Microsoft - Gun, aim at foot, shoot 5 times

[Gordon Darling]

http://www.microsoft.com/technet/security/current.asp

MS03-038 : Unchecked buffer in Microsoft Access Snapshot Viewer Could
Allow Code Execution (827104)

MS03-037 : Flaw in Visual Basic for Applications Could Allow Arbitrary
Code execution (822715)

MS03-036 : Buffer Overrun in WordPerfect Converter Could Allow Code
Execution (827103)

MS03-035 : Flaw in Microsoft Word Could Enable Macros to Run
Automatically (827653)

MS03-034 : Flaw in NetBIOS Could Lead to Information Disclosure
(824105)

Regards
Gordon

 

[Darrien]

http://www.microsoft.com/technet/security/current.asp

MS03-038 : Unchecked buffer in Microsoft Access Snapshot Viewer Could
Allow Code Execution (827104)

MS03-037 : Flaw in Visual Basic for Applications Could Allow Arbitrary
Code execution (822715)

MS03-036 : Buffer Overrun in WordPerfect Converter Could Allow Code
Execution (827103)

MS03-035 : Flaw in Microsoft Word Could Enable Macros to Run
Automatically (827653)

MS03-034 : Flaw in NetBIOS Could Lead to Information Disclosure
(824105)

http://www.linuxsecurity.com/advisories/index.html


Gentoo: 'atari800' buffer overflow

Gentoo: 'gallery' cross-site scripting vulnerability

Gentoo: 'eroaster' temporary file vulnerability

Gentoo: 'mindi' temporary file vulnerability

Gentoo: 'phpwebsite' SQL injection vulnerability

Conectiva: gdm Multiple vulnerabilities

Gentoo: horde Remote session hijacking

Gentoo: pam_smb Remote buffer overflow vulnerability

Gentoo: vmware Insecure symlink vulnerability

Conectiva: 'sendmail' remote vulnerability

TurboLinux: pam_smb vulnerability

Red Hat: 'up2date' required update

Red Hat: 'sendmail' DNS maps DoS

Debian: 'node' buffer overflow, format string

TurboLinux: perl CGI.pm XSS vulnerability

 

[Mick]

Hello Gordon,
You wrote on Wed, 3 Sep 2003 19:18:26 +0000 (UTC):

MS03-038 : Unchecked buffer in Microsoft Access Snapshot Viewer Could
Allow Code Execution (827104)

MS03-037 : Flaw in Visual Basic for Applications Could Allow Arbitrary
Code execution (822715)

MS03-036 : Buffer Overrun in WordPerfect Converter Could Allow Code
Execution (827103)

MS03-035 : Flaw in Microsoft Word Could Enable Macros to Run
Automatically (827653)

MS03-034 : Flaw in NetBIOS Could Lead to Information Disclosure
(824105)

You think M$ is bad? Read on...

I tried to install Linux (RH 7.x) the other day (dual boot job). First, I
ran into the 1024 (or however many it damn was) cylinders problem (I had to
Google the answer for this as the install program just advised an error had
occured). After reformatting and repartioning my 40 GB hard disk SIX times
so that both Windows and Linux could happily live because Linux is so fuzzy
that it wants you to first define how much space to give "/", "/boot",
"/tmp" and half a dozen more "/blah..." directories. Being a Linux newbie I
asked myself what the hell are they these things and how the hell do I know
how much space to assign? Of course, no answers came. I mean come on, I've
never installed Linux before. So I stared at the screen hoping the figures
would magically adjust themselves. Nope, no luck there. Little did I know
when I started that RH Linux ONLY auto-installs to a non-dual boot hdd and
don't even get me started on those supposedly user-friendly Linux fdisk
programs - hah, user-friendly my ass. Jumped on another computer (a working
Micro$oft one) and went to the RH site looking for answers. Found none.
Did a Google search and found some rough figures for some of the
directories, and just guessed at the others. Plugged them in and prayed.

