lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1064695877.3106.53.camel@tantor.nuclearelephant.com>
From: jonathan at nuclearelephant.com (Jonathan A. Zdziarski)
Subject: CyberInsecurity: The cost of Monopoly

I couldn't help but interject my 2 cents.  Visiting your website I see:

Main Entry: joe?ware
Pronunciation: 'jO-"war
Function: noun
Date: 2000
: generally useful idea pulled out of the ether by joe: as a: script 
and/or tool that makes the difficult easy; specifically: system 
administration tools b: win32 command line tools that almost make UNIX 
people think that there might be something to Windows after all c: the 
tools that real win32 admins prefer to use

<SNIP>

suggests to me that you have some bias against UNIX users, so I've no
choice but to take your arguments with a grain of sand as troll bait. 
I'll respond, though.  By the way, it's not the commandline tools that
make Windows an insecure and inefficient operating system - if most
other Windows developers feel the same way, I now understand why nothing
has really been fixed in ten years.

> Not an MC* anything. Don't believe I need a piece of paper to say I am
> capable of anything. 

Then why do you have a Microsoft "Most Valued Professional" logo on your
site?  This appears to be one of the cheesiest recognitions one could
attain, so why not aspire to something less embarrassing?

> I either do it or I don't do it. It's up to me. In
> general I feel that if your opinion of me if based on me holding a piece of
> paper or not is your issue to work out, not mine.

I couldn't agree with you more that a piece of paper does not a man
make, but in the Microsoft arena there are so many "want-to-be's" or
"pretending-to-be's" that an MC* is a good way to weed through the chaff
and know whether or not we're dealing with an intelligent, proven
individual or someone who merely "tinkers around" with the pretty GUI.

> If I had been heavily involved with the open source stuff, I would work my
> ass off to lock it down so anyone can read it but not as many people can get
> changes into it and compiled and out where it can cause damage. 

This is how most of the open source community operates, including the
Linux kernel, changes of which are heavily filtered.  The fact that the
open source community has a method of patch contribution does not weaken
its ability to maintain good software - it actually strengthens it by
not relying on a single entity to keep up with all the issues -
something Microsoft has obviously lacked in.

> I would also try to shut down the huge numbers of different people/companies all doing
> similar things but in non-compatible ways.

Then you will need to shut down Microsoft.  Microsoft has a long history
of creating their own standards which cause incompatibility with any
other more standardized tools in the industry.

>  For geeky tech people, this kind
> of environment is fine. For the world as a whole and big businesses (100k+
> employees) in particular it is too chaotic and uncontrolled. It is why many
> large large businesses are afraid of using open source products.

This is precisely how Microsoft's anti-competitive nature got started. 
Create what Dilbert calls a "confusopoly" and make Microsoft appear to
be the leader when in reality they are the redheaded stepchild of
technology (IMHO of course).

>  Also the
> licensing scares many as well. If you have a business that doesn't mind
> becoming a software design and writing house, it is great, but if you have a
> company that manufactures a motorcyle or bricks or sells hotdogs, MS makes
> more sense at this point.

This makes no sense.  There is more safety in open source software to a
hot dog vendor than there is in any Microsoft product.  A small business
wanting to run Linux to manage their LAN need not worry about licensing
concerns as they're not redistributing anything.  They can even install
the software on as many machines as they want without worrying about
licensing.  Microsoft, on the other hand, provides nothing but a hardass
system of compliance.  They support agencies such as the SPA (or
whatever they've morphed into now) which attack small startups and
generate profit through litigation.  I would submit that open-source
licensing such as the GPL is far more beneficial for Bub's Concession
Stand than a Microsoft license ever would be.

> I don't agree another way would be any more rewarding. I generally enjoy
> myself and am extremely well compensated. 

What does the average Windows bigot make these days?  I noticed you
don't have Windows XP or Windows 2003 Server listed on your resume - you
might want to consider expanding your skillset and tap those markets.  

> A long time ago I started out on Commodore Pet's, moved through Sperry
> Univac and IBM Mainframes, moved through DEC PDPs and VAXes, moved through
> Sun Sparcs, ended up in Windows and think it is some of the more realistic
> systems I have seen for the world of users as a whole versus a world of IT
> people.

So in other words you haven't touched a non-Windows system since the
1980's?  Things have changed.

> insecure (heh) at times

And this is acceptable to you?

> , but making decent strides while trying hard to support legacy systems

LOL you can't be serious.  Every time there is any significant change in
Windows, industry is forced to purchase upgraded versions of their
software from the manufacturer just to keep it running.  On the other
hand, some of the oldest crap I've had sitting in my home directory
archives from 5-10 years ago still runs just fine under *nix.

> If something came out tomorrow that I truly felt blew MS out of the water
> across the board and was the thing that would win out across the world, I
> would jump. 

Time to start jumping.  I can think of two operating systems that are
superior to Windows for end-user desktops:

- OSX (rumor also has it Apple is coming out with an x86 version)
- The RedHat 9 Linux distribution (easier install than Windows, _BETTER_
GUI, and great gui tools)

Both have *nix backends that are shelled with extremely customizable,
easy-to-use GUIs.  You don't have to know any more unix commands to use
either than you'd have to know DOS commands to use Winders.  Not only is
the backend superior to Windows, but the front-ends have now gotten to a
point where the Windows nuts I work with prefer them over Windows' GUI. 
Gnome has certainly come a long way on Linux!  

> I haven't seen it yet and don't expect to see it any time really
> soon.

Just keep your head in the sand and you won't have to worry about it.

> As for me, I
> will hoepfully be retired and out of the biz in 5-6 years.

Keep on scripting! Won't be long now.

>  I intend to spend
> my 40's, 50's, 60's, 70's+ on a beach somewhere with some little intelligent
> hottie whose worst worry is what color to dye her hair this week.

So you prefer emotionally shallow pets?

>  This stuff
> isn't religion, it's a job to pay for some of the fun things in life.

My belief is, if you're going to do anything, do it with excellence. 
This is why I don't run POS operating systems.

> Finally, anyone who thinks that MS is the reason for all the viruses and
> worms and exploits running around is deluding themselves. Every multiuser
> system especially any that share information in some way shape or form is
> insecure in some way. I would say some of the safest machines on the
> internet today are PDP 11's running RSTS/E. Not because there aren't holes
> but because no one is trying to figure out their holes. If MS were gone
> tomorrow, the focus would simply turn to whomever had the most popular OS. 

Anyone who believes that the anti-virus market didn't create itself,
more specifically without business "arrangements" with Microsoft is also
deluding themselves.  

It was the RED PILL, the RED PILL you were supposed to take!  





Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