easy to use Windows update; you can schedule
> updates
>> >> > to run automatically at any time of the day or night.
>> >>
>> >> Good.  Now, this updates, say, SQL Server?  MS Office?  Visual
>> >> Studio? Borland's development tools?  Corel's apps?  WinAmp?  No,
>> >> didn't think
> so.
>>
>> > What does Borland have to do with MS, except to make applications that
> run
>> > on Windows?  Why do you think the OS vendor should help you update
>> > your
> 3rd
>> > party apps?  You're spoiled because of free software.
>>
>> What does apache or sendmail have to do with linux? You think our
>> distros would help us update 3rd party apps?.... um... HELL YES!
> 
> Spoiled.  Cheap.  Broke.  syn: Linux user.

Again.. your statement does not parse.

 
>> >> Wake me up when Windows gets to the point Linux is at today.  I
>> >> figure that'll be about 2053.
>>
>> > Yet Windows expensive, proprietary server OSes have twice the market
> share
>> > of free/low cost Linux/Unix server OSes?  Sounds like a lot of people
> think
>> > Windows is already far beyond Linux, and are willing to pay for the
>> > privilege.
>>
>> > [insert whining about MS monopoly, MS marketing, or uneducated admins]
>>
>> No need, you inserted them for us, but it's true.
> 
> Well there you go.  Glad to provide your excuses for you.
> 
> 
> 
>> The PC started out soley as a microsoft DOS machine, microsoft bundled
>> dos with IBMs machines and then sold licenses to all the other clone
>> manufacturers, the rest, as they say, is history.
>>
>> It may have been a very different world we'd be living in if the bloke
>> from digital equipment hadn't been on his boat that fateful day.
>> digital equipment hadn't been on his boat that fateful day.
> 
> Maybe so.

'The bloke from Digital Research' met with the IBM reps 'that day'. They
didn't wnat to license CP/M, they wanted to buy it. Gates convinced IBM to
license an OS m$ didn't, and then IBM priced CP/M out of competition.


>> >> It is if it doesn't want to be uninstalled.  However, the issue isn't
>> >> removing it; it's keeping it, but in such a way that it runs when
>> >> _you_ want it to run, not when _it_ thinks it should.
>>
>> > I do have to wonder why the average Linux user, who claims to be (and
> might
>> > be) so technically competent, has such difficulties working with
> Windows.
>>
>> How about someone who IS competent at working with windows and STILL
>> can't get rid of the most stubborn spyware? For I know such a man.
>>
>> Oh, he got rid in the end, but it took him 5 times longer than it
>> should've.
> 
> That's why it's called spyware.

.... so much for answering his question.


>> >> > OK.  Very well put, I must say.  I can't and won't argue, except to
> say
>> >> > keeping Windows secured isn't nearly as difficult as you make it
> sound.
>> >> >
>> >> > I don't do much network admin for Windows (none for Linux)
>> >>
>> >> I do both.  Windows is a nightmare.  Even worse is when you have to
> keep,
>> >> say, 100 machines up to date.
>> >>
>> >> Here's an example.  Suppose I want to maintain 100 Win2K machines.  I
> have
>> >> one which I use as a testbed, to ensure that patches, etc, don't
>> >> break anything.  Now that I've tested them all... how do I roll them
>> >> out, automatically, to every system on the network?  Invisibly? 
>> >> Without
> user
>> >> interaction?  Without interfering with their work by, say, forcing
>> > reboots?
>>
>> > I would think there's an easy way for a Windows network admin to
> distribute
>> > updates to all machines in a domain.  If I find out so, I'll be back
>> > to
> tell
>> > you.
>>
>>
>>
>>
>> >> With Linux, it's easy.  I can either do it, say, 10 at a time
>> >> manually using tools such as screen, or I can write a little script,
>> >> applied to each machine once, which subsequently looks at a specified
>> >> network share point and, if there's any packages there, applies
>> >>  them.  How?  Well, let's
>> >> see.  First, for each machine, I define a new package repository -
>> >> trivially easy.  The cron job now does our usual set of things:
>> >>
>> >>   urpmi.update -a && urpmi --auto-select
>> >>
>> >> Voila.  Done.  Drop that into a crontab on each machine, once, when
>> >> rolling the machines out,
>>
>> > Wait a minute.  Sounds like you have to manually visit/touch each of
>> > the 100  machines?  Or am I missing something?
>>
>> you're missing cron.
>> the daemon that auto runs jobs at specified times of the
>> day/week/month/year.
> 
> He said he had to edit the crontab on each machine when rolling the
> machines out.  Sounds like he had to do it manually.

Your point?

 
>> All he has to do is put tested patches and updates into a specific
> directory
>> on a shared filesystem, the cronjob on the other machines does the rest.
>>
>> >> and from that point on, they will automatically update themselves. 
>> >> With tested updates only.  Unobtrusively.  The
> user's
>> >> total knowledge of the process occurring at all is, generally
>> >> speaking, noticing that when they run application X, it's a new
>> >> version.
>> >>
>> >> Yes, there always the potential for problems - in both systems.
>> >> Difference is, Linux makes it easy to do the parts that *should* be
> easy.
>> >> Windows doesn't.  So doing this in Linux leaves you that much more
>> >> time
> to
>> >> spend fixing the problems, rather than fighting the system.
>>
>> > Yet with all these supposed Linux advantages, including low or no
>> > cost,
> they
>> > have just one-third the server OS market share of  MS?  (Wired Mag,
>> > June
> 04,
>> > pg.154, source: IDC)
>>
>> More IDC bullshit,I see...
> 
> LOL!  You Linux morons do live in an alternate world.  If the big boys of
> the market research world don't support your fantasies, you dismiss them.
> If every study ever done indicates Linux has 3% of the desktop
> installations, you dismiss it and claim 16%.  Because it just IS!

How did IDC arrive at their installation numbers? Did they do some
statistically valid pole of server admins? Did they look at connection
logs? Did they look at retail/wholesale sales figures?

> 
> 
> 
>> You don't get it do you? With windows, you buy one windows disk, you can
>> install it (legally) on one single machine. That counts as one sale.
> 
> What are you talking about?  I've installed Win2000 on several machines.
> Before WinXP, there were no restrictions on installations.  And even with
> WinXP, there are activation hacks.  So who knows how many copies of WinXP
> are sold once, but used multiple times.

There have always been restrictions on installations of m$ OSs. One
license, one install has been the norm. Ask the owner of Ernie Ball. They
weren't using XP.

> 
> 
> 
>> You buy a linux boxed set. You can install it in an entire server farm,
> one
>> disk all machines... You could even do it over the network so they'd all
>> install at once. (Try that with windows)
> 
> 
>> That counts as one sale.
> 
> I know, I know - every Linux sale ever made is copied to multiple
> machines. This is the ONLY claim you guys can make that supports Linux as
> 16% of the desktop installations.  But it's bogus because the same can be
> said about Windows until XP, and even now there are plenty of people using
> activation hacks to get past that limitation.

You are wrong. However, feel free to show some EULAs allowing multiple
installations of DOS, W3.1, W95 or W2K when only a single licensed has bee
legally acquired.


>> Of course, how does one measure it if even that single CD used to
>> install that server farm was copied off a friend? Or downloaded off the
>> net?
>>
>> IDC doesn't have the means to measure the use of linux in the server OR
>> desktop market because they have no means of counting the number of
>> installs. And random questionnaires won't cut it.
> 
> I don't know what their statistical methodologies are, but I trust them a
> heck of a lot more than you cola nuts.

Unless you know how the data was gathered, you cannot know how to
interpret it or how much the conclusion can be trusted.

> 
> 
> 
>> Oh, they might be able to randomly sample webserver to see what they're
>> running, but that only counts machines facing the internet, not the
>> machines
>> behind the firewall on the private net.
> 
> You don't know what they can or cannot count.

You may now show all the ways it is possible to count firewalled and
masked machines.
-- 
Rick

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thu, 17 Jun 2004 11:16:27 +0100,
 spike1@freenet.co.uk <spike1@freenet.co.uk> wrote:
> Norwegian Formula <R@bastards.com> wrote:
>> J. P. Morgan, after spending 3 minutes figuring out which end of the pen to use,
>> wrote:
>
>>> DFS wrote:
>>> 
>>>> Never heard of 'em.  Sounds like a hacker name.  Like "The Ghost In The
>>>> Machine."
>>> 
>>> DFS -- Department of FUD and Shit
>
>>   *AND* proves what a liar he is, when up a few threads he tells us all he was
>> using linux in 1997 before any of us were! LMAO! DumbFuckingShit is so *full*
>> of shit, the whites of his eyes are actually brown.
>
> Now now, let's see how he answers my questions...
> "What distro was it, and on what hardware? how long did you stick with it
> before running back to mummy and reinstalling windows 95?"
>
>:)


We know he's a liar, so we can expect he will simply lie about the
hardware also. Big surprise. 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFA0dGrd90bcYOAWPYRAolKAKDDSO2pQQoWDvbQNjXEfKKrSFlVdQCgn9xC
IALnE9jP2YS5V6w6DNOvRbc=
=lvO4
-----END PGP SIGNATURE-----

-- 
Jim Richardson     http://www.eskimo.com/~warlock
"The way NT mounts filesystems is something I'd expect to find
 in a barnyard or on a stock-breeding farm." 
	--Mike Andrews in the Monastery

begin On Thu, 17 Jun 2004 12:54:52 -0400, DFS posted:

> "William Poaster" <willpoast@jvyycbnfg.zr.hx> wrote in message
> news:pan.2004.06.17.09.17.24.86182@jvyycbnfg.zr.hx...
>> begin On Wed, 16 Jun 2004 22:57:42 -0500, Norwegian Formula posted:
>>
>> > J. P. Morgan, after spending 3 minutes figuring out which end of the
>> > pen to use, wrote:
>> >
>> >> DFS wrote:
>> >>
>> >>> Never heard of 'em.  Sounds like a hacker name.  Like "The Ghost In
> The
>> >>> Machine."
>> >>
>> >> DFS -- Department of FUD and Shit
>> >
>> >   *AND* proves what a liar he is, when up a few threads he tells us
>> >   all
> he
>> >   was using linux in 1997 before any of us were! LMAO! DumbFuckingShit
> is so
>> >   *full* of shit, the whites of his eyes are actually brown.
>>
>> ROTFL!!  And what about *this* latest offering from the wintroll -
>> "..... was hacking around in Linux way before you were - way back when
>> it was easy to fry the monitor if I set the refresh rate wrong."
>>
>> Oh, suuuuure he was!
>> LOL
> 
> Tell you what, Linux moron.  I'll sell you my Linux CDs from '97, and I
> can probably dig up my RedHat disks (I seem to remember it came on
> diskettes). How much you offering?

Why nothing at all, Windows Wanker. You only used them once for a week, &
they're wayyy out of date. Besides I have CD's of my own from 97 & before.

-- 
From: "DFS" <nospam@nospam.com>
Newsgroups: comp.os.linux.advocacy
"Why do I, a total Linux novice,...."

begin On Thu, 17 Jun 2004 12:06:17 -0400, DFS posted:

> 
> "William Poaster" <willpoast@jvyycbnfg.zr.hx> wrote in message
> news:pan.2004.06.17.10.47.28.110688@jvyycbnfg.zr.hx...
>> begin On Thu, 17 Jun 2004 11:04:08 +0100, spike1 posted:
>>
>> > DFS <nospam@nospam.com> wrote:
>> >> Give me a little more credit, Linux morons.  I was probably using
> Linux,
>> >> in 1997, before you were.
>> >
>> > If you've been using linux for so long (even longer than me, although,
>> > I had no trouble switching to linux in 99, cos I started out on REAL
>> > operating systems with SunOS in 95), how is it that you understand so
>> > little?
>> >
>> > In fact, you don't even appear to know what cron does?
>>
>> He doesn't & it's all bullshit anyhow.
> 
> All bullshit?  Kiss my ass.
> 
> Want to buy my old RedHat disks, and my Caldera OpenLinux lite CD from
> 1997?

Which you used for one week, & became an expert! 

"Why do I, a total Linux novice, have to school you on your own OS of choice?"
From: "DFS" <nospam@nospam.com>
Newsgroups: comp.os.linux.advocacy
Subject: Re: 52 security advisories for the week ending June 11, 2004?
Date: Tue, 15 Jun 2004 21:42:06 -0400 Message-ID:
<10cv9kbtd9us9d0@corp.supernews.com>                                  


-- 
Deja Moo: The feeling you've heard
this bullshit before.

Jim Richardson wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Thu, 17 Jun 2004 11:57:09 -0400,
>  DFS <nospam@nospam.com> wrote:
>> "Jim Richardson" <warlock@eskimo.com> wrote in message
>> news:uut7q1-hml.ln1@grendel.myth...
>>> -----BEGIN PGP SIGNED MESSAGE-----
>>> Hash: SHA1
>>>
>>> On Wed, 16 Jun 2004 12:44:34 -0400,
>>>  DFS <nospam@nospam.com> wrote:
>>>> <spike1@freenet.co.uk> wrote in message
>> news:dtdpac.d2p.ln@freenet.co.uk...
>>>>> DFS <nospam@nospam.com> wrote:
>>>>>>> So, type one line, two commands, wait a bit, zero rebooting,
>>>>>>> and the whole bloomin' thing is updated.
>>>>>
>>>>>> Sounds good.
>>>>>
>>>>> It's better than that though. yast online update (for suse) has
>>>>> options for auto-running at specified times. cron (the scheduling
>>>>> daemon) can be used to apt-get update && apt-get upgrade (for
>>>>> debian), urpmi (for mandrake) or up2date (for redhat/fedora), etc.
>>>>>
>>>>> So, us linux people CAN just install, configure and then sleep in
>>>>> our chairs most of the time, the system keeps itself up to date,
>>>>> and cleans up after itself.
>>>>
>>>> Thus we would expect Linux to have a better market share than
>>>> Windows (for server OSes); instead the reverse is true, and Linux
>>>> has about
>>>> one-third the Windows server OS market share (Wired Magazine, June
>>>> 04, pg 154, source: IDC).
>>>
>>>
>>> Is that number based on number of actual installs? or numbers or
>>> dollars shipped from OEMs? Does it take into account the whitebox
>>> installs that many such Linux machines are?
>>
>> Don't know what it's based on.  I imagine installations.
>>
>>
>
> Are you often given to such flights of imagination when referring to
> facts?
>
> I doubt strongly that it's installations. After all, how would they
> know how many Linux boxes are installed? there's no licencing to
> track, counting sales slips is pointless, as you can install it on
> numerous machines from a single CD source.

Use your common sense, boy.

Mine tells me they do phone and print surveys of CTO and IT managers, asking
how many Windows and Linux/Unix server installations are running in their
organizations, which versions, what services they provide, etc.  They survey
a certain number of companies, then make statistical projections based on
their survey sample size.



>>>>> Oh, we may need to give it the odd tweak here and there, but
>>>>> unless anything new needs doing or some emergency crops up, like
>>>>> a DOS attack, linux just keeps on going.
>>>>>
>>>>>>> Windows doesn't make it that easy to just update *Windows*,
>>>>>>> never mind all your apps and other things.
>>>>>
>>>>>> Yes it does.
>>>>>
>>>>> Try it on a dialup connection. I hear some of those patches would
>>>>> take DAYS to download on 56k. Some of them almost take up an
>>>>> entire CD.
>>>>
>>>> ???  Do Linux updates download faster than Windows on a dialup
>>>> connection?  I guess time might pass a little faster while you're
>>>> sitting there sifting through all that Linux crapware, wondering
>>>> why
>>>> this program was written and why it was included on your distro and
>>>> where you can file bug reports.
>>>>
>>>>
>>>
>>> Actually, downloads do often complete faster under Linux. At least
>>> that's been my experience.
>>
>> Of course: 56k downloads under Linux are faster than 56k downloads
>> under Windows.  Gotcha.
>>
>>
>
>
> often, yes. MS-Windows used to come configured with a rather high MTU
> setting, suitable for LAN work, but a poor setting for dialup.

heh... right.



>>> Linux also has a far better record in my exp
>>> of resuming downloads that were interrupted for some reason.
>>
> and this is a big reason for completing large downloads faster.

I get around 10mb per minute via my cable modem.




>>>>>> You're exaggerating about tens to hundreds of websites.
>>>>>
>>>>> Why? He's stating that because he doesn't know what software
>>>>> people have installed, some might have hundreds of different
>>>>> programs from hundreds of different locations installed.
>>>>>
>>>>> (I know someone who sold a bloke a PC last month, the next day he
>>>>> got a support call saying it was being slow, went to check and
>>>>> he'd got over 400 spyware and viruses on it... in just 24 hours!
>>>>> the mind boggles)
>>>>
>>>> Somewhere out there many Linux morons are giggling about the Win32
>>>> viruses they released.
>>>
>>> An interesting claim. Got any evidence? or are you simply spouting
>>> off bullshit? ah, thought so.
>>
>> Another uninformed Linux moron.  Do some searching on the web, boy.
>> Visit some hacker sites.  Talk to them about their OS of choice.
>
> So no, you don't have any evidence, you were just spouting off, and as
> usual, when called on it, resort to simple name calling.

Good God.  When I go out there and point you to multiple hacker sites where
they gush on Linux, you'll just say they're not "representative of Linux
users."  or "prove they wrote the viruses" etc.  What a joke.

I just read an exchange online the other night between two hackers
discussing the stolen Valve Half-Life 2 code.  They were throwing Linux
terms around left and right.  Now, they could have been using Unix, but I
doubt it.

It doesn't reflect poorly on Linux, anyway, but I guarantee many Windows
viruses are written by MS-hating Linux morons.






>>>>>>> In order to effectively stop such things, your real choice is
>>>>>>> simply to stop using them.  Period.  Hardly an effective
>>>>>>> strategy, especially with the MSN messenger cilent which seems
>>>>>>> to have somehow become a "required" component.
>>>>>
>>>>>> It's really not all that difficult to remove software from
>>>>>> Windows boxes.
>>>>>
>>>>> It isn't? What about all the registry hacking required to remove
>>>>> the most stubborn ones?
>>>>>
>>>>> Is it possible to remove software and return the machine to the
>>>>> same state it was before the software was installed? Or does the
>>>>> software leave little presents for you in the registry?
>>>>>
>>>>> In many cases, you'll find it's the latter.
>>>>
>>>> Where is all your Linux slopware installed?  Do you know the name
>>>> and location of every file that was installed from all the
>>>> thousands of packages, and then supposedly removed?  Or do you
>>>> just trust Linux 'cause it's Linux?  That's my bet.
>>>>
>>>
>>> dpkg -L appname
>>>
>>> gives me a full list of all files that were in the package, and
>>> where they were installed. RPM has a similar command option.
>>
>> That's what you THINK the command tells you.  Have you ever verified
>> it, or are you just trusting Linux?  Yes you are.
>>
> yes, I have verified it. It's quite simple, as .deb packages are
> easily taken apart for inspection. As are .rpm and .tgz files.

And after you verified it, what?  Did you start moving the files around?
The whole point is, who cares where the files are installed, or that a few
may be left after uninstall (Linux and Windows)?  It may be comforting to
know, but it's not really important, and some cola nut was using it to bash
Windows.



>>> How do I find out all the files that a setup.exe installed on
>>> MS-Windows?
>>
>> Look at the .inf file, or if the program is installed using msi,
>> there are other lists of files and locations and rollback data.
>>
> and have you verified them? or are you simply trusting MS and the
> appwriter?

Exactly.




> (some of the OE borked formatting fixed for readability)
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.4 (GNU/Linux)
>
> iD8DBQFA0ckrd90bcYOAWPYRAmHNAKC4w/J9FApQqM3KtDFknoRgEBJq+ACeLZfR
> w/CnbqmyQGNq4wFgjqbtY80=
> =oHmn
> -----END PGP SIGNATURE-----

DFS <nospam@nospam.com> did eloquently scribble:
> And then there's the Linux kernel 2.4, which earned #4 on Wired Magazine's
> Vaporware 2000 list
> http://www.wired.com/news/technology/0,1282,40484-2,00.html?tw=wn_story_page_next1
> 
> It was a year and a half late.

By whose reconning?
2.4 was released when it was judged to be ready.
The same for 2.6, and in a couple of years time maybe, 3.0 or 2.8.
Linus doesn't have a deadline to keep to.

-- 
______________________________________________________________________________
|   spike1@freenet.co.uk   |                                                 |
|Andrew Halliwell BSc(hons)| "The day Microsoft makes something that doesn't |
|            in            |  suck is probably the day they start making     |
|     Computer science     |  vacuum cleaners" - Ernst Jan Plugge            |
------------------------------------------------------------------------------

On Thu, 17 Jun 2004 17:11:22 GMT, Rick <rick@none.com> wrote:
> On Thu, 17 Jun 2004 12:05:18 -0400, DFS wrote:

>>> In fact, you don't even appear to know what cron does?
>> 
>> scheduler.  The Windows Scheduled Tasks feature is better.
> 
> How?

It reduces the potential load on the system by making it really hard to
schedule a task to run more often than once a day.


-- 
 -| Bob Hauck
 -| To Whom You Are Speaking
 -| http://www.haucks.org/

Rick wrote:
> On Thu, 17 Jun 2004 12:36:15 -0400, DFS wrote:
>
>>
>> <spike1@freenet.co.uk> wrote in message
>> news:o0qrac.mkr.ln@freenet.co.uk...
>>> DFS <nospam@nospam.com> wrote:
>>>> Again, that's 'cause you use open source code.  And how often
>>>> should you have to update your software, anyway?  Seems Linux
>>>> slopware is updated almost weekly in a lot of cases.
>>>
>>> And weekly is bad.... why exactly?
>>
>> 'Cause it shows the software wasn't ready last week, and it won't be
>> ready this week, and it won't be ready a week from now.
>
> So window$ wasn't ready 5 years ago, and it isn't ready now, and it
> won't be ready 5 years from now.

I feel your pain, boy.  Several hundred million people feel otherwise, but
it's only Linux users who don't.  What's wrong with this picture?




>> I would be very
>> suspicious of any software updated every week, or month, etc.
>
> Why?

If you honestly have to ask, you wouldn't understand the answer.



> (snip)
>>> Ah, you don't understand the free software author's mindset...
>>> Understandable coming from you, that. Never heard of the reward of
>>> peer review and self satisfaction of a job well done?
>>
>> True.  I don't understand free software.
>
> Finally. You make a true statement. You don't understand free
> software.

I've said this all along.



>> And peer review?  My peers don't  pay my bills; my clients do.
>
> What does that have to do with the fact that many people gain
> satisfaction from peer review and from know they have done something
> good for the community?

Again: My peers don't pay my bills; my clients do.

If peer review makes you happy, more power to you.



> Instead of continuously and ignorantly lashing out at something you
> don't understand, maybe you should try to learn about it.

What's to learn?  I can write open source software, and contribute to the
"community."  In turn, I can use and learn from open source software.
Yippee!





>>>>>> It's mind-numbingly easy to use Windows update; you can schedule
>>>>>> updates to run automatically at any time of the day or night.
>>>>>
>>>>> Good.  Now, this updates, say, SQL Server?  MS Office?  Visual
>>>>> Studio? Borland's development tools?  Corel's apps?  WinAmp?  No,
>>>>> didn't think
>> so.
>>>
>>>> What does Borland have to do with MS, except to make applications
>>>> that run on Windows?  Why do you think the OS vendor should help
>>>> you update your
>> 3rd
>>>> party apps?  You're spoiled because of free software.
>>>
>>> What does apache or sendmail have to do with linux? You think our
>>> distros would help us update 3rd party apps?.... um... HELL YES!
>>
>> Spoiled.  Cheap.  Broke.  syn: Linux user.
>
> Again.. your statement does not parse.

'Cause you're using a crippled, untested, open source parser...




>
>>>>> Wake me up when Windows gets to the point Linux is at today.  I
>>>>> figure that'll be about 2053.
>>>
>>>> Yet Windows expensive, proprietary server OSes have twice the
>>>> market share of free/low cost Linux/Unix server OSes?  Sounds like
>>>> a lot of people think Windows is already far beyond Linux, and are
>>>> willing to pay for the privilege.
>>>
>>>> [insert whining about MS monopoly, MS marketing, or uneducated
>>>> admins]
>>>
>>> No need, you inserted them for us, but it's true.
>>
>> Well there you go.  Glad to provide your excuses for you.
>>
>>
>>
>>> The PC started out soley as a microsoft DOS machine, microsoft
>>> bundled dos with IBMs machines and then sold licenses to all the
>>> other clone manufacturers, the rest, as they say, is history.
>>>
>>> It may have been a very different world we'd be living in if the
>>> bloke from digital equipment hadn't been on his boat that fateful
>>> day. digital equipment hadn't been on his boat that fateful day.
>>
>> Maybe so.
>
> 'The bloke from Digital Research' met with the IBM reps 'that day'.
> They didn't wnat to license CP/M, they wanted to buy it. Gates
> convinced IBM to license an OS m$ didn't, and then IBM priced CP/M
> out of competition.

Gates is a damn smart guy is what he is, and an awesome businessman; he
started and runs a company that has 95% market share in some of its
businesses.



>>>>> It is if it doesn't want to be uninstalled.  However, the issue
>>>>> isn't removing it; it's keeping it, but in such a way that it
>>>>> runs when _you_ want it to run, not when _it_ thinks it should.
>>>
>>>> I do have to wonder why the average Linux user, who claims to be
>>>> (and might be) so technically competent, has such difficulties
>>>> working with Windows.
>>>
>>> How about someone who IS competent at working with windows and STILL
>>> can't get rid of the most stubborn spyware? For I know such a man.
>>>
>>> Oh, he got rid in the end, but it took him 5 times longer than it
>>> should've.
>>
>> That's why it's called spyware.
>
> ... so much for answering his question.

He didn't have a question.





>>>>>> OK.  Very well put, I must say.  I can't and won't argue, except
>>>>>> to say keeping Windows secured isn't nearly as difficult as you
>>>>>> make it sound.
>>>>>>
>>>>>> I don't do much network admin for Windows (none for Linux)
>>>>>
>>>>> I do both.  Windows is a nightmare.  Even worse is when you have
>>>>> to keep, say, 100 machines up to date.
>>>>>
>>>>> Here's an example.  Suppose I want to maintain 100 Win2K
>>>>> machines.  I have one which I use as a testbed, to ensure that
>>>>> patches, etc, don't break anything.  Now that I've tested them
>>>>> all... how do I roll them out, automatically, to every system on
>>>>> the network?  Invisibly? Without
>> user
>>>>> interaction?  Without interfering with their work by, say,
>>>>> forcing reboots?
>>>
>>>> I would think there's an easy way for a Windows network admin to
>>>> distribute updates to all machines in a domain.  If I find out so,
>>>> I'll be back to
>> tell
>>>> you.
>>>
>>>
>>>
>>>
>>>>> With Linux, it's easy.  I can either do it, say, 10 at a time
>>>>> manually using tools such as screen, or I can write a little
>>>>> script, applied to each machine once, which subsequently looks at
>>>>> a specified network share point and, if there's any packages
>>>>>  there, applies them.  How?  Well, let's
>>>>> see.  First, for each machine, I define a new package repository -
>>>>> trivially easy.  The cron job now does our usual set of things:
>>>>>
>>>>>   urpmi.update -a && urpmi --auto-select
>>>>>
>>>>> Voila.  Done.  Drop that into a crontab on each machine, once,
>>>>> when rolling the machines out,
>>>
>>>> Wait a minute.  Sounds like you have to manually visit/touch each
>>>> of the 100  machines?  Or am I missing something?
>>>
>>> you're missing cron.
>>> the daemon that auto runs jobs at specified times of the
>>> day/week/month/year.
>>
>> He said he had to edit the crontab on each machine when rolling the
>> machines out.  Sounds like he had to do it manually.
>
> Your point?

Well, he says updating Windows machines is such a chore, but it sounds like
he has to manually update his Linux machines as well.




>>> All he has to do is put tested patches and updates into a specific
>>> directory on a shared filesystem, the cronjob on the other machines
>>> does the rest.
>>>
>>>>> and from that point on, they will automatically update themselves.
>>>>> With tested updates only.  Unobtrusively.  The
>> user's
>>>>> total knowledge of the process occurring at all is, generally
>>>>> speaking, noticing that when they run application X, it's a new
>>>>> version.
>>>>>
>>>>> Yes, there always the potential for problems - in both systems.
>>>>> Difference is, Linux makes it easy to do the parts that *should*
>>>>> be easy. Windows doesn't.  So doing this in Linux leaves you that
>>>>> much more time
>> to
>>>>> spend fixing the problems, rather than fighting the system.
>>>
>>>> Yet with all these supposed Linux advantages, including low or no
>>>> cost,
>> they
>>>> have just one-third the server OS market share of  MS?  (Wired Mag,
>>>> June
>> 04,
>>>> pg.154, source: IDC)
>>>
>>> More IDC bullshit,I see...
>>
>> LOL!  You Linux morons do live in an alternate world.  If the big
>> boys of the market research world don't support your fantasies, you
>> dismiss them. If every study ever done indicates Linux has 3% of the
>> desktop installations, you dismiss it and claim 16%.  Because it
>> just IS!
>
> How did IDC arrive at their installation numbers? Did they do some
> statistically valid pole of server admins? Did they look at connection
> logs? Did they look at retail/wholesale sales figures?

pole = poll

I don't know their survey methodologies.



>>> You don't get it do you? With windows, you buy one windows disk,
>>> you can install it (legally) on one single machine. That counts as
>>> one sale.
>>
>> What are you talking about?  I've installed Win2000 on several
>> machines. Before WinXP, there were no restrictions on installations.
>> And even with WinXP, there are activation hacks.  So who knows how
>> many copies of WinXP are sold once, but used multiple times.
>
> There have always been restrictions on installations of m$ OSs. One
> license, one install has been the norm. Ask the owner of Ernie Ball.
> They weren't using XP.

I meant physical/electronic restrictions, of course, such as hardware
activation.  The EULA allows one copy of Windows to be installed on one
machine.



>>> You buy a linux boxed set. You can install it in an entire server
>>> farm, one disk all machines... You could even do it over the
>>> network so they'd all install at once. (Try that with windows)
>>
>>
>>> That counts as one sale.
>>
>> I know, I know - every Linux sale ever made is copied to multiple
>> machines. This is the ONLY claim you guys can make that supports
>> Linux as 16% of the desktop installations.  But it's bogus because
>> the same can be said about Windows until XP, and even now there are
>> plenty of people using activation hacks to get past that limitation.
>
> You are wrong. However, feel free to show some EULAs allowing multiple
> installations of DOS, W3.1, W95 or W2K when only a single licensed
> has bee legally acquired.

The EULA doesn't allow multiple installations, but I'm sure it's occurred.

You claim Linux sales are installed on several machines, but Windows sales
aren't?  Why do you think this?  Even MS has estimated some 25% of its
software in use is pirated.





>>> Of course, how does one measure it if even that single CD used to
>>> install that server farm was copied off a friend? Or downloaded off
>>> the net?
>>>
>>> IDC doesn't have the means to measure the use of linux in the
>>> server OR desktop market because they have no means of counting the
>>> number of installs. And random questionnaires won't cut it.
>>
>> I don't know what their statistical methodologies are, but I trust
>> them a heck of a lot more than you cola nuts.
>
> Unless you know how the data was gathered, you cannot know how to
> interpret it or how much the conclusion can be trusted.

If it was pro-Linux numbers, they would be part of the cola newsgroup FAQ.




>>> Oh, they might be able to randomly sample webserver to see what
>>> they're running, but that only counts machines facing the internet,
>>> not the machines
>>> behind the firewall on the private net.
>>
>> You don't know what they can or cannot count.
>
> You may now show all the ways it is possible to count firewalled and
> masked machines.

Well, the people that setup the firewalled and masked machines count them
for IDC, and report their numbers.  Why is this so difficult for you to
understand?

Rick <rick@none.com> did eloquently scribble:
>> scheduler.  The Windows Scheduled Tasks feature is better.
> 
> How?
> 
Heheh, this should be a good one... 
/me sits on the edge of his seat in preparation for a side splitter.
-- 
______________________________________________________________________________
|   spike1@freenet.co.uk   |                                                 |
|Andrew Halliwell BSc(hons)| "The day Microsoft makes something that doesn't |
|            in            |  suck is probably the day they start making     |
|     Computer science     |  vacuum cleaners" - Ernst Jan Plugge            |
------------------------------------------------------------------------------

DFS <nospam@nospam.com> did eloquently scribble:
>> What distro did you first install? On what hardware?
> 
> RedHat 4.2.  Dell Pentium 1, 166mhz, 256ram.
> 
> 
>> How long did you use it before screaming to mummy and reinstalling
>> windows95?
> 
> Never uninstalled Win95.  Dual-booted for a couple weeks.

Ahhh, 2 weeks using a 2.0.x based linux distribution, 7 years ago grants you
seniority over people who've been using it NON dual boot for over 5 years,
eh? Nice one.

-- 
______________________________________________________________________________
|   spike1@freenet.co.uk   |                                                 |
|Andrew Halliwell BSc(hons)| "ARSE! GERLS!! DRINK! DRINK! DRINK!!!"          |
|            in            | "THAT WOULD BE AN ECUMENICAL MATTER!...FECK!!!! |
|     Computer Science     | - Father Jack in "Father Ted"                   |
------------------------------------------------------------------------------

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thu, 17 Jun 2004 13:52:22 -0400,
 DFS <nospam@nospam.com> wrote:
> Jim Richardson wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> On Thu, 17 Jun 2004 11:57:09 -0400,
>>  DFS <nospam@nospam.com> wrote:
>

<snip>

>
>>> Don't know what it's based on.  I imagine installations.
>>>
>>>
>>
>> Are you often given to such flights of imagination when referring to
>> facts?
>>
>> I doubt strongly that it's installations. After all, how would they
>> know how many Linux boxes are installed? there's no licencing to
>> track, counting sales slips is pointless, as you can install it on
>> numerous machines from a single CD source.
>
> Use your common sense, boy.
>
> Mine tells me they do phone and print surveys of CTO and IT managers, asking
> how many Windows and Linux/Unix server installations are running in their
> organizations, which versions, what services they provide, etc.  They survey
> a certain number of companies, then make statistical projections based on
> their survey sample size.
>
>


Would that be the same companies who's CTO's and IT managers are so
often surprised by the fact that half of their mail/file/webservers were
converted to Linnux 6+ months ago, and the only thing they noticed was
the lack of downtime? 