I finally made it past the second or third install screen (hooray - I
brought out the band) and promptly ran into the unsupported graphics card
(GeForce 3 - Ti500) problem. Thought I'd be smart and install the low-end
generic video card driver as recommended by the install program. Wrong -
computer froze up. After unsuccessfully trying a restart, reformatted the
hard disk (do you know how long it takes to reformat a 40 GB hard disk -
close to 40 mins using a P4 1.8GHz - and this was my SEVENTH time) and
reinstalled up to this point again. Jumped on another computer (a working
Micro$oft O/S one) and went to the RH site looking for updated drivers. Not
only did I found the site difficult to navigate quickly, but when I
eventually the undate section, I saw so many security fixes (dozens and
dozens and dozens -so many more than M$ has ever brought out for Win 9.x or
ME), that I almost gave up then because as I found out, updating Linux is
not a simple matter of downloading a fix and executing it as it is in
Windows. Anyhow, didn't find any answers to my current problem on RH site
so I Googled for a driver. Found one on a site but thought to myself, what
the hell do I do with a "tar" or "tarball" (or whatever it was) in the
install program as I wouldn't even know how to unpack it (do I have the
tools) or where to put it. Decided then and there I had had enough of Linux
and promptly reformatted and reinstalled Windows ME and was up and running
(including all updates) within 90 mins. Hugged my box and swore I would
never again put it through that pain or cast dispersions at M$ operating
systems (even with all their faults) because simplicity is key to a happier
working relationship.

Lessons:
1. It's Linux or Windows, but not both (not for a newbie anyway)
2. Installing Linux is NOT as easy as it is made out to be by some here in
this group.
3. Read up on Linux and its install problems before wasting time and effort
4. I wasted $100 buying RH 7.x book and cd's

Oh, and this was my third and final attempt at installing Linux. I may
revisit Linux in 5-10 years when it has grown up enough to install and
update as easily as Windows does.

 

[techie]

http://www.linuxsecurity.com/advisories/index.html

Some people still don't "get" the open-source development process.
Applications are released while still in development so users can try
them and make recommendations or requests to the development crew, or
can even implement their own features and submit them for inclusion.
At some point a "stable" version is established that is considered
reasonably solid. A copy of this is made and becomes the "Beta".
Further development on the "Stable" version is frozen and only
bugfixes are then allowed. Development work then continues on the
"Beta" version. Eventually the Beta version reaches some development
milestone. Feature development on the Beta is temporarily frozen while
people look for bugs and vulnerabilities. This refined Beta then
becomes the new "Stable" version, a copy of that becomes the new
Beta, and the whole process repeats all over again.

Knowing all that, it should come as no surprise that the majority of
vulnerabilities you hear about in open-source software appear in the
bleeding-edge Beta versions.

Gentoo: 'atari800' buffer overflow

Gentoo: 'gallery' cross-site scripting vulnerability

Gentoo: 'eroaster' temporary file vulnerability

Gentoo: 'mindi' temporary file vulnerability

Gentoo: 'phpwebsite' SQL injection vulnerability

Conectiva: gdm Multiple vulnerabilities

Gentoo: horde Remote session hijacking

Gentoo: pam_smb Remote buffer overflow vulnerability

Gentoo: vmware Insecure symlink vulnerability

For what it's worth, Gentoo Linux hasn't reached a Stable stage yet.
It's still Beta and is likely to remain so for several more years.

Conectiva: 'sendmail' remote vulnerability

TurboLinux: pam_smb vulnerability

Red Hat: 'up2date' required update

Red Hat: 'sendmail' DNS maps DoS

Debian: 'node' buffer overflow, format string

TurboLinux: perl CGI.pm XSS vulnerability

Naturally the more applications you have, the more vulnerabilities
will be discovered. So how many Microsoft applications are there? How
many open-source applications are there?

I don't know about the former, but my Linux distribution came with
8,500 free applications and that's only the best of what's out there.
The last time I checked, SourceForge had over 50,000 open-source
projects going. And that was a few years ago.

Also I think you'll find that the open-source development process, the
greater security-consciousness of *nix developers, the innate security
of the design of Unixlike OS's, and the ability of "many eyes" to
inspect the code, all lead to far fewer
vulnerabilities-per-application than one finds in Microsoft software.

Unlike Windows users, I never worry on my Linux and *BSD systems
about spyware, malware, trojans, viruses, malicious email attachments,
browser takeovers, getting hacked while I'm online, or getting hacked
through my browser just because I visited a webpage.

 

[=?ISO-8859-1?Q?=BBQ=AB?=]

For what it's worth, Gentoo Linux hasn't reached a Stable stage
yet. It's still Beta and is likely to remain so for several more
years.

Well, the same is true of all Microsoft operating systems, isn't
it? ;-)

Seriously, thank you for the clearly written explanatory post. I
use Gentoo, but would not consider using a beta OS for anything
mission-critical.

