On Tuesday, April 17, 2007 6:45 am Jim Cornette wrote:

This problem is a horrible feature when removing software. I have seen this problem happening with removal of some programs. The user needs to be careful. The packager needs to be careful also with preventing dependencies which could get you in this type of problem.

Now after reading your major problem in the tail of the message, the installer could provide sort of features to install software on command, like linux install "X server". Maybe one day there will be such features to the installer. I don't know how hard it would be to implement. It sounds complicated, but some love the challenge and positive results from their efforts.

Regardless of anything else, there really ought to be a way to mark a package/set of packages as IMPORTANT and get yum/whatever to issue a warning ("Warning: removing this component may break the system/prevent you from using GUI/whatever; are you sure you want to to do this?") if one of these important packages is marked for removal.

What gets me about threads like this one is the unvoiced assumption that every distribution has to be aimed at the entire potential user base. One of the best things about Linux is having choices. A distribution designed as a corporate desktop system is probably safe is assuming that the person changing the software packages on a system is going to make fairly intelligent decisions on what to remove based on the type of messages yum gives now. In this setting, the end user is not usually going to be the one making the changes. The IT department will. (Probably on batches of systems at one time.)

Fedora Core appears to be aimed at another class of users. It seams to be aimed at a more technically knowable group of users. Because of this, it is also possible to "shoot yourself in the foot" if you don't read the information presented to you. You are expected to make informed decisions. That is one reason I am using it.

My personal feelings are that FC would be a poor choice for your average home user, especially one that is migrating from an older version of Windows. (98) Depending on their hardware, they may not have enough of a system to affectively run it, and it is not as "User Friendly" for new users as some of the other distributions. If they have the hardware for it, then Ubuntu may be a better choice. (It wouldn't be my choice, but that is the point...)

If they do not have the hardware for Ubuntu, then it would be time to look into one of the "less demanding" distributions. (I am not current on this - would they need someone to install/support this?)

So maybe what is really needed is a clearer indication of who each distribution is aimed at? As well as a clearer explanation that Linux distributions are not intended to be "One size fits all"...

Mikkel

Kelly wrote:

On Tuesday, April 17, 2007 3:45 pm Mikkel L. Ellertson wrote:

...

My personal feelings are that FC would be a poor choice for your average home user, especially one that is migrating from an older version of Windows. (98)

Okay, seriously then, what distro would be a good choice for the average home user? I'm trying to answer that question myself, while searching for good distros for my younger brothers to run; they both have some computer experience, but only with Windows, and I have a personal thing against Debian-based distros after the time that three different Debian/Ubuntu installs failed in the same way within a week. Any suggestions?

Ubuntu is really making an effort, so I wouldn't hold earlier failure against them. The 7.04 desktop release sounds promising if you aren't tied to RedHat-style administration: http://www.ubuntu.com/news/ubuntudesktop704

I think you should give Ubuntu a second chance. It is great for this kind of situations. You should give Kubuntu a chance too! On Tue, 2007-04-17 at 19:41 -0500, Les Mikesell wrote:

Kelly wrote:

...

On Tuesday, April 17, 2007 3:45 pm Mikkel L. Ellertson wrote:

...

My personal feelings are that FC would be a poor choice for your average home user, especially one that is migrating from an older version of Windows. (98)

Okay, seriously then, what distro would be a good choice for the average home user? I'm trying to answer that question myself, while searching for good distros for my younger brothers to run; they both have some computer experience, but only with Windows, and I have a personal thing against Debian-based distros after the time that three different Debian/Ubuntu installs failed in the same way within a week. Any suggestions?

It's hard to be free... but I love to struggle!

Renich Bon Ciric Guadalajara, Jalisco, México

http://www.woralelandia.com/ <-> http://www.introbella.com/

On Tuesday, April 17, 2007 9:28 pm Claude Jones wrote:

On Tue April 17 2007, Kelly wrote:

...

Okay, seriously then, what distro would be a good choice for the average home user?  I'm trying to answer that question myself, while searching for good distros for my younger brothers to run; they both have some computer experience, but only with Windows, and I have a personal thing against Debian-based distros after the time that three different Debian/Ubuntu installs failed in the same way within a week.  Any suggestions?

PCLinuxOS

Mandriva-based distros seem to have an issue with mounting NFS shares over /home. Wish I knew why.

I think you should give Ubuntu a second chance. It is great for this kind of situations. You should give Kubuntu a chance too!

Was only two versions ago. Same results from both Kubuntu and Xubuntu, and it's a flaw built into Debian itself; defoma seems to have major issues remembering where the fonts are installed...

Plus, IIRC, the *buntu series doesn't have a system for configuring LDAP clients, and I'm not 100% sure how to work PAM + LDAP manually...

On Wednesday, April 18, 2007 10:34 pm Les Mikesell wrote:

Did I miss something in this thread? What kind of beginner has an LDAP service for authentication?

One who's network administrator is NOT a beginner and is running Fedora Core.

Kelly wrote:

Regardless of anything else, there really ought to be a way to mark a package/set of packages as IMPORTANT and get yum/whatever to issue a warning ("Warning: removing this component may break the system/prevent you from using GUI/whatever; are you sure you want to to do this?") if one of these important packages is marked for removal.

I would have thought the long list of packages it was going to remove because of dependencies would clue in most people. Didn't it say something along the lines of removing package foo requires removing (long list) that require foo, do you wish to proceed? with no as the default answer?

Do we really want to insult people by asking "Are you sure?" again after getting them to confirm that they do want to remove a long list of packages?

Mikkel

Arthur Pemberton wrote:

...

Microsoft:

When it crashes, you insert the software CD, and somehow you will get going again.

I'm curious as to how you somehow get going again while maintaining the presense of your files. The usual methadology is format and reinstall.

No, there are three methods known to fix windows problems and you always try them in this order: (1) reboot, (2), reinstall windows, (3) reformat.

...

Fedora&RedHat:

When it crashes, you insert the software CD, but instead of the situation above, most of your work is lost !

As long as yum is still working, it can re-install anything it uninstalled. If yum quits working, you might need to boot the install CD in rescue mode to fix things.

On Tue April 17 2007, Tim wrote:

On Tue, 2007-04-17 at 16:22 -0500, Les Mikesell wrote:

...

there are three methods known to fix windows problems and you always try them in this order: (1) reboot, (2), reinstall windows, (3) reformat.

The three "r"s..., though you're missing the fourth one:  repeat...

Not my experience at all. I manage around 50-100 machines depending on the time of year and trade winds - been doing it for ten years. I've reinstalled Windows less than 5 times - I've done a fair share of repairs, many more than re-installs, but that saves all the settings and data. There are lots of good reasons to not like Windows, but it gets downright silly sometimes on these lists...

--- Claude Jones claude_jones@levitjames.com wrote:

On Tue April 17 2007, Tim wrote:

...

On Tue, 2007-04-17 at 16:22 -0500, Les Mikesell

wrote:

...

...

there are three methods known to fix windows

problems and you always

...

...

try them in this order: (1) reboot, (2),

reinstall windows, (3)

...

...

reformat.

The three "r"s..., though you're missing the

fourth one: repeat...

Not my experience at all. I manage around 50-100 machines depending on the time of year and trade winds - been doing it for ten years. I've reinstalled Windows less than 5 times - I've done a fair share of repairs, many more than re-installs, but that saves all the settings and data. There are lots of good reasons to not like Windows, but it gets downright silly sometimes on these lists...

-- Claude Jones Brunswick, MD, USA

-- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list

As Claude mentions it is not that bad, but the bad side still gives trouble that is to windows users.

Not to defend Windows here, but the other guys, spammers, advertisers, Virus writers, etc are the ones that make Windows give its users trouble. They get ahold of the system and make it into a zombie machine. Finding those trackers/viruses/trojan horses is where the fun begins. Sometimes they are too many that the last resort is to reinstall it and cycle through the process again like Tim says.

Regards,

Antonio

__________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com

Claude Jones wrote:

On Tue April 17 2007, Tim wrote:

...

On Tue, 2007-04-17 at 16:22 -0500, Les Mikesell wrote:

...

there are three methods known to fix windows problems and you always try them in this order: (1) reboot, (2), reinstall windows, (3) reformat.

The three "r"s..., though you're missing the fourth one: Â repeat...

Not my experience at all. I manage around 50-100 machines depending on the time of year and trade winds - been doing it for ten years. I've reinstalled Windows less than 5 times - I've done a fair share of repairs, many more than re-installs, but that saves all the settings and data. There are lots of good reasons to not like Windows, but it gets downright silly sometimes on these lists...

You are a lucky person. In my limited experience with Windows, a re-install has happened more than that. I did try the re-install but that was useless due to all the secondary applications.

Heck, even Steve Ballmer, CEO for Microsoft needs to re-install Windows when it gets to rough.

My biggest headache has always been registry problems.

But that is my experience.

Claude Jones wrote:

On Wed April 18 2007, Robin Laing wrote:

...

You are a lucky person. In my limited experience with Windows, a re-install has happened more than that. I did try the re-install but that was useless due to all the secondary applications.

Heck, even Steve Ballmer, CEO for Microsoft needs to re-install Windows when it gets to rough.

My biggest headache has always been registry problems.

But that is my experience.

You speak of "limited experience" - I deal with many Windows machines, all day long, day in and day out, in a business environment. Maybe that's the difference. We have an enterprise grade firewall behind the router. Each Windows box runs its own personal firewall. Each machine also runs anti-virus and anti-spyware. That's the price you have to pay - it costs money, and it takes time - it stinks. But, safe practices over many years, and that's been my experience. The only virus that ever got detected inside my company was ironically caught by one of my machines - but I caught it right away, and it hadn't activated itself. We've got one gal who just can't resist clicking indiscriminately, and I've set up a vm for her on her box using the free vmplayer and a vm built on our vmware workstation, and she's under strict orders to do all her internet stuff from the virtual machine - ironically, once we implemented that policy, she stopped having problems.