Just curious boy. 


<snip>

>>> Of course: 56k downloads under Linux are faster than 56k downloads
>>> under Windows.  Gotcha.
>>>
>>>
>>
>>
>> often, yes. MS-Windows used to come configured with a rather high MTU
>> setting, suitable for LAN work, but a poor setting for dialup.
>
> heh... right.
>
>

Google is your friend boy, do some research, then you can apologise
properly. 


>
>>>> Linux also has a far better record in my exp
>>>> of resuming downloads that were interrupted for some reason.
>>>
>> and this is a big reason for completing large downloads faster.
>
> I get around 10mb per minute via my cable modem.
>

That's nice. Not relevent to the issue, but almost as fast as the cable
modem access here on WindWalker sustained 3.5Kb/s here. (which works out
to quite a bit more than 10mb per minute. Actually, that sounds like
quite a crappy cable modem speed.)  


>
>
>
>>>>>>> You're exaggerating about tens to hundreds of websites.
>>>>>>
>>>>>> Why? He's stating that because he doesn't know what software
>>>>>> people have installed, some might have hundreds of different
>>>>>> programs from hundreds of different locations installed.
>>>>>>
>>>>>> (I know someone who sold a bloke a PC last month, the next day he
>>>>>> got a support call saying it was being slow, went to check and
>>>>>> he'd got over 400 spyware and viruses on it... in just 24 hours!
>>>>>> the mind boggles)
>>>>>
>>>>> Somewhere out there many Linux morons are giggling about the Win32
>>>>> viruses they released.
>>>>
>>>> An interesting claim. Got any evidence? or are you simply spouting
>>>> off bullshit? ah, thought so.
>>>
>>> Another uninformed Linux moron.  Do some searching on the web, boy.
>>> Visit some hacker sites.  Talk to them about their OS of choice.
>>
>> So no, you don't have any evidence, you were just spouting off, and as
>> usual, when called on it, resort to simple name calling.
>
> Good God.  When I go out there and point you to multiple hacker sites where
> they gush on Linux, you'll just say they're not "representative of Linux
> users."  or "prove they wrote the viruses" etc.  What a joke.
>
> I just read an exchange online the other night between two hackers
> discussing the stolen Valve Half-Life 2 code.  They were throwing Linux
> terms around left and right.  Now, they could have been using Unix, but I
> doubt it.
>
> It doesn't reflect poorly on Linux, anyway, but I guarantee many Windows
> viruses are written by MS-hating Linux morons.
>
>

right. You "guarantee" it... your guarantee is worth what exactly? 

>
>
>
>
>>>>>>>> In order to effectively stop such things, your real choice is
>>>>>>>> simply to stop using them.  Period.  Hardly an effective
>>>>>>>> strategy, especially with the MSN messenger cilent which seems
>>>>>>>> to have somehow become a "required" component.
>>>>>>
>>>>>>> It's really not all that difficult to remove software from
>>>>>>> Windows boxes.
>>>>>>
>>>>>> It isn't? What about all the registry hacking required to remove
>>>>>> the most stubborn ones?
>>>>>>
>>>>>> Is it possible to remove software and return the machine to the
>>>>>> same state it was before the software was installed? Or does the
>>>>>> software leave little presents for you in the registry?
>>>>>>
>>>>>> In many cases, you'll find it's the latter.
>>>>>
>>>>> Where is all your Linux slopware installed?  Do you know the name
>>>>> and location of every file that was installed from all the
>>>>> thousands of packages, and then supposedly removed?  Or do you
>>>>> just trust Linux 'cause it's Linux?  That's my bet.
>>>>>
>>>>
>>>> dpkg -L appname
>>>>
>>>> gives me a full list of all files that were in the package, and
>>>> where they were installed. RPM has a similar command option.
>>>
>>> That's what you THINK the command tells you.  Have you ever verified
>>> it, or are you just trusting Linux?  Yes you are.
>>>
>> yes, I have verified it. It's quite simple, as .deb packages are
>> easily taken apart for inspection. As are .rpm and .tgz files.
>
> And after you verified it, what?  Did you start moving the files around?
> The whole point is, who cares where the files are installed, or that a few
> may be left after uninstall (Linux and Windows)?  It may be comforting to
> know, but it's not really important, and some cola nut was using it to bash
> Windows.
>


It's important when the ones left behind clog things up (as they so
often do in the registry entries) or prevent other things from working. 

Please try to put on your thinking cap next time. 

>
>
>>>> How do I find out all the files that a setup.exe installed on
>>>> MS-Windows?
>>>
>>> Look at the .inf file, or if the program is installed using msi,
>>> there are other lists of files and locations and rollback data.
>>>
>> and have you verified them? or are you simply trusting MS and the
>> appwriter?
>
> Exactly.
>
>

you are unclear, please answer the question. 

>


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFA0eHZd90bcYOAWPYRAiTvAKCOv46TkPZT7AKET447uWVCUPl+KQCgqbfF
WAaFgxAH9E6uAF3un+sWfDY=
=aFeK
-----END PGP SIGNATURE-----

-- 
Jim Richardson     http://www.eskimo.com/~warlock
 Waking a person unnecessarily should not be considered a capital crime.
 For a first offense, that is. -- Lazarus Long

begin On Thu, 17 Jun 2004 18:34:00 +0000, Jim Richardson posted:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> On Thu, 17 Jun 2004 13:52:22 -0400,
>  DFS <nospam@nospam.com> wrote:
>> Jim Richardson wrote:
>>> -----BEGIN PGP SIGNED MESSAGE-----
>>> Hash: SHA1
>>>
>>> On Thu, 17 Jun 2004 11:57:09 -0400,
>>>  DFS <nospam@nospam.com> wrote:
>>
>>
> <snip>
> 
> 
>>>> Don't know what it's based on.  I imagine installations.
>>>>
>>>>
>>>>
>>> Are you often given to such flights of imagination when referring to
>>> facts?
>>>
>>> I doubt strongly that it's installations. After all, how would they
>>> know how many Linux boxes are installed? there's no licencing to track,
>>> counting sales slips is pointless, as you can install it on numerous
>>> machines from a single CD source.
>>
>> Use your common sense, boy.
>>
>> Mine tells me they do phone and print surveys of CTO and IT managers,
>> asking how many Windows and Linux/Unix server installations are running
>> in their organizations, which versions, what services they provide, etc.
>>  They survey a certain number of companies, then make statistical
>> projections based on their survey sample size.
>>
>>
>>
> 
> Would that be the same companies who's CTO's and IT managers are so often
> surprised by the fact that half of their mail/file/webservers were
> converted to Linnux 6+ months ago, and the only thing they noticed was the
> lack of downtime?
> 
> Just curious boy.
> 
> 
> <snip>
> 
>>>> Of course: 56k downloads under Linux are faster than 56k downloads
>>>> under Windows.  Gotcha.
>>>>
>>>>
>>>>
>>>
>>> often, yes. MS-Windows used to come configured with a rather high MTU
>>> setting, suitable for LAN work, but a poor setting for dialup.
>>
>> heh... right.
>>
>>
>>
> Google is your friend boy, do some research, then you can apologise
> properly.
> 
> 
> 
>>>>> Linux also has a far better record in my exp of resuming downloads
>>>>> that were interrupted for some reason.
>>>>
>>> and this is a big reason for completing large downloads faster.
>>
>> I get around 10mb per minute via my cable modem.
>>
>>
> That's nice. Not relevent to the issue, but almost as fast as the cable
> modem access here on WindWalker sustained 3.5Kb/s here. (which works out
> to quite a bit more than 10mb per minute. Actually, that sounds like quite
> a crappy cable modem speed.)
> 
> 
> 
>>
>>
>>>>>>>> You're exaggerating about tens to hundreds of websites.
>>>>>>>
>>>>>>> Why? He's stating that because he doesn't know what software people
>>>>>>> have installed, some might have hundreds of different programs from
>>>>>>> hundreds of different locations installed.
>>>>>>>
>>>>>>> (I know someone who sold a bloke a PC last month, the next day he
>>>>>>> got a support call saying it was being slow, went to check and he'd
>>>>>>> got over 400 spyware and viruses on it... in just 24 hours! the
>>>>>>> mind boggles)
>>>>>>
>>>>>> Somewhere out there many Linux morons are giggling about the Win32
>>>>>> viruses they released.
>>>>>
>>>>> An interesting claim. Got any evidence? or are you simply spouting
>>>>> off bullshit? ah, thought so.
>>>>
>>>> Another uninformed Linux moron.  Do some searching on the web, boy.
>>>> Visit some hacker sites.  Talk to them about their OS of choice.
>>>
>>> So no, you don't have any evidence, you were just spouting off, and as
>>> usual, when called on it, resort to simple name calling.
>>
>> Good God.  When I go out there and point you to multiple hacker sites
>> where they gush on Linux, you'll just say they're not "representative of
>> Linux users."  or "prove they wrote the viruses" etc.  What a joke.
>>
>> I just read an exchange online the other night between two hackers
>> discussing the stolen Valve Half-Life 2 code.  They were throwing Linux
>> terms around left and right.  Now, they could have been using Unix, but
>> I doubt it.
>>
>> It doesn't reflect poorly on Linux, anyway, but I guarantee many Windows
>> viruses are written by MS-hating Linux morons.
>>
>>
>>
> right. You "guarantee" it... your guarantee is worth what exactly?
> 
> 
>>
>>
>>
>>>>>>>>> In order to effectively stop such things, your real choice is
>>>>>>>>> simply to stop using them.  Period.  Hardly an effective
>>>>>>>>> strategy, especially with the MSN messenger cilent which seems to
>>>>>>>>> have somehow become a "required" component.
>>>>>>>
>>>>>>>> It's really not all that difficult to remove software from Windows
>>>>>>>> boxes.
>>>>>>>
>>>>>>> It isn't? What about all the registry hacking required to remove
>>>>>>> the most stubborn ones?
>>>>>>>
>>>>>>> Is it possible to remove software and return the machine to the
>>>>>>> same state it was before the software was installed? Or does the
>>>>>>> software leave little presents for you in the registry?
>>>>>>>
>>>>>>> In many cases, you'll find it's the latter.
>>>>>>
>>>>>> Where is all your Linux slopware installed?  Do you know the name
>>>>>> and location of every file that was installed from all the thousands
>>>>>> of packages, and then supposedly removed?  Or do you just trust
>>>>>> Linux 'cause it's Linux?  That's my bet.
>>>>>>
>>>>>>
>>>>> dpkg -L appname
>>>>>
>>>>> gives me a full list of all files that were in the package, and where
>>>>> they were installed. RPM has a similar command option.
>>>>
>>>> That's what you THINK the command tells you.  Have you ever verified
>>>> it, or are you just trusting Linux?  Yes you are.
>>>>
>>> yes, I have verified it. It's quite simple, as .deb packages are easily
>>> taken apart for inspection. As are .rpm and .tgz files.
>>
>> And after you verified it, what?  Did you start moving the files around?
>> The whole point is, who cares where the files are installed, or that a
>> few may be left after uninstall (Linux and Windows)?  It may be
>> comforting to know, but it's not really important, and some cola nut was
>> using it to bash Windows.
>>
>>
> 
> It's important when the ones left behind clog things up (as they so often
> do in the registry entries) or prevent other things from working.
> 
> Please try to put on your thinking cap next time.
> 
> 
>>
>>>>> How do I find out all the files that a setup.exe installed on
>>>>> MS-Windows?
>>>>
>>>> Look at the .inf file, or if the program is installed using msi, there
>>>> are other lists of files and locations and rollback data.
>>>>
>>> and have you verified them? or are you simply trusting MS and the
>>> appwriter?
>>
>> Exactly.
>>
>>
>>
> you are unclear, please answer the question.

They're probably invisible ones that support him in email.

-- 
A cryptic clue...
Foreign secretary's valet - one of little substance.
(3,2,5)

begin On Thu, 17 Jun 2004 17:33:35 +0000, Rick posted:

> On Thu, 17 Jun 2004 12:36:15 -0400, DFS wrote:
> (snip)

>> True.  I don't understand free software.
> 
> Finally. You make a true statement. You don't understand free software.

And *yet* it's been explained to him time & again & URLs have been posted
& he *still* doesn't get it! Doesn't *want* to, IMO, 

<snip>
-- 
The short life and hard times of a Linux virus
http://librenix.com/?inode=21
Linux vs. Windows Viruses
http://www.securityfocus.com/columnists/188

Bob Hauck wrote:
> On Thu, 17 Jun 2004 17:11:22 GMT, Rick <rick@none.com> wrote:
>> On Thu, 17 Jun 2004 12:05:18 -0400, DFS wrote:
>
>>>> In fact, you don't even appear to know what cron does?
>>>
>>> scheduler.  The Windows Scheduled Tasks feature is better.
>>
>> How?
>
> It reduces the potential load on the system by making it really hard
> to schedule a task to run more often than once a day.

"really hard"?!?!?   LOL!

Another Linux moron that can't figure out Windows.  Gawd, but you guys are
unbelievable sometimes.

In comp.os.linux.advocacy, spike1@freenet.co.uk
<spike1@freenet.co.uk>
 wrote
on Thu, 17 Jun 2004 11:11:43 +0100
<voqrac.mkr.ln@freenet.co.uk>:
> The Ghost In The Machine <ewill@aurigae.athghost7038suus.net> wrote:
>> Not familiar with "The Recruit" (or for that matter any hot female CIA
>> trainees 
>
> How about hot CIA female agents?
> Mmmm, Sidney Bristow
>:)
>

Oooh...well, erm, if I ever see her prowling around my domicile
I'll have to think about whether to let her in or not. :-)

But yeah, she's a looker.  I just am not sure I'd want her
looking at my files or not...

-- 
#191, ewill3@earthlink.net -- or anyone else, for that matter
It's still legal to go .sigless.

In comp.os.linux.advocacy, DFS
<nospam@nospam.com>
 wrote
on Wed, 16 Jun 2004 17:10:48 -0400
<10d1e3n5fldg182@corp.supernews.com>:
>
> "The Ghost In The Machine" <ewill@aurigae.athghost7038suus.net> wrote in
> message news:6t76q1-49p.ln1@lexi2.athghost7038suus.net...
>> In comp.os.linux.advocacy, DFS
>> <nospam@nospam.com>
>>  wrote
>> on Wed, 16 Jun 2004 00:14:32 -0400
>> <10cvii6c0uabce8@corp.supernews.com>:
>> > "The Ghost In The Machine" <ewill@aurigae.athghost7038suus.net> wrote in
>> > message news:25j4q1-t3o.ln1@lexi2.athghost7038suus.net...
>> >
>> >> Well, part of the problem is that your specific issues
>> >> count is 8; *the* issues which may (or most likely may not)
>> >> apply to everybody are 30, but only under very certain
>> >> conditions -- as you commented briefly above.
>> >>
>> >> They are concerns, but how they compare to Windows' malware is
>> >> not entirely clear, mostly because I'm not sure what comparison
>> >> method to use: Windows malware costs millions, if not hundreds
>> >> of millions, to eradicate, partly because of the sheer number
>> >> of Windows boxes out there, and partly because of the number
>> >> of Windows patches out there -- some of which work -- and partly
>> >> because of the number of idiots out there who click on things
>> >> without thinking just because they look like official Earthlink
>> >> e-mail.  (I know.  I got one.  However, because I use mailx,
>> >> I could easily see the headers and was immune to whatever it
>> >> contained.)
>> >>
>> >> If one wants to compare just the *problem* reports, they
>> >> are just about equal -- but one has to squint a bit as the
>> >> ones I've transcribed above *have already been patched*;
>> >> in many cases the Windows ones have merely been identified
>> >> as potential issues, AFAIK.
>> >>
>> >> Compared to Windows' malware, Lion and Ramen were ridiculously small.
>> >> Score one for a highly compartmentalized software system -- but DFS
>> >> had better be careful as he's comparing apples to hand grenades. :-)
>> >
>> > And you can choke to death on an apple just as surely as on a hand
>> > grenade....
>> >
>>
>> Yeah, but apples are edible, at least (although one might want
>> to slice them first).  I wouldn't recommend ingesting a hand grenade.
>>
>> Did you have a point here or are you just trying to sell the
>> idea that Windows XP security is superior?  If so, I'd call
>> for intellectual backup; you're not doing very well... :-)
>
> My point is the better Linux security (relative to Windows) isn't good
> enough.

It never will be.  A front door lock isn't good enough.

> Either system can and will be and has been compromised.

And therefore, of course, Windows XP is better for the casual
home user.

(Spot The Flaw.)

[.sigsnip]

-- 
#191, ewill3@earthlink.net
It's still legal to go .sigless.

In comp.os.linux.advocacy, DFS
<nospam@nospam.com>
 wrote
on Wed, 16 Jun 2004 16:54:36 -0400
<10d1d5atbms3fff@corp.supernews.com>:
>
> "Norwegian Formula" <R@bastards.com> wrote in message
> news:40d09dfd_1@newspeer2.tds.net...
>> DFS, after spending 3 minutes figuring out which end of the pen to use,
> wrote:
>>
>> >
>> > "Rob Hughes" <rob@robhughes.com> wrote in message
>> > news:kv6dnewFec97GVLdRVn-jg@comcast.com...
>> >> DFS is alleged to have said in comp.os.linux.advocacy:
>> >>
>> >> > Sure I can.  They were all Linux-related, weren't they?
>> >>
>> >> No, some were for a couple different flavors of BSD. Not that I expect
> you
>> >> to understand that, given your self-admitted ignorance.
>> >
>> >
>> > I do understand the difference.
>> >
>> > Berkeley Software Distribution predates Linux by about 10 or 15 years,
> and
>> > was developed primarily by Bill Joy (cofounder of Sun, and recently
> departed
>> > I think) at UCBerkeley.
>> >
>> > And it only took me 3 hours to research that on google so I could answer
> you!
>
> Give me a little more credit, Linux morons.  I was probably using Linux, in
> 1997, before you were.

I remember my first Linux kernel as 0.99pl7 or 0.99pl12.
Unfortunately, http://www.kernel.org/publinux/kernel/History/v0.99
seems to have slightly messed-up dates, although the copyright
for 0.99pl7 is dated 1991 and the actual file dates are around 1993,
once extracted.  0.99pl12 is dated August 15, 1993.

I can't say how long ago Norwegian Formula was using Linux, but
I was at least experimenting with it apparently in 1993 or 1994,
which is interesting considering I also have Windows 95 installed
on one of my boxes -- which came out more than a year later.

I may have to look for or at my 30-diskette Slackware install kit,
assuming it's still any good.

Anyway...you were saying?

[rest snipped]

-- 
#191, ewill3@earthlink.net
It's still legal to go .sigless.

The Ghost In The Machine wrote:
> In comp.os.linux.advocacy, DFS
> <nospam@nospam.com>
>  wrote
> on Wed, 16 Jun 2004 16:54:36 -0400
> <10d1d5atbms3fff@corp.supernews.com>:
>>
>> "Norwegian Formula" <R@bastards.com> wrote in message
>> news:40d09dfd_1@newspeer2.tds.net...
>>> DFS, after spending 3 minutes figuring out which end of the pen to
>>> use, wrote:
>>>
>>>>
>>>> "Rob Hughes" <rob@robhughes.com> wrote in message
>>>> news:kv6dnewFec97GVLdRVn-jg@comcast.com...
>>>>> DFS is alleged to have said in comp.os.linux.advocacy:
>>>>>
>>>>>> Sure I can.  They were all Linux-related, weren't they?
>>>>>
>>>>> No, some were for a couple different flavors of BSD. Not that I
>>>>> expect you to understand that, given your self-admitted ignorance.
>>>>
>>>>
>>>> I do understand the difference.
>>>>
>>>> Berkeley Software Distribution predates Linux by about 10 or 15
>>>> years, and was developed primarily by Bill Joy (cofounder of Sun,
>>>> and recently departed I think) at UCBerkeley.
>>>>
>>>> And it only took me 3 hours to research that on google so I could
>>>> answer you!
>>
>> Give me a little more credit, Linux morons.  I was probably using
>> Linux, in 1997, before you were.
>
> I remember my first Linux kernel as 0.99pl7 or 0.99pl12.
> Unfortunately, http://www.kernel.org/publinux/kernel/History/v0.99
> seems to have slightly messed-up dates, although the copyright
> for 0.99pl7 is dated 1991 and the actual file dates are around 1993,
> once extracted.  0.99pl12 is dated August 15, 1993.
>
> I can't say how long ago Norwegian Formula was using Linux, but
> I was at least experimenting with it apparently in 1993 or 1994,
> which is interesting considering I also have Windows 95 installed
> on one of my boxes -- which came out more than a year later.
>
> I may have to look for or at my 30-diskette Slackware install kit,
> assuming it's still any good.
>
> Anyway...you were saying?

I was saying, to Grecian Formula, that "I was probably using Linux, in 1997,
before you were."

See, it's right up there in the thread, Ghost, in black and white.  I wasn't
addressing you.

That's what I was saying.

DFS <nospam@nospam.com> did eloquently scribble:
>> So window$ wasn't ready 5 years ago, and it isn't ready now, and it
>> won't be ready 5 years from now.
> 
> I feel your pain, boy.  Several hundred million people feel otherwise, but
> it's only Linux users who don't.  What's wrong with this picture?

The fact that many windows users DON'T feel otherwise, and hate windows?
(But don't know any better)
>>>> How about someone who IS competent at working with windows and STILL
>>>> can't get rid of the most stubborn spyware? For I know such a man.
>>>>
>>>> Oh, he got rid in the end, but it took him 5 times longer than it
>>>> should've.
>>>
>>> That's why it's called spyware.
>>
>> ... so much for answering his question.
> 
> He didn't have a question.


"How about someone who IS competent at working with windows and STILL can't
get rid of the most stubborn spyware?"

isn't a question?

>>> He said he had to edit the crontab on each machine when rolling the
>>> machines out.  Sounds like he had to do it manually.
>>
>> Your point?
> 
> Well, he says updating Windows machines is such a chore, but it sounds like
> he has to manually update his Linux machines as well.

Stupid plonker. How many times?
HE SET UP CRON ON EACH MACHINE TO UPDATE AUTOMATICALLY!
One off setup, once, that's all, after that they take care of themselves.

Or are you now saying that windows does all this automatically without being
told where to look for the tested and validated patches?

I think you need to return to school and brush up on reading comprehension. 
>> There have always been restrictions on installations of m$ OSs. One
>> license, one install has been the norm. Ask the owner of Ernie Ball.
>> They weren't using XP.
> 
> I meant physical/electronic restrictions, of course, such as hardware
> activation.  The EULA allows one copy of Windows to be installed on one
> machine.

Yes, I know, hence the original statement where I said "One windows disk
allows you to (legally) install on one machine"...

Note the clause there... LEGALLY?

Also, I think you'll find windows complains if you install more than one
machine on the same network using the same license key.

>> You are wrong. However, feel free to show some EULAs allowing multiple
>> installations of DOS, W3.1, W95 or W2K when only a single licensed
>> has bee legally acquired.
> 
> The EULA doesn't allow multiple installations, but I'm sure it's occurred.
> 
> You claim Linux sales are installed on several machines, but Windows sales
> aren't?  Why do you think this?  Even MS has estimated some 25% of its
> software in use is pirated.

Well, it just shows that windows users are inherently criminals, and linux
users are legally clean and blameless.

Windows users are thieving bastards according to you.

If they want multiple windows installs, they should pay for it.
It they want multiple installs for free or single cost, they should install
linux or one of the BSDs (depending on what they intend to do with it)

You going to start attacking BSD next as being amateurish and buggy?

>> Unless you know how the data was gathered, you cannot know how to
>> interpret it or how much the conclusion can be trusted.
> 
> If it was pro-Linux numbers, they would be part of the cola newsgroup FAQ.

No, they wouldn't.
Or haven't you heard the old "lies, damned lies and statistics" quote?

>> You may now show all the ways it is possible to count firewalled and
>> masked machines.
> 
> Well, the people that setup the firewalled and masked machines count them
> for IDC, and report their numbers.  Why is this so difficult for you to
> understand?

Because that situation is just too far fetched?
Most would think "mind your own business!" or just toss the questionnaire in
the bin cos they've got better things to do.

-- 
______________________________________________________________________________
|   spike1@freenet.co.uk   | "Are you pondering what I'm pondering Pinky?"   |
|Andrew Halliwell BSc(hons)|                                                 |
|            in            | "I think so brain, but this time, you control   |
|     Computer Science     |  the Encounter suit, and I'll do the voice..."  |
------------------------------------------------------------------------------

On Thu, 17 Jun 2004 15:49:59 -0400, DFS <nospam@nospam.com> wrote:
> Bob Hauck wrote:
>> On Thu, 17 Jun 2004 17:11:22 GMT, Rick <rick@none.com> wrote:
>>> On Thu, 17 Jun 2004 12:05:18 -0400, DFS wrote:
>>
>>>>> In fact, you don't even appear to know what cron does?
>>>>
>>>> scheduler.  The Windows Scheduled Tasks feature is better.
>>>
>>> How?
>>
>> It reduces the potential load on the system by making it really hard
>> to schedule a task to run more often than once a day.
> 
> "really hard"?!?!?   LOL!
> 
> Another Linux moron that can't figure out Windows.  Gawd, but you guys
> are unbelievable sometimes.

Ok, so I'm a moron.  But you still haven't explained how Windows' 
scheduler is better than cron.  Perhaps you could do some actual 
advocacy instead of just name-calling.  I know it is a stretch, 
but you could try.

So, how is the Windows scheduler better?  Please enlighten us.


-- 
 -| Bob Hauck
 -| To Whom You Are Speaking
 -| http://www.haucks.org/

spike1@freenet.co.uk wrote:
> DFS <nospam@nospam.com> did eloquently scribble:
>>> So window$ wasn't ready 5 years ago, and it isn't ready now, and it
>>> won't be ready 5 years from now.
>>
>> I feel your pain, boy.  Several hundred million people feel
>> otherwise, but it's only Linux users who don't.  What's wrong with
>> this picture?
>
> The fact that many windows users DON'T feel otherwise, and hate
> windows? (But don't know any better)

They sure know better than to use Linux.



>>>>> How about someone who IS competent at working with windows and
>>>>> STILL can't get rid of the most stubborn spyware? For I know such
>>>>> a man.
>>>>>
>>>>> Oh, he got rid in the end, but it took him 5 times longer than it
>>>>> should've.
>>>>
>>>> That's why it's called spyware.
>>>
>>> ... so much for answering his question.
>>
>> He didn't have a question.
>
>
> "How about someone who IS competent at working with windows and STILL
> can't get rid of the most stubborn spyware?"
>
> isn't a question?

What's the question?




>>>> He said he had to edit the crontab on each machine when rolling the
>>>> machines out.  Sounds like he had to do it manually.
>>>
>>> Your point?
>>
>> Well, he says updating Windows machines is such a chore, but it
>> sounds like he has to manually update his Linux machines as well.
>
> Stupid plonker. How many times?
> HE SET UP CRON ON EACH MACHINE TO UPDATE AUTOMATICALLY!
> One off setup, once, that's all, after that they take care of
> themselves.

I'm not sure what his meaning was.  It seemed like he had to visit/touch 100
machines and manually do something.




> Or are you now saying that windows does all this automatically
> without being told where to look for the tested and validated patches?
>
> I think you need to return to school and brush up on reading
> comprehension.
>>> There have always been restrictions on installations of m$ OSs. One
>>> license, one install has been the norm. Ask the owner of Ernie Ball.
>>> They weren't using XP.
>>
>> I meant physical/electronic restrictions, of course, such as hardware
>> activation.  The EULA allows one copy of Windows to be installed on
>> one machine.
>
> Yes, I know, hence the original statement where I said "One windows
> disk allows you to (legally) install on one machine"...
>
> Note the clause there... LEGALLY?
>
> Also, I think you'll find windows complains if you install more than
> one machine on the same network using the same license key.

Don't know.



>>> You are wrong. However, feel free to show some EULAs allowing
>>> multiple installations of DOS, W3.1, W95 or W2K when only a single
>>> licensed has bee legally acquired.
>>
>> The EULA doesn't allow multiple installations, but I'm sure it's
>> occurred.
>>
>> You claim Linux sales are installed on several machines, but Windows
>> sales aren't?  Why do you think this?  Even MS has estimated some
>> 25% of its software in use is pirated.
>
> Well, it just shows that windows users are inherently criminals, and
> linux users are legally clean and blameless.
>
> Windows users are thieving bastards according to you.

Some are, that's for sure.




> If they want multiple windows installs, they should pay for it.
> It they want multiple installs for free or single cost, they should
> install linux or one of the BSDs (depending on what they intend to do
> with it)
>
> You going to start attacking BSD next as being amateurish and buggy?

Should I?





>>> Unless you know how the data was gathered, you cannot know how to
>>> interpret it or how much the conclusion can be trusted.
>>
>> If it was pro-Linux numbers, they would be part of the cola
>> newsgroup FAQ.
>
> No, they wouldn't.
> Or haven't you heard the old "lies, damned lies and statistics" quote?

Sure.  The best one I've read lately is Linux has 16% of the worldwide
desktop installations.




>>> You may now show all the ways it is possible to count firewalled and
>>> masked machines.
>>
>> Well, the people that setup the firewalled and masked machines count
>> them for IDC, and report their numbers.  Why is this so difficult
>> for you to understand?
>
> Because that situation is just too far fetched?
> Most would think "mind your own business!" or just toss the
> questionnaire in the bin cos they've got better things to do.

Maybe so.





>>   spike1@freenet.co.uk   | "Are you pondering what I'm pondering
>> Pinky?"   | Andrew Halliwell BSc(hons)|
>>            | in            | "I think so brain, but this time, you
>>     control   | Computer Science     |  the Encounter suit, and I'll
>> do the voice..."  |
> --------------------------------------------------------------------------
----

[snips]

On Thu, 17 Jun 2004 13:52:22 -0400, DFS wrote:

>> I doubt strongly that it's installations. After all, how would they
>> know how many Linux boxes are installed? there's no licencing to
>> track, counting sales slips is pointless, as you can install it on
>> numerous machines from a single CD source.
> 
> Use your common sense, boy.
> 
> Mine tells me they do phone and print surveys of CTO and IT managers, asking
> how many Windows and Linux/Unix server installations are running in their
> organizations

This is actually a really poor metric.

Consider.  I'm a home user.  How much effort is there in converting over
to Linux?  Or even to a new version of Windows?  Not a hell of a lot; I
have one machine (generally) to cope with, one hardware configuration, one
system to patch, maintain and update, one person to train.

Now consider I'm the IT geek for a company with 1,000 machines.  I may
have 100 different hardware configurations.  Different user
configurations.  Different application sets to install.  Pluse 1,000 users
to retrain.  Not to mention documents, databases, whatever, which might
need to be converted, codebases which need to be rewritten, etc.

The home system I can convert in a day.  The enterprise-wide rollout would
be lucky to happen in a year.  Hell, some places evaluate _service packs_
for as much as 6 months; how long do you think they'd spend evaluating an
entirely new version of Windows?  How much longer to evaluate a completely
different OS entirely?  Two years?  Three?

This, of course, assumes they have a reason to convert in the first place.
For example, a company currently running on Win2K probably has little
reason to migrate to XP and 2K3; 2K is still supported, very likely does
what they need and isn't going to cost them a penny in upgrading, as
they're already using it.

When they face the choice of effectively _having to_ upgrade or migrate,
presumably because 2K isn't supported anymore, then they'll have a serious
decision to make.

Despite Linux being something like a decade old, it really - IMO at least
- really became usable to people other than diehards only about two years
ago - by which time most companies seriously considering upgrading to
Win2K had long since had beta releases and RCs to play with, and even had
the full release for a year or more.

The real crunch for Windows is going to be when 2K goes out of support. 
Mind you, even before then, Windows still faces serious challenges, as
evidenced by the people and organizations who are migrating to, or at
least evaluating, Linux already.

Of course, MS can hurry this process along, by rolling out ever more
invasive technologies, licenses and the like.


>> often, yes. MS-Windows used to come configured with a rather high MTU
>> setting, suitable for LAN work, but a poor setting for dialup.
> 
> heh... right.

Even in LANs.  I regularly toss largish files about across my LAN.  If I
do this Linux-to-Linux, using Samba shares, my hub - which has a "load"
light, indicating how heavily used it is - reaches considerably higher
levels than if I'm copying Linux-to-Windows, Windows-to-Linux, or
Windows-to-Windows.  Copies also generally take less time, supporting the
notion that this isn't simply packet-storming overhead or some such.

The difference, frankly, isn't all that great.  Nothing I'd lose sleep
over.

>> So no, you don't have any evidence, you were just spouting off, and as
>> usual, when called on it, resort to simple name calling.
> 
> Good God.  When I go out there and point you to multiple hacker sites
> where they gush on Linux, you'll just say they're not "representative of
> Linux users."  or "prove they wrote the viruses" etc.  What a joke.

Well, you did, apparently, claim it was *Linux* people releasing the
viruses.  Simply pointing to some site where they're pro-Linux and
anti-Windows doesn't demonstrate that they wrote or released any viruses;
just that they're pro-Linux and anti-Windows.  "Gushing on Linux" does not
isntantly equate to "releasing viruses".

It's your claim, *you* get to back it up.

> I just read an exchange online the other night between two hackers
> discussing the stolen Valve Half-Life 2 code.  They were throwing Linux
> terms around left and right.  Now, they could have been using Unix, but
> I doubt it.

And having stolen Half-Life 2 code is the same as releasing viruses?

> It doesn't reflect poorly on Linux, anyway, but I guarantee many Windows
> viruses are written by MS-hating Linux morons.

And your support for this would be what, exactly?

Of course, what's sort of funny is the underlying concept you're missing
here: that it is *worth it* to write viruses for Windows, or, for that
matter, that it's even *possible* to do so.

