Windows bashing was: Re: Voxin was: Re: Switching to Linux

Littlefield, Tyler tyler at tysdomain.com
Sat May 11 09:00:25 EDT 2013


I think there is a good point here, though there is something else to 
point out.
First, I've done a lot of systems security an ddeploymet--it's always 
Linux with lamp/lemp/etc. That's not really totally relevant to the 
point you make though, but I do have some security experience so I'm not 
totally clueless for my next point. You mention a lot of sloppy php/c 
code, which is due to a ton of factors.
  a lot of programmers are jumping out of school with hardly any 
experience and flinging code together. A lot of the security holes you 
are talking about are mysql injection which is the biggest one and comes 
from people being totally uneducated as to security implications. PHP is 
trying to solve this issue, but as with any language it's backward 
compatible as far as it's API for specific things, so there is a lot of 
old code out there, which is still being used. Theres not all that much 
that can be done about that honestly, it's just something that has to 
fade out.


I think bad c++ code exists as well, but there's a different issue at 
hand here. Where as high level scripts provide a way for someone to 
quickly throw something together, c/c++ is rarely used by people that 
don't know what they're doing. This is more of a claim that can't be 
set, but I think it has a lower usage pattern of people that just want 
to quickly hack something together. Again though, this goes back to 
people jumping out of school; my old c++ professor used to love to make 
up her own random terms and had totally screwed up ideas about how to 
program and she passed a lot of this on. I forsee a rather rude 
awakening to the people that only use Mallik's book and her advice when 
they actually get a job that requires c++.
On 5/11/2013 2:13 AM, Tony Baechler wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> I got my dad switched to Ubuntu quite a while ago and he was happy enough
> with it as a desktop at home.  He can't use it at the office because he
> still has Windows apps which don't run in Linux.  I tried to convince him
> to set up a Windows virtual machine but he wasn't interested.  He pretty
> much gave up on running Ubuntu now for whatever reason, but he didn't have
> a problem adjusting.  He liked it better than Debian.
>
> Yes, Norton Internet Security is still around.  I put it on my brother's
> notebook because I didn't know what else to suggest and it worked as well
> as any other antivirus solution in the past.  It's totally inaccessible
> and I told him not to bother to renew.  AVG is now pretty much dead and it
> was the antivirus which totally made my machine come to a complete stop at
> 8 AM daily.  OK, it turned out that it's a scheduling "feature" which is
> part of AVG, but I couldn't turn it off.  I could change when it ran, but
> no matter what, it was going to do a full virus scan every day whether I
> liked it or not.  So much for me controlling the machine, but that's
> typical Windows behavior.
>
> I have to agree with Kyle that I never had good luck with registry
> cleaners.  I actually had to boot into Linux a couple of times to fix my
> Windows registry.  I didn't try every registry cleaner out there, but I
> tried a few.  I used to specialize in Windows utilities and I was fairly
> aware of what's out there.  Now, I just use XP for basic tasks like
> Firefox and email and that's about it.
>
> I say you're a bigshot programmer because you seem to think you know best
> how to administer an operating system.  I've seen this kind of attitude
> from other programmers in the past, but from you more than most.  You
> write some long program in php when a one or two line shell script works
> just as well.  System admins still get paid more than programmers for a
> reason.  As a note from a security point of view, php code almost always
