If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Rate Thread | Display Modes |
#76
|
|||
|
|||
Build 10031
On Thu, 12 Mar 2015 20:08:44 -0700, T wrote:
On 03/12/2015 04:29 PM, Slimer wrote: "More secure", yes, but I was primarily knocking the assumption that a lot of eyes are looking at the code because it's open source. I don't really think that's true. One word: OpenSSL. The "many eyes" of open-source disregard a critical bug in there for the largest part of a decade. Who knows what other holes they'll find in the Linux can of worms? Hi Slimer, That would be the speck in Linux eye versus the board in Windows eye. When discovered, it was announced and fixed immediately. And I really, really mean IMMEDIATELY. No one was harmed by the vulnerability or the resulting patch. No one's system even had to be rebooted. No one was harmed by the vulnerability? Did you really just say that? You can't be that out of touch, right? The system worked. The patch did not have to wait years for someone to write a virus based on it (like the Blaster virus). I'm not sure how you can say the system worked, but if that's your definition of working, leave me out. |
Ads |
#77
|
|||
|
|||
Build 10031
On Thu, 12 Mar 2015 17:19:49 -0600, GreyCloud wrote:
T wrote: On 03/11/2015 03:18 PM, Slimer wrote: Instability however, is another issue. Windows 7 is NOT unstable. Hi Slimer, Ask yourself why Windows 7 has restore points and roll back features. This is an attempt to control the inherent instability of the OS. Linux and OSx don't have such an animal because they don't need it. On win7 I use restore point with 3rd party software in case the vendor screwed up royally. It is much easier to use a restore point than to go in there to remove the trailings left all over the hard drive. I don't use Restore Points, and in fact that's one of the very first features I disable on each of my personal systems, but I didn't know that rolling back to a previous RP would also clean up the filesystem. I'm very surprised to hear that, and if it's true, it makes me extremely happy to know that this feature is disabled. |
#78
|
|||
|
|||
Build 10031
On 03/13/2015 04:25 AM, A wrote:
T wrote: On 03/12/2015 12:30 PM, A wrote: If only it had a decent office suite. Hi A, Libre Office is starting to come into its own. I have a number of customers now running it (mostly in Windows, some Mac and some Linux). And they have probably fixed close to 50 bugs for me now. None of them miss M$O (M$ Office). I am not even sure most of them even realize they are not running M$O. And it didn't use to be this way. Back with Open Office (who never fixed anything), I had some secretaries get so upset that they went out and bought M$O with their own money. Things have changed since Libre Office. Now people ask me about Office and I tell them, I would love to sell it to you but Libre Office is free. See if you like LO, and if not, I will sell you a copy of M$O. As of about a year ago, not a single person has wanted to go to M$O. It use to be the other way around. The big deal killer I see the most often is miserable old Quick Books. Horrible stuff, but everyone has to have it. (I wonder if M$ regrets trying to kill Quick Books with their ill fated M$ Money. Quick Books keeps folks on Windows.) -T Have you tried the OSMO personal information manager? It is the hight of simplicity and it is sweet! https://sourceforge.net/projects/osmo-pim/ I have the latest Libre Office both in Windows and Linux. I suppose I should have wrote "a decent email program". Libre Office is fine but it doesn't come with an email program like Outlook and, yes, I've tried them all and none do the job like Outlook for me. Have you tried Thunderbird? I use it exclusively. What are you missing in Outlook? The Contact manager? For a PIM I prefer OSMO over Thunderbirds course Ligntning. |
#79
|
|||
|
|||
Build 10031
On 03/13/2015 06:51 AM, Char Jackson wrote:
Just out of curiosity, how often do you have to tell your Windows customers to turn their computers off at night? Never. Why do you ask? Hi Char, I have to ask it all the time. My business is a lot on site. If folks are bringing their computers to you, obvious they would have to be off to get to you. Maybe in suspend though, if a laptop. A lot of Windows issues are solved just by a real power off and reboot. I was just curious what your experience was. Noticed one model of Dell laptop that you have to unscrew a panel and more screws to get the battery out. Made for a nightmare for one lady who was running Frankenstein (w8). Since she used her laptop of a desktop and never took it anywhere, I had her kid just remove the stinking battery permanently. Now when Frankie does its thing, she just jerks out the charger cord and problem solved. What was Dell thinking! I have to show iPad users how to exit their programs all the time. None so far know how. But, it doesn't seems to effect them like it does Windows. -T Just out of curiosity and to make pleasant conversation, are you a Windows only shop? I draw the line on smart phones. They change too much and no one wants to pay for help. But I will help if I am on the clock working on their computer and they present me with their phone. "Hmmmm. An Android. Where did they put the settings button THIS WEEK!?!?!" I few times I have set up their TV's and VCR's. Its a living. |