If I want to write a virus for Linux, the first thing I have to figure out
is how to deploy the damned thing.  A vulnerability in KMail?  Possibly -
but what of the people who use Evolution?  Or mutt?  Or Sylpheed?  Okay,
so we make it for a vulnerability in Konqueror.  Except for the people who
use Mozilla, or Opera, or lynx, or something else.

Okay, fine, so I manage to find a deployment mechanism which - if I'm
lucky - might affect as many as half of Linux users.  In theory.  Except I
still face a couple of issues.

One is, not every Linux user uses x86s.  So my virus will have to be
platform-neutral scripting.  Which means the system not only has to have
the vulnerable application, it _also_ has to have the relevant scripting
enabled.

Then I have to make it past tripwire and the like.  All without the user
ever noticing.

So, fine, you manage this.  You now have successfully infected a system. 
Now you have to remain hidden, out of sight, hopefully unlisted in top,
ps, and other process lists.  You have to keep your CPU usage to a
minimum, so people don't notice.

Now what?

Oh, yes.  Infecting things so you'll be replicated and auto-launched if
the system restarts.  What are you going to use to manage this?  With
different shell environments, different desktop environments, different
scripting environments, differing ways to auto-run applications, that in
itself is no mean feat.

Contrast this to Windows.

First, it runs on one platform.  You can develop direct binary apps rather
than scripting apps.  It generally lacks tools such as tripwire, so it's
easier to get in in the first place.  Users often run as Admins, meaning
they have write-access to most of the system - Linux users, on the whole,
don't, meaning you'll need a local root exploit just to install your
virus.  Windows has a predictable toolset - vbs support, javascript in
mail and web browser, active X support, etc.  Not everyone runs these
enabled, but many do.  You've got a reasonable expectation that, say, OE
and/or IE are in active use.

Not only do you have a much more uniform toolset to deal with, you have a
lot greater access once you're in, and a lot less likelihood of coming
across system monitoring tools.  It is, in short, fundamentally simpler to
deploy a succesful virus targetting Windows than it is for Linux.

Thus, it is easier - considerably - to write a successful Windows virus. 
Microsoft goes out of their way to make it difficult to keep systems
updated to avoid such things.  They compound this with silly notions such
as "We're going to make XP more secure, to avoid these problems... but
only for legal versions" - meaning pirated versions, presumably, will
still be wide open, this *despite* MS's long-held view that if people are
going to pirate software, make sure they're pirating *ours*.

Now, granted, there are, in fact, Linux viruses.  They're neither
particularly effective nor particularly virulent.  I have yet to hear of a
Linux virus that takes down entire LANs, let alone largish sections of the
net, nor even had the capability to do so if Linux were as popular as
Windows.

In short... Windows makes it possible to write successful viruses.  MS is
an enabler.  Linux makes it difficult to do the same thing.  Unless
someone figures out a really successful way to do it in Linux, there just
isn't much point: where's the fun in writing a virus that infects 100
machines and peters out, when you can write one that infects, say, 100,000
machines and keeps right on going?

Hell, MS doesn't even bundle AV tools, do they? No, Linux doesn't, either,
generally... but it doesn't really need 'em.  Windows does.


>> yes, I have verified it. It's quite simple, as .deb packages are
>> easily taken apart for inspection. As are .rpm and .tgz files.

> And after you verified it, what?  Did you start moving the files around?
> The whole point is, who cares where the files are installed, or that a
> few may be left after uninstall (Linux and Windows)?  It may be
> comforting to know, but it's not really important, and some cola nut was
> using it to bash Windows.

Actually, it can be important, if only for performance reasons.  The
registry has a bad habit of degrading performance as it becomes more and
more loaded, for one thing - so cruft left behind in it sucks system
performance.  For another, DLL registrations, App Paths and the like can
cause further degradation as the system hunts for things that simply
aren't there anymore.

This gets especially fun when Windows is trying to do something that
involves walking the registry tree.  I need to open file A.  It has type
B.  Which is handled by whatever belongs to CLSID C.  Which requires DLL
D.  Which doesn't exist.  Hmm.  So, just by cleaning out the registry, it
would have been obvious that the file is of an unknown type, without
having to walk the registry to find the DLL, then walk the path to try to
find the DLL.

There's a _reason_ why Win2K logo certficiation was somewhat picky about
what you were and weren't allowed to leave in the registry when your app
got uninstalled.  But not too many apps _have_ logo, do they?

begin On Thu, 17 Jun 2004 20:00:07 +0000, The Ghost In The Machine posted:

> In comp.os.linux.advocacy, DFS
> <nospam@nospam.com>
>  wrote
> on Wed, 16 Jun 2004 16:54:36 -0400
> <10d1d5atbms3fff@corp.supernews.com>:
>>
>> "Norwegian Formula" <R@bastards.com> wrote in message
>> news:40d09dfd_1@newspeer2.tds.net...
>>> DFS, after spending 3 minutes figuring out which end of the pen to use,
>> wrote:
>>>
>>>
>>> > "Rob Hughes" <rob@robhughes.com> wrote in message
>>> > news:kv6dnewFec97GVLdRVn-jg@comcast.com...
>>> >> DFS is alleged to have said in comp.os.linux.advocacy:
>>> >>
>>> >> > Sure I can.  They were all Linux-related, weren't they?
>>> >>
>>> >> No, some were for a couple different flavors of BSD. Not that I
>>> >> expect
>> you
>>> >> to understand that, given your self-admitted ignorance.
>>> >
>>> >
>>> > I do understand the difference.
>>> >
>>> > Berkeley Software Distribution predates Linux by about 10 or 15
>>> > years,
>> and
>>> > was developed primarily by Bill Joy (cofounder of Sun, and recently
>> departed
>>> > I think) at UCBerkeley.
>>> >
>>> > And it only took me 3 hours to research that on google so I could
>>> > answer
>> you!
>>
>> Give me a little more credit, Linux morons.  I was probably using Linux,
>> in 1997, before you were.
> 
> I remember my first Linux kernel as 0.99pl7 or 0.99pl12. Unfortunately,
> http://www.kernel.org/publinux/kernel/History/v0.99 seems to have slightly
> messed-up dates, although the copyright for 0.99pl7 is dated 1991 and the
> actual file dates are around 1993, once extracted.  0.99pl12 is dated
> August 15, 1993.
> 
> I can't say how long ago Norwegian Formula was using Linux, but I was at
> least experimenting with it apparently in 1993 or 1994, which is
> interesting considering I also have Windows 95 installed on one of my
> boxes -- which came out more than a year later.
> 
> I may have to look for or at my 30-diskette Slackware install kit,
> assuming it's still any good.
> 
> Anyway...you were saying?
> 
> [rest snipped]

I started trying linux late in 1995, RedHat (kernel 1.1.54 IIRC), Caldera
(which I didn't like much) & SuSE (kernel 1.1.64 i think). I eventually
settled for SuSE & have bought the bi-annual updates ever since. :)  

-- 
Printed on bottom of Tesco's Tiramisu dessert:
"Do not turn upside down."
D'OH!!

begin On Thu, 17 Jun 2004 19:25:46 +0100, spike1 posted:

> Rick <rick@none.com> did eloquently scribble:
>>> scheduler.  The Windows Scheduled Tasks feature is better.
>> 
>> How?
>> 
> Heheh, this should be a good one...
> /me sits on the edge of his seat in preparation for a side splitter.

Hmm, yes...<drawing up a chair & opening a cold beer>....now where did I
put the popcorn...

-- 
Oh, the games people play now
Every night and every day now
Never meaning what they say now
Never saying what they mean  = Joe South =

[snips]

On Thu, 17 Jun 2004 14:24:29 -0400, DFS wrote:

>>>>> Again, that's 'cause you use open source code.  And how often
>>>>> should you have to update your software, anyway?  Seems Linux
>>>>> slopware is updated almost weekly in a lot of cases.
>>>>
>>>> And weekly is bad.... why exactly?
>>>
>>> 'Cause it shows the software wasn't ready last week, and it won't be
>>> ready this week, and it won't be ready a week from now.
>>
>> So window$ wasn't ready 5 years ago, and it isn't ready now, and it
>> won't be ready 5 years from now.
> 
> I feel your pain, boy.  Several hundred million people feel otherwise, but
> it's only Linux users who don't.  What's wrong with this picture?

Snideness aside, I notice you dodged the question.  If Linux apps are bad
because they keep getting updated, aren't Windows apps *also* bad, because
they keep getting updated?  And isn't Windows *itself* also bad because it
keeps getting updated?

This, however, ignores another key point.  All software has bugs; this is
just how things are.  Linux's answer is to fix 'em fast and release 'em
fast.  Apparently, you would rather live with the bugs for months on end,
only getting updates say, twice a year.

Why?  Makes no sense to me.  I'd much rather get the updates fast.

>>> I would be very
>>> suspicious of any software updated every week, or month, etc.
>>
>> Why?
> 
> If you honestly have to ask, you wouldn't understand the answer.

See above.  You'd rather live with the bugs for months, in order to get
twice-yearly updates?  Fine - just don't update your software until then.

Personally, I'd rather get updates faster.

>> Instead of continuously and ignorantly lashing out at something you
>> don't understand, maybe you should try to learn about it.
> 
> What's to learn?  I can write open source software, and contribute to
> the "community."  In turn, I can use and learn from open source
> software. Yippee!

One thing you could learn is just exactly how flexible Linux is compared
to what you're used to now.  See the nonsense about "developer machine"
for an example of this - you're stuck in a mindset where there's a
fundamental conceptual difference between "developer machine" and "web
server".  We don't have such dichotomies, if only because Linux gives us
the flexibility to use our systems _as we see fit_.

>>>>> Wait a minute.  Sounds like you have to manually visit/touch each of
>>>>> the 100  machines?  Or am I missing something?
>>>>
>>>> you're missing cron.
>>>> the daemon that auto runs jobs at specified times of the
>>>> day/week/month/year.
>>>
>>> He said he had to edit the crontab on each machine when rolling the
>>> machines out.  Sounds like he had to do it manually.

*Once*.  At deployment.  Never again.

> Well, he says updating Windows machines is such a chore, but it sounds
> like he has to manually update his Linux machines as well.

*Once*.  At deployment.  Never again.

>> You are wrong. However, feel free to show some EULAs allowing multiple
>> installations of DOS, W3.1, W95 or W2K when only a single licensed has
>> bee legally acquired.
> 
> The EULA doesn't allow multiple installations, but I'm sure it's
> occurred.

So?  Look at the position you've argued yourself into.  That you can break
the law, pirate the software, install it illegally on as many machines as
you want - as long as you don't get caught - and you're offering this,
somehow, as an argument in relation to an OS which you can legally and
legitimately install on 1,000 machines without a problem.

> You claim Linux sales are installed on several machines, but Windows
> sales aren't?  Why do you think this?  Even MS has estimated some 25% of
> its software in use is pirated.

He's actually questioning the validity of your "market share" numbers and
the methodology of obtaining the information.  Eg suppose we polled IBM
and they had 50,000 machines, all running Windows - but only 10 licenses.
In a poll, presumably, they'd list only 10 licences.

However... the BSA would very likely be knocking on their door the next
day demanding an audit.  So chances are, IBM has very close to the correct
number of licenses.  All bought and paid for.  Easily tracked.

Now suppose someone in IBM went out and dropped a copy of Debian on the
network, and IBM's in-house people started trying it out.  They could have
50,000 seats, but all anyone outside IBM would know about would be the
single download.  And there would have been _zero_ sales.  So, which
numbers do we use?  50,000 Windows seats?  49,999 Windows seats and 1
Linux seat?  50,000 Linux seats?

You'd have to skip the sales and licensing figures entirely, for one
thing and talk to the users directly... while assuring each that no, they
won't be exposed for running "non-sanctioned software" on their machines. 
Which means you're not going to get the full picture in any case, but
it'll be closer to reality than simply counting purchased licenses, or
using similar methodologies.

>> Unless you know how the data was gathered, you cannot know how to
>> interpret it or how much the conclusion can be trusted.
> 
> If it was pro-Linux numbers, they would be part of the cola newsgroup
> FAQ.

If so, it would be wrong of the FAQ maintainers to do so.  The simple
reality is that it is almost impossible to gauge Linux usage. All we can
do, really, is look for indicators.  OS identifiers in page requests from
popular sites.  Sales of things such as RH.  Registered users of, say, the
linux counter.

Bob Hauck wrote:
> On Thu, 17 Jun 2004 15:49:59 -0400, DFS <nospam@nospam.com> wrote:
>> Bob Hauck wrote:
>>> On Thu, 17 Jun 2004 17:11:22 GMT, Rick <rick@none.com> wrote:
>>>> On Thu, 17 Jun 2004 12:05:18 -0400, DFS wrote:
>>>
>>>>>> In fact, you don't even appear to know what cron does?
>>>>>
>>>>> scheduler.  The Windows Scheduled Tasks feature is better.
>>>>
>>>> How?
>>>
>>> It reduces the potential load on the system by making it really hard
>>> to schedule a task to run more often than once a day.
>>
>> "really hard"?!?!?   LOL!
>>
>> Another Linux moron that can't figure out Windows.  Gawd, but you
>> guys are unbelievable sometimes.
>
> Ok, so I'm a moron.

If you consider using Windows Scheduled Tasks to schedule a task to run more
often than once a day "really hard" then you are indeed a moron.




> But you still haven't explained how Windows'
> scheduler is better than cron.  Perhaps you could do some actual
> advocacy instead of just name-calling.  I know it is a stretch,
> but you could try.
>
> So, how is the Windows scheduler better?  Please enlighten us.

Take a look at it with me, boy.  You ready?

See how easy it is to use?  See how the list of apps pops up when I create a
new Scheduled Task?  See the options for Idle Time and Power Management?
See the limitless execution options: run as user, add comments,
enabled/disabled, start time, stop time, daily, weekly, monthly, once, on
bootup, on logon, on idle, stop on not idle, retry for X minutes, repeat
loops, automatic task deletion after it runs once, stop if it runs for X
time, multiple schedules for the same task, etc.?

Now look at cron.  Ugh.  What a piece of crap.

Now look at Windows Scheduled Tasks - the power never ends.

Oh yeah!

begin On Thu, 17 Jun 2004 16:39:06 -0400, Bob Hauck posted:

> On Thu, 17 Jun 2004 15:49:59 -0400, DFS <nospam@nospam.com> wrote:
>> Bob Hauck wrote:
>>> On Thu, 17 Jun 2004 17:11:22 GMT, Rick <rick@none.com> wrote:
>>>> On Thu, 17 Jun 2004 12:05:18 -0400, DFS wrote:
<snip>
>> "really hard"?!?!?   LOL!
>> 
>> Another Linux moron that can't figure out Windows.  Gawd, but you guys
>> are unbelievable sometimes.
> 
> Ok, so I'm a moron.  But you still haven't explained how Windows'
> scheduler is better than cron.  Perhaps you could do some actual advocacy
> instead of just name-calling.  I know it is a stretch, but you could try.
> 
> So, how is the Windows scheduler better?  Please enlighten us.

I'd prefer him to ducktape himself to a lightening rod, then he could
*really* enlighten us.

-- 
"But you can't have everything"

William Poaster wrote:
> begin On Thu, 17 Jun 2004 19:25:46 +0100, spike1 posted:
>
>> Rick <rick@none.com> did eloquently scribble:
>>>> scheduler.  The Windows Scheduled Tasks feature is better.
>>>
>>> How?
>>>
>> Heheh, this should be a good one...
>> /me sits on the edge of his seat in preparation for a side splitter.
>
> Hmm, yes...<drawing up a chair & opening a cold beer>....now where
> did I put the popcorn...

Hope it's a free beer...

On Thu, 17 Jun 2004 15:39:44 -0700, Kelsey Bjarnason wrote:

>> I just read an exchange online the other night between two hackers
>> discussing the stolen Valve Half-Life 2 code.  They were throwing Linux
>> terms around left and right.  Now, they could have been using Unix, but
>> I doubt it.
> 
> And having stolen Half-Life 2 code is the same as releasing viruses?

It takes the same mentality to release a virus as it does
to steal code. Neither are honorable events.

-- 
[11:33:10]  Reaper  $  su NormalUser
Password:
  [11:33:10]  Reaper  $  whoami
root
  [11:33:10]  Reaper  $
**************************************************************
no entry in .passwd or .groups file for NormalUser localy. 
Now I wonder  what happens if I delete that entry for root 
from the .passwd file...?
 \etc\ #: Cheers -  T.G. Reaper
** If anybody knows for sure, give me your opinion ***********

On Thu, 17 Jun 2004 15:49:59 -0400, DFS wrote:

> Bob Hauck wrote:
>> On Thu, 17 Jun 2004 17:11:22 GMT, Rick <rick@none.com> wrote:
>>> On Thu, 17 Jun 2004 12:05:18 -0400, DFS wrote:
>>
>>>>> In fact, you don't even appear to know what cron does?
>>>>
>>>> scheduler.  The Windows Scheduled Tasks feature is better.
>>>
>>> How?
>>
>> It reduces the potential load on the system by making it really hard to
>> schedule a task to run more often than once a day.
> 
> "really hard"?!?!?   LOL!
> 
> Another Linux moron that can't figure out Windows.  Gawd, but you guys are
> unbelievable sometimes.

Answer the question I asked, if you can.

-- 
Rick

T.G.Reaper wrote:

> On Thu, 17 Jun 2004 15:39:44 -0700, Kelsey Bjarnason wrote:
> 
>>> I just read an exchange online the other night between two hackers
>>> discussing the stolen Valve Half-Life 2 code.  They were throwing Linux
>>> terms around left and right.  Now, they could have been using Unix, but
>>> I doubt it.
>> 
>> And having stolen Half-Life 2 code is the same as releasing viruses?
> 
> It takes the same mentality to release a virus as it does
> to steal code. Neither are honorable events.
> 

In other words, it was most likely windows users
Since generally linux users have a hard time "stealing" code
Windows users do it all the time
-- 
Modern man is the missing link between apes and human beings.

On Thu, 17 Jun 2004 14:24:29 -0400, DFS wrote:

> Rick wrote:
>> On Thu, 17 Jun 2004 12:36:15 -0400, DFS wrote:
>>
>>
>>> <spike1@freenet.co.uk> wrote in message
>>> news:o0qrac.mkr.ln@freenet.co.uk...
>>>> DFS <nospam@nospam.com> wrote:
>>>>> Again, that's 'cause you use open source code.  And how often should
>>>>> you have to update your software, anyway?  Seems Linux slopware is
>>>>> updated almost weekly in a lot of cases.
>>>>
>>>> And weekly is bad.... why exactly?
>>>
>>> 'Cause it shows the software wasn't ready last week, and it won't be
>>> ready this week, and it won't be ready a week from now.
>>
>> So window$ wasn't ready 5 years ago, and it isn't ready now, and it
>> won't be ready 5 years from now.
> 
> I feel your pain, boy. 

If you are addressing me, I am in no pain.

> Several hundred million people feel otherwise, 

Feel free to prove that.

> but it's only Linux users who don't.  What's wrong with this picture?

your bigoted vision is the problem.

> 
> 
> 
> 
>>> I would be very
>>> suspicious of any software updated every week, or month, etc.
>>
>> Why?
> 
> If you honestly have to ask, you wouldn't understand the answer.

Translation: You can't answer that question either.

> 
> 
> 
>> (snip)
>>>> Ah, you don't understand the free software author's mindset...
>>>> Understandable coming from you, that. Never heard of the reward of
>>>> peer review and self satisfaction of a job well done?
>>>
>>> True.  I don't understand free software.
>>
>> Finally. You make a true statement. You don't understand free software.
> 
> I've said this all along.

Then read and try to learn and stop making horrendously stupid statements.

 
>>> And peer review?  My peers don't  pay my bills; my clients do.
>>
>> What does that have to do with the fact that many people gain
>> satisfaction from peer review and from know they have done something
>> good for the community?
> 
> Again: My peers don't pay my bills; my clients do.

See conveniently forget, you weren't the center of the comments.

> 
> If peer review makes you happy, more power to you.
> 
>> Instead of continuously and ignorantly lashing out at something you
>> don't understand, maybe you should try to learn about it.
> 
> What's to learn?  I can write open source software, and contribute to the
> "community."  In turn, I can use and learn from open source software.

That's right. You can also sell that software. If it's good enough, and
you are bright enough to market it.

> Yippee!

That's right.
> 
> 
>>>>>>> It's mind-numbingly easy to use Windows update; you can schedule
>>>>>>> updates to run automatically at any time of the day or night.
>>>>>>
>>>>>> Good.  Now, this updates, say, SQL Server?  MS Office?  Visual
>>>>>> Studio? Borland's development tools?  Corel's apps?  WinAmp?  No,
>>>>>> didn't think
>>> so.
>>>>
>>>>> What does Borland have to do with MS, except to make applications
>>>>> that run on Windows?  Why do you think the OS vendor should help you
>>>>> update your
>>> 3rd
>>>>> party apps?  You're spoiled because of free software.
>>>>
>>>> What does apache or sendmail have to do with linux? You think our
>>>> distros would help us update 3rd party apps?.... um... HELL YES!
>>>
>>> Spoiled.  Cheap.  Broke.  syn: Linux user.
>>
>> Again.. your statement does not parse.
> 
> 'Cause you're using a crippled, untested, open source parser...

There you go again, making horrendously stupid comments.

>>>>>> Wake me up when Windows gets to the point Linux is at today.  I
>>>>>> figure that'll be about 2053.
>>>>
>>>>> Yet Windows expensive, proprietary server OSes have twice the market
>>>>> share of free/low cost Linux/Unix server OSes?  Sounds like a lot of
>>>>> people think Windows is already far beyond Linux, and are willing to
>>>>> pay for the privilege.
>>>>
>>>>> [insert whining about MS monopoly, MS marketing, or uneducated
>>>>> admins]
>>>>
>>>> No need, you inserted them for us, but it's true.
>>>
>>> Well there you go.  Glad to provide your excuses for you.
>>>
>>>
>>>
>>>> The PC started out soley as a microsoft DOS machine, microsoft bundled
>>>> dos with IBMs machines and then sold licenses to all the other clone
>>>> manufacturers, the rest, as they say, is history.
>>>>
>>>> It may have been a very different world we'd be living in if the bloke
>>>> from digital equipment hadn't been on his boat that fateful day.
>>>> digital equipment hadn't been on his boat that fateful day.
>>>
>>> Maybe so.
>>
>> 'The bloke from Digital Research' met with the IBM reps 'that day'. They
>> didn't wnat to license CP/M, they wanted to buy it. Gates convinced IBM
>> to license an OS m$ didn't, and then IBM priced CP/M out of competition.
> 
> Gates is a damn smart guy is what he is, and an awesome businessman; he
> started and runs a company that has 95% market share in some of its
> businesses.

And they got there and stay there by illegal, immoral and unethical means.
 
>>>>>> It is if it doesn't want to be uninstalled.  However, the issue
>>>>>> isn't removing it; it's keeping it, but in such a way that it runs
>>>>>> when _you_ want it to run, not when _it_ thinks it should.
>>>>
>>>>> I do have to wonder why the average Linux user, who claims to be (and
>>>>> might be) so technically competent, has such difficulties working
>>>>> with Windows.
>>>>
>>>> How about someone who IS competent at working with windows and STILL
>>>> can't get rid of the most stubborn spyware? For I know such a man.
>>>>
>>>> Oh, he got rid in the end, but it took him 5 times longer than it
>>>> should've.
>>>
>>> That's why it's called spyware.
>>
>> ... so much for answering his question.
> 
> He didn't have a question.

No? ...
"How about someone who IS competent at working with windows and STILL
can't get rid of the most stubborn spyware?"
.... isn't a question?
 
>>>>>>> OK.  Very well put, I must say.  I can't and won't argue, except to
>>>>>>> say keeping Windows secured isn't nearly as difficult as you make
>>>>>>> it sound.
>>>>>>>
>>>>>>> I don't do much network admin for Windows (none for Linux)
>>>>>>
>>>>>> I do both.  Windows is a nightmare.  Even worse is when you have to
>>>>>> keep, say, 100 machines up to date.
>>>>>>
>>>>>> Here's an example.  Suppose I want to maintain 100 Win2K machines. 
>>>>>> I have one which I use as a testbed, to ensure that patches, etc,
>>>>>> don't break anything.  Now that I've tested them all... how do I
>>>>>> roll them out, automatically, to every system on the network? 
>>>>>> Invisibly? Without
>>> user
>>>>>> interaction?  Without interfering with their work by, say, forcing
>>>>>> reboots?
>>>>
>>>>> I would think there's an easy way for a Windows network admin to
>>>>> distribute updates to all machines in a domain.  If I find out so,
>>>>> I'll be back to tell you.

>>>>>> With Linux, it's easy.  I can either do it, say, 10 at a time
>>>>>> manually using tools such as screen, or I can write a little script,
>>>>>> applied to each machine once, which subsequently looks at a
>>>>>> specified network share point and, if there's any packages
>>>>>>  there, applies them.  How?  Well, let's
>>>>>> see.  First, for each machine, I define a new package repository -
>>>>>> trivially easy.  The cron job now does our usual set of things:
>>>>>>
>>>>>>   urpmi.update -a && urpmi --auto-select
>>>>>>
>>>>>> Voila.  Done.  Drop that into a crontab on each machine, once, when
>>>>>> rolling the machines out,
>>>>
>>>>> Wait a minute.  Sounds like you have to manually visit/touch each of
>>>>> the 100  machines?  Or am I missing something?
>>>>
>>>> you're missing cron.
>>>> the daemon that auto runs jobs at specified times of the
>>>> day/week/month/year.
>>>
>>> He said he had to edit the crontab on each machine when rolling the
>>> machines out.  Sounds like he had to do it manually.
>>
>> Your point?
> 
> Well, he says updating Windows machines is such a chore, but it sounds
> like he has to manually update his Linux machines as well.

Machines can be remotely batch administered.


>>>> All he has to do is put tested patches and updates into a specific
>>>> directory on a shared filesystem, the cronjob on the other machines
>>>> does the rest.
>>>>
>>>>>> and from that point on, they will automatically update themselves.
>>>>>> With tested updates only.  Unobtrusively.  The
>>> user's
>>>>>> total knowledge of the process occurring at all is, generally
>>>>>> speaking, noticing that when they run application X, it's a new
>>>>>> version.
>>>>>>
>>>>>> Yes, there always the potential for problems - in both systems.
>>>>>> Difference is, Linux makes it easy to do the parts that *should* be
>>>>>> easy. Windows doesn't.  So doing this in Linux leaves you that much
>>>>>> more time
>>> to
>>>>>> spend fixing the problems, rather than fighting the system.
>>>>
>>>>> Yet with all these supposed Linux advantages, including low or no
>>>>> cost,
>>> they
>>>>> have just one-third the server OS market share of  MS?  (Wired Mag,
>>>>> June
>>> 04,
>>>>> pg.154, source: IDC)
>>>>
>>>> More IDC bullshit,I see...
>>>
>>> LOL!  You Linux morons do live in an alternate world.  If the big boys
>>> of the market research world don't support your fantasies, you dismiss
>>> them. If every study ever done indicates Linux has 3% of the desktop
>>> installations, you dismiss it and claim 16%.  Because it just IS!
>>
>> How did IDC arrive at their installation numbers? Did they do some
>> statistically valid pole of server admins? Did they look at connection
>> logs? Did they look at retail/wholesale sales figures?
> 
> pole = poll
> 
> I don't know their survey methodologies.

Then you don't how reliable the data is or if the data supports the
conclusions.

 
>>>> You don't get it do you? With windows, you buy one windows disk, you
>>>> can install it (legally) on one single machine. That counts as one
>>>> sale.
>>>
>>> What are you talking about?  I've installed Win2000 on several
>>> machines. Before WinXP, there were no restrictions on installations.
>>> And even with WinXP, there are activation hacks.  So who knows how many
>>> copies of WinXP are sold once, but used multiple times.
>>
>> There have always been restrictions on installations of m$ OSs. One
>> license, one install has been the norm. Ask the owner of Ernie Ball.
>> They weren't using XP.
> 
> I meant physical/electronic restrictions, of course, such as hardware
> activation.  The EULA allows one copy of Windows to be installed on one
> machine.

You should have been more clear.

 
>>>> You buy a linux boxed set. You can install it in an entire server
>>>> farm, one disk all machines... You could even do it over the network
>>>> so they'd all install at once. (Try that with windows)
>>>
>>>
>>>> That counts as one sale.
>>>
>>> I know, I know - every Linux sale ever made is copied to multiple
>>> machines. This is the ONLY claim you guys can make that supports Linux
>>> as 16% of the desktop installations.  But it's bogus because the same
>>> can be said about Windows until XP, and even now there are plenty of
>>> people using activation hacks to get past that limitation.
>>
>> You are wrong. However, feel free to show some EULAs allowing multiple
>> installations of DOS, W3.1, W95 or W2K when only a single licensed has
>> bee legally acquired.
> 
> The EULA doesn't allow multiple installations, but I'm sure it's occurred.

And I am sure that each copy of m$'s has not been installed nearly as many
times as copies of Linux distros are installed. In fact, many distros
encourage users to copy and distribute the CDs.

> 
> You claim Linux sales are installed on several machines, but Windows sales
> aren't?  Why do you think this?  Even MS has estimated some 25% of its
> software in use is pirated.
> 

I claim that Linux is multi-installed far more often than Linux. And that
is why 'Linux marketshare' is so hard to hard to pin down.


>>>> Of course, how does one measure it if even that single CD used to
>>>> install that server farm was copied off a friend? Or downloaded off
>>>> the net?
>>>>
>>>> IDC doesn't have the means to measure the use of linux in the server
>>>> OR desktop market because they have no means of counting the number of
>>>> installs. And random questionnaires won't cut it.
>>>
>>> I don't know what their statistical methodologies are, but I trust them
>>> a heck of a lot more than you cola nuts.
>>
>> Unless you know how the data was gathered, you cannot know how to
>> interpret it or how much the conclusion can be trusted.
> 
> If it was pro-Linux numbers, they would be part of the cola newsgroup FAQ.

Thank You for agreeing with me in that
unless you know how the data was gathered, you cannot know how to
interpret it or how much the conclusion can be trusted.
 
>>>> Oh, they might be able to randomly sample webserver to see what
>>>> they're running, but that only counts machines facing the internet,
>>>> not the machines
>>>> behind the firewall on the private net.
>>>
>>> You don't know what they can or cannot count.
>>
>> You may now show all the ways it is possible to count firewalled and
>> masked machines.
> 
> Well, the people that setup the firewalled and masked machines count them
> for IDC, and report their numbers.  Why is this so difficult for you to
> understand?

you may now explain how all those machines are counted.
-- 
Rick

DFS, after spending 3 minutes figuring out which end of the pen to use, wrote:

> J. P. Morgan wrote:
>> DFS wrote:
>>
>>
>>> Give me a little more credit, Linux morons.  I was probably using
>>> Linux, in 1997, before you were.
>>
>> Sure you were, Napoleon.
> 
> 
> I understand, Huckleberry.

  Clues sold dirt cheap over there, you idiot ---->

>  You're embarrassed a "Windoze" user is beating
> up on cola morons,

  Embarrassing yourself with your constant posts of idiocy and lack of reading
comprehension is *not* how one goes about "beating up" on anyone or anything,
you imbecile.

> and on top of that was hacking around in Linux way before
> you were - way back when it was easy to fry the monitor if I set the refresh
> rate wrong.

  Interpretation: I lie, I'm obtuse, and have absolutely no reading
comprehension skills, and I can out-research Zippy the Pinhead, but I expect
everyone to believe me when I say something.
-- 
Linux 2.4.20-4GB-athlon
  7:13pm  up 6 days 22:37,  2 users,  load average: 0.00, 0.00, 0.00

On Thu, 17 Jun 2004 19:04:29 -0400, DFS <nospam@nospam.com> wrote:
> Bob Hauck wrote:
>> On Thu, 17 Jun 2004 15:49:59 -0400, DFS <nospam@nospam.com> wrote:
>>> Bob Hauck wrote:
>>>> On Thu, 17 Jun 2004 17:11:22 GMT, Rick <rick@none.com> wrote:
>>>>> On Thu, 17 Jun 2004 12:05:18 -0400, DFS wrote:
>>>>
>>>>>>> In fact, you don't even appear to know what cron does?
>>>>>>
>>>>>> scheduler.  The Windows Scheduled Tasks feature is better.
>>>>>
>>>>> How?
>>>>
>>>> It reduces the potential load on the system by making it really hard
>>>> to schedule a task to run more often than once a day.
>>>
>>> "really hard"?!?!?   LOL!
>>>
>>> Another Linux moron that can't figure out Windows.  Gawd, but you
>>> guys are unbelievable sometimes.
>>
>> Ok, so I'm a moron.
>
> If you consider using Windows Scheduled Tasks to schedule a task to run more
> often than once a day "really hard" then you are indeed a moron.

Once upon a time it did not have all the options it has in XP.  So I
didn't check to see what the changes were.  Sue me.


>> So, how is the Windows scheduler better?  Please enlighten us.
>
> Take a look at it with me, boy.  You ready?
>
> See how easy it is to use?  

KDE includes a GUI for cron.  It is pretty easy to use. 


> See how the list of apps pops up when I create a new Scheduled Task?

I can't remember the last time I ran OOo Writer or Acroread from cron.
Normally I run scripts or simple command sequences.  Do batch files show
up in the task scheduler list, or do I have to browse for them?  Yeah, I
thought so.  Just like kcron then.


> See the options for Idle Time and Power Management?

Yes, that's nice.  There are cron's for Unix that do that, but it isn't
standard on my distro so I'd have to script that.


> See the limitless execution options: run as user, add comments,
> enabled/disabled, start time, stop time, daily, weekly, monthly, once,
> on bootup, on logon, on idle, stop on not idle, retry for X minutes,
> repeat loops, automatic task deletion after it runs once, stop if it
> runs for X time, multiple schedules for the same task, etc.?

Some of those things (e.g. "run on logon", "run once") are not handled
by cron under Unix, but they can be done easily enough.  The "at"
command or ktimer does "run once".  The startup folder does "run on
login".  Obviously, cron can do daily, weekly, monthly, start, stop,
multiple schedules.

