I'm sure most of you are aware of the bug with Mozilla and Firefox that was announced yesterday, how it only affected Windows machines.

Here's a nice little article that kind of expands on the fact that it wasn't really a Mozilla bug in the first place, it was a problem with Windows that Microsoft said they fixed in SP1 but didn't.

Read the article to get more detail...

http://software.newsforge.com/article.pl?sid=04/07/08/2327246&mode=nested&tid=78&tid=82

Fuck I love linux. :D

Here's another reason.

This morning I installed the latest ALSA driver/lib/utils for my soundcard.

Compiled them, installed them, you know, the usual shit.

Then instead of rebooting, all I had to do was insert them into kernel and BOOM, Bob's your uncle, I had sound.

If I was running The Inferior OS, after installing my NVIDIA drivers (proprietary pieces of shit they are....) I'm fairly certain I would have to reboot. Which means save everything I was working on, shutdown, wait for the comp to come back up, re-open everything, continue on. It would have been a fucking pain in the ass because I had a download in progress as well, which on dialup, is something you don't want to start again.

Now, to don the asbestos suit and wait for the flame from a certain ITBurnout member about how fucking fantastic Windows is.... :rolleyes:

All Praise the Linux Gods!!! Thank you Linus Torvalds!!!!!!

The mozilla/Firefox bug is sort of like the vulnerability released for MacOS......




for MS VirtualPC!!!



Leave it to Microsoft to create exploits in operating systems they don't even make.

Well, First off...you said you were installing sound card drivers. I'll assume for the soundstorm card since you mentioned Nvidia drivers. The new windows xp Nvidia Forceware Driver package includes the following:

- Audio Driver / Mixer Utils.
- Ethernet drivers.
- GART Driver.
- Memory Controller driver.
- SMBus Driver.
- Nvidia IDE Drivers.

I'm not sure what is included in the linux package, if they are even in a single package, or the process by which they are installed.

Now if I wanted to update my soundcard drivers, I mearly download the new driver package, close the mixer application in the system tray, run the installer which accompanies the driver package, choose to install ONLY the soundcard / soundstorm drivers, wait a few seconds for it to install the new stuff. Then the mixer app reloads automatically, sound is ready to go. No reboots.

If I was to install either the GART drivers, memory controller drivers, SMBus driver, IDE drivers, or any combination of those drivers, then the system would ask to be rebooted...It does however give you two options. 1) Reboot Now? 2) Reboot Later? Everyone knows that if you say reboot now, it auto reboots, if you say later, the system loads the new drivers after the reboot. The system should only reboot when anything system specific is updated...IE: video drivers, motherboard drivers, IDE drivers, etc. A soundcard is not a critical component, thus no reboot.


About downloading while updating drivers:
Get a download resuming program. I use starDownloader. Works great. Downloads a single file from multiple sources at one time. In case one source closes the connection, the others keep downloading. Eventually the sources that closed the download connection will be replaced with new sources as the program searches for new ones automatically. So in the event that I do need to reboot my system, the download can be running again within about 60 seconds. (30 seconds for the system to boot, the rest of the time for me to connect and resume the download.)

As for the Mozilla security flaw...I find the comments posted below the article of more interest. One user makes a few good points.

The charge to protect regular, unsophisticated users. Regular users do not care whose fault a wide open security hole is. They only care whether they are safe if they are acting reasonably. In this case they weren't, but the team was ok with that for months.

It should be noted that another comment mentions that the security hole was known about in September 2003.

Security without usability is like a parachute you are not wearing. This article was the easiest way of finding the fix, imho. 1) Back in Spetember, how did the team think I was supposed to know to disable shell: scripting? ESP? Reading all of bugzilla? 2) Where in fact would I have done this? Certainly nothing easy to find. 3) Even today, where is the super prominent link on the home page? Why does the home page (http://www.mozilla.org/products/firefox/)link to the 1.9.1 page, not the 1.9.2 page?

Put products before the blame game. Why should mozilla not be embarrassed? There's a known hole in windows, that is only a problem when an untrusted source has a channel to access it. And Mozilla provides that channel.

So if I'm Microsoft, and I make IE (and work to patch its known security holes), then Mozilla would be my competition. Now if this security hole is actually in windows, and Mozilla is the ONLY browser that lets people exploit it, then why do I, microsoft, give a fuck. Answer: I don't. If the flaw cannot be exploited using IE, my/microsofts browser, then it doesn't matter to me/microsoft, thus the company would do nothing.

