UK Gov't Experts Say Linux is Secure, Windows Not 268
Sara Chan writes "An expert at the British government's computer security headquarters, CESG (Communications-Electronics Security Group) has endorsed Linux along with the open source model for software development as the most secure computer architecture available. CESG is the sister organisation of the GCHQ (Government Communications Headquarters), which is roughly the British equivalent of the American NSA (National Security Agency). There is also a warning against "a competing commercial product with hidden source code." For details, see the
ZDNet UK story."
Linux security, Windows NT scurity... (Score:1)
Re:Hee Haw (Score:1)
Re:Open Sourced Windows (Score:1)
I wouldn't bet on any right to make your own mods, either - there will probably be the usual unilateral license "agreement" that you invoke by just looking at the code.
Re:Source is the key. (Score:1)
Re:I don't trust Windows because... (Score:1)
They lose the anti-trust case and BAM! they just revoke every license the DOJ has for a Microsoft product. This in turn makes another law suit happen and Microsoft get's another few years of unhindered profit growth.
The upside would be that the world would finally get a definitive ruling on whether or not shrinkwrap licenses are legal.
Re:New project, anyone? (Score:1)
Lemme see if I can find a url...
Ah. Here it is. [kha0s.org]
Enjoy!
Re:Trust the Source.. (Score:1)
Re:Microsoft seems to have a strange idea of secur (Score:1)
Re:Nicely Put (Score:1)
Networking... (Score:1)
is kind of interesting.
Unix was built for a single computer and then the network was added on as an afterthought as well.
So I assume he's speaking of just Linux, right?
But then which Windows is he speaking of? Sure Windows 3.1 didn't have networking built in to begin with.
But Windows NT was designed with the network in mind.
I find it interesting how blindly Linux advocates jump onto bandwagons. The quotes from this individual show about as much thought as your typical marketing droid.
Re:CORE operating system flaws (Score:1)
Another problem is that you can end up jumping through hoops to get a Microsoft fix, e.g. the msnp32.dll update.
Re:Um... (Score:1)
Part of the problem is that what is obscure cannot be relied upon to stay obscure. There is also the problem of "monoculture" where all the parts of a system are provided as unmodifiable binaries
Re:secure systems...sure! (Score:1)
Gentleman, you can't fight in here, this is the war room..
Re:the increase in script kiddies (Score:1)
Gentleman, you can't fight in here, this is the war room..
NT never really designed by MS (Score:1)
Re:Microsoft seems to have a strange idea of secur (Score:1)
Gotta have faith (Score:1)
With citizenship issues,
Matthew
_____________________________________
Re:The US Navy sure learned their lesson. (Score:1)
Re:Gotta have faith (Score:1)
Ah, the healthcare angle again. It seems that the stereotype of the US is alive and well as we can all see.
In my personal experience as a doc in the US, I've had a lot of opportunities to discuss the US and Canadian systems with Canadian physicians and nurses that come here for training or work. While it is true that everyone in Canada has "insurance", the system is underfunded and there are huge problems with getting timely care. If you have an emergency condition, you will be treated promptly. But if you have nagging gallstone pain or near constant pain from a herniated disc, expect to wait quite a bit longer for treatment in Canada! Tired of waiting around for your public Canadian Orthopedic surgeon to fix that knee? You could try going to someone "out of the system" to get it done faster, but it is impossible because there is no private practice in Canada (by law)! Your choices are way too limited. A homeless bum in the U.S. could get his fixed faster than you as a charity case if he seeks care. At least in the UK patients have a choice between the "public" service and private practice.
The multitiered healthcare system in the U.S. is a paid for by an overly complex system of cost shifting that needs some simplification. But the U.S. system is nowhere near as bad as you seem to imply.
In Canada, public healthcare providers can, and do, go on strike (except for emergencies)! This is not an indictment of the Canadian health care providers since they are as good as any, but the system has serious undeniable problems and should not be held up as a shining example for everyone else in the world to strive for.
"Not for profit" hospitals in the U.S. get a tax break in return for committing to a certain amount of charity care. Any university hospital will take care of patients without any insurance. Of course the U.S system isn't without need for improvement, but the myth of a vast population of people in the US who have no access to medical care is way overblown. In fact, it isn't uncommon at all for Canadians who are tired of waiting around for care to fly down to the U.S. for treatment. The Mayo Clinic sees a lot of this, and even I, a relative pion, have taken care of some neglected Canadians.
I appreciate Canada for its safer cities, Rush, SCTV, hockey, scenic vistas, Vancouver, etc., but am not too fond of its tax policies, french successionist movement, cold temperatures, Celine Dion (sp?), or its healthcare system.