Delete after X times I'd have to script.  Can't say I've ever needed it
but I guess it's a feature that cron doesn't have.


> Now look at cron.  Ugh.  What a piece of crap.

Yes, and it only took Windows 20 years to catch up.

Tell me, how do I get the output from a scheduled task?  Cron can email
it to me.  That's a nice way to get notified of problems.  I consider it
a more important feature than "delete after x times".

I'm still waiting for the vast superiority I was promised.  It looks to
me as if the Scheduler has finally caught up and maybe added some geegaws 
but is fundamentally not that much different than current cron versions.  

Which stands to reason, as there are only so many features tha make sense 
in a scheduler.


-- 
 -| Bob Hauck
 -| To Whom You Are Speaking
 -| http://www.haucks.org/

In comp.os.linux.advocacy, Rick
<rick@none.com>
 wrote
on Thu, 17 Jun 2004 17:33:35 GMT
<pan.2004.06.17.17.33.31.542727@none.com>:
> On Thu, 17 Jun 2004 12:36:15 -0400, DFS wrote:
>
>> 
>> <spike1@freenet.co.uk> wrote in message
>> news:o0qrac.mkr.ln@freenet.co.uk...
>>> DFS <nospam@nospam.com> wrote:
>>> > Again, that's 'cause you use open source code.  And how often should
>>> > you have to update your software, anyway?  Seems Linux slopware is
>>> > updated almost weekly in a lot of cases.
>>>
>>> And weekly is bad.... why exactly?
>> 
>> 'Cause it shows the software wasn't ready last week, and it won't be ready
>> this week, and it won't be ready a week from now. 
>
> So window$ wasn't ready 5 years ago, and it isn't ready now, and it won't
> be ready 5 years from now.

Windows was ready in 1985.  For what, I for one have
no idea -- but it's clear someone out there bought it;
otherwise Microsoft wouldn't have $50B in cash now.

Certainly I went out and bought a copy of Win95 in 1995.
It's the last copy of Windows I've explicitly gone and
bought -- and I would think the last copy of Windows
I've bought, period (the last few machines I have didn't
have licenses for me -- I bought them from my employer --
and my previously-owned Athlon had Win98 on it -- but I
"abandoned" it, saving $25 in the process!).

I also have at least one Win3.1 diskette install set.

>
>> I would be very
>> suspicious of any software updated every week, or month, etc.
>
> Why?

Why indeed?  Of course one can't have it both ways; if there
are bugs in the software and they're patched quickly one
can't complain about the instability! :-)

>
> (snip)
>>> Ah, you don't understand the free software author's mindset...
>>> Understandable coming from you, that. Never heard of the reward of peer
>>> review and self satisfaction of a job well done?
>> 
>> True.  I don't understand free software.
>
> Finally. You make a true statement. You don't understand free software.

I don't think his understanding of the regs in COLA is
all that hot either. :-)

>
>> And peer review?  My peers don't  pay my bills; my clients do.
>
> What does that have to do with the fact that many people gain satisfaction
> from peer review and from know they have done something good for the
> community?
>
> Instead of continuously and ignorantly lashing out at something you don't
> understand, maybe you should try to learn about it.

A little knowledge is a dangerous thing. :-)  In DFS's case he'd
probably fall in the well, but at least that way he'd be able to
drink deep -- although with our luck he'd foul the well as well.  (Yuck.)

>  
>>> >> > It's mind-numbingly easy to use Windows update; you can schedule
>> updates
>>> >> > to run automatically at any time of the day or night.
>>> >>
>>> >> Good.  Now, this updates, say, SQL Server?  MS Office?  Visual
>>> >> Studio? Borland's development tools?  Corel's apps?  WinAmp?  No,
>>> >> didn't think
>> so.
>>>
>>> > What does Borland have to do with MS, except to make applications that
>> run
>>> > on Windows?  Why do you think the OS vendor should help you update
>>> > your
>> 3rd
>>> > party apps?  You're spoiled because of free software.
>>>
>>> What does apache or sendmail have to do with linux? You think our
>>> distros would help us update 3rd party apps?.... um... HELL YES!
>> 
>> Spoiled.  Cheap.  Broke.  syn: Linux user.
>
> Again.. your statement does not parse.

Parses for me, although one has to stretch English a bit. :-)

Spoiled:  Yes, I'm spoiled by Linux.  I expect it to work, predictably,
usably, straightforwardly.  Config files with nice documentation
are de rigeur.  Repeatable behavior is the norm.  If something's
borked it will stay borked until I go in there and fix it (or
the sysadmin does so -- but on my machines that's me :-) ).
But it won't afterwards break on its own after I've fixed it,
absent a hardware problem.

Cheap: The jury's out on this one, although from an initial
acquisition standpoint Linux is the winner -- although one
might make a strange case that Windows is also free, as the
cost is absorbed in the machine purchase, either by the
purchaser (again, me), or by the poor manufacturer stuck with a
contract.  (Only the naive would buy that argument.)  Of
course there may be a payment expected for Linux, if one's good
enough: contribute something back to OSS, or at least make a donation.

Broke: Well, I'm not broke yet.

>
>  
>>> >> Wake me up when Windows gets to the point Linux is at today.  I
>>> >> figure that'll be about 2053.
>>>
>>> > Yet Windows expensive, proprietary server OSes have twice the market
>> share
>>> > of free/low cost Linux/Unix server OSes?  Sounds like a lot of people
>> think
>>> > Windows is already far beyond Linux, and are willing to pay for the
>>> > privilege.
>>>
>>> > [insert whining about MS monopoly, MS marketing, or uneducated admins]
>>>
>>> No need, you inserted them for us, but it's true.
>> 
>> Well there you go.  Glad to provide your excuses for you.
>> 
>> 
>> 
>>> The PC started out soley as a microsoft DOS machine, microsoft bundled
>>> dos with IBMs machines and then sold licenses to all the other clone
>>> manufacturers, the rest, as they say, is history.
>>>
>>> It may have been a very different world we'd be living in if the bloke
>>> from digital equipment hadn't been on his boat that fateful day.
>>> digital equipment hadn't been on his boat that fateful day.
>> 
>> Maybe so.
>
> 'The bloke from Digital Research' met with the IBM reps 'that day'. They
> didn't wnat to license CP/M, they wanted to buy it. Gates convinced IBM to
> license an OS m$ didn't, and then IBM priced CP/M out of competition.

Erm, didn't what?  Didn't have?  IIRC Gates then went to buy QDOS,
presumably in a bit of a hurry so that he could turn around and
license it back to IBM.  An interesting business deal, and it worked.

>
>
>>> >> It is if it doesn't want to be uninstalled.  However, the issue isn't
>>> >> removing it; it's keeping it, but in such a way that it runs when
>>> >> _you_ want it to run, not when _it_ thinks it should.
>>>
>>> > I do have to wonder why the average Linux user, who claims to be (and
>> might
>>> > be) so technically competent, has such difficulties working with
>> Windows.
>>>
>>> How about someone who IS competent at working with windows and STILL
>>> can't get rid of the most stubborn spyware? For I know such a man.
>>>
>>> Oh, he got rid in the end, but it took him 5 times longer than it
>>> should've.
>> 
>> That's why it's called spyware.
>
> ... so much for answering his question.

Indeed; in any event it's not called spyware because someone can't
get rid of it; it's called spyware because it spies on people.
Otherwise it would just be called "can'tgetridofitware" or maybe
"glueware". :-)

>
>
>>> >> > OK.  Very well put, I must say.  I can't and won't argue, except to
>> say
>>> >> > keeping Windows secured isn't nearly as difficult as you make it
>> sound.
>>> >> >
>>> >> > I don't do much network admin for Windows (none for Linux)
>>> >>
>>> >> I do both.  Windows is a nightmare.  Even worse is when you have to
>> keep,
>>> >> say, 100 machines up to date.
>>> >>
>>> >> Here's an example.  Suppose I want to maintain 100 Win2K machines.  I
>> have
>>> >> one which I use as a testbed, to ensure that patches, etc, don't
>>> >> break anything.  Now that I've tested them all... how do I roll them
>>> >> out, automatically, to every system on the network?  Invisibly? 
>>> >> Without
>> user
>>> >> interaction?  Without interfering with their work by, say, forcing
>>> > reboots?
>>>
>>> > I would think there's an easy way for a Windows network admin to
>> distribute
>>> > updates to all machines in a domain.  If I find out so, I'll be back
>>> > to
>> tell
>>> > you.
>>>
>>>
>>>
>>>
>>> >> With Linux, it's easy.  I can either do it, say, 10 at a time
>>> >> manually using tools such as screen, or I can write a little script,
>>> >> applied to each machine once, which subsequently looks at a specified
>>> >> network share point and, if there's any packages there, applies
>>> >>  them.  How?  Well, let's
>>> >> see.  First, for each machine, I define a new package repository -
>>> >> trivially easy.  The cron job now does our usual set of things:
>>> >>
>>> >>   urpmi.update -a && urpmi --auto-select
>>> >>
>>> >> Voila.  Done.  Drop that into a crontab on each machine, once, when
>>> >> rolling the machines out,
>>>
>>> > Wait a minute.  Sounds like you have to manually visit/touch each of
>>> > the 100  machines?  Or am I missing something?
>>>
>>> you're missing cron.
>>> the daemon that auto runs jobs at specified times of the
>>> day/week/month/year.
>> 
>> He said he had to edit the crontab on each machine when rolling the
>> machines out.  Sounds like he had to do it manually.
>
> Your point?
>

Oh, the absolute horror, having to use a text editor to edit a text file!

>  
>>> All he has to do is put tested patches and updates into a specific
>> directory
>>> on a shared filesystem, the cronjob on the other machines does the rest.
>>>
>>> >> and from that point on, they will automatically update themselves. 
>>> >> With tested updates only.  Unobtrusively.  The
>> user's
>>> >> total knowledge of the process occurring at all is, generally
>>> >> speaking, noticing that when they run application X, it's a new
>>> >> version.
>>> >>
>>> >> Yes, there always the potential for problems - in both systems.
>>> >> Difference is, Linux makes it easy to do the parts that *should* be
>> easy.
>>> >> Windows doesn't.  So doing this in Linux leaves you that much more
>>> >> time
>> to
>>> >> spend fixing the problems, rather than fighting the system.
>>>
>>> > Yet with all these supposed Linux advantages, including low or no
>>> > cost,
>> they
>>> > have just one-third the server OS market share of  MS?  (Wired Mag,
>>> > June
>> 04,
>>> > pg.154, source: IDC)
>>>
>>> More IDC bullshit,I see...
>> 
>> LOL!  You Linux morons do live in an alternate world.  If the big boys of
>> the market research world don't support your fantasies, you dismiss them.
>> If every study ever done indicates Linux has 3% of the desktop
>> installations, you dismiss it and claim 16%.  Because it just IS!
>
> How did IDC arrive at their installation numbers? Did they do some
> statistically valid pole of server admins? Did they look at connection
> logs? Did they look at retail/wholesale sales figures?
>
>> 
>> 
>> 
>>> You don't get it do you? With windows, you buy one windows disk, you can
>>> install it (legally) on one single machine. That counts as one sale.
>> 
>> What are you talking about?  I've installed Win2000 on several machines.
>> Before WinXP, there were no restrictions on installations.  And even with
>> WinXP, there are activation hacks.  So who knows how many copies of WinXP
>> are sold once, but used multiple times.
>
> There have always been restrictions on installations of m$ OSs. One
> license, one install has been the norm. Ask the owner of Ernie Ball. They
> weren't using XP.
>

And then there's that 10 connection limitation of NT Workstation.
That was fun, too. :-)

>> 
>> 
>> 
>>> You buy a linux boxed set. You can install it in an entire server farm,
>> one
>>> disk all machines... You could even do it over the network so they'd all
>>> install at once. (Try that with windows)
>> 
>> 
>>> That counts as one sale.
>> 
>> I know, I know - every Linux sale ever made is copied to multiple
>> machines. This is the ONLY claim you guys can make that supports Linux as
>> 16% of the desktop installations.  But it's bogus because the same can be
>> said about Windows until XP, and even now there are plenty of people using
>> activation hacks to get past that limitation.
>
> You are wrong. However, feel free to show some EULAs allowing multiple
> installations of DOS, W3.1, W95 or W2K when only a single licensed has bee
> legally acquired.

Enterprise license systems might handle that nicely
enough -- but I can't say those are purchasable in stores.
I'd be surprised if they're available in stores.

>
>
>>> Of course, how does one measure it if even that single CD used to
>>> install that server farm was copied off a friend? Or downloaded off the
>>> net?
>>>
>>> IDC doesn't have the means to measure the use of linux in the server OR
>>> desktop market because they have no means of counting the number of
>>> installs. And random questionnaires won't cut it.
>> 
>> I don't know what their statistical methodologies are, but I trust them a
>> heck of a lot more than you cola nuts.
>
> Unless you know how the data was gathered, you cannot know how to
> interpret it or how much the conclusion can be trusted.
>
>> 
>> 
>> 
>>> Oh, they might be able to randomly sample webserver to see what they're
>>> running, but that only counts machines facing the internet, not the
>>> machines
>>> behind the firewall on the private net.
>> 
>> You don't know what they can or cannot count.
>
> You may now show all the ways it is possible to count firewalled and
> masked machines.

With Windows, that's easy -- if it needs to phone through
the firewall, which has to be left open (otherwise Windows
shuts down after 30 days).  I would hope that's not the
case, admittedly -- and of course Windows' numbers are
probably based on sales figures anyway, not on actual
usage figures.  If one purchases Windows and then puts
it on the shelf and it just gathers dust -- it counts.
Then again, enterprise licensing throws a few wrenches
in the counts again; presumably these are good for, say,
100 licenses -- but I could easily see businesses buying
more licenses than they absolutely need right now in
order to forestall problems if they want to grow later.
One might call that "just in case" logic.

(I had to purchase 3 boxes at one point for my Amigas,
in order to network them together.  I've now got three
copies of the TCP/IP software.  Woo.)

-- 
#191, ewill3@earthlink.net
It's still legal to go .sigless.

Kelsey Bjarnason wrote:
> [snips]
>
> On Thu, 17 Jun 2004 14:24:29 -0400, DFS wrote:
>
>>>>>> Again, that's 'cause you use open source code.  And how often
>>>>>> should you have to update your software, anyway?  Seems Linux
>>>>>> slopware is updated almost weekly in a lot of cases.
>>>>>
>>>>> And weekly is bad.... why exactly?
>>>>
>>>> 'Cause it shows the software wasn't ready last week, and it won't
>>>> be ready this week, and it won't be ready a week from now.
>>>
>>> So window$ wasn't ready 5 years ago, and it isn't ready now, and it
>>> won't be ready 5 years from now.
>>
>> I feel your pain, boy.  Several hundred million people feel
>> otherwise, but it's only Linux users who don't.  What's wrong with
>> this picture?
>
> Snideness aside, I notice you dodged the question.

He wasn't asking a question.  He was making a snide comment about Windows.

> If Linux apps are
> bad because they keep getting updated, aren't Windows apps *also*
> bad, because they keep getting updated?  And isn't Windows *itself*
> also bad because it keeps getting updated?

Windows security is bad, no doubt about that.  But MS'  Windows apps such as
Office and SQL Server are masterpieces, and they're very infrequently
updated because they're already so good.

But don't you feel odd getting Linux application updates every month, or
however often?  To me it's an indication the developer isn't comfortable
with the application.



> This, however, ignores another key point.  All software has bugs;
> this is just how things are.  Linux's answer is to fix 'em fast and
> release 'em fast.  Apparently, you would rather live with the bugs
> for months on end, only getting updates say, twice a year.
>
> Why?  Makes no sense to me.  I'd much rather get the updates fast.

More power to you.  Makes me wonder about the software.


>>>> I would be very
>>>> suspicious of any software updated every week, or month, etc.
>>>
>>> Why?
>>
>> If you honestly have to ask, you wouldn't understand the answer.
>
> See above.  You'd rather live with the bugs for months, in order to
> get twice-yearly updates?  Fine - just don't update your software
> until then.
>
> Personally, I'd rather get updates faster.

More power to you.  Makes me wonder about the software.



>>> Instead of continuously and ignorantly lashing out at something you
>>> don't understand, maybe you should try to learn about it.
>>
>> What's to learn?  I can write open source software, and contribute to
>> the "community."  In turn, I can use and learn from open source
>> software. Yippee!
>
> One thing you could learn is just exactly how flexible Linux is
> compared to what you're used to now.

I've been threatening to install a fresh Linux distribution soon, and I
will.  I got Mandrake 9.2 with a Linux Format Handbook.



> See the nonsense about
> "developer machine" for an example of this - you're stuck in a
> mindset where there's a fundamental conceptual difference between
> "developer machine" and "web server".  We don't have such
> dichotomies, if only because Linux gives us the flexibility to use
> our systems _as we see fit_.

You're assuming things about me that aren't in evidence.  I used "developer
machine" because I figured that would be most relevant to me and to you
Linux techies.  If I had used "web server machine" in my example I would
have loaded it with different software.

And you _still_ refuse to answer.



>>>>>> Wait a minute.  Sounds like you have to manually visit/touch
>>>>>> each of the 100  machines?  Or am I missing something?
>>>>>
>>>>> you're missing cron.
>>>>> the daemon that auto runs jobs at specified times of the
>>>>> day/week/month/year.
>>>>
>>>> He said he had to edit the crontab on each machine when rolling the
>>>> machines out.  Sounds like he had to do it manually.
>
> *Once*.  At deployment.  Never again.

OK.


>> Well, he says updating Windows machines is such a chore, but it
>> sounds like he has to manually update his Linux machines as well.
>
> *Once*.  At deployment.  Never again.

OK.


>>> You are wrong. However, feel free to show some EULAs allowing
>>> multiple installations of DOS, W3.1, W95 or W2K when only a single
>>> licensed has bee legally acquired.
>>
>> The EULA doesn't allow multiple installations, but I'm sure it's
>> occurred.
>
> So?  Look at the position you've argued yourself into.  That you can
> break the law, pirate the software, install it illegally on as many
> machines as you want - as long as you don't get caught - and you're
> offering this, somehow, as an argument in relation to an OS which you
> can legally and legitimately install on 1,000 machines without a
> problem.

We were talking about counting installations.  He says you can't base Linux
installations on sales because one sale of Linux is usually installed on
multiple machines.  I think the same applies to Windows, but to a lesser
degree.


>> You claim Linux sales are installed on several machines, but Windows
>> sales aren't?  Why do you think this?  Even MS has estimated some
>> 25% of its software in use is pirated.
>
> He's actually questioning the validity of your "market share" numbers
> and the methodology of obtaining the information.  Eg suppose we
> polled IBM and they had 50,000 machines, all running Windows - but
> only 10 licenses. In a poll, presumably, they'd list only 10 licences.

Sure, IF they asked about licenses.  If they asked about installations, IBM
would answer differently (though the numbers should be close to each other).



> However... the BSA would very likely be knocking on their door the
> next day demanding an audit.  So chances are, IBM has very close to
> the correct number of licenses.  All bought and paid for.  Easily
> tracked.
>
> Now suppose someone in IBM went out and dropped a copy of Debian on
> the network, and IBM's in-house people started trying it out.  They
> could have 50,000 seats, but all anyone outside IBM would know about
> would be the single download.  And there would have been _zero_
> sales.  So, which numbers do we use?  50,000 Windows seats?  49,999
> Windows seats and 1 Linux seat?  50,000 Linux seats?
>
> You'd have to skip the sales and licensing figures entirely, for one
> thing and talk to the users directly... while assuring each that no,
> they won't be exposed for running "non-sanctioned software" on their
> machines. Which means you're not going to get the full picture in any
> case, but it'll be closer to reality than simply counting purchased
> licenses, or using similar methodologies.

Yes.  And I assume IDC talks to the users/managers directly.



>>> Unless you know how the data was gathered, you cannot know how to
>>> interpret it or how much the conclusion can be trusted.
>>
>> If it was pro-Linux numbers, they would be part of the cola newsgroup
>> FAQ.
>
> If so, it would be wrong of the FAQ maintainers to do so.  The simple
> reality is that it is almost impossible to gauge Linux usage.

Yes.  Because of licensing it is probably easier to estimate Windows usage.


> All we
> can do, really, is look for indicators.  OS identifiers in page
> requests from popular sites.  Sales of things such as RH.  Registered
> users of, say, the linux counter.

# of cola nuts...

Kelsey Bjarnason wrote:
> [snips]
>
> On Thu, 17 Jun 2004 13:52:22 -0400, DFS wrote:
>
>>> I doubt strongly that it's installations. After all, how would they
>>> know how many Linux boxes are installed? there's no licencing to
>>> track, counting sales slips is pointless, as you can install it on
>>> numerous machines from a single CD source.
>>
>> Use your common sense, boy.
>>
>> Mine tells me they do phone and print surveys of CTO and IT
>> managers, asking how many Windows and Linux/Unix server
>> installations are running in their organizations
>
> This is actually a really poor metric.

Besides asking IT people flat out what architectures they use, and how they
use them, and how many are installed, I can't imagine how a reasonably
accurate estimate can be obtained.



> Consider.  I'm a home user.  How much effort is there in converting
> over to Linux?  Or even to a new version of Windows?  Not a hell of a
> lot; I have one machine (generally) to cope with, one hardware
> configuration, one system to patch, maintain and update, one person
> to train.
>
> Now consider I'm the IT geek for a company with 1,000 machines.  I may
> have 100 different hardware configurations.  Different user
> configurations.  Different application sets to install.  Pluse 1,000
> users to retrain.  Not to mention documents, databases, whatever,
> which might need to be converted, codebases which need to be
> rewritten, etc.
>
> The home system I can convert in a day.  The enterprise-wide rollout
> would be lucky to happen in a year.  Hell, some places evaluate
> _service packs_ for as much as 6 months; how long do you think they'd
> spend evaluating an entirely new version of Windows?  How much longer
> to evaluate a completely different OS entirely?  Two years?  Three?
>
> This, of course, assumes they have a reason to convert in the first
> place. For example, a company currently running on Win2K probably has
> little reason to migrate to XP and 2K3; 2K is still supported, very
> likely does what they need and isn't going to cost them a penny in
> upgrading, as they're already using it.
>
> When they face the choice of effectively _having to_ upgrade or
> migrate, presumably because 2K isn't supported anymore, then they'll
> have a serious decision to make.
>
> Despite Linux being something like a decade old, it really - IMO at
> least - really became usable to people other than diehards only about
> two years ago - by which time most companies seriously considering
> upgrading to Win2K had long since had beta releases and RCs to play
> with, and even had the full release for a year or more.
>
> The real crunch for Windows is going to be when 2K goes out of
> support. Mind you, even before then, Windows still faces serious
> challenges, as evidenced by the people and organizations who are
> migrating to, or at least evaluating, Linux already.
>
> Of course, MS can hurry this process along, by rolling out ever more
> invasive technologies, licenses and the like.

You're very wordy.  Are you sure your Linux system is locked down and
secure?



>>> often, yes. MS-Windows used to come configured with a rather high
>>> MTU setting, suitable for LAN work, but a poor setting for dialup.
>>
>> heh... right.
>
> Even in LANs.  I regularly toss largish files about across my LAN.
> If I do this Linux-to-Linux, using Samba shares, my hub - which has a
> "load" light, indicating how heavily used it is - reaches
> considerably higher levels than if I'm copying Linux-to-Windows,
> Windows-to-Linux, or Windows-to-Windows.  Copies also generally take
> less time, supporting the notion that this isn't simply
> packet-storming overhead or some such.
>
> The difference, frankly, isn't all that great.  Nothing I'd lose sleep
> over.




>>> So no, you don't have any evidence, you were just spouting off, and
>>> as usual, when called on it, resort to simple name calling.
>>
>> Good God.  When I go out there and point you to multiple hacker sites
>> where they gush on Linux, you'll just say they're not
>> "representative of Linux users."  or "prove they wrote the viruses"
>> etc.  What a joke.
>
> Well, you did, apparently, claim it was *Linux* people releasing the
> viruses.

Not all the viruses, just some of them.



> Simply pointing to some site where they're pro-Linux and
> anti-Windows doesn't demonstrate that they wrote or released any
> viruses; just that they're pro-Linux and anti-Windows.  "Gushing on
> Linux" does not isntantly equate to "releasing viruses".

They weren't necessarily anti-Win/pro-Linux.  They were pro-theft of
Half-Life 2 code.


> It's your claim, *you* get to back it up.

Read my quote again: "Somewhere out there many Linux morons are giggling
about the Win32 viruses they released."



>> I just read an exchange online the other night between two hackers
>> discussing the stolen Valve Half-Life 2 code.  They were throwing
>> Linux terms around left and right.  Now, they could have been using
>> Unix, but
>> I doubt it.
>
> And having stolen Half-Life 2 code is the same as releasing viruses?

It's worse.



>> It doesn't reflect poorly on Linux, anyway, but I guarantee many
>> Windows viruses are written by MS-hating Linux morons.
>
> And your support for this would be what, exactly?

My guarantee  (it's a recursive form of support).



> Of course, what's sort of funny is the underlying concept you're
> missing here: that it is *worth it* to write viruses for Windows, or,
> for that matter, that it's even *possible* to do so.

I'm not missing anything.  They write viruses to do the most damage; Windows
is by far the most common platform, and the most likely to have security
holes because of the sheer numbers of "average" people using it.



> If I want to write a virus for Linux, the first thing I have to
> figure out is how to deploy the damned thing.  A vulnerability in
> KMail?  Possibly - but what of the people who use Evolution?  Or
> mutt?  Or Sylpheed?  Okay, so we make it for a vulnerability in
> Konqueror.  Except for the people who use Mozilla, or Opera, or lynx,
> or something else.
>
> Okay, fine, so I manage to find a deployment mechanism which - if I'm
> lucky - might affect as many as half of Linux users.  In theory.
> Except I still face a couple of issues.
>
> One is, not every Linux user uses x86s.  So my virus will have to be
> platform-neutral scripting.  Which means the system not only has to
> have the vulnerable application, it _also_ has to have the relevant
> scripting enabled.
>
> Then I have to make it past tripwire and the like.  All without the
> user ever noticing.
>
> So, fine, you manage this.  You now have successfully infected a
> system. Now you have to remain hidden, out of sight, hopefully
> unlisted in top, ps, and other process lists.  You have to keep your
> CPU usage to a minimum, so people don't notice.
>
> Now what?
>
> Oh, yes.  Infecting things so you'll be replicated and auto-launched
> if the system restarts.  What are you going to use to manage this?
> With different shell environments, different desktop environments,
> different scripting environments, differing ways to auto-run
> applications, that in itself is no mean feat.

You're starting to scare everyone.



> Contrast this to Windows.
>
> First, it runs on one platform.  You can develop direct binary apps
> rather than scripting apps.  It generally lacks tools such as
> tripwire, so it's easier to get in in the first place.  Users often
> run as Admins, meaning they have write-access to most of the system -
> Linux users, on the whole, don't, meaning you'll need a local root
> exploit just to install your virus.  Windows has a predictable
> toolset - vbs support, javascript in mail and web browser, active X
> support, etc.  Not everyone runs these enabled, but many do.  You've
> got a reasonable expectation that, say, OE and/or IE are in active
> use.
>
> Not only do you have a much more uniform toolset to deal with, you
> have a lot greater access once you're in, and a lot less likelihood
> of coming across system monitoring tools.  It is, in short,
> fundamentally simpler to deploy a succesful virus targetting Windows
> than it is for Linux.
>
> Thus, it is easier - considerably - to write a successful Windows
> virus. Microsoft goes out of their way to make it difficult to keep
> systems updated to avoid such things.  They compound this with silly
> notions such as "We're going to make XP more secure, to avoid these
> problems... but only for legal versions" - meaning pirated versions,
> presumably, will still be wide open, this *despite* MS's long-held
> view that if people are going to pirate software, make sure they're
> pirating *ours*.
>
> Now, granted, there are, in fact, Linux viruses.

You don't say?


> They're neither
> particularly effective nor particularly virulent.  I have yet to hear
> of a Linux virus that takes down entire LANs, let alone largish
> sections of the net, nor even had the capability to do so if Linux
> were as popular as Windows.
>
> In short... Windows makes it possible to write successful viruses.
> MS is an enabler.  Linux makes it difficult to do the same thing.
> Unless someone figures out a really successful way to do it in Linux,
> there just isn't much point: where's the fun in writing a virus that
> infects 100 machines and peters out, when you can write one that
> infects, say, 100,000 machines and keeps right on going?
>
> Hell, MS doesn't even bundle AV tools, do they? No, Linux doesn't,
> either, generally... but it doesn't really need 'em.  Windows does.

Yes.



>>> yes, I have verified it. It's quite simple, as .deb packages are
>>> easily taken apart for inspection. As are .rpm and .tgz files.
>
>> And after you verified it, what?  Did you start moving the files
>> around? The whole point is, who cares where the files are installed,
>> or that a
>> few may be left after uninstall (Linux and Windows)?  It may be
>> comforting to know, but it's not really important, and some cola nut
>> was using it to bash Windows.
>
> Actually, it can be important, if only for performance reasons.  The
> registry has a bad habit of degrading performance as it becomes more
> and more loaded, for one thing - so cruft left behind in it sucks
> system performance.  For another, DLL registrations, App Paths and
> the like can cause further degradation as the system hunts for things
> that simply aren't there anymore.
>
> This gets especially fun when Windows is trying to do something that
> involves walking the registry tree.  I need to open file A.  It has
> type B.  Which is handled by whatever belongs to CLSID C.  Which
> requires DLL D.  Which doesn't exist.  Hmm.  So, just by cleaning out
> the registry, it would have been obvious that the file is of an
> unknown type, without having to walk the registry to find the DLL,
> then walk the path to try to find the DLL.

Those performance hits are miniscule, as you know, and similar dependency
problems occur in Linux all the time.




> There's a _reason_ why Win2K logo certficiation was somewhat picky
> about what you were and weren't allowed to leave in the registry when
> your app got uninstalled.  But not too many apps _have_ logo, do they?

Don't think so.

On Thu, 17 Jun 2004 22:37:32 -0400, DFS wrote:

> Kelsey Bjarnason wrote:
>> [snips]
>>
>> On Thu, 17 Jun 2004 14:24:29 -0400, DFS wrote:
>>
>>>>>>> Again, that's 'cause you use open source code.  And how often
>>>>>>> should you have to update your software, anyway?  Seems Linux
>>>>>>> slopware is updated almost weekly in a lot of cases.
>>>>>>
>>>>>> And weekly is bad.... why exactly?
>>>>>
>>>>> 'Cause it shows the software wasn't ready last week, and it won't be
>>>>> ready this week, and it won't be ready a week from now.
>>>>
>>>> So window$ wasn't ready 5 years ago, and it isn't ready now, and it
>>>> won't be ready 5 years from now.
>>>
>>> I feel your pain, boy.  Several hundred million people feel otherwise,
>>> but it's only Linux users who don't.  What's wrong with this picture?
>>
>> Snideness aside, I notice you dodged the question.
> 
> He wasn't asking a question.  He was making a snide comment about Windows.

Actually my comment wasn't any more snide about window$ than yours about
Linux.

> 
>> If Linux apps are
>> bad because they keep getting updated, aren't Windows apps *also* bad,
>> because they keep getting updated?  And isn't Windows *itself* also bad
>> because it keeps getting updated?
> 
> Windows security is bad, no doubt about that.  But MS'  Windows apps such
> as Office and SQL Server are masterpieces, and they're very infrequently
> updated because they're already so good.

AHA ahahah HAHA AHAH ahha ah AHHAA hahaha HAHAHA AHHA haa...
Office. A Masterpiece.
AHAH ahahah HAha HAHA AHAH aha HAH HA

> 
> But don't you feel odd getting Linux application updates every month, or
> however often?  To me it's an indication the developer isn't comfortable
> with the application.

That's because you are clues. And very few apps are 'updated weekly'. But
I would imagine you could update some app or other every day.
 
>> This, however, ignores another key point.  All software has bugs; this
>> is just how things are.  Linux's answer is to fix 'em fast and release
>> 'em fast.  Apparently, you would rather live with the bugs for months on
>> end, only getting updates say, twice a year.
>>
>> Why?  Makes no sense to me.  I'd much rather get the updates fast.
> 
> More power to you.  Makes me wonder about the software.

That's because you are clueless, and apparently would rather live with
bugs.

> 
> 
>>>>> I would be very
>>>>> suspicious of any software updated every week, or month, etc.
>>>>
>>>> Why?
>>>
>>> If you honestly have to ask, you wouldn't understand the answer.
>>
>> See above.  You'd rather live with the bugs for months, in order to get
>> twice-yearly updates?  Fine - just don't update your software until
>> then.
>>
>> Personally, I'd rather get updates faster.
> 
> More power to you.  Makes me wonder about the software.
>
That's because you are clueless, and apparently would rather live with
bugs.
> 
> 
>>>> Instead of continuously and ignorantly lashing out at something you
>>>> don't understand, maybe you should try to learn about it.
>>>
>>> What's to learn?  I can write open source software, and contribute to
>>> the "community."  In turn, I can use and learn from open source
>>> software. Yippee!
>>
>> One thing you could learn is just exactly how flexible Linux is compared
>> to what you're used to now.
> 
> I've been threatening to install a fresh Linux distribution soon, and I
> will.  I got Mandrake 9.2 with a Linux Format Handbook.

Of course, you can't bothered with installing the current distro.


>> See the nonsense about
>> "developer machine" for an example of this - you're stuck in a mindset
>> where there's a fundamental conceptual difference between "developer
>> machine" and "web server".  We don't have such dichotomies, if only
>> because Linux gives us the flexibility to use our systems _as we see
>> fit_.
> 
> You're assuming things about me that aren't in evidence.  I used
> "developer machine" because I figured that would be most relevant to me
> and to you Linux techies.  If I had used "web server machine" in my
> example I would have loaded it with different software.
> 
> And you _still_ refuse to answer.

you refuse to answer questions.


