Board index » kylix » Re: 2004 - Year of Linux Desktop

Re: 2004 - Year of Linux Desktop


2004-02-03 01:38:28 PM
kylix2
Quote
Ender < XXXX@XXXXX.COM >wrote in
>Well... for example nntpcache... open source... their server put
Iman L Crawford wrote:
You should have modified nntpcache to not incoude the special header.
I'm modified nntpcache in way i want but i cannot examine each open sourced
application i use, as i cannot examine closed sourced application. Open
Source is not panacea from backdoors.
 
 

Re:Re: 2004 - Year of Linux Desktop

Quote

>I don't have any personal experience.

As much of other people.
I have not been shot dead either. As long as there are shotguns, I fear
it anyway.
-Michael
 

Re:Re: 2004 - Year of Linux Desktop

Michael Schnell wrote:
Quote
I have not been shot dead either. As long as there are shotguns, I fear
it anyway.
Obviuosly you don't fear kitchen knife. However it is main instrument for
most {*word*190}s.
 

{smallsort}

Re:Re: 2004 - Year of Linux Desktop

Ender schrieb:
Quote

Michael Schnell wrote:
>I have not been shot dead either. As long as there are shotguns, I fear
>it anyway.

Obviuosly you don't fear kitchen knife. However it is main instrument for
most {*word*190}s.
Both tools can kill. A kitchen knife is a useful tool for other things,
while shotguns are primary build for {*word*190}.
Analogy: Any Software can do harm. Open source software is mainly
created to do useful things for the user, while propriety software is
_mainly_ created have the creator make money. Serving the user is only a
side effect for the creator. The user's benefit depends on his (unknown)
loyalty.
-Michael
 

Re:Re: 2004 - Year of Linux Desktop

Ender schrieb:
Quote

MS>I think it's highly hilarious to think that simply disabling the
MS>service account could prevent Microsoft from accessing the system.
MS>They _are_ able to do more sophisticated backdoors.

So you being based on the assumption that theoretically Microsoft can insert
a backdoor, assert that the door is already inserted? Funny. :-) Is there
evidence that someone from Microsoft tried to enter into customer system
wihtout permission?
Now the evidence of the possibility is in all over in the press and MS
themselves urge their customers to do upgrades to their potentially
harmful code:
Half a year ago, e-eye detected an "issue" in the modern versions of
Windows (NT, 2K and XP) that allows a malevolent http server to secretly
read data from a PC that browses to this site. E-eye made an agreement
with Microsoft not to publish this, until MS would provide a fix. (I did
not see a notice about any payment being involved in that deal).
I can't believe that such a complex communication "issue" can be created
by bad chance. I think it's obviously a feature not a bug. I would call
it a back door or a built-in trojan horse. I think it would take only a
few lines of code to close such a communication channel, so it looks
like MS took half a year to create a new (better hidden) backdoor.
It's true that there is no evidence that someone (from Microsoft or just
a hacker) used that backdoor yet. Nor do I suggest that Microsoft intend
to use such features to directly harm their current legal customers. But
I think they might use it against competitors and previous customers
that don't want to buy upgrades.
-Michael
 

Re:Re: 2004 - Year of Linux Desktop

MS>>>I think it's highly hilarious to think that simply disabling the
MS>>>service account could prevent Microsoft from accessing the system.
MS>>>They _are_ able to do more sophisticated backdoors.
Quote
>So you being based on the assumption that theoretically Microsoft can
>insert a backdoor, assert that the door is already inserted? Funny.
>:-) Is there evidence that someone from Microsoft tried to enter into
>customer system wihtout permission?
MS>Now the evidence of the possibility is in all over in the press and
MS>MS themselves urge their customers to do upgrades to their
MS>potentially harmful code:
MS>Half a year ago, e-eye detected an "issue" in the modern versions of
MS>Windows (NT, 2K and XP) that allows a malevolent http server to
MS>secretly read data from a PC that browses to this site. E-eye made
MS>an agreement with Microsoft not to publish this, until MS would
MS>provide a fix. (I did not see a notice about any payment being
MS>involved in that deal).
Exactly what issue you talking about.
---
Andrew V. Fionik, Papillon Systems, Unix Programmers Group
For reply use "ender" instead of "fionika" in e-mail.
 

Re:Re: 2004 - Year of Linux Desktop

Quote
Exactly what issue you talking about.

