That's a strawman argument

Post #12,053 by pwhysall 10/6/01 5:18:17 AM Reply	That's a strawman argument MySQL can be insecure, as can Oracle, or Postgres, or DB/2... IIS is pretty darn secure, if only you can be arsed to configure it properly. The precise same argument holds for Apache, too. Security is not a product. It's a process. Until you get that through your head, pain and torment awaits and any and all systems you implement with whatever OS will be compromised, again and again. And if you're seriously equating running SQL Server or IIS with "opening an email attachment" then I must question the basis on which you make such a statement. My point was that Windows 2000 is a secure operating system but the applications group at MS seem hell bent on testing that to the limit. And what alternative do YOU bring to the table? Business wants secure computing - and that means more than strong passwords. So, waddya got? Peter Shill For Hire [link\|http://www.kuro5hin.org\|There is no K5 Cabal]
Post #12,071 by ben_tilly 10/6/01 1:03:35 PM Reply	What is the process that Microsoft encourages? It is to have untrained monkeys spin the CD and punch through mazes of menus. While arranging for a tollbooth at every possible location. And arranging to make the PHBs think this is the right and only way to run the world. Yes, security is a process. So is extracting maximum profit from the masses. They are not compatible processes. Which one has Microsoft consistently chosen? Cheers, Ben
Post #12,077 by pwhysall 10/6/01 2:48:42 PM Reply	Thanks I've never been called an untrained monkey before. If that's what you think it takes to administrate Windows 2000... Well. Let's just say it won't be possible for us to have a sensible conversation on the subject. Peter Shill For Hire [link\|http://www.kuro5hin.org\|There is no K5 Cabal]
Post #12,080 by a6l6e6x 10/6/01 3:06:42 PM Reply	Not to mention Inthane, who's paid to do it. Two for the price of one, Ben. Actually, I know what you mean. I know a guy who's retired and a Microsoft stockholder. He uses MSN. He did not come from an IT background and PCs are just a hobby. He would not know what a proper software test was if it bit him in the ass. He thinks Microsoft is God's gift to civilization. He gets into all the Microsoft beta tests and is among "the counted testers" that Microsoft talks about out. For my mental health, I have taken steps to make sure not run into this guy. Alex Whom the gods wish to destroy, they first make mad. -- Euripides
Post #12,089 by kmself 10/6/01 5:54:47 PM Reply	Toilet trained Peter, some here (and I didn't say me) might be willing to say you've got more than middlin' experience. Since you wax poetic over the merits of both Win2K and VAX, and are known to run GNU/Linux, you've a range of experience likely unusual among NT admins. Moreover, you don't prove anything one way or the other regards Ben's point. If any slack-jawed 14 year old can run a lawnmower, the fact that an airline pilot uses one to mow his lawn doesn't mean the equipment requires, or is designed to be run by, airline pilots. Microsoft is known to have promulgated the myth of "Zero Administration" for quite some time. The fact that you're a nonzero admin doesn't negate this fact. Frankly, GNU/Linux is headed down the same path of putting powerful tools in the hands of anyone, so arguing from a strict point of "it's the admins fault" probably isn't going to be productive. The GNU/Linux camp does seem to be somewhat more grounded in a philosophy of technological indoctrination, though: you're supposed to know your tools, RTFM, and STFW. There are also significantly different incentives to producing and distributing bug-free software, and updates and fixes to remedy other, in the free software world. Microsoft is notorious for charging for bugfixes and updates, at least in sufficient aggregates (Win98, Win2K). `-- Karsten M. Self [link\|mailto:kmself@ix.netcom.com\|kmself@ix.netcom.com] What part of "gestalt" don't you understand?`
Post #12,275 by tseliot 10/8/01 2:17:00 PM Reply	STFW: shut the effing window? That's her, officer! That's the woman that programmed me for evil!
Post #12,333 by kmself 10/8/01 6:32:45 PM Reply	Search the effin' Web. `-- Karsten M. Self [link\|mailto:kmself@ix.netcom.com\|kmself@ix.netcom.com] What part of "gestalt" don't you understand?`
Post #12,132 by addison 10/7/01 10:30:19 AM Reply	That's not what he said. He said "Encourages". And he's correct. You're putting a selective filter on the Microsoft message.. You said "Well, of COURSE that message is idiotic, don't believe it". And after the years of hearing Microsoft messages, I don't believe any of it. Which is why I Don't Care about NT anymore. And yes, that's 2000 and XP. I'm not going to play the name games. I've been lied to far too many times. You're selectively filtering for messages that you know to be true - using the other experience you have to set said filter. But trust me. The Microsoft Monkeys aren't filtering (they don't know how), and they're taking Microsoft at their word - and that's still a problem. There's a lot of them, and you're selectively filtering that fact out, as well. Why, I don't know. :) Addison
Post #12,145 by ben_tilly 10/7/01 5:07:54 PM Reply	"Encourages" is key Now you know, and should presume that I know, that to administer any complex system well takes competent people. Software isn't somehow special or different, it is just another example. However Microsoft's marketing message is that its software is easy to learn, easy to administer, you just have to run an all-Microsoft shop and always keep up with the latest and greatest. This is not a marketing message that is consistent with encouraging organizations to develop good security procedures. It is, however, a message that makes Microsoft a lot of money. Now before we leave this topic, please answer two questions. The first is, "What is your estimate of how many Microsoft organizations really need people like you, but don't have them and don't understand why they should?" The second is, "Do you really think that this number has anything to do with Microsoft's ongoing advertising about its products?" Cheers, Ben
Post #12,185 by pwhysall 10/8/01 2:00:12 AM Reply	Answers "lots" and "Not a chance" Peter Shill For Hire [link\|http://www.kuro5hin.org\|There is no K5 Cabal]
Post #13,093 by ben_tilly 10/12/01 7:58:51 AM Reply	Definite disagreement on the second item
Post #13,229 by pwhysall 10/14/01 6:42:41 AM Reply	In what way? Peter Shill For Hire [link\|http://www.kuro5hin.org\|There is no K5 Cabal]
Post #12,278 by tseliot 10/8/01 2:30:12 PM Reply	Waddya got? OpenBSD. But then, that's sort of the opposite extreme in terms of security over marketing. But security isn't a product, is it? Therefore, I don't see how you can make that statement and say, "Windows 2000 is a secure OS" in the same post. I'll believe it when I see the rate of security bulletins decline...many of which are more along the lines of basic services rather than apps. The last few posted to BUGTRAQ dealt with RPC, passwords, Task manager, TCP, SSL, and system file overwriting, for example (not to say there weren't more that had to do with apps--just that there are many that didn't). That's her, officer! That's the woman that programmed me for evil!

Welcome to IWETHEY!