>>>>>>> Wait a minute.  Sounds like you have to manually visit/touch each
>>>>>>> of the 100  machines?  Or am I missing something?
>>>>>>
>>>>>> you're missing cron.
>>>>>> the daemon that auto runs jobs at specified times of the
>>>>>> day/week/month/year.
>>>>>
>>>>> He said he had to edit the crontab on each machine when rolling the
>>>>> machines out.  Sounds like he had to do it manually.
>>
>> *Once*.  At deployment.  Never again.
> 
> OK.
> 
> 
>>> Well, he says updating Windows machines is such a chore, but it sounds
>>> like he has to manually update his Linux machines as well.
>>
>> *Once*.  At deployment.  Never again.
> 
> OK.
> 
> 
>>>> You are wrong. However, feel free to show some EULAs allowing multiple
>>>> installations of DOS, W3.1, W95 or W2K when only a single licensed has
>>>> bee legally acquired.
>>>
>>> The EULA doesn't allow multiple installations, but I'm sure it's
>>> occurred.
>>
>> So?  Look at the position you've argued yourself into.  That you can
>> break the law, pirate the software, install it illegally on as many
>> machines as you want - as long as you don't get caught - and you're
>> offering this, somehow, as an argument in relation to an OS which you
>> can legally and legitimately install on 1,000 machines without a
>> problem.
> 
> We were talking about counting installations.  He says you can't base
> Linux installations on sales because one sale of Linux is usually
> installed on multiple machines.  I think the same applies to Windows, but
> to a lesser degree.

It applies to a much, much, much lesser degree. Or are you saying the
majority of window$ users are pirates?

> 
> 
>>> You claim Linux sales are installed on several machines, but Windows
>>> sales aren't?  Why do you think this?  Even MS has estimated some 25%
>>> of its software in use is pirated.
>>
>> He's actually questioning the validity of your "market share" numbers
>> and the methodology of obtaining the information.  Eg suppose we polled
>> IBM and they had 50,000 machines, all running Windows - but only 10
>> licenses. In a poll, presumably, they'd list only 10 licences.
> 
> Sure, IF they asked about licenses.  If they asked about installations,
> IBM would answer differently (though the numbers should be close to each
> other).

> 
>> However... the BSA would very likely be knocking on their door the next
>> day demanding an audit.  So chances are, IBM has very close to the
>> correct number of licenses.  All bought and paid for.  Easily tracked.
>>
>> Now suppose someone in IBM went out and dropped a copy of Debian on the
>> network, and IBM's in-house people started trying it out.  They could
>> have 50,000 seats, but all anyone outside IBM would know about would be
>> the single download.  And there would have been _zero_ sales.  So, which
>> numbers do we use?  50,000 Windows seats?  49,999 Windows seats and 1
>> Linux seat?  50,000 Linux seats?
>>
>> You'd have to skip the sales and licensing figures entirely, for one
>> thing and talk to the users directly... while assuring each that no,
>> they won't be exposed for running "non-sanctioned software" on their
>> machines. Which means you're not going to get the full picture in any
>> case, but it'll be closer to reality than simply counting purchased
>> licenses, or using similar methodologies.
> 
> Yes.  And I assume IDC talks to the users/managers directly.

Why do you assume that, especially since you have no knowledge of their
methodologies?

> 
> 
> 
>>>> Unless you know how the data was gathered, you cannot know how to
>>>> interpret it or how much the conclusion can be trusted.
>>>
>>> If it was pro-Linux numbers, they would be part of the cola newsgroup
>>> FAQ.
>>
>> If so, it would be wrong of the FAQ maintainers to do so.  The simple
>> reality is that it is almost impossible to gauge Linux usage.
> 
> Yes.  Because of licensing it is probably easier to estimate Windows
> usage.

Yes, and it is probably fair to say Liux installations are a great deal
higher than license sales.

 
>> All we
>> can do, really, is look for indicators.  OS identifiers in page requests
>> from popular sites.  Sales of things such as RH.  Registered users of,
>> say, the linux counter.
> 
> # of cola nuts...

Why would you be counting snacks as computer installations? Oh. I forgot.
You are clueless.
-- 
Rick

Rick wrote:
> On Thu, 17 Jun 2004 14:24:29 -0400, DFS wrote:
>
>> Rick wrote:
>>> On Thu, 17 Jun 2004 12:36:15 -0400, DFS wrote:
>>>
>>>
>>>> <spike1@freenet.co.uk> wrote in message
>>>> news:o0qrac.mkr.ln@freenet.co.uk...
>>>>> DFS <nospam@nospam.com> wrote:
>>>>>> Again, that's 'cause you use open source code.  And how often
>>>>>> should you have to update your software, anyway?  Seems Linux
>>>>>> slopware is updated almost weekly in a lot of cases.
>>>>>
>>>>> And weekly is bad.... why exactly?
>>>>
>>>> 'Cause it shows the software wasn't ready last week, and it won't
>>>> be ready this week, and it won't be ready a week from now.
>>>
>>> So window$ wasn't ready 5 years ago, and it isn't ready now, and it
>>> won't be ready 5 years from now.
>>
>> I feel your pain, boy.
>
> If you are addressing me, I am in no pain.

You're numb from too many Linux slopware updates - do they measure them in
minutes now?




>> Several hundred million people feel otherwise,
>
> Feel free to prove that.

It's off to the 'Net.

"Microsoft has sold 210 Million Copies of Windows XP"
http://www.edbott.com/weblog/archives/000111.html

But then you knew that.



>> but it's only Linux users who don't.  What's wrong with this picture?
>
> your bigoted vision is the problem.



>>>> I would be very
>>>> suspicious of any software updated every week, or month, etc.
>>>
>>> Why?
>>
>> If you honestly have to ask, you wouldn't understand the answer.
>
> Translation: You can't answer that question either.



>>> (snip)
>>>>> Ah, you don't understand the free software author's mindset...
>>>>> Understandable coming from you, that. Never heard of the reward of
>>>>> peer review and self satisfaction of a job well done?
>>>>
>>>> True.  I don't understand free software.
>>>
>>> Finally. You make a true statement. You don't understand free
>>> software.
>>
>> I've said this all along.
>
> Then read and try to learn and stop making horrendously stupid
> statements.

What's to learn?




>>>> And peer review?  My peers don't  pay my bills; my clients do.
>>>
>>> What does that have to do with the fact that many people gain
>>> satisfaction from peer review and from know they have done something
>>> good for the community?
>>
>> Again: My peers don't pay my bills; my clients do.
>
> See conveniently forget, you weren't the center of the comments.

Sure I was.  You said, and I quote "Understandable coming from you, that.
Never heard of the reward of peer review and self satisfaction of a job well
done?"




>> If peer review makes you happy, more power to you.
>>
>>> Instead of continuously and ignorantly lashing out at something you
>>> don't understand, maybe you should try to learn about it.
>>
>> What's to learn?  I can write open source software, and contribute
>> to the "community."  In turn, I can use and learn from open source
>> software.
>
> That's right. You can also sell that software. If it's good enough,
> and you are bright enough to market it.

Sell open source software?  Who would buy it?  Linux users are broke, or
cheap, or both.




>> Yippee!
>
> That's right.
>>
>>
>>>>>>>> It's mind-numbingly easy to use Windows update; you can
>>>>>>>> schedule updates to run automatically at any time of the day
>>>>>>>> or night.
>>>>>>>
>>>>>>> Good.  Now, this updates, say, SQL Server?  MS Office?  Visual
>>>>>>> Studio? Borland's development tools?  Corel's apps?  WinAmp?
>>>>>>> No, didn't think
>>>> so.
>>>>>
>>>>>> What does Borland have to do with MS, except to make applications
>>>>>> that run on Windows?  Why do you think the OS vendor should help
>>>>>> you update your
>>>> 3rd
>>>>>> party apps?  You're spoiled because of free software.
>>>>>
>>>>> What does apache or sendmail have to do with linux? You think our
>>>>> distros would help us update 3rd party apps?.... um... HELL YES!
>>>>
>>>> Spoiled.  Cheap.  Broke.  syn: Linux user.
>>>
>>> Again.. your statement does not parse.
>>
>> 'Cause you're using a crippled, untested, open source parser...
>
> There you go again, making horrendously stupid comments.

Then I've been spending too much time amongst cola nuts.





>>>>>>> Wake me up when Windows gets to the point Linux is at today.  I
>>>>>>> figure that'll be about 2053.
>>>>>
>>>>>> Yet Windows expensive, proprietary server OSes have twice the
>>>>>> market share of free/low cost Linux/Unix server OSes?  Sounds
>>>>>> like a lot of people think Windows is already far beyond Linux,
>>>>>> and are willing to pay for the privilege.
>>>>>
>>>>>> [insert whining about MS monopoly, MS marketing, or uneducated
>>>>>> admins]
>>>>>
>>>>> No need, you inserted them for us, but it's true.
>>>>
>>>> Well there you go.  Glad to provide your excuses for you.
>>>>
>>>>
>>>>
>>>>> The PC started out soley as a microsoft DOS machine, microsoft
>>>>> bundled dos with IBMs machines and then sold licenses to all the
>>>>> other clone manufacturers, the rest, as they say, is history.
>>>>>
>>>>> It may have been a very different world we'd be living in if the
>>>>> bloke from digital equipment hadn't been on his boat that fateful
>>>>> day. digital equipment hadn't been on his boat that fateful day.
>>>>
>>>> Maybe so.
>>>
>>> 'The bloke from Digital Research' met with the IBM reps 'that day'.
>>> They didn't wnat to license CP/M, they wanted to buy it. Gates
>>> convinced IBM to license an OS m$ didn't, and then IBM priced CP/M
>>> out of competition.
>>
>> Gates is a damn smart guy is what he is, and an awesome businessman;
>> he started and runs a company that has 95% market share in some of
>> its businesses.
>
> And they got there and stay there by illegal, immoral and unethical
> means.

They got there by being smart and working hard and creating excellent
products.

You're smearing the entire company for a few business practice violations,
that have harmed few people or businesses.  It's not like they're forcing
you to buy their software.

And according to SCO, Linux isn't entirely innocent, either.




>>>>>>> It is if it doesn't want to be uninstalled.  However, the issue
>>>>>>> isn't removing it; it's keeping it, but in such a way that it
>>>>>>> runs when _you_ want it to run, not when _it_ thinks it should.
>>>>>
>>>>>> I do have to wonder why the average Linux user, who claims to be
>>>>>> (and might be) so technically competent, has such difficulties
>>>>>> working with Windows.
>>>>>
>>>>> How about someone who IS competent at working with windows and
>>>>> STILL can't get rid of the most stubborn spyware? For I know such
>>>>> a man.
>>>>>
>>>>> Oh, he got rid in the end, but it took him 5 times longer than it
>>>>> should've.
>>>>
>>>> That's why it's called spyware.
>>>
>>> ... so much for answering his question.
>>
>> He didn't have a question.
>
> No? ...
> "How about someone who IS competent at working with windows and STILL
> can't get rid of the most stubborn spyware?"
> ... isn't a question?

No.  Just placing a question mark at the end of a sentence doesn't make it a
question?


>>>>>>>> OK.  Very well put, I must say.  I can't and won't argue,
>>>>>>>> except to say keeping Windows secured isn't nearly as
>>>>>>>> difficult as you make it sound.
>>>>>>>>
>>>>>>>> I don't do much network admin for Windows (none for Linux)
>>>>>>>
>>>>>>> I do both.  Windows is a nightmare.  Even worse is when you
>>>>>>> have to keep, say, 100 machines up to date.
>>>>>>>
>>>>>>> Here's an example.  Suppose I want to maintain 100 Win2K
>>>>>>> machines. I have one which I use as a testbed, to ensure that
>>>>>>> patches, etc, don't break anything.  Now that I've tested them
>>>>>>> all... how do I roll them out, automatically, to every system
>>>>>>> on the network? Invisibly? Without
>>>> user
>>>>>>> interaction?  Without interfering with their work by, say,
>>>>>>> forcing reboots?
>>>>>
>>>>>> I would think there's an easy way for a Windows network admin to
>>>>>> distribute updates to all machines in a domain.  If I find out
>>>>>> so, I'll be back to tell you.
>
>>>>>>> With Linux, it's easy.  I can either do it, say, 10 at a time
>>>>>>> manually using tools such as screen, or I can write a little
>>>>>>> script, applied to each machine once, which subsequently looks
>>>>>>> at a specified network share point and, if there's any packages
>>>>>>>  there, applies them.  How?  Well, let's
>>>>>>> see.  First, for each machine, I define a new package
>>>>>>> repository - trivially easy.  The cron job now does our usual
>>>>>>> set of things:
>>>>>>>
>>>>>>>   urpmi.update -a && urpmi --auto-select
>>>>>>>
>>>>>>> Voila.  Done.  Drop that into a crontab on each machine, once,
>>>>>>> when rolling the machines out,
>>>>>
>>>>>> Wait a minute.  Sounds like you have to manually visit/touch
>>>>>> each of the 100  machines?  Or am I missing something?
>>>>>
>>>>> you're missing cron.
>>>>> the daemon that auto runs jobs at specified times of the
>>>>> day/week/month/year.
>>>>
>>>> He said he had to edit the crontab on each machine when rolling the
>>>> machines out.  Sounds like he had to do it manually.
>>>
>>> Your point?
>>
>> Well, he says updating Windows machines is such a chore, but it
>> sounds like he has to manually update his Linux machines as well.
>
> Machines can be remotely batch administered.
>
>
>>>>> All he has to do is put tested patches and updates into a specific
>>>>> directory on a shared filesystem, the cronjob on the other
>>>>> machines does the rest.
>>>>>
>>>>>>> and from that point on, they will automatically update
>>>>>>> themselves. With tested updates only.  Unobtrusively.  The
>>>> user's
>>>>>>> total knowledge of the process occurring at all is, generally
>>>>>>> speaking, noticing that when they run application X, it's a new
>>>>>>> version.
>>>>>>>
>>>>>>> Yes, there always the potential for problems - in both systems.
>>>>>>> Difference is, Linux makes it easy to do the parts that
>>>>>>> *should* be easy. Windows doesn't.  So doing this in Linux
>>>>>>> leaves you that much more time
>>>> to
>>>>>>> spend fixing the problems, rather than fighting the system.
>>>>>
>>>>>> Yet with all these supposed Linux advantages, including low or no
>>>>>> cost,
>>>> they
>>>>>> have just one-third the server OS market share of  MS?  (Wired
>>>>>> Mag, June
>>>> 04,
>>>>>> pg.154, source: IDC)
>>>>>
>>>>> More IDC bullshit,I see...
>>>>
>>>> LOL!  You Linux morons do live in an alternate world.  If the big
>>>> boys of the market research world don't support your fantasies,
>>>> you dismiss them. If every study ever done indicates Linux has 3%
>>>> of the desktop installations, you dismiss it and claim 16%.
>>>> Because it just IS!
>>>
>>> How did IDC arrive at their installation numbers? Did they do some
>>> statistically valid pole of server admins? Did they look at
>>> connection logs? Did they look at retail/wholesale sales figures?
>>
>> pole = poll
>>
>> I don't know their survey methodologies.
>
> Then you don't how reliable the data is or if the data supports the
> conclusions.

I just quoted the figures shown in Wired Magazine: 58% market share for
Windows Server OSs, 19% market share for Linux server OSs.




>>>>> You don't get it do you? With windows, you buy one windows disk,
>>>>> you can install it (legally) on one single machine. That counts
>>>>> as one sale.
>>>>
>>>> What are you talking about?  I've installed Win2000 on several
>>>> machines. Before WinXP, there were no restrictions on
>>>> installations. And even with WinXP, there are activation hacks.
>>>> So who knows how many copies of WinXP are sold once, but used
>>>> multiple times.
>>>
>>> There have always been restrictions on installations of m$ OSs. One
>>> license, one install has been the norm. Ask the owner of Ernie Ball.
>>> They weren't using XP.
>>
>> I meant physical/electronic restrictions, of course, such as hardware
>> activation.  The EULA allows one copy of Windows to be installed on
>> one machine.
>
> You should have been more clear.

Yes, I see that.




>>>>> You buy a linux boxed set. You can install it in an entire server
>>>>> farm, one disk all machines... You could even do it over the
>>>>> network so they'd all install at once. (Try that with windows)
>>>>
>>>>
>>>>> That counts as one sale.
>>>>
>>>> I know, I know - every Linux sale ever made is copied to multiple
>>>> machines. This is the ONLY claim you guys can make that supports
>>>> Linux as 16% of the desktop installations.  But it's bogus because
>>>> the same can be said about Windows until XP, and even now there
>>>> are plenty of people using activation hacks to get past that
>>>> limitation.
>>>
>>> You are wrong. However, feel free to show some EULAs allowing
>>> multiple installations of DOS, W3.1, W95 or W2K when only a single
>>> licensed has bee legally acquired.
>>
>> The EULA doesn't allow multiple installations, but I'm sure it's
>> occurred.
>
> And I am sure that each copy of m$'s has not been installed nearly as
> many times as copies of Linux distros are installed. In fact, many
> distros encourage users to copy and distribute the CDs.

I would agree with you.




>> You claim Linux sales are installed on several machines, but Windows
>> sales aren't?  Why do you think this?  Even MS has estimated some
>> 25% of its software in use is pirated.
>>
>
> I claim that Linux is multi-installed far more often than Linux. And
> that is why 'Linux marketshare' is so hard to hard to pin down.

I think Linux is multi-installed exactly as often as Linux.

(you should be more clear.)





>>>>> Of course, how does one measure it if even that single CD used to
>>>>> install that server farm was copied off a friend? Or downloaded
>>>>> off the net?
>>>>>
>>>>> IDC doesn't have the means to measure the use of linux in the
>>>>> server OR desktop market because they have no means of counting
>>>>> the number of installs. And random questionnaires won't cut it.
>>>>
>>>> I don't know what their statistical methodologies are, but I trust
>>>> them a heck of a lot more than you cola nuts.
>>>
>>> Unless you know how the data was gathered, you cannot know how to
>>> interpret it or how much the conclusion can be trusted.
>>
>> If it was pro-Linux numbers, they would be part of the cola
>> newsgroup FAQ.
>
> Thank You for agreeing with me in that
> unless you know how the data was gathered, you cannot know how to
> interpret it or how much the conclusion can be trusted.

I'm not that suspicious of the IDC numbers.  Some of the other figures on
the same page in Wired Mag were less kind to MS

MS has minority, but still sizeable, market shares in email, web and
database servers.


>>>>> Oh, they might be able to randomly sample webserver to see what
>>>>> they're running, but that only counts machines facing the
>>>>> internet, not the machines
>>>>> behind the firewall on the private net.
>>>>
>>>> You don't know what they can or cannot count.
>>>
>>> You may now show all the ways it is possible to count firewalled and
>>> masked machines.
>>
>> Well, the people that setup the firewalled and masked machines count
>> them for IDC, and report their numbers.  Why is this so difficult
>> for you to understand?
>
> you may now explain how all those machines are counted.

Start with the right hand... 1,2,3,4,5
Go to the left hand... 6,7,8,9,10
Make a tick mark on a page
start over with the right hand...

Bob Hauck wrote:
> On Thu, 17 Jun 2004 19:04:29 -0400, DFS <nospam@nospam.com> wrote:
>> Bob Hauck wrote:
>>> On Thu, 17 Jun 2004 15:49:59 -0400, DFS <nospam@nospam.com> wrote:
>>>> Bob Hauck wrote:
>>>>> On Thu, 17 Jun 2004 17:11:22 GMT, Rick <rick@none.com> wrote:
>>>>>> On Thu, 17 Jun 2004 12:05:18 -0400, DFS wrote:
>>>>>
>>>>>>>> In fact, you don't even appear to know what cron does?
>>>>>>>
>>>>>>> scheduler.  The Windows Scheduled Tasks feature is better.
>>>>>>
>>>>>> How?
>>>>>
>>>>> It reduces the potential load on the system by making it really
>>>>> hard to schedule a task to run more often than once a day.
>>>>
>>>> "really hard"?!?!?   LOL!
>>>>
>>>> Another Linux moron that can't figure out Windows.  Gawd, but you
>>>> guys are unbelievable sometimes.
>>>
>>> Ok, so I'm a moron.
>>
>> If you consider using Windows Scheduled Tasks to schedule a task to
>> run more often than once a day "really hard" then you are indeed a
>> moron.
>
> Once upon a time it did not have all the options it has in XP.  So I
> didn't check to see what the changes were.  Sue me.

Those are the options in Win2000.



>>> So, how is the Windows scheduler better?  Please enlighten us.
>>
>> Take a look at it with me, boy.  You ready?
>>
>> See how easy it is to use?
>
> KDE includes a GUI for cron.  It is pretty easy to use.

I saw a cron GUI on a screenshot.  Very rudimentary.


>> See how the list of apps pops up when I create a new Scheduled Task?
>
> I can't remember the last time I ran OOo Writer or Acroread from cron.
> Normally I run scripts or simple command sequences.  Do batch files
> show up in the task scheduler list, or do I have to browse for them?
> Yeah, I thought so.  Just like kcron then.
>
>
>> See the options for Idle Time and Power Management?
>
> Yes, that's nice.  There are cron's for Unix that do that, but it
> isn't standard on my distro so I'd have to script that.

Move to Windows, and save your scripting for things the OS doesn't do.
Which isn't much these days.





>> See the limitless execution options: run as user, add comments,
>> enabled/disabled, start time, stop time, daily, weekly, monthly,
>> once,
>> on bootup, on logon, on idle, stop on not idle, retry for X minutes,
>> repeat loops, automatic task deletion after it runs once, stop if it
>> runs for X time, multiple schedules for the same task, etc.?
>
> Some of those things (e.g. "run on logon", "run once") are not handled
> by cron under Unix, but they can be done easily enough.  The "at"
> command or ktimer does "run once".  The startup folder does "run on
> login".  Obviously, cron can do daily, weekly, monthly, start, stop,
> multiple schedules.
>
> Delete after X times I'd have to script.  Can't say I've ever needed
> it but I guess it's a feature that cron doesn't have.

Geez.  Don't get too worked up.



>> Now look at cron.  Ugh.  What a piece of crap.
>
> Yes, and it only took Windows 20 years to catch up.

And Linux will NEVER catch up to Windows.  So sorry.  Doesn't mean Linux
isn't good; you'll always have that "the best technology doesn't always win"
claim to fall back on.




> Tell me, how do I get the output from a scheduled task?  Cron can
> email it to me.  That's a nice way to get notified of problems.  I
> consider it a more important feature than "delete after x times".
>
> I'm still waiting for the vast superiority I was promised.

Who promised you that?




> It looks
> to me as if the Scheduler has finally caught up and maybe added some
> geegaws but is fundamentally not that much different than current
> cron versions.
>
> Which stands to reason, as there are only so many features tha make
> sense in a scheduler.

That's what they said about Tide.  Look how much it's been improved.

Rick wrote:
> On Thu, 17 Jun 2004 22:37:32 -0400, DFS wrote:
>
>> Kelsey Bjarnason wrote:
>>> [snips]
>>>
>>> On Thu, 17 Jun 2004 14:24:29 -0400, DFS wrote:
>>>
>>>>>>>> Again, that's 'cause you use open source code.  And how often
>>>>>>>> should you have to update your software, anyway?  Seems Linux
>>>>>>>> slopware is updated almost weekly in a lot of cases.
>>>>>>>
>>>>>>> And weekly is bad.... why exactly?
>>>>>>
>>>>>> 'Cause it shows the software wasn't ready last week, and it
>>>>>> won't be ready this week, and it won't be ready a week from now.
>>>>>
>>>>> So window$ wasn't ready 5 years ago, and it isn't ready now, and
>>>>> it won't be ready 5 years from now.
>>>>
>>>> I feel your pain, boy.  Several hundred million people feel
>>>> otherwise, but it's only Linux users who don't.  What's wrong with
>>>> this picture?
>>>
>>> Snideness aside, I notice you dodged the question.
>>
>> He wasn't asking a question.  He was making a snide comment about
>> Windows.
>
> Actually my comment wasn't any more snide about window$ than yours
> about Linux.

But your reference to "window$" is.  I need to come up with some new
insults: Lame-ux?  LOLux?  Not too catchy.  I'll keep working on it.




>>> If Linux apps are
>>> bad because they keep getting updated, aren't Windows apps also
>>> bad, because they keep getting updated?  And isn't Windows itself
>>> also bad because it keeps getting updated?
>>
>> Windows security is bad, no doubt about that.  But MS'  Windows apps
>> such as Office and SQL Server are masterpieces, and they're very
>> infrequently updated because they're already so good.
>
> AHA ahahah HAHA AHAH ahha ah AHHAA hahaha HAHAHA AHHA haa...
> Office. A Masterpiece.
> AHAH ahahah HAha HAHA AHAH aha HAH HA

You sound like you laugh a lot.  Linux making you batty, eh?  A nice does of
WinXP and Office Pro will fix you right up.








>> But don't you feel odd getting Linux application updates every
>> month, or however often?  To me it's an indication the developer
>> isn't comfortable with the application.
>
> That's because you are clues. And very few apps are 'updated weekly'.
> But I would imagine you could update some app or other every day.




>>> This, however, ignores another key point.  All software has bugs;
>>> this is just how things are.  Linux's answer is to fix 'em fast and
>>> release 'em fast.  Apparently, you would rather live with the bugs
>>> for months on end, only getting updates say, twice a year.
>>>
>>> Why?  Makes no sense to me.  I'd much rather get the updates fast.
>>
>> More power to you.  Makes me wonder about the software.
>
> That's because you are clueless, and apparently would rather live with
> bugs.

If there are enough bugs to force weekly or monthly updates, someone needs
to get some slopware testers off their asses.





>>>>>> I would be very
>>>>>> suspicious of any software updated every week, or month, etc.
>>>>>
>>>>> Why?
>>>>
>>>> If you honestly have to ask, you wouldn't understand the answer.
>>>
>>> See above.  You'd rather live with the bugs for months, in order to
>>> get twice-yearly updates?  Fine - just don't update your software
>>> until then.
>>>
>>> Personally, I'd rather get updates faster.
>>
>> More power to you.  Makes me wonder about the software.
>>
> That's because you are clueless, and apparently would rather live with
> bugs.

Deja vu' there.



>>>>> Instead of continuously and ignorantly lashing out at something
>>>>> you don't understand, maybe you should try to learn about it.
>>>>
>>>> What's to learn?  I can write open source software, and contribute
>>>> to the "community."  In turn, I can use and learn from open source
>>>> software. Yippee!
>>>
>>> One thing you could learn is just exactly how flexible Linux is
>>> compared to what you're used to now.
>>
>> I've been threatening to install a fresh Linux distribution soon,
>> and I will.  I got Mandrake 9.2 with a Linux Format Handbook.
>
> Of course, you can't bothered with installing the current distro.

LOL!  Back to the same old argument: "You didn't install the latest distro!
Everything's working in kernel 2.6.7.seconds.ago!"



>>> See the nonsense about
>>> "developer machine" for an example of this - you're stuck in a
>>> mindset where there's a fundamental conceptual difference between
>>> "developer machine" and "web server".  We don't have such
>>> dichotomies, if only because Linux gives us the flexibility to use
>>> our systems as we see fit.
>>
>> You're assuming things about me that aren't in evidence.  I used
>> "developer machine" because I figured that would be most relevant to
>> me and to you Linux techies.  If I had used "web server machine" in
>> my example I would have loaded it with different software.
>>
>> And you still refuse to answer.
>
> you refuse to answer questions.

Untrue.



>>>>>>>> Wait a minute.  Sounds like you have to manually visit/touch
>>>>>>>> each of the 100  machines?  Or am I missing something?
>>>>>>>
>>>>>>> you're missing cron.
>>>>>>> the daemon that auto runs jobs at specified times of the
>>>>>>> day/week/month/year.
>>>>>>
>>>>>> He said he had to edit the crontab on each machine when rolling
>>>>>> the machines out.  Sounds like he had to do it manually.
>>>
>>> Once.  At deployment.  Never again.
>>
>> OK.
>>
>>
>>>> Well, he says updating Windows machines is such a chore, but it
>>>> sounds like he has to manually update his Linux machines as well.
>>>
>>> Once.  At deployment.  Never again.
>>
>> OK.
>>
>>
>>>>> You are wrong. However, feel free to show some EULAs allowing
>>>>> multiple installations of DOS, W3.1, W95 or W2K when only a
>>>>> single licensed has bee legally acquired.
>>>>
>>>> The EULA doesn't allow multiple installations, but I'm sure it's
>>>> occurred.
>>>
>>> So?  Look at the position you've argued yourself into.  That you can
>>> break the law, pirate the software, install it illegally on as many
>>> machines as you want - as long as you don't get caught - and you're
>>> offering this, somehow, as an argument in relation to an OS which
>>> you can legally and legitimately install on 1,000 machines without a
>>> problem.
>>
>> We were talking about counting installations.  He says you can't base
>> Linux installations on sales because one sale of Linux is usually
>> installed on multiple machines.  I think the same applies to
>> Windows, but to a lesser degree.
>
> It applies to a much, much, much lesser degree. Or are you saying the
> majority of window$ users are pirates?

I'm not saying anything of the sort.




>>>> You claim Linux sales are installed on several machines, but
>>>> Windows sales aren't?  Why do you think this?  Even MS has
>>>> estimated some 25% of its software in use is pirated.
>>>
>>> He's actually questioning the validity of your "market share"
>>> numbers and the methodology of obtaining the information.  Eg
>>> suppose we polled IBM and they had 50,000 machines, all running
>>> Windows - but only 10 licenses. In a poll, presumably, they'd list
>>> only 10 licences.
>>
>> Sure, IF they asked about licenses.  If they asked about
>> installations, IBM would answer differently (though the numbers
>> should be close to each other).
>
>>
>>> However... the BSA would very likely be knocking on their door the
>>> next day demanding an audit.  So chances are, IBM has very close to
>>> the correct number of licenses.  All bought and paid for.  Easily
>>> tracked.
>>>
>>> Now suppose someone in IBM went out and dropped a copy of Debian on
>>> the network, and IBM's in-house people started trying it out.  They
>>> could have 50,000 seats, but all anyone outside IBM would know
>>> about would be the single download.  And there would have been
>>> zero sales.  So, which numbers do we use?  50,000 Windows seats?
>>> 49,999 Windows seats and 1 Linux seat?  50,000 Linux seats?
>>>
>>> You'd have to skip the sales and licensing figures entirely, for one
>>> thing and talk to the users directly... while assuring each that no,
>>> they won't be exposed for running "non-sanctioned software" on their
>>> machines. Which means you're not going to get the full picture in
>>> any case, but it'll be closer to reality than simply counting
>>> purchased licenses, or using similar methodologies.
>>
>> Yes.  And I assume IDC talks to the users/managers directly.
>
> Why do you assume that, especially since you have no knowledge of
> their methodologies?

Talks to = in person, on phone, emails, direct mailings, etc.  I assume so
anyway.



>>>>> Unless you know how the data was gathered, you cannot know how to
>>>>> interpret it or how much the conclusion can be trusted.
>>>>
>>>> If it was pro-Linux numbers, they would be part of the cola
>>>> newsgroup FAQ.
>>>
>>> If so, it would be wrong of the FAQ maintainers to do so.  The
>>> simple reality is that it is almost impossible to gauge Linux usage.
>>
>> Yes.  Because of licensing it is probably easier to estimate Windows
>> usage.
>
> Yes, and it is probably fair to say Liux installations are a great
> deal higher than license sales.

Probably.  I would think downloads account for a good chunk of Linux
installs.


>>> All we
>>> can do, really, is look for indicators.  OS identifiers in page
>>> requests from popular sites.  Sales of things such as RH.
>>> Registered users of, say, the linux counter.
>>
>> # of cola nuts...
>
> Why would you be counting snacks as computer installations? Oh. I
> forgot. You are clueless.

There's a direct correlation between Linux nuts on cola and the growth of
Linux in the world.

DFS wrote:

> Bob Hauck wrote:
> 
>>On Thu, 17 Jun 2004 15:49:59 -0400, DFS <nospam@nospam.com> wrote:
>>
>>>Bob Hauck wrote:
>>>
>>>>On Thu, 17 Jun 2004 17:11:22 GMT, Rick <rick@none.com> wrote:
>>>>
>>>>>On Thu, 17 Jun 2004 12:05:18 -0400, DFS wrote:
>>>>
>>>>>>>In fact, you don't even appear to know what cron does?
>>>>>>
>>>>>>scheduler.  The Windows Scheduled Tasks feature is better.
>>>>>
>>>>>How?
>>>>
>>>>It reduces the potential load on the system by making it really hard
>>>>to schedule a task to run more often than once a day.
>>>
>>>"really hard"?!?!?   LOL!
>>>
>>>Another Linux moron that can't figure out Windows.  Gawd, but you
>>>guys are unbelievable sometimes.
>>
>>Ok, so I'm a moron.
> 
> 
> If you consider using Windows Scheduled Tasks to schedule a task to run more
> often than once a day "really hard" then you are indeed a moron.
> 
> 
> 
> 
> 
>>But you still haven't explained how Windows'
>>scheduler is better than cron.  Perhaps you could do some actual
>>advocacy instead of just name-calling.  I know it is a stretch,
>>but you could try.
>>
>>So, how is the Windows scheduler better?  Please enlighten us.
> 
> 
> Take a look at it with me, boy.  You ready?
> 
> See how easy it is to use?  See how the list of apps pops up when I create a
> new Scheduled Task?  See the options for Idle Time and Power Management?
> See the limitless execution options: run as user, add comments,
> enabled/disabled, start time, stop time, daily, weekly, monthly, once, on
> bootup, on logon, on idle, stop on not idle, retry for X minutes, repeat
> loops, automatic task deletion after it runs once, stop if it runs for X
> time, multiple schedules for the same task, etc.?
> 
> Now look at cron.  Ugh.  What a piece of crap.
> 
> Now look at Windows Scheduled Tasks - the power never ends.
> 

And it is very obvious that you can't go beyond point-n-click either. 
Cron is very powerful and beyond that of windows.  Can you daisy-chain 
other tasks and pipe them to other networked machines to do other things 
at other times on the other processors as well?  How about clusters?

DFS wrote:

> Start with the right hand... 1,2,3,4,5
> Go to the left hand... 6,7,8,9,10
> Make a tick mark on a page
> start over with the right hand...
> 

Sounds like the hokey-pokey to me.