#80
|
|||
|
|||
Build 10031
On 03/13/2015 07:10 AM, Char Jackson wrote:
No one was harmed by the vulnerability or the resulting patch. No one's system even had to be rebooted. No one was harmed by the vulnerability? Did you really just say that? You can't be that out of touch, right? Hi Char, Yes I did. The vulnerability was fixed as soon as someone found it. No malware was written for it. Wouldn't make any sense to do so as the fix hit so rapidly. And everyone's machine still worked afterwards. The system worked. The patch did not have to wait years for someone to write a virus based on it (like the Blaster virus). I'm not sure how you can say the system worked, but if that's your definition of working, leave me out. I think maybe you are letting your loyalty get in your way of your thinking. The Open SSL event is one of those spec in Linux's eye versus the board in Windows' eye. Windows is riddled with stories of disasters after disaster. And the patches are horrible. Some of my customers consider them worse than the viruses. They are not, but it would be interesting to see an economic analysis of the damage their bad patches have caused. But it is good to be loyal. I don't think it is appropriate in this instance. (You notice I rip all OS'es when called for.) -T The more OS'es you know, the more fun this job becomes. I still think OSx is WEIRD, but I get around in it okay. No weirder than Frankenstein or son-thereof. I shake my head at IOS, but it is rather well done for a toy operating system. |
#81
|
|||
|
|||
Build 10031
T wrote:
On 03/12/2015 04:20 PM, Slimer wrote: On 2015-03-12 5:29 PM, T wrote: On 03/11/2015 03:18 PM, Slimer wrote: Instability however, is another issue. Windows 7 is NOT unstable. Hi Slimer, Ask yourself why Windows 7 has restore points and roll back features. This is an attempt to control the inherent instability of the OS. Linux and OSx don't have such an animal because they don't need it. Linux is adopting btrfs which, as of right now, is an incredibly unstable filesystem but when complete, will allow Linux users to roll back the operating system to when it last worked. Is that evidence of Linux being unstable too? Hypocrite. Wow! You really aught to do some research before you make statements like that. And, you really need to develop some manners. Red Hat has adopted XFS for their file system. It is very mature and very stable. Red hat tested the hell out of it for YEARS. It also support EXT4 with is also stable and mature. I use EXT4 *ALL THE TIME*. I have played with XFS. XFS is better at HUGE files in HUGE databases. What the hell is "btrfs"? I prefer ZFS from Oracle. It actually tries to keep the file system from getting corrupted. I've been using it for many years now and no problems, yet it is faster than the UFS. |
#82
|
|||
|
|||
Build 10031
Char Jackson wrote:
On Thu, 12 Mar 2015 17:19:49 -0600, GreyCloud wrote: T wrote: On 03/11/2015 03:18 PM, Slimer wrote: Instability however, is another issue. Windows 7 is NOT unstable. Hi Slimer, Ask yourself why Windows 7 has restore points and roll back features. This is an attempt to control the inherent instability of the OS. Linux and OSx don't have such an animal because they don't need it. On win7 I use restore point with 3rd party software in case the vendor screwed up royally. It is much easier to use a restore point than to go in there to remove the trailings left all over the hard drive. I don't use Restore Points, and in fact that's one of the very first features I disable on each of my personal systems, but I didn't know that rolling back to a previous RP would also clean up the filesystem. I'm very surprised to hear that, and if it's true, it makes me extremely happy to know that this feature is disabled. At the time I was busy cleaning up the remnants off my hard drive that was eating up a lot of space. Unfortuanely, one particular remnant directory was also tied to VS. VS wouldn't load any projects. So I resorted to the restore point. Problem solved. All you have to do is make a restore point once a week and you won't have any problems. |
#83
|
|||
|
|||
Build 10031
On 03/13/2015 07:03 AM, Char Jackson wrote:
