My employer completed migration of apps to Linux - Linux

This is a discussion on My employer completed migration of apps to Linux - Linux ; On 2008-11-02, dennis@home wrote: > > > "Erik Hahn" wrote in message > news:87k1u5-vdu.ln1@a-b.bplaced.net... [ Trolling crossposting deleted ] > >> Just look in C:\Windows\sources ... wait ... how should someone find a >> hidden backdoor without the source code? ...

+ Reply to Thread
Page 4 of 13 FirstFirst ... 2 3 4 5 6 ... LastLast
Results 61 to 80 of 250

Thread: My employer completed migration of apps to Linux

  1. Re: My employer completed migration of apps to Linux

    On 2008-11-02, dennis@home wrote:
    >
    >
    > "Erik Hahn" wrote in message
    > news:87k1u5-vdu.ln1@a-b.bplaced.net...


    [ Trolling crossposting deleted ]


    >
    >> Just look in C:\Windows\sources ... wait ... how should someone find a
    >> hidden backdoor without the source code?

    >
    > The same way as you do if you think you have the source.
    > It has already been shown that it is possible to hide stuff in OSS by
    > modifying the compiler so I hope you disassemble your compiler and check it
    > isn't hiding backdoors in everything you compile.


    Of course, most linux systems are run using binary packages and are not
    compiled from source. Are you accusing the distro producers of
    installing malware?

    I'm different of course I run Gentoo. I even compile OpenOffice.

    Why should I bother checking my compiler? It comes to me from a Gentoo
    mirror (on my own ISP), its hash is checked against a hash obtained from
    a different mirror. If they don't agree, then it doesn't get installed.
    It's as simple as that.

    Gentoo makes it ridiculously easy to check that you are getting the
    correct source, using two config variables in /etc/make.conf
    (GENTOO_MIRRORS= and SYNC=).

    Oh that's right, you're dennis-"MD5"-at-home.

    You'll paint yourself into a corner on this one, as usual.

    There's a new windows virus|worm|trojan|malware attack every week.
    Windows systems are bogged down by their virus checkers, yet where are
    these linux threats? In your own mind, dennis@lights-on-no-one-home.

    --
    Regards,

    Gregory.
    Gentoo Linux - Penguin Power

  2. Re: My employer completed migration of apps to Linux

    On Nov 2, 7:48 pm, Homer wrote:
    > Verily I say unto thee, that Thad Floryan spake thusly:
    >
    > > On Nov 2, 1:55 pm, Erik Hahn wrote:
    > >> [...] Name one single in-the-wild virus that runs on Linux.

    > >
    > > Linux.RST.B
    > >
    > > Google "Linux.RST.B". It's still active.
    > > [...]

    >
    > Show me a citation from someone who was actually infected.


    For either Linux.OSF (aka Linux.Jac.8759) or Linux.RST.B,
    Google quickly found these interesting ones from among many
    publicly posted:

    <http://www.shandyking.com/2006/04/20...-linuxrstb-my-
    server-was-just-hacked/>

    <http://www.linuxquestions.org/questi...rity-4/rh-7.3-
    server-infected-with-linux.jac.8759-and-linux.rst.b-virus-116197/>

    <http://www.derkeiler.com/pdf/Mailing...ocus/pen-test/
    2002-05/0010.pdf>

    <http://lists.us.dell.com/pipermail/l...002-September/
    004222.html>

    <http://groups.google.com/group/comp....ty/browse_frm/
    thread/bcab6a78bebf6ebd/5cc9b3f2453aea73?
    lnk=gst&q=jedsoft.org#5cc9b3f2453aea73>

    Another vulnerable vector besides "downloads from the wild" is
    the basically unsecure Linux repository system per this report
    from the University of Amsterdam (July 2007):



    and this one from the University of Arizona (2008):



    And let's not forget the Morris Worm whose 20th anniversary is
    today (November 2, 1988):


    <http://groups.csail.mit.edu/mac/clas...ticles/morris-
    worm.html>


    If you'd like to test-infect your system with several Linux
    viruses, the URLs were recently posted to comp.os.linux.security

    :-)


  3. Re: My employer completed migration of apps to Linux

    On Nov 3, 1:17 am, Thad Floryan wrote:
    > [...]
    > For either Linux.OSF (aka Linux.Jac.8759) or Linux.RST.B,
    > [...]