GreyCloud wrote:
> DFS wrote:
>
>> Bob Hauck wrote:
>>
>>> On Thu, 17 Jun 2004 15:49:59 -0400, DFS <nospam@nospam.com> wrote:
>>>
>>>> Bob Hauck wrote:
>>>>
>>>>> On Thu, 17 Jun 2004 17:11:22 GMT, Rick <rick@none.com> wrote:
>>>>>
>>>>>> On Thu, 17 Jun 2004 12:05:18 -0400, DFS wrote:
>>>>>
>>>>>>>> In fact, you don't even appear to know what cron does?
>>>>>>>
>>>>>>> scheduler.  The Windows Scheduled Tasks feature is better.
>>>>>>
>>>>>> How?
>>>>>
>>>>> It reduces the potential load on the system by making it really
>>>>> hard to schedule a task to run more often than once a day.
>>>>
>>>> "really hard"?!?!?   LOL!
>>>>
>>>> Another Linux moron that can't figure out Windows.  Gawd, but you
>>>> guys are unbelievable sometimes.
>>>
>>> Ok, so I'm a moron.
>>
>>
>> If you consider using Windows Scheduled Tasks to schedule a task to
>> run more often than once a day "really hard" then you are indeed a
>> moron.
>>
>>
>>
>>
>>
>>> But you still haven't explained how Windows'
>>> scheduler is better than cron.  Perhaps you could do some actual
>>> advocacy instead of just name-calling.  I know it is a stretch,
>>> but you could try.
>>>
>>> So, how is the Windows scheduler better?  Please enlighten us.
>>
>>
>> Take a look at it with me, boy.  You ready?
>>
>> See how easy it is to use?  See how the list of apps pops up when I
>> create a new Scheduled Task?  See the options for Idle Time and
>> Power Management? See the limitless execution options: run as user,
>> add comments, enabled/disabled, start time, stop time, daily,
>> weekly, monthly, once, on bootup, on logon, on idle, stop on not
>> idle, retry for X minutes, repeat loops, automatic task deletion
>> after it runs once, stop if it runs for X time, multiple schedules
>> for the same task, etc.?
>>
>> Now look at cron.  Ugh.  What a piece of crap.
>>
>> Now look at Windows Scheduled Tasks - the power never ends.
>>
>
> And it is very obvious that you can't go beyond point-n-click either.

Didn't you hear the world moved beyond the command line?  I know it gives
you Linux guys a feeling of superiority, but it's really just a huge pain in
the ass to have to learn and remember eight switches just to list your
files.



> Cron is very powerful and beyond that of windows.  Can you daisy-chain
> other tasks and pipe them to other networked machines to do other
> things at other times on the other processors as well?  How about
> clusters?

I've only tapped the low end myself.  I don't know about those features, but
I would imagine so.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thu, 17 Jun 2004 16:16:53 -0700,
 T.G.Reaper <Reaper@127.0.0.1.Com> wrote:
> On Thu, 17 Jun 2004 15:39:44 -0700, Kelsey Bjarnason wrote:
>
>>> I just read an exchange online the other night between two hackers
>>> discussing the stolen Valve Half-Life 2 code.  They were throwing Linux
>>> terms around left and right.  Now, they could have been using Unix, but
>>> I doubt it.
>> 
>> And having stolen Half-Life 2 code is the same as releasing viruses?
>
> It takes the same mentality to release a virus as it does
> to steal code. Neither are honorable events.
>


So would you class folks who pirate software in the same group? 

You know, little programmes, that no one will bother hunting them down
for...

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFA0qr0d90bcYOAWPYRAigUAJwNat8WITsPskLqsVJpXB4BlDZHfQCdH07n
mAylr1rDhTiq/YmaQKnPr6U=
=eYjM
-----END PGP SIGNATURE-----

-- 
Jim Richardson     http://www.eskimo.com/~warlock
Monday. Not just another day; a never ending spiral to Hell.
	 (With a stop in Cleveland.) 
		--Mark P. Beckman 

On Thu, 17 Jun 2004 23:28:05 -0400, the wintroll known as DFS posted this drivel:

> Rick wrote:
>> On Thu, 17 Jun 2004 14:24:29 -0400, DFS wrote:
>>
>>> Rick wrote:
>>>> On Thu, 17 Jun 2004 12:36:15 -0400, DFS wrote:
>>>>
>>>>
>>>>> <spike1@freenet.co.uk> wrote in message
>>>>> news:o0qrac.mkr.ln@freenet.co.uk...
>>>>>> DFS <nospam@nospam.com> wrote:
>>>>>>> Again, that's 'cause you use open source code.  And how often
>>>>>>> should you have to update your software, anyway?  Seems Linux
>>>>>>> slopware is updated almost weekly in a lot of cases.
>>>>>>
>>>>>> And weekly is bad.... why exactly?
>>>>>
>>>>> 'Cause it shows the software wasn't ready last week, and it won't be
>>>>> ready this week, and it won't be ready a week from now.
>>>>
>>>> So window$ wasn't ready 5 years ago, and it isn't ready now, and it
>>>> won't be ready 5 years from now.
>>>
>>> I feel your pain, boy.
>>
>> If you are addressing me, I am in no pain.
> 
> You're numb from too many Linux slopware updates - do they measure them in
> minutes now?

[showing stupidity]

 
>>> but it's only Linux users who don't.  What's wrong with this picture?
>>
>> your bigoted vision is the problem.

[Oh & he's *not* bigoted?] 

>>>>> I would be very
>>>>> suspicious of any software updated every week, or month, etc.
>>>>
>>>> Why?
>>>
>>> If you honestly have to ask, you wouldn't understand the answer.
>>
>> Translation: You can't answer that question either.

[Evasion, he doesn't know]

>>>> (snip)
>>>>>> Ah, you don't understand the free software author's mindset...
>>>>>> Understandable coming from you, that. Never heard of the reward of
>>>>>> peer review and self satisfaction of a job well done?
>>>>>
>>>>> True.  I don't understand free software.
>>>>
>>>> Finally. You make a true statement. You don't understand free
>>>> software.
>>>
>>> I've said this all along.
>>
>> Then read and try to learn and stop making horrendously stupid
>> statements.
> 
> What's to learn?

[More ignorance *&* arrogance]

<snip>
>>> If peer review makes you happy, more power to you.
>>>
>>>> Instead of continuously and ignorantly lashing out at something you
>>>> don't understand, maybe you should try to learn about it.
>>>
>>> What's to learn?  I can write open source software, and contribute to
>>> the "community."  In turn, I can use and learn from open source
>>> software.
>>
>> That's right. You can also sell that software. If it's good enough, and
>> you are bright enough to market it.
> 
> Sell open source software?  Who would buy it?  Linux users are broke, or
> cheap, or both.

[Stupid Blanket statement, showing ignorance] 

<snip>
>>>>>> What does apache or sendmail have to do with linux? You think our
>>>>>> distros would help us update 3rd party apps?.... um... HELL YES!
>>>>>
>>>>> Spoiled.  Cheap.  Broke.  syn: Linux user.
>>>>
>>>> Again.. your statement does not parse.
>>>
>>> 'Cause you're using a crippled, untested, open source parser...
>>
>> There you go again, making horrendously stupid comments.
> 
> Then I've been spending too much time amongst cola nuts.

[Typical statement from a wintroll] 

,snip>
>>> Gates is a damn smart guy is what he is, and an awesome businessman; he
>>> started and runs a company that has 95% market share in some of its
>>> businesses.
>>
>> And they got there and stay there by illegal, immoral and unethical
>> means.
> 
> They got there by being smart and working hard and creating excellent
> products.

ROTFL!!
 
> You're smearing the entire company for a few business practice violations,
> that have harmed few people or businesses.  It's not like they're forcing
> you to buy their software.
> 
> And according to SCO, Linux isn't entirely innocent, either.

[And as SCO can't prove anything...or why haven't they sued yet, instead
of trying to back off?]
<snip>
>>>>> That's why it's called spyware.
>>>>
>>>> ... so much for answering his question.
>>>
>>> He didn't have a question.
>>
>> No? ...
>> "How about someone who IS competent at working with windows and STILL
>> can't get rid of the most stubborn spyware?" ... isn't a question?
> 
> No.  Just placing a question mark at the end of a sentence doesn't make it
> a question?

[More evasion] 

<snip> 
> I just quoted the figures shown in Wired Magazine: 58% market share for
> Windows Server OSs, 19% market share for Linux server OSs.

During fiscal 2004, which closes June 2004, *Microsoft predicts* Windows
Server share on servers would be *53.7* percent, up slightly, from *53.1*
percent in fiscal 2003. By contrast, *Microsoft estimates* Linux's share
will increase to *19.2* percent from 16.7 percent during the same period.
http://www.geekfishing.net/archives/2003_07.php

Server market goes mad for Linux: Tuesday, May 25 2004
http://www.enn.ie/frontpage/news-9413231.html

Web Server Survey: June 1st, 2004 
http://www.securityspace.com/s_survey/data/200405/
#1 - Apache

Secure Server Survey: June 1st, 2004
http://www.securityspace.com/s_survey/sdata/200405/
#1 - Apache

<snip>

-- 
The short life and hard times of a Linux virus
http://librenix.com/?inode=21
Linux vs. Windows Viruses
http://www.securityfocus.com/columnists/188

begin On Thu, 17 Jun 2004 22:48:57 -0600, GreyCloud posted:

> 
> 
> DFS wrote:
> 
>> Start with the right hand... 1,2,3,4,5 Go to the left hand... 6,7,8,9,10
>> Make a tick mark on a page
>> start over with the right hand...
>> 
>> 
> Sounds like the hokey-pokey to me.

It's probably the only way he can count!

-- 
Coach - How's life Norm?
Norm - Not for the squeamish, Coach.
(Cheers, 1982)

On Thu, 17 Jun 2004 22:44:48 -0600, GreyCloud <mist@cumulus.com> wrote:
> DFS wrote:

>> Now look at Windows Scheduled Tasks - the power never ends.
>> 
> 
> And it is very obvious that you can't go beyond point-n-click either. 
> Cron is very powerful and beyond that of windows.  Can you daisy-chain 
> other tasks and pipe them to other networked machines to do other things 
> at other times on the other processors as well?  How about clusters?

<sarcasm>

The command line is dead.  Bill and Steve said so.  The modern thing to
do is to assemble a team to write a custom GUI in .NET that uses SOAP to
execute RPC's on the remote machines.  That's much better than using some
crufty old script you wrote in an afternoon.  Sure it costs more, but if
you want the latest stuff you have to pay for it!

</sarcasm>


-- 
 -| Bob Hauck
 -| To Whom You Are Speaking
 -| http://www.haucks.org/

DFS <nospam@nospam.com> wrote:
> But your reference to "window$" is.  I need to come up with some new
> insults: Lame-ux?  LOLux?  Not too catchy.  I'll keep working on it.

OK, OK...
As you're soooo lacking in the basic trollish behaviour and culture, I'll
help you out on this one... Try linsux. It's one of the more common ones.
(See? Why should we care what you call it, you've already proven your
opinion worthless, and using silly names will only validate that opinion
more)

But... We all have our pet names for things we hate. Microsloth, M$,
windoze, winME (yuppy flu in software form), dross, so, it's only fair, I
suppose.

DFS <nospam@nospam.com> wrote:
>> And it is very obvious that you can't go beyond point-n-click either.

> Didn't you hear the world moved beyond the command line?  

No, the WINDOWS world moved away from the command line. And lost a lot of
power in the process... Or would have if the dosshell had been worth squat
in the first place.

> I know it gives you Linux guys a feeling of superiority, but it's really
> just a huge pain in the ass to have to learn and remember eight switches
> just to list your files.

"ls" too difficult for you, is it?

begin On Fri, 18 Jun 2004 14:06:28 +0100, spike1 posted:

> DFS <nospam@nospam.com> wrote:
>> But your reference to "window$" is.  I need to come up with some new
>> insults: Lame-ux?  LOLux?  Not too catchy.  I'll keep working on it.
> 
> OK, OK...
> As you're soooo lacking in the basic trollish behaviour and culture, I'll
> help you out on this one... Try linsux. It's one of the more common ones.
> (See? Why should we care what you call it, you've already proven your
> opinion worthless, and using silly names will only validate that opinion
> more)
> 
> But... We all have our pet names for things we hate. Microsloth, M$,
> windoze, winME (yuppy flu in software form), dross, so, it's only fair, I
> suppose.

Not forgetting others I've seen: Gatesware, Micro$haft, $haftware etc.. ;-)

-- 
"Christ, it must be Monday" thought Biggles as 
he rubbed his ears, eyes, nose and throat, checked 
his privates, knees and wallet - but that is a
different story, and a different usenet group!

DFS <nospam@nospam.com> wrote:
>>> Several hundred million people feel otherwise,
>>
>> Feel free to prove that.

> It's off to the 'Net.

> "Microsoft has sold 210 Million Copies of Windows XP"
> http://www.edbott.com/weblog/archives/000111.html

And how many of them curse it everytime it boots up, locks up, loses a
device or otherwise fucks up? How many hate digging through the endless
levels of windowy stupidity to do the simplest config change?

Sales !=customer satisfaction.


>> Then read and try to learn and stop making horrendously stupid
>> statements.

> What's to learn?

Try starting with basic reading and writing skills, then move up to
comprehending the sentences that you're reading and how they relate to the
surrounding sentences... Then perhaps you'll understand what someone says to
you and stop making an arse of yourself...

Unlikely I know, but it's worth a shot.
>> No? ...
>> "How about someone who IS competent at working with windows and STILL
>> can't get rid of the most stubborn spyware?"
>> ... isn't a question?

> No.  Just placing a question mark at the end of a sentence doesn't make it a
> question?

Placing a word used to query at the front doesn't either?
You know the ones? Who, where, how, when, what, why?

<big snip>

>> you may now explain how all those machines are counted.

> Start with the right hand... 1,2,3,4,5
> Go to the left hand... 6,7,8,9,10
> Make a tick mark on a page
> start over with the right hand...

Try taking your shoes and socks off, you could count to 20 then...
PLEASE... keep your underwear on, no need to get all ambitious with 21.

On Fri, 18 Jun 2004 02:24:04 -0400, DFS wrote:

> GreyCloud wrote:
>> DFS wrote:
(snip)
>> Cron is very powerful and beyond that of windows.  Can you daisy-chain
>> other tasks and pipe them to other networked machines to do other things
>> at other times on the other processors as well?  How about clusters?
> 
> I've only tapped the low end myself.  I don't know about those features,
> but I would imagine so.

Translation: 'DFS' is again clueless.
-- 
Rick

On Thu, 17 Jun 2004 23:41:06 -0400, DFS wrote:

> Bob Hauck wrote:
>> On Thu, 17 Jun 2004 19:04:29 -0400, DFS <nospam@nospam.com> wrote:
>>> Bob Hauck wrote:
>>>> On Thu, 17 Jun 2004 15:49:59 -0400, DFS <nospam@nospam.com> wrote:
>>>>> Bob Hauck wrote:
>>>>>> On Thu, 17 Jun 2004 17:11:22 GMT, Rick <rick@none.com> wrote:
>>>>>>> On Thu, 17 Jun 2004 12:05:18 -0400, DFS wrote:
>>>>>>
>>>>>>>>> In fact, you don't even appear to know what cron does?
>>>>>>>>
>>>>>>>> scheduler.  The Windows Scheduled Tasks feature is better.
>>>>>>>
>>>>>>> How?
>>>>>>
>>>>>> It reduces the potential load on the system by making it really hard
>>>>>> to schedule a task to run more often than once a day.
>>>>>
>>>>> "really hard"?!?!?   LOL!
>>>>>
>>>>> Another Linux moron that can't figure out Windows.  Gawd, but you
>>>>> guys are unbelievable sometimes.
>>>>
>>>> Ok, so I'm a moron.
>>>
>>> If you consider using Windows Scheduled Tasks to schedule a task to run
>>> more often than once a day "really hard" then you are indeed a moron.
>>
>> Once upon a time it did not have all the options it has in XP.  So I
>> didn't check to see what the changes were.  Sue me.
> 
> Those are the options in Win2000.
> 
> 
> 
>>>> So, how is the Windows scheduler better?  Please enlighten us.
>>>
>>> Take a look at it with me, boy.  You ready?
>>>
>>> See how easy it is to use?
>>
>> KDE includes a GUI for cron.  It is pretty easy to use.
> 
> I saw a cron GUI on a screenshot.  Very rudimentary.

When did you see this, in 1994? Look at Kcron:

<http://docs.kde.org/en/3.1/kdeadmin/kcron/>

> 
> 
>>> See how the list of apps pops up when I create a new Scheduled Task?
>>
>> I can't remember the last time I ran OOo Writer or Acroread from cron.
>> Normally I run scripts or simple command sequences.  Do batch files show
>> up in the task scheduler list, or do I have to browse for them? Yeah, I
>> thought so.  Just like kcron then.
>>
>>
>>> See the options for Idle Time and Power Management?
>>
>> Yes, that's nice.  There are cron's for Unix that do that, but it isn't
>> standard on my distro so I'd have to script that.
> 
> Move to Windows, and save your scripting for things the OS doesn't do.
> Which isn't much these days.

I see. No one in your world uses VisualBasic fro scripting. You had better
tell Office developers.


>>> See the limitless execution options: run as user, add comments,
>>> enabled/disabled, start time, stop time, daily, weekly, monthly, once,
>>> on bootup, on logon, on idle, stop on not idle, retry for X minutes,
>>> repeat loops, automatic task deletion after it runs once, stop if it
>>> runs for X time, multiple schedules for the same task, etc.?
>>
>> Some of those things (e.g. "run on logon", "run once") are not handled
>> by cron under Unix, but they can be done easily enough.  The "at"
>> command or ktimer does "run once".  The startup folder does "run on
>> login".  Obviously, cron can do daily, weekly, monthly, start, stop,
>> multiple schedules.
>>
>> Delete after X times I'd have to script.  Can't say I've ever needed it
>> but I guess it's a feature that cron doesn't have.
> 
> Geez.  Don't get too worked up.

Why should he?
> 
>>> Now look at cron.  Ugh.  What a piece of crap.
>>
>> Yes, and it only took Windows 20 years to catch up.
> 
> And Linux will NEVER catch up to Windows.

Catch up how?

> So sorry.  Doesn't mean Linux
> isn't good; you'll always have that "the best technology doesn't always
> win" claim to fall back on.

No, it doesn't. But Linux IS gaining ground worldwide.


>> Tell me, how do I get the output from a scheduled task?  Cron can email
>> it to me.  That's a nice way to get notified of problems.  I consider it
>> a more important feature than "delete after x times".
>>
>> I'm still waiting for the vast superiority I was promised.
> 
> Who promised you that?

You did. You stated window$ scheduler was vastly superior. Prove it.

> 
>> It looks
>> to me as if the Scheduler has finally caught up and maybe added some
>> geegaws but is fundamentally not that much different than current cron
>> versions.
>>
>> Which stands to reason, as there are only so many features tha make
>> sense in a scheduler.
> 
> That's what they said about Tide.  Look how much it's been improved.

-- 
Rick

Rick wrote:
> On Thu, 17 Jun 2004 23:41:06 -0400, DFS wrote:

>> And Linux will NEVER catch up to Windows.
>
> Catch up how?

Sales.  Market share.  Mindshare.  Gaming.  Hardware support (I hear Kelsey
knocking).



>> So sorry.  Doesn't mean Linux
>> isn't good; you'll always have that "the best technology doesn't
>> always win" claim to fall back on.
>
> No, it doesn't. But Linux IS gaining ground worldwide.

I hope so.  It's given away for FREE!  wtf?





>>> Tell me, how do I get the output from a scheduled task?  Cron can
>>> email it to me.  That's a nice way to get notified of problems.  I
>>> consider it a more important feature than "delete after x times".
>>>
>>> I'm still waiting for the vast superiority I was promised.
>>
>> Who promised you that?
>
> You did. You stated window$ scheduler was vastly superior. Prove it.

I did?  Where?  Prove it.

On Thu, 17 Jun 2004 23:28:05 -0400, DFS wrote:

> Rick wrote:
>> On Thu, 17 Jun 2004 14:24:29 -0400, DFS wrote:
>>
>>> Rick wrote:
>>>> On Thu, 17 Jun 2004 12:36:15 -0400, DFS wrote:
>>>>
>>>>
>>>>> <spike1@freenet.co.uk> wrote in message
>>>>> news:o0qrac.mkr.ln@freenet.co.uk...
>>>>>> DFS <nospam@nospam.com> wrote:
>>>>>>> Again, that's 'cause you use open source code.  And how often
>>>>>>> should you have to update your software, anyway?  Seems Linux
>>>>>>> slopware is updated almost weekly in a lot of cases.
>>>>>>
>>>>>> And weekly is bad.... why exactly?
>>>>>
>>>>> 'Cause it shows the software wasn't ready last week, and it won't be
>>>>> ready this week, and it won't be ready a week from now.
>>>>
>>>> So window$ wasn't ready 5 years ago, and it isn't ready now, and it
>>>> won't be ready 5 years from now.
>>>
>>> I feel your pain, boy.
>>
>> If you are addressing me, I am in no pain.
> 
> You're numb from too many Linux slopware updates - do they measure them in
> minutes now?

OK, time to call a spade a shovel, or in your case, call a liar a liar.
 
>>> Several hundred million people feel otherwise,
>>
>> Feel free to prove that.
> 
> It's off to the 'Net.
> 
> "Microsoft has sold 210 Million Copies of Windows XP"
> http://www.edbott.com/weblog/archives/000111.html
> 
> But then you knew that.

That shows product was sold. It doesn't say anything about the 'readiness'
of window$

 
>>> but it's only Linux users who don't.  What's wrong with this picture?
>>
>> your bigoted vision is the problem.

>>>>> I would be very
>>>>> suspicious of any software updated every week, or month, etc.
>>>>
>>>> Why?
>>>
>>> If you honestly have to ask, you wouldn't understand the answer.
>>
>> Translation: You can't answer that question either.
> 
>>>> (snip)
>>>>>> Ah, you don't understand the free software author's mindset...
>>>>>> Understandable coming from you, that. Never heard of the reward of
>>>>>> peer review and self satisfaction of a job well done?
>>>>>
>>>>> True.  I don't understand free software.
>>>>
>>>> Finally. You make a true statement. You don't understand free
>>>> software.
>>>
>>> I've said this all along.
>>
>> Then read and try to learn and stop making horrendously stupid
>> statements.
> 
> What's to learn?

You have already stated, repeatedly, you don't the Open Source model(s).
Read and learn.
> 

>>>>> And peer review?  My peers don't  pay my bills; my clients do.
>>>>
>>>> What does that have to do with the fact that many people gain
>>>> satisfaction from peer review and from know they have done something
>>>> good for the community?
>>>
>>> Again: My peers don't pay my bills; my clients do.
>>
>> See conveniently forget, you weren't the center of the comments.
> 
> Sure I was.  You said, and I quote "Understandable coming from you, that.
> Never heard of the reward of peer review and self satisfaction of a job
> well done?"
> 

You aren't 'Open Source Developers'. They are the ones gaining
satisfaction from their efforts. Apparently you gain only gain
satisfaction from getting money.
> 
> 
> 
>>> If peer review makes you happy, more power to you.
>>>
>>>> Instead of continuously and ignorantly lashing out at something you
>>>> don't understand, maybe you should try to learn about it.
>>>
>>> What's to learn?  I can write open source software, and contribute to
>>> the "community."  In turn, I can use and learn from open source
>>> software.
>>
>> That's right. You can also sell that software. If it's good enough, and
>> you are bright enough to market it.
> 
> Sell open source software?  Who would buy it?

Ask Mandrake. Ask Novell/SuSE. Ask SCO/Chaldera. Ask IBM. Ask HP. Ask ...

>  Linux users are broke, or cheap, or both.

Some undoubtedly are. The overwhelming aren't. 


>>> Yippee!
>>
>> That's right.
>>>
>>>
>>>>>>>>> It's mind-numbingly easy to use Windows update; you can schedule
>>>>>>>>> updates to run automatically at any time of the day or night.
>>>>>>>>
>>>>>>>> Good.  Now, this updates, say, SQL Server?  MS Office?  Visual
>>>>>>>> Studio? Borland's development tools?  Corel's apps?  WinAmp? No,
>>>>>>>> didn't think
>>>>> so.
>>>>>>
>>>>>>> What does Borland have to do with MS, except to make applications
>>>>>>> that run on Windows?  Why do you think the OS vendor should help
>>>>>>> you update your
>>>>> 3rd
>>>>>>> party apps?  You're spoiled because of free software.
>>>>>>
>>>>>> What does apache or sendmail have to do with linux? You think our
>>>>>> distros would help us update 3rd party apps?.... um... HELL YES!
>>>>>
>>>>> Spoiled.  Cheap.  Broke.  syn: Linux user.
>>>>
>>>> Again.. your statement does not parse.
>>>
>>> 'Cause you're using a crippled, untested, open source parser...
>>
>> There you go again, making horrendously stupid comments.
> 
> Then I've been spending too much time amongst cola nuts.
> 
Why are you spending time with snacks?


>>>>>>>> Wake me up when Windows gets to the point Linux is at today.  I
>>>>>>>> figure that'll be about 2053.
>>>>>>
>>>>>>> Yet Windows expensive, proprietary server OSes have twice the
>>>>>>> market share of free/low cost Linux/Unix server OSes?  Sounds like
>>>>>>> a lot of people think Windows is already far beyond Linux, and are
>>>>>>> willing to pay for the privilege.
>>>>>>
>>>>>>> [insert whining about MS monopoly, MS marketing, or uneducated
>>>>>>> admins]
>>>>>>
>>>>>> No need, you inserted them for us, but it's true.
>>>>>
>>>>> Well there you go.  Glad to provide your excuses for you.
>>>>>
>>>>>
>>>>>
>>>>>> The PC started out soley as a microsoft DOS machine, microsoft
>>>>>> bundled dos with IBMs machines and then sold licenses to all the
>>>>>> other clone manufacturers, the rest, as they say, is history.
>>>>>>
>>>>>> It may have been a very different world we'd be living in if the
>>>>>> bloke from digital equipment hadn't been on his boat that fateful
>>>>>> day. digital equipment hadn't been on his boat that fateful day.
>>>>>
>>>>> Maybe so.
>>>>
>>>> 'The bloke from Digital Research' met with the IBM reps 'that day'.
>>>> They didn't wnat to license CP/M, they wanted to buy it. Gates
>>>> convinced IBM to license an OS m$ didn't, and then IBM priced CP/M out
>>>> of competition.
>>>
>>> Gates is a damn smart guy is what he is, and an awesome businessman; he
>>> started and runs a company that has 95% market share in some of its
>>> businesses.
>>
>> And they got there and stay there by illegal, immoral and unethical
>> means.
> 
> They got there by being smart and working hard and creating excellent
> products.

Tell that to the US and European Courts.

> 
> You're smearing the entire company for a few business practice violations,
> that have harmed few people or businesses.

Tell that to Digital Research, Go Computing, Intuit, Netscape, Apple,
Vobis and all the other companies that have had dealings with micro$oft.


>  It's not like they're forcing you to buy their software.

Walk into almost any computer store. Then buy an Intel/AMD/whatever
machine without window$. The go look up the legal definition of monopoly
and the legal and economic definitions of monopoly power.

> 
> And according to SCO, Linux isn't entirely innocent, either.

Every one of SCO's accusations has been answered in the press. They
continue to delay in the courts and they have been counter-sued for their
claims. The German courts have ordered SCO to stop spewing their FUD until
they can prove something.

>>>>>>>> It is if it doesn't want to be uninstalled.  However, the issue
>>>>>>>> isn't removing it; it's keeping it, but in such a way that it runs
>>>>>>>> when _you_ want it to run, not when _it_ thinks it should.
>>>>>>
>>>>>>> I do have to wonder why the average Linux user, who claims to be
>>>>>>> (and might be) so technically competent, has such difficulties
>>>>>>> working with Windows.
>>>>>>
>>>>>> How about someone who IS competent at working with windows and STILL
>>>>>> can't get rid of the most stubborn spyware? For I know such a man.
>>>>>>
>>>>>> Oh, he got rid in the end, but it took him 5 times longer than it
>>>>>> should've.
>>>>>
>>>>> That's why it's called spyware.
>>>>
>>>> ... so much for answering his question.
>>>
>>> He didn't have a question.
>>
>> No? ...
>> "How about someone who IS competent at working with windows and STILL
>> can't get rid of the most stubborn spyware?" ... isn't a question?
> 
> No.  Just placing a question mark at the end of a sentence doesn't make it
> a question?

Now you can go back and study sentence structure. The learn to relate a
question with comments before it.

> 
> 
>>>>>>>>> OK.  Very well put, I must say.  I can't and won't argue, except
>>>>>>>>> to say keeping Windows secured isn't nearly as difficult as you
>>>>>>>>> make it sound.
>>>>>>>>>
>>>>>>>>> I don't do much network admin for Windows (none for Linux)
>>>>>>>>
>>>>>>>> I do both.  Windows is a nightmare.  Even worse is when you have
>>>>>>>> to keep, say, 100 machines up to date.
>>>>>>>>
>>>>>>>> Here's an example.  Suppose I want to maintain 100 Win2K machines.
>>>>>>>> I have one which I use as a testbed, to ensure that patches, etc,
>>>>>>>> don't break anything.  Now that I've tested them all... how do I
>>>>>>>> roll them out, automatically, to every system on the network?
>>>>>>>> Invisibly? Without
>>>>> user
>>>>>>>> interaction?  Without interfering with their work by, say, forcing
>>>>>>>> reboots?
>>>>>>
>>>>>>> I would think there's an easy way for a Windows network admin to
>>>>>>> distribute updates to all machines in a domain.  If I find out so,
>>>>>>> I'll be back to tell you.
>>
>>>>>>>> With Linux, it's easy.  I can either do it, say, 10 at a time
>>>>>>>> manually using tools such as screen, or I can write a little
>>>>>>>> script, applied to each machine once, which subsequently looks at
>>>>>>>> a specified network share point and, if there's any packages
>>>>>>>>  there, applies them.  How?  Well, let's
>>>>>>>> see.  First, for each machine, I define a new package repository -
>>>>>>>> trivially easy.  The cron job now does our usual set of things:
>>>>>>>>
>>>>>>>>   urpmi.update -a && urpmi --auto-select
>>>>>>>>
>>>>>>>> Voila.  Done.  Drop that into a crontab on each machine, once,
>>>>>>>> when rolling the machines out,
>>>>>>
>>>>>>> Wait a minute.  Sounds like you have to manually visit/touch each
>>>>>>> of the 100  machines?  Or am I missing something?
>>>>>>
>>>>>> you're missing cron.
>>>>>> the daemon that auto runs jobs at specified times of the
>>>>>> day/week/month/year.
>>>>>
>>>>> He said he had to edit the crontab on each machine when rolling the
>>>>> machines out.  Sounds like he had to do it manually.
>>>>
>>>> Your point?
>>>
>>> Well, he says updating Windows machines is such a chore, but it sounds
>>> like he has to manually update his Linux machines as well.
>>
>> Machines can be remotely batch administered.

Gee, I guess you didn't know that.

>>
>>
>>>>>> All he has to do is put tested patches and updates into a specific
>>>>>> directory on a shared filesystem, the cronjob on the other machines
>>>>>> does the rest.
>>>>>>
>>>>>>>> and from that point on, they will automatically update themselves.
>>>>>>>> With tested updates only.  Unobtrusively.  The
>>>>> user's
>>>>>>>> total knowledge of the process occurring at all is, generally
>>>>>>>> speaking, noticing that when they run application X, it's a new
>>>>>>>> version.
>>>>>>>>
>>>>>>>> Yes, there always the potential for problems - in both systems.
>>>>>>>> Difference is, Linux makes it easy to do the parts that *should*
>>>>>>>> be easy. Windows doesn't.  So doing this in Linux leaves you that
>>>>>>>> much more time
>>>>> to
>>>>>>>> spend fixing the problems, rather than fighting the system.
>>>>>>
>>>>>>> Yet with all these supposed Linux advantages, including low or no
>>>>>>> cost,
>>>>> they
>>>>>>> have just one-third the server OS market share of  MS?  (Wired Mag,
>>>>>>> June
>>>>> 04,
>>>>>>> pg.154, source: IDC)
>>>>>>
>>>>>> More IDC bullshit,I see...
>>>>>
>>>>> LOL!  You Linux morons do live in an alternate world.  If the big
>>>>> boys of the market research world don't support your fantasies, you
>>>>> dismiss them. If every study ever done indicates Linux has 3% of the
>>>>> desktop installations, you dismiss it and claim 16%. Because it just
>>>>> IS!
>>>>
>>>> How did IDC arrive at their installation numbers? Did they do some
>>>> statistically valid pole of server admins? Did they look at connection
>>>> logs? Did they look at retail/wholesale sales figures?
>>>
>>> pole = poll
>>>
>>> I don't know their survey methodologies.
>>
>> Then you don't how reliable the data is or if the data supports the
>> conclusions.
> 
> I just quoted the figures shown in Wired Magazine: 58% market share for
> Windows Server OSs, 19% market share for Linux server OSs.

And now you can define marketshare. Is it retail sales? Wholesale sales?
Hardware/software sales. Installations? Does it mean userbase?

Ad then how did they get their information? Did they scan ports? If they
did, how did they read masked machines? If they used a survey how where
the questions worded?

You just quoted the information ...


