[Full-Disclosure] RE: [Full-Disclosure]MS should re-write code with security in mind. lame bitching about xpsp2
From: Clairmont, Jan M (jan.m.clairmont_at_citigroup.com)
Date: 08/18/04
- Previous message: Tim: "Re: [Full-Disclosure] gnu-less Format String Vulnerability"
- Next in thread: joe: "RE: [Full-Disclosure] RE: [Full-Disclosure]MS should re-write code with security in mind. lame bitching about xpsp2"
- Reply: joe: "RE: [Full-Disclosure] RE: [Full-Disclosure]MS should re-write code with security in mind. lame bitching about xpsp2"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: <full-disclosure@lists.netsys.com> Date: Wed, 18 Aug 2004 11:51:41 -0400
M$ should just bite the bullet and re-write windows with
security in mind, give it a true process scheduler, multiuser
with windows as a client server processes. Build in 256 bit encryption and secure communications between processes and external communication with no unencrypted traffic. That would shut down a lot of these mindless bugs. All mail should be encrypted and point-to-point, with the mail servers only able to re-direct and broadcast mail with authentication. Maybe we could slow a lot of the hacking down and spam. But again until the market place demands it M$, Linux and everybody else it's business as usual.
Keeps us employed I guess.
Jan Clairmont
Firewall Administrator/Consultant
-----Original Message-----
From: full-disclosure-admin@lists.netsys.com
[mailto:full-disclosure-admin@lists.netsys.com]On Behalf Of Barry
Fitzgerald
Sent: Tuesday, August 17, 2004 2:34 PM
To: joe
Cc: full-disclosure@lists.netsys.com
Subject: Re: [Full-Disclosure] lame bitching about xpsp2
joe wrote:
>
>I didn't say that they didn't use BSD pieces, I said that he wasn't as
>accurate as he likes to think for the statement where he was naming specific
>tools and pieces. Use of BSD pieces doesn't mean that it was used in its
>entirety or even a lot, just that it was used in some manner, it could
>possibly be limited to #define statements in a header file. If that is done
>they still have to acknowledge the source. It can even be to acknowledge IP.
>I've looked at most of the components the poster spoke of, not the release
>notes, I am familiar with what companies and orgs the pieces came from.
>
>
>
That's not entirely accurate. Copyright law clearly states that there
has to be a noticable portion of the work copied such that the work is a
derived work. If only a #define statement were copied they wouldn't be
obligated to disclose it's source. In fact, I'm struggling to find a
reason why someone would simply copy a #define statement and nothing
else -- much less give credit for it. In fact, if the whole thing were
over a #define statement, I can't imagine who'd ever come knocking at
their door looking for credit for it.
SCO has the source code for the Linux kernel and for SysV Unix -- the
sad thing is that they seem to claim that public domain code is owned by
them and is their proprietary property. Having the code doesn't lead to
an understanding of its lineage. I think you're exerting knowledge
where you don't have a clear path of knowledge. Hey, we all do it at
some point -- I just don't want non-factual data to get out in the public.
>I know I didn't even start to imply that MS had written all of Windows from
>scratch. Actually I think that is one of the issues in that many pieces they
>didn't completely write gets thrown together with other pieces they did
>write. However if you can buy a tcp/ip stack or a zip implementation or a
>SQL Server or metadirectory for less than it takes to build it and grow the
>experience in-house, it makes business sense to do so. Microsoft is a
>business. Once you realize that, you understand idealism and religion have
>no place here.
>
>
>
Idealism always has a place -- it drives people to be better and do
better things. Business without idealism is parasitic in nature. I
know that you're making a point about the state of business in corporate
America, I just hate the point and think people need to stop propagating
that neo-Smithian drivel. (And no, before you say it, it hasn't worked
for us.) Keynes is dead, my friend; and so are his theories.
Having said that, copying is not a problem. Even if Microsoft based
their Win2k TCP/IP stack code off of BSD code it's still within their
right to do so according to the BSD license. The only problem I see
there is that the BSD people didn't have the foresight to license their
code under the GNU GPL -- but that's a professional disagreement and I
have no real gripe with them. :)
>But there are, that is the point. There would be more companies doing so if
>there was a market and a profit to be had in this space. i.e. If everyone
>hated MS and Windows as much as you would like to think, other options would
>be used. This isn't electricity where you get it through one company or
>can't get it at all. This isn't oil where you only have one company
>processing it. You don't have no choice but to use a computer loaded with MS
>Software.
>
>
>
That's not accurate either. You and I can build a system or throw
together a parts PC from a shop that'll build one for us. The average
person can't (won't?) do that.
Two years ago, I bought a laptop from IBM with GNU/Linux pre-loaded
(they wouldn't sell me a bare laptop). The laptop I got was on a
product line that was being discontinued. Why was it being
discontinued? You guessed it -- poor sales.
There's one problem with the statement above: I had to call IBM and go
through a couple of different sales people before I got the right
model. The laptop was not advertised on their website (I couldn't find
any GNU/Linux-based laptop on it at the time) and I had to inquire for
it. Once I got there, the laptop was mid-grade and cost me almost 3,000
USD. Hmm... Gee... I wonder why it's sales were poor. Maybe it was
because no one knew it existed?!? (I had come asking because through
hearsay I'd heard they had them to sell...)
The situation is much better than it was 2 years ago -- but finding an
alternative for the average person is still relatively difficult. The
vast majority of people are not going to take the time. And even then,
the lack of software support and official hardware support from vendors
scares average users. So, yes, there is a lock-in. It's just very
complex to diagnose what the cause of it is.
The existance of an alternative does not make the alternative readily
available. You need a readily available alternative to prove your
point, and right now that doesn't exist.
Is that solely Microsoft's fault? Of course not. But, some of it is --
their OEM agreements (cited in the antitrust suit) are one example of that.
>>So most people end up buying MS software even if they don't want it.
>>
>>
>
>Those people are flipping idiots. If they did that I could be how they would
>be so mad. Easier to blame someone else than themselves for being a moron.
>
>
>
No they aren't -- see above.
Or, are you going to call Ma and Pa Kettle morons simply because they
don't choose to call up IBM or HP or Dell and ask for something that
they don't know exists?
mm-hm.
>>And have you tried getting the refund for the cra^H^H^Hunwanted software?
>>
>>
>
>No, because I don't buy things I don't want. Buying something you don't want
>and then whining for a refund is a bit silly don't you think?
>
>
>
Yeah, but you and I aren't average people. What we do doesn't count in
that equation.
>
>I see, so Microsoft is exercising control over the price and output of other
>Operating Systems? How much did they make you pay for your last copy of
>Linux or BSD or ? Define what abnormal profits are? Because one company only
>makes 1% on their gross does that mean anyone making 10% on their gross is
>close to be called a monopoly?
>
>
>
Your argument is moot.
They've already been declared a monopoly. That court case is over and
has been over for years. Your argument lost in a court of law. I don't
see any reason to revisit it.
-Barry
p.s. Sorry for continuing this OT blather -- but I hate seeing this kind
of disinformation in public forums.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Previous message: Tim: "Re: [Full-Disclosure] gnu-less Format String Vulnerability"
- Next in thread: joe: "RE: [Full-Disclosure] RE: [Full-Disclosure]MS should re-write code with security in mind. lame bitching about xpsp2"
- Reply: joe: "RE: [Full-Disclosure] RE: [Full-Disclosure]MS should re-write code with security in mind. lame bitching about xpsp2"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
