OpinionYay for the promised land!
      – BorgClown, 2008-09-03 at 19:32:04   (37 comments)

On 2008-09-03 at 19:33:32, BorgClown wrote...
How fitting to use my new pimped up avatar here. Is this still a closed site or can we invite more people?
On 2008-09-03 at 19:34:15, Lee J Haywood wrote...
Didn't you read your e-mail? I invited everyone I could find an e-mail adress for - I listed all their names at the top.
On 2008-09-03 at 19:35:06, Lee J Haywood wrote...
Whoops, the # prompt appears on non-users pages - reload to hide it for now.
On 2008-09-03 at 19:38:20, BorgClown wrote...
Right. At first I thought you had selected them from the testers. OK, time think a serious opinion...
On 2008-09-03 at 19:39:20, Lee J Haywood wrote...
I predict many people using the wrong topic types. Like this one ought to be a Discussionator topic really, but I cannot hope to enforce any such things so won't be trying.
On 2008-09-03 at 20:20:41, Korinthian wrote...
Looking good, Lee! Thanks for the invite.
On 2008-10-07 at 16:55:52, BorgClown wrote...
Today I read that a few SBers gratuitously blame on me the auth resetting of SB. I wonder if they need a justification, whatever it is, to stay there. Mmmh, I guess that means more manna for us!
On 2008-10-07 at 16:56:54, BorgClown wrote...
Say, it would be fun if I say I did it and feign repentance...
On 2008-10-07 at 16:58:27, BorgClown wrote...
Nah, they'll complain about the fonts or color or whatnot.
On 2008-10-08 at 09:57:34, Lee J Haywood wrote...
It's not like it's important who did it - anyone can have any number they like, and it's the site's programmer(s) that are at fault. Once everyone got wiped, I put myself at the top and - unbelievably - I'm still there. I think the problem now is that summer is over and that site has nothing much going on, so there's little incentive for people to come over here either. Perhaps things will pick up again next year...
On 2008-10-08 at 19:00:55, BorgClown wrote...
I'm fine with the slowness because I don't chat as much as i used to. What I found irking is that I was cited as another reason the hardcore SB folks use to justify themselves for staying at a ghost site like SB. I mean, anyone can stay there if you want, there's no need to justify your decision. The vandalizing, the comic sans font, the colors, the requisite for Firefox, the difference of use, etc., all that sounds more like excuses than objective motives for perpetuating an illogical posture.
On 2008-10-08 at 21:32:30, Lee J Haywood wrote...
Most of those complaints are annoying. I think the main issue is that people don't like the scrollable areas, even though (if all goes well) you still only have one scrollbar, and it's more accessible than one for the whole page. Admittedly it's more of an issue for everyone with a lower screen resolution than me, however. The font is actually cursive, but I suppose MS Windows makes it something different to Linux - it's surprising that anyone would care enough to mention it. I'd have made MS Internet Explorer work if I'd had access to it from the beginning (I'd just installed Xubuntu and Wine wouldn't run it early on), but at the moment there are too many issues and it's fundamentally broken. My attitude has always been that people shouldn't use MS Internet Explorer to access the Internet - it's just plain stupid to do so.
On 2008-10-09 at 01:58:13, BorgClown wrote...
Aye, when a government agency tells you not>/> to use it, it must be seriously broken. ActiveX controls do not belong in a browser.
On 2008-10-09 at 01:58:30, BorgClown wrote...
Stupid tags =)
On 2008-10-09 at 02:11:25, BorgClown wrote...
Have you tried IESForLinux? Uses wine to install several isolated versions of MSIE. Works quite out of the box.
On 2008-10-09 at 10:12:37, Lee J Haywood wrote...
Yes, that's what I was talking about - I was saying that it wouldn't work earlier, due to problems with Wine. I see you're familiar with the Homeland Security recommendation too... I thought I was the only one. (-: http://www.kb.cert.org/vuls/id/713878#alt_browser
On 2008-10-09 at 20:02:16, BorgClown wrote...
I wasn't familiar with the full recommendation, just the bit about not using MSIE. Which is a big bit, since it's what 7 out of 10 people use.
On 2008-10-09 at 20:51:59, Lee J Haywood wrote...
I still remember when they had over 100 critical security vulnerabilities in less than a year. Microsoft don't bother with security any more than any other commercial organisation which keeps its code closed (not counting all of the consultants with access to it). For them, security is always an afterthought, and connecting any software to the Internet is a guaranteed way to expose your security flaws to the whole world. I also remember reading that, once connected, MS Windows gets hacked faster than the latest security updates can be downloaded. And so on...
On 2008-10-09 at 21:41:41, BorgClown wrote...
Aye, around the time of that study (Windows XP got infected in 15 minutes) there were malicious packets aimed at the file sharing and remote procedure services every few minutes. Downloading and installing SP1 took a couple of hours. Much before that one of my machines (RedHat) got infected with the RedCode worm because of a bug in the mail service, IIRC. So *nix is not safe per se. But security is more proactive on Linux, and I really dig having apparmor and random allocation on the default Ubuntu install. I wish TripWire is enabled soon.