>>>>>> You don't get it do you? With windows, you buy one windows disk, you
>>>>>> can install it (legally) on one single machine. That counts as one
>>>>>> sale.
>>>>>
>>>>> What are you talking about?  I've installed Win2000 on several
>>>>> machines. Before WinXP, there were no restrictions on installations.
>>>>> And even with WinXP, there are activation hacks. So who knows how
>>>>> many copies of WinXP are sold once, but used multiple times.
>>>>
>>>> There have always been restrictions on installations of m$ OSs. One
>>>> license, one install has been the norm. Ask the owner of Ernie Ball.
>>>> They weren't using XP.
>>>
>>> I meant physical/electronic restrictions, of course, such as hardware
>>> activation.  The EULA allows one copy of Windows to be installed on one
>>> machine.
>>
>> You should have been more clear.
> 
> Yes, I see that.
> 
>>>>>> You buy a linux boxed set. You can install it in an entire server
>>>>>> farm, one disk all machines... You could even do it over the network
>>>>>> so they'd all install at once. (Try that with windows)
>>>>>
>>>>>
>>>>>> That counts as one sale.
>>>>>
>>>>> I know, I know - every Linux sale ever made is copied to multiple
>>>>> machines. This is the ONLY claim you guys can make that supports
>>>>> Linux as 16% of the desktop installations.  But it's bogus because
>>>>> the same can be said about Windows until XP, and even now there are
>>>>> plenty of people using activation hacks to get past that limitation.
>>>>
>>>> You are wrong. However, feel free to show some EULAs allowing multiple
>>>> installations of DOS, W3.1, W95 or W2K when only a single licensed has
>>>> bee legally acquired.
>>>
>>> The EULA doesn't allow multiple installations, but I'm sure it's
>>> occurred.
>>
>> And I am sure that each copy of m$'s has not been installed nearly as
>> many times as copies of Linux distros are installed. In fact, many
>> distros encourage users to copy and distribute the CDs.
> 
> I would agree with you.
> 
>>> You claim Linux sales are installed on several machines, but Windows
>>> sales aren't?  Why do you think this?  Even MS has estimated some 25%
>>> of its software in use is pirated.
>>>
>>>
>> I claim that Linux is multi-installed far more often than Linux. And
>> that is why 'Linux marketshare' is so hard to hard to pin down.
> 
> I think Linux is multi-installed exactly as often as Linux.

You think Linux is multi-installed exactly as often as Linux? I do too,
but window$ isn't multi-installed as often as Linux.


> 
> (you should be more clear.)
 
>>>>>> Of course, how does one measure it if even that single CD used to
>>>>>> install that server farm was copied off a friend? Or downloaded off
>>>>>> the net?
>>>>>>
>>>>>> IDC doesn't have the means to measure the use of linux in the server
>>>>>> OR desktop market because they have no means of counting the number
>>>>>> of installs. And random questionnaires won't cut it.
>>>>>
>>>>> I don't know what their statistical methodologies are, but I trust
>>>>> them a heck of a lot more than you cola nuts.
>>>>
>>>> Unless you know how the data was gathered, you cannot know how to
>>>> interpret it or how much the conclusion can be trusted.
>>>
>>> If it was pro-Linux numbers, they would be part of the cola newsgroup
>>> FAQ.
>>
>> Thank You for agreeing with me in that unless you know how the data was
>> gathered, you cannot know how to interpret it or how much the conclusion
>> can be trusted.
> 
> I'm not that suspicious of the IDC numbers.  Some of the other figures on
> the same page in Wired Mag were less kind to MS
> 
> MS has minority, but still sizeable, market shares in email, web and
> database servers.

That must weigh heavily on Gates, especially since his company wields
monopoly power in the desktop market.

> 
> 
>>>>>> Oh, they might be able to randomly sample webserver to see what
>>>>>> they're running, but that only counts machines facing the internet,
>>>>>> not the machines
>>>>>> behind the firewall on the private net.
>>>>>
>>>>> You don't know what they can or cannot count.
>>>>
>>>> You may now show all the ways it is possible to count firewalled and
>>>> masked machines.
>>>
>>> Well, the people that setup the firewalled and masked machines count
>>> them for IDC, and report their numbers.  Why is this so difficult for
>>> you to understand?
>>
>> you may now explain how all those machines are counted.
> 
> Start with the right hand... 1,2,3,4,5 Go to the left hand... 6,7,8,9,10
> Make a tick mark on a page
> start over with the right hand...

Translation: you have no idea how the information was obtained.

-- 
Rick

On Fri, 18 Jun 2004 00:11:05 -0400, DFS wrote:

> Rick wrote:
>> On Thu, 17 Jun 2004 22:37:32 -0400, DFS wrote:
>>
>>> Kelsey Bjarnason wrote:
>>>> [snips]
>>>>
>>>> On Thu, 17 Jun 2004 14:24:29 -0400, DFS wrote:
>>>>
>>>>>>>>> Again, that's 'cause you use open source code.  And how often
>>>>>>>>> should you have to update your software, anyway?  Seems Linux
>>>>>>>>> slopware is updated almost weekly in a lot of cases.
>>>>>>>>
>>>>>>>> And weekly is bad.... why exactly?
>>>>>>>
>>>>>>> 'Cause it shows the software wasn't ready last week, and it won't
>>>>>>> be ready this week, and it won't be ready a week from now.
>>>>>>
>>>>>> So window$ wasn't ready 5 years ago, and it isn't ready now, and it
>>>>>> won't be ready 5 years from now.
>>>>>
>>>>> I feel your pain, boy.  Several hundred million people feel
>>>>> otherwise, but it's only Linux users who don't.  What's wrong with
>>>>> this picture?
>>>>
>>>> Snideness aside, I notice you dodged the question.
>>>
>>> He wasn't asking a question.  He was making a snide comment about
>>> Windows.
>>
>> Actually my comment wasn't any more snide about window$ than yours about
>> Linux.
> 
> But your reference to "window$" is.  I need to come up with some new
> insults: Lame-ux?  LOLux?  Not too catchy.  I'll keep working on it.
> 

I refer to m$ and window$ with the dollar sign to show my utter contempt
for micro$oft, Gates, Balmer and the others that have used every immoral,
unethical and illegal means to get and keep their illegally maintained
monopoly. That monopoly has stifled competition and advances for decades.

You may now show how any Linux developer has stifled competition.
 
>>>> If Linux apps are
>>>> bad because they keep getting updated, aren't Windows apps also bad,
>>>> because they keep getting updated?  And isn't Windows itself also bad
>>>> because it keeps getting updated?
>>>
>>> Windows security is bad, no doubt about that.  But MS'  Windows apps
>>> such as Office and SQL Server are masterpieces, and they're very
>>> infrequently updated because they're already so good.
>>
>> AHA ahahah HAHA AHAH ahha ah AHHAA hahaha HAHAHA AHHA haa... Office. A
>> Masterpiece.
>> AHAH ahahah HAha HAHA AHAH aha HAH HA
> 
> You sound like you laugh a lot.  Linux making you batty, eh?  A nice does
> of WinXP and Office Pro will fix you right up.

I am trying to laugh more. I do use XP. I have a laptop from work. XP Pro
is installed on it. I like XP less than I liked the other window$
versions. As for Office, it does tend to make me nuts. It keeps trying to
make me write as it wants, as opposed to how I want.


> 
>>> But don't you feel odd getting Linux application updates every month,
>>> or however often?  To me it's an indication the developer isn't
>>> comfortable with the application.
>>
>> That's because you are clues. And very few apps are 'updated weekly'.
>> But I would imagine you could update some app or other every day.
> 
>>>> This, however, ignores another key point.  All software has bugs; this
>>>> is just how things are.  Linux's answer is to fix 'em fast and release
>>>> 'em fast.  Apparently, you would rather live with the bugs for months
>>>> on end, only getting updates say, twice a year.
>>>>
>>>> Why?  Makes no sense to me.  I'd much rather get the updates fast.
>>>
>>> More power to you.  Makes me wonder about the software.
>>
>> That's because you are clueless, and apparently would rather live with
>> bugs.
> 
> If there are enough bugs to force weekly or monthly updates, someone needs
> to get some slopware testers off their asses.
> 

I agree, but then you can't get micro$oft to fix their software.

 
>>>>>>> I would be very
>>>>>>> suspicious of any software updated every week, or month, etc.
>>>>>>
>>>>>> Why?
>>>>>
>>>>> If you honestly have to ask, you wouldn't understand the answer.
>>>>
>>>> See above.  You'd rather live with the bugs for months, in order to
>>>> get twice-yearly updates?  Fine - just don't update your software
>>>> until then.
>>>>
>>>> Personally, I'd rather get updates faster.
>>>
>>> More power to you.  Makes me wonder about the software.
>>>
>> That's because you are clueless, and apparently would rather live with
>> bugs.
> 
> Deja vu' there.
> 
Yup... you're still clueless.
 
>>>>>> Instead of continuously and ignorantly lashing out at something you
>>>>>> don't understand, maybe you should try to learn about it.
>>>>>
>>>>> What's to learn?  I can write open source software, and contribute to
>>>>> the "community."  In turn, I can use and learn from open source
>>>>> software. Yippee!
>>>>
>>>> One thing you could learn is just exactly how flexible Linux is
>>>> compared to what you're used to now.
>>>
>>> I've been threatening to install a fresh Linux distribution soon, and I
>>> will.  I got Mandrake 9.2 with a Linux Format Handbook.
>>
>> Of course, you can't bothered with installing the current distro.
> 
> LOL!  Back to the same old argument: "You didn't install the latest
> distro! Everything's working in kernel 2.6.7.seconds.ago!"

I didn't say everything was working. That's your dishonest implication.
But it seems you can't be bothered with using a current version, so go
ahead and use MDK 9.2. Some people swear by it, some swear at it, but it
seems many, many people love it.

> 
> 
> 
>>>> See the nonsense about
>>>> "developer machine" for an example of this - you're stuck in a mindset
>>>> where there's a fundamental conceptual difference between "developer
>>>> machine" and "web server".  We don't have such dichotomies, if only
>>>> because Linux gives us the flexibility to use our systems as we see
>>>> fit.
>>>
>>> You're assuming things about me that aren't in evidence.  I used
>>> "developer machine" because I figured that would be most relevant to me
>>> and to you Linux techies.  If I had used "web server machine" in my
>>> example I would have loaded it with different software.
>>>
>>> And you still refuse to answer.
>>
>> you refuse to answer questions.
> 
> Untrue.

True.

> 
> 
> 
>>>>>>>>> Wait a minute.  Sounds like you have to manually visit/touch each
>>>>>>>>> of the 100  machines?  Or am I missing something?
>>>>>>>>
>>>>>>>> you're missing cron.
>>>>>>>> the daemon that auto runs jobs at specified times of the
>>>>>>>> day/week/month/year.
>>>>>>>
>>>>>>> He said he had to edit the crontab on each machine when rolling the
>>>>>>> machines out.  Sounds like he had to do it manually.
>>>>
>>>> Once.  At deployment.  Never again.
>>>
>>> OK.
>>>
>>>
>>>>> Well, he says updating Windows machines is such a chore, but it
>>>>> sounds like he has to manually update his Linux machines as well.
>>>>
>>>> Once.  At deployment.  Never again.
>>>
>>> OK.
>>>
>>>
>>>>>> You are wrong. However, feel free to show some EULAs allowing
>>>>>> multiple installations of DOS, W3.1, W95 or W2K when only a single
>>>>>> licensed has bee legally acquired.
>>>>>
>>>>> The EULA doesn't allow multiple installations, but I'm sure it's
>>>>> occurred.
>>>>
>>>> So?  Look at the position you've argued yourself into.  That you can
>>>> break the law, pirate the software, install it illegally on as many
>>>> machines as you want - as long as you don't get caught - and you're
>>>> offering this, somehow, as an argument in relation to an OS which you
>>>> can legally and legitimately install on 1,000 machines without a
>>>> problem.
>>>
>>> We were talking about counting installations.  He says you can't base
>>> Linux installations on sales because one sale of Linux is usually
>>> installed on multiple machines.  I think the same applies to Windows,
>>> but to a lesser degree.
>>
>> It applies to a much, much, much lesser degree. Or are you saying the
>> majority of window$ users are pirates?
> 
> I'm not saying anything of the sort.

Just how much of the window$ userbase are you calling pirates? Install one
licensed copy of window$ or an app on 2 computers and you have a pirate.

 
>>>>> You claim Linux sales are installed on several machines, but Windows
>>>>> sales aren't?  Why do you think this?  Even MS has estimated some 25%
>>>>> of its software in use is pirated.
>>>>
>>>> He's actually questioning the validity of your "market share" numbers
>>>> and the methodology of obtaining the information.  Eg suppose we
>>>> polled IBM and they had 50,000 machines, all running Windows - but
>>>> only 10 licenses. In a poll, presumably, they'd list only 10 licences.
>>>
>>> Sure, IF they asked about licenses.  If they asked about installations,
>>> IBM would answer differently (though the numbers should be close to
>>> each other).
>>
>>
>>>> However... the BSA would very likely be knocking on their door the
>>>> next day demanding an audit.  So chances are, IBM has very close to
>>>> the correct number of licenses.  All bought and paid for.  Easily
>>>> tracked.
>>>>
>>>> Now suppose someone in IBM went out and dropped a copy of Debian on
>>>> the network, and IBM's in-house people started trying it out.  They
>>>> could have 50,000 seats, but all anyone outside IBM would know about
>>>> would be the single download.  And there would have been zero sales. 
>>>> So, which numbers do we use?  50,000 Windows seats? 49,999 Windows
>>>> seats and 1 Linux seat?  50,000 Linux seats?
>>>>
>>>> You'd have to skip the sales and licensing figures entirely, for one
>>>> thing and talk to the users directly... while assuring each that no,
>>>> they won't be exposed for running "non-sanctioned software" on their
>>>> machines. Which means you're not going to get the full picture in any
>>>> case, but it'll be closer to reality than simply counting purchased
>>>> licenses, or using similar methodologies.
>>>
>>> Yes.  And I assume IDC talks to the users/managers directly.
>>
>> Why do you assume that, especially since you have no knowledge of their
>> methodologies?
> 
> Talks to = in person, on phone, emails, direct mailings, etc.  I assume so
> anyway.

Why do you assume that, especially since you have no knowledge of their
methodologies?
> 
> 
> 
>>>>>> Unless you know how the data was gathered, you cannot know how to
>>>>>> interpret it or how much the conclusion can be trusted.
>>>>>
>>>>> If it was pro-Linux numbers, they would be part of the cola newsgroup
>>>>> FAQ.
>>>>
>>>> If so, it would be wrong of the FAQ maintainers to do so.  The simple
>>>> reality is that it is almost impossible to gauge Linux usage.
>>>
>>> Yes.  Because of licensing it is probably easier to estimate Windows
>>> usage.
>>
>> Yes, and it is probably fair to say Liux installations are a great deal
>> higher than license sales.
> 
> Probably.  I would think downloads account for a good chunk of Linux
> installs.

And since downloads can't be included into sale, what do you think that
does to 'marketshare' figures?

> 
> 
>>>> All we
>>>> can do, really, is look for indicators.  OS identifiers in page
>>>> requests from popular sites.  Sales of things such as RH. Registered
>>>> users of, say, the linux counter.
>>>
>>> # of cola nuts...
>>
>> Why would you be counting snacks as computer installations? Oh. I
>> forgot. You are clueless.
> 
> There's a direct correlation between Linux nuts on cola and the growth of
> Linux in the world.

Can you show a reproducible study, complete with methodologies used and
data collected, to prove it?
-- 
Rick

[snips]

On Fri, 18 Jun 2004 11:01:09 -0400, DFS wrote:

> Sales.  Market share.  Mindshare.  Gaming.  Hardware support (I hear Kelsey
> knocking).

Every time you repeat that lie, expect me to stuff it back down your
throat.  The entire desktop industry is approximately 10% of the computing
world - if we're being generous.  Windows doesn't handle all of _that_,
and doesn't even handle all the bits of the few things it _does_ sort of
handle - the x86 PCs.

As to sales and market share, check RH's revenues. Notice they're
increasing?  Check the tech news - notice that Linux has beaten out
Windows in several places, and is gaining momentum?  MS is doing precisely
squat to meet the challenge.  Yet MS memos make it quite clear that MS is,
to be blunt, shit scared about Linux, even if _you_ happen to think it's
not a player.

On the other hand... even if Linux never does surpass Windows sales - so
what?  Mac never has, yet it's been a rather successful system.

begin On Fri, 18 Jun 2004 14:35:20 +0000, Rick posted:

> On Fri, 18 Jun 2004 02:24:04 -0400, DFS wrote:
> 
>> GreyCloud wrote:
>>> DFS wrote:
> (snip)
>>> Cron is very powerful and beyond that of windows.  Can you daisy-chain
>>> other tasks and pipe them to other networked machines to do other
>>> things at other times on the other processors as well?  How about
>>> clusters?
>> 
>> I've only tapped the low end myself.  I don't know about those features,
>> but I would imagine so.
> 
> Translation: 'DFS' is again clueless.

He proves it every time he posts.

-- 
"24 hour technical service...it takes
them 24 hours to pick up the damn phone!"

begin On Fri, 18 Jun 2004 15:24:21 +0000, Rick posted:

> I didn't say everything was working. That's your dishonest implication.
> But it seems you can't be bothered with using a current version, so go
> ahead and use MDK 9.2. Some people swear by it, some swear at it, but it
> seems many, many people love it.

Yeah, but it doesn't matter what he installs, as we already know what he's
going to say.

-- 
"Would you buy a used car
from this person?"

DFS wrote:

> GreyCloud wrote:
> 
>>DFS wrote:
>>
>>
>>>Bob Hauck wrote:
>>>
>>>
>>>>On Thu, 17 Jun 2004 15:49:59 -0400, DFS <nospam@nospam.com> wrote:
>>>>
>>>>
>>>>>Bob Hauck wrote:
>>>>>
>>>>>
>>>>>>On Thu, 17 Jun 2004 17:11:22 GMT, Rick <rick@none.com> wrote:
>>>>>>
>>>>>>
>>>>>>>On Thu, 17 Jun 2004 12:05:18 -0400, DFS wrote:
>>>>>>
>>>>>>>>>In fact, you don't even appear to know what cron does?
>>>>>>>>
>>>>>>>>scheduler.  The Windows Scheduled Tasks feature is better.
>>>>>>>
>>>>>>>How?
>>>>>>
>>>>>>It reduces the potential load on the system by making it really
>>>>>>hard to schedule a task to run more often than once a day.
>>>>>
>>>>>"really hard"?!?!?   LOL!
>>>>>
>>>>>Another Linux moron that can't figure out Windows.  Gawd, but you
>>>>>guys are unbelievable sometimes.
>>>>
>>>>Ok, so I'm a moron.
>>>
>>>
>>>If you consider using Windows Scheduled Tasks to schedule a task to
>>>run more often than once a day "really hard" then you are indeed a
>>>moron.
>>>
>>>
>>>
>>>
>>>
>>>
>>>>But you still haven't explained how Windows'
>>>>scheduler is better than cron.  Perhaps you could do some actual
>>>>advocacy instead of just name-calling.  I know it is a stretch,
>>>>but you could try.
>>>>
>>>>So, how is the Windows scheduler better?  Please enlighten us.
>>>
>>>
>>>Take a look at it with me, boy.  You ready?
>>>
>>>See how easy it is to use?  See how the list of apps pops up when I
>>>create a new Scheduled Task?  See the options for Idle Time and
>>>Power Management? See the limitless execution options: run as user,
>>>add comments, enabled/disabled, start time, stop time, daily,
>>>weekly, monthly, once, on bootup, on logon, on idle, stop on not
>>>idle, retry for X minutes, repeat loops, automatic task deletion
>>>after it runs once, stop if it runs for X time, multiple schedules
>>>for the same task, etc.?
>>>
>>>Now look at cron.  Ugh.  What a piece of crap.
>>>
>>>Now look at Windows Scheduled Tasks - the power never ends.
>>>
>>
>>And it is very obvious that you can't go beyond point-n-click either.
> 
> 
> Didn't you hear the world moved beyond the command line?  I know it gives
> you Linux guys a feeling of superiority, but it's really just a huge pain in
> the ass to have to learn and remember eight switches just to list your
> files.
> 
> 
> 
> 
>>Cron is very powerful and beyond that of windows.  Can you daisy-chain
>>other tasks and pipe them to other networked machines to do other
>>things at other times on the other processors as well?  How about
>>clusters?
> 
> 
> I've only tapped the low end myself.  I don't know about those features, but
> I would imagine so.
> 
> 

 From what I know, those that say they are using windows in a cluster is 
because the windows machines are front-ends to OpenVMS systems that are 
in a cluster, and OpenVMS has been using clusters for a very long time. 
  Windows doesn't do clustering.
Once you master a few simple symbols like '|', "<", "<<", ">", ">>" and 
"&" along with some simple command tools like sed, ar, awk, and anything 
else that will take input and give output, then your only limitations 
are your imagination.

On Fri, 18 Jun 2004 11:01:09 -0400, DFS wrote:

> Rick wrote:
>> On Thu, 17 Jun 2004 23:41:06 -0400, DFS wrote:
> 
>>> And Linux will NEVER catch up to Windows.
>>
>> Catch up how?
> 
> Sales. 

No shit, Sherlock. You do understand that $0 cost distros will be aroud
for a while, don't you?

Market share.

Define marketshare. Retail sales? Wholesale sales? Userbase installations?

Mindshare.

That goes with marketing. IBM, HP, Novell, Red Hat, Mandrake and others
may hep there.

Gaming.

Linux doesn't -have- to. Te Mac hasn't. Supposedly.

> Hardware support (I hear Kelsey knocking).

As 'mindshare' and Enterprise use increases, so will harware support.
> 
> 
> 
>>> So sorry.  Doesn't mean Linux
>>> isn't good; you'll always have that "the best technology doesn't always
>>> win" claim to fall back on.
>>
>> No, it doesn't. But Linux IS gaining ground worldwide.
> 
> I hope so.  It's given away for FREE!  wtf?

You again show your bigotry and stupidity. Red Hat sales, that sales, are
surging. Munich is -buying- software and services. China is -buying-
software and services. People -buy- distros. Get a clue.

 
>>>> Tell me, how do I get the output from a scheduled task?  Cron can
>>>> email it to me.  That's a nice way to get notified of problems.  I
>>>> consider it a more important feature than "delete after x times".
>>>>
>>>> I'm still waiting for the vast superiority I was promised.
>>>
>>> Who promised you that?
>>
>> You did. You stated window$ scheduler was vastly superior. Prove it.
> 
> I did?  Where?  Prove it.

You are correct, technically. However:

From: DFS (nospam@nospam.com)
Subject: Re: 52 security advisories for the week ending June 11, 2004?
Newsgroups: comp.os.linux.advocacy
Date: 2004-06-17 09:10:31 PST 

...."The Windows Scheduled Tasks feature is better."


AND ...

From: DFS (nospam@nospam.com)
Subject: Re: 52 security advisories for the week ending June 11, 2004?
Newsgroups: comp.os.linux.advocacy
Date: 2004-06-17 16:09:17 PST 


"Now look at cron.  Ugh.  What a piece of crap.
Now look at Windows Scheduled Tasks - the power never ends."


-- 
Rick

On Fri, 18 Jun 2004 10:23:37 -0600, GreyCloud wrote:
 
> DFS wrote:
> 
(snip)
> Once you master a few simple symbols like '|', "<", "<<", ">", ">>" and
> "&" along with some simple command tools like sed, ar, awk, and anything
> else that will take input and give output, then your only limitations are
> your imagination.

I don't think DFS has an imagination.
-- 
Rick

begin On Fri, 18 Jun 2004 16:52:13 +0000, Rick posted:

> On Fri, 18 Jun 2004 10:23:37 -0600, GreyCloud wrote:
>  
>> DFS wrote:
>> 
> (snip)
>> Once you master a few simple symbols like '|', "<", "<<", ">", ">>" and
>> "&" along with some simple command tools like sed, ar, awk, and anything
>> else that will take input and give output, then your only limitations
>> are your imagination.
> 
> I don't think DFS has an imagination.

Yes he does! He imagines Windows is good software!

-- 
"I think he's paid by them"

On 2004-06-18, William Poaster <willpoast@jvyycbnfg.zr.hx> sputtered:
> begin On Fri, 18 Jun 2004 16:52:13 +0000, Rick posted:
>
>> On Fri, 18 Jun 2004 10:23:37 -0600, GreyCloud wrote:
>>  
>>> DFS wrote:
>>> 
>> (snip)
>>> Once you master a few simple symbols like '|', "<", "<<", ">", ">>" and
>>> "&" along with some simple command tools like sed, ar, awk, and anything
>>> else that will take input and give output, then your only limitations
>>> are your imagination.
>> 
>> I don't think DFS has an imagination.
>
> Yes he does! He imagines Windows is good software!

That's not imagination, that's drugs.

-- 
Bill Gates says Open Source is riding on the coat-tails of Windows'
success. That's like saying Osama has done his part to increase airport
security.

begin On Fri, 18 Jun 2004 18:05:45 +0000, Sinister Midget posted:

> On 2004-06-18, William Poaster <willpoast@jvyycbnfg.zr.hx> sputtered:
>> begin On Fri, 18 Jun 2004 16:52:13 +0000, Rick posted:
>>
>>> On Fri, 18 Jun 2004 10:23:37 -0600, GreyCloud wrote:
>>>  
>>>> DFS wrote:
>>>> 
>>> (snip)
>>>> Once you master a few simple symbols like '|', "<", "<<", ">", ">>"
>>>> and "&" along with some simple command tools like sed, ar, awk, and
>>>> anything else that will take input and give output, then your only
>>>> limitations are your imagination.
>>> 
>>> I don't think DFS has an imagination.
>>
>> Yes he does! He imagines Windows is good software!
> 
> That's not imagination, that's drugs.

Well it's got to be something! ;-)

-- 
Why would migrating to Windows be a good 
move for anyone or anything but MS's bankroll?
DFS - It's a good move because you get better software.
comp.os.linux.advocacy - Fri, 18 Jun 2004 10:46:26 -0400

Kelsey Bjarnason wrote:
> [snips]
>
> On Fri, 18 Jun 2004 11:01:09 -0400, DFS wrote:
>
>> Sales.  Market share.  Mindshare.  Gaming.  Hardware support (I hear
>> Kelsey knocking).
>
> Every time you repeat that lie, expect me to stuff it back down your
> throat.  The entire desktop industry is approximately 10% of the
> computing world - if we're being generous.

You're not being generous; you're being dishonest or uninformed.

Your measure of computing is so broadly defined that you consider computing
to cover every device with a microprocessor in it, including automobiles,
appliances, routers, cable modems, PDAs, etc.

Even the ID chip implanted in your dog's neck runs Linux, huh?
cd/Fido  -come  (heh!  made myself laugh)

That's your prerogative, but that's not what the rest of the world considers
computing.  Do a Google search on the word "computing."  95% of the websites
are about desktop and corporate server computers.  Go to the website for
Computing magazine; all desktops.  Smart Computing magazine: all desktops.
Association for Computing Machinery: all desktops.  And on and on and on.

But regardless of how you define computing, it's my opinion that the desktop
market (absolutely dominated by WinTel sales and installs) dwarfs the sales
of non-Intel equipment, and "computerized" autos, servers, routers, PDAs,
cell phones, etc combined.  And that's measured by $ sales or unit sales.
How many hundreds of millions of copies of Windows have been sold, at
whatever avg. unit price?

Now I understand Linux runs on a wide variety of computer architectures, and
on some embedded devices.  But sales of those architectures are miniscule,
and uninteresting to the public at large, and you're fooling yourself if you
believe otherwise.



> Windows doesn't handle
> all of _that_, and doesn't even handle all the bits of the few things
> it _does_ sort of handle - the x86 PCs.



> As to sales and market share, check RH's revenues. Notice they're
> increasing?

I know they were at one point, and RH might be a good long-term investment,
but at this point in time their financial snapshot is mediocre.
http://money.cnn.com/news/companies/research/research.html?pg=sn&symb=RHAT
Incredibly high PE ratio, low sales, low operating margins, low net income,
no dividend, etc.



> Check the tech news - notice that Linux has beaten out
> Windows in several places, and is gaining momentum?

Sure.  Their server sales growth rate is much higher than Windows (you would
expect that, starting from a much smaller installed base).  Linux is being
investigated by many governments, local, state and international, etc.


> MS is doing precisely squat to meet the challenge.

That's not what you/someone else said a couple posts ago.  You/someone else
made it a point to say MS dropped their prices in the Munich installation
bidding, and still didn't get the gig.

And even a Linux nut like you knows MS is doing everything they can to
compete with Linux.  They can't and won't meet Linux prices, so they look at
TCO studies, where Linux ownership isn't always such a bargain.  Over a few
years, the initial software purchase price becomes a small/er isue.



> Yet MS memos make it quite
> clear that MS is, to be blunt, shit scared about Linux, even if _you_
> happen to think it's not a player.

It's a player now, and will be more of one next year, and so on.

I understand Linux' appeal.  It does most of what Windows does, surpasses in
a few areas, falls short in others.  But it's free or very cheap, it's new
and different, it's not MS and (I HATE to parrot this line but it's true) it
gives these corporations and governments adopting it (starting to cringe
now) _freedom_ to use it the way they want without excessive spending
taxpayer's money.  (that was freakin' painful to admit).




> On the other hand... even if Linux never does surpass Windows sales -
> so what?  Mac never has, yet it's been a rather successful system.

Yes.  It's still fun to argue technical stuff.  And in general, I learn more
about Linux from you guys than you do about Windows from me.  But that's to
be expected; Linux users are techie kinds from the beginning, usually.

William Poaster wrote:
> begin On Fri, 18 Jun 2004 15:24:21 +0000, Rick posted:
>
>> I didn't say everything was working. That's your dishonest
>> implication. But it seems you can't be bothered with using a current
>> version, so go ahead and use MDK 9.2. Some people swear by it, some
>> swear at it, but it seems many, many people love it.
>
> Yeah, but it doesn't matter what he installs, as we already know what
> he's going to say.

Not true.  I'm sure I'll find much to like, especially if it installs and
recognizes my [very standard] hardware config.  I'll be putting it on a
home-built system, with an Intel 865GLC mobo (onboard sound and video), 2.0a
P4, 533fsb, 512 mb PC-2700 RAM,  80gig Hitachi SATA drive, probably a
low-end LinkSys LAN card, nice PowerPC & Cooling 310 watt power supply, and
a standard 17" monitor.  It can't get much simpler.  The only thing even
remotely non-standard is my mouse: a Logitech USB cordless, dating from late
2000.

The low price is nice, but I have mixed feelings about that (as you know).
If I like it enough to use it regularly, I'll find some way to donate money
to some of the key app developers.  Call me stupid (you always do), but I'll
gladly pay MORE than the asking price.  I'm sure nobody will turn down my
money.

Then again, there will be hundreds and hundreds of packages of crapware I'll
enjoy slamming.  But that's the tradeoff you pay for open source.

Rick wrote:
> On Fri, 18 Jun 2004 11:01:09 -0400, DFS wrote:
>
>> Rick wrote:
>>> On Thu, 17 Jun 2004 23:41:06 -0400, DFS wrote:
>>
>>>> And Linux will NEVER catch up to Windows.
>>>
>>> Catch up how?
>>
>> Sales.
>
> No shit, Sherlock. You do understand that $0 cost distros will be
> aroud for a while, don't you?

Yes.


> Market share.
>
> Define marketshare. Retail sales? Wholesale sales? Userbase
> installations?

Installed users.  Which do you think?


> Mindshare.
>
> That goes with marketing. IBM, HP, Novell, Red Hat, Mandrake and
> others may hep there.

Sure.



> Gaming.
>
> Linux doesn't -have- to. Te Mac hasn't. Supposedly.

It does have to if it hopes to become a viable desktop competitor.



>> Hardware support (I hear Kelsey knocking).
>
> As 'mindshare' and Enterprise use increases, so will harware support.

I believe so.




>>> No, it doesn't. But Linux IS gaining ground worldwide.
>>
>> I hope so.  It's given away for FREE!  wtf?
>
> You again show your bigotry and stupidity. Red Hat sales, that sales,
> are surging. Munich is -buying- software and services. China is
> -buying- software and services. People -buy- distros. Get a clue.

What's bigoted and stupid about it?  Is it not true that Linux is given away
for FREE?  Well?





>>>>> Tell me, how do I get the output from a scheduled task?  Cron can
>>>>> email it to me.  That's a nice way to get notified of problems.  I
>>>>> consider it a more important feature than "delete after x times".
>>>>>
>>>>> I'm still waiting for the vast superiority I was promised.
>>>>
>>>> Who promised you that?
>>>
>>> You did. You stated window$ scheduler was vastly superior. Prove it.
>>
>> I did?  Where?  Prove it.
>
> You are correct, technically.

Of course I am, technically and any other way you want to spin it.

You lied and said I said Windows Scheduled Tasks was "vastly superior."  I
didn't say that and won't say that until I can prove it.







However:
>
> From: DFS (nospam@nospam.com)
> Subject: Re: 52 security advisories for the week ending June 11, 2004?
> Newsgroups: comp.os.linux.advocacy
> Date: 2004-06-17 09:10:31 PST
>
> ..."The Windows Scheduled Tasks feature is better."
>
>
> AND ...
>
> From: DFS (nospam@nospam.com)
> Subject: Re: 52 security advisories for the week ending June 11, 2004?
> Newsgroups: comp.os.linux.advocacy
> Date: 2004-06-17 16:09:17 PST
>
>
> "Now look at cron.  Ugh.  What a piece of crap.
> Now look at Windows Scheduled Tasks - the power never ends."

On Fri, 18 Jun 2004 14:32:17 -0400, DFS wrote:

> Kelsey Bjarnason wrote:
>> [snips]
>>
>> On Fri, 18 Jun 2004 11:01:09 -0400, DFS wrote:
>>
>>> Sales.  Market share.  Mindshare.  Gaming.  Hardware support (I hear
>>> Kelsey knocking).
>>
>> Every time you repeat that lie, expect me to stuff it back down your
>> throat.  The entire desktop industry is approximately 10% of the
>> computing world - if we're being generous.
> 
> You're not being generous; you're being dishonest or uninformed.

He is being generous, you're being dishonest or uninformed.


> Your measure of computing is so broadly defined that you consider
> computing to cover every device with a microprocessor in it, including
> automobiles, appliances, routers, cable modems, PDAs, etc.

That is true. And the Linux kernel scales from mainframes to embeded
devices very well.


> Even the ID chip implanted in your dog's neck runs Linux, huh? cd/Fido
> -come  (heh!  made myself laugh)

Well, if it needs an OS, it may be running Linux.


