Stephen Slaughter on 23 May 2011 19:55:19 -0700


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Microsoft's many eyes?


seems like I rattled a few chains with my last post; this was not my
intent. Please do not direct any frustration at me- I am just a novice
Linux user trying to learn more these systems.

Question: do you think we would see a greater proliferation of malware
and exploits for Linux systems if they served a greater portion of the
PC market?  I noticed the Android platform has been exploited in
certain ways (authentican token sidejacking comes to mind, although
this is more of a broswer issue I suppose).  I'm just curious if the
ubiquitous cliche about Linux's alleged superiority in terms of fewer
bugs, better security, and more code review is true?

Please provide some evidence or link me to some impartial analysis on
the subject.  I'm really trying to get to the bottom of this issue,
and I don't want to just take someone's word for it.

Thanks,
Stephen

On 5/23/11, plug-request@lists.phillylinux.org
<plug-request@lists.phillylinux.org> wrote:
> Send plug mailing list submissions to
> 	plug@lists.phillylinux.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
> 	http://lists.netisland.net/mailman/listinfo/plug
> or, via email, send a message with subject or body 'help' to
> 	plug-request@lists.phillylinux.org
>
> You can reach the person managing the list at
> 	plug-owner@lists.phillylinux.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of plug digest..."
>
>
> Today's Topics:
>
>    1. Microsoft's Many Eyeballs? (Stephen Slaughter)
>    2. Re: Microsoft's Many Eyeballs? (Julien Vehent)
>    3. Re: Microsoft's Many Eyeballs? (Paul Walker)
>    4. Re: Microsoft's Many Eyeballs? (Bob Schwier)
>    5. xfce cont'd (jeff)
>    6. Re: Trying to config xhprof on gridserver (Paul Walker)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Mon, 23 May 2011 16:08:39 -0400
> From: Stephen Slaughter <steve2slaughter@gmail.com>
> Subject: [PLUG] Microsoft's Many Eyeballs?
> To: plug@lists.phillylinux.org
> Message-ID: <BANLkTim9nBeV4PYpb_EiogZ1=o=_+nyyhQ@mail.gmail.com>
> Content-Type: text/plain; charset="windows-1252"
>
> What do you folks think about this article?
>
> http://blogs.msdn.com/b/shawnhernan/archive/2010/02/13/microsoft-s-many-eyeballs-and-the-security-development-lifecycle.aspx
>
> Is it true that open source code is reviewed by many fewer eyes than we
> might think?
>
> I'm dubious about the opinion of this article (i.e. proprietary code from
> Microsoft is more secure) considering it was written by a Microsoft
> developer; however, people who think Linux is more secure are usually Linux
> developers and enthusiasts.
>
> Can anyone point me to an impartial opinion on this subject?
>
> Thanks,
> Stephen
> --
> "We can only see a short distance ahead, but we can see plenty there that
> needs to be done.?
> - Alan Turing
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL:
> <http://lists.netisland.net/pipermail/plug/attachments/20110523/bfb8e438/attachment.html>
>
> ------------------------------
>
> Message: 2
> Date: Mon, 23 May 2011 16:25:17 -0400
> From: Julien Vehent <julien@linuxwall.info>
> Subject: Re: [PLUG] Microsoft's Many Eyeballs?
> To: <plug@lists.phillylinux.org>
> Message-ID: <ba1230b48b18d62f9fd41797a5e5fa67@linuxwall.info>
> Content-Type: text/plain; charset=UTF-8; format=flowed
>
>  On Mon, 23 May 2011 16:08:39 -0400, Stephen Slaughter wrote:
>> What do you folks think about this article?
>>
>>
>> http://blogs.msdn.com/b/shawnhernan/archive/2010/02/13/microsoft-s-many-eyeballs-and-the-security-development-lifecycle.aspx
>> [1]
>>
>> Is it true that open source code is reviewed by many fewer eyes than
>> we might think?
>>
>> I'm dubious about the opinion of this article (i.e.. proprietary code
>> from Microsoft is more secure) considering it was written by a
>> Microsoft developer; however, people who think Linux is more secure
>> are usually Linux developers and enthusiasts.
>>
>> Can anyone point me to an impartial opinion on this subject?
>>
>
>
>  FUD.
>  Microsoft has been doing closed source development for almost 40 years,
>  and so far they didn't prove they could provide code free of bugs or
>  security issues.
>
>  I see people coming from nowhere proposing patches to open source
>  projects (not only security patches, all sorts of patches), that's the
>  strengths of the Open Source model.
>  OpenSSL, for example, is ultra secure partly because of the many
>  reviewers that have access to the source. Now, the code is beefy, and
>  reviewing is hard, but it happens, and probably more often than at
>  microsoft.
>
>
>
>  Julien
>
>
>
> ------------------------------
>
> Message: 3
> Date: Mon, 23 May 2011 18:28:12 -0400
> From: Paul Walker <starsinmypockets@gmail.com>
> Subject: Re: [PLUG] Microsoft's Many Eyeballs?
> To: "Philadelphia Linux User's Group Discussion List"
> 	<plug@lists.phillylinux.org>
> Message-ID: <BANLkTi=aDosZ5SsbS4OZ6d5Ux3tPsrKNDQ@mail.gmail.com>
> Content-Type: text/plain; charset="iso-8859-1"
>
> Linux and linux-based OSX are way more stable than Windows, in my
> experience.
>
> Paul
>
> On Mon, May 23, 2011 at 4:25 PM, Julien Vehent <julien@linuxwall.info>wrote:
>
>> On Mon, 23 May 2011 16:08:39 -0400, Stephen Slaughter wrote:
>>
>>> What do you folks think about this article?
>>>
>>>
>>>
>>> http://blogs.msdn.com/b/shawnhernan/archive/2010/02/13/microsoft-s-many-eyeballs-and-the-security-development-lifecycle.aspx
>>> [1]
>>>
>>>
>>> Is it true that open source code is reviewed by many fewer eyes than
>>> we might think?
>>>
>>> I'm dubious about the opinion of this article (i.e.. proprietary code
>>> from Microsoft is more secure) considering it was written by a
>>> Microsoft developer; however, people who think Linux is more secure
>>> are usually Linux developers and enthusiasts.
>>>
>>> Can anyone point me to an impartial opinion on this subject?
>>>
>>>
>>
>> FUD.
>> Microsoft has been doing closed source development for almost 40 years,
>> and
>> so far they didn't prove they could provide code free of bugs or security
>> issues.
>>
>> I see people coming from nowhere proposing patches to open source projects
>> (not only security patches, all sorts of patches), that's the strengths of
>> the Open Source model.
>> OpenSSL, for example, is ultra secure partly because of the many reviewers
>> that have access to the source. Now, the code is beefy, and reviewing is
>> hard, but it happens, and probably more often than at microsoft.
>>
>>
>>
>> Julien
>>
>> ___________________________________________________________________________
>> Philadelphia Linux Users Group         --
>> http://www.phillylinux.org
>> Announcements -
>> http://lists.phillylinux.org/mailman/listinfo/plug-announce
>> General Discussion  --
>> http://lists.phillylinux.org/mailman/listