Windows Vista Rules.

[stash]

Well, every distro is different, we use the stable tree, 2.4, others use other trees, we spend time on things, other ship it even before it hits beta.

In the 23 years that we have produced this distribution we have had 2 exploits that has been reportedly used.

Your turn.

The claim was that OSS is more secure because of the many eyes theory. For some reason you are restricting this to the Linux kernel, and ignoring the millions of lines of open source code that is not the Linux kernel. There are plenty of vulnerabilities that have been found and continue to be found in open source code. Many of the issues being found are identical to issues that were found in MS code and fixed already (WMF being one major example of this).

Whether a vulnerability has been exploited or not isn't relevant to the discussion of whether open source is more secure than closed source because of many eyes. The vulns do exist in open source, in great numbers.

 

[Slackware]

Originally posted by: stash

Well, every distro is different, we use the stable tree, 2.4, others use other trees, we spend time on things, other ship it even before it hits beta.

In the 23 years that we have produced this distribution we have had 2 exploits that has been reportedly used.

Your turn.

The claim was that OSS is more secure because of the many eyes theory. For some reason you are restricting this to the Linux kernel, and ignoring the millions of lines of open source code that is not the Linux kernel. There are plenty of vulnerabilities that have been found and continue to be found in open source code. Many of the issues being found are identical to issues that were found in MS code and fixed already (WMF being one major example of this).

Whether a vulnerability has been exploited or not isn't relevant to the discussion of whether open source is more secure than closed source because of many eyes. The vulns do exist in open source, in great numbers.

No i am not, i am talking about the Slackware distribution, we have had 2 exploits that has been used against our distribution since 1993.

That includes the server code included in Slackware since 1993.

Now it is your turn, to be fair you have to open up a network, install office with outlook and the magnificent IIS from version 1.

No, you don't have to reply, it's hard being ridiculed i know, but you had to ask for it.

You picked the safest distribution of all distributions and there is a reason why we still stick to the old stable kernel tree.

Since 93 you have had W3, W3.1 W3.11 (with two or three underlying DOS versions) and after that you have had W95, W95OSR2 NT3.1, NT3.5 NT4.0 W98, W98SE, W2k, XP and start of Vista.

If you have had more than two used exploits on those with any of the software + outlook express and even the games, there have been exploits discovered in the gems too, haven't there, even though they were only three.

So if a bazillion is more than two, well then i win.

And perhaps open source and proper QC isn't such a bad thing after all?

 

[Slackware]

Originally posted by: Slackware

Originally posted by: stash

Well, every distro is different, we use the stable tree, 2.4, others use other trees, we spend time on things, other ship it even before it hits beta.

In the 23 years that we have produced this distribution we have had 2 exploits that has been reportedly used.

Your turn.

The claim was that OSS is more secure because of the many eyes theory. For some reason you are restricting this to the Linux kernel, and ignoring the millions of lines of open source code that is not the Linux kernel. There are plenty of vulnerabilities that have been found and continue to be found in open source code. Many of the issues being found are identical to issues that were found in MS code and fixed already (WMF being one major example of this).

Whether a vulnerability has been exploited or not isn't relevant to the discussion of whether open source is more secure than closed source because of many eyes. The vulns do exist in open source, in great numbers.

No i am not, i am talking about the Slackware distribution, we have had 2 exploits that has been used against our distribution since 1993.

That includes the server code included in Slackware since 1993.

Now it is your turn, to be fair you have to open up a network, install office with outlook and the magnificent IIS from version 1.

No, you don't have to reply, it's hard being ridiculed i know, but you had to ask for it.

You picked the safest distribution of all distributions and there is a reason why we still stick to the old stable kernel tree.

Since 93 you have had W3, W3.1 W3.11 (with two or three underlying DOS versions) and after that you have had W95, W95OSR2 NT3.1, NT3.5 NT4.0 W98, W98SE, W2k, XP and start of Vista.

If you have had more than two used exploits on those with any of the software + outlook express and even the games, there have been exploits discovered in the gems too, haven't there, even though they were only three.

So if a bazillion is more than two, well then i win.

And perhaps open source and proper QC isn't such a bad thing after all?

