IWETHEY v. 0.3.0 | TODO
1,095 registered users | 0 active users | 0 LpH | Statistics
Login | Create New User
IWETHEY Banner

Welcome to IWETHEY!

New Oh c'mon
Even Windows 95 is "secure" in the sense that you can't really penetrate it until/unless you have other stuff installed that allows for penetration. All the secure crap in the world doesn't help if you install SQLServer or IIS with defaults, or open a Email attachmennt.
Who knows how empty the sky is
In the place of a fallen tower.
Who knows how quiet it is in the home
Where a son has not returned.

-- Anna Akhmatova (1889-1966)
New That's a strawman argument
MySQL can be insecure, as can Oracle, or Postgres, or DB/2...

IIS is pretty darn secure, if only you can be arsed to configure it properly. The precise same argument holds for Apache, too.

Security is *not* a product. It's a process. Until you get that through your head, pain and torment awaits and any and all systems you implement with whatever OS will be compromised, again and again.

And if you're seriously equating running SQL Server or IIS with "opening an email attachment" then I must question the basis on which you make such a statement.

My point was that Windows 2000 is a secure operating system but the applications group at MS seem hell bent on testing that to the limit.

And what alternative do YOU bring to the table? Business wants secure computing - and that means more than strong passwords.

So, waddya got?


Peter
Shill For Hire
[link|http://www.kuro5hin.org|There is no K5 Cabal]
New What is the process that Microsoft encourages?
It is to have untrained monkeys spin the CD and punch through mazes of menus. While arranging for a tollbooth at every possible location. And arranging to make the PHBs think this is the right and only way to run the world.

Yes, security is a process. So is extracting maximum profit from the masses. They are not compatible processes.

Which one has Microsoft consistently chosen?

Cheers,
Ben
New Thanks
I've never been called an untrained monkey before.

If that's what you think it takes to administrate Windows 2000...

Well. Let's just say it won't be possible for us to have a sensible conversation on the subject.


Peter
Shill For Hire
[link|http://www.kuro5hin.org|There is no K5 Cabal]
New Not to mention Inthane, who's paid to do it.
Two for the price of one, Ben.

Actually, I know what you mean. I know a guy who's retired and a Microsoft stockholder. He uses MSN. He did not come from an IT background and PCs are just a hobby. He would not know what a proper software test was if it bit him in the ass. He thinks Microsoft is God's gift to civilization. He gets into all the Microsoft beta tests and is among "the counted testers" that Microsoft talks about out.

For my mental health, I have taken steps to make sure not run into this guy.
Alex

Whom the gods wish to destroy, they first make mad. -- Euripides
New Toilet trained
Peter, some here (and I didn't say me) might be willing to say you've got more than middlin' experience. Since you wax poetic over the merits of both Win2K and VAX, and are known to run GNU/Linux, you've a range of experience likely unusual among NT admins.

Moreover, you don't prove anything one way or the other regards Ben's point. If any slack-jawed 14 year old can run a lawnmower, the fact that an airline pilot uses one to mow his lawn doesn't mean the equipment requires, or is designed to be run by, airline pilots.

Microsoft is known to have promulgated the myth of "Zero Administration" for quite some time. The fact that you're a nonzero admin doesn't negate this fact.

Frankly, GNU/Linux is headed down the same path of putting powerful tools in the hands of anyone, so arguing from a strict point of "it's the admins fault" probably isn't going to be productive. The GNU/Linux camp does seem to be somewhat more grounded in a philosophy of technological indoctrination, though: you're supposed to know your tools, RTFM, and STFW.

There are also significantly different incentives to producing and distributing bug-free software, and updates and fixes to remedy other, in the free software world. Microsoft is notorious for charging for bugfixes and updates, at least in sufficient aggregates (Win98, Win2K).
--
Karsten M. Self [link|mailto:kmself@ix.netcom.com|kmself@ix.netcom.com]
What part of "gestalt" don't you understand?
New STFW: shut the effing window?
That's her, officer! That's the woman that programmed me for evil!
New Search the effin' Web.
--
Karsten M. Self [link|mailto:kmself@ix.netcom.com|kmself@ix.netcom.com]
What part of "gestalt" don't you understand?
New That's not what he said.
He said "Encourages". And he's correct.

You're putting a selective filter on the Microsoft message.. You said "Well, of COURSE *that* message is idiotic, don't believe it".

And after the years of hearing Microsoft messages, I don't believe *any* of it.

Which is why I Don't Care about NT anymore. And yes, that's 2000 and XP. I'm not going to play the name games. I've been lied to far too many times.

You're selectively filtering for messages that you know to be true - using the other experience you have to set said filter.

But trust me. The Microsoft Monkeys aren't filtering (they don't know how), and they're taking Microsoft at their word - and that's *still* a problem. There's a lot of them, and you're selectively filtering that fact out, as well. Why, I don't know. :)

Addison
New "Encourages" is key
Now you know, and should presume that I know, that to administer any complex system well takes competent people. Software isn't somehow special or different, it is just another example.

However Microsoft's marketing message is that its software is easy to learn, easy to administer, you just have to run an all-Microsoft shop and always keep up with the latest and greatest. This is not a marketing message that is consistent with encouraging organizations to develop good security procedures. It is, however, a message that makes Microsoft a lot of money.

Now before we leave this topic, please answer two questions. The first is, "What is your estimate of how many Microsoft organizations really need people like you, but don't have them and don't understand why they should?" The second is, "Do you really think that this number has anything to do with Microsoft's ongoing advertising about its products?"

Cheers,
Ben
New Answers
"lots"

and

"Not a chance"


Peter
Shill For Hire
[link|http://www.kuro5hin.org|There is no K5 Cabal]
New Definite disagreement on the second item
New In what way?


Peter
Shill For Hire
[link|http://www.kuro5hin.org|There is no K5 Cabal]
New Waddya got? OpenBSD.
But then, that's sort of the opposite extreme in terms of security over marketing.

But security isn't a product, is it? Therefore, I don't see how you can make that statement and say, "Windows 2000 is a secure OS" in the same post.

I'll believe it when I see the rate of security bulletins decline...many of which are more along the lines of basic services rather than apps. The last few posted to BUGTRAQ dealt with RPC, passwords, Task manager, TCP, SSL, and system file overwriting, for example (not to say there weren't more that had to do with apps--just that there are many that didn't).
That's her, officer! That's the woman that programmed me for evil!
     "Cost and effect" is usually a strength of MS..why not here? - (tseliot) - (19)
         That's not "1 Microsoft Way" - (Another Scott)
         Collusion - (kmself) - (1)
             Heh. Never thought about the collusion idea. - (tseliot)
         The MS Security Conundrum - (pwhysall) - (15)
             Oh c'mon - (wharris2) - (13)
                 That's a strawman argument - (pwhysall) - (12)
                     What is the process that Microsoft encourages? - (ben_tilly) - (10)
                         Thanks - (pwhysall) - (9)
                             Not to mention Inthane, who's paid to do it. - (a6l6e6x)
                             Toilet trained - (kmself) - (2)
                                 STFW: shut the effing window? -NT - (tseliot) - (1)
                                     Search the effin' Web. -NT - (kmself)
                             That's not what he said. - (addison)
                             "Encourages" is key - (ben_tilly) - (3)
                                 Answers - (pwhysall) - (2)
                                     Definite disagreement on the second item -NT - (ben_tilly) - (1)
                                         In what way? -NT - (pwhysall)
                     Waddya got? OpenBSD. - (tseliot)
             Conundrum Humdrums. - (addison)

But at least you can make it swallow the code.
90 ms