On 2008-10-09 at 21:42:28, BorgClown wrote...
Or is it "I wish TripWire was enabled soon."?
On 2008-10-09 at 22:56:32, Lee J Haywood wrote...
Except that with Linux you typically have a firewall protecting the services on your machine. Linux is generally secure by default, and doesn't have so many services running that users don't need in the first place. On the downside, the distributions keep becoming more and more like MS Windows as time passes - and less Unix-like.
On 2008-10-09 at 23:06:14, BorgClown wrote...
Why is Linux becoming more like Windows a bad thing? Are you talking about the GUI or the OS?
On 2008-10-10 at 10:26:58, Lee J Haywood wrote...
Some things are perfectly acceptable to make like MS Windows, others less so. Having an X in the top-right corner of a window to close it is reasonable. Having every god-damned device auto-mount without my consent is not. (-:
On 2008-10-10 at 18:43:54, BorgClown wrote...
If I were you, I wouldn't use god-damned devices... Your condemning your soul to burn in the eternal firewire.
On 2008-12-16 at 12:33:55, Lee J Haywood wrote...
It's nice to see that some recommendations never die! http://news.bbc.co.uk/go/rss/-/1/hi/technology/7784908.stm
On 2008-12-16 at 12:55:06, George wrote...
@Lee J Haywood: Can "the vast majority of the world's computer users" all be wrong?... Somehow, yes!
On 2008-12-16 at 13:12:09, Lee J Haywood wrote...
You'd have to be mad to connect any of Microsoft's products to the Internet, never mind their web browser. It's (mostly) fine for product updates, for which I guess it's no longer needed, but their closed-source attitude to security and legacy flaws make the entire OS laughable for network-connected security. Their e-mail software is no better, and the idea that a virus scanner protects you from fundamental flaws in the OS is a brilliant piece of marketing.
On 2008-12-16 at 14:12:33, Lee J Haywood wrote...
You may as well ask, can the vast majority of the world's religious people all be wrong?
On 2008-12-16 at 18:33:56, BorgClown wrote...
Poor Opera, nobody exploits it.
On 2008-12-16 at 18:42:26, Lee J Haywood wrote...
Poor Linux, no-one can exploit it.
On 2008-12-16 at 20:33:54, BorgClown wrote...
The malware is short-lived, but it's trying to catch up. I had one of my machines running RedHat rooted through an apache vulnerability several years ago. http://en.wikipedia.org/wiki/List_of_Linux_computer_viruses
On 2008-12-16 at 20:35:13, BorgClown wrote...
It was on dial-up, so it wasn't up-to-date. Today is easier to keep them updated.
On 2008-12-16 at 23:29:49, Lee J Haywood wrote...
Well I do just write my own web servers from scratch, so I've never had any ports open to vulnerable applications - which is a big part of why Linux is generally secure by default. Getting a root kit is a big issue on any OS, but it is difficult to imagine viruses spreading as easily as with MS Windows where virtually everyone has to be logged on as an administrator for much of the time.
On 2008-12-17 at 18:29:49, BorgClown wrote...
@Lee J Haywood: What makes you so certain that your apps are not vulnerable? You would be safe from popular malware because your servers are one of a kind, but you could have vulnerabilities long-before worked out by the communities of popular servers. Even so, mine was a cute rooting: Apache got compromised, but I also had a kernel vulnerable to a remote stack overflow bug, which was not exploited. My mistake was updating that machine only once a week, because it was using dial-up.
On 2008-12-17 at 18:35:04, Lee J Haywood wrote...
My web servers don't have vulnerabilities because they're neither bloated with features nor dependent on external code. Any vulnerabilities that you could find are mitigated by strict checking (which actually limits functionality so much that no-one but me would use the code), the closed nature of the code and the fact that almost no-one knows how to get to the server or an index of its pages in the first place. The main way someone would get to me is by exploiting a bug in Firefox and then using a kernel bug to escalate privileges. This may have already happened, but whenever I wipe my OS to install another distribution I compile my binaries from scratch and in theory lose any malware that's installed.
On 2008-12-17 at 18:47:21, BorgClown wrote...
Minimal servers are surprisingly robust, I take it. Some dude posted on Slashdot an article about how he made a web server for a ridiculously limited embedded computer. It withstood the Slashdot effect surprisingly well because it served a small static web page and didn't queue connections.
On 2008-12-17 at 19:36:45, Lee J Haywood wrote...
If you run a web server on port 80 it gets hammered with exploit requests - they're either scripts or big binary strings that are obviously intended to cause a buffer overflow. I have my server speak for each request, and even when not running on port 80 I still get several requests a day. I've been overly cautious from the beginning though, e.g. not decoding percent-encoded URLs. IIS used to have the flaw that it excluded /../ from the path to limit URLs to a subtree, but they put the check before the decoding so simply using %2E was enough to bypass the check.