I prefer Linux but you can't tell me that Windows can't be run reliably - it's just not my experience over many, many years. I don't think it has anything to do with luck. The main problems I encounter again and again are with clueless operators who've ignored repeated instructions about dangerous surfing practices and clicking on attachments - those are the two most common causes of problems - are they caused by the operating system? - one can argue that it's the defective design of the system that allows clueless operators to damage their system and I will agree. There are many things that can be done cluelessly in life and will result in mayhem -

Speaking to the question about the problems encountered in recent weeks regarding drivers and endless boot cycles, I would try a Windows repair; boot from the installation CD, click past the first repair options and let it continue past the checking the drives for previous installations of Windows section, and after that check, it should find your damaged installation and offer the option to repair the existing installation - if it doesn't, you're borked. If it does, just let it do its thing - once completed, you'll have to patch your system back up to current security patches and service packs, but you'll have preserved all your settings and data. Make sure you have your CD key because it will ask for it. If you've just had a bad event but your box is stil able to boot you also have system restore function that often works - if yo poke around the help files you can find a system restore list that lets you roll back a system to a previous state - just had to do it today when a Windows Media update failed in a state where I couldn't roll it back - I picked a restore from last Sunday and afer a few moments, I has restored the system to its sate 4 days earlier, and Windows Media worked just fine.

Personally, I like playing with all operating systems - they nearly have unique capabilities and features that are very good for doing certain things. I still interact with a early nineties-vintage Dec-Alpha running VMS - it does one task very well and requires little maintenance, running a daybook/document management system for a publishing company that's never gone down more than a half day - it's a terminal client system with all programs being fun from the central processor. It's a bit weak in its word processing feature set, but it chugs along, day in and day out. I've got an old Amiga 500 that still runs video titling software and lets us dedicate a work station where we can produce custom titling for shows going out to specific stations, destinations that require non-standard program ID's and such to be overlaid on the video stream; we've got a Mac guy here who's into all the whiz bang features of the Mac for his multimedia operations, and runs servers out of his house via FIOS connection which are located miles away from his home, and in some cases across the country.

Then there's me, the Linux guy - they like me because I can ask for an ip outside the firewall using one of our assined ip addresses in our top range and run my box completely outside the Symantec Enterprise Firewall - I'vd got ssh runninng on that box and a second nic connected to a hub so people can avoid the whole company network when they suspect theyr'e dealing with a threat - I have an entierely independent lan behind that Linux box and I use it for all sorts of stuff.. We can bring up a virus infected machine behind my Linux firewalled box, and we know we don't have to worry about its getting control over any other machines - we download pathes and utilities to clean up the offending machine without having to worry about letting vermin in behind our Windows Lan - since there is no direct connection between the two. I even run a wireless access point for people who need to connect the net via wireless connections - our lan is just of the picture and therefore remains protected.

Jumping in, if I may. Fedora made some dramatic changes with FC5, I think it was. Seems they revisited the standards issue, reminded themselves of their beginnings as a distribution that faithfully followed the idea that distributions need to adopt and use worldwide standards. Why?

http://web.archive.org/web/20030207075039/http://www.pimientolinux.com/peru2... DR. EDGAR DAVID VILLANUEVA NUÑEZ Congressman of the Republic of Perú

It's difficult to discuss the merits of a proprietary operating system that seeks to control the IT industry. Even if the Microsoft operating system were to somehow match the merits found in Open Source operating distributions, there remains the Congressman's letter. So, we reread his letter, and, collectively as a world community, we choose the approach that best accomplishes the goals we want from information technology. Today, given a clean slate, and the state of technology, it would be an ugly site for sure, to watch which CD folks would pick up off the table to put on their computers. My bet would be, that Microsoft would be instantly out of business. Thanks, Tom

On Thu, 2007-04-19 at 01:09 -0500, Les Mikesell wrote:

The problem is that so much of the system is opaque with undocumented 'features' that are just waiting to be exploited. It's not that the users are clueless, it is that there is no way for them to have a clue.

Hear, hear...

How many people know the minimal set of ports needed to be open for Active Directory and Exchange server to work and what is supposed to happen on each, for example?

Or how in hell to get MSN messenger to work through your firewall, or any other number of things that you need to get to work with your system, but come with no more information than an instruction to see your system adminstrator (who has no information about it, anyway).

Tim:

...

Or how in hell to get MSN messenger to work through your firewall, or any other number of things that you need to get to work with your system, but come with no more information than an instruction to see your system adminstrator (who has no information about it, anyway).

Scott van Looy:

http://support.microsoft.com/kb/q240063/

Most windows sysads know both, or are at least as capable as myself of googling it... :)

I mentioned MSN specifically, as in the past, I had cause to resolve that problem. Microsoft, at that time, did not make public what you needed to do, the only information was third party, and incorrect. Later on, I did find some information from Microsoft about it, but it didn't work.

Tim:

...

I mentioned MSN specifically, as in the past, I had cause to resolve that problem. Microsoft, at that time, did not make public what you needed to do, the only information was third party, and incorrect. Later on, I did find some information from Microsoft about it, but it didn't work.

Scott van Looy:

Never ever had a problem with this or finding out what I needed to from the 'net. port80 originally, then port 443 and 80 when they decided to turn on SSL. That and 1863 for the initial handshake - which has always been fairly well documented as far as I can see, I've found references to this going back at least 4 years in a brief search ;)

Then try the other bits - file transfers working in both directions, audio, video... Didn't work as the advice advised.

On Thu April 19 2007, Scott van Looy wrote:

Most windows sysads know both, or are at least as capable as myself of googling it... :)

You know, I said these discussions get downright silly, and then, I jumped in to the middle with a long post - I guess I'm getting what I deserve for that.

There's no winning, or ending, this discussion once joined - so, I withdraw. I leave behind the doorknob - you guys can argue with that.

If you decide to hang in there, Scott, I wish you good luck, but I fear you're on a fools errand...

On Thu, 2007-04-19 at 10:05 +0100, Scott van Looy wrote:

Today Tim did spake thusly:

...

On Thu, 2007-04-19 at 01:09 -0500, Les Mikesell wrote:

...

The problem is that so much of the system is opaque with undocumented 'features' that are just waiting to be exploited. It's not that the users are clueless, it is that there is no way for them to have a clue.

Hear, hear...

...

How many people know the minimal set of ports needed to be open for Active Directory and Exchange server to work and what is supposed to happen on each, for example?

I pasted that into google and got:

http://support.microsoft.com/kb/270836

as my second link

...

Or how in hell to get MSN messenger to work through your firewall, or any other number of things that you need to get to work with your system, but come with no more information than an instruction to see your system adminstrator (who has no information about it, anyway).

http://support.microsoft.com/kb/q240063/

Most windows sysads know both, or are at least as capable as myself of googling it... :)

-- Scott van Looy - email:me@ethosuk.org.uk | web:www.ethosuk.org.uk site:www.freakcity.net - the in place for outcasts since 2003 PGP Fingerprint: 7180 5543 C6C4 747B 7E74 802C 7CF9 E526 44D9 D4A7 ------------------------------------------- |/// /// /// /// WIDE LOAD /// /// /// ///| -------------------------------------------

knot in cables caused data stream to become twisted and kinked

The first didn't answer Active Directory, and the second didn't answer for the current revision of I.E. Not so simple is it?

Regards, Les H

On Thu, 2007-04-19 at 13:10 -0500, Les Mikesell wrote:

Who is it that thinks opening ports 1024 through 65535 as it suggests is a good idea?

Yes, that sort of advice is another of the things that got my goat about getting things on Windows to run (drop your firewall, or essentially make it not a firewall, run as admin, etc., etc.).

On Thursday 19 April 2007, Les Mikesell wrote:

Claude Jones wrote:

...

You speak of "limited experience" - I deal with many Windows machines, all day long, day in and day out, in a business environment. Maybe that's the difference. We have an enterprise grade firewall behind the router. Each Windows box runs its own personal firewall. Each machine also runs anti-virus and anti-spyware. That's the price you have to pay - it costs money, and it takes time - it stinks.

And it doesn't help if you get the virus before your anti-virus vendor has the cure.

In that case you very likely have the wrong vendor. Any respectable AV vendor will have a sample the moment anyone reports it. You could be the unlucky first victim, but the odds are slight, to say the least.

...

I prefer Linux but you can't tell me that Windows can't be run reliably - it's just not my experience over many, many years. I don't think it has anything to do with luck.

You can say that because you've been lucky. We had 2 rounds of 0-day exploits. One took 3 days for the anti-virus vendors to come up with a cure.

"I've often noticed that the harder I work, the luckier I get". I can't remember who said it, but....

...

The main problems I encounter again and again are with clueless operators who've ignored repeated instructions about dangerous surfing practices and clicking on attachments - those are the two most common causes of problems - are they caused by the operating system? - one can argue that it's the defective design of the system that allows clueless operators to damage their system and I will agree. There are many things that can be done cluelessly in life and will result in mayhem

Clueless like these guys? http://news.yahoo.com/s/ap/20070419/ap_on_hi_te/hackers_state_department

Yup. "after a department employee in Asia opened a mysterious e-mail that quietly allowed hackers inside the U.S. government's network". One of the few rules necessary to stay safe, is "never open a suspicious email".

The problem is that so much of the system is opaque with undocumented 'features' that are just waiting to be exploited. It's not that the users are clueless, it is that there is no way for them to have a clue. How many people know the minimal set of ports needed to be open for Active Directory and Exchange server to work and what is supposed to happen on each, for example?

How many people need to? If they need those services their sysadmin or vendor will have set it up for them. Ordinary users never need to know this.

My elder daughter is indeed clueless. She wants a tool to do the job. She has been using a computer attached to the Internet for around 10 years, under Win98 until last year, and now under XP. She has used Netscape/Mozilla for browsing and mail all that time. She knows about dubious emails. She doesn't visit dodgy sites. She has up to date AV and a firewall. She rings me if there's something unusual and worrying. She has had neither virus nor trojan in all that time. The only installs have been done when I have changed her hardware.

Anne

Tomas Larsson wrote:

My experience:

[...]

The rumour that XP is unreliable etc, is just a rumour. I have never been infected with a viruus on my XP-boxes, however I have been rooted once on my FC-boxes. Obviously it was my own fault, forgot about an old phpBB installation on a public webserver.

You must be very young, very firewalled, or very lucky - or your machines all came pre-installed with some service pack level. There was a point when if you installed a fresh XP or win2k the odds were that you would be hit by a virus before you cold get the service packs installed over the internet.

The so-called problem with Windows is, I think, that there are so much crap software out there, that people install without any thoughts at all, plus the fact that people use quite a lot of cracked sw, with no clue what's in it.

That's only a small part of the problem. There have been dozens of possible exploits within IE, so all it takes is visiting a site that triggers it. Likewise, many of the outlook exploits did not require that you open the message.

I use XP because it gets the work done, with a minimum of work, I dont want to spend days trying to figure out on how to read from a CD or weeks to figure out why my network-card does not work.

