Build 10031

On Thu, 12 Mar 2015 20:08:44 -0700, T wrote:

On 03/12/2015 04:29 PM, Slimer wrote:

"More secure", yes, but I was primarily knocking the assumption that a
lot
of eyes are looking at the code because it's open source. I don't really
think that's true.

One word: OpenSSL. The "many eyes" of open-source disregard a critical
bug in there for the largest part of a decade. Who knows what other
holes they'll find in the Linux can of worms?

Hi Slimer,

That would be the speck in Linux eye versus the board in
Windows eye.

When discovered, it was announced and fixed immediately.
And I really, really mean IMMEDIATELY.

No one was harmed by the vulnerability or the resulting patch.
No one's system even had to be rebooted.

No one was harmed by the vulnerability? Did you really just say that? You
can't be that out of touch, right?

The system worked. The patch did not have to wait years
for someone to write a virus based on it (like the
Blaster virus).

I'm not sure how you can say the system worked, but if that's your
definition of working, leave me out.

On Thu, 12 Mar 2015 17:19:49 -0600, GreyCloud wrote:

T wrote:

On 03/11/2015 03:18 PM, Slimer wrote:
Instability however, is another issue. Windows 7 is NOT unstable.

Hi Slimer,

Ask yourself why Windows 7 has restore points and roll back
features. This is an attempt to control the inherent
instability of the OS. Linux and OSx don't have such an
animal because they don't need it.

On win7 I use restore point with 3rd party software in case the vendor
screwed up royally. It is much easier to use a restore point than to go in
there to remove the trailings left all over the hard drive.

I don't use Restore Points, and in fact that's one of the very first
features I disable on each of my personal systems, but I didn't know that
rolling back to a previous RP would also clean up the filesystem. I'm very
surprised to hear that, and if it's true, it makes me extremely happy to
know that this feature is disabled.

On 03/13/2015 04:25 AM, A wrote:
T wrote:
On 03/12/2015 12:30 PM, A wrote:
If only it had a decent office suite.

Hi A,

Libre Office is starting to come into its own. I have
a number of customers now running it (mostly in Windows,
some Mac and some Linux). And they have probably fixed
close to 50 bugs for me now. None of them miss M$O
(M$ Office). I am not even sure most of them even
realize they are not running M$O.

And it didn't use to be this way. Back with Open Office
(who never fixed anything), I had some secretaries get
so upset that they went out and bought M$O with their
own money.

Things have changed since Libre Office. Now people ask
me about Office and I tell them, I would love to sell it
to you but Libre Office is free. See if you like LO, and
if not, I will sell you a copy of M$O. As of about a year
ago, not a single person has wanted to go to M$O. It
use to be the other way around.

The big deal killer I see the most often is miserable
old Quick Books. Horrible stuff, but everyone has
to have it. (I wonder if M$ regrets trying to
kill Quick Books with their ill fated M$ Money.
Quick Books keeps folks on Windows.)

-T

Have you tried the OSMO personal information manager?
It is the hight of simplicity and it is sweet!

https://sourceforge.net/projects/osmo-pim/

I have the latest Libre Office both in Windows and Linux. I suppose I
should have wrote "a decent email program". Libre Office is fine but it
doesn't come with an email program like Outlook and, yes, I've tried
them all and none do the job like Outlook for me.


Have you tried Thunderbird? I use it exclusively. What are
you missing in Outlook? The Contact manager?

For a PIM I prefer OSMO over Thunderbirds course Ligntning.

On 03/13/2015 06:51 AM, Char Jackson wrote:
Just out of curiosity, how often do you have to tell your Windows
customers to turn their computers off at night?

Never. Why do you ask?

Hi Char,

I have to ask it all the time. My business
is a lot on site. If folks are bringing their computers
to you, obvious they would have to be off to get to
you. Maybe in suspend though, if a laptop.

A lot of Windows issues are solved just by a real power
off and reboot.

I was just curious what your experience was.

Noticed one model of Dell laptop that you have to unscrew
a panel and more screws to get the battery out. Made
for a nightmare for one lady who was running Frankenstein
(w8). Since she used her laptop of a desktop and never
took it anywhere, I had her kid just remove the stinking
battery permanently. Now when Frankie does its thing,
she just jerks out the charger cord and problem solved.
What was Dell thinking!

I have to show iPad users how to exit their programs
all the time. None so far know how. But, it doesn't seems
to effect them like it does Windows.