> That's your prerogative, but that's not what the rest of the world
> considers computing.  Do a Google search on the word "computing."  95%
> of the websites are about desktop and corporate server computers.  Go to
> the website for Computing magazine; all desktops.  Smart Computing
> magazine: all desktops. Association for Computing Machinery: all
> desktops.  And on and on and on.

Oh well. At one time most of the world considered the world to be flat.


> But regardless of how you define computing, it's my opinion that the
> desktop market (absolutely dominated by WinTel sales and installs)
> dwarfs the sales of non-Intel equipment, and "computerized" autos,
> servers, routers, PDAs, cell phones, etc combined.

Your assumption is incorrect.

>  And that's measured by $ sales
> or unit sales. How many hundreds of millions of copies of Windows have
> been sold, at whatever avg. unit price?
> 
> Now I understand Linux runs on a wide variety of computer architectures,
> and on some embedded devices.  But sales of those architectures are
> miniscule, and uninteresting to the public at large, and you're fooling
> yourself if you believe otherwise.

Those sales may be uninteresting to the general public, but they aren't
miniscule. And vendors that would like to diversify would probably like to
be able to use on OS across devices.


>> Windows doesn't handle
>> all of _that_, and doesn't even handle all the bits of the few things
>> it _does_ sort of handle - the x86 PCs.

>> As to sales and market share, check RH's revenues. Notice they're
>> increasing?
> 
> I know they were at one point, and RH might be a good long-term
> investment, but at this point in time their financial snapshot is
> mediocre.
> http://money.cnn.com/news/companies/research/research.html?pg=sn&symb=RHAT
> Incredibly high PE ratio, low sales, low operating margins, low net
> income, no dividend, etc.

<http://www.informationweek.com/story/showArticle.jhtml?articleID=22100615>

"Red Hat's Solidly In The Black
June 17, 2004 The Linux vendor posted large gains in sales and net income
from the year-ago quarter as the market for the open-source operating
system continues to move beyond servers."


<http://news.com.com/2100-1001-236732.html?legacy=cnet> Linux sales surge
past competitors

"Linux has hopped over competitors to become the second-most-popular
operating system for server computers after Windows NT, but it's not
making much money for those selling it, new figures show."


>> Check the tech news - notice that Linux has beaten out Windows in
>> several places, and is gaining momentum?
> 
> Sure.  Their server sales growth rate is much higher than Windows (you
> would expect that, starting from a much smaller installed base).  Linux
> is being investigated by many governments, local, state and
> international, etc.

.... being investigated? What do you mean?

> 
> 
>> MS is doing precisely squat to meet the challenge.
> 
> That's not what you/someone else said a couple posts ago.  You/someone
> else made it a point to say MS dropped their prices in the Munich
> installation bidding, and still didn't get the gig.

Which just goes to show how inflated m$'s prices really are. And you do
know there is a difference between low bid and best bid, don't you?

> 
> And even a Linux nut like you knows MS is doing everything they can to
> compete with Linux.  They can't and won't meet Linux prices, so they
> look at TCO studies, where Linux ownership isn't always such a bargain.
> Over a few years, the initial software purchase price becomes a small/er
> isue.
> 

You fail to mention that micro$oft's TCO numbers are suspect at best.

> 
> 
>> Yet MS memos make it quite
>> clear that MS is, to be blunt, shit scared about Linux, even if _you_
>> happen to think it's not a player.
> 
> It's a player now, and will be more of one next year, and so on.
> 
> I understand Linux' appeal.  It does most of what Windows does,
> surpasses in a few areas, falls short in others.  But it's free or very
> cheap, it's new and different, it's not MS and (I HATE to parrot this
> line but it's true) it gives these corporations and governments adopting
> it (starting to cringe now) _freedom_ to use it the way they want
> without excessive spending taxpayer's money.  (that was freakin' painful
> to admit).
> 
> 
> 
> 
>> On the other hand... even if Linux never does surpass Windows sales -
>> so what?  Mac never has, yet it's been a rather successful system.
> 
> Yes.  It's still fun to argue technical stuff.  And in general, I learn
> more about Linux from you guys than you do about Windows from me. 

Or maybe people here know a great deal about window$ already.

> But
> that's to be expected; Linux users are techie kinds from the beginning,
> usually.

-- 
Rick

Error BR-549: MS DRM 1.0 rejects the following post from GreyCloud:

>  From what I know, those that say they are using windows in a cluster is
>  because the windows machines are front-ends to OpenVMS systems that are in a
>  cluster, and OpenVMS has been using clusters for a very long time.  Windows
>  doesn't do clustering.

Yes, it does.  It has a fairly big clustering API, and MS SQL Server can work
in a Windows cluster.

I'm not claiming its a good clustering system, though.  I know little about it,
except that, once the cluster-notification object says the database is
"online", you still must have your code wait a second or two, otherwise
opening a handle to the database fails.

-- 
Free as in freedom

On Fri, 18 Jun 2004 14:32:17 -0400, DFS <nospam@nospam.com> wrote:

> But regardless of how you define computing, it's my opinion that the
> desktop market (absolutely dominated by WinTel sales and installs)
> dwarfs the sales of non-Intel equipment, and "computerized" autos,
> servers, routers, PDAs, cell phones, etc combined.  And that's
> measured by $ sales or unit sales.

PC processors make up about half of the total processor sales by
dollars.  They make up about 2% of 32-bit processor sales by volume.

<http://www.embedded.com/story/OEG20021217S0039>

    Embedded 32-bit chips have outsold PC processors every year by a
    wide margin. ARM-based chips alone do about triple the volume that
    Intel and AMD peddle to PC makers.

    ...

    Let's review. Processors are only 2% of all semiconductors, and PC
    processors are only 2% of all processors. But processor chips
    generate about 30% of all the money, and PC processors are 50% of
    that.

The "desktop" only makes up a portion of that 50%.  In terms of dollars
workstations and servers are a surprisingly big piece, again because of
the high margins you can make on them and also because SMP is much more
common on servers (e.g. Sun makes machines with 72 processors).


-- 
 -| Bob Hauck
 -| To Whom You Are Speaking
 -| http://www.haucks.org/

In comp.os.linux.advocacy, DFS
<nospam@nospam.com>
 wrote
on Thu, 17 Jun 2004 16:20:50 -0400
<10d3vi253s5l3aa@corp.supernews.com>:
> The Ghost In The Machine wrote:
>> In comp.os.linux.advocacy, DFS
>> <nospam@nospam.com>
>>  wrote
>> on Wed, 16 Jun 2004 16:54:36 -0400
>> <10d1d5atbms3fff@corp.supernews.com>:
>>>
>>> "Norwegian Formula" <R@bastards.com> wrote in message
>>> news:40d09dfd_1@newspeer2.tds.net...
>>>> DFS, after spending 3 minutes figuring out which end of the pen to
>>>> use, wrote:
>>>>
>>>>>
>>>>> "Rob Hughes" <rob@robhughes.com> wrote in message
>>>>> news:kv6dnewFec97GVLdRVn-jg@comcast.com...
>>>>>> DFS is alleged to have said in comp.os.linux.advocacy:
>>>>>>
>>>>>>> Sure I can.  They were all Linux-related, weren't they?
>>>>>>
>>>>>> No, some were for a couple different flavors of BSD. Not that I
>>>>>> expect you to understand that, given your self-admitted ignorance.
>>>>>
>>>>>
>>>>> I do understand the difference.
>>>>>
>>>>> Berkeley Software Distribution predates Linux by about 10 or 15
>>>>> years, and was developed primarily by Bill Joy (cofounder of Sun,
>>>>> and recently departed I think) at UCBerkeley.
>>>>>
>>>>> And it only took me 3 hours to research that on google so I could
>>>>> answer you!
>>>
>>> Give me a little more credit, Linux morons.  I was probably using
>>> Linux, in 1997, before you were.
>>
>> I remember my first Linux kernel as 0.99pl7 or 0.99pl12.
>> Unfortunately, http://www.kernel.org/publinux/kernel/History/v0.99
>> seems to have slightly messed-up dates, although the copyright
>> for 0.99pl7 is dated 1991 and the actual file dates are around 1993,
>> once extracted.  0.99pl12 is dated August 15, 1993.
>>
>> I can't say how long ago Norwegian Formula was using Linux, but
>> I was at least experimenting with it apparently in 1993 or 1994,
>> which is interesting considering I also have Windows 95 installed
>> on one of my boxes -- which came out more than a year later.
>>
>> I may have to look for or at my 30-diskette Slackware install kit,
>> assuming it's still any good.
>>
>> Anyway...you were saying?
>
> I was saying, to Grecian Formula, that "I was probably using Linux, in 1997,
> before you were."
>
> See, it's right up there in the thread, Ghost, in black and white.  I wasn't
> addressing you.
>
> That's what I was saying.
>

Nice wriggle.  But here's a thought.

IIRC, there were two Linux distributions that came on the scene
before Slackware and RedHat.

Name either one.

-- 
#191, ewill3@earthlink.net
It's still legal to go .sigless.

On Fri, 18 Jun 2004 15:12:01 -0400, DFS wrote:

> Rick wrote:
>> On Fri, 18 Jun 2004 11:01:09 -0400, DFS wrote:
>>
>>> Rick wrote:
>>>> On Thu, 17 Jun 2004 23:41:06 -0400, DFS wrote:
>>>
>>>>> And Linux will NEVER catch up to Windows.
>>>>
>>>> Catch up how?
>>>
>>> Sales.
>>
>> No shit, Sherlock. You do understand that $0 cost distros will be aroud
>> for a while, don't you?
> 
> Yes.
> 
> 
>> Market share.
>>
>> Define marketshare. Retail sales? Wholesale sales? Userbase
>> installations?
> 
> Installed users.  Which do you think?

So, you don't think market share can be percentage of sales or shipments?

hmmm ... Dictionary.com;

Marketshare:
"The proportion of industry sales of a good or service that is controlled
by a company."

Userbase:
The number of users of some product or standard.



> 
>> Mindshare.
>>
>> That goes with marketing. IBM, HP, Novell, Red Hat, Mandrake and others
>> may hep there.
> 
> Sure.

>> Gaming.
>>
>> Linux doesn't -have- to. Te Mac hasn't. Supposedly.
> 
> It does have to if it hopes to become a viable desktop competitor.

The Mac is a viable desktop competitor and windroids have been saying it
has no games for years.

And you have to be a little more clear when you say desktop. Games are
only used on a small set of desktops.
 
>>> Hardware support (I hear Kelsey knocking).
>>
>> As 'mindshare' and Enterprise use increases, so will harware support.
> 
> I believe so.
> 

>>>> No, it doesn't. But Linux IS gaining ground worldwide.
>>>
>>> I hope so.  It's given away for FREE!  wtf?
>>
>> You again show your bigotry and stupidity. Red Hat sales, that sales,
>> are surging. Munich is -buying- software and services. China is
>> -buying- software and services. People -buy- distros. Get a clue.
> 
> What's bigoted and stupid about it?  Is it not true that Linux is given
> away for FREE?  Well?
> 

Is it not true Linux distros and services are sold? Well? Are companies
not making money on those sales? Well? Do you refuse to acknowledge those
sales? Well?

 
>>>>>> Tell me, how do I get the output from a scheduled task?  Cron can
>>>>>> email it to me.  That's a nice way to get notified of problems.  I
>>>>>> consider it a more important feature than "delete after x times".
>>>>>>
>>>>>> I'm still waiting for the vast superiority I was promised.
>>>>>
>>>>> Who promised you that?
>>>>
>>>> You did. You stated window$ scheduler was vastly superior. Prove it.
>>>
>>> I did?  Where?  Prove it.
>>
>> You are correct, technically.
> 
> Of course I am, technically and any other way you want to spin it.
> 
> You lied and said I said Windows Scheduled Tasks was "vastly superior." 
> I didn't say that and won't say that until I can prove it.

You have yet to prove any of your anti-Linux assertions.

> However:
>>
>> From: DFS (nospam@nospam.com)
>> Subject: Re: 52 security advisories for the week ending June 11, 2004?
>> Newsgroups: comp.os.linux.advocacy
>> Date: 2004-06-17 09:10:31 PST
>>
>> ..."The Windows Scheduled Tasks feature is better."
>>
>>
>> AND ...
>>
>> From: DFS (nospam@nospam.com)
>> Subject: Re: 52 security advisories for the week ending June 11, 2004?
>> Newsgroups: comp.os.linux.advocacy
>> Date: 2004-06-17 16:09:17 PST
>>
>>
>> "Now look at cron.  Ugh.  What a piece of crap. Now look at Windows
>> Scheduled Tasks - the power never ends."


I see you have no response to this. At least you didn't snip it.

-- 
Rick

Bob Hauck wrote:
> On Fri, 18 Jun 2004 14:32:17 -0400, DFS <nospam@nospam.com> wrote:
>
>> But regardless of how you define computing, it's my opinion that the
>> desktop market (absolutely dominated by WinTel sales and installs)
>> dwarfs the sales of non-Intel equipment, and "computerized" autos,
>> servers, routers, PDAs, cell phones, etc combined.  And that's
>> measured by $ sales or unit sales.
>
> PC processors make up about half of the total processor sales by
> dollars.  They make up about 2% of 32-bit processor sales by volume.
>
> <http://www.embedded.com/story/OEG20021217S0039>
>
>     Embedded 32-bit chips have outsold PC processors every year by a
>     wide margin. ARM-based chips alone do about triple the volume that
>     Intel and AMD peddle to PC makers.
>
>     ...
>
>     Let's review. Processors are only 2% of all semiconductors, and PC
>     processors are only 2% of all processors. But processor chips
>     generate about 30% of all the money, and PC processors are 50% of
>     that.
>
> The "desktop" only makes up a portion of that 50%.  In terms of
> dollars workstations and servers are a surprisingly big piece, again
> because of the high margins you can make on them and also because SMP
> is much more common on servers (e.g. Sun makes machines with 72
> processors).

Interesting.

Did you note this fact: "Pentium rakes in 15% of all the money made from
every type of semiconductor from every company everywhere in the world."?

The Ghost In The Machine wrote:
> In comp.os.linux.advocacy, DFS
> <nospam@nospam.com>
>  wrote
> on Thu, 17 Jun 2004 16:20:50 -0400
> <10d3vi253s5l3aa@corp.supernews.com>:
>> The Ghost In The Machine wrote:
>>> In comp.os.linux.advocacy, DFS
>>> <nospam@nospam.com>
>>>  wrote
>>> on Wed, 16 Jun 2004 16:54:36 -0400
>>> <10d1d5atbms3fff@corp.supernews.com>:
>>>>
>>>> "Norwegian Formula" <R@bastards.com> wrote in message
>>>> news:40d09dfd_1@newspeer2.tds.net...
>>>>> DFS, after spending 3 minutes figuring out which end of the pen to
>>>>> use, wrote:
>>>>>
>>>>>>
>>>>>> "Rob Hughes" <rob@robhughes.com> wrote in message
>>>>>> news:kv6dnewFec97GVLdRVn-jg@comcast.com...
>>>>>>> DFS is alleged to have said in comp.os.linux.advocacy:
>>>>>>>
>>>>>>>> Sure I can.  They were all Linux-related, weren't they?
>>>>>>>
>>>>>>> No, some were for a couple different flavors of BSD. Not that I
>>>>>>> expect you to understand that, given your self-admitted
>>>>>>> ignorance.
>>>>>>
>>>>>>
>>>>>> I do understand the difference.
>>>>>>
>>>>>> Berkeley Software Distribution predates Linux by about 10 or 15
>>>>>> years, and was developed primarily by Bill Joy (cofounder of Sun,
>>>>>> and recently departed I think) at UCBerkeley.
>>>>>>
>>>>>> And it only took me 3 hours to research that on google so I could
>>>>>> answer you!
>>>>
>>>> Give me a little more credit, Linux morons.  I was probably using
>>>> Linux, in 1997, before you were.
>>>
>>> I remember my first Linux kernel as 0.99pl7 or 0.99pl12.
>>> Unfortunately, http://www.kernel.org/publinux/kernel/History/v0.99
>>> seems to have slightly messed-up dates, although the copyright
>>> for 0.99pl7 is dated 1991 and the actual file dates are around 1993,
>>> once extracted.  0.99pl12 is dated August 15, 1993.
>>>
>>> I can't say how long ago Norwegian Formula was using Linux, but
>>> I was at least experimenting with it apparently in 1993 or 1994,
>>> which is interesting considering I also have Windows 95 installed
>>> on one of my boxes -- which came out more than a year later.
>>>
>>> I may have to look for or at my 30-diskette Slackware install kit,
>>> assuming it's still any good.
>>>
>>> Anyway...you were saying?
>>
>> I was saying, to Grecian Formula, that "I was probably using Linux,
>> in 1997, before you were."
>>
>> See, it's right up there in the thread, Ghost, in black and white.
>> I wasn't addressing you.
>>
>> That's what I was saying.
>>
>
> Nice wriggle.

Not a wriggle.  I was talking to Norwegian Formula, not you.



> But here's a thought.
>
> IIRC, there were two Linux distributions that came on the scene
> before Slackware and RedHat.
>
> Name either one.

I would have answered Caldera OpenLinux, but apparently it's not an early
one:

The earliest are:

http://en.wikipedia.org/wiki/Linux_distribution#History

a.. MCC Interim Linux, which was made available to the public for download
on the ftp server of University of Manchester in February, 1992;
a.. TAMU, created by individuals at Texas A & M about the same time, and
a.. SLS (SoftLanding Linux System).

On Fri, 18 Jun 2004 17:04:17 -0400, DFS <nospam@nospam.com> wrote:
> Bob Hauck wrote:

>>     Embedded 32-bit chips have outsold PC processors every year by a
>>     wide margin. ARM-based chips alone do about triple the volume that
>>     Intel and AMD peddle to PC makers.
>
> Did you note this fact: "Pentium rakes in 15% of all the money made from
> every type of semiconductor from every company everywhere in the world."?

Yup, that's what they mean by high margins.  A current Pentium sells for
several hundred dollars.  Embedded systems are much more cost-sensitive,
you can't get away with selling $300 chips except in small niches that
are very performance sensitive.  An 8-bitter like a 68HC11 goes for $7
or less.

There are some incredible deals in embedded chips.  For example, you can
buy an MPC5200 microcontroller from Motorola (I guess they're called
"Freescale" nowadays) that has a 400 MHz PowerPC core, USB, Ethernet,
memory controller, several programmable serial ports, and a PCI inteface
all integrated on the chip.

This is most of a computer on a chip, just add memory, and it sells for
around $30 in quantity.  Freescale has to sell ten of those to make the
same money Intel makes on one Pentium (and they do).  But somebody still
has to write the software for these chips, that doesn't change.  So the
distribution of the jobs doesn't necessarily follow the chip sales
dollars.

To keep this sorta on-topic, I'll mention that yes, Linux will run on
the the MPC5200.


-- 
 -| Bob Hauck
 -| To Whom You Are Speaking
 -| http://www.haucks.org/

[snips]

On Fri, 18 Jun 2004 17:04:17 -0400, DFS wrote:

> Interesting.
> 
> Did you note this fact: "Pentium rakes in 15% of all the money made from
> every type of semiconductor from every company everywhere in the world."?

Assuming that's true... did you notice that Pentiums are not restricted to
desktop PCs?

[snips]

On Thu, 17 Jun 2004 12:06:17 -0400, DFS wrote:

> Want to buy my old RedHat disks, and my Caldera OpenLinux lite CD from 1997?

You know, *I* have Linux disks from about that era, possibly even earlier.
So?  I didn't start *using* Linux until about 4 years ago, server-side and
2 years ago, desktop-side.  Just having some old disks around - even if
you actually installed and played with them for a week - hardly makes you
one of the old farts, nor a Linux guru.

Kelsey Bjarnason, after spending 3 minutes figuring out which end of the pen to
use, wrote:

> [snips]
> 
> On Thu, 17 Jun 2004 12:06:17 -0400, DFS wrote:
> 
>> Want to buy my old RedHat disks, and my Caldera OpenLinux lite CD from 1997?
> 
> You know, *I* have Linux disks from about that era, possibly even earlier.
> So?  I didn't start *using* Linux until about 4 years ago, server-side and
> 2 years ago, desktop-side.  Just having some old disks around - even if
> you actually installed and played with them for a week - hardly makes you
> one of the old farts, nor a Linux guru.

  He figured he might be able to prove he was smart if he said he still had them
and actually tried them for a week. We're still waiting on him to actually
begin 'thinking' though.
-- 
Linux 2.4.20-4GB-athlon
 10:07pm  up 8 days  1:31,  2 users,  load average: 0.02, 0.02, 0.00

Lin�nut wrote:

> Error BR-549: MS DRM 1.0 rejects the following post from GreyCloud:
> 
> 
>> From what I know, those that say they are using windows in a cluster is
>> because the windows machines are front-ends to OpenVMS systems that are in a
>> cluster, and OpenVMS has been using clusters for a very long time.  Windows
>> doesn't do clustering.
> 
> 
> Yes, it does.  It has a fairly big clustering API, and MS SQL Server can work
> in a Windows cluster.
> 
> I'm not claiming its a good clustering system, though.  I know little about it,
> except that, once the cluster-notification object says the database is
> "online", you still must have your code wait a second or two, otherwise
> opening a handle to the database fails.
> 

Oh dear, my bad.  I forgot about that conversation in comp.os.vms.  But 
the IT pros weren't all that happy about M$ clustering abilities.  They 
kept on saying "That PeeCee just doesn't cut it."

begin On Fri, 18 Jun 2004 22:09:27 -0500, Norwegian Formula posted:

> Kelsey Bjarnason, after spending 3 minutes figuring out which end of the
> pen to use, wrote:
> 
>> [snips]
>> 
>> On Thu, 17 Jun 2004 12:06:17 -0400, DFS wrote:
>> 
>>> Want to buy my old RedHat disks, and my Caldera OpenLinux lite CD from
>>> 1997?
>> 
>> You know, *I* have Linux disks from about that era, possibly even
>> earlier. So?  I didn't start *using* Linux until about 4 years ago,
>> server-side and 2 years ago, desktop-side.  Just having some old disks
>> around - even if you actually installed and played with them for a week
>> - hardly makes you one of the old farts, nor a Linux guru.
> 
>   He figured he might be able to prove he was smart if he said he still
>   had them and actually tried them for a week. 

Yeah, & just recently he's changed it to TWO weeks! Also claims he used
SuSE too! Though he was wrong about the the mount/unmount of a CD.
"I saw a quote on a Linux instruction page the other day that said you had
to mount and unmount a CD player/device each time you insert or remove the
CD disk.  Is that true?  I don't recall having to do that with SUSE a few
years ago."
Subject:       Re: Answer: Miracles I tell you, miracles! From:         
"DFS" <nospam@nospam.com> Date:          Fri, 18 Jun 2004 10:46:26 -0400

> We're still waiting on him to actually begin 'thinking' though.

Don't hold your breath! 

-- 
"He'll be thinking up an answer!"

DFS <nospam@nospam.com> wrote:
> "William Poaster" <willpoast@jvyycbnfg.zr.hx> wrote in message

>> Exactly! It's like saying last week there were 200 vulnerbilities in
>> Windows, except it was omitted to say they apply to different *versions*
>> of windows. So you *cannot* say there were 80 linux security
>> vulnerabilities as a blanket statement,

> Sure I can.  They were all Linux-related, weren't they?

Ok, so how many viruses were new or in the wild in the same week?
Since they are (practically) all running on Windows, they are
all Windows-related, aren't they?

At least by your logic that's the thing to do now.

The security advisories for my distribution were: 
1. lha (the lzh archiver from DOS days: testing or extracting
   maliciously crafted archives)
2. odbc-postgresql (PostgreSQL ODBC driver: a php script
   using this driver may crash apache with maliciously
   crafted packets)
3. CVS (Concurrent Versions System, a software for distributed
   development of software: a potential buffer overflow exists,
   which might theoretically be triggered by maliciously crafted
   and malformed data, however there is no known way to exploit
   it.)

And that's it.  About 0,03% of the packages of the
distribution were affected. 

1. Yes, installed (but very infrequently used).
2. not installed.
3. Yes, but the affected server part is not, was not and most
   probably will not run here.

So exactly one of these related to me; and that one was of low
importance.

What was your point again?

-Wolfgang

DFS <nospam@nospam.com> wrote:

> Move to Windows, and save your scripting for things the OS doesn't do.
> Which isn't much these days.

Ok, let me see ... 
- how does Windows do without scripting:
  * ping my zaurus to check if it's online, exit otherwise
  * connect to the zaurus and command it to adjust it's time
    using some time servers
  * show the amount of free memory on the zaurus
  * start unison, using the GTK interface and order it to
    prepare a 2-way sync with the zaurus
  * after unison finished, again show the amount of free
    memory on the zaurus

- how would you make windows do the following without
  scripting:
  * booting from diskette, 
  * access the CD,
  * partition and format the hard disk (after asking for OK)
  * install the system I
  * have someone remove the diskette 
  * reboot
  * install system II from system I
  * start-up system II
  * and on each start of system II do a check if that system
    is sane, otherwise drop to system I to repair it

Care to answer that?

-Wolfgang

DFS <nospam@nospam.com> wrote:
> "Kelsey Bjarnason" <kelseyb@xxnospamyy.lightspeed.bc.ca> wrote in message
> news:pan.2004.06.16.06.20.12.345987@xxnospamyy.lightspeed.bc.ca...
>> [snips]

> But those vulnerabilities were there, for undetermined periods, leaving you
> just as open to various exploits and hacks as any Windows network.

Qualitatively you might argue so, quantitatively (with numbers)
you still have to prove the "just as open".

> Patched when?  You have no idea how long your Linux system was exposed.

Opposed to Windows, where you know that it is still exposed,
right?

> So?  The vulnerability still resulted in several Linux servers being
> incapacitated.

Opposed to things like MSBlaster, which left whole countries
in pieces?

>> So, for all you know, you have 500 active vulnerabilities.  Oh, I may,
>> too.  Difference is, I at least know where to look to find out about known
>> ones - and I can update my packages so easily that getting the fixes is
>> child's play.

> Again, that's 'cause you use open source code.  And how often should you
> have to update your software, anyway?  Seems Linux slopware is updated
> almost weekly in a lot of cases.

Seems you don't understand the difference between development
(with obviously many new unstable, testing, alpha or beta
releases) and stable packages, which are just that, stable.

> Because of superior testing, commercial programs don't have to be updated
> all the time.  It's clear to me most CSS is better software than OSS.

Funny, there are unbiased studies out there that found that free
software has more features and less bugs than comparable commercial
programs; and those bugs when reported get actually fixed.

But that would not fit into your image of how the world should be,
right, window-slopware user?

[Mandrake, SuSE, ...]
> So you should thank them for making updating so easy.

And *I* thought Linux was unsucessfully trying to catch up with
Windows ... was I wrong?

> Free software?  Does not compute.  Why not donate your time and cut my grass
> instead?

Because if I cut your grass
- I'll do something I don't like
- I don't get anything out of it
- Noone but you gets anything out of it

Is that enough to start thinking?

>> Except, apparently, you, who keep harping on about how bad Linux security
>> is, for some as-yet unexplained reason.

> I never said it was bad.  It's just not as great as the average Linux moron
> claims it to be.

Please remove beam from eye before hollering about splinter in
other peoples eye.

>> Good.  Now, this updates, say, SQL Server?  MS Office?  Visual Studio?
>> Borland's development tools?  Corel's apps?  WinAmp?  No, didn't think so.

> What does Borland have to do with MS, except to make applications that run
> on Windows?  Why do you think the OS vendor should help you update your 3rd
> party apps?  You're spoiled because of free software.

Microsoft is not as userfriendly as free software?  Free software
is so good that one gets spoiled?  Do you actually understand
what you are saying, what that means?

> And how often do you need to update all that stuff, anyway?  What's the
> point?

Well, the question is more: how long can you tolerate to have
the worst possible security bug in that program unfixed?  If it's
one week, well, then you have to look every week, full stop.

> If it's being upgraded constantly, as Linux software seems to be, it
> wasn't very good in the first place.

This assertion is completely baseless, and you know it.

> With closed source programs, if a new version comes out that has sufficient
> improvements to warrant an upgrade, you can usually purchase and download
> and upgrade online.  Otherwise you use what you paid for.

And that is another reason why to avoid propietary software: if
you upgrade you get new features --- and new bugs, if you don't,
old bugs won't get fixed.  Certainly that is not something
you want for a stable environment!

>> Wake me up when Windows gets to the point Linux is at today.  I figure
>> that'll be about 2053.

> Yet Windows expensive, proprietary server OSes have twice the market share
> of free/low cost Linux/Unix server OSes?  Sounds like a lot of people think
> Windows is already far beyond Linux, and are willing to pay for the
> privilege.

Oh, nobody ever gets fired for buying IBM, only that today it's
Microsoft.  Microsoft's got a good sales team.  And they are
actively trying to make you depend on them.

> I do have to wonder why the average Linux user, who claims to be (and might
> be) so technically competent, has such difficulties working with Windows.

Because they do more with their computers than you do?
Because Windows caters for the incompetent?
Because of the amount of $WHATEVER is needed to see something
like logic inside Windows, and some people don't do $WHATEVER?

Because the straightjacket of "One Microsoft Way" is chafing once
one tries to do things Microsoft did not anticipate, or does them
in logical ways (as opposed to the "One Microsoft Way")?

> I would think there's an easy way for a Windows network admin to distribute
> updates to all machines in a domain.  If I find out so, I'll be back to tell
> you.

Can you find one that actually works well, without resorting to
3rd party applicatons?

>>   urpmi.update -a && urpmi --auto-select

>> Voila.  Done.  Drop that into a crontab on each machine, once, when
>> rolling the machines out,

> Wait a minute.  Sounds like you have to manually visit/touch each of the 100
> machines?  Or am I missing something?

If you ghost the image with the correct crontab line in first
place, of course not!  And even if he forgot --- this is
automatable with a few lines of shellscript.  Been there,
done that, got the t-shirt.

Also you might want to look at FAI 
    http://www.informatik.uni-koeln.de/fai/
where, after setting up of a server, you can simply connect a
virgin machine to the net, switch it on and it's getting installed
(via netboot, or --- less comfortable --- via boot floppy/CD).
And now think of having a few dozend machines to install. How do
you do this in Windows?

You may also look at cfengine 
    http://www.cfengine.org/
for a tool when you manage dozends or thousands of machines.
It'll probably go over your head unless you ever were in such
a position.

-Wolfgang

DFS <nospam@nospam.com> wrote:

> <spike1@freenet.co.uk> wrote in message news:o0qrac.mkr.ln@freenet.co.uk...
>> DFS <nospam@nospam.com> wrote:

> 'Cause it shows the software wasn't ready last week, and it won't be ready
> this week, and it won't be ready a week from now.  I would be very
> suspicious of any software updated every week, or month, etc.

Patchday at Microsoft, anyone?

>> What does apache or sendmail have to do with linux? You think our distros
>> would help us update 3rd party apps?.... um... HELL YES!

> Spoiled.  Cheap.  Broke.  syn: Linux user.

You see, Linux users pay for a service when they buy a
distribution.  They don't pay for a 'license'.  So of course they
expect and get good service.  That's what normal competition does
in a market --- and it's a crying shame that the oh-so-rich MS
is unable to provide a similar service.

> He said he had to edit the crontab on each machine when rolling the machines
> out.  Sounds like he had to do it manually.

Your undereducation and wild assumptions are not our problem.

> What are you talking about?  I've installed Win2000 on several machines.
> Before WinXP, there were no restrictions on installations.

Someone call the BSA, please, here seems to be someone who's
deliberately breaking the licenses they accepted.  And someone
who definitely does not understand the difference between legal
and technical restrictions.

[IDC]
> I don't know what their statistical methodologies are, but I trust them a
> heck of a lot more than you cola nuts.

Sure you do, as long as the reports seem to support your
position.  Just wait till that changes ... we shall then
remind you, forcefully, of your claim.


>> Oh, they might be able to randomly sample webserver to see what they're
>> running, but that only counts machines facing the internet, not the
> machines
>> behind the firewall on the private net.

> You don't know what they can or cannot count.

Opposed to you, right?  So pray tell, how does one fimgerprint
the OS of a random machine behind a firewall, when said machine
does not connect to you first?

-Wolfgang

DFS <nospam@nospam.com> wrote:
> Jim Richardson wrote:
>>  DFS <nospam@nospam.com> wrote:
>>> "Jim Richardson" <warlock@eskimo.com> wrote in message

[market share study]
>>> Don't know what it's based on.  I imagine installations.

>> I doubt strongly that it's installations. After all, how would they
>> know how many Linux boxes are installed? there's no licencing to
>> track, counting sales slips is pointless, as you can install it on
>> numerous machines from a single CD source.

> Use your common sense, boy.

> Mine tells me they do phone and print surveys of CTO and IT managers, asking
> how many Windows and Linux/Unix server installations are running in their
> organizations, which versions, what services they provide, etc.

And you really belive the CTO knows every last server and what
they providem and the IT managers know that the Windows Server
the departement uses is in fact a Linux server since 3 years ago
now and so on?

Use your common sense, boy!

> They survey
> a certain number of companies, then make statistical projections based on
> their survey sample size.

So you don't know, you speculate ... and your methods are extremely
flawed and a good way to over-represent Windows.

> It doesn't reflect poorly on Linux, anyway, but I guarantee many Windows
> viruses are written by MS-hating Linux morons.

Opposed to viruswriters who (as has been proved by now) sell
their zombie networks to spammers?

Your namecalling, your absurd try to connect Linux with morons,
MS-hating and slogware just shows that you are unable to think,
you just knee-jerk.  Pray tell, how much does MS pay you?

>> yes, I have verified it. It's quite simple, as .deb packages are
>> easily taken apart for inspection. As are .rpm and .tgz files.

> And after you verified it, what?  Did you start moving the files around?
> The whole point is, who cares where the files are installed, or that a few
> may be left after uninstall (Linux and Windows)?  It may be comforting to
> know, but it's not really important, and some cola nut was using it to bash
> Windows.

Ah, so leaving behind anything is suddenly not a problem, after
you found that, indeed, people verified that their tools work?

>> and have you verified them? or are you simply trusting MS and the
>> appwriter?

> Exactly.

Unable to anser?  So you have not verified them, right?

-Wolfgang