 

[Kevin Davis³]

Some people still don't "get" the open-source development process.
Applications are released while still in development so users can try
them and make recommendations or requests to the development crew, or
can even implement their own features and submit them for inclusion.
At some point a "stable" version is established that is considered
reasonably solid. A copy of this is made and becomes the "Beta".
Further development on the "Stable" version is frozen and only
bugfixes are then allowed. Development work then continues on the
"Beta" version. Eventually the Beta version reaches some development
milestone. Feature development on the Beta is temporarily frozen while
people look for bugs and vulnerabilities. This refined Beta then
becomes the new "Stable" version, a copy of that becomes the new
Beta, and the whole process repeats all over again.

Knowing all that, it should come as no surprise that the majority of
vulnerabilities you hear about in open-source software appear in the
bleeding-edge Beta versions.


For what it's worth, Gentoo Linux hasn't reached a Stable stage yet.
It's still Beta and is likely to remain so for several more years.

What I get is that this is a cop-out, IMO. You can put any label on
it you want (such as Alpha, Beta, etc) but if you have released it to
the general public with no expiration, it is essentially a release.
And if most people utilitize it as release software, that is basically
what it has become.

If this all is truly Beta or less mature software, it has no business
being listed on formal security sites like SANS, CERT, ISS, and
others. The descriptions often include verbiage like "This software
ships with the following Operating Systems: Gentoo Linux". Clearly
experts consider Gentoo a mature, released product when they use the
word "ship".

I don't know about the former, but my Linux distribution came with
8,500 free applications and that's only the best of what's out there.
The last time I checked, SourceForge had over 50,000 open-source
projects going. And that was a few years ago.

Not all of SourceForge's projects are Linux based. There are many
that are Windows.

Also I think you'll find that the open-source development process, the
greater security-consciousness of *nix developers, the innate security
of the design of Unixlike OS's, and the ability of "many eyes" to
inspect the code, all lead to far fewer
vulnerabilities-per-application than one finds in Microsoft software.

There are arguments pro and con for this. But I generally agree with
you on this.

Unlike Windows users, I never worry on my Linux and *BSD systems
about spyware, malware, trojans, viruses, malicious email attachments,
browser takeovers, getting hacked while I'm online, or getting hacked
through my browser just because I visited a webpage.

Some claim that this is largely because of the pervasiveness of
Windows and if any of these other OS's were as popular, they would
have more grief in this area. I agree that this is a significant
factor. It is difficult to prove this to be fact or fiction, however.
Not that anyone would change their opinion one way or another on this.
This issue has become a largely "religious" and emotional one where
valid facts and points on the opposite side are completely dismissed.

 

[Tiger]

What I get is that this is a cop-out, IMO. You can put any label
on it you want (such as Alpha, Beta, etc) but if you have
released it to the general public with no expiration, it is
essentially a release.

A beautiful example of Techie's point. Just can't wrap your mind
around that "open-source" concept, huh?

--
Tiger

"Zero is where the fun starts
There is too much counting everywhere else."
- Hafiz

 

[techie]

Well, the same is true of all Microsoft operating systems, isn't
it? ;-)

Seriously, thank you for the clearly written explanatory post. I
use Gentoo, but would not consider using a beta OS for anything
mission-critical.

I just visited their website. Wow, it's really coming along! I might
grab a copy to play with when I get a system free.

 

[techie]

What I get is that this is a cop-out, IMO. You can put any label on
it you want (such as Alpha, Beta, etc) but if you have released it to
the general public with no expiration, it is essentially a release.
And if most people utilitize it as release software, that is basically
what it has become.

You still don't "get" the open-source development process. Part of the
process is letting anyone use the betas who wants to so they can
participate in its development, help with the testing, etc. You can't
simultaneously lock up the code and let the world try it out.

If this all is truly Beta or less mature software, it has no business
being listed on formal security sites like SANS, CERT, ISS, and
others.

Why not? OSS development can involve tens-of-thousands to millions of
people exercising new code on real systems connected to the Big Bad
Internet.

The descriptions often include verbiage like "This software
ships with the following Operating Systems: Gentoo Linux". Clearly
experts consider Gentoo a mature, released product when they use the
word "ship".

Today's buglist shows 51 bugs. I'd call that a beta:

<http://bugs.gentoo.org/buglist.cgi?...queryname=&order=Reuse+same+sort+as+last+time>

They're coming along quite nicely, though. When I last looked about a
year ago Gentoo was more a curiosity than a useful OS.