    More relevant info per:



    The following is a partial list of known Linux malware:

    Trojans

    * Kaiten - Linux.Backdoor.Kaiten trojan horse[9]
    * Rexob - Linux.Backdoor.Rexob trojan[10]

    Viruses

    * Alaeda - Virus.Linux.Alaeda[11]
    * Bad Bunny - Perl.Badbunny[5][12]
    * Binom - Linux/Binom[13]
    * Bliss
    * Brundle[14]
    * Bukowski[15]
    * Diesel - Virus.Linux.Diesel.962[16]
    * Kagob a - Virus.Linux.Kagob.a[17]
    * Kagob b - Virus.Linux.Kagob.b[18]
    * MetaPHOR (also known as Simile)[19]
    * Nuxbee - Virus.Linux.Nuxbee.1403[20]
    * OSF.8759
    * Podloso - Linux.Podloso (The iPod virus)[21][22]
    * Rike - Virus.Linux.Rike.1627[23]
    * RST - Virus.Linux.RST.a[24]
    * Satyr - Virus.Linux.Satyr.a[25]
    * Staog
    * Vit - Virus.Linux.Vit.4096[26]
    * Winter - Virus.Linux.Winter.341[27]
    * Winux (also known as Lindose and PEElf[28]
    * ZipWorm - Virus.Linux.ZipWorm[29]

    Worms

    * Adm - Net-Worm.Linux.Adm[30]
    * Adore[31]
    * Cheese - Net-Worm.Linux.Cheese[32]
    * Devnull
    * Kork[33]
    * Linux/Lion
    * Mighty - Net-Worm.Linux.Mighty[34]
    * Millen - Linux.Millen.Worm[35]
    * Ramen worm
    * Slapper[36]
    * SSH Bruteforce[37]

  4. Re: My employer completed migration of apps to Linux

    Erik Funkenbusch wrote:
    > On Fri, 31 Oct 2008 16:30:49 -0500, Ignoramus27079 wrote:

    (..)
    >> Due to much improved scripting, our production support people are also
    >> able to do a lot less. I have extensive experience with Windows
    >> scripting and it cannot compare due to various Windows nonsense.

    >
    > Also utter BS. The single most advanced scripting environment available
    > for general purpose computers is PowerShell. It blows the doors of any
    > other scripting environment out there.

    (...)

    That is a joke, right?! Only someone with little (or no experience) with
    scripting languages and system administration can anyone consider
    PowerShell "The single most advanced scripting environment available for
    general purpose computers"

    >> Altogether, the efforts to maintain those linux boxes and their
    >> software (including our software) are many times less than that
    >> required for Windows, plus no performance issues. Changes can be
    >> rolled out in minutes. Scripts make a lot less mistakes than humans,
    >> etc.

    >
    > And somehow you managed to retrain all your developers without any loss of
    > productivity or migration issues. Yeah, right. If what you say is true,
    > you have the single most amazing development staff on the planet.


    It can be true if the team of developers is experienced in portable and
    cross-platform development.

    >> So, as a final tally I think that everyone is very happy about this
    >> move. The windows centered computer administrators were apprehensive
    >> in the beginning, but now they see it as less work. Plus people with
    >> Linux on resumes are paid 15-20% more, according to Microsoft, so they
    >> like this aspect.

    >
    > Wow, not only are the amazing, they're also entirely even headed without
    > any prejudices or predisposions. They don't care that their entire
    > skillsets are suddenly being dumped and they have to relearn everything.


    The fact is that a developer's skill set does not get "dumped" and a
    developer does *not* "have to relearn everything" just because (s)he
    changed is tools of work.

    > I've never met a group of developers like that. You have quite a
    > (ficticious) team there.


    I have met several, with the exception of "paid 15-20% more" part.

    A good developer (team) should adapt quickly to a new environment. In the
    end, a programming environment is mostly a text editor, a compiler, a
    staging area, and a debugger.

    I have worked in a varied set of development environments and a few hours of
    messing around and a few days getting used to where everything is and the
    productivity again dependents only on the programmer's ability to write
    code.

