RE: [Full-Disclosure] CyberInsecurity: The cost of Monopoly

• Previous message: Jonathan A. Zdziarski: "RE: [Full-Disclosure] CyberInsecurity: The cost of Monopoly"
• In reply to: Jonathan A. Zdziarski: "RE: [Full-Disclosure] CyberInsecurity: The cost of Monopoly"
• Next in thread: Jonathan A. Zdziarski: "RE: [Full-Disclosure] CyberInsecurity: The cost of Monopoly"
• Reply: Jonathan A. Zdziarski: "RE: [Full-Disclosure] CyberInsecurity: The cost of Monopoly"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: <full-disclosure@lists.netsys.com>
Date: Sat, 27 Sep 2003 17:32:17 -0400

You did a great job of assuming what was being said here. You have an
incredible career in assumption waiting for you.

> I couldn't help but interject my 2 cents. Visiting your
> website I see:

Cool thanks! I decided to add a link to the site just before I posted so it
would give the anti-MS folks something to attack. I am glad I could be of
assistance to you.

> suggests to me that you have some bias against UNIX users,
> so I've no choice but

Nope, no BIAS against *N*X users unless they are so close minded to think
that *N*X is the only thing that will work for something or that everything
else is crap without at least sniffing their own fingers. I've used UNIX,
I've used/use Linux (run it in VMWARE sessions actually), I've used other
OS's as well.

My biggest gripe against UNIX users and Linux (want to be UNIX) users are
those that feel this is religion and need to be try and convert people.
Might as well give some of those puppies a hard copy of the man pages
stamped with the word HOLY on it and send them door to door with flowers or
something.

> I'll respond, though. By the way, it's not the
> commandline tools that make Windows an insecure and
> inefficient operating system - if most other Windows

Most Windows users do not use the command line. That is one of my big gripes
against Windows Users. Use of the command line actually stimulates mental
juices because you have to think a little bit when you type to actually get
something to work.

My current manager is actually a UNIX guy. Had been for years and years.
When he became my manager he knew nothing about Windows and was pretty close
minded like you. After 6 months he realized his judgements were based on
things he thought he knew versus the truth. Now he will push UNIX or Windows
depending on the application needed but for most he sees the benefit and
functionality of Windows over UNIX. He still uses his SGI machine though, he
backs up his Windows PC to it via FTP.

> Then why do you have a Microsoft "Most Valued Professional"
> logo on your site? This appears to be one of the cheesiest
> recognitions one could attain, so why not aspire to something
> less embarrassing?

Ah the MVP Logo indicates I am an MVP. An MVP is not someone who pays money
and takes worthless tests for a certificate to say hi, I know what I am
doing. I got the MVP recognition for being helpful in the newsgroups and
with my website and correct more often than not when doing so versus not
helping anyone. I am proud to display that I have been recognized as being a
helpful knowledgeable individual.

If my focus was Linux or Unix or AS/400 or whatever else I would be
recognized in those communities just as well. An MVP rating actually is
worth something in terms of sorting the wheat from chaff and when talking
bill rates because it isn't something you can buy, you actually have to
prove some sort of level of knowledge to get it. Also note there was no
aspiration nor goal to become an MVP. I did what I normally do and was
recognized for it.

Anway, once you get one, you can rip on it. Until then you are a wannabe
bitch who is whining because there is something you can't attain. Oh and I
know I know... You don't want it. That's fine. You don't see me bitching
about not being a recognized Linux person and I don't even want that either.

> I couldn't agree with you more that a piece of paper does not a man make,
> but in the Microsoft arena there are so many "want-to-be's" or
"pretending-to-be's"
> that an MC* is a good way to weed through the chaff and know whether or
not we're
> dealing with an intelligent, proven individual or someone who merely
> "tinkers around" with the pretty GUI.

These people exist in more places than the Microsoft arena. Granted there
are a lot in there though. I completely disagree that an MC* is a good way
to weed anything though. In on of my previous jobs we got an MCSE in and he
started speaking and soon as he did that we threw him over to work on OS/2
until he was willing to admit being an MC* meant nothing. There are many MC*
folks who are good and knowledgeable and worth hiring. However having an MC*
doesn't mean any particular individual is. An intelligent interviewer will
know whether someone is intelligent or not by speaking to them in the
interview and whatever is written becomes moot. My first job on Windows
machines had me being interviewed by a panel and me saying I knew nothing
about TCP/IP nor really anything about supporting Windows in a corporate
environment. Once I got that out of the way the whole conversation came to
what did I do and the details around it. I had a job the next day doing
something that I had never done before but with full confidence I wouldn't
have much of an issue. Some of the best people I have been involved in
getting hired in had no real corporate computer experience, they were simply
intelligent people.