Not all of SourceForge's projects are Linux based. There are many
that are Windows.

I bet most of those Windows apps are actually multiplatform
applications with an origin in Linux or *BSD. Portability is
traditional in Linux and open-source is the norm. By contrast,
relatively few Windows developers are proficient at multi-platform
programming, and a visit to Windows freeware sites will show that
virtually all Windows freeware applications are closed-source except
the ones that were ported to Windows from Linux or the BSD's.

Some claim that this is largely because of the pervasiveness of
Windows and if any of these other OS's were as popular, they would
have more grief in this area.

Servers are a prime target of hackers, and in most cases their
ultimate goal. Roughly 1/3 of the servers on the Internet are running
Linux and another third are running linux applications on *BSD or
Unix. That's hardly an insignificant target.

I agree that this is a significant factor.

The three greatest reasons Windows suffers so many worms and viruses
are that it's a monoculture, MS insists on making you load gobs of
unnecessary software, and they insist on embedding executable code on
documents. Linux doesn't suffer any of those problems. I'm sure
there'll be Linux worms and viruses someday, but not to the scale we
see with Windows. One factor alone - the lack of a monoculture - is
enough by itself to keep worms and viruses from spreading as quickly
or to as many systems as they do under Windows.

It is difficult to prove this to be fact or fiction, however.
Not that anyone would change their opinion one way or another on this.
This issue has become a largely "religious" and emotional one where
valid facts and points on the opposite side are completely dismissed.

Yup. But that doesn't mean we fans have to keep quiet when someone
posts something misleading about Linux.

 

[techie]

A beautiful example of Techie's point. Just can't wrap your mind
around that "open-source" concept, huh?

Need to find my "learning stick"...

 

[SINNER]

* Mick Wrote in alt.comp.freeware, on Thu, 4 Sep 2003 09:02:34 +1000:

Hello Gordon,
You wrote on Wed, 3 Sep 2003 19:18:26 +0000 (UTC):
[...]

You think M$ is bad? Read on...

I tried to install Linux (RH 7.x) the other day (dual boot job). First, I
ran into the 1024 (or however many it damn was) cylinders problem (I had to
Google the answer for this as the install program just advised an error had
occured). After reformatting and repartioning my 40 GB hard disk SIX times
so that both Windows and Linux could happily live because Linux is so fuzzy
that it wants you to first define how much space to give "/", "/boot",
"/tmp" and half a dozen more "/blah..." directories.

I see your still wet behind the ears. Years ago it was essential that
you install DOS first and then tweak it to hell using your autoexec.bat
and config.sys files until you beat windows into submission. Back then
Harddrives were not even a gig in size. If it was larger then 500 megs
you had to break it up into multiple partitions as well. FWIW, you
didn't need to partition the HD at all, the only thing you really should
have is a swap partition. The mandrake installer would have done it all
for you and created a mount point for your windows partition, all
nondestructively.

Being a Linux newbie I
asked myself what the hell are they these things and how the hell do I know
how much space to assign? Of course, no answers came. I mean come on, I've
never installed Linux before. So I stared at the screen hoping the figures
would magically adjust themselves.

Well DUH! WTF did you expect? You take something as complicated as a
multitasking OS that you have never seen or used and expect to magically
know what to do? Get a KNOPPIX CD then talk to me about installing an
OS.

Nope, no luck there. Little did I know
when I started that RH Linux ONLY auto-installs to a non-dual boot hdd and

Total BS, it will gladly install on an HD with an OS on it and leave it
fully intact.

don't even get me started on those supposedly user-friendly Linux fdisk
programs - hah, user-friendly my ass. Jumped on another computer (a working
Micro$oft one) and went to the RH site looking for answers. Found none.
Did a Google search and found some rough figures for some of the
directories, and just guessed at the others. Plugged them in and prayed.

Incredible, do us all a favor and stay with windows.

I finally made it past the second or third install screen (hooray - I
brought out the band) and promptly ran into the unsupported graphics card
(GeForce 3 - Ti500) problem. Thought I'd be smart and install the low-end
generic video card driver as recommended by the install program. Wrong -
computer froze up. After unsuccessfully trying a restart, reformatted the
hard disk (do you know how long it takes to reformat a 40 GB hard disk -
close to 40 mins using a P4 1.8GHz - and this was my SEVENTH time)

Sounds exactly like every windows install I have ever done. I have
played with Mandrake, Red Hat, KNOPPIX and gentoo and every one has
installed on multiple machines in under 1/2 hour (except Gentoo but
thats to be expected when you compile your own OS) with all hardware
working. I have no friends close by that use Linux and I just passed my
1 year anniversary. I am amazed at how easy this OS is to install, even
though there are multiple distributions. Your expectations were
unreasonable.