That has to more to do with buying a machine with a preinstalled OS than which OS it is.

-- Les Mikesell lesmikesell@gmail.com

Today Tomas Larsson did spake thusly:

I never use OEM-SW neither on XP nor W2K. The latest laptop I got, was pre-installed with XP-Home, I ditched that, reformated the drive and installed XP-PRO. Furthermore I don't use any SW-firewalls, except on the laptop I carry with me, since I connect up wherever i find a WiFi spot avaible.

I have never been infected with virus, when connecting to the net for the first updates, not even when using one of the original pre-SP1 CD's. Not even running in front of my firewall. Yes I use a firewall, before it was an old AMD-K6 with RH9, now it is an P2-400 with FC5, using gShield script. I have never used a dedicated firewall, probably by habit, since they were so expensive onece upon a time, and a scrap P1-160 with RH7/9 was a cheaper solution.

So I simly don't buy that you get infected first time you are connected.

Actually, you do, but I've not seen it with XP, just Win2k. Windows messaging service was exploited a while back and I think it caught XP as well, but I've not installed a copy of the original XP in years.

I always create slipstreamed XP installs and so I'd not expect to be compromised.

All versions of XP being sold in at least the last year or so that I've seen have been SP2

However:

I installed win2k on my ickle libretto and connected for enough time to get the updates and got infected with a virus, so the next time I simply burned SP5 to CD and installed that before enabling the network

No CD drive, so couldn't work out how to make it install Fedora

-----Original Message----- From: Les Mikesell [mailto:lesmikesell@gmail.com] Sent: Thursday, April 19, 2007 3:41 PM To: tomas@tlec.se; For users of Fedora Subject: Re: Why most run Microsoft, not RedHat

Tomas Larsson wrote:

...

I have never been infected with virus, when connecting to

the net for

...

the first updates, not even when using one of the original pre-SP1 CD's. Not even running in front of my firewall. Yes I use a firewall, before it was an old AMD-K6 with RH9,

now it is

...

an P2-400 with FC5, using gShield script. I have never used a dedicated firewall, probably by habit,

since they

...

were so expensive onece upon a time, and a scrap P1-160

with RH7/9 was

...

a cheaper solution.

So I simly don't buy that you get infected first time you

are connected.

You don't today - or you don't see it because the viruses are more stealthy and designed to spread slowly and remain undetected while permitting remote control of the machines to send spam or participate in an occasional DDOS attack. A few years back an unprotected, unpatched box would be hit by something in a couple of minutes on a random internet address. The 2003 slammer worm was probably the most dramatic of the bunch, practically knocking out the internet. It sent UDP packets out of RAM as fast as the machine could generate them.

-- Les Mikesell lesmikesell@gmail.com

Well, obviously I have missed it, Been on the net since mid 90's, before Win95, using 3.11 and on DSL since end 90's. Allways been using AW-SW though, currently NAW.

So I wonder, Why has not any of my boxes ever been infected since it is said to be so easy to infect Windows.

Well, the answer is, I think, It is not so easy, unless you are very very very stupid. Unfortunately there is a lot of people out there that is very very very very stupid, just take look on all these scams, nigeria letters etc.

With best regards

Tomas Larsson Sweden http://www.tlec.se http://www.ebaman.com Excellent and cheap hosting, use http://www.servage.net/?coupon=cust23962 Verus Amicus Est Tamquam Alter Idem

-----Original Message----- From: Les Mikesell [mailto:lesmikesell@gmail.com] Sent: Thursday, April 19, 2007 5:28 PM To: tomas@tlec.se; For users of Fedora Subject: Re: Why most run Microsoft, not RedHat

Tomas Larsson wrote:

...

...

...

So I simly don't buy that you get infected first time you

are connected.

You don't today - or you don't see it because the viruses are more stealthy and designed to spread slowly and remain undetected while permitting remote control of the machines to send spam or

participate

...

...

in an occasional DDOS attack. A few years back an unprotected, unpatched box would be hit by something in a couple of

minutes on a

...

...

random internet address. The 2003 slammer worm was

probably the most

...

...

dramatic of the bunch, practically knocking out the internet. It sent UDP packets out of RAM as fast as the machine

could generate

...

...

them.

Well, obviously I have missed it, Been on the net since mid 90's, before Win95, using 3.11 and on DSL since end 90's. Allways been using AW-SW though, currently NAW.

So I wonder, Why has not any of my boxes ever been infected

since it

...

is said to be so easy to infect Windows.

Well, the answer is, I think, It is not so easy, unless you

are very

...

very very stupid. Unfortunately there is a lot of people out there that is very very very very stupid, just take look on all these scams,

nigeria letters etc.

Are saying these guys are stupid? http://www.itnews.com.au/newsstory.aspx?CIaNID=49857

-- Les Mikesell lesmikesell@gmail.com

I'm not saying that Windows by any means are safer than other OS, but its not more un-safe either. Obviously since there is more systems out there, compared to Linux, there ought to be more problem's.

What I'm saying that any-one that runs an unprotected computer despite all media coverage is stupid, he or she cannot blame the OS if he or she opens a virusinfected mail. The same goes for installing software that in best case is unstable and in worst case..... People seems to blame everything on the OS, when they buy some cheap noname addon-cards with drivers that makes an havoc in the system.

Obviously that does not happen in the LINUX world, basically because those no-name manufacturers does not target the linux community and subsequently there is no drivers, and you don't install it, hence no problems.

Obviously there must be flaws in any OS/SW even Linux, as an example my FC4-server was rooted, due to a flaw in php/MySQL.

I ended up with a complete re-install, if it was a windows-system, first of all, it wouldn't probably happen, since my AW would have taken care of it, plus the fact that I would have managed to remove it without re-installing, So in a sence Linux is far much more complicated to restore, compared to Windows XP.

With best regards

Tomas Larsson Sweden http://www.tlec.se http://www.ebaman.com Excellent and cheap hosting, use http://www.servage.net/?coupon=cust23962 Verus Amicus Est Tamquam Alter Idem

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

I appreciate that I am responding to two people here so I've tried to point out which one I am addressing below...

Zoltan Boszormenyi wrote: ### Tomas's Bit:

Tomas Larsson írta:

...

Obviously there must be flaws in any OS/SW even Linux, as an example my FC4-server was rooted, due to a flaw in php/MySQL.

SElinux++ ...but I bet you had it turned off, didn't you ;) windows is no safer against 0-day expoits than anything else. Arguably less safe (IMO) as it has absolutely not diagnostic output that is readble by normal people...

...

I ended up with a complete re-install,

..and did you enable SELinux protection that time?

...

if it was a windows-system, first of all, it wouldn't probably happen,

I don't see how you can say that... bad php code on a windows-basecd webserver is just as exploitable as it would be on any web-server.

...

...

since my AW would have taken care of it,

really? you have a piece of security software that can stop people expoloiting bad php code? We aren't talking viruses here. (nb: I am Assuming that AW is antivirus.. if it means something else, please enlighten me)

...

plus the fact that I would have managed to remove it without re-installing, So in a sence Linux is far much more complicated to restore, compared to Windows XP.

## Zoltan's bit...

I cleaned a rootkit once off a RedHat 7.1 system by using "rpm -Va". It didn't need reinstallation the whole system.

Which, although you may have been lucky, is not usually the most sensible approach. (no offence intended) A few points to consider... 1. what if the rootkit is installed using rpm? 2. rpm is one of the binaries that has been 'trojaned'? you'll see only what the attacker wants you to see. rpm -Va is only as secure as /var/lib/rpm... checking from a rescue envioronment against a read-only backup of /var/lib/rpm has some mileage though.

If you have any (non-config) files that differ from what rpm knows, you can reinstall the package that was modified.

see above.

The only guaranteed safe option is a complete reinstall and restore form known good backup.

You don't overwrite system-provided binaries yourself, right? Any compiled-from-source software should go into /usr/local or /opt...

and third-party RPM packages? Do you really not install any of those? Most now go into /usr

Regards

Stuart

- -- Stuart Sears RHCA RHCSS RHCX STFU PDQ RIAA MP3

Zoltan Boszormenyi wrote:

Stuart Sears írta:

...

Which, although you may have been lucky, is not usually the most sensible approach. (no offence intended) A few points to consider...

1. what if the rootkit is installed using rpm?

It wasn't, it was installed from source. The intruder left the source tree in place. He was a bit tricky to use chattr +i on /bin/login and some other progs. BTW, although rpm complained that it cannot replace those, why isn't it prepared for such scenarios? RPM is made for Linux, it should certainly know about special filesystem flags and handle them.

How should rpm handle it? Rpm has no way of knowing why the immutable flag was set. I believe the proper way is to report the problem, and let the user decide what to do about it. You could add a flag to rpm to let it override the immutable flag, but I think that would be a bad idea.

The way I look at it, if the immutable flag is set, then ether you didn't want the file to be changed without you giving specific permission by un-setting the flag, or you have other problems you should be made aware of.

Mikkel

Why?

Momentum, learning curve. Most people don't care about being able to look inside their system. When I work on Windows, I feel like I'm in a closet or a strait jacket. Part of that is unfamiliarity.

And you know what? That's just fine. I don't want to see Linux become more than about 10-15% of the desktop market. If it does, it will become a target. Right now, most of the exploits occur on windows so everyone else has a warning. And the beta testers for new technology pay to be beta testers with Windows! When the kinks are ironed out, I see it on Linux and the price is much better.

Also, at 10 to 15%, hardware suppliers are going to be thinking 1 in 7 or 10 customers. Worth providing either hardware specs or a driver.

And this also keeps the community nicer. If you were on usenet when AOL and webTV hit, you know what happened to the quality. Don't want to see that happen to Linux.

And windows serves a different market. The users of windows want ease of use and whiz bang. Security is a second or more distant consideration for Window's users. That's why most of their computers are zombies controlled from Romania or Russia. Great! When Microsoft tries to tighten security, they are inundated by users complaining about the inconvenience. They know their market and satisfy it: ease of use, whiz bang, security second.

Mikkel L. Ellertson írta:

Zoltan Boszormenyi wrote:

...

Mikkel L. Ellertson írta:

...

Zoltan Boszormenyi wrote:

...

He was a bit tricky to use chattr +i on /bin/login and some other progs. BTW, although rpm complained that it cannot replace those, why isn't it prepared for such scenarios? RPM is made for Linux, it should certainly know about special filesystem flags and handle them.

