Windows 2000 magazine admits Open Source software is more secure.

Windows 2000 magazine admits Open Source software is more secure.

Post by Aaron Gin » Sat, 04 Nov 2000 03:26:26



I don't make any judgements on this; I only provide it for
discussion...

Check out this article in Windows 2000 magazine discussing the
ramifications of the recent Microsoft crack:

http://www.win2000mag.com/Articles/Index.cfm?ArticleID=16025

In particular, I found this paragraph amusing...

At the heart of this problem is the debate about open-source software
and the proprietary, closed model older software companies such as
Microsoft use. Microsoft jealously guards the source code to its
products because that code is the company's biggest asset. But
products such as Linux are developed in the open, by a committee of
sorts, and the source code is available to one and all. When someone
finds a security problem in Linux, for example, many people discover
what the problem is and work to fix it immediately. When someone
discovers a security problem in a Microsoft product-and let's face it,
security problems surface every week-customers must wait for Microsoft
to even acknowledge the problem's existence. Then, customers wait for
the company to provide a workaround, and, hopefully, release code that
actually fixes the problem. And in many cases-take most Windows NT 4.0
service packs, for example-the fixes cause more problems than the
original issue. It's an untenable situation, regardless of your
position in the open-source debate.

Let the discussion begin... :)

--
Aaron J. Ginn                    Phone: 480-814-4463
Motorola SemiCustom Solutions    Pager: 877-586-2318
1300 N. Alma School Rd.          Fax  : 480-814-4463

 
 
 

Windows 2000 magazine admits Open Source software is more secure.

Post by Bruce Schuc » Sat, 04 Nov 2000 11:33:54


I think the author should spend more time reading the security advisories on
the Linux sites.


> I don't make any judgements on this; I only provide it for
> discussion...

> Check out this article in Windows 2000 magazine discussing the
> ramifications of the recent Microsoft crack:

> http://www.win2000mag.com/Articles/Index.cfm?ArticleID=16025

> In particular, I found this paragraph amusing...

> At the heart of this problem is the debate about open-source software
> and the proprietary, closed model older software companies such as
> Microsoft use. Microsoft jealously guards the source code to its
> products because that code is the company's biggest asset. But
> products such as Linux are developed in the open, by a committee of
> sorts, and the source code is available to one and all. When someone
> finds a security problem in Linux, for example, many people discover
> what the problem is and work to fix it immediately. When someone
> discovers a security problem in a Microsoft product-and let's face it,
> security problems surface every week-customers must wait for Microsoft
> to even acknowledge the problem's existence. Then, customers wait for
> the company to provide a workaround, and, hopefully, release code that
> actually fixes the problem. And in many cases-take most Windows NT 4.0
> service packs, for example-the fixes cause more problems than the
> original issue. It's an untenable situation, regardless of your
> position in the open-source debate.

> Let the discussion begin... :)

> --
> Aaron J. Ginn                    Phone: 480-814-4463
> Motorola SemiCustom Solutions    Pager: 877-586-2318
> 1300 N. Alma School Rd.          Fax  : 480-814-4463



 
 
 

Windows 2000 magazine admits Open Source software is more secure.

Post by Chad Myer » Sat, 04 Nov 2000 12:33:10



Quote:> I think the author should spend more time reading the security advisories on
> the Linux sites.

Particularly the ones where Red Hat was compromised and trojan code was allowed
to be inserted and was released as final product by Red Hat themselves.

So far, there's no evidence that any code was stolen from MS, let alone the
critical
systems code, let alone it was checked into source control (where the final
product(s) get built from).

-Chad



> > I don't make any judgements on this; I only provide it for
> > discussion...

> > Check out this article in Windows 2000 magazine discussing the
> > ramifications of the recent Microsoft crack:

> > http://www.win2000mag.com/Articles/Index.cfm?ArticleID=16025

> > In particular, I found this paragraph amusing...