> has tons of security problems.  It's amazing how many problems constantly
> crop up in php apps, including WordPress and Drupal contributed modules.
> There is a lot of sloppy C code out there as well, but it seems to be a
> disease with php.  I'm not bashing you or the language as I run WordPress
> for my podcast and I'm not really a programmer at all, I'm just pointing
> out observations.
>
> On 5/10/2013 7:11 AM, Littlefield, Tyler wrote:
>> Hello: I understand that it's not always people that view porn.
>> Basically though, you know what to do to disable attachments and you
>> don't click on random weird links. usually that's enough to save you
>> the trouble. End-users on say, facebook usually aren't as lucky. My
>> grandma clicks everything that looks like a link and usually has a
>> virus. The difference is mainly that you know what you're doing and she
>> doesn't. Also, I recognize that it's not just porn browsers, I guess
>> that was more of a genearlization. There are sites like Sendspace that
>> do give popups, but usually the flood of popups (porn or otherwise)
>> appears with viruses and it doesn't really matter what site you're on.
>>
>> I do know Norton sucked, but that's far from the only solution now if
>> they're still even around. I don't remember seeing Norton on a system
>> for a long time, regardless. Usually I replace it with something like
>> AVG that doesn't store resources.
>>
>> Either way, I'm not sure where the bigshot programmer that knows php
>> came in. That obviously is one of the languages I use since I use it on
>> my site, but it's not even relevant. I just thought I'd reply to the
>> windows bashing since it's done by a guy I've seen make totally
>> ludacris hardware suggestions and shove arch at people that probably
>> shouldn't use it. On another note, while I love Linux as a server and I
>> use it all the time on my desktop, I'm not really sure that it should
>> be used for end-users who just want a desktop. I guess it does offer
>> him job security, though. On 5/10/2013 7:19 AM, Tony Baechler wrote:
>> OK, we're getting way off topic here, so this will be my only response
>> on this thread.  My comments are below.
>>
>> On 5/9/2013 5:54 PM, Littlefield, Tyler wrote:
>>>>> First, the fact that Windows gets viruses is a user issue, not a
>>>>> Windows vs Linux issue. with UAC it's a lot harder and if the
>>>>> user runs as something besides admin it's even harder still.
>>>>> Those "pesky popups" come up because well, your pesky users are
>>>>> actually viewing porn with a horrible browser.
>> That's somewhat true, but not totally.  First, I don't have a virus
>> scanner or firewall running here.  GASP!  Yep, I ran Windows 98 and XP
>> with no virus scanner, malware remover or firewall.  You know, I've
>> never had an active virus on my system.  The last time I had a real and
>> true virus was after I got a new install of Win98 and the computer shop
>> who built it installed a virus for me.  It was a rogue process running
>> a backdoor ftp server and calling itself notepad.  I couldn't figure
>> out why I always had notepad running in the background.  Once I got
>> that cleaned up, oh, about 10 or mor years ago, I've not had a virus
>> since.  However, with OE in particular, it opens email attachments
>> without the knowledge of the user, so it's next to impossible to
>> prevent getting a virus at some point.  Thunderbird is better, but you
>> still have to turn off the message preview by hand.  Eudora would
>> automatically save and open attachments unless you turned it off.
>>
>> What's not totally true is your comment about people who view porn and
>> get pop-ups.  Well, first of all, I don't view it.  I have no
>> interest. Second, I'm totally blind so there would be no point.  I
>> still get pop-up ads all the time in IE since it has no blocker, but I
>> hear that IE 7 is better about this.  I also get them with Firefox 19,
>> but not often. Sendspace is the really bad one and the Firefox blocker