Re:Gotta have faith (Score:1)
Marissa
no arguments but trust (Score:1)
I thought this person, Througton, as a representative of the government would give us an objective comparison of technical security issues between Linux and whatever. But he doesn't. When he says:
he's not convincing with technical arguments. What he says is just a matter of trust, because he cannot see the source code. But trust doesn't tell me whether or not an OS is secure. Technical facts do. Is Novell insecure because I cannot see the source code? And what about the commercial Unix-flavours? Banyan Vines? What about all the software embedded in our network hardware?This article doesn't tell me anything new. I hoped that someone from a government, someone independent, could give me some objective arguments. But this article is just another bash in the pro/contra MS fight.
ArleoRe:Finally they open their eyes (Score:1)
Also, The NT4SP3 security thing is basically bullshit. Download the DLL cache posion attack from l0pht or bugtraq and you can rootkit an NT4SP3 system in seconds.
BTW, it also works against NT4SP4 and it can make the Guest account Administrator (oops).
Re:Gotta have faith (Score:2)
With keyboard issues,
Matthew
_____________________________________
Nicely Put (Score:2)
Besides, if there's a bug, about 300 Slashdotter's will point it out. Best system in the world.
(Slashdotters... sounds like we are all Icelandic.)
Re:Applications count too. (Score:1)
Um... is this meant as pure flamebait, or are you just being ignorant?
My Linux distribution came on 6 CDs, and that wasn't just all kernels...
Mmm.. Secure. (Score:4)
Is this REALLY that difficult? :) WinNT is, how many, 4 or 5 years old and yet still there are severe security flaws coming out in the CORE operating system. Sure Linux has had a few security holes here and there but they've been patched pretty much 'instantly' and most of them weren't in the kernel (ie. the core OS) but in tools like Sendmail and whatever.
Maybe I just don't know what I'm talking about (well, probably ;)) but I don't see how people can even consider running some of the things they run on NT.
On an unrelated note, i'm just rambling because it's Christmas Eve (well, 3:30pm) and I want to go home but I have to wait for some lame-arse Y2K update to post on the Intranet before I go.. [sigh]
Trust the Source.. (Score:4)
(An expert at the British government's computer security headquarters, CESG (Communications-Electronics Security Group) has endorsed Linux along with the open source model for software development as the most secure computer architecture available.
.and.
He says, "Windows was built for a single computer and then the network was added on as an afterthought. Also it's closed source, and I would never ever trust someone else completely with security.")
vs.
A Microsoft spokeswoman, however, disputes these perspectives, claiming that Microsoft's closed-source software is more secure than ever.
Marketing vs. Reality isn't a fair fight...
Re:Off=topic. (Score:1)
Hrm (Score:2)
If you think you know what the hell is going on you're probably full of shit.
Hee Haw (Score:4)
Yep. Everyone remembers that public test website.
There is no way an OS the size of W2K can not have security issues and still be hidden from peer review.
Also, "among other things, entire development teams were focused solely on searchng out security issues..." How can you be focused "solely" on security, "among other things" ?? "Watcha up to, alan?" "Well, I am focused solely on security, among other things."
Finally, I don't believe they built the system from the ground up, either.
Re:Security, damn lies, and Microsoft (Score:2)
Er, yes it is actually - to anyone who has an MSDN Universal subscription, or who is part of the Microsoft Select plan. And that's a LOT of people.
Simon
Re:Microsoft seems to have a strange idea of secur (Score:1)
It's used to mean disinformation. If you don't like that, then tough - it's the same thing that happened with the word hacker (I don't like that, but that's tough too).
Simon
Re:Microsoft seems to have a strange idea of secur (Score:1)
Get an x protocol compressor such as dxpc.
Re:contraction (Score:1)
But I thought it was rather ammusing my self.
Sorry, but Troughton lacked credibility (Score:5)
First of all, this wasn't some organization promoting this view -- it was just an individual. Now, he's called an expert, but it's silly not to look at that with some perspective. Such as all the "military experts" telling us that Operation Desert Storm better bring a lot of body bags because the Iraqi Republican Guard was so brutal. We all know how this turned out. Or, the "societal experts" telling us how welfare reform in the U.S. would destroy the lower classes. Again, this didn't happen. In both cases, the experts' position was often affected by personal biases: people against the Persian Gulf war in the former case, and big-government proponents in the latter. When you look at what Mr. Troughton says, I think it's pretty clear that he's a GNU/Linux advocate through and through, and that it's likely that his Linux endorsement stems from that.
The most blatent evidence of his bias was the quote, "Linux is as secure as you can make a computer." Honestly now, do even Linux advocates here believe that? Even if you think that Linux is the best OS out there (because of a combination of its various strengths), I don't think any rational person would even try to put forth that argument. This is the main reason why I think he's a Linux fan who's trying to promote it by saying that it's the most secure OS, as opposed to someone who became a Linux fan because he found it to be the most secure OS.
Secondly, he made other quotes that made him sound like your good ol'-fashioned OS advocate. Namely, that Alan Cox is the best programmer on Earth, and "I've heard he writes code like Richard Stallman." I'm not saying that Mr. Cox is or isn't the best, but these statements sound less like they came from a dispassionate seeker of the most secure OS and more like your garden variety GNU/Linux-advocating name-dropper. Basically, the only thing that was missing was to hear him say, "Linus r00lz."