Oh, and our distribution includes Samba, Apache and a name server by default

 

[stash]

I didn't pick any distribution. I was responding to the statement that "Open source programming ensures QC and safety like no other programming model regardless of what you might thing there is enough evidence to back that up to make it a fact"

The fact that a specific distribution has a good record does not have anything to do with the quality of open source in general.

 

[Nothinman]

No i am not, i am talking about the Slackware distribution, we have had 2 exploits that has been used against our distribution since 1993.

Well according to Secunia there have been 67 advisories for the 2.4 kernel with 14 (if I counted right) remote with 3 of those 14 marked as not being completely fixed. So that's already more exploits. than you claim that you've shipped.

Looking at their Samba stats 3.x has had 9 vulnerabilites with 7 of them being remotely exploitable. Samba 2.x only had 5 but all of them were remotely exploitable. Apache 1.3.x has 19 vulnerabilities listed with 14 of them being remote. And Apache 2.0.x has 27 of 33.

Are you saying that you just happened to ship with verions of software with none of those exploits or were you the guy that fixed them all and sent the patches up stream before you released?

Oh, and our distribution includes Samba, Apache and a name server by default

You keep using the terms "we" and "our" like you're part of the Slackware development team and yet you've demonstrated that you don't even know how the nvidia X driver works or even how to count vulnerabilities.

 

[drag]

The fact that a specific distribution has a good record does not have anything to do with the quality of open source in general.

Yep. The quality of average open source software is about the same as the quality of closed source software.. which is very poor.

In studies it has generally shown that OSS software is relatively less buggy then comparable closed source software. However the most bug-free software would tends to be closed source (used in special cases such as programming used in air traffic and air plane control software were they pay extra amounts of money for dependable code).

The best software model for generating bug free(ish) code is generally accepted as OSS combined with good code auditing and automated bug testing as used and developed by people who make propriatory software. Most OSS software lacks the auditing and automated testing part due to budget, interest, and manpower restraints. So most of the advantage of OSS in terms of security is lost on those projects.

 

[Slackware]

Originally posted by: Nothinman

No i am not, i am talking about the Slackware distribution, we have had 2 exploits that has been used against our distribution since 1993.

Well according to Secunia there have been 67 advisories for the 2.4 kernel with 14 (if I counted right) remote with 3 of those 14 marked as not being completely fixed. So that's already more exploits. than you claim that you've shipped.

Looking at their Samba stats 3.x has had 9 vulnerabilites with 7 of them being remotely exploitable. Samba 2.x only had 5 but all of them were remotely exploitable. Apache 1.3.x has 19 vulnerabilities listed with 14 of them being remote. And Apache 2.0.x has 27 of 33.

Are you saying that you just happened to ship with verions of software with none of those exploits or were you the guy that fixed them all and sent the patches up stream before you released?

Oh, and our distribution includes Samba, Apache and a name server by default

You keep using the terms "we" and "our" like you're part of the Slackware development team and yet you've demonstrated that you don't even know how the nvidia X driver works or even how to count vulnerabilities.

And how many of those are slackware distributed kernel offerings with a default install?

And how many Slackware versions or updates included the Samba vulnerabiliteis and how many were included on any distribution release and how many of those have been exploited on any slackware distribution since 1993? 2? Well, that was kinda what i said was it not?

You obviously don't understand the difference between what has been exploited (what i said, 2 exploits, nothing else) and vulnerabilities, and the drivers were in regards to the linux kernel, you are either drunk or just being overzealous in finding mistakes in my postings.

I'm trying my best to be nice here.

 

[Slackware]

Originally posted by: drag

The fact that a specific distribution has a good record does not have anything to do with the quality of open source in general.

Yep. The quality of average open source software is about the same as the quality of closed source software.. which is very poor.

In studies it has generally shown that OSS software is relatively less buggy then comparable closed source software. However the most bug-free software would tends to be closed source (used in special cases such as programming used in air traffic and air plane control software were they pay extra amounts of money for dependable code).