How should rpm handle it? Rpm has no way of knowing why the

How?

1. be able to specify special flags in the specfile and apply them upon

install 2. detect if the filesystem doesn't handle such specials and make note of it in the rpmdb 3. clear them before uninstalling or upgrading 4. detect if it was modified, report it with rpmv (skip this check if the rpmdb indicates it, see 2)

Why? What would the advantages be? Do they overcome the drawbacks of rpm being able to change a file that you set the immutable flag on?

Mikkel

Yes, see 3.

Les Mikesell írta:

Zoltan Boszormenyi wrote:

...

...

...

...

...

He was a bit tricky to use chattr +i on /bin/login and some other progs. BTW, although rpm complained that it cannot replace those, why isn't it prepared for such scenarios? RPM is made for Linux, it should certainly know about special filesystem flags and handle them.

How should rpm handle it? Rpm has no way of knowing why the

How?

1. be able to specify special flags in the specfile and apply them

upon install 2. detect if the filesystem doesn't handle such specials and make note of it in the rpmdb 3. clear them before uninstalling or upgrading 4. detect if it was modified, report it with rpmv (skip this check if the rpmdb indicates it, see 2)

Why? What would the advantages be? Do they overcome the drawbacks of rpm being able to change a file that you set the immutable flag on?

Mikkel

Yes, see 3.

What would be the point of having a special attribute if programs can just ignore it?

What's the point of having a package manager if you can overwrite everything by compiling from source or delete stuff?

What's the point of setting the immutable flag on a binary, doc or data file that might - and eventually will - be replaced if you upgrade its package?

What's the point of handling Unix/SELinux permissions by rpm if you can simply chmod/chown everything?

I ran out of rhetoric questions. :-)

But your POV in the question above is wrong. The point is to take advantage of something where available. Actually, I have another rhetoric question to back up my POV: what's the point of supporting NX in the newer CPUs when you can run the compiled kernel on older system where the feature never activates?

Best regards, Zoltán Böszörményi

Les Mikesell írta:

Zoltan Boszormenyi wrote:

...

Les Mikesell írta:

...

Zoltan Boszormenyi wrote:

...

...

...

> >> He was a bit tricky to >> use chattr +i on /bin/login and some other progs. >> BTW, although rpm complained that it cannot replace >> those, why isn't it prepared for such scenarios? >> RPM is made for Linux, it should certainly know >> about special filesystem flags and handle them. >> >> > How should rpm handle it? Rpm has no way of knowing why the > How?

1. be able to specify special flags in the specfile and apply

them upon install 2. detect if the filesystem doesn't handle such specials and make note of it in the rpmdb 3. clear them before uninstalling or upgrading 4. detect if it was modified, report it with rpmv (skip this check if the rpmdb indicates it, see 2)

Why? What would the advantages be? Do they overcome the drawbacks of rpm being able to change a file that you set the immutable flag on?

Mikkel

Yes, see 3.

What would be the point of having a special attribute if programs can just ignore it?

What's the point of having a package manager if you can overwrite everything by compiling from source or delete stuff?

What's the point of setting the immutable flag on a binary, doc or data file that might - and eventually will - be replaced if you upgrade its package?

What's the point of handling Unix/SELinux permissions by rpm if you can simply chmod/chown everything?

I ran out of rhetoric questions. :-)

It's all a matter of programmer-vs.-programmer wars to show who is in control.

My questions above weren't about war. Again, different POVs. I tried to give some examples of ease of use vs manual control.

A1. you have package manager because you want easy installation and you don't want to wait while the stuff compiles A3. because it's easier to have everything have the proper permissions, let rpm handle it.

and

A2. the packager may consider a file to be so essential that he wants it immutable. but the upgrade of the package must also work without manual override, i.e. without clearing immutable flag first.

You can compare it to the person who thought that the passwd program should only talk directly to a tty and that programs should not be able to use it. That lasted a few months - until another programmer wanted his program to be able to change passwords and wrote 'expect' to do it. A big waste of both people's time...

Agreed, that's unfortunate.

...

But your POV in the question above is wrong. The point is to take advantage of something where available.

Beg your pardon? The point of adding the immutable bit was so the file couldn't be changed by ordinary means. It is, again, a waste of both parties efforts as soon as someone adds the programming to bypass its attempt at control.

But you already have it - you can use chattr from shell scripts or manually. But chattr works only as root and you can only run rpm -[iU] as root successfully anyway. Hm. You can use chattr in pre and post scriptlets in rpm today. :-) But rpmv won't tell you whether the fs-special flags were set by rpm or by someone else.

I can certainly remember if I set this flag myself (e.g. have it documented) or ask the collegues. If no one authorized has set it (like it was in the case of the intrusion) then I would expect that rpm were able to replace a package with --force, even if some files have the immutable flag set. (Or similar in case of other FSes than ext2/3/4.)

...

Actually, I have another rhetoric question to back up my POV: what's the point of supporting NX in the newer CPUs when you can run the compiled kernel on older system where the feature never activates?

For kernel features it isn't a rhetorical question. The answer is always that Linus wants it to be that way.

-----Original Message----- From: fedora-list-bounces@redhat.com [mailto:fedora-list-bounces@redhat.com] On Behalf Of Stuart Sears Sent: Sunday, April 29, 2007 1:24 PM To: For users of Fedora Subject: Re: Why most run Microsoft, not RedHat

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

I appreciate that I am responding to two people here so I've tried to point out which one I am addressing below...

Zoltan Boszormenyi wrote: ### Tomas's Bit:

...

Tomas Larsson írta:

...

Obviously there must be flaws in any OS/SW even Linux, as

an example

...

...

my FC4-server was rooted, due to a flaw in php/MySQL.

SElinux++ ...but I bet you had it turned off, didn't you ;) windows is no safer against 0-day expoits than anything else. Arguably less safe (IMO) as it has absolutely not diagnostic output that is readble by normal people...

...

...

I ended up with a complete re-install,

..and did you enable SELinux protection that time?

...

...

if it was a windows-system, first of all, it wouldn't probably happen,

I don't see how you can say that... bad php code on a windows-basecd webserver is just as exploitable as it would be on any web-server.

...

...

...

since my AW would have taken care of it,

really? you have a piece of security software that can stop people expoloiting bad php code? We aren't talking viruses here. (nb: I am Assuming that AW is antivirus.. if it means something else, please enlighten me)

...

...

plus the fact that I would have managed to remove it without re-installing, So in a sence Linux is far much more complicated to restore, compared to Windows XP.

SELINUX was enabled, when that happened, obviously that didn't stop the intrusion. I was told by "logwatch" that my server was compromized, the following day, god knows what hapened before I shut it down.

Of course bad PHP code is exploitable regardles of OS, but my Win Antivirus package intrusion-detection would most likely have stopped the thing from happening.

With best regards

Tomas Larsson Sweden http://www.tlec.se http://www.ebaman.com

Verus Amicus Est Tamquam Alter Idem

On Thu, 2007-04-19 at 15:53 -0500, Bruno Wolff III wrote:

On Thu, Apr 19, 2007 at 18:13:28 +0200, Tomas Larsson tomas@tlec.se wrote:

...

I'm not saying that Windows by any means are safer than other OS, but its not more un-safe either.

I disagree. While it isn't really the OS's fault, Microsoft encourages applications to be written to do dangerous things rather than inconvenience the user.

...

What I'm saying that any-one that runs an unprotected computer despite all media coverage is stupid, he or she cannot blame the OS if he or she opens a virusinfected mail.

No they ought to blame their crappy email client that executes foreign code.

...

Obviously there must be flaws in any OS/SW even Linux, as an example my FC4-server was rooted, due to a flaw in php/MySQL.

PHP is known for making mistakes easy.

Especially if you set it to not run in safe mode so badly written PHP programs can run. 'Tis better to run in safe mode and fix the bad code. Yes, I've been down that road with our clients. My answer: "It runs in safe mode. Fix your code."

...

I ended up with a complete re-install, if it was a windows-system, first of all, it wouldn't probably happen, since my AW would have taken care of it, plus the fact that I would have managed to remove it without re-installing,

Only if you like living dangerously. If a machine is compromised, there are two relatively safe options. Reinstall from known good media or boot off of known good media and remove all trojan software. Often it is easier to reinstall than trying to sort out good from bad files.

Which is why things such as tripwire were invented.

The same is true for Windows. You can hope that no human looked at your machine and your antitrojan cleanup software gets everything, but you have know way of knowing for sure, if you don't do a complete check.

The inherent incestuousness of Windows makes any exploit VERY dangerous.

---------------------------------------------------------------------- - Rick Stevens, Principal Engineer rstevens@internap.com - - VitalStream, Inc. http://www.vitalstream.com - - - - Diplomacy: The art of saying "Nice doggy!" until you can find a - - big enough rock. - ----------------------------------------------------------------------

On Wednesday, April 25, 2007 6:18 am Ingemar Nilsson wrote:

What is it that safe-mode does that makes it improve security in any meaningful way? According to the PHP developers, it is an ugly hack that doesn't bring any real security benefits, and is thus slated to be removed in the next major release of PHP.

The point of PHP's safe mode was not actually to improve security, but to improve the knowledge of those who wrote PHP programs.

The problem was, originally PHP would create variables with the names of the HTML elements they were originally taken from (&lt;input type="text" name="test"&gt; would become $test in PHP). Most authors used this feature without thinking, because it was convinient. But it allows for a bunch of serious attacks from the outside, especially if it is used in conjunction with database queries.

Safe mode causes those elements to not be registered, forcing the author to access the variables using the special superarrays ($_GET, $_POST, $_COOKIE, etc.), which prevents the aforementioned attacks. They didn't just change it because it would have broken compatibility with older scripts; the general hope was that it would slowly be turned on over time.

At least, that's what I seem to recall.

"Tomas Larsson" tomas@tlec.se writes:

So I simly don't buy that you get infected first time you are connected.

In 2003, I installed Windows XP on my laptop while at home. Since I also had a redistributable package of SP1 on a CD, I installed that too. I also installed the McAfee virus scanner.

Since I didn't have an internet connection at home at that time, I chose to bring it to work to install the latest virus database and Windows patches. I wasn't aware though how quickly an unprotected Windows computer would be infected, so I didn't turn on the firewall. I actually didn't even know Windows XP had one built in.