One company doesn't give a fuck about another companies products, especially if that other companies products are the only ones that have problems.

Microsoft wants Windows users to browse with IE, so it's not going to fix problems that only occur in another companies browser, even if the flaw is in it's OS. Whether the problem was reported on only windows systems running mozilla browswers is irrelevant. See above comments about microsoft, as a company, not giving a fuck about mozilla. What their individual employees think doesn't matter either, in the case of that person on the microsoft page that reccommended firefox. That was his/her opinion, not the opinion of the company. I must have seen about 5 articles with headlines like "Microsoft reccommends Firefox" or "Microsoft says use Firefox and forget IE". All of which are wrong, it was the article author making the reccomendation, not Microsoft.

As for windows and linux virus / security shit. I've never had a virus on my system, the system is rock solid...it's never crashed. The last time I saw a BSOD was when I was using win98. Spybot scans regularly and never finds any major spyware, malware, etc. The most it ever finds a tracking cookies which it picks up from pretty much every website anyone would visit and they are not malicious in the first place.

"But Windows is exploited more than linux" .... people always say that. If I was a giant in a land of midgets I'd get picked on too. If you dominate the desktop computer OS industry, then people are going to pick on you. Flip the situation...if linux was at the top, and windows was an obscure OS, then linux would be the more exploited OS. If i'm a person looking to do major damage to a bunch of computers which do I choose, Windows or Linux? I choose windows, not because it may have security holes, but because it the most widely used desktop OS, and most home users are completely oblivious to any security measures at all. They setup the computer, connect the internet and go...which is nothing short of fucking stupid. If someone uses an unsecure system, then any damage that occurs is their fault.

I remember when I worked tech support and talked to hundreds of people who were infected with w32.blaster or some type of variant. They would say "so why didn't microsoft fix this?" A patch (which worked) was released about a month and a half before the virus caused all the major problems. I had the patch installed the day after it was released. People are stupid when it comes to security.

Truth is no piece of software is completely impenetrable, whether it be from Microsoft, some linux developer, or joe- nobody programming in his basement down the street. All it takes is someone willing to devote the time to figure out how to do it and a large enough target. Chances are there are a lot, if not more, linux servers than there are windows servers. BUT....thoses linux servers are probably so secure that you couldn't touch them with a 10 foot pole. AND...they are probably constantly monitored by someone whose sole purpose is testing and plugging security holes. As probably are the Microsoft systems. Those linux servers are not a viable target for some 15 year old punk trying to fuck up somebodies day. No software before it is released could be 100% secure, the minute it's out, then somebody is working to tear it apart and look for ways to fuck it up.

Anway, I really could care less. Windows works perfect for me with nary a hiccup.....wooo! Lots of typing. :o

PS: I believe I now hold the record for "ITburnouts.com Longest Post". Longest dick too... :p

I remember when I worked tech support and talked to hundreds of people who were infected with w32.blaster or some type of variant. They would say "so why didn't microsoft fix this?" A patch (which worked) was released about a month and a half before the virus caused all the major problems. I had the patch installed the day after it was released. People are stupid when it comes to security.

Largely that is true, but the problem is a bit more complex than people just being stupid. In any business, core servers must be patched first. If the servers are compromised than you are through. You may as well leave your access badge on your desk and try to find a city somewhere they won't know about you. Before you patch a server you have to test the patch for your environment -- For all practical purposes, you need to do the same for your workstations as well. After you test it, you have to have a rollout and a backout plan. Now, you could use ADS policies to push this out, but most companies haven't setup policies to be able to push down patch levels. Most that have wound up paying for the technology . You also have to create maintenance windows. Productiion servers have to be done at some odd ball time, like 2 AM, or a Saturday morning at 4:30.

All of this wouldn't be so hard if you were patching about 200-400 machines. Hell, most of it could be done manually by a helpdesk monkey and a floppy disk. What about larger companies? Companies with large clustered server groups and thousands of workstations? How do you do all of this in 34 days (which is how long it took for the first blaster virus to hit the net after the vulnerability was released)? But there is something else to consider -- Remote users. That's right. Remote users are the ones who fuck up networks. They connect to VPN and release their payload into their networks. I see it all the time, and is a primary means of infection probably a lot more than you might consider. The thing with remote users is that they are rarely in the office. They may be on the road, making sales appointments, etc. They usually have administrator on their own machines so they can install whatever they want. Thier virus sigs are usually out of date. They are never patched to current because they never bring in their laptops.