In other words, I'd take Mr. Troughton's words with an extremely large grain of salt.
Cheers,
ZicoKnows@hotmail.com
Re:The US Navy sure learned their lesson. (Score:1)
When Linux users are quoting uptimes, you can reasonably assume that that box has been subjected to some degree of abuse without having deteriorated the base system. Push NT and best plan on rebooting very soon. Do anything remotely complicated in Microsoft office and plan on rebooting.
Sorry about the ramble, but I am trying to point out that NT _can_ be used effectively, and with long uptimes. I agree with your remark about NT's stability. You just have to walk _very_ carefully. Is this the way systems should be? H*** No!
If you've got a lemon, make lemonaide.
Thank You. (Score:1)
Re:Microsoft seems to have a strange idea of secur (Score:1)
geee, anyone who designs a pencil that has no eraser should be charged with criminal negligence.
OSs come in many forms, and for many purposes. I suppose you wnat your washing machine to have security too.
Perhaps you should try to sue apple for making an OS with no security as well? At least Microsoft have NT, which has MUCH MUCH higher security granuality than Linux (security on just about every object).
experts, plural. (Score:1)
People determine security not the OS. (Score:1)
Studies like this have always meant and will continue to mean very little IMO. Just like the NT C2 certification means very little this means very little to Linux. We shouldn't get our heads inflated over stuff like this and go around pretending like we are all high and mighty because we use Linux and are "secure".
Re:Finally they open their eyes (Score:1)
So as I said before, don't get the wrong impression of what a C2 certification (or even the UK's equivalent) really means.
Re:Networking... (Score:1)
But there are several shortcomings to NT in this regard. The most prevelent, is the fact that ANY user can execute code to potentially damage the system. That's the primary reason that viri and trojans such as Melissa are able to be readily spread among users.
If one were to look at the initial C2 rating afforded to NT, it was rated when it was NOT connected to the network. Pretty poor for what at the time was bragged by MS to be the most secure, capable NOS.
FWIW, the majority of corp desktops (according to IDG) are running Win 9x of some sort, not NT. As such, they don't have the granularity of permissions that NT offers with NTFS.
I'll leave the NT domain structure and lack of directory services for another time. Those are issues of poor design, and not necessarily related to security.
Linux isn't perfect, either, no OS is. But the security and flexibility of NT is often overstated by MS, when compared to other NOS'es.
Dave
Active Logic (Score:1)
I'm a bit rusty with logic, but this seems to be the fallacy of equivocation.
Re:The US Navy sure learned their lesson. (Score:1)
hmm...so does my NT box....what does our bragging prove? nothing, so why do we bother making these comments?
Re:People determine security not the OS. (Score:1)
Concepts of secure networks and computers span far beyond the graphic interface of a "wizard". An administrator has to be able to know what to do, and what might be ramifications of particular choices. It's about knowledge of systems security, not point and click.
Dave
Specific architectural security flaw (Score:1)
Microsoft.
'nuff said.
Re:Microsoft seems to have a strange idea of secur (Score:1)
Re:Microsoft seems to have a strange idea of secur (Score:1)
That said, this is my personal experience with Windows' granular security. I work graveyards at a national ISP in the network operations center. In the daytime my computer (running NT) is used by an admin. Of course a peon like me can't have full access to an admin's machine, so it has been locked down in my profile. As it stands, I can't use corporate mail because I can't log in to the exchange server. I can't install anything. I can't use AIM because I don't have access to my own buddy lists. I can't use ICQ because I can't install it. I can put files on my desktop but then I can't delete them unless I drop into a dos shell. Etc, etc, etc.
Perhaps this is all due to the incompetence of the admin. However, when I look at how easy permissions are to set up in Linux, I have to think that either NT permissions are crap or I am being actively sabotaged by the admin. The admin is a pretty nice guy, so...
silver
PS - The CEO made the decision to put NT in the NOC, not the admins. They all have Linux or BeOS as well.
Re:Gotta have faith (Score:2)
Strange, I am a U.S. citizen, and I've got medical insurance, most of which is paid by my employer. The small part I pay is paid before taxes. Around here, just about all employers provide access to cheap medical insurance. Given that unemployment is under 3%, nobody who is even half way competent at anything should think they have to work for an employer who doesn't.
and the chance at a good life in Canada.
And what makes you think it is that different than the US? Or that you wouldm't have a chance for a good life down here? As many Canadians as have moved down here to work under NAFTA, it makes me wonder where the 'good life' is. I've got nothing against Canada, but I am sick and tired of the whining about the lack of socialist medicine in the US. That is a good thing if you ask me.
In the US, however, fear accompanies sickness because of the bills that will follow the treatment.