[snipped a bunch of drivel easily resolved with a little reading]

Lessons:
1. It's Linux or Windows, but not both (not for a newbie anyway)

Not true at all, I am living proof.

2. Installing Linux is NOT as easy as it is made out to be by some here in
this group.

You did no research and likely didn't prepare for the task ahead.
Installing an OS is not like clicking 'Next'.

3. Read up on Linux and its install problems before wasting time and effort

should have taken your own advice.

4. I wasted $100 buying RH 7.x book and cd's

I spent NOTHING and got all the above OS's any books I have bought was
money well spent but there is a breadth of very good documentation, all
you have to do is ask.

Oh, and this was my third and final attempt at installing Linux. I may
revisit Linux in 5-10 years when it has grown up enough to install and
update as easily as Windows does.

IMO It was ready when Mandrake released 9.0, every day since has been a
worthwhile adventure.

 

[Darrien]

On Thu, 04 Sep 2003 01:20:44 GMT, Kevin Davis³

[...]

It is difficult to prove this to be fact or fiction, however.
Not that anyone would change their opinion one way or another on this.
This issue has become a largely "religious" and emotional one where
valid facts and points on the opposite side are completely dismissed.

Yup. But that doesn't mean we fans have to keep quiet when someone
posts something misleading about Linux.

That's a good one.

I post a link to a site, copy & paste information on that site, and I'm
"misleading" others.

If that's true, then linuxsecurity.com must be misleading others.

 

[Bernd Schmitt]

[... Microsoft bug list ...]

I tried to install Linux (RH 7.x) the other day (dual boot job).

First advice I can give you for trying Linx: get a Knoppix CD, no need to
install, just boot it and try out. Be sure, that the system is slower as a
system running from harddisc. -> knopper.net
Second: Please, if you want to use new hardware, then use a current
Linux/GNU version.
Third: there are several linux newsgroups, help sites and mostly every
city has a linux user group to help newbies.

Lessons:
1. It's Linux or Windows, but not both (not for a newbie anyway)

Some people are newbie, their whole life ;-)
But serious, Linux can be installed in a way, that non-techs don't see /
feel the difference.

2. Installing Linux is NOT as easy as it is made out to be by some here in
this group.

It is easy, try out a current version RH9.
You have to compare apples with apples. If you want to get a plain
Linux-PC you buy compatible hardware and then you can have a 1 CD - 3
click install (with SuSE).
What if you want to have dual-booting on windows 9x + 2k or xp? Is this
easy for a win-newbie? Or, how can you install windows on a LinuxPC
without harming Linux?

3. Read up on Linux and its install problems before wasting time and effort

Better: try a KnoppixCD - no installing, just booting, then you can see,
if your hardware is compatible.

4. I wasted $100 buying RH 7.x book and cd's

Then, sorry, you are stupid. There was no need for you to buy RH. You
could have got a free copy of those CDs. If you would have asked somebody
- you would have known that.


Summary:
Your comparisions are wrong.
Your conclusions are wrong.
Your statements are wrong.

If you really want to try Linux/GNU:
* get a KnoppixCD, boot it and see whether your hardware is compatible
* get a current version of a commercial Linux/GNU distribution
* ASK (here, or on alt.os.linux, comp.os.linux.answers ...)



please follow FUP2 acfd

Ciao,
Bernd

 

[Gordon Darling]

http://www.microsoft.com/technet/security/current.asp

MS03-038 : Unchecked buffer in Microsoft Access Snapshot Viewer Could
Allow Code Execution (827104)

snip other bugfixes.

My original post provoked some interesting replies.
Some points.

The Unices (HP-UX, AIX, Linux, BSD, etc) are inherently secure operating
systems out of the box. The Win3x, Win9x, WinME series are not and never
can be. The latter are single user, time sliced operating systems. The
former are genuine, permission locked multi-user, multi-tasking operating
systems.

The WinNT, Win2K, WinXP series are a different ball game. They followed
the Unix model (as does the Mac OSX) and are genuinely multi-user
multi-tasking out of the box. In fact WinNT used chunks of BSD code (quite
legally given the wide freedoms given in the original BSD licence)
especially in the networking code.