-T

Just out of curiosity and to make pleasant conversation,
are you a Windows only shop? I draw the line on smart
phones. They change too much and no one wants to pay
for help. But I will help if I am on the clock
working on their computer and they present me with
their phone. "Hmmmm. An Android. Where did they put the
settings button THIS WEEK!?!?!" I few times I have
set up their TV's and VCR's. Its a living.

On 03/13/2015 07:10 AM, Char Jackson wrote:
No one was harmed by the vulnerability or the resulting patch.
No one's system even had to be rebooted.

No one was harmed by the vulnerability? Did you really just say that? You
can't be that out of touch, right?

Hi Char,

Yes I did. The vulnerability was fixed as soon as someone found it.
No malware was written for it. Wouldn't make any sense to
do so as the fix hit so rapidly. And everyone's machine
still worked afterwards.

The system worked. The patch did not have to wait years
for someone to write a virus based on it (like the
Blaster virus).

I'm not sure how you can say the system worked, but if that's your
definition of working, leave me out.

I think maybe you are letting your loyalty get in your
way of your thinking. The Open SSL event is one of those
spec in Linux's eye versus the board in Windows' eye.

Windows is riddled with stories of disasters after
disaster. And the patches are horrible. Some of
my customers consider them worse than the viruses.
They are not, but it would be interesting to see an economic
analysis of the damage their bad patches have caused.

But it is good to be loyal. I don't think it is
appropriate in this instance. (You notice I rip
all OS'es when called for.)

-T

The more OS'es you know, the more fun this job
becomes. I still think OSx is WEIRD, but I
get around in it okay. No weirder than
Frankenstein or son-thereof. I shake my
head at IOS, but it is rather well done for a
toy operating system.

T wrote:

On 03/12/2015 04:20 PM, Slimer wrote:
On 2015-03-12 5:29 PM, T wrote:
On 03/11/2015 03:18 PM, Slimer wrote:
Instability however, is another issue. Windows 7 is NOT unstable.

Hi Slimer,

Ask yourself why Windows 7 has restore points and roll back
features. This is an attempt to control the inherent
instability of the OS. Linux and OSx don't have such an
animal because they don't need it.

Linux is adopting btrfs which, as of right now, is an incredibly
unstable filesystem but when complete, will allow Linux users to roll
back the operating system to when it last worked. Is that evidence of
Linux being unstable too? Hypocrite.

Wow! You really aught to do some research before you make
statements like that. And, you really need to develop
some manners.

Red Hat has adopted XFS for their file system. It is very mature
and very stable. Red hat tested the hell out of it for YEARS.

It also support EXT4 with is also stable and mature. I use EXT4
*ALL THE TIME*. I have played with XFS. XFS is better at HUGE
files in HUGE databases.

What the hell is "btrfs"?

I prefer ZFS from Oracle. It actually tries to keep the file system from
getting corrupted. I've been using it for many years now and no problems,
yet it is faster than the UFS.

Char Jackson wrote:

On Thu, 12 Mar 2015 17:19:49 -0600, GreyCloud wrote:

T wrote:

On 03/11/2015 03:18 PM, Slimer wrote:
Instability however, is another issue. Windows 7 is NOT unstable.

Hi Slimer,

Ask yourself why Windows 7 has restore points and roll back
features. This is an attempt to control the inherent
instability of the OS. Linux and OSx don't have such an
animal because they don't need it.

On win7 I use restore point with 3rd party software in case the vendor
screwed up royally. It is much easier to use a restore point than to go
in there to remove the trailings left all over the hard drive.

I don't use Restore Points, and in fact that's one of the very first
features I disable on each of my personal systems, but I didn't know that
rolling back to a previous RP would also clean up the filesystem. I'm very
surprised to hear that, and if it's true, it makes me extremely happy to
know that this feature is disabled.

At the time I was busy cleaning up the remnants off my hard drive that was
eating up a lot of space. Unfortuanely, one particular remnant directory
was also tied to VS. VS wouldn't load any projects. So I resorted to the
restore point. Problem solved. All you have to do is make a restore point
once a week and you won't have any problems.

On 03/13/2015 07:03 AM, Char Jackson wrote:
On Thu, 12 Mar 2015 16:29:27 -0700, T wrote:

On 03/12/2015 03:53 PM, Char Jackson wrote:

Maybe we should just agree to disagree then, because that looks like a
perfect example that disproves the presumption that 'a lot of eyes can look
at the source and therefore it's more secure.'