I have the choice of four different health plans where I work. All of them cover just about everything. I'd rather pay a little in insurance premiums than a lot in taxes. I'm glad I don't have to deal with rationed health care and government control. I've actually heard a fair number of Canadians complaining that access to healthcare in Canada isn't what some people would have you believe. It is interesting too, that northern US health care centers like the Mayo Clinic (Rochester, MN) get a fair number of Canadians coming down because they would prefer to pay for their care than deal with the government, or because they don't like to wait.
Pretty sad if you ask me.
Its pretty sad you are so uninformed at how things really are down here.
Re:Fire in an igloo (Score:1)
Re:secure systems...sure! (Score:1)
Re:Fire in an igloo (Score:1)
Re:Finally they open their eyes (Score:2)
Microsoft Windows NT 4.0 SP3 was certified in March 1999 at assurance level E3 and functionality class F-C2 under the UK ITSEC scheme - see the UK ITSEC scheme site [itsec.gov.uk] for details. This is essentially C2 functionality, but with a higher assurance level (ITSEC E2/F-C2 is approximately TCSEC C2). I have not found any version of Linux certified under any scheme.
The UK ITSEC scheme is jointly managed by CESG and DTI, and is based in Cheltenham - which is also where you will find CESG and GCHQ. So we have NT passing ITSEC at the same level as conventional versions of Unix (i.e. the ones without MLS) under a scheme managed by CESG, and an expert from CESG reported as saying that Linux is more secure because the source is open to scrutiny. Note that the article does not say in what forum the remarks were made, so we are dependent on a journalist reporting accurately here.
There are various things you can take from this. One is that ITSEC E3/F-C2 (and also TCSEC C2) is not much of a hurdle to jump in terms of real security - Linux could probably jump that hurdle, but has not been put to the test. The second is that CESG has at least one person who is aware of the value of openness - but is reported as having the strange view that "Linux is as secure as you can make a computer," and also "Unix [on which Linux is based] is the paradigm that the computer is the network".
Linux as available today is certainly not as secure as a computer could be made. It could be made very secure, and the openness means that anyone can have a go at verifying and improving the security, but that is not the only option. I would expect SCO CMW+ (certified at E3/F-B1) to be more secure than the average Linux without the benefit of open source.
The important thing is for designers and implementers who really care about security, and who have enough experience to know what they are doing, to have real input into the process.
Re:Microsoft seems to have a strange idea of secur (Score:1)
Re:I can vouch for that... (Score:1)
That's not true at all. There have been several documented incidents of compromised NT servers. BO2k is just a small example.
Dave
Re:Sorry, but Troughton lacked credibility (Score:2)
It's sad, but I have to agree with that. I liked most of the article and don't mind the Alan Cox quote even though I can see why others would, but the above quote diminishes its value a lot as far as I'm concered.
--
Re:Security, damn lies, and Microsoft (Score:1)
Dave
Re:Um... (Score:1)
Linux along with the open source model for software development as the most secure computer architecture available.
I took it as saying that Linux AND the open source model. So isn't Open BSD open sourced. Although I know there are differences in the license. So Linux is what stands out most in the view of the public. I believe that Linux is a stepping stone to the others (*BSD). Linux is more user friendly IMO.
So I believe this is more of comparing open source to closed source. So you *BSD people don't get alarmed. The more exposure that Linux receives, the more exposure the *BSDs do to. In fact, I never heared of the *BSDs (besides the original) before I started using Linux. Now I recommend Open BSD for those that need a tight secure system.
Steven Rostedt
Re:Sorry, but Troughton lacked credibility (Score:1)
This alone was the flavor I couldn't shake while reading it. It made the whole commentary seem very shaded. I thought the Troughton was pouring on more of an "ad campain" than anything else.
Win2k is not yet shipping (Score:1)
MS is just trying to pretend they kept their promise to ship before the end of 1999, which they have not, because Win2k will not be shipping to customers before Feb 2000 at the earliest.
Re:I don't trust Windows because... (Score:1)
According to Ken himself (sorry, I've forgotten the link into dejanews), it never left USG/AT&T research... and that one started as a trojan, IIRC
--
Foolish laughter? :-P (Score:1)
Well, it is, actually, because a properly updated system will keep the script kiddies at bay. You see:
- Bad Hacker finds new security hole and takes advantage of it
- Good Hacker finds said hole, patches it and reports it
- Script Kiddies who only get their stuff from security sites won't be able to crack an updated system
or:Either way it's *almost* a win-win situation, except the Bad Hacker could do some damage, but then, he would do the same on, say Windows NT. The good thing is that damage is limited to the unlucky admin who got his system compromised. Everyone else laughs in joy, though.
It is the easiest thing in the worl for X employee to come along, not knowing totally about how to use it, and screw things up in a few minutes.
Not with Linux, where you have different accounts for each user. No one works as superuser (root) - this account is only for system administration. I think you are too used to playing around with Windows 9x, where this, indeed, is a potential problem.