> The fact that the open source community has a method of patch contribution
does
> not weaken its ability to maintain good software - it actually strengthens
it
> by not relying on a single entity to keep up with all the issues -
something
> Microsoft has obviously lacked in.

Visualize a large company. Now visualize depts around the world coming up
with their own solutions for holes they perceive and implementing them or
getting fixes from different sources and compiling them and implementing
them. Now visualize the chaos as the company tries to keep some form of a
standard. I agree that having lots of eyes looking things over is a good
thing. I don't agree with them being able to make ad hoc changes.

> Then you will need to shut down Microsoft. Microsoft has a long history
of
> creating their own standards which cause incompatibility with any other
more
> standardized tools in the industry.

However if you have program that says it runs on Windows XP, it runs on
Windows XP. You don't have to figure out which company produced your version
of Windows XP and then figure out what specific tweaks are needed or even
recompile to make it work.

> Create what Dilbert calls a "confusopoly"

Before I listen to any opinions you have on how large companies function
internally for IT, what is your experience in a large company? How big of an
IT dept was the largest? How many employees in the company? How many
machines in the company? How many countries were involved with the company?

> This makes no sense. There is more safety in open source software to a
hot
> dog vendor than there is in any

Yes sorry, I wrote that in a confusing way. Wasn't trying to say that the
licensing was specifically bad for a hot dog vendor. It was the chaos. You
get a small business and the owner is probably able to sit down and spin up
a couple of windows machines and share data between them in relatively short
order. With some of the other current geek POP OS's, this is not the case.

> What does the average Windows bigot make these days? I noticed you don't
> have Windows XP or Windows 2003 Server listed on your resume - you might
> want to consider expanding your skillset and tap those markets.

I don't know what a Windows bigot makes. I do know what I make and I am not
a Windows bigot as you probably don't know anyone who has done more
INTELLIGENT bitching about MS and Windows in attempts to get things fixed
with it. I won't state it here but you would probably be surprised and most
likely it would really piss you off that some stupid Windows guy makes that
much.

I do know that it is not the usual, I am on the high end of the curve for
most all IT people who actually do work versus sit and direct down to
everyone else what the company direction is. If it helps at all, when an MS
headhunter contacted me for one of their Enterprise Level Consulting groups
recently I was told they couldn't touch me as a FT employee but could
probably afford me if I wanted to do contract work with them occasionally.
When I was working with HP the compensation for UNIX admins
(AIX/HPUX/Solaris/IRIX/Other) was about 25% better than Windows Admins, I
made more than the UNIX admins at that time. The job I took after that
involved a considerable pay raise from there.

I haven't touched the resume in some time. However I have been involved with
W2K3 for quite some time as I was involved with its RDP program and helping
with specs and improvements and such. I was the one on the table shouting
"tell Marketing to piss up a rope", this product can NOT be called Windows
.NET Server. I was actually asking for it to be Windows Server 6.0. Still
asking for it in fact. However that name just isn't sexy enough I guess.

> So in other words you haven't touched a non-Windows system since the
1980's?
> Things have changed.

Umm nope, but again you win the assumption award. I was working on and
managing DEC equipment into the 90's. I know of several DEC machines on the
internet still right now. Have been playing with LINUX for quite some time
which is for the most part (static HTML serving is the exception) where I
think it belongs right now. As for the things have changed I am going to try
the assumption game and figure you mean *N*X... Yes, but not as much as they
should have. Look at the change in MS from the mid-80's to now, *N*X doesn't
come close to the change and growth.

> And this is acceptable to you?

Nope but I choose to work and help correct versus whine and bitch or say I'm
taking my toys and going home.

> LOL you can't be serious.

Yep.

> Every time there is any significant change in Windows, industry is forced
to purchase
> upgraded versions of their software from the manufacturer just to keep it
running.
> On the other hand, some of the oldest crap I've had sitting in my home
directory archives
> from 5-10 years ago still runs just fine under *nix.

