thanx for paying attention to this post. You must be, one of the few, that really worry about you system(s).
Getting straight to the point, that m$ windows its just an application, I'd like to point out the following.
A. Its designed from a user P.O.V. making certain that the user has total control over the system (is an administrator). There are simple tasks that must be done, and cannot be done unless you switch -listen to this- the user account to be an admin, perform the task, switch back the user to plain. Logging in as admin and do the stuff, is not enough in many occasions. That, holds true, after -at least- win2k.
B. There are files that the system does not allow you to access. Even if you are the admin, there are files hidden and cannot be accessed. Some system files are even protected in 'safe mode' and the only way to look at them is booting with a live cd (eg ubuntu, best boot cd etc).
C. Functionality is restricted not by design, but using software flags in the code or the registry setup during installation. You can find examples of this maybe since NT but definitively since w2k (workstation vs server) .
D. There is -at least for me- a debate for the implementation of ACLs and file security in general. If they had just implemented the VMS approach it would be so straight forward and simple. Doing a clopyright from other systems, and not even implementing it right, bugs the hell out of me. (<- ok, that is just a personal insight)
E. Embedding /Binding the drivers, the way its done, for any hardware that you plug in, its so DOS, or may I say win95. There is really no user space in their configs. You must have an admin next to you or you dont have a pc. That is the reason really, that everybody logs in as admins at all times.
F. At vista they claim full control of the MBR. Whats this? Just to avoid dual boots? To follow the instructions on setting up a second OS, you'll need to get a PhD. (exaggerated, I agree, just to point out the complexity)
G. Too many hidden secrets. Starting the validation, h/w signature, kernel, APIs etc etc. That alone makes it a simple and plain commercial application.
H. What would be the difference if we were using cp/m.... Soooory for that, I meant DOS. We had an application over dos, named WINDOWS 1, then 2, the 3 then whatsoever then VMS ... eeerrr sorry, WinNT, that did not boot dos, and everybody used it as a single user system. I was using concurrent dos and concurrent cp/m and had more frills years before. At least I had an operating system, crummy graphics but a real os, with timings, user access, memory handles and everything. Where are those in vista? A system that you must ask an application for resources that'll be squeezed in an provided by passing info to a subsystem that controls the application. They like to call it a kernel. They wished.
From an administration point of view, its so time consuming, that all of my friends switched to virtual. I converted all installations to Virtual machines under GPL. I install an enterprize server at about 10 minutes (to copy the machine from usb). Yes, I pay for the license. I treat it an an applications, thats what it is and all needed services are coming from linux servers. At some places, users are on linux too. It was hard for them, but its company policy --- lol, oooh yeah! +grim
Leave the gamers on m$. Get the business on operating systems like OpenVMS - Unix - Linux - AIX and whatever flavors. Not wonnabe(s). Lets also price support contracts at what it is worth. M$ systems X 2 VS an operating system. I already watch the ROV as it is today. Imagine what would happen if we double support prices for those time consuming, limited functionality application systems? did I mention antivirus ???
26.8.09
about spam, not politics this time
I run my own servers. I like it. I have a few friends and half a dozen clients, mostly for doing DNS tricks spreading servers around the city. Anyway, I also have an excellent mail server, mailenable to be exact, that the old standard versions (the one that were not using the resistry to store stuff) are the best thing in emailing.
I use rdbl's to block spammers, but thats not enough. I spend hours looking at connections and ended-up blocking whole countries. If they dont care, why should I?
The thing that bothers me though, is that spammers, utilizing crackers (i guess) get on my nothing-to-bother-about server to spam their ass off. Its just bandwidth you may say. Its just too muck junk for my 8 allowed connections to the server. I thank them for not having brought down my systems for the past 15 (exact) years, but that does not mean that I respect any of them.
My proposal is that, instead of blocking IP, people that run servers, list to a MAIL-RBL valid only servers. its easier to block and control if somebody wants to spam.