> > At the heart of this problem is the debate about open-source software
> > and the proprietary, closed model older software companies such as
> > Microsoft use. Microsoft jealously guards the source code to its
> > products because that code is the company's biggest asset. But
> > products such as Linux are developed in the open, by a committee of
> > sorts, and the source code is available to one and all. When someone
> > finds a security problem in Linux, for example, many people discover
> > what the problem is and work to fix it immediately. When someone
> > discovers a security problem in a Microsoft product-and let's face it,
> > security problems surface every week-customers must wait for Microsoft
> > to even acknowledge the problem's existence. Then, customers wait for
> > the company to provide a workaround, and, hopefully, release code that
> > actually fixes the problem. And in many cases-take most Windows NT 4.0
> > service packs, for example-the fixes cause more problems than the
> > original issue. It's an untenable situation, regardless of your
> > position in the open-source debate.

> > Let the discussion begin... :)

> > --
> > Aaron J. Ginn                    Phone: 480-814-4463
> > Motorola SemiCustom Solutions    Pager: 877-586-2318
> > 1300 N. Alma School Rd.          Fax  : 480-814-4463


 
 
 

Windows 2000 magazine admits Open Source software is more secure.

Post by Perry P » Sat, 04 Nov 2000 15:49:52


On Thu, 2 Nov 2000 18:33:54 -0800,


>I think the author should spend more time reading the security advisories on
>the Linux sites.

He is, and that's why he said what he said. Since when does more
advisories == less security, as you seem to assume. In practice, the
opposite is true.



>> I don't make any judgements on this; I only provide it for
>> discussion...

>> Check out this article in Windows 2000 magazine discussing the
>> ramifications of the recent Microsoft crack:

>> http://www.win2000mag.com/Articles/Index.cfm?ArticleID=16025

>> In particular, I found this paragraph amusing...

>> At the heart of this problem is the debate about open-source software
>> and the proprietary, closed model older software companies such as
>> Microsoft use. Microsoft jealously guards the source code to its
>> products because that code is the company's biggest asset. But
>> products such as Linux are developed in the open, by a committee of
>> sorts, and the source code is available to one and all. When someone
>> finds a security problem in Linux, for example, many people discover
>> what the problem is and work to fix it immediately. When someone
>> discovers a security problem in a Microsoft product-and let's face it,
>> security problems surface every week-customers must wait for Microsoft
>> to even acknowledge the problem's existence. Then, customers wait for
>> the company to provide a workaround, and, hopefully, release code that
>> actually fixes the problem. And in many cases-take most Windows NT 4.0
>> service packs, for example-the fixes cause more problems than the
>> original issue. It's an untenable situation, regardless of your
>> position in the open-source debate.

>> Let the discussion begin... :)

>> --
>> Aaron J. Ginn                    Phone: 480-814-4463
>> Motorola SemiCustom Solutions    Pager: 877-586-2318
>> 1300 N. Alma School Rd.          Fax  : 480-814-4463


--

Perry Piplani                      http://www.netservers.com

 
 
 

Windows 2000 magazine admits Open Source software is more secure.

Post by Perry P » Sat, 04 Nov 2000 15:53:04


On Fri, 03 Nov 2000 03:33:10 GMT,


>Particularly the ones where Red Hat was compromised and trojan code was allowed
>to be inserted and was released as final product by Red Hat themselves.

As usual, you are a blatent liar.

Quote:>So far, there's no evidence that any code was stolen from MS, let alone the
>critical
>systems code, let alone it was checked into source control (where the final
>product(s) get built from).

No one claimed it was. People only claimed it was possible.
 
 
 

Windows 2000 magazine admits Open Source software is more secure.

Post by Perry P » Sun, 31 Dec 1899 09:00:00


On Fri, 03 Nov 2000 13:51:22 GMT,




>> On Fri, 03 Nov 2000 03:33:10 GMT,

>> >Particularly the ones where Red Hat was compromised and trojan code was
>allowed
>> >to be inserted and was released as final product by Red Hat themselves.

>> As usual, you are a blatent liar.

>What? Ah... denying the truth again I see, Perry. Perhaps you should consult
>a psychologist as this is, in fact, truth. About 3 months ago or so Red Hat was
>under fire (in fact there was a mention on Slashdot about it).

>Search the news archives, you'll find it. Of course, a grevious, henous
>violation
>of trust and security like this managed to slip through the cracks of major
>media outlets. Had this been MS, every major news outlet would've carried it.
>Just shows you the double standard we face.