On Thu, 12 Mar 2015 16:29:27 -0700, T wrote: On 03/12/2015 03:53 PM, Char Jackson wrote: Maybe we should just agree to disagree then, because that looks like a perfect example that disproves the presumption that 'a lot of eyes can look at the source and therefore it's more secure.' You are looking at it wrong. When it was found (those extra pair of eyes), it was fixed and announced immediately. Not always the case with M$. I think you're completely missing the point, and since we've been around the barn at least twice by now, I have to think it's intentional. Hi Char, No, I got your point. They missed one. The system is not perfect. The way it was handled was so much better than Windows it was not funny. Windows constantly misses things and when identified to them, has a bad track record of ignoring them. And, after the patch was applied, your system still worked. How many times have you had to hold your breath after applying M$ patches? ¡Ay, caramba! I'm not one of those people who hold their breath when applying updates, so the answer is never. Good lord Char! When was the last time you installed Windows 7 OEM and tried to get the stinkin' updates installed? You live a sheltered life! Tip (free of charge), up date a fresh Windows 7 OEM from WSUS. They remove all the conflicting updates. I have two XP-Pro-SP3 VM's that I use for Go-To-Assist. I deliberately leave off the sinkin' updates because I am sick and tired of them hosing me. Oh yes, M$ doesn't do that anymore on XP, except ... Ask yourself. Which do you feel safer doing "on line banking". By far, I feel safer using the OS that I use every day. That's the OS that I know and understand. I can see that. I get pounded with all versions of Windows, Max and Linux. It is fun, well after you get use to it. I even fix a DOS CAD/CAM machine last year. That was a trip down memory lane! Had one shop I Go To Assisted in that claimed they were an All MAC shop. I was expecting to have a blast with a new challenge. Up popped XP! I starred and starred. Was this Parallels I was looking at? As it transpired, their former computer guy had them buy mac's and he ripped OSx out and installed XP. Ruined my fun. Oh does Quick Books run like a stinker in OSx. Yikes! Install Parallels and run it from there. And just on a personal note: consider by my and Leo Laport's recommendation. Do your on line banking with a Live CD. Here is my favorite: http://spins.fedoraproject.org/xfce/#downloads You will be surprised how easy Xfce is to use. -T |
#84
|
|||
|
|||
Build 10031
On 03/13/2015 07:48 AM, Stormin' Norman wrote:
On Fri, 13 Mar 2015 09:03:18 -0500, Char Jackson wrote: Ask yourself. Which do you feel safer doing "on line banking". By far, I feel safer using the OS that I use every day. That's the OS that I know and understand. +1 Char, that is an excellent point, I like the way you think, very logical. Additionally, I am never as concerned about the security of my systems as I am about the security of the system I am conducting a transaction through. Those systems are usually designed by contractors and maintained by employees, many of which spend each night getting stoned and whose only exposure is getting fired if they mess-up. You need to look up keystroke loggers. Don't even know they are running on your machine. And yes, I avoid using my credit cards wherever I can. Target really screwed up on so many levels. |
#85
|
|||
|
|||
Build 10031
T wrote:
On 03/12/2015 04:19 PM, GreyCloud wrote: T wrote: On 03/11/2015 03:18 PM, Slimer wrote: Instability however, is another issue. Windows 7 is NOT unstable. Hi Slimer, Ask yourself why Windows 7 has restore points and roll back features. This is an attempt to control the inherent instability of the OS. Linux and OSx don't have such an animal because they don't need it. On win7 I use restore point with 3rd party software in case the vendor screwed up royally. It is much easier to use a restore point than to go in there to remove the trailings left all over the hard drive. On OS X, I use Time Machine to restore a machine to an earlier point in time and can be quite selective in what you want restored... in case a user somehow screws up his user account directory in a terminal by typing in rm *, you can just go into Time Machine and just click on the User/name and click restore. Same thing for all earlier computer systems, such as VMS, backing up files to a tape transport. Hi Grey Cloud, Time machine is sweet. I use plain old command line Dump and Restore on Linux. Backs everything up perfectly. It ain't pretty like time machine, but I have used it on several occasions to restore entire systems. You can pull single files out pretty easy too. I'm curious if it is like an incremental backup? The best back up system I've ever used was the old VMS backup command that had a lot of different qualifiers to do different ways of doing a back up. Backing up Windows drives me nuts with the system and file locks. HP on this machine wrote their own and works like a charm. I just don't like to waste DVDs doing it tho. So I may just get an external hard drive for that purpose. I love when my Windows virtual machines crash, I just restore their hard drives from my latest Dump. Is this VM in win8.1? I know