You are looking at it wrong. When it was found (those extra pair
of eyes), it was fixed and announced immediately. Not always
the case with M$.

I think you're completely missing the point, and since we've been around the
barn at least twice by now, I have to think it's intentional.

Hi Char,

No, I got your point. They missed one. The system is not perfect.
The way it was handled was so much better than Windows it was
not funny. Windows constantly misses things and when identified
to them, has a bad track record of ignoring them.



And, after the patch was applied, your system still worked.
How many times have you had to hold your breath after applying
M$ patches? ¡Ay, caramba!

I'm not one of those people who hold their breath when applying updates, so
the answer is never.

Good lord Char! When was the last time you installed Windows 7
OEM and tried to get the stinkin' updates installed? You
live a sheltered life! Tip (free of charge), up date a fresh
Windows 7 OEM from WSUS. They remove all the conflicting
updates.

I have two XP-Pro-SP3 VM's that I use for Go-To-Assist. I deliberately
leave off the sinkin' updates because I am sick and tired of them
hosing me. Oh yes, M$ doesn't do that anymore on XP, except ...


Ask yourself. Which do you feel safer doing "on line banking".

By far, I feel safer using the OS that I use every day. That's the OS that I
know and understand.

I can see that. I get pounded with all versions of Windows,
Max and Linux. It is fun, well after you get use to it.
I even fix a DOS CAD/CAM machine last year. That was a trip
down memory lane!

Had one shop I Go To Assisted in that claimed they were
an All MAC shop. I was expecting to have a blast with
a new challenge. Up popped XP! I starred and starred.
Was this Parallels I was looking at? As it transpired,
their former computer guy had them buy mac's and he ripped
OSx out and installed XP. Ruined my fun.

Oh does Quick Books run like a stinker in OSx. Yikes!
Install Parallels and run it from there.

And just on a personal note: consider by my and Leo Laport's
recommendation. Do your on line banking with a Live CD.

Here is my favorite:
http://spins.fedoraproject.org/xfce/#downloads

You will be surprised how easy Xfce is to use.

-T

On 03/13/2015 07:48 AM, Stormin' Norman wrote:
On Fri, 13 Mar 2015 09:03:18 -0500, Char Jackson wrote:

Ask yourself. Which do you feel safer doing "on line banking".

By far, I feel safer using the OS that I use every day. That's the OS that I
know and understand.

+1

Char, that is an excellent point, I like the way you think, very logical.

Additionally, I am never as concerned about the security of my systems as I am
about the security of the system I am conducting a transaction through.

Those systems are usually designed by contractors and maintained by employees,
many of which spend each night getting stoned and whose only exposure is getting
fired if they mess-up.


You need to look up keystroke loggers. Don't even know they are
running on your machine.

And yes, I avoid using my credit cards wherever I can. Target
really screwed up on so many levels.

T wrote:

On 03/12/2015 04:19 PM, GreyCloud wrote:
T wrote:

On 03/11/2015 03:18 PM, Slimer wrote:
Instability however, is another issue. Windows 7 is NOT unstable.

Hi Slimer,

Ask yourself why Windows 7 has restore points and roll back
features. This is an attempt to control the inherent
instability of the OS. Linux and OSx don't have such an
animal because they don't need it.

On win7 I use restore point with 3rd party software in case the vendor
screwed up royally. It is much easier to use a restore point than to go
in there to remove the trailings left all over the hard drive.
On OS X, I use Time Machine to restore a machine to an earlier point in
time and can be quite selective in what you want restored... in case a
user somehow screws up his user account directory in a terminal by typing
in rm *, you can just go into Time Machine and just click on the
User/name and click restore.
Same thing for all earlier computer systems, such as VMS, backing up
files to a tape transport.

Hi Grey Cloud,

Time machine is sweet.

I use plain old command line Dump and Restore on Linux.
Backs everything up perfectly. It ain't pretty like
time machine, but I have used it on several occasions
to restore entire systems. You can pull single files
out pretty easy too.

I'm curious if it is like an incremental backup?
The best back up system I've ever used was the old VMS backup command that
had a lot of different qualifiers to do different ways of doing a back up.


Backing up Windows drives me nuts with the system and
file locks.

HP on this machine wrote their own and works like a charm. I just don't
like to waste DVDs doing it tho. So I may just get an external hard drive
for that purpose.

I love when my Windows virtual machines crash, I just
restore their hard drives from my latest Dump.