>-Chad

>> >So far, there's no evidence that any code was stolen from MS, let alone the
>> >critical
>> >systems code, let alone it was checked into source control (where the final
>> >product(s) get built from).

>> No one claimed it was. People only claimed it was possible.

>Um, several in this group and your claim it every day!

>Charlie Ebert, 2:1 and several others.

>-Chad

--

Perry Piplani                      http://www.netservers.com

 
 
 

Windows 2000 magazine admits Open Source software is more secure.

Post by sfcybea » Sun, 31 Dec 1899 09:00:00




Quote:

> I don't make any judgements on this; I only provide it for
> discussion...

> Check out this article in Windows 2000 magazine discussing the
> ramifications of the recent Microsoft crack:

> http://www.win2000mag.com/Articles/Index.cfm?ArticleID=16025

> In particular, I found this paragraph amusing...

> At the heart of this problem is the debate about open-source software
> and the proprietary, closed model older software companies such as
> Microsoft use. Microsoft jealously guards the source code to its
> products because that code is the company's biggest asset. But
> products such as Linux are developed in the open, by a committee of
> sorts, and the source code is available to one and all. When someone
> finds a security problem in Linux, for example, many people discover
> what the problem is and work to fix it immediately. When someone
> discovers a security problem in a Microsoft product-and let's face it,
> security problems surface every week-customers must wait for Microsoft
> to even acknowledge the problem's existence. Then, customers wait for
> the company to provide a workaround, and, hopefully, release code that
> actually fixes the problem. And in many cases-take most Windows NT 4.0
> service packs, for example-the fixes cause more problems than the
> original issue. It's an untenable situation, regardless of your
> position in the open-source debate.

> Let the discussion begin... :)

Cool! Even THINKING MS supporters are coming around to Knowing that an
*open* discussion of these issues are nothing to be afraid of! Now If
Chad turns off his, "well redhat has..." Bot then maybe we can have some
real discution of real issues!

> --
> Aaron J. Ginn                    Phone: 480-814-4463
> Motorola SemiCustom Solutions    Pager: 877-586-2318
> 1300 N. Alma School Rd.          Fax  : 480-814-4463


Sent via Deja.com http://www.deja.com/
Before you buy.
 
 
 

Windows 2000 magazine admits Open Source software is more secure.

Post by Aaron Gin » Sun, 31 Dec 1899 09:00:00



> So far, there's no evidence that any code was stolen from MS, let alone the
> critical
> systems code, let alone it was checked into source control (where the final
> product(s) get built from).

Okay Chad, answer me this.  How would someone view the source code over
a remote connection without first downloading the code?  According to
Balmer, "... the hackers did see some of our source code."  If the
intruders had to download the code before viewing it, I'd say that
constitutes theft of code, wouldn't you?

Whether or not the code was modified merely determines the degree of
the breech.

By the way, what constitutes 'critical systems code' to you?

Aaron

--
Aaron J. Ginn                    Phone: 480-814-4463
Motorola SemiCustom Solutions    Pager: 877-586-2318
1300 N. Alma School Rd.          Fax  : 480-814-4463

 
 
 

Windows 2000 magazine admits Open Source software is more secure.

Post by Bruce Schuc » Sun, 31 Dec 1899 09:00:00



> On Thu, 2 Nov 2000 18:33:54 -0800,

> >I think the author should spend more time reading the security advisories
on
> >the Linux sites.

> He is, and that's why he said what he said. Since when does more
> advisories == less security, as you seem to assume. In practice, the
> opposite is true.

In practive, a security advisory notes that a hole has been found. The list
of holes in open source is large. It then tells the script kiddies which
exploit to attack on all the unpatched copies of Linux.
 
 
 

Windows 2000 magazine admits Open Source software is more secure.

Post by Bruce Schuc » Sun, 31 Dec 1899 09:00:00




> > So far, there's no evidence that any code was stolen from MS, let alone
the
> > critical
> > systems code, let alone it was checked into source control (where the
final
> > product(s) get built from).

> Okay Chad, answer me this.  How would someone view the source code over
> a remote connection without first downloading the code?