I did describe it: browsing to a malevolent website allows same to
"overtake complete control of the system". This is what I read in
several German non-computer-press articles. It is said to have to do
with ASN1. I have no technical details. I'm sure there are lot's of
English articles in the Internet, too. Googeling on "eeye microsoft
asn1" gives some 50 results.
-Michael
 

Re:Re: 2004 - Year of Linux Desktop

Quote
>Exactly what issue you talking about.
Michael Schnell wrote:
I did describe it: browsing to a malevolent website allows same to
"overtake complete control of the system". This is what I read in
several German non-computer-press articles. It is said to have to do
with ASN1. I have no technical details. I'm sure there are lot's of
English articles in the Internet, too. Googeling on "eeye microsoft
asn1" gives some 50 results.
www.securitytracker.com/alerts/2004/Feb/1009007.html
I read article but not found anything that can be described as "backdoor
specially made by Microsoft".
 

Re:Re: 2004 - Year of Linux Desktop

Quote
I read article but not found anything that can be described as "backdoor
specially made by Microsoft".
Of course not <g>.
But the _real_ question is: how to make sure that something like this is
not hidden (if on purpose or on bad chance) in the updates provided and
in newer releases of the OS.
In the open source world it would have taken only days after the
detection until a patch would have been available not half a year.
In Linux such a problem is very unlikely, as a user is not allowed to
execute code in system mode and thus "take over the complete system", as
described in the articles.
-Michael
 

Re:Re: 2004 - Year of Linux Desktop

R.F. Pels wrote:
Quote
ken moffat wrote:


>>As if 'desktop market' is equivalent to 'home desktop market', which it
>>is not. How big is the percentage of corporate users that really need to
>>watch DVD's?
>
>For that matter, what's the % of home users who need to. I've had the
>capability for quite some time and use it about twice, just to see if I
>could.


Same here. Plus, if I would like to, I'd buy a set that I connect to my TV.

you can watch dvd on linux
--
Borland rulez pages.infinit.net/borland
 

Re:Re: 2004 - Year of Linux Desktop

Quote
>I read article but not found anything that can be described as "backdoor
>specially made by Microsoft".
Michael Schnell wrote:
Of course not <g>.

But the _real_ question is: how to make sure that something like this is
not hidden (if on purpose or on bad chance) in the updates provided and
in newer releases of the OS.
Stop, stop, stop... you said initially "I think it's obviously a feature not
a bug." So having read that articles you see solid, real, obvious evidence
that Microsoft specially make that library as backdoor?
Quote
In the open source world it would have taken only days after the
detection until a patch would have been available not half a year.
For certain programs, yes. For certain, no.
Quote
In Linux such a problem is very unlikely, as a user is not allowed to
execute code in system mode and thus "take over the complete system", as
described in the articles.
Unless some software will be not discovered by hackers. I predict as the
Linux will grow more at usage there will be much more holes and viruses on
the Linux side.
 

Re:Re: 2004 - Year of Linux Desktop

On 02/18/04 10:21 +0900, Marc Collin wrote:
Quote
you can watch dvd on linux
Where can I buy LinDVD or PowerDVD? Decryption hacks don't sit
well with me, so I'd prefer to have a legitimate commercial solution.
trane
--
//------------------------------------------------------------
// Trane Francks XXXX@XXXXX.COM Tokyo, Japan
// Practice random kindness and senseless acts of beauty.
 

Re:Re: 2004 - Year of Linux Desktop

Quote
Where can I buy LinDVD or PowerDVD?
AFAIK, e.g. it comes with Lindows.
-Michael
 

Re:Re: 2004 - Year of Linux Desktop

Quote

Stop, stop, stop... you said initially "I think it's obviously a feature not
a bug." So having read that articles you see solid, real, obvious evidence
that Microsoft specially make that library as backdoor?
Was it done on bad chance or was it well hidden ? Neither can be proved
on a technical basis, you would have to hear witnesses.
That is why I tried co concentrate on a solution instead of continuing
guesses ("The real question is...")
Quote
Unless some software will be not discovered by hackers.
In the past such holes were detected and closed shortly after detection.
Taking over an root account is one of the matters that are watched very
intensively by many sites.
Quote
I predict as the
Linux will grow more at usage there will be much more holes and viruses on
the Linux side.
I agree.
-Michael
 

Re:Re: 2004 - Year of Linux Desktop

On 02/18/04 17:02 +0900, Michael Schnell wrote:
Quote
>Where can I buy LinDVD or PowerDVD?

AFAIK, e.g. it comes with Lindows.
True, but it's not sold separately. If I have to use Lindows, I
might as well use Windows. Hey, that rhymes. ;^)
trane
--
//------------------------------------------------------------
// Trane Francks XXXX@XXXXX.COM Tokyo, Japan
// Practice random kindness and senseless acts of beauty.