Is this VM in win8.1?
I know that it exists and it allows you to run Linux on a windows VM.
There's a youtube video of this.



I control my "roll back" instability problems on my Windows OS'es
by making a gold copy of my VM's (virtual Machines) hard drives
and just restoring the whole thing when I need to. And I have
two separate VM's of XP (also unstable) to cope if I am in a
hurry and have customers waiting on me. I have no such problem
with my Linux base system or any of my Linux VM's.


When I was using OpenSuse 11.3, for some reason during updates to
software,
it couldn't find the repository, but continued on anyway. It thoroughly
hosed the system and wouldn't boot.
That's when I ditched it for RedHat.

The thing I love about Red Hat is their professionalism.
I am the one that found the "cut a DVD, destroy your hard
drive" problem. Red Hat jumped on it immediately and fix
it for me. And I am from the "community" too, meaning I don't
own a RHEL license. They said the bug was pretty obscure.


I still use Solaris 10 in a VM because of their superior compilers.
One issue with gcc (current) is that it won't compile older software that
uses this piece of code at Global scope:

FILE *Output = stdout;

It don't like it, but Suns C compiler handles it.
Neither does MS C compiler like it.
Neither does OS X compiler like it.

Other than that, I like Visual Studio the best.

Back in the day, I learned Modula 2. In hind sight,
I should have learned C instead.

Some day, maybe I will learn Perl. A new version is due out
soon.

-T

What the story behind the choice of Grey Cloud for your name?

Easy, native american.

A wrote:

GreyCloud wrote:
T wrote:

On 03/12/2015 12:11 PM, Char Jackson wrote:
On Wed, 11 Mar 2015 12:37:45 -0700, T wrote:

You are deceiving yourself if you think Linux is not more
secure. It is open for anyone to look at. No back doors.
World wide code checkers.

I've heard that repeated many times over the years, and yet there have
been several openSSL issues that have recently come to light, one or
more of which is said to have existed for over a decade. Just because
people *can* check the source doesn't necessarily mean that anyone
does.


Hi Char,

Of course. And when they are identified, they are fixed
immediately. That is one of the reasons why Linux is
far more secure (in this instance, a program running on Linux).

You are completely missing the point. The Open SSL issues and
the way they were handled is a triumph of how the system works.

Remember the Blaster virus? The vulnerability was know
and published for years. The jerk that wrote the Blaster
virus simply looked up what vulnerabilities had not been
patched and wrote a virus for it. The scoundrels
at M$ didn't patch it until someone wrote a virus
for it!

There is a *HUGE* difference in the way these things
handled by open source and by M$. M$ would have
ignored it until they were embarrassed by it, as in the
blaster virus.

By the way, on Mozilla's or Red Hat's bugzilla, if you
check of "security", the attention you get can only be
described as OH HOLY CRAP!!! (I just put a bug in on how
to seize Linux and they figured out it was a security
bug on their own and oh did they respond!)

In Linux, if you fix a bug and write a "respectful"
well documents bug report (the the appropriate Bugzilla),
you get it fixed.

In M$ world, who do you even report it to? "How many
copies did you buy?"

And yes, there are exceptions.


If you have heard of the Las Vegas DEFCON conventions, then you'll be
happy to hear that it is a hackers convention to see how long it takes to
break
into operating systems. Linux was broken in from the outside in under
20
minutes. Windows was broken into from the outside in under 5 minutes.
Solaris UNIX was broken into in an hour.
OpenVMS took over 2 days.
So there really is no such thing as a totally secure operating system, it
is just that some are harder to break in than others.


Were the break ins done remotely or did the hackers have physical access
to the machines?

Remotely.

T wrote:

On 03/12/2015 04:23 PM, GreyCloud wrote:
T wrote:

On 03/12/2015 12:11 PM, Char Jackson wrote:
On Wed, 11 Mar 2015 12:37:45 -0700, T wrote:

You are deceiving yourself if you think Linux is not more
secure. It is open for anyone to look at. No back doors.
World wide code checkers.

I've heard that repeated many times over the years, and yet there have
been several openSSL issues that have recently come to light, one or
more of which is said to have existed for over a decade. Just because
people *can* check the source doesn't necessarily mean that anyone
does.


Hi Char,

Of course. And when they are identified, they are fixed
immediately. That is one of the reasons why Linux is
far more secure (in this instance, a program running on Linux).

You are completely missing the point. The Open SSL issues and
the way they were handled is a triumph of how the system works.