I did an analysis gathering info for a patch management white paper last year, and to date a cost cannot be accurately associated with keeping systems patched. It is an endless job and takes a whole lot more than just running an EXE file in the real world. So if a company gets slammed with a worm 30 days after the vulnerability is announced, the chances of them just deciding to do nothing is fairly slim.

Well, First off...you said you were installing sound card drivers. I'll assume for the soundstorm card since you mentioned Nvidia drivers. The new windows xp Nvidia Forceware Driver package includes the following:

- Audio Driver / Mixer Utils.
- Ethernet drivers.
- GART Driver.
- Memory Controller driver.
- SMBus Driver.
- Nvidia IDE Drivers.

I'm not sure what is included in the linux package, if they are even in a single package, or the process by which they are installed.

Had you read my original post, you would have realized that I WASN'T installing the shitty proprietary NVIDIA driver, I was installing the Open Source ALSA Project driver. Open Source, made by volunteers. Works a gajillion times better then the piece of shit Nvida drivers.

About downloading while updating drivers:
Get a download resuming program. I use starDownloader. Works great. Downloads a single file from multiple sources at one time. In case one source closes the connection, the others keep downloading. Eventually the sources that closed the download connection will be replaced with new sources as the program searches for new ones automatically. So in the event that I do need to reboot my system, the download can be running again within about 60 seconds. (30 seconds for the system to boot, the rest of the time for me to connect and resume the download.)

You are missing the point. In Linux, even if I had to install a new driver for a system critical component, I could either a) restart just that daemon, not reboot the whole system or b)just insert the module into the kernel, instead of rebooting the whole system. Rebooting is a waste of fucking time and is unnecessary. I mean think about it... How come a bunch of hackers who coded Linux in their spare time end up with this feature of not having to reboot, when you have market giant Microsoft, with gads of cash to invest in R&D, who doesn't? I mean WTF? The free alternative has better options that the one you're supposed to pay for? You'd have to be insane to pick the one you have to pay for.....

So if I'm Microsoft, and I make IE (and work to patch its known security holes), then Mozilla would be my competition. Now if this security hole is actually in windows, and Mozilla is the ONLY browser that lets people exploit it, then why do I, microsoft, give a fuck. Answer: I don't. If the flaw cannot be exploited using IE, my/microsofts browser, then it doesn't matter to me/microsoft, thus the company would do nothing.

One company doesn't give a fuck about another companies products, especially if that other companies products are the only ones that have problems.

Microsoft wants Windows users to browse with IE, so it's not going to fix problems that only occur in another companies browser, even if the flaw is in it's OS.

Actually, you missed the point on this one as well. Just because you can exploit it with a Mozilla browser, doesn't mean that it's the ONLY way to exploit it. Just to go out on a limb here, what if a worm/virus/trojan is programmed to exploit the same vunerability in the OS?? Will it still be Mozilla's fault, even though they patched their program? No, the onus will be on Microsoft to actually fucking FIX the fucking problem with their bug-laden piece of poorly-coded rat shit of an OS.

Whether the problem was reported on only windows systems running mozilla browswers is irrelevant.

Actually that's rather relevant. Because the vunerability was only in the Windows OS because it's a bug-laden piece of poorly-coded rat shit.

What their individual employees think doesn't matter either, in the case of that person on the microsoft page that reccommended firefox. That was his/her opinion, not the opinion of the company. I must have seen about 5 articles with headlines like "Microsoft reccommends Firefox" or "Microsoft says use Firefox and forget IE". All of which are wrong, it was the article author making the reccomendation, not Microsoft.

Actually, that's rather humourous. Microsoft owns MSN of course, which in turn, owns Slate.com, where the article appeared. I'd compare that article promoting Firefox over IE to seeing a pro-communist article in a right-wing newspaper in the US. It's fucking huge due to the internal censoring that goes on in most corporations in America. You always have to spin the story so that "The Company" comes out looking marvelous.

As for windows and linux virus / security shit. I've never had a virus on my system, the system is rock solid...it's never crashed. The last time I saw a BSOD was when I was using win98. Spybot scans regularly and never finds any major spyware, malware, etc. The most it ever finds a tracking cookies which it picks up from pretty much every website anyone would visit and they are not malicious in the first place.