Linux takes an intrusively longer period of time to secure and keep updated
That depends. If you have a server running, it should be dedicated, running as few other services as possible, at least in a Government situation. Since the box is running very few things, updating the single demon running won't be that hard.
In essence, the UK Govt should stick to NT or whatever else they run for now, learn how to use computers and above all, keep updated and learn how to patch.
The UK Govt should stick to a secure OS, like Linux or *BSD. The reason is simple: Security holes are found and patched quickly. If an NT security hole is uncovered, MS will take their sweet time to fix it, compromising your data.
You aren't laughing anymore, are you?
Oh, and Merry Christmas to you, even though you did pull out a last attempt at FUD tactics ;-)
Re:Um... (Score:1)
It's generally required to alter a default config, tho... and I would expect it, actually. Sure, OpenBSD is secure out of the box, but it may not fit user X as shipped... but it's generally accepted that "OpenBSD is more secure than Linux."
"Secure" is a rather subjective term amongst all OSs anyway... depends on who set it up, what other stuff they installed, etc... etc...
--
Re:Microsoft seems to have a strange idea of secur (Score:1)
with permission to run user manager and alter
privileges (and are in a permission to login)
then you can do whatever you like too. For
example you assign yourself the backup
privilege which allows you to access any file
on the disk.
contraction (Score:2)
"UK Gov't Experts Say Linux is Secure, Windows Not"
can be made shorter:
"UK Gov't Experts Say Linux is Secure, WindowsN'T"
That's what Windows NT means, isn't it?
Re:Gotta have faith (Score:2)
james
Finally they open their eyes (Score:2)
But thats just my $0.02
-----------------------------
"Its not illegal if you don't get caught."
Um... (Score:5)
Re:Gotta have faith (Score:2)
I'm what would be considered middle to lower middle class where I live. I am hardly part of the "top 10%". I was never 'priviliged'. My dad was a 40 year middle-level civil servant. I never had anything handed to me on a silver platter. I've got what I do because I have worked for it. I've worked since I was a teenager and I will probably be working until I am an old geezer. As for being young, I am in my mid 30s. Welfare should only be for those who have a legitimate medical reason they can't work. I've got no time for the lazy -- and nobody would have time for me if I was.
From what I've seen, the top 10% will be what they are, and bottom 10% are going to be SOL no matter what. At any rate, if the bottom 10% were doing so badly in the US, then I can't figure out why so many people from outside clamor to get in here.
What it comes down to is I am tired of hearing people from other countries who have socialist medicine telling us over here we need it. If we wanted it, we'd have it. We don't.
Perhaps I am callous, so be it.
CORE operating system flaws (Score:4)
When the string of bogus IP attacks against Windows came out two years ago (teardrop & kin) Linux was vulnerable to the first of them too... but the Linux patch was out within a day or two, whereas Windows was vulnerable for months. To boot, the Linux patch fixed all the similar TCP/IP stack problems, whereas Windows ended up being vulnerable to syndrop, newtear, and a sequence of nearly identical attacks.
Re:Finally they open their eyes (Score:2)
These security classifications are useless in real world situations. I am an IS manager in charge of a thousand computers in student labs at a college. What I want is a desktop computer that I can deploy that stops students from flock()ing with it which requires expensive tech time to rebuild.
Windows NT Workstation should have been the answer, but it wasn't. Everything is marketing and everything is never as good as Microsoft promises.
Some examples:
So please, stop the hype. Real people are trying to implement real world solutions using NT and actually want it to live up to the hype.
I'm tired of Microsoft hype. If I kept lying, exaggerating, and making excuses to my wife, she'd throw my ass out and trade me in for a better model. I guess IT people are just masochists or something... :(
Re:Microsoft seems to have a strange idea of secur (Score:2)
Period.
Yes, there is add-on software, but always an almost exact copy of the way Unix / X does it
Re:Gotta have faith (Score:2)
That's a blind statement, to say the least, about all Canadians envying the US government. Not only am I happy to be Canadian, but also happy to have paid health coverage, and the chance at a good life in Canada. In the US, however, fear accompanies sickness because of the bills that will follow the treatment. Pretty sad if you ask me.
I do wonder what it is you don't like about the UK government (I even wonder if you know where the UK is !
Isn't it that big mass of land across the ocean who has a Queen with a (now fixed) broken hip and who still has a major say in what Canada does? Yea, I think I know them.. they want that
I don't blame you though for saying these things, the stereotype of Canada is alive and well as we can all see.
Speaking of stereotypes, anyone know how to keep a fire going in an igloo without melting your home? Comments appreciated.
With heat issues,
Matthew
_____________________________________
View from a conspiracy theorist (Score:2)
Let's say, for the sake of argument, that the NSA made this announcement. The inevitable response?
"The NSA must have found some huge security flaws in Linux! They're trying to get us to run it so they can packet-sniff our diffs! Then they can have the newest kernel releases before the Slashdot effect bogs down kernel.org! Conspiracy! (Run BSD instead!)"