I connected it in my office and updated the virus scanner. I started downloading a long list of updates to Windows XP. About 15 to 20 minutes after I connected it, one of my colleagues comees into my room to tell me that my computer is spreading worms. At about the same time, the virus scanner started complaining about a virus infection. I also got a mail from the incident response team of our site, suggesting that I turn on the built-in firewall before even connecting it to the 'net.

Since I didn't feel like hunting around Windows for god knows what and how many viruses and worms, I reinstalled the computer to get rid of it. That was my last virus infection in Windows.

Regards Ingemar

On Thu, 2007-04-19 at 13:29 +0200, Tomas Larsson wrote:

The rumour that XP is unreliable etc, is just a rumour.

Hmm, got a call from a friend he'd just got XP, come up and see it. He installs, hops on the internet to get updates, FOUR WHOLE SECONDS LATER he's infected with a virus. He had no other way of making his system more secure than the installation CD provides than hopping on the net. He downloaded an anti-virus package, it couldn't fix up the infection. It wasn't allowed to modify the file (oddly enough, the virus was allowed to modify that important file). It was format and re-install as the only way to get rid of it. This time it was a few seconds longer before he got infected after the installation finished. I nearly wet the chair laughing. XP continued to be sold in that fragile condition for a long time afterwards, it probably still is.

I've watched him progress from Win 95, 98SE, 2000, and now XP. It hasn't got more reliable since ditching 98SE. Even a box with almost nothing installed (no extra sound cards, basic video drivers, almost no applications, etc.), still manages to screw up royally. It's every bit as bad as the reputation that it has earnt.

On Thu, 2007-04-19 at 14:10 +0100, Anne Wilson wrote:

And you are surprised? AV must be installed before connection to the Internet. And don't tell me it can't be...

No, I'm not. He did that against my advice. However, there are cases where you can't. I've used anti-virus software which will not do anything until after you've updated it. That could only be done over the net. Chicken and egg...

On Wednesday 25 April 2007, Ingemar Nilsson wrote:

Anne Wilson cannewilson@googlemail.com writes:

...

And you are surprised? AV must be installed before connection to the Internet. And don't tell me it can't be...

It doesn't have to be. The firewall has to be enabled though. That Windows XP had a firewall from the start is unknown to many, since they think it came with SP2. SP2 turned it on, and certainly improved it, but it was there before too, doing its job if you knew it was there and turned it on manually.

That Windows XP contained a firewall but had it turned off in its default state is incomprehensible to me. That it was off by default is certainly to a great extent responsible for the worm infestations we have seen, especially before SP2, but also after, for those that did not update their systems.

It seems undescribably stupid to ship a product with a built in firewall, but keeping the firewall turned off in its default configuration.

Oh, we could describe it allright, but then everyone would have a copy of my personal 15 minute monolog, IF their monitor was fireproof.

Regards Ingemar

On Wednesday 25 April 2007, Les Mikesell wrote:

Gene Heskett wrote:

...

...

That Windows XP contained a firewall but had it turned off in its default state is incomprehensible to me. That it was off by default is certainly to a great extent responsible for the worm infestations we have seen, especially before SP2, but also after, for those that did not update their systems.

It seems undescribably stupid to ship a product with a built in firewall, but keeping the firewall turned off in its default configuration.

Oh, we could describe it allright, but then everyone would have a copy of my personal 15 minute monolog, IF their monitor was fireproof.

On the other hand it is just bizarre to have a network full of things that don't respond to ICMP/ping.

Yeah, like ALL of vz's servers. HTF are you supposed to troubleshoot when one of their dns machines gets hammered and falls over? I've had more than one very pointed discussion with their tech support about that. Some don't even respond to a tcp ping!

-- Les Mikesell lesmikesell@gmail.com

Tim:

...

Hmm, got a call from a friend he'd just got XP, come up and see it. He installs, hops on the internet to get updates, FOUR WHOLE SECONDS LATER he's infected with a virus.

Tom Rivers:

I'm curious. Did he have his WinXP system connected directly to the Internet or was it behind a router? Also, was this WinXP with Service Pack 2 already installed or was it a previous iteration of the product?

He had a USB ADSL modem. So, your computer is (almost) directly connected. I can't really remember which version it was, now.

Tim:

...

He had a USB ADSL modem. So, your computer is (almost) directly connected. I can't really remember which version it was, now.

Tom Rivers:

The reason I asked is that it really isn't a good idea to take a pre Service Pack 2 Windows XP computer and plug it into the Internet because it doesn't have a firewall protecting it by default. Had your friend been using a cheap router between his PC and the ISP's modem, he wouldn't have caught any virus because he would've gone straight to Windows Update and patched the system to a state of relative safety.

That I know. The real fault lay firmly at the feet of Microsoft, who made such a crappy system, so vulnerable in the first place, and so difficult make safe without requiring additional software or hardware.

It's as clear as anything to those who run systems that dial-up networking (whatever technique) should not have the LAN file system networking extended to it by default.

Certain technologies (old serial, USB modems, wireless, etc.), make it very difficult to put hardware between you and the big bad web. And it's also a bad idea to rely on something external to protect you from faults on the inside. Those faults need fixing, not papering over.

Microsoft still has a lot of security issues concerning its products, despite its Trustworthy Computing Initiative, and I don't see that problem going away anytime soon.

I don't see it going away, ever. Their mindset is just not that way. They've had to be dragged kicking and screaming into the notion of doing things more safely, but they still won't believe it.

Blindly plugging any unpatched system into the Internet, especially one without firewall protection, is never a good idea.

While I know that, most Windows users will not (new or long term users). And it shouldn't have to be the case. It should be safe, from the get go, and it should be up to you to do something stupid in reconfiguring it, before it becomes unsafe.

Ingemar Nilsson wrote:

"Tomas Larsson" tomas@tlec.se writes:

...

Until that time that Linux installs as effortless as Windows, without any tweaking, linux will be a nerd-os and nothing else.

I have the opposite experience. Windows XP is not simple to install, while Fedora Core is.

We all have our horror stories for both OS's but that is not the issue. The issue is why do people choose Windows over Linux.

I came across this article via slashdot and it is important to this discussion.

The Virtues of Monoculture

http://www.oreillynet.com/onlamp/blog/2007/04/the_virtues_of_monoculture.htm...

Now I prefer choice over following the lemmings. I prefer to use the best product for the job. This article points to one problem with getting Linux adopted. Ease of integration.

Quote from article.

So what’s good about a monoculture, and why does Microsoft win so often when people make a decision about platforms? Largely because what the open source community sees as a strength, people trying to get a job done in the real world see as a weakness. We celebrate the diversity of choices available to solve a problem and call it freedom. IT managers and CIOs look at it and call it chaos, confusion and uncertainty.

He also goes into the development tools and how well they are documented with no choices for alternatives.

Is this the path that makes Microsoft so good?

Now I look at this from my daughters experience. The school she goes to us a Mac school but uses MS Office and IE. It crashes and has so many other issues. She uses Linux at home and loves it. She wants to use Firefox and OpenOffice but the school won't allow it. And some of the people she has talked to have never even heard of Linux or OpenOffice.

Recently, I have been hearing more and more people are getting a shock out of the visual eye-candy of Beryl on Linux and some are dropping their Vista for Linux to use Beryl. It is eye-candy but Microsoft was hyping up the Aero display in Vista which is a very poor cousin to Beryl.

Dotan Cohen wrote:

On 25/04/07, Robin Laing Robin.Laing@drdc-rddc.gc.ca wrote:

...

Now I look at this from my daughters experience. The school she goes to us a Mac school but uses MS Office and IE. It crashes and has so many other issues. She uses Linux at home and loves it. She wants to use Firefox and OpenOffice but the school won't allow it. And some of the people she has talked to have never even heard of Linux or OpenOffice.

She's talking to the IT department? And they've never heard of OpenOffice?!?

The mac flavor would be NeoOffice. It doesn't need to run under X.

Anne Wilson wrote:

...

...

You speak of "limited experience" - I deal with many Windows machines, all day long, day in and day out, in a business environment. Maybe that's the difference. We have an enterprise grade firewall behind the router. Each Windows box runs its own personal firewall. Each machine also runs anti-virus and anti-spyware. That's the price you have to pay - it costs money, and it takes time - it stinks.

And it doesn't help if you get the virus before your anti-virus vendor has the cure.

In that case you very likely have the wrong vendor. Any respectable AV vendor will have a sample the moment anyone reports it. You could be the unlucky first victim, but the odds are slight, to say the least.

We used the 2 biggest vendors. And clam.

...

...

I prefer Linux but you can't tell me that Windows can't be run reliably - it's just not my experience over many, many years. I don't think it has anything to do with luck.

You can say that because you've been lucky. We had 2 rounds of 0-day exploits. One took 3 days for the anti-virus vendors to come up with a cure.

"I've often noticed that the harder I work, the luckier I get". I can't remember who said it, but....

We diagnosed the problem ourselves, sent the samples, both vendors took 3 days to respond. It was about a week before it was included in a clam update.

...

The problem is that so much of the system is opaque with undocumented 'features' that are just waiting to be exploited. It's not that the users are clueless, it is that there is no way for them to have a clue. How many people know the minimal set of ports needed to be open for Active Directory and Exchange server to work and what is supposed to happen on each, for example?

How many people need to? If they need those services their sysadmin or vendor will have set it up for them. Ordinary users never need to know this.

Not even those people know. Who knew about the current DNS exploit?

My elder daughter is indeed clueless. She wants a tool to do the job. She has been using a computer attached to the Internet for around 10 years, under Win98 until last year, and now under XP. She has used Netscape/Mozilla for browsing and mail all that time. She knows about dubious emails. She doesn't visit dodgy sites. She has up to date AV and a firewall. She rings me if there's something unusual and worrying. She has had neither virus nor trojan in all that time. The only installs have been done when I have changed her hardware.

How do you know the machine isn't compromised? The current crop of viruses aren't obvious but let someone control it when they want. Vint Cerf has estimated that 25% of all computers are - and I'd guess even higher than that. Would you know if it was sending a few pieces of spam email now and then - or making a few web site hits to run up someone's ad counters?

On Thu, 2007-04-19 at 01:14 -0400, Claude Jones wrote:

On Wed April 18 2007, Robin Laing wrote:

...

You are a lucky person. In my limited experience with Windows, a re-install has happened more than that. I did try the re-install but that was useless due to all the secondary applications.

Heck, even Steve Ballmer, CEO for Microsoft needs to re-install Windows when it gets to rough.

My biggest headache has always been registry problems.

But that is my experience.