The best software model for generating bug free(ish) code is generally accepted as OSS combined with good code auditing and automated bug testing as used and developed by people who make propriatory software. Most OSS software lacks the auditing and automated testing part due to budget, interest, and manpower restraints. So most of the advantage of OSS in terms of security is lost on those projects.

I'd say that is mostly true, however, there are distributions that do await software to mature before they ship it.

 

[Xyclone]

Well, I bit the bullet and bought 2GB of RAM... Vista gaming... here I come!

 

[Slackware]

Originally posted by: Xyclone
Well, I bit the bullet and bought 2GB of RAM... Vista gaming... here I come!

It's the kinda thing you can never go wrong on anyway, more ram is always good, if it won't use all of it for one thing, it will use it for caching.

 

[Nothinman]

And how many Slackware versions or updates included the Samba vulnerabiliteis and how many were included on any distribution release and how many of those have been exploited on any slackware distribution since 1993? 2? Well, that was kinda what i said was it not?

The Secunia people also list 91 vulnerabilities for Slackware 8.x with 1 of them not fixed.

You obviously don't understand the difference between what has been exploited (what i said, 2 exploits, nothing else) and vulnerabilities, and the drivers were in regards to the linux kernel, you are either drunk or just being overzealous in finding mistakes in my postings.

Of course I understand the difference, but shipping software with a known bug that hasn't been exploited yet is just as bad as one that has an active exploit in the while. You can try to spin the numbers however you want but it just makes you look less credible.

And I don't understand the "and the drivers were in regards to the linux kernel" part, you previously said "No, the Nvidia driver has a loader in the kernel, the entire code exists in user space." which in itself is an oxymoron. Can you please explain what you really mean? I mean, if there's a loader in the kernel then obviously the entire thing can't exist in user space since the loader is in the kernel.

 

[Slackware]

Originally posted by: Nothinman

And how many Slackware versions or updates included the Samba vulnerabiliteis and how many were included on any distribution release and how many of those have been exploited on any slackware distribution since 1993? 2? Well, that was kinda what i said was it not?

The Secunia people also list 91 vulnerabilities for Slackware 8.x with 1 of them not fixed.

You obviously don't understand the difference between what has been exploited (what i said, 2 exploits, nothing else) and vulnerabilities, and the drivers were in regards to the linux kernel, you are either drunk or just being overzealous in finding mistakes in my postings.

Of course I understand the difference, but shipping software with a known bug that hasn't been exploited yet is just as bad as one that has an active exploit in the while. You can try to spin the numbers however you want but it just makes you look less credible.

And I don't understand the "and the drivers were in regards to the linux kernel" part, you previously said "No, the Nvidia driver has a loader in the kernel, the entire code exists in user space." which in itself is an oxymoron. Can you please explain what you really mean? I mean, if there's a loader in the kernel then obviously the entire thing can't exist in user space since the loader is in the kernel.

Ok, i'm sorry if i seemed a bit hostile, i could surely blame something but what is the point? I didn't mean to call you an idiot by not understanding the difference between a vulnerability and an actually exploited vulnerability but i never mentioned vulnerabilities i only mentioned exploits, as in exploited vulnerabilities. i hope that clears that mess up.

Yeah i realize that it is an oxymoron since eaven a loader is code, now this is open code that can be lifted out and placed inteo your etc/rc if you would want it to, it's just not normally done that way.

Sorry for the confusion, language barrier perhaps, english is not my native language.

 

[drag]

I'd say that is mostly true, however, there are distributions that do await software to mature before they ship it.

Software matures best by real world usage. Slackware benifits directly from distros like Fedora core, Gentoo, or Ubuntu releasing newer software versiosn.

 

[Nothinman]

i never mentioned vulnerabilities i only mentioned exploits, as in exploited vulnerabilities. i hope that clears that mess up.

Ah, so you were trying to take the MS route and play the numbers in a more favorable fashion while totally ignoring the facts?

Yeah i realize that it is an oxymoron since eaven a loader is code, now this is open code that can be lifted out and placed inteo your etc/rc if you would want it to, it's just not normally done that way.

Um, no it can't. Even if you're referring to the GPL'd shim as your "loader" it's still kernel object code that can't execute in a shell. Can you point me to this "loader" so I have at least some chance of figuring out what it is you're trying to say?