I hate that the net needs some control. I want to fight that control, but some people have no respect and force us to join the 'dark side'. please dont bother me, cause I was -ethically- hacking since the beginning of the 80's and I still do cause this is what a system's person must do for life. I'm not dead yet and shortly I'll have too much time on my hands. I have all the smtp logs since 1993. How hard it is to show some respect? Use your isp's mail server to send your junk if you are a real cracker !!! - I'm switching (its hard, but happens) all my clients to ubuntu and the plan is to totally drop pop3 for pop3s issuing non-ca's (for starters) to all. fellow admins, check stunnel for wherever you cant have ssh. its worth it. I even rdp lately with stunnel where i dont have des/sha vpn. its transparent to the lusers anyway after you configure it.
I blocked a few minutes ago some brazillians, 201.2/16 and 200.223/16 and the connections dropped to 1/5th. Maybe its half the country. Maybe some people down there want to do business here. Dont care since they dont. And some tech info, if you are complaining. For the past year, anything that you Xmit on port 25 gets copied at least once from your isp, safely stored for at least a year. I repeat, ANYTHING over 25 not necessarily directed to valid email servers. Even ssh-ing over remote machines, at some point becomes 25 -that gets copied- and its traceable connection. The isps can run a sinple script with a grep and check - for starters - which ip is smtp-ing viagra par example. They get the IP, get the time, get the user login, block the account and thats it! They can even block the mac from the modem. IF THEY WANTED TO ! (dont try to teach me about mac spoof)
BTW: all this time that i'm typing this, i'm monitoring connections to smtp. they went down to nothing. Guess I'm happy blocking the aforementioned isps.
I only wish that there is a list to block countries by their IP in total not just segments.
goodnight
I use rdbl's to block spammers, but thats not enough. I spend hours looking at connections and ended-up blocking whole countries. If they dont care, why should I?
The thing that bothers me though, is that spammers, utilizing crackers (i guess) get on my nothing-to-bother-about server to spam their ass off. Its just bandwidth you may say. Its just too muck junk for my 8 allowed connections to the server. I thank them for not having brought down my systems for the past 15 (exact) years, but that does not mean that I respect any of them.
My proposal is that, instead of blocking IP, people that run servers, list to a MAIL-RBL valid only servers. its easier to block and control if somebody wants to spam.
I hate that the net needs some control. I want to fight that control, but some people have no respect and force us to join the 'dark side'. please dont bother me, cause I was -ethically- hacking since the beginning of the 80's and I still do cause this is what a system's person must do for life. I'm not dead yet and shortly I'll have too much time on my hands. I have all the smtp logs since 1993. How hard it is to show some respect? Use your isp's mail server to send your junk if you are a real cracker !!! - I'm switching (its hard, but happens) all my clients to ubuntu and the plan is to totally drop pop3 for pop3s issuing non-ca's (for starters) to all. fellow admins, check stunnel for wherever you cant have ssh. its worth it. I even rdp lately with stunnel where i dont have des/sha vpn. its transparent to the lusers anyway after you configure it.
I blocked a few minutes ago some brazillians, 201.2/16 and 200.223/16 and the connections dropped to 1/5th. Maybe its half the country. Maybe some people down there want to do business here. Dont care since they dont. And some tech info, if you are complaining. For the past year, anything that you Xmit on port 25 gets copied at least once from your isp, safely stored for at least a year. I repeat, ANYTHING over 25 not necessarily directed to valid email servers. Even ssh-ing over remote machines, at some point becomes 25 -that gets copied- and its traceable connection. The isps can run a sinple script with a grep and check - for starters - which ip is smtp-ing viagra par example. They get the IP, get the time, get the user login, block the account and thats it! They can even block the mac from the modem. IF THEY WANTED TO ! (dont try to teach me about mac spoof)
BTW: all this time that i'm typing this, i'm monitoring connections to smtp. they went down to nothing. Guess I'm happy blocking the aforementioned isps.
I only wish that there is a list to block countries by their IP in total not just segments.
goodnight
Εγγραφή σε:
Αναρτήσεις (Atom)