that it exists and it allows you to run Linux on a windows VM. There's a youtube video of this. I control my "roll back" instability problems on my Windows OS'es by making a gold copy of my VM's (virtual Machines) hard drives and just restoring the whole thing when I need to. And I have two separate VM's of XP (also unstable) to cope if I am in a hurry and have customers waiting on me. I have no such problem with my Linux base system or any of my Linux VM's. When I was using OpenSuse 11.3, for some reason during updates to software, it couldn't find the repository, but continued on anyway. It thoroughly hosed the system and wouldn't boot. That's when I ditched it for RedHat. The thing I love about Red Hat is their professionalism. I am the one that found the "cut a DVD, destroy your hard drive" problem. Red Hat jumped on it immediately and fix it for me. And I am from the "community" too, meaning I don't own a RHEL license. They said the bug was pretty obscure. I still use Solaris 10 in a VM because of their superior compilers. One issue with gcc (current) is that it won't compile older software that uses this piece of code at Global scope: FILE *Output = stdout; It don't like it, but Suns C compiler handles it. Neither does MS C compiler like it. Neither does OS X compiler like it. Other than that, I like Visual Studio the best. Back in the day, I learned Modula 2. In hind sight, I should have learned C instead. Some day, maybe I will learn Perl. A new version is due out soon. -T What the story behind the choice of Grey Cloud for your name? Easy, native american. |
#86
|
|||
|
|||
Build 10031
A wrote:
GreyCloud wrote: T wrote: On 03/12/2015 12:11 PM, Char Jackson wrote: On Wed, 11 Mar 2015 12:37:45 -0700, T wrote: You are deceiving yourself if you think Linux is not more secure. It is open for anyone to look at. No back doors. World wide code checkers. I've heard that repeated many times over the years, and yet there have been several openSSL issues that have recently come to light, one or more of which is said to have existed for over a decade. Just because people *can* check the source doesn't necessarily mean that anyone does. Hi Char, Of course. And when they are identified, they are fixed immediately. That is one of the reasons why Linux is far more secure (in this instance, a program running on Linux). You are completely missing the point. The Open SSL issues and the way they were handled is a triumph of how the system works. Remember the Blaster virus? The vulnerability was know and published for years. The jerk that wrote the Blaster virus simply looked up what vulnerabilities had not been patched and wrote a virus for it. The scoundrels at M$ didn't patch it until someone wrote a virus for it! There is a *HUGE* difference in the way these things handled by open source and by M$. M$ would have ignored it until they were embarrassed by it, as in the blaster virus. By the way, on Mozilla's or Red Hat's bugzilla, if you check of "security", the attention you get can only be described as OH HOLY CRAP!!! (I just put a bug in on how to seize Linux and they figured out it was a security bug on their own and oh did they respond!) In Linux, if you fix a bug and write a "respectful" well documents bug report (the the appropriate Bugzilla), you get it fixed. In M$ world, who do you even report it to? "How many copies did you buy?" And yes, there are exceptions. If you have heard of the Las Vegas DEFCON conventions, then you'll be happy to hear that it is a hackers convention to see how long it takes to break into operating systems. Linux was broken in from the outside in under 20 minutes. Windows was broken into from the outside in under 5 minutes. Solaris UNIX was broken into in an hour. OpenVMS took over 2 days. So there really is no such thing as a totally secure operating system, it is just that some are harder to break in than others. Were the break ins done remotely or did the hackers have physical access to the machines? Remotely. |
#87
|
|||
|
|||
Build 10031
T wrote:
On 03/12/2015 04:23 PM, GreyCloud wrote: T wrote: On 03/12/2015 12:11 PM, Char Jackson wrote: On Wed, 11 Mar 2015 12:37:45 -0700, T wrote: You are deceiving yourself if you think Linux is not more secure. It is open for anyone to look at. No back doors. World wide code checkers. I've heard that repeated many times over the years, and yet there have been several openSSL issues that have recently come to light, one or more of which is said to have existed for over a decade. Just because people *can* check the source doesn't necessarily mean that anyone does. Hi Char, Of course. And when they are identified, they are fixed immediately. That is one of the reasons why Linux is far more secure (in this instance, a program running on Linux). You are completely missing the point. The Open SSL issues and the way they were handled is a triumph of how the system works. Remember the Blaster