>> doesn't seem to block it.  Another one is sfsite.com.  As you say, it's
>> not a Windows vs. Linux issue.
>>
>>>>> There are alternative solutions such as Firefox and Chrome which
>>>>> are much better  suited to acting as a browser.
>> See above.  I only use Firefox here.  Does Chrome work with Orca
>> nowadays? Yes, I know Google built their own Chrome screen reader, but
>> I wasn't impressed with it.  Also, sometimes people have good reasons
>> to use IE, like stupid government sites requiring it.  I know the DMV
>> is one.  Some banks still require IE as well.  Some content can't be
>> viewed with other browsers.
>>>>> I'm not sure what you mean by "manually finding keys that don't
>>>>> belong there." If you were worth your weight in whatever people
>>>>> were paying you for this random manual registry key removal, you
>>>>> would've used a registry cleaner like CCleaner and been done with
>>>>> it. As to anti virus solutions, I routinely install them for
>>>>> people and they still have the resources to spare, funny enough.
>>>>> Perhaps you should've done more research there as well.
>> Yeah, that's pretty funny.  When I ran a virus scanner here at one
>> time, also many years ago, it took so many resources that it was hard
>> to get anything else done.  Literally, my machine came to a complete
>> stop every morning at 8 AM for five minutes.  Norton managed to lock up
>> the system completely after it was installed and doing its routine
>> virus check. Don't get me started on Zonealarm and spyware removers.
>> While I agree with you about a registry cleaner, that doesn't remove
>> everything.  After Mcafee was completely uninstalled because it was a
>> trial and we weren't going to buy it, the registry had a lot of keys
>> left which I manually had to find and delete.  That only took me about
>> 30 minutes or so.
>>
>> You think you're a big shot programmer because you know php or
>> something, but it's amazing to me how many programmers don't seem to
>> know the basics of system administration, regardless of the OS.  I
>> guess that's what keeps security professionals employed full-time.
>> Just to be fair, I don't totally agree with Kyle either and I think he
>> makes too many general assumptions based on his own preferences which
>> are not always true.  Not everyone runs Arch, for example.  His prices
>> to build a computer are unrealistic.
>>> _______________________________________________ Speakup mailing list
>>> Speakup at linux-speakup.org
>>> http://linux-speakup.org/cgi-bin/mailman/listinfo/speakup
>>
> - -- 
> Have a good day,
> Tony Baechler
> tony at baechler.net
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.11 (MingW32)
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQIcBAEBCAAGBQJRjf2cAAoJEPrAuJWnLe0ynVwP/3mtSUKvLZ48IwAGxJ/X6oJZ
> i/M99oGSfYW907fOs/HQslLELRLQOQH9MVFgLPNPl2LBS314tyYP9BOJ8upWgdPD
> JVkctRjcY0oXbIi50WLWUMSfLwkXwHfYEF3EEVT0Am7TiKPutVqmaRnOMHruDqpA
> vjzjdRoG5Uw55LVpwKhR5DLXAyeyyABO23c0Y+vnfqx+11yv8SvkLE8gnNX3df9D
> k7Hnd3Z4/Sp9HiH5/wzvdKo/WGQhks0NNZIiBTAT7lVV0dFJQOt7CS/t7s4qrKZX
> 1Fc7RmoRXE+VCUQKvTTqapDWW4FGcmuTkoY3nsYcPHAikalYjaRqDCWlDExrSMJ3
> +OoQaqIstTJ20Ihdkx7pS5LsQvhdg3Vay04IIz6cvymhUR7+GfYG5nHHpX4l8rR9
> DegtYiA45ft7dDuZteQw6lDmRvPBQfjdFZFTxf3QftrjpSRZnfKFsH0Jcs2O/mvh
> BmuXnKaVX9DjrBuvGhQrpEyIWLHRudrpTUGK15mmbPZMqOEq6llvuXfTBVXDx1T5
> 6yVywkfLaHwEuTBjKpC7MEOXb5WfZhlJc4ly6+9OfU+16PBgWKC7rFDEdnAUPukN
> lMUqZZ1IFhWU+Im/C0XCNOD6Rwou0XlfYHe5NEG0mjWukYQh4CISebSiNLxZn8JY
> KTn8dTIT3axJkbGO9vdT
> =F60r
> -----END PGP SIGNATURE-----
> _______________________________________________
> Speakup mailing list
> Speakup at linux-speakup.org
> http://linux-speakup.org/cgi-bin/mailman/listinfo/speakup


-- 
Take care,
Ty
http://tds-solutions.net
He that will not reason is a bigot; he that cannot reason is a fool; he that dares not reason is a slave.
Sent from my Toaster (tm).



More information about the Speakup mailing list