You speak of "limited experience" - I deal with many Windows machines, all day long, day in and day out, in a business environment. Maybe that's the difference. We have an enterprise grade firewall behind the router. Each Windows box runs its own personal firewall. Each machine also runs anti-virus and anti-spyware. That's the price you have to pay - it costs money, and it takes time - it stinks. But, safe practices over many years, and that's been my experience. The only virus that ever got detected inside my company was ironically caught by one of my machines - but I caught it right away, and it hadn't activated itself. We've got one gal who just can't resist clicking indiscriminately, and I've set up a vm for her on her box using the free vmplayer and a vm built on our vmware workstation, and she's under strict orders to do all her internet stuff from the virtual machine - ironically, once we implemented that policy, she stopped having problems.

I prefer Linux but you can't tell me that Windows can't be run reliably - it's just not my experience over many, many years. I don't think it has anything to do with luck. The main problems I encounter again and again are with clueless operators who've ignored repeated instructions about dangerous surfing practices and clicking on attachments - those are the two most common causes of problems - are they caused by the operating system? - one can argue that it's the defective design of the system that allows clueless operators to damage their system and I will agree. There are many things that can be done cluelessly in life and will result in mayhem -

Speaking to the question about the problems encountered in recent weeks regarding drivers and endless boot cycles, I would try a Windows repair; boot from the installation CD, click past the first repair options and let it continue past the checking the drives for previous installations of Windows section, and after that check, it should find your damaged installation and offer the option to repair the existing installation - if it doesn't, you're borked. If it does, just let it do its thing - once completed, you'll have to patch your system back up to current security patches and service packs, but you'll have preserved all your settings and data. Make sure you have your CD key because it will ask for it. If you've just had a bad event but your box is stil able to boot you also have system restore function that often works - if yo poke around the help files you can find a system restore list that lets you roll back a system to a previous state - just had to do it today when a Windows Media update failed in a state where I couldn't roll it back - I picked a restore from last Sunday and afer a few moments, I has restored the system to its sate 4 days earlier, and Windows Media worked just fine.

Personally, I like playing with all operating systems - they nearly have unique capabilities and features that are very good for doing certain things. I still interact with a early nineties-vintage Dec-Alpha running VMS - it does one task very well and requires little maintenance, running a daybook/document management system for a publishing company that's never gone down more than a half day - it's a terminal client system with all programs being fun from the central processor. It's a bit weak in its word processing feature set, but it chugs along, day in and day out. I've got an old Amiga 500 that still runs video titling software and lets us dedicate a work station where we can produce custom titling for shows going out to specific stations, destinations that require non-standard program ID's and such to be overlaid on the video stream; we've got a Mac guy here who's into all the whiz bang features of the Mac for his multimedia operations, and runs servers out of his house via FIOS connection which are located miles away from his home, and in some cases across the country.

Then there's me, the Linux guy - they like me because I can ask for an ip outside the firewall using one of our assined ip addresses in our top range and run my box completely outside the Symantec Enterprise Firewall - I'vd got ssh runninng on that box and a second nic connected to a hub so people can avoid the whole company network when they suspect theyr'e dealing with a threat - I have an entierely independent lan behind that Linux box and I use it for all sorts of stuff.. We can bring up a virus infected machine behind my Linux firewalled box, and we know we don't have to worry about its getting control over any other machines - we download pathes and utilities to clean up the offending machine without having to worry about letting vermin in behind our Windows Lan - since there is no direct connection between the two. I even run a wireless access point for people who need to connect the net via wireless connections - our lan is just of the picture and therefore remains protected.

But when you use Windows in an engineering department, where people have to search the net for new and innovative solutions, and code is routinely passed around, the protection you describe by limiting user interaction is no longer applicable. Even when engineers attempt to deal correctly with malicious threats, and do development in a rigorous fashion, the fundamental limitations of the protection under windows fails miserably. Every engineering situation is of course different, but leading edge development means often partially tested code, modified code, hand edited code, and code from multiple compilers/debuggers/code tools/code authoring tools, and all of it running in Windows, where the base user has to be a root equivalent to even handle most of the debugging tools, yeilds system and network crashes. Add a couple of newbies, an occasional sales/marketing/secretarial blunder and you have a loss of control of the environment, and that control of that environment is limited by the inherent design of Windows. The ability to design, develop and debug code in a Unix environment without being root is the key to a much greater level of protection that inherently doesn't exist on Windows (at least as of XP. I cannot speak to Vista.)

Our experiences differ, that is fundamental to both our own uses of the system, our customers uses of their systems and a view of the problem. I just have to ask, do you use Active Directory in your windows servers? And how many boxes does it take to support your users, for instance 10 users/server? My experience is that 100 users/server is doable in Unix, 50/server in Linux, and 20 or fewer in windows?

Regards, Les H

On 4/18/07, Scott van Looy scott@ethosuk.org.uk wrote:

On Apr 17 Les Mikesell did spake thusly:

...

No, there are three methods known to fix windows problems and you always try them in this order: (1) reboot, (2), reinstall windows, (3) reformat.

Possibly 9,000,000 years ago, unsurprisingly things have changed somewhat since.

IF it's not booting, insert CD, go to recovery console, log on, type "fixmbr"

For other issues:

1. reboot
2. last known good
3. safe mode (if it runs in safe mode, try rebooting, sometimes that's

enough to fix things, sometimes not). Fix the issue there 4) insert Windows CD and let it automatically find and repair windows by going through the install wizard until you reach the bit where it finds your old copy of windows and can reinstall 5) IF it won't run or won't reinstall correctly, then and ONLY then, reinstall

It's easier to fix windows without reinstalling than it is to fix fedora ;)

You must have a different version than I do. But really, this discussion is somewhat silly.

Scott van Looy wrote:

...

You must have a different version than I do. But really, this discussion is somewhat silly.

Possibly, but it's been like this for 8 years...you can't compare Win98 or something with FC6, that's just ridiculous

Why not? The concepts that make make fedora and all other Linux versions straightforward to install and keep running were inherited from unix and well known by the mid-80's. Microsoft just chose to ignore them.

Scott van Looy wrote:

Today Les Mikesell did spake thusly:

...

Scott van Looy wrote:

...

...

You must have a different version than I do. But really, this discussion is somewhat silly.

Possibly, but it's been like this for 8 years...you can't compare Win98 or something with FC6, that's just ridiculous

Why not? The concepts that make make fedora and all other Linux versions straightforward to install and keep running were inherited from unix and well known by the mid-80's. Microsoft just chose to ignore them.

I believe you're forgetting the "fun" of linux in 1998 - or was your copy of Redhat 5 just as good as FC6?

There were problems getting linux drivers to work on certain hardware back then, but it was as good in terms of 'if it worked once it will keep working' and if anything broke it could be fixed by replacing the appropriate file. By RH7.3 it was about as solid as anything before or since... I have one of those that is within a couple of months of a 4-year uptime (counter has rolled twice) - and for a few years before that it was only down for the reboots to update the kernel.

*Every* windows box here has been down many times due to virus attacks and the updates required to prevent more of them in that time span.

BRUCE STANLEY wrote:

...

...

Today Les Mikesell did spake thusly:

There were problems getting linux drivers to work on certain hardware back then, but it was as good in terms of 'if it worked once it will keep working' and if anything broke it could be fixed by replacing the appropriate file. By RH7.3 it was about as solid as anything before or since... I have one of those that is within a couple of months of a 4-year uptime (counter has rolled twice) - and for a few years before that it was only down for the reboots to update the kernel.

*Every* windows box here has been down many times due to virus attacks and the updates required to prevent more of them in that time span.

Wow! 4 years and no reboot?

We have not hat that kind of success with our RHEL 3 Taroon 2.4.21-4ELsmp system (2 XEONS with 8GB memory).

This is running 2.4.20-18.7 on a system with 4 gigs of RAM. It's running our DHCP, DNS, samba, internal mail services and a few internal web sites.

If we do not reboot at least once every 2 weeks, we start having memory starvation problems.

I also have dozens of machines running RH9 2.4.20-18.9bigmem #1 SMP or 2.4.20-20.9smp #1 SMP and CentOS 3.4 running 2.4.21-27.0.4.ELsmp that have been up more than a year. And lots of others that have only been down for relocation or kernel updates. I do have problems with a bug in the Sun java j2sdk1.4.2_05 JVM that leaks memory, but I just restart the JVM periodically instead of rebooting. If you think you have a kernel problem you should update it. If you have an application leaking memory, you should be able to restart it instead of rebooting.

We think that there is a memory leak problem somwhere or something is grabing memory for I-O buffers but not releasing any for furhter use.

It's normal for unused RAM to be used for file buffers but they should be released as needed by applications. I've heard of some kernel versions having problems with that, but they were usually quickly replaced by updated versions.

Our hardware/Linux support people just tell us to do a reboot which fixes the problem.

Are you running the latest update? I'd expect RHEL3 to match the current 2.4.21-47.0.1.ELsmp I have on updated Centos3 boxes. And I'd expect the support people to tell you to update if you have a problem and an update is available.

Today Les Mikesell did spake thusly:

Scott van Looy wrote:

...

On Apr 17 Les Mikesell did spake thusly:

...

No, there are three methods known to fix windows problems and you always try them in this order: (1) reboot, (2), reinstall windows, (3) reformat.

Possibly 9,000,000 years ago, unsurprisingly things have changed somewhat since.

I have a long memory and have not forgotten the wasted time.

Yes, but that's not very relevant/practical these days :P

...

IF it's not booting, insert CD, go to recovery console, log on, type "fixmbr"

For other issues:

1. reboot
2. last known good
3. safe mode (if it runs in safe mode, try rebooting, sometimes that's

enough to fix things, sometimes not). Fix the issue there

I've had this work a few times, and not a few times.

Most of the time it works for me. Occasionally not, so I go on to the next step

...

4. insert Windows CD and let it automatically find and repair windows by

going through the install wizard until you reach the bit where it finds your old copy of windows and can reinstall

I've never had this work - it's all very mysterious.

I've never had this not work. It's called an "in place upgrade" and bascially should (provided you've not screwed up your registry somehow) always work. Registry screwups are usually salveagable because there's backups kept automatically...

...

5. IF it won't run or won't reinstall correctly, then and ONLY then,

reinstall

It's easier to fix windows without reinstalling than it is to fix fedora ;)

What? After the boot loader, there is no magic in fedora. Anything can be fixed by putting the right file(s) back in the right place and there are several approaches to doing it. If X breaks you can use the command line or connect remotely. You can boot to single user mode if something late in the startup sequence causes problems. You can pick a previously-working kernel at bootup, or boot in rescue mode from the install CD.