 

[Slackware]

Originally posted by: Nothinman

i never mentioned vulnerabilities i only mentioned exploits, as in exploited vulnerabilities. i hope that clears that mess up.

Ah, so you were trying to take the MS route and play the numbers in a more favorable fashion while totally ignoring the facts?

Yeah i realize that it is an oxymoron since eaven a loader is code, now this is open code that can be lifted out and placed inteo your etc/rc if you would want it to, it's just not normally done that way.

Um, no it can't. Even if you're referring to the GPL'd shim as your "loader" it's still kernel object code that can't execute in a shell. Can you point me to this "loader" so I have at least some chance of figuring out what it is you're trying to say?

I have written many a harsh replies to you, but i do realize that the only object of your hostility is to get me banned, in several threads you treat me like crap and in PM's too, but see, i'm a tad bigger than you in life, your taunts don't really matter to me, if i want to get down and dirty like that i'll hit the mailing list.

 

[Nothinman]

Asking you to back up your claims is taunting you now?

 

[Oxides]

Originally posted by: BD2003

Originally posted by: Oxides
Readyboost has nothing to do with system memory, and if you are low on system memory (which everyone with 1G or less will be with vista) it will do nothing to help that.

All it basically does is add another layer of disk cache. You have 2 layers of disk cache already, normal system ram windows allocates and hardware on the hard drive.

When you're low on memory, and your memory becomes your disk, thats when you see the main benefit with low ram. So yes and no.

That is called a swap file and this thing is not a swap file. All it is is a disk cache.

 

[BD2003]

Originally posted by: Oxides

Originally posted by: BD2003

Originally posted by: Oxides
Readyboost has nothing to do with system memory, and if you are low on system memory (which everyone with 1G or less will be with vista) it will do nothing to help that.

All it basically does is add another layer of disk cache. You have 2 layers of disk cache already, normal system ram windows allocates and hardware on the hard drive.

When you're low on memory, and your memory becomes your disk, thats when you see the main benefit with low ram. So yes and no.

That is called a swap file and this thing is not a swap file. All it is is a disk cache.

And where is your swap file located?

 

[Xyclone]

I just put the 2GB I recieved in place of the 1GB previously there. All I can say is, "WOW!" There's a huge difference. EVERYTHING is instant. A word of advice: if you are a gamer and want to use Vista, please make sure you have 2GB of ram!

 

[Sniper82]

how is everyone getting it early? Also everyone in this thread seems to like it but everywhere else most say wait if your a gamer.
I wouldn't mind going with Vista if its stable enough to run newer games. I just upgraded to C2D,2gb,x1800XT,ect so running it shouldn't be a problem

 

[insomnio]

legally, people who have access to a volume release

 

[Sniper82]

Originally posted by: insomnio
legally, people who have access to a volume release

oic

 

[Xyclone]

Originally posted by: Sniper82
how is everyone getting it early? Also everyone in this thread seems to like it but everywhere else most say wait if your a gamer.
I wouldn't mind going with Vista if its stable enough to run newer games. I just upgraded to C2D,2gb,x1800XT,ect so running it shouldn't be a problem

My mom is an MSDN subscriber, so she just gave me a copy of Vista Ultimate a month ago.

 

[rajasekharan]

i see a lot of quarrel going in the direction of open source and closed one.....well i dont have 16,000/- to buy vista ultimate ...so i will get it pirated.......and if someone asks me for legimate copy i will show my BRILLIANT "Ubuntu" to them....unless they reduce the money none is gonna get that for 16k ...rediculously high...

 

[Sunner]

Originally posted by: rajasekharan
i see a lot of quarrel going in the direction of open source and closed one.....well i dont have 16,000/- to buy vista ultimate ...so i will get it pirated.......and if someone asks me for legimate copy i will show my BRILLIANT "Ubuntu" to them....unless they reduce the money none is gonna get that for 16k ...rediculously high...

Erm, while I agree that the price is a tad steep, where on earth did you get 16k from?
16k would buy you what...4 licenses for Win2K3 Advanced Server(or whatever the version below DC is called these days)?