    Regards.

  5. Re: My employer completed migration of apps to Linux

    After takin' a swig o' grog, Thad Floryan belched out
    this bit o' wisdom:

    > On Nov 2, 7:48 pm, Homer wrote:
    >> Verily I say unto thee, that Thad Floryan spake thusly:
    >>
    >> > On Nov 2, 1:55 pm, Erik Hahn wrote:
    >> >> [...] Name one single in-the-wild virus that runs on Linux.
    >> >
    >> > Linux.RST.B
    >> >
    >> > Google "Linux.RST.B". It's still active.
    >> > [...]

    >>
    >> Show me a citation from someone who was actually infected.

    >
    > For either Linux.OSF (aka Linux.Jac.8759) or Linux.RST.B,
    > Google quickly found these interesting ones from among many
    > publicly posted:
    >
    >
    >
    >


    As for the "virus" thingie I wish we, as a Linux community, try to
    "convert" people away from the typical troubles of Pitiful Operating
    Systems (abbrev.: POS, aka the MICROS~1 Game Platform) and direct them
    towards what's important to know wrt Linux: user/filesystem permissions,
    b0rken/suid/sgid software, worms, trojans and rootkits.

    Basic measures should be:

    - Using (demanding) source verification tru GPG or minimally md5sums,
    - Watch system integrity (Aide, Samhain, Tripwire or any package mgr that
    can do verification: save those databases off-site, also see Tiger,
    Chkrootkit),
    - Harden your systems by not installing SW you don't need *now*, denying
    access where not needed and using tools like Bastille-linux, tips from
    Astaro,
    - Patch kernel to protect looking at/writing to crucial /proc and /dev
    entries and/or use ACL's (see Silvio Cesare's site, Grsecurity, LIDS),
    - Watch general/distro security bulletins and don't delay taking action
    (Slapper, Li0n etc),
    - Keep an eye on outgoing traffic (egress logging and filtering),
    - Don't compile apps as root but as a non-privileged user,
    - Inspect the code if you can,
    - Don't use Linux warez,

    But most of all: use common sense.

    The author also refers to a more comprehensive list:

    http://www.linuxquestions.org/questi...erences-45261/

    When your balls are out nine yards...

    --
    "...Unix, MS-DOS, and Windows NT (also known as the Good, the Bad, and
    the Ugly)."
    (By Matt Welsh)

  6. Re: My employer completed migration of apps to Linux

    After takin' a swig o' grog, Thad Floryan belched out
    this bit o' wisdom:

    >
    >
    > The following is a partial list of known Linux malware:


    Wonder why there's no "Windows_malware" link. Instead, you search and find:

    http://en.wikipedia.org/wiki/Special...indows_malware

    Showing below results 1 - 20 of 307

    --
    anyone know if there is a version of dpkg for redhat?

  7. Re: My employer completed migration of apps to Linux

    On Mon, 03 Nov 2008 11:09:42 +0000, The Natural Philosopher wrote:

    > snipe wrote:


    [...]

    > Linux as a desktop has been a long time coming..its a lot of OS just to
    > run apps..


    Um, which OS isn't?

    > and having to support multiple versions of it on multiple
    > window managers is a tough call.


    Can't quite parse that. What has to support multiple versions of what on
    multiple window managers?

    > Thats the whole Ubuntu idea, stabilize a particular desktop. And hope
    > people port apps to it.


    Strange. None of the apps I run seem to care too much which desktop/window
    manager they are running under. If they did they would by definition be
    badly written (or possibly just old) - there is a standard for how apps
    are to interact with window managers.

    [...]

    --
    Lionel B

  8. Re: My employer completed migration of apps to Linux

    The Natural Philosopher wrote:

    > However while Linux is good and fast underneath I am not so sure that
    > X-windows is actually the best way to do graphics. I am not the worlds
    > expert but it did seem to me last time I peeked into it and hastily
    > looked away, that there's an awful lot more code to change a pixel in
    > that than in windows. And no short cuts.


    You've seen the Windows source code, have you? I have, and can tell you that
    DX10 is /much/ less efficient than the X server. The "optimisations" for
    DX10 don't work for most hardware...

    C.