I'll quit while I'm ahead, now that I've pissed off just about every special-interest group here...
Microsoft seems to have a strange idea of security (Score:3)
Re:Oh, BTW (Score:2)
Eh? Now you are accusing me of spelling flames? Frankly, I could care less. My spelling is bad, and I don't really care.
At any rate, when I start posting in Swedish on a site hosted in Sweden, then maybe you have a point.
MS didn't even contest that Linux was more secure. (Score:2)
Microsoft only stated that Windows 2000 is the most secure operating system Microsoft has ever shipped. No claims about being the most secure OS; just that W2K is the most secure Microsoft OS.
Gotta love that spin...
Re:Gotta have faith (Score:2)
That doesn't seem to support your point though. If people were clamoring to get into Canada and Europe and not the US, then you'd have a point that socialized medicine was preferred by recent immigrants, but that doesn't appear to be the case.
Strawman alert. No one said welfare was for the lazy. It is you who assumed people in trouble are lazy.
People in trouble? Oh please. I live in a marginal neighborhood. I see all the 'people in trouble'. I'm sorry, but I have trouble feeling sorry for people who spend their welfare checks on lottery tickets, cigarettes, booze, drugs and junk food while their children live in filth and squalor. Welfare, at least the way it is implemented here just doesn't work.
That's because we western nations fuck their countries every day, for instance by keeping them permanently in debt,
The US gives all sorts of foreign aid to other countries, both by the government (generally of course that has political strings attached) but also from charities. I've got nothing against charities, if people give willingly, that is their business. I don't like some of the charities' methodology of course (sob stories and guilt trips). As for keeping foreign countries in debt, I would prefer that we cut off governmental foreign aid to the third world. Unfortunately, we can't really control what the big corporations do overseas, and they are probably worse than anything that governments do.
and paying them peanuts to dump our trash there.
And what examples can you give of the US dumping trash in foreign countries? I've heard of european countries sending huge barges of trash to third world countries, but I have yet to hear of the US doing that. Frankly, it is probably because of the fact that shipping costs would make it unattractive more than anything else, but I don't see how you are going to make me feel guilty over that one.
Please read my previous post, and the one you answered before. You said you thought your way was better, we said we though our way was better. We didn't try to force you to do anything.
I just reread the original Canadian fellow's post. It appears that you are wrong. He was the one who was critical of the US's non-socialized health care system. I said I was happy with the way things are here.
I'm afraid I don't know what SOL means. "Stupid or lazy"?
That is actually kinda funny. It really stands for 'shit out of luck', however. What I meant by that is no matter what, the bottom 10% will always be the bottom 10%. The fact that most of them are either stupid or lazy or both is of course a contributory factor. Unfortunately, what is really the problem is the fact that most of them are uneducated, and the system encourages them to be dependant rather than forcing them to make an effort. At any rate, you can come to where I live and watch the bottom 10% with sattelite dishes wired to multiple TV's in dumpy old 14x70 mobile homes. They of course are the ones wearing $40 Tommy Hilfiger shirts, 14 karat gold chains around their necks, toting a cell phone and a beeper and driving a car up to the mini-mart to buy a 40 oz of Olde English 800. Now what was it about the bottom 10% in the US having it so bad? Oh -- and get this -- they do get free health care. It's called Title XXI, medicaid or other welfare programs. That and the country hospital system. Sure, they aren't quite as good as the private hospitals, but they are free for the people who qualify.
Oh good, we agree on something! Now you can call me a naive, bleeding heart communist and then we are even.
I'll leave the name calling to you, thanks.
Re:Gotta have faith (Score:2)
Not really. I don't have to deal with any of that system because there is a private system for most people. The point is that you can have a 'safety net' type welfare system without having to socialize the whole health care system as some politicians here have been trying to do. The good thing for me is I can choose which doctor I go to, which hospital I go to and I don't have to deal with government waiting lists like I hear about in some places that have socialized health care.
Even if people in your area have it so well,
I don't live in a particularly prosperous part of the country. The area I live in is notable mostly for its averageness. Things aren't really that much different anywhere else in the US for that matter.
I doubt you have seen how all people in the US have it.
No more than you can say you've seen how all people in Sweden have it. That being said, I have traveled around the US enough (I've been in at least 17 of the 50 states within the past year) to feel comfortable saying that I have a fair knowledge of what is going on around the country. I've visited Europe as well, but I wouldn't say I know it with the level of detail that I do the US. I get bombarded with news from around the country, but generally only major news items from outside the country make the news here. I suspect (and having perused the news coverage when I was in Europe it seems to hold true) that the same things hold true in reverse.
For instance, isn't something like 10% of young black men in jail? Don't they count?
You'll be happy to know that prisoners get free health care. And of course they don't count, felons can't vote. As for the number of minorities in jail it is largely because those people choose a lifestyle (gangs, drugs) that leads to incarceration. I know many black people who are hardworking decent people that don't choose to buy into the 'gangsta' lifestyle. It is a choice, it is not something that is forced on them. It is kind of ironic that you bring up problems of racial diversity when you don't have to deal with that issue nearly as much in most European countries.