I have an engineering system I wrote for a threadgrinding company in 1985
that is still in production and has been running daily since then. The last
update to the code was around 1987-90. It ran on a PC XT until just March of
this year when the 10MB hard drive died. It had gone through no less than 20
keyboards (machine shops are hard on equipment). They put the files on a
brand new machine running Windows XP and the software fired right up and ran
fine albiet much faster. They called me just to let me know that they
switched it over. The issues are more in the vendors producing the software
than specifically Windows or MS. Keep in mind that if Windows does a switch,
it is a logical place where they can say, you need to buy a new version
versus putting out an update or saying it will run fine.

> Time to start jumping. I can think of two operating systems that are
superior to
> Windows for end-user desktops:

I agree they have come a long way, but disagree on the idea that it is where
it needs to be to knock MS off the top.

> My belief is, if you're going to do anything, do it with
> excellence. This is why I don't run POS operating systems.

Sure. But you don't have to have religious ferver over it. I somehow
visualize you sitting there typing away with a little bit of spittle coming
out of the side of your mouth while you smash away at the keyboard. Probably
inaccurate, but your tone and method of writing lends to that visualization.

My biggest worry of the day while my systems quietly work away around the
clock and around the world is whether I will drive the Jeep with the top off
or the truck to the RenFest. I get the feeling yours will be how you will
knock someone who thinks MS does a decent job bcause running around saying
Linux is the best doesn't seem to be helping it take over the world very
well.

BTW, another thought came to me while reading your note. Do you have tinfoil
wallpaper? No really...

Take it easy Jon,

   joe :o)

-----Original Message-----
From: Jonathan A. Zdziarski [mailto:jonathan@networkdweebs.com]
Sent: Saturday, September 27, 2003 3:54 PM
To: Joe
Cc: full-disclosure@lists.netsys.com

I couldn't help but interject my 2 cents. Visiting your website I see:

Main Entry: joe.ware
Pronunciation: 'jO-"war
Function: noun
Date: 2000
: generally useful idea pulled out of the ether by joe: as a: script and/or
tool that makes the difficult easy; specifically: system administration
tools b: win32 command line tools that almost make UNIX people think that
there might be something to Windows after all c: the tools that real win32
admins prefer to use

<SNIP>

suggests to me that you have some bias against UNIX users, so I've no choice
but to take your arguments with a grain of sand as troll bait.
I'll respond, though. By the way, it's not the commandline tools that make
Windows an insecure and inefficient operating system - if most other Windows
developers feel the same way, I now understand why nothing has really been
fixed in ten years.

> Not an MC* anything. Don't believe I need a piece of paper to say I am
> capable of anything.

Then why do you have a Microsoft "Most Valued Professional" logo on your
site? This appears to be one of the cheesiest recognitions one could
attain, so why not aspire to something less embarrassing?

> I either do it or I don't do it. It's up to me. In general I feel that
> if your opinion of me if based on me holding a piece of paper or not
> is your issue to work out, not mine.

I couldn't agree with you more that a piece of paper does not a man make,
but in the Microsoft arena there are so many "want-to-be's" or
"pretending-to-be's" that an MC* is a good way to weed through the chaff and
know whether or not we're dealing with an intelligent, proven individual or
someone who merely "tinkers around" with the pretty GUI.

> If I had been heavily involved with the open source stuff, I would
> work my ass off to lock it down so anyone can read it but not as many
> people can get changes into it and compiled and out where it can cause
damage.

This is how most of the open source community operates, including the Linux
kernel, changes of which are heavily filtered. The fact that the open
source community has a method of patch contribution does not weaken its
ability to maintain good software - it actually strengthens it by not
relying on a single entity to keep up with all the issues - something
Microsoft has obviously lacked in.

> I would also try to shut down the huge numbers of different
> people/companies all doing similar things but in non-compatible ways.

Then you will need to shut down Microsoft. Microsoft has a long history of
creating their own standards which cause incompatibility with any other more
standardized tools in the industry.

> For geeky tech people, this kind
> of environment is fine. For the world as a whole and big businesses
> (100k+
> employees) in particular it is too chaotic and uncontrolled. It is why
> many large large businesses are afraid of using open source products.

This is precisely how Microsoft's anti-competitive nature got started.
Create what Dilbert calls a "confusopoly" and make Microsoft appear to be
the leader when in reality they are the redheaded stepchild of technology
(IMHO of course).