  9. Re: My employer completed migration of apps to Linux

    After takin' a swig o' grog, Christopher Hunter belched out
    this bit o' wisdom:

    > The Natural Philosopher wrote:
    >
    >> However while Linux is good and fast underneath I am not so sure that
    >> X-windows is actually the best way to do graphics. I am not the worlds
    >> expert but it did seem to me last time I peeked into it and hastily
    >> looked away, that there's an awful lot more code to change a pixel in
    >> that than in windows. And no short cuts.


    Shades of Erik's "update a pixel" claims!

    Ahhhh, nostalgia.

    > You've seen the Windows source code, have you? I have, and can tell you that
    > DX10 is /much/ less efficient than the X server. The "optimisations" for
    > DX10 don't work for most hardware...


    DX10 is, in part, just another apron string tying some people to Microsoft.

    --
    Phases of a Project:
    (1) Exultation.
    (2) Disenchantment.
    (3) Confusion.
    (4) Search for the Guilty.
    (5) Punishment for the Innocent.
    (6) Distinction for the Uninvolved.

  10. Re: My employer completed migration of apps to Linux

    dennis@home wrote:

    > You must realise that all the good open source is exactly that open
    > source, and it runs on windows and other OSes not just the linux kernel.



    Not all open source is cross platform. Far from it. There are TONS of
    obscure Linux/Unix/BSD-only programs that you probably haven't heard of.

    Cross-platform FOSS benefits from the efforts of people who want the
    stuff to run on Windows. There are twenty or fifty or a hundred times
    as many Windows users as Linux users, and most programmers---FOSS or
    not---like to see their stuff put to use by as many as possible.

    A few Linux folks on a big project can direct their attention to making
    sure the stuff works on Linux, so Linux users get the benefit of the
    work of a lot of programmers who could give a hoot about Linux.

  11. Re: My employer completed migration of apps to Linux

    Thad Floryan wrote:
    > On Nov 2, 7:48 pm, Homer wrote:
    >> Verily I say unto thee, that Thad Floryan spake thusly:
    >>
    >>> On Nov 2, 1:55 pm, Erik Hahn wrote:
    >>>> [...] Name one single in-the-wild virus that runs on Linux.
    >>> Linux.RST.B
    >>>
    >>> Google "Linux.RST.B". It's still active.
    >>> [...]

    >> Show me a citation from someone who was actually infected.

    >
    > For either Linux.OSF (aka Linux.Jac.8759) or Linux.RST.B,
    > Google quickly found these interesting ones from among many
    > publicly posted:
    >
    > <http://www.shandyking.com/2006/04/20...-linuxrstb-my-
    > server-was-just-hacked/>
    >
    > <http://www.linuxquestions.org/questi...rity-4/rh-7.3-
    > server-infected-with-linux.jac.8759-and-linux.rst.b-virus-116197/>
    >
    > <http://www.derkeiler.com/pdf/Mailing...ocus/pen-test/
    > 2002-05/0010.pdf>
    >


    Somebody hacked your post and mangled all your links.

  12. Re: My employer completed migration of apps to Linux

    On Sun, 02 Nov 2008 22:06:05 -0600, Ignoramus22113 wrote:

    > The problem with bash on Windows relates mainly to Windows
    > idiosyncrasies, such as that you cannot delete a file with the image of
    > a currently running executable. Which is an incredible pain in the ass.
    > Under Linux, you can delete a dile with running executable just fine. It
    > will continue to run etc. This is a nightmare when it comes to updates
    > (and that's why Windows tells you to close apps when you are upgrading).


    Oh that **** has caused me so much grief under windows it's beyond
    ridiculous. I have the problem with Solidworks files all the time (the
    only reason I need windows installed on this machine) as explorer
    (sometimes and relatively unreliably) shows thumbnails for those files.
    However, sometimes the file won't create a thumbnail for some odd reason
    and the explorer then will not allow me to delete it was the file is
    "open". Even after a reboot of windows, can't delete the file as explorer
    is the process that is accessing it.

    I've had times where I needed to reboot into Ubuntu to delete the damn
    file because Explorer wouldn't let me.