Many people have rescued their Windows data by booting a Linux run-from-CD version like Knoppix to get access to their disk and network because windows alone couldn't do it.

I've never needed to, having been able to rescue windows in all situations. Plus I partition my disks so all I lose at any one time is my apps and whatever's sat on my desktop if I do need to do a complete reformat, something I've only ever needed to do once

Scott van Looy wrote:

I've never needed to, having been able to rescue windows in all situations. Plus I partition my disks so all I lose at any one time is my apps and whatever's sat on my desktop if I do need to do a complete reformat, something I've only ever needed to do once

How would you repair an XP installation that continuously reboots after installing a USB keyboard and SATA drivers? (It even reboots in safe mode.)

How would you repair another installation which reboots continuously after selecting chkdsk to check the disk on reboot?

These are two recent problems where I had no idea as how to recover from.

Jim

Scott van Looy wrote:

On Apr 18 Jim Cornette did spake thusly:

...

Scott van Looy wrote:

...

I've never needed to, having been able to rescue windows in all situations. Plus I partition my disks so all I lose at any one time is my apps and whatever's sat on my desktop if I do need to do a complete reformat, something I've only ever needed to do once

How would you repair an XP installation that continuously reboots after installing a USB keyboard and SATA drivers? (It even reboots in safe mode.)

I'd see what the error is.

I could not see the error since it constantly reboots. I did check for minidumps from the ultimate Microsoft OS (always in automatic reboot mode) after installing W2k in the same partition. There was no sign of a "BSOD alternative" for that date. I expected to see a minidump for each reboot.

I'd remove all perhipherals and see if it still reboots,

I removed the USB keyboard and went PS2. I could not remove the SATA drive since the installation was on that disk.

I'd disable sata/usb in bios and see if it still reboots and if even that doesn't work I'd do an in place upgrade using the original media

I have no media for the XP version, it was not included. The BIOS settings might be wort a try. I was just surprised that it worked alright, then it found new drivers for keyboard and SATA and said I would need a reboot in order to use the new features. On the reboot it kept on going like the pink bunny toy for the battery commercial. (Reboot loop)

I'll check the settings in BIOS and see how it responds with changes to settings.

...

How would you repair another installation which reboots continuously after selecting chkdsk to check the disk on reboot?

You can get out of the chkdsk by pressing esc, if it's rebooting before the chkdsk is happening,

Thanks for the pointer on escaping the chkdsk then reboot over and over again. I still have this installation to test or can get another installation where it is easily reproducible to repeat the failure.

safe mode may work, if not, an in place upgrade, again

I hope the esc, safemode, then being able to locate failure messages works. The only thing I see is preventive measures, do not chkdsk the systems to prevent warranty and service issues. :-)

Windows is still not my favorite. I prefer Linux. Linux is at least sane.

Jim

Les wrote:

On Wed, 2007-04-18 at 21:04 -0400, Jim Cornette wrote:

...

Scott van Looy wrote:

...

On Apr 18 Jim Cornette did spake thusly:

...

Scott van Looy wrote:

...

I've never needed to, having been able to rescue windows in all situations. Plus I partition my disks so all I lose at any one time is my apps and whatever's sat on my desktop if I do need to do a complete reformat, something I've only ever needed to do once

How would you repair an XP installation that continuously reboots after installing a USB keyboard and SATA drivers? (It even reboots in safe mode.)

I'd see what the error is.

I could not see the error since it constantly reboots. I did check for minidumps from the ultimate Microsoft OS (always in automatic reboot mode) after installing W2k in the same partition. There was no sign of a "BSOD alternative" for that date. I expected to see a minidump for each reboot.

...

I'd remove all perhipherals and see if it still reboots,

I removed the USB keyboard and went PS2. I could not remove the SATA drive since the installation was on that disk.

...

I'd disable sata/usb in bios and see if it still reboots and if even that doesn't work I'd do an in place upgrade using the original media

I have no media for the XP version, it was not included. The BIOS settings might be wort a try. I was just surprised that it worked alright, then it found new drivers for keyboard and SATA and said I would need a reboot in order to use the new features. On the reboot it kept on going like the pink bunny toy for the battery commercial. (Reboot loop)

I'll check the settings in BIOS and see how it responds with changes to settings.

...

...

How would you repair another installation which reboots continuously after selecting chkdsk to check the disk on reboot?

You can get out of the chkdsk by pressing esc, if it's rebooting before the chkdsk is happening,

Thanks for the pointer on escaping the chkdsk then reboot over and over again. I still have this installation to test or can get another installation where it is easily reproducible to repeat the failure.

...

safe mode may work, if not, an in place upgrade, again

I hope the esc, safemode, then being able to locate failure messages works. The only thing I see is preventive measures, do not chkdsk the systems to prevent warranty and service issues. :-)

Windows is still not my favorite. I prefer Linux. Linux is at least sane.

Jim

Hi, Jim, The system manufacturer should be able to supply you with his "OEM" disk for the system you are working on for XP. The OEM disk is not encumbered in anyway, and should enable you to reset the system, including the "update install" that has been discussed. I had the same situation on one of my systems, and the MFR. sent me a new CD by FedEx and I had it in two days. Microsoft wouldn't (or couldn't) do anything to help with the issue. I spent four days on the telephone with their "tech support" and finally got the disk and did a clean install to get up and running. I lost some stuff, but got it back up. That was the last straw for me and Microsoft. When their tech support cannot help you get the software you need, and it is their software to begin with, what good are they? I've worked tech support for large systems, utilizing built in subsystems. If I had ever told a customer to go to one of the subsystem manufacturers for assistance, I would have had a much smaller pay check for a much shorter period of time.

Regards, Les H

Thanks Les,

I will contact the supplier of these computers. I thought it would be easier if the OS supplier would provide this media upon request. They have all the genuine OS version and 25 digit codes. I assumed their OS tech support could not help much with a solution to the problem without media being supplied by them. I did not contact them of course for support.

Still preferring Linux to getting out of problems with systems, if encountered.

Jim

On Wed, 2007-04-18 at 08:07 +0100, Scott van Looy wrote:

For other issues:

1. reboot

Rarely needed on Linux, even for major configuration changes. Needed all the time with Windows, repeatedly, and a major waste of time. A few seconds of reconfiguring something on Linux becomes minutes on Windows.

2. last known good

On Linux, undo the last thing that you did that stuffed things up. On Windows, try and undo a swag of unidentified things that stuffed you up, not really knowing which one it was, and not being able to undo just one thing.

3. safe mode (if it runs in safe mode, try rebooting, sometimes that's

enough to fix things, sometimes not). Fix the issue there

Turns out "safe mode" isn't really as safe as the name would imply. You're truly stuffed if you need to boot in safe mode, yet need to use things that don't work in safe mode (e.g. your network).

4. insert Windows CD and let it automatically find and repair windows

by going through the install wizard until you reach the bit where it finds your old copy of windows and can reinstall

Fine, maybe, if the fault is a broken Windows file. But not if it's a driver from somewhere else. You're in wipe out and fix up mode, since it's damn near impossible to replace just one stuffed up file.

5. IF it won't run or won't reinstall correctly, then and ONLY then,

reinstall

That's not an "if" but a "very often".

It's easier to fix windows without reinstalling than it is to fix fedora ;)

Bollocks.

Today Dotan Cohen did spake thusly:

On 19/04/07, Tim ignored_mailbox@yahoo.com.au wrote:

...

On Wed, 2007-04-18 at 08:07 +0100, Scott van Looy wrote:

...

For other issues:

1. reboot

Rarely needed on Linux, even for major configuration changes. Needed all the time with Windows, repeatedly, and a major waste of time. A few seconds of reconfiguring something on Linux becomes minutes on Windows.

Last semester in my physics course, right in the middle of a lecture, the professor's computer informed us that we had 4 minutes until reboot, due to updates that had automatically been downloaded and installed. He had to stop the lecture, reboot, and then find his place. During this time I took the opportunity to mention how rediculous that is, without mentioning that I don't use windows, and I was told that I'm stupid for not updating my own computer regularly. Apparently, reboots in the middle of work are common parts of the windows workflow. Worse, people accept that because it's the only way to be 'safe'.

I've never seen Windows do that. What I have seen it do is say "Windows will be restarted in 4 minutes [cancel]"

Cancelling lets you do it later. Being smug about linux lets you earn lower marks ;)

Ed Greshko wrote:

I just wonder if anyone has noticed that the OP has not said anything since first posting. Ever get the feeling you've been baited?

It does give one a chance to vent their frustrations with OS versions that have strange problems. It does look like several messages were sent as bait and are spawning two separate threads. Fortunately good ideas are presented within both spawned threads.

At least I can try some of the helpful hints from these baited threads from knowledgeable people from both camps and those impartial to any particular OS.

Jim

On Thu, 2007-04-19 at 12:15 +0100, Scott van Looy wrote:

Today Jim Cornette did spake thusly:

...

Ed Greshko wrote:

...

I just wonder if anyone has noticed that the OP has not said anything since first posting. Ever get the feeling you've been baited?

It does give one a chance to vent their frustrations with OS versions that have strange problems. It does look like several messages were sent as bait and are spawning two separate threads. Fortunately good ideas are presented within both spawned threads.

At least I can try some of the helpful hints from these baited threads from knowledgeable people from both camps and those impartial to any particular OS.

I am impartial to any particular OS (cept OSX, which is icky), I just don't like the OS being bashed when it's actually the users' lack of knowledge that causes the problem

-- Scott van Looy - email:me@ethosuk.org.uk | web:www.ethosuk.org.uk site:www.freakcity.net - the in place for outcasts since 2003 PGP Fingerprint: 7180 5543 C6C4 747B 7E74 802C 7CF9 E526 44D9 D4A7 ------------------------------------------- |/// /// /// /// WIDE LOAD /// /// /// ///| -------------------------------------------

Windows 2000, Users Zilch

-- From a Slashdot.org post

Unfortunately for you there are a lot of users on here, who have knowledge about many operating systems. Your knowledge of the Windows system shows when you run as a user with administrative privileges. Sounds to me like you have been quite lucky. By the way, how did you acquire all this knowledge about windows? Maybe by dealing with all this stuff time after time?