The fact that you have programs to pick up malware, adware, viruses actually works in my favour and proves my point to a 'T'. I have no use/need to install programs like that in Linux. You HAVE to in Windows these days if you want it to function in any manner efficiently. Take the machines at work for example, they run like shit because of the gads of spyware on them, but also because of the AV program running in the background eating up system resources. In Linux, I don't have that, not to mention Linux makes better use of the system resources in the first place.....

"But Windows is exploited more than linux" .... people always say that. If I was a giant in a land of midgets I'd get picked on too. If you dominate the desktop computer OS industry, then people are going to pick on you. Flip the situation...if linux was at the top, and windows was an obscure OS, then linux would be the more exploited OS. If i'm a person looking to do major damage to a bunch of computers which do I choose, Windows or Linux? I choose windows, not because it may have security holes, but because it the most widely used desktop OS, and most home users are completely oblivious to any security measures at all. They setup the computer, connect the internet and go...which is nothing short of fucking stupid. If someone uses an unsecure system, then any damage that occurs is their fault.

You see, this is a common tactic among Pro-Microsoft people (see: SCO, Darl McBride), you always say that there is security in obscurity, the only reason why Linux is secure is because no one uses it. What you don't understand is how the open source model works. When someone writes a new module for the linux kernel, it goes through an extensive test of the programmer's peers, testing the code for bugs etc. The more people who would use linux, the more that would be looking at the code, verifying it's accuracy, making sure it's the best it could be. Therefore, it's actually the exact opposite to your "security in obscurity" arguement. The more people that use/get involved with Linux, the more secure it becomes.



Not to say that I haven't used/enjoyed Windows sometimes. Many hours were spent playing games and fucking around in Windows. But once I discovered Linux, truly discovered Linux, and made myself stick with it, I don't think I could ever go back.

It's the freedom it gives you that almost ruins you when it comes to computers. I have complete and utter control over my system. I could remove code, insert code where I like. (if I was adept at programming C that is... :-)) I can completely reconfigure everything in the OS. Everything, right down to the last widget in the last screen. It's all fully customizable. They even include the tools in the kernel. If I want to pare it down to bare bones, I can, if I want to bloat it up, I can. It's all my choice.

You're going to say "I can do that in Windows too!", to which I reply, okay, remove pcmcia support from the Windows kernel for me. Then document how you did it. You may never use it, but it's always fucking there. Remove it, then show me the steps.

All I'm trying to get across is that Windows had it's day in the sun, and it was a good run. But unless they figure out how to get their shit together when it comes to things like stability/security, then get ready, because Rome is going to come crumbling down.....

Again...most of your points, just backup mine...and my points backup yours.

I don't know what ALSA drivers are, nor do I care. Your post clearly says that if you were in windows, installing nvidia drivers, you would have had to reboot...which is not true.

About exploiting that flaw to which the mozilla browser provides the way. I never said that its mozillas responsibility to fix the hole in the OS. I said that it was their responsibility to change their browser if they want windows users to use it securley. At least thats what I was trying to say. What I was saying is that until there is sufficient reason for microsoft to fix it, chances are they aren't going to.

About the pcmcia support....If I wanted to remove this or any other part of windows that i don't need, I can go download XPLite....which I believe is a sub-150kb download. And it allows you to remove pretty much any part of the OS that I don't want or have a use for. Its been used to get a less than 350MB install of Windows XP....I don't call that bloated. Or I could just create myself a nice auto-install cd with and edit the necessary files on the cd so that the stuff I don't want isn't installed in the first place.

And about the other comments...I'm not even gonna bother picking them apart cause its 1:45am in the morning, and I really don't care anymore.

It's a never-ending debate. Neither side is more right than the other despite what anybody thinks.

I came upon this and has to post it....

Take a look...

http://ctrlaltdel-online.com/images/comics/20040714.jpg

Windows windows windows windows windows...!!! Windows!!!! hahahah!!!

SUMMARY:

Windows works and requires a purchased license. Those using Windows without proper licencing are subject to prosecution.

Linux works and does not require any licence to be purchased.

Most windows apps and server apps require a purchased license. Those using these apps without proper licensing are subject to prosecution.

Most linux apps do not require any license to be purchased.

MS Windows and windows based applications are constantly being cited for critical vulnerabilities that are the target of devestating worms and viruses.

Linux and linux based applications are constantly being cited for critical vulnerabilities that are seldom (almost never) the target of ANY worm or virus.

So, based on the amount of money you are supposed to pay, which one is the better value?

SUMMARY:

What's and asslicker know about it??? HAHAHHAHAHAHA. :p