Remember the Blaster virus? The vulnerability was know
and published for years. The jerk that wrote the Blaster
virus simply looked up what vulnerabilities had not been
patched and wrote a virus for it. The scoundrels
at M$ didn't patch it until someone wrote a virus
for it!

There is a *HUGE* difference in the way these things
handled by open source and by M$. M$ would have
ignored it until they were embarrassed by it, as in the
blaster virus.

By the way, on Mozilla's or Red Hat's bugzilla, if you
check of "security", the attention you get can only be
described as OH HOLY CRAP!!! (I just put a bug in on how
to seize Linux and they figured out it was a security
bug on their own and oh did they respond!)

In Linux, if you fix a bug and write a "respectful"
well documents bug report (the the appropriate Bugzilla),
you get it fixed.

In M$ world, who do you even report it to? "How many
copies did you buy?"

And yes, there are exceptions.


If you have heard of the Las Vegas DEFCON conventions, then you'll be
happy to hear that it is a hackers convention to see how long it takes to
break
into operating systems. Linux was broken in from the outside in under
20
minutes. Windows was broken into from the outside in under 5 minutes.
Solaris UNIX was broken into in an hour.
OpenVMS took over 2 days.

Hi GreyCloud,

Which Linux? Was it security hardened Fedora with SE Linux?
Or Ubuntu (which is not hardened)?

And, how about Free BSD?

They've hacked them all. All UNIX systems are easier to break into than the
more obscure mainframe operating systems. I heard that there is an
international market for these special tools that are for sale and even
harder to buy.



So there really is no such thing as a totally secure operating
system, it is
just that some are harder to break in than others.

That is the best you can expect.

Yes, that is about all one can do. The masses aren't the ones that the
hackers want to break into... it's the corporations and governments that is
what they are drawn to.

On 03/13/2015 07:23 AM, Char Jackson wrote:
I don't use Restore Points, and in fact that's one of the very first
features I disable on each of my personal systems,

That makes sense. I leave them on on my VM's as I have to
know what my customers see. Sort of like me leaving Classic Shell
off on Frankenstein (w8) and Son-of-Frankenstein (w10 preview)
so I can see what my customers see.

I see rollbacks a lot on the cheaper computers and the
unstable ones. cough cough ASUS cough cough HP cough cough.

but I didn't know that
rolling back to a previous RP would also clean up the filesystem

It doesn't. Were in the world did anyone get that impression?
It mainly rolls back the registry. Damn thing wipes out
all your configurations you set up the week before.

Slimer wrote:

On 2015-03-12 6:34 PM, Char Jackson wrote:
On Thu, 12 Mar 2015 20:30:54 +0100, A wrote:

Char Jackson wrote:
On Wed, 11 Mar 2015 12:37:45 -0700, T wrote:

You are deceiving yourself if you think Linux is not more
secure. It is open for anyone to look at. No back doors.
World wide code checkers.

I've heard that repeated many times over the years, and yet there have
been several openSSL issues that have recently come to light, one or
more of which is said to have existed for over a decade. Just because
people *can* check the source doesn't necessarily mean that anyone
does.


Linux isn't bulletproof but it's more secure than Windows. If only it
had a decent office suite. Alas, maybe some day. A lot of that I think
has to do with Linux users being more tech savvy as a whole than Windows
users as most users are compromised by being tricked into either
clicking on something they shouldn't or by being persuaded to part with
their money or both.

"More secure", yes, but I was primarily knocking the assumption that a
lot of eyes are looking at the code because it's open source. I don't
really think that's true.

One word: OpenSSL. The "many eyes" of open-source disregard a critical
bug in there for the largest part of a decade. Who knows what other
holes they'll find in the Linux can of worms?


Glibc... strlen, strcpy, strcat, etc. They aren't secure.
Visual Studio complains about these and suggests to use the secure versions
to strlen_s, strcpy_s, strcat_s, etc. They work a bit differently and these
old functions are vulnerable to buffer overflows.

On 03/13/2015 12:11 PM, GreyCloud wrote:
So there really is no such thing as a totally secure operating
system, it is
just that some are harder to break in than others.

That is the best you can expect.

Yes, that is about all one can do. The masses aren't the ones that the
hackers want to break into... it's the corporations and governments that is
what they are drawn to.

Hi Grey Cloud,

Did you see this one?

https://krebsonsecurity.com/2015/03/...a-tidy-profit/

Wow!

-T