Regards, Les H

On 19/04/07, Scott van Looy scott@ethosuk.org.uk wrote:

Today Dotan Cohen did spake thusly:

...

Last semester in my physics course, right in the middle of a lecture, the professor's computer informed us that we had 4 minutes until reboot, due to updates that had automatically been downloaded and installed. He had to stop the lecture, reboot, and then find his place. During this time I took the opportunity to mention how rediculous that is, without mentioning that I don't use windows, and I was told that I'm stupid for not updating my own computer regularly. Apparently, reboots in the middle of work are common parts of the windows workflow. Worse, people accept that because it's the only way to be 'safe'.

I've never seen Windows do that. What I have seen it do is say "Windows will be restarted in 4 minutes [cancel]"

Cancelling lets you do it later. Being smug about linux lets you earn lower marks ;)

No cancel button. I even have a screenshot of it doing that to _me_ once: about a week before I moved over to Linux for good. I'll gladly send you the screenshot. It's in Hebrew, but you can clearly see there is no Cancel button. And I find it hard to believe that Windows in English has a cancel button when Hebrew does not.

Dotan Cohen

http://what-is-what.com/what_is/quicktime.html http://essentialinux.com/konqueror.php

Today Dotan Cohen did spake thusly:

On 19/04/07, Dotan Cohen dotancohen@gmail.com wrote:

...

No cancel button. I even have a screenshot of it doing that to _me_ once: about a week before I moved over to Linux for good. I'll gladly send you the screenshot. It's in Hebrew, but you can clearly see there is no Cancel button. And I find it hard to believe that Windows in English has a cancel button when Hebrew does not.

Here is one: http://dotancohen.com/windowssucks.png translation: Your computer update is almost finished. In order to activate this update your computer must be restarted. Windows will automatically restart your computer in 3:56 minutes. Note that the "Restart Later" button is greyed out and unclickable.

And another: http://dotancohen.com/ihatewindows.png translation: Windows downloaded and installed an important security update that will help protect your computer. This update requires an automatic restart of your computer.

About a week after these, I was already using Fedora for everything but photo organizing. It took me another year to discover F-Spot and recycle the Windows partition.

OK, you weren't running as a user with administrative privs

Today Dotan Cohen did spake thusly:

On 19/04/07, Scott van Looy scott@ethosuk.org.uk wrote:

...

Today Dotan Cohen did spake thusly:

...

On 19/04/07, Dotan Cohen dotancohen@gmail.com wrote:

...

No cancel button. I even have a screenshot of it doing that to _me_ once: about a week before I moved over to Linux for good. I'll gladly send you the screenshot. It's in Hebrew, but you can clearly see there is no Cancel button. And I find it hard to believe that Windows in English has a cancel button when Hebrew does not.

Here is one: http://dotancohen.com/windowssucks.png translation: Your computer update is almost finished. In order to activate this update your computer must be restarted. Windows will automatically restart your computer in 3:56 minutes. Note that the "Restart Later" button is greyed out and unclickable.

And another: http://dotancohen.com/ihatewindows.png translation: Windows downloaded and installed an important security update that will help protect your computer. This update requires an automatic restart of your computer.

About a week after these, I was already using Fedora for everything but photo organizing. It took me another year to discover F-Spot and recycle the Windows partition.

OK, you weren't running as a user with administrative privs

Oh, I didn't realize that I was supposed to be an admin in regular use. Apparently my professor didn't realize that either. How dumb we are.

You're not supposed to be, but if you want to avoid such things then you should be. Also, the majority of windows software doesn't run properly without admin privs, so i'd be surprised if you were able to do this without such heartache.

Scott

Today Matthew Saltzman did spake thusly:

On Thu, 19 Apr 2007, Scott van Looy wrote:

...

Today Dotan Cohen did spake thusly:

...

On 19/04/07, Scott van Looy scott@ethosuk.org.uk wrote:

...

OK, you weren't running as a user with administrative privs

Oh, I didn't realize that I was supposed to be an admin in regular use. Apparently my professor didn't realize that either. How dumb we are.

You're not supposed to be, but if you want to avoid such things then you should be. Also, the majority of windows software doesn't run properly without admin privs, so i'd be surprised if you were able to do this without such heartache.

And *that's* what they mean when they say, "Defective by design."

Yep, that's a problem. Mostly caused by app developers and not Microsoft. They've attempted to force the app developers hand with Vista now, so we'll see if it works out...

Scott van Looy scott@ethosuk.org.uk writes:

They've attempted to force the app developers hand with Vista now, so we'll see if it works out...

They also made it (UAC) possible to turn off, and I have already seen countless requests on various forums for help on how to "turn off those stupid questions where I have to prove that I own the computer". Other users were glad to help.

Regards Ingemar

Scott van Looy wrote:

Today Dotan Cohen did spake thusly:

...

No cancel button. I even have a screenshot of it doing that to _me_ once: about a week before I moved over to Linux for good. I'll gladly send you the screenshot. It's in Hebrew, but you can clearly see there is no Cancel button. And I find it hard to believe that Windows in English has a cancel button when Hebrew does not.

Apparently if you're logged in as a user that's NOT an administrator you also get no "cancel" button, which is expected behaviour, but I've never seen it. I don't actually know anyone who doesn't run as an administrator on anything less than vista, even though it's recommended.

I know several people that do not have the option of running as administrator. They get their machine pre-configured from the company and only the IT department can make changes. So not only do they not have the cancel button, but they can not do the registry change to prevent the automatic reboot. They have a great incentive to leave their machine on over night for the monthly updates. It gets interesting if you are out of town for the updates, as you are not supposed to leave your laptop connected to the hotel Internet connection overnight. You also can not make a VPN connection back to the company network if you are using a WiFi connection. (They have just added broadband wireless, and that is allowed.)

Mikkel

Today Anne Wilson did spake thusly:

On Thursday 19 April 2007, Dotan Cohen wrote:

...

On 19/04/07, Scott van Looy scott@ethosuk.org.uk wrote:

...

Today Dotan Cohen did spake thusly:

...

Last semester in my physics course, right in the middle of a lecture, the professor's computer informed us that we had 4 minutes until reboot, due to updates that had automatically been downloaded and installed. He had to stop the lecture, reboot, and then find his place. During this time I took the opportunity to mention how rediculous that is, without mentioning that I don't use windows, and I was told that I'm stupid for not updating my own computer regularly. Apparently, reboots in the middle of work are common parts of the windows workflow. Worse, people accept that because it's the only way to be 'safe'.

I've never seen Windows do that. What I have seen it do is say "Windows will be restarted in 4 minutes [cancel]"

Cancelling lets you do it later. Being smug about linux lets you earn lower marks ;)

No cancel button. I even have a screenshot of it doing that to _me_ once: about a week before I moved over to Linux for good. I'll gladly send you the screenshot. It's in Hebrew, but you can clearly see there is no Cancel button. And I find it hard to believe that Windows in English has a cancel button when Hebrew does not.

Dotan, my laptop dual-boots with XP. I have that set up to notify me of updates, but not install. I do recall seeing, however, that you can elect to download updates automatically and install later, though I've never tried that, since I like to read the description of the updates before letting them loose :-)

Aye. Equally, by default, automatic updates are set to happen at 3am, and if you've not saved your work before going to bed then you're a bit silly ;)

On 19/04/07, Anne Wilson cannewilson@googlemail.com wrote:

Dotan, my laptop dual-boots with XP. I have that set up to notify me of updates, but not install. I do recall seeing, however, that you can elect to download updates automatically and install later, though I've never tried that, since I like to read the description of the updates before letting them loose :-)

Anne

That is almost impossible in Israel. Software pirates are rampage here, such that WGA assumes everything is pirate. I do believe that it's area-specific, and with just reason. In any case, on my current Dell I run a cracked XP in a VMWare VM because my legal XP disk won't validate and the cracked one works fine! I've overcome the moral reasons as I HAVE a legal licence.

Automatic updates are the only way to update a cracked XP. As for my (past) professor, I will suggest to him non-automatic updates.

Dotan Cohen

http://what-is-what.com/what_is/ubuntu.html http://technology-sleuth.com/question/what_is_a_cellphone.html

Today Dotan Cohen did spake thusly:

On 19/04/07, Anne Wilson cannewilson@googlemail.com wrote:

...

Dotan, my laptop dual-boots with XP. I have that set up to notify me of updates, but not install. I do recall seeing, however, that you can elect to download updates automatically and install later, though I've never tried that, since I like to read the description of the updates before letting them loose :-)

Anne

That is almost impossible in Israel. Software pirates are rampage here, such that WGA assumes everything is pirate. I do believe that it's area-specific, and with just reason. In any case, on my current Dell I run a cracked XP in a VMWare VM because my legal XP disk won't validate and the cracked one works fine! I've overcome the moral reasons as I HAVE a legal licence.

Automatic updates are the only way to update a cracked XP. As for my (past) professor, I will suggest to him non-automatic updates.

Untrue. Firstly, don't use a cracked XP, you're losing out on functionality and updates, you're only getting security critical updates. Secondly, if you have a valid copy of windows and it's not validating, sort it out! It's easy enough to do.

Thirdly, if you want, you can turn off the entire of windows update and BITS services, disabling automatic updates and just remember to go here:

http://windowsupdate.62nds.com/

in Firefox (not even any need for IE) to update windows

On 4/19/07, Scott van Looy scott@ethosuk.org.uk wrote:

Today Dotan Cohen did spake thusly:

...

On 19/04/07, Tim ignored_mailbox@yahoo.com.au wrote:

...

On Wed, 2007-04-18 at 08:07 +0100, Scott van Looy wrote:

...

For other issues:

1. reboot

Rarely needed on Linux, even for major configuration changes. Needed all the time with Windows, repeatedly, and a major waste of time. A few seconds of reconfiguring something on Linux becomes minutes on Windows.

Last semester in my physics course, right in the middle of a lecture, the professor's computer informed us that we had 4 minutes until reboot, due to updates that had automatically been downloaded and installed. He had to stop the lecture, reboot, and then find his place. During this time I took the opportunity to mention how rediculous that is, without mentioning that I don't use windows, and I was told that I'm stupid for not updating my own computer regularly. Apparently, reboots in the middle of work are common parts of the windows workflow. Worse, people accept that because it's the only way to be 'safe'.

I've never seen Windows do that. What I have seen it do is say "Windows will be restarted in 4 minutes [cancel]"

On more than one occasion, I have hit Cancel, only to have Windows restart - luckily, I don't trust it with much of my data anyways.