I would have no hesitation in using a Windows 2000 Server (fully up to
date with patches) in mission-critical applications. (Forget WinNT as it's
no longer supported for critical updates.)

WinXP I wouldn't touch as it's not mature enough. Microsoft opted with
WinXP to provide "useability" over security (form over function). It
ships, especially the Home edition, with far too much garbage enabled.
However, Microsoft has indicated that they will update XP to a more
"hardened" (less services running by default) release in the future. Lest
this be construed as criticising Microsoft only it should be pointed out
that the Linux Distributions have also had to learn this the hard way.
Early Linux distributions also shipped with dozens of services running.
The computing environment has changed and all Operating Systems now have
to start putting security first and bells and whistles second.

Microsoft's track record in critical problems in their core Operating
Systems is abysmal in comparison with the "professional" unices (AIX,
HP-UX, etc) but Microsoft were producing consumer products where ease of
use was paramount and indeed are greatly responsible for the ubiquity of
the "home computer".

Linux still has a better track record than ANY Microsoft Operating System
when apples are compared with apples. The core Linux kernel and services
have had very few critical bugs over the years. BUT, all modern Linux
Distributions (note the use of the word distribution) ship with many
thousands of disparate applications. And each distribution supports ALL of
the applications they ship. When did your hear of Microsoft issuing
bugfixes for WinAmp, Mozilla, Netscape, Adobe Acrobat, etc. Microsoft
supports Microsoft, bugger everyone else. Indeed Microsoft has, in the
past, conspired to break competitor's application ("DOS ain't done till
Lotus won't run").

The computing environment is changing (it's a big bad world out there) and
Microsoft is showing signs of changing. Much of that change is being
driven by Linux and you can see the fear in Steve Balmer and Bill Gates
pronouncements and actions. But Microsoft has existed as a monoculture for
a long time. They have tens of millions of lines of legacy code in WinXP
that have never been subject to peer review. It will take time but it will
happen if Microsoft wants to survive.

At the end of the day all Operating Systems are different. For example
there are far more freeware applications available for Linux (by many
tens of thousands) but there are still high-end applications that are only
available on Windows. (That however is changing - digital rendering for
CGI in multi-million dollar movies being an example). Religious wars are
facile wherever over doctrine or Operating Systems.

Regards
Gordon

 

[Bernd Schmitt]

Hallo Joachim,

Better would be both, especially when connecting printers and finding
a distribution that will work well with your hardware (esp. laptops).

My standard-answer is knoppix, because it includes selfLinux, which is a
comprehensive documentation on Linux.

And he could have bought the latest RH for that price.

_That_ was a point I've forgotten to mention and a reason, why I don't
trust his words. I can't imagine somebody to buy an outdated software for
100$, which can be obtained for free. How would the support situation in
this case? If you buy a SuSE distribution you only get free support until
30 (or 90?) days after the following release. This is one reason why
there are really cheap packages of SuSE 8.1 available (19 Euros including
books, 5 CDs, 1 DVD (>3000 programs)).
Mandrake:
Windows:

Cool, can I sig that sometime in the future?

Feel free...

Would have, but don't get that group.

You are the second who states this, don't you use news.cis.dfn.de, too?


Ciao,
Bernd

 

[SINNER]

* Darrien Wrote in alt.comp.freeware, on Thu, 04 Sep 2003 05:44:59 GMT:

On Thu, 04 Sep 2003 01:20:44 GMT, Kevin Davis³

[...]

It is difficult to prove this to be fact or fiction, however.
Not that anyone would change their opinion one way or another on this.
This issue has become a largely "religious" and emotional one where
valid facts and points on the opposite side are completely dismissed.

Yup. But that doesn't mean we fans have to keep quiet when someone
posts something misleading about Linux.

That's a good one.

I post a link to a site, copy & paste information on that site, and I'm
"misleading" others.

Funny, he wasnt quoting you.

--
David | AGM Favorite Games - http://tinyurl.com/loec
Wait a minute, Marge. I saw "Mrs. Doubtfire." This is a man in drag!