    Oh and yea, let's not get into the nightmares of distributing software
    updates. An application can't just simply replace it's own EXE and
    restart itself. What a ****ing hack is it to have to create a second
    executable that is run to see if the main executable needs to be updated,
    update it, and then call the main exe? Now what the **** do you do if you
    need to change the exe that does the updating?

    Windows: The biggest piece of **** on this planet.

    --
    Stephan
    1986 Pontiac Fiero GT

    君の事思い出す日なんてないのは
    君の事忘れたときがないから

  13. Re: My employer completed migration of apps to Linux

    On Mon, 03 Nov 2008 09:00:04 -0600, Matt wrote:

    > Thad Floryan wrote:
    >> On Nov 2, 7:48 pm, Homer wrote:
    >>> Verily I say unto thee, that Thad Floryan spake thusly:
    >>>
    >>>> On Nov 2, 1:55 pm, Erik Hahn wrote:
    >>>>> [...] Name one single in-the-wild virus that runs on Linux.
    >>>> Linux.RST.B
    >>>>
    >>>> Google "Linux.RST.B". It's still active.
    >>>> [...]


    "Linux.RST.B"
    Risk Level 1: Very Low
    December 21, 2001

    2001?!?

    Linux.OSF....from April 2002!
    The Linux/Osf virus infects ELF (Executable & Linkable Format) filetype
    files. It targets 32 bit LSB encoded binaries, such as present on for
    example an i386 system running Linux Redhat.

    i386 systems!?!
    And it's not like the ELF files haven't been patched by now.

    This windoze user must think Linux works like windoze.
    Ah this explains it - References: googlegroups.com
    A googlegroper!

    >>> Show me a citation from someone who was actually infected.

    >>
    >> For either Linux.OSF (aka Linux.Jac.8759) or Linux.RST.B,
    >> Google quickly found these interesting ones from among many
    >> publicly posted:
    >>
    >> <http://www.shandyking.com/2006/04/20...-linuxrstb-my-
    >> server-was-just-hacked/>
    >>
    >> <http://www.linuxquestions.org/questi...rity-4/rh-7.3-
    >> server-infected-with-linux.jac.8759-and-linux.rst.b-virus-116197/>
    >>
    >> <http://www.derkeiler.com/pdf/Mailing...ocus/pen-test/
    >> 2002-05/0010.pdf>
    >>

    >
    > Somebody hacked your post and mangled all your links.


    --
    Most people are sheep. *
    Microsoft is very effective
    at fleecing the flockers.



  14. Re: My employer completed migration of apps to Linux

    On Sun, 02 Nov 2008 19:56:14 -0600, snipe wrote:

    >> The truth is that Linux is a great server, but struggles as a dektop
    >> due to lack of apps.

    >
    > What applications would that be? The only thing I can think of is
    > games, but none of the computer-owning adults I know are into computer
    > games.


    There are literally Millions of third party, vertical apps. Stuff that's
    been written in-house in VB or stuff designed for a specific market (Soil
    conservation, Agriculture, Water Treatment, Healthcare, Business
    Intelligence, etc..).

    There are a lot of classes of commercial apps that don't have Linux
    equivelents, or linux equivelents that work in the way end users want them
    to.

  15. Re: My employer completed migration of apps to Linux

    Thanks for the report, and for starting an interesting thead.


  16. Re: My employer completed migration of apps to Linux

    On Mon, 03 Nov 2008 02:38:29 +0000, Homer wrote:

    > Verily I say unto thee, that Chris Ahlstrom spake thusly:
    >
    >>> Blows the doors off of any other scripting environment out there?
    >>> Sounds like you're drooling again. It's a Windows-only tool.

    >
    > Well Fuddie is the same guy who drooled all over Windows Home Server
    > (File Corruption Edition) when it first came out, like Microsoft had
    > just Innovated the concept of backup, so what did you expect?


    Bull****. What I like about WHS is the *WAY* it backs up. It coalesces
    duplicate files from multiple backups and multiple hosts, only requiring
    one physical file. It also provides complete image-like restore, where you
    boot from a CD and restore the entire computer back to it's state at any
    point in time. It also provides file-based recover, with differential
    backups.

    This is a complete system that i haven't seen anything comparable on for
    any platform.

    > PowerShell CommandLets and Home Server ... how sad. The Vole should
    > leave real computing to the adults, and stop embarrassing themselves.