Also I believe the US rates quite low if you compare global numbers on literacy, vote participation, crime rates, infant mortality rates, pollution, number of psychopaths per capita, teen pregnancy, etc etc.
Some of those things may be true, but yet people still bang on the doors to get in here? Why is that? I don't think you've given me much evidence that in things that those people care about that the bottom 10% seem to think that they are treated that badly in the US. Until you've been here and seen how the bottom 10% really live, you are just operating on hearsay evidence.
Ok, then I guess I'll just have to leave the high horses and snide innuendos to you...
Whatever. Like you have a lot of room to talk there either. I never claimed to be a nice person, did I?
Re:View from a conspiracy theorist (Score:2)
1. would be wearing tinfoil berets
2. would promptly go back to complaining about the swarms of black helicopters
or
3. work for Microsoft Covert Marketing.
Believing in #3 is not crazy!
Re:Microsoft seems to have a strange idea of secur (Score:2)
The final paragraph is worth the ticket price (Score:3)
Well, let's see. DOS had no security. It assumed that if you could find the power switch and the keyboard, the data was yours. From there the only way to get less security would be to actively broadcast private data.
I don't doubt that it is more secure that any of their prior OSs. My house is more secure with the doors closed (but unlocked) than with them open. Then it is safe from children too small to turn the doorknob. That doesn't make it secure on an absolute scale. And maybe in all the hype over the holidays I missed the announcement. When did Windows 2000 ship?
I applaud Microsoft for doing a right thing here. Internal review is important.
What was the total uptime on that site?
This would seem to imply that all of the code in which they knew there where security flaws has been rewritten from scratch using new development processes. I doubt that. If not, then we have the old flawed code developed under the old flawed process.
My point here is not that any particular criticism proves that Windows 2000 is insecure. Rather, my assertions that it isn't are as meaningful as those assertions that it is. Neither this spokeswoman nor I have offered any proof. If you want proof of the security of free software, read the source, or better still pay a team of security experts to read the source.
Sickness (Score:2)
Watch them get tore up and watch them start to bleed from all this script kiddies doing
while (1)
do
ping $linuxbox
ping $openbsdbox
done
It might be fun to throw a couple of Windows 95/98 boxes and maybe an NT box so that the crackers could get the "smell of blood" into there brains. : ) give them a little taste of blood to get them a little crazy before they are turned loose on the Linux and openBSD boxes...
Nobody has pointed this out yet... (Score:2)
Re:Finally they open their eyes (Score:2)
Re:Nicely Put (Score:4)
How could you possibly drink a closed-source beverage! You can't trust that they haven't put insecure flavoring in it!
I don't trust Windows because... (Score:2)
Microsoft could have put all sorts of nasties in their code for all we know. The ones they've been caught at have been bad enough. We don't know, for instance, that Bill Gates COULDN'T shut down every Windows box in the DOJ if they piss him off badly enough. Hell, if I owned the huge chunk of the desktop market that he does and didn't have to worry about people looking at my source, I'd think like that.
Security, damn lies, and Microsoft (Score:2)
Second, NT *might* be C2 secure if set up properly, and not hooked up to a network. Otherwise, all bets are off.
In closing, Windows is horribly insecure and badly designed. A secure NT machine is probably running in VMWare under Linux, with all patches installed for both OSes, not connected to the network, in a locked box, and under 1,000 feet of water. A machine is only as secure as it is configured to be...
---
pb Reply or e-mail rather than vaguely moderate [152.7.41.11].
Re:Microsoft seems to have a strange idea of secur (Score:2)
single key secret (the root password) is known to someone penetrating the system, the entire resources
of the system is at that individual's disposal. On a Unix system once a hacker has the command prompt,
there isn't a thing s/he can't do. There isn't a single additional layer of security. There's no granularity at
all. This isn't necessarily a good thing.
What if I know the "Administrative" password to an NT domain, and I have physical access to a machine on that domain...same deal, you're toast.
Claiming Windows is more secure (which you didn't, I'm making a point) because it lacks functionality is like saying a Yugo is harder to steal than a Corvette, because when stolen the theif can elude the police better with the Vette.
There's add-ons to each OS, from S-Key to SecurID, to provide that additional layer of security. Personally I'd rather use a UNIX as a framework for this...
Re: (Score:2)
Linux secure. (Score:2)
Now lets contrast that with the closed source model of security. No one (in the public) has the source, so it will taker a more skilled cracker to find exploitable bugs. What this translates to is the cracker who finds holes in the system will be more dedicated than the open source cracker. Dedication means that they are less likely to share their new found secret, and the hole is less likely to be patched.
If you don't like the sociological argument, how about the mathmatical one? Assume you have equal numbers of people looking for security holes on a closed source system and an open source system. Since its easier to audit a system that you have the code to (and almost impossible to audit one you don't), even if one cracker doesn't publish a found bug, another will most likely run across it. So you will have more found bugs, but also a higher reported bug/found bug ratio.