-- Homer Simpson
Simpsoncalifragilisticexpiala(annoyed grunt)cious

 

[SINNER]

* Mick Wrote in alt.comp.freeware, on Thu, 4 Sep 2003 17:02:40 +1000:

Hello SINNER,
You wrote on Thu, 04 Sep 2003 04:58:55 GMT:

* Mick Wrote in alt.comp.freeware, on Thu, 4 Sep 2003 09:02:34 +1000:

??>> Hello Gordon,
??>> You wrote on Wed, 3 Sep 2003 19:18:26 +0000 (UTC):

[...]

[snip unreadable quoted text]

As far as Linux is concerned, certainly.

Not true at all - I still have Windows 3.11 and DOS 5. I can install them
without having to tweak anything in either file, however, if I wish to
maximise memory use then I would need to tweak one or two lines.

Been a while then, go for it and see if you don't reboot 5 or six times
before all your hardware is configured, and without maximizing the
memory good luck running too much.

[...]

Well it didn't and wouldn't for me.

Not to mention this was the only one you seem to have tried. If you were
that new, you should have tried Mandrake anyway, its the definitive
newbie distro.

??>> Being a Linux newbie I
??>> asked myself what the hell are they these things and how the hell do I
know
??>> how much space to assign? Of course, no answers came. I mean come on,
??>> I've never installed Linux before. So I stared at the screen hoping
the
??>> figures would magically adjust themselves.

Thank you for making my point.

How so? XP is no easier to install.

BTW, I successfully installed NT and XP Pro
(complicated multi-tasking OS's as you put it) without running into these
problems so please don't confuse a lack of understanding on your part, for a
lack of intelligence on mine.

Not even possible, you surely had to reboot quite a few times, get some
third party drivers loaded etc... Don't confuse me using Linux with never
using a MS OS, I use one everyday and have installed them many many
times. In my experience Linux has been much easier to install, and since
it seems you've tried once and I have installed bot many times on
multiple platforms I am sticking with my experience then someone who is
apparently out to bash an OS.

??>> Nope, no luck there. Little did I know
??>> when I started that RH Linux ONLY auto-installs to a non-dual boot hdd
and

Before shooting off at the mouth, re-read the statement. I didn't say it
wouldn't install, I said it wouldn't auto-install. I found when trying to
install RH on a hard disk that already contained a DOS partition, the
install program would stops at a particular screen and requires you to input
various partition sizes for various mount points. This does not occur if
there are no DOS partitions or you elect to completely repartition/reformat
the entire drive for Linux. The install program will set up each partition
automatically for you in these cases.

Mandrake did this automatically. It offers a suggestion which works
flawlessly or allows you to partition manually. RH is more a corporate
end user environment anyway, you should have asked someone or read up
before you started.

??>> don't even get me started on those supposedly user-friendly Linux fdisk
??>> programs - hah, user-friendly my ass. Jumped on another computer (a
??>> working Micro$oft one) and went to the RH site looking for answers.
Found
??>> none. Did a Google search and found some rough figures for some of
??>> the directories, and just guessed at the others. Plugged them in and
??>> prayed.

So you speak for everyone here huh? Yeah, right.... You make a great
ambassador for Linux. How many ppl have you encouraged to try Linux? I bet
they're flocking to Linux as we speak ;-)

Linux doesn't need an ambassador, it has its own weed out process and I
see it works just fine. People that have gone through life as sheep
taking whats been handed to them and refusing to put the time in to
learn a new OS should stay with windows. People willing to learn without
throwing up walls at every turn and that realize that Linux is not like
windows, doesn't want to be like windows and doesn't want windows users
will get along just fine.

??>> I finally made it past the second or third install screen (hooray - I
??>> brought out the band) and promptly ran into the unsupported graphics
card
??>> (GeForce 3 - Ti500) problem. Thought I'd be smart and install the
low-end
??>> generic video card driver as recommended by the install program.
Wrong -
??>> computer froze up. After unsuccessfully trying a restart, reformatted
the
??>> hard disk (do you know how long it takes to reformat a 40 GB hard
disk -
??>> close to 40 mins using a P4 1.8GHz - and this was my SEVENTH time)

Well, your my hero.... You successfully installed Linux and I am the only
person it has failed on. Yeah right...

I could say the same about you. You sure are getting defensive....

[snipped a bunch of drivel easily resolved with a little reading]

Good to see you sharpening those ambassadorial skills again

Not necessary, you showed your not interested, you can bring a horse to
water.... I don't need to grovel with you to switch, do what you want,
Linux works for countless numbers of people, just as you seem to think
my experience is the exception many have proven that yours is.

??>> Lessons:
??>> 1. It's Linux or Windows, but not both (not for a newbie anyway)

Yes, you certainly are

Certainly not a bad thing, sorry, your sarcasm is lost.

??>> 2. Installing Linux is NOT as easy as it is made out to be by some
here in
??>> this group.

It is with Windows or has it been so long since you tried another OS?

You click next through an XP install and see if when your done the first
time the OS boots with all your hardware running and no additional
tweaks necessary, when your done come back so I can call you a liar.
Like I said, I do support for a living, these aren't one off experiences
and they are certainly not only my own.

??>> 3. Read up on Linux and its install problems before wasting time and
??>> effort

I would have, if I had known it would be that difficult, however, as my
crystal ball was in the shop at the time, I guess that's why I called it
Lessons Learnt.

If you need a crystal ball to figure out that taking on a new OS was
going to be difficult then you need more then a crystal ball.

??>> 4. I wasted $100 buying RH 7.x book and cd's

Again, please don't confuse a lack of understanding on your part, for a lack
of intelligence on mine. I am well aware that Linux can be had for free,
however, at the time of the purchase I did not have cable, I had a 33.6k
modem and shared dial-up. Downloading RH using this method would not only
be impractical, it would be downright unpopular.

http://www.cheapbytes.com

Again, this comes from not asking and making assumptions about something
you knew nothing about. You could have had multiple distros for 1/2 what
you paid.

??>> Oh, and this was my third and final attempt at installing Linux. I may
??>> revisit Linux in 5-10 years when it has grown up enough to install and
??>> update as easily as Windows does.

Well, I guess as someone who has tried it, I have a different opinion then.

Thats like trying spinach when your a kid and swearing it off, then when
you get older and try again, you find it wasn't that bad and you really
didn't know what you were crying about originally. If windows does
everything you want, stay with windows, its what any real ambassador of
Linux will tell you, switch only if you need/want to, no one cares.

 

[techie]

The WinNT, Win2K, WinXP series are a different ball game. They followed
the Unix model (as does the Mac OSX)

Since they're closed-source I've no way of knowing what's really on
the inside, but from what I've seen of the outside none of the above
are anything like Unix. The Unix model is more than just the kernel
design - it's a total obsession with security and stability throughout
the OS and applications. In Unix user-friendliness is sacrificed to
those two ends, while in Windows and OSX user-friendliness comes
before either.

Now personally I'm of the opinion that security and stability are also
aspect of user-friendliness. Just ask anyone who's lost work time or
data to an OS crash or to a worm or virus, or who's had their privacy
invaded via spyware, or who spends more time trying to secure their
inherently insecure server than they spend getting useful work done.

and are genuinely multi-user
multi-tasking out of the box. In fact WinNT used chunks of BSD code (quite
legally given the wide freedoms given in the original BSD licence)
especiallyin the networking code.

I lost track after the old TCP/IP-stack fiasco. Did Microsoft remember
to include the BSD copyright notices this time, as required by the BSD
license?

 

[Joachim Ziebs]

Hi Bernd!

_That_ was a point I've forgotten to mention and a reason, why I don't
trust his words. I can't imagine somebody to buy an outdated software for
100$, which can be obtained for free. How would the support situation in
this case? If you buy a SuSE distribution you only get free support until
30 (or 90?) days after the following release. This is one reason why
there are really cheap packages of SuSE 8.1 available (19 Euros including
books, 5 CDs, 1 DVD (>3000 programs)).
Mandrake:

MDK: standard is 39 EUR, Powerpack CD only is 54 EUR, Powerpack full is 69
EUR, 3 disk download is free.

Windows:

No idea.

Feel free...
Thanks.

You are the second who states this, don't you use news.cis.dfn.de, too?

I do, but I don't follow discussions in acfd.


Greetings,

Joachim

 

[Darrien]

Congratulations on a well written, well thought out, and pragmatic article.

There are however, some points which I must call attention to.

[...]

all modern Linux Distributions (note the use of the word distribution)
ship with many thousands of disparate applications. And each
distribution supports ALL of the applications they ship.

This is not an exact comparison. The distribution vendors *support* all of
the applications that they ship, but they don't write the patches for them.

[...]

Indeed Microsoft has, in the past, conspired to break competitor's
application ("DOS ain't done till Lotus won't run").

I'm going to need proof of that.


Still an intelligent article. If more people (on both sides) had this
mindset, there would be less zealotry and "holy wars".