virus? The vulnerability was know and published for years. The jerk that wrote the Blaster virus simply looked up what vulnerabilities had not been patched and wrote a virus for it. The scoundrels at M$ didn't patch it until someone wrote a virus for it! There is a *HUGE* difference in the way these things handled by open source and by M$. M$ would have ignored it until they were embarrassed by it, as in the blaster virus. By the way, on Mozilla's or Red Hat's bugzilla, if you check of "security", the attention you get can only be described as OH HOLY CRAP!!! (I just put a bug in on how to seize Linux and they figured out it was a security bug on their own and oh did they respond!) In Linux, if you fix a bug and write a "respectful" well documents bug report (the the appropriate Bugzilla), you get it fixed. In M$ world, who do you even report it to? "How many copies did you buy?" And yes, there are exceptions. If you have heard of the Las Vegas DEFCON conventions, then you'll be happy to hear that it is a hackers convention to see how long it takes to break into operating systems. Linux was broken in from the outside in under 20 minutes. Windows was broken into from the outside in under 5 minutes. Solaris UNIX was broken into in an hour. OpenVMS took over 2 days. Hi GreyCloud, Which Linux? Was it security hardened Fedora with SE Linux? Or Ubuntu (which is not hardened)? And, how about Free BSD? They've hacked them all. All UNIX systems are easier to break into than the more obscure mainframe operating systems. I heard that there is an international market for these special tools that are for sale and even harder to buy. So there really is no such thing as a totally secure operating system, it is just that some are harder to break in than others. That is the best you can expect. Yes, that is about all one can do. The masses aren't the ones that the hackers want to break into... it's the corporations and governments that is what they are drawn to. |
#88
|
|||
|
|||
Build 10031
On 03/13/2015 07:23 AM, Char Jackson wrote:
I don't use Restore Points, and in fact that's one of the very first features I disable on each of my personal systems, That makes sense. I leave them on on my VM's as I have to know what my customers see. Sort of like me leaving Classic Shell off on Frankenstein (w8) and Son-of-Frankenstein (w10 preview) so I can see what my customers see. I see rollbacks a lot on the cheaper computers and the unstable ones. cough cough ASUS cough cough HP cough cough. but I didn't know that rolling back to a previous RP would also clean up the filesystem It doesn't. Were in the world did anyone get that impression? It mainly rolls back the registry. Damn thing wipes out all your configurations you set up the week before. |
#89
|
|||
|
|||
Build 10031
Slimer wrote:
On 2015-03-12 6:34 PM, Char Jackson wrote: On Thu, 12 Mar 2015 20:30:54 +0100, A wrote: Char Jackson wrote: On Wed, 11 Mar 2015 12:37:45 -0700, T wrote: You are deceiving yourself if you think Linux is not more secure. It is open for anyone to look at. No back doors. World wide code checkers. I've heard that repeated many times over the years, and yet there have been several openSSL issues that have recently come to light, one or more of which is said to have existed for over a decade. Just because people *can* check the source doesn't necessarily mean that anyone does. Linux isn't bulletproof but it's more secure than Windows. If only it had a decent office suite. Alas, maybe some day. A lot of that I think has to do with Linux users being more tech savvy as a whole than Windows users as most users are compromised by being tricked into either clicking on something they shouldn't or by being persuaded to part with their money or both. "More secure", yes, but I was primarily knocking the assumption that a lot of eyes are looking at the code because it's open source. I don't really think that's true. One word: OpenSSL. The "many eyes" of open-source disregard a critical bug in there for the largest part of a decade. Who knows what other holes they'll find in the Linux can of worms? Glibc... strlen, strcpy, strcat, etc. They aren't secure. Visual Studio complains about these and suggests to use the secure versions to strlen_s, strcpy_s, strcat_s, etc. They work a bit differently and these old functions are vulnerable to buffer overflows. |
#90
|
|||
|
|||
Build 10031
On 03/13/2015 12:11 PM, GreyCloud wrote:
So there really is no such thing as a totally secure operating system, it is just that some are harder to break in than others. That is the best you can expect. Yes, that is about all one can do. The masses aren't the ones that the hackers want to break into... it's the corporations and governments that is what they are drawn to. Hi Grey Cloud, Did you see this one? https://krebsonsecurity.com/2015/03/...a-tidy-profit/ Wow! -T |
Thread Tools | |
Display Modes | Rate This Thread |
|
|