The viewer could be an ActiveX control that reads snippets of code in the
source code database.

The ActiveX control may have downloaded the code, but it may never have
saved it anywhere or displayed it in a format that could be cut/pasted
anywhere else.

Thats 1 method.

I can think of dozens of others.

 
 
 

Windows 2000 magazine admits Open Source software is more secure.

Post by Craig Kelle » Sun, 31 Dec 1899 09:00:00





> > I think the author should spend more time reading the security advisories on
> > the Linux sites.

> Particularly the ones where Red Hat was compromised and trojan code
> was allowed to be inserted and was released as final product by Red
> Hat themselves.

Are you talking about the default password for piranha?

If you are, you're blowing it WAY out of proportion (MSSQL ships with
a default password as well...)

--
The wheel is turning but the hamster is dead.


 
 
 

Windows 2000 magazine admits Open Source software is more secure.

Post by The Ghost In The Machi » Sun, 31 Dec 1899 09:00:00


In comp.os.linux.advocacy, Chad Myers

 wrote
on Fri, 03 Nov 2000 03:33:10 GMT



>> I think the author should spend more time reading the security advisories on
>> the Linux sites.

>Particularly the ones where Red Hat was compromised and trojan code
>was allowed to be inserted and was released as final product by
>Red Hat themselves.

Really?

What code was this?  What package?
Can you provide something like:

ftp://ftp.freesoftware.com/pub/linux/redhat/redhat-6.2/SRPMS/SRPMS/
    nag-1.0-4.src.rpm

to indicate precisely what package (and version) was in fact compromisd?

I for one am curious.  (Note: the above is merely a source code
package I picked out at random, as an example.)

Failing that, you can of course provide a Weblink to the security
advisory. :-)

[rest snipped]

--

 
 
 

Windows 2000 magazine admits Open Source software is more secure.

Post by Bruce Schuc » Sun, 31 Dec 1899 09:00:00





> With RedHat, or any other Linux distro, we
> _can_ know the answers to these important questions because _we can read
> the code_.

According to the OpenBSD site, they are the only secure OS. They even say
other free OS's hide issues from their users.

http://www.openbsd.org/security.html

Quotes: (my comments start with **)

OpenBSD believes in strong security. Our aspiration is to be NUMBER ONE in
the industry for security (if we are not already there). Our open software
development model permits us to take a more uncompromising view towards
increased security than Sun, SGI, IBM, HP, or other vendors are able to. We
can make changes the vendors would not make. Also, since OpenBSD is exported
with cryptography, we are able to take cryptographic approaches towards
fixing security problems.

*** Note "We can make the changes the vendors would not make". Translation:
The other vendors leave holes in their software.

Like many readers of the BUGTRAQ mailing list, we believe in full disclosure
of security problems. In the operating system arena, we were probably the
first to embrace the concept. Many vendors, even of free software, still try
to hide issues from their users.

** The "even of free software" is a clear attack on Linux. Which security
problems are they saying Linux is hiding from users?

We have fixed many simple and obvious careless programming errors in code
and only months later discovered that the problems were in fact exploitable.
(Or, more likely someone on BUGTRAQ would report that other operating
systems were vulnerable to a `newly discovered problem', and then it would
be discovered that OpenBSD had been fixed in a previous release)

** OpenBSD is saying they are a release ahead of others and only they
proactively fix bugs.

EndQuotes

 
 
 

1. Microsoft begining to open source Windows 2000?

Please check out this article. Looks like microsoft know open source is the
thing of the future. I would consider that it is a begining step for full
blown GPL!!!!

http://www.zdnet.com/enterprise/stories/main/0,10228,2692987,00.html
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in

More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

2. NIS+ Master Set Up

3. Is Open Source software really more secure?

4. filelock

5. In the latest version of Windows 2000/.Net Magazine

6. RH 7.2 changing IP without reboot

7. Wishlists for Linux AND Windows 2000 (was Re: Wishlists for Linux (vs) Windows 2000)

8. Is 3.3.3 accelerated for G200?

9. CALL FOR PAPERS for the O'REILLY OPEN SOURCE CONVENTION 2000