--
Source is the key. (Score:2)
When lives of soldiers are at stake it is imperitive to be 100% sure.
I think a BSD based system is the best bet for any government. They have the source and are not obligated to share any enhancements they make to the OS.
Re:CORE operating system flaws (Score:2)
See, the problem isn't JUST that Microsoft is slow to fix problems like that (they are), but that in all too many instances, the "fixes" are totally half-assed - they don't actually fix the root problem, they just band-aid it. If Microsoft would learn to fix their bugs the RIGHT way, i.e. to fix the CAUSE of the problem, not the symptom, and be more prompt with their fixes, that'd give their customers one less complaint. (Okay, this particular complaint is just a proverbial drop in the bucket...)
The granularity is there... (Score:2)
I'm referring in particular to capabilities support (in the latest kernels) and ACL support (in beta testing on top of ext2; I hope it gets into the final ext3!)
Look at the past. Linux (and every OS out there, but that's beside the point) has its security undermined fairly regularly by buffer overflows, etc. discovered in various daemons and suid programs. Rough estimate, it seems like there's a remote root exploit every year or two, and more than one local root exploit each year.
Yes, the patches come within hours or days of the exploits, and yes, anyone who can type "rpm -F" can keep their system up to date with those patches. But there's still that window of vulnerability out there, and there's still the (millions of?) Linux systems out there without root users experienced enough to stay up to date with security patches.
Security will hopefully be much improved in the future will be the use of capabilities in priviledged Linux programs and ACLs in Linux distributions to drop all unrequired permissions. Right now, if a program just needs to open a trusted (http://www.millenniumproductsllc.com/sjp/ [millennium...ctsllc.com]
The granularity is there...[fix] (Score:3)
I'm referring in particular to capabilities support (in the latest kernels) and ACL support (in beta testing on top of ext2; I hope it gets into the final ext3!)
Look at the past. Linux (and every OS out there, but that's beside the point) has its security undermined fairly regularly by buffer overflows, etc. discovered in various daemons and suid programs. Rough estimate, it seems like there's a remote root exploit every year or two, and more than one local root exploit each year.
Yes, the patches come within hours or days of the exploits, and yes, anyone who can type "rpm -F" can keep their system up to date with those patches. But there's still that window of vulnerability out there, and there's still the (millions of?) Linux systems out there without root users experienced enough to stay up to date with security patches.
Security will hopefully be much improved in the future will be the use of capabilities in priviledged Linux programs and ACLs in Linux distributions to drop all unrequired permissions. Right now, if a program just needs to open a trusted (< 1024) TCP port, or read files with strict permissions, or have raw access to video hardware... then that program gets run as root, with the full array of root permissions.
And then if that program has a security flaw, then anyone in a position to exploit it has root.
With capabilities, a program (or a wrapper program) can be run as root, but can permanently or temporarily drop selected root capabilities. In other words, if a capabilities-aware suid root program just needs to listen at a low port, but it can be tricked by the user into opening arbitrary files... well, then it still won't be able to spit out
Well, that was a mangled description, but you get the idea. There are links to discussions of the subject by people who know what they're talking about at http://www.millenniumproductsllc.com/sjp/ [millennium...ctsllc.com]
Re:Microsoft seems to have a strange idea of secur (Score:3)
FUD! FUD FUD FUD!
You can very easily lock down a Windows system so that different users can do different things. In fact, access control can be given at incredibly high granularity to:
Mailslots
Named and anonymous pipes
Processes and threads
File-mapping objects
Access tokens
Window-management objects (window stations and desktops)
Registry keys
Local or remote Windows NT services
Local or remote printers
Windows NT network shares
Interprocess synchronization objects (semaphores, events, mutexes, and waitable timers)
Job objects
Each object defines specific and generic access rights. Hmmm... looks like Windows is a lot more secure than you claim.
Also, telnet server and Windows Terminal Server allow you to execute as much code as you care to remotely. WTS is also (in my experience) usually *faster* than an equivalent X-windows session over a 28.8k modem. You probably wouldn't want to run Photoshop on it - but Visual C++ 6.0 runs quite happily on it.
In future, try doing some research before happily spreading the FUD.
Simon
New project, anyone? (Score:2)
Doing a distribution isn't probably my cup of tea, but I suppose it could be an interesting project to work on. Or, am I mistaken, and is there already such a project?
Re:Security, damn lies, and Microsoft (Score:2)
Oh yes they have shipped it - it shipped last Wednesday, IIRC. It's already available for download from the MSDN Subscriber site, and is currently being pressed onto CD.
I believe this was covered on Slashdot.
Simon
It shipped Wednesday last week actually (Score:2)
Windows 2000 Goes Gold [slashdot.org]
Re:Microsoft seems to have a strange idea of secur (Score:2)