    The only embarrassment is your ignorance. What's worse, is that you're
    ignorant of your ignorance, and you actually think you know what you're
    talking about.

  17. Re: My employer completed migration of apps to Linux

    On Sun, 02 Nov 2008 22:13:02 -0600, Ignoramus22113 wrote:

    > Another thing about this PowerShell is that it is some sort of a
    > newfangled, experimental thing from Microsoft. It is not even a part
    > of Windows yet. So they can discontinue it at any time like they did
    > with other products. They can also choose to charge a license fee for
    > it.


    You are batting .000. It's been part of Windows since Windows 2008. I
    know, it's only been a year, you can hardly be blamed (rolling eyes).

    It's not experimental, and it's been a released product for 3 years.

    > There is no source code for it and, therefore, it is risky to
    > use. Conversely, bash and perl are free and are maintained in a
    > reliable fashion (meaning that they will not be "discontinued").


    More excuses for why you are incompetant to write software that works well
    on Windows.

    No wonder you chose your name. You knew it all along.

  18. Re: My employer completed migration of apps to Linux

    On Mon, 03 Nov 2008 14:10:32 -0500, Erik Funkenbusch wrote:

    > On Sun, 02 Nov 2008 19:56:14 -0600, snipe wrote:
    >
    >>> The truth is that Linux is a great server, but struggles as a dektop
    >>> due to lack of apps.

    >>
    >> What applications would that be? The only thing I can think of is
    >> games, but none of the computer-owning adults I know are into computer
    >> games.

    >
    > There are literally Millions of third party, vertical apps. Stuff
    > that's been written in-house in VB or stuff designed for a specific
    > market (Soil conservation, Agriculture, Water Treatment, Healthcare,
    > Business Intelligence, etc..).


    None of which are relevant to the majority of users, and the few who
    can't live without an application could just run it in a virtual
    machine. Chances are they had to pay for a Windows licence when they
    bought their computer anyway, so they might as well get a little use out
    of it.

  19. Re: My employer completed migration of apps to Linux

    On Mon, 03 Nov 2008 14:29:38 -0600, snipe wrote:


    > And many other Linux developers are of the opinion that we should have
    > nothing to do with Windows apps because accommodating them will blunt
    > efforts to create open-source alternatives. Many developers and users
    > are even openly hostile towards WINE.
    >
    > Personally, I don't care either way because I don't need any Windows
    > apps and if I did I'd just run them in a virtual machine. Autocad?
    > Photoshop? No problem at all.


    Great for you. Now go try to run Solidworks in a virtual machine and get
    back to me when you completely and utterly fail.

    --
    Stephan
    1986 Pontiac Fiero GT

    君の事思い出す日なんてないのは
    君の事忘れたときがないから

  20. Re: My employer completed migration of apps to Linux

    On Mon, 03 Nov 2008 14:41:57 -0600, snipe wrote:

    > On Mon, 03 Nov 2008 14:10:32 -0500, Erik Funkenbusch wrote:
    >
    >> On Sun, 02 Nov 2008 19:56:14 -0600, snipe wrote:
    >>
    >>>> The truth is that Linux is a great server, but struggles as a dektop
    >>>> due to lack of apps.
    >>>
    >>> What applications would that be? The only thing I can think of is
    >>> games, but none of the computer-owning adults I know are into computer
    >>> games.

    >>
    >> There are literally Millions of third party, vertical apps. Stuff
    >> that's been written in-house in VB or stuff designed for a specific
    >> market (Soil conservation, Agriculture, Water Treatment, Healthcare,
    >> Business Intelligence, etc..).

    >
    > None of which are relevant to the majority of users, and the few who
    > can't live without an application could just run it in a virtual
    > machine (as long as it doesn't require 3D Acceleration). Chances are
    > they had to pay for a Windows licence when they
    > bought their computer anyway, so they might as well get a little use out
    > of it.


    Fixed the above paragraph for you.


    --
    Stephan
    1986 Pontiac Fiero GT

    君の事思い出す日なんてないのは
    君の事忘れたときがないから

+ Reply to Thread
Page 4 of 13 FirstFirst ... 2 3 4 5 6 ... LastLast