> Also the
> licensing scares many as well. If you have a business that doesn't
> mind becoming a software design and writing house, it is great, but if
> you have a company that manufactures a motorcyle or bricks or sells
> hotdogs, MS makes more sense at this point.

This makes no sense. There is more safety in open source software to a hot
dog vendor than there is in any Microsoft product. A small business wanting
to run Linux to manage their LAN need not worry about licensing concerns as
they're not redistributing anything. They can even install the software on
as many machines as they want without worrying about licensing. Microsoft,
on the other hand, provides nothing but a hardass system of compliance.
They support agencies such as the SPA (or whatever they've morphed into now)
which attack small startups and generate profit through litigation. I would
submit that open-source licensing such as the GPL is far more beneficial for
Bub's Concession Stand than a Microsoft license ever would be.

> I don't agree another way would be any more rewarding. I generally
> enjoy myself and am extremely well compensated.

What does the average Windows bigot make these days? I noticed you don't
have Windows XP or Windows 2003 Server listed on your resume - you might
want to consider expanding your skillset and tap those markets.

> A long time ago I started out on Commodore Pet's, moved through Sperry
> Univac and IBM Mainframes, moved through DEC PDPs and VAXes, moved
> through Sun Sparcs, ended up in Windows and think it is some of the
> more realistic systems I have seen for the world of users as a whole
> versus a world of IT people.

So in other words you haven't touched a non-Windows system since the 1980's?
Things have changed.

> insecure (heh) at times

And this is acceptable to you?

> , but making decent strides while trying hard to support legacy
> systems

LOL you can't be serious. Every time there is any significant change in
Windows, industry is forced to purchase upgraded versions of their software
from the manufacturer just to keep it running. On the other hand, some of
the oldest crap I've had sitting in my home directory archives from 5-10
years ago still runs just fine under *nix.

> If something came out tomorrow that I truly felt blew MS out of the
> water across the board and was the thing that would win out across the
> world, I would jump.

Time to start jumping. I can think of two operating systems that are
superior to Windows for end-user desktops:

- OSX (rumor also has it Apple is coming out with an x86 version)
- The RedHat 9 Linux distribution (easier install than Windows, _BETTER_
GUI, and great gui tools)

Both have *nix backends that are shelled with extremely customizable,
easy-to-use GUIs. You don't have to know any more unix commands to use
either than you'd have to know DOS commands to use Winders. Not only is the
backend superior to Windows, but the front-ends have now gotten to a point
where the Windows nuts I work with prefer them over Windows' GUI.
Gnome has certainly come a long way on Linux!

> I haven't seen it yet and don't expect to see it any time really soon.

Just keep your head in the sand and you won't have to worry about it.

> As for me, I
> will hoepfully be retired and out of the biz in 5-6 years.

Keep on scripting! Won't be long now.

> I intend to spend
> my 40's, 50's, 60's, 70's+ on a beach somewhere with some little
> intelligent hottie whose worst worry is what color to dye her hair this
week.

So you prefer emotionally shallow pets?

> This stuff
> isn't religion, it's a job to pay for some of the fun things in life.

My belief is, if you're going to do anything, do it with excellence.
This is why I don't run POS operating systems.

> Finally, anyone who thinks that MS is the reason for all the viruses
> and worms and exploits running around is deluding themselves. Every
> multiuser system especially any that share information in some way
> shape or form is insecure in some way. I would say some of the safest
> machines on the internet today are PDP 11's running RSTS/E. Not
> because there aren't holes but because no one is trying to figure out
> their holes. If MS were gone tomorrow, the focus would simply turn to
whomever had the most popular OS.

Anyone who believes that the anti-virus market didn't create itself, more
specifically without business "arrangements" with Microsoft is also deluding
themselves.

It was the RED PILL, the RED PILL you were supposed to take!

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

• Previous message: Jonathan A. Zdziarski: "RE: [Full-Disclosure] CyberInsecurity: The cost of Monopoly"
• In reply to: Jonathan A. Zdziarski: "RE: [Full-Disclosure] CyberInsecurity: The cost of Monopoly"
• Next in thread: Jonathan A. Zdziarski: "RE: [Full-Disclosure] CyberInsecurity: The cost of Monopoly"
• Reply: Jonathan A. Zdziarski: "RE: [Full-Disclosure] CyberInsecurity: The cost of Monopoly"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]