[BLU] Re: [BLU] RE: [REDHAT] Dell knocks Linux off the desktop (fwd)

[se at panix.com (Scott Ehrlich)]

David:

I don't know how you sent the message below, but it looks like the next
you quoted came from me, which is not true.   Is there another Scott
Ehrlich on the list?

Scott

On Wed, 8 Aug 2001, David Kramer wrote:

> On Wed, 8 Aug 2001, Derek Martin wrote:
>
> > On Wed, Aug 08, 2001 at 08:44:16PM -0400, Scott Ehrlich wrote:
> >
> > Today I have been forced to submit to a reduction in the Internet
> > service I am afforded, precisely because people don't regard their
> > systems as needing to be secured.  AT&T now filters all requests to
> > port 80 across their entire network.  So despite the fact that I have
> > made every effort to keep *MY* system secure, and don't even use the
> > software or OS affected by the plague of the day, I suffer a loss of
> > service at the hands of people who chose to run services without
> > regard to their responsibility to keep them secure.
>
> Funny, mine was not changed.  Maybe they're doing it area by area.  Too
> bad DSL sucks.  Not many options.
>
> > Now I know that some people will be quick to respond to my little rant
> > above by pointing out that MediaOne, and subsequently AT&T, have
> > always had a no server clause in their ToS.  Which is fine and dandy,
> > except that it has always been tolerated provided you do not pose a
> > threat or abuse your bandwidth, and I used the service knowing that.
>
> This is not the case.  Their MediaOne's policy for the past few years has
> been that it is OK to run servers as long as you don't ask for support
> related to the servers, and when you call support you are using a Windows
> machine, and the servers are not used for any commercial purposes, and do
> not tax the localnet too much.  Several years ago it was much more
> restrictive.
>
> > I shouldn't end this without thanking Microsoft.  If it were not for
> > their shoddy software, none of this would be possible.  They have
> > repetedly ignored security issues in order to satisfy requests for
> > features from their "customers" (which I'm now convinced really means
> > their business partners that want to sell you stuff, and pay MS for
> > the privilege to get in your face).  And, for a company that touts
> > themselves as hiring only the best and the brightest, they seem to be
> > remarkably unable to hire programmers that understand the concept of
> > bounds checking.
>
> OK, let's have a fair, factual debate.  Two things here:
>
> The lack of security MODEL in most versions of Windows was a
> well-thought-out design decision, not shoddy programming.  That is what
> the majority of IIS/IE exploits have relied upon.  Not buffer overflow.
> The software bends over backwards and begs to run downloaded executables
> in the name of doing what [teh software thinks] the user wants without
> having to know how to do it.
>
> Now, if you track the CERT UNIX security advisories and Red Hat's security
> list, you will see a few buffer overflow exploits A MONTH listed for
> various Linux distributions.  Who'se got shoddy software?
>
> >
> > And no, I have not forgotten that Linux software (and Unix for that
> > matter) can be vulnerable too.  But I also know that the Linux
> > community is generally MUCH, MUCH better about responding quickly and
> > responsibly to security issues than are MS and their users, and much
> > more likely to design security into their programs than MS.
>
> Holes are patched much faster, but is the average Linux home user with a
> cablemodem or DSL really more diligent about applying them?  I think not.
>
> -------------------------------------------------------------------
> DDDD   David Kramer                   http://thekramers.net
> DK KD
> DKK D  Football is not a contact sport; it is a collision sport.
> DK KD  Dancing is a contact sport.              --Vince Lombardi
> DDDD
>
>

-
Subcription/unsubscription/info requests: send e-mail with
"subscribe", "unsubscribe", or "info" on the first line of the
message body to discuss-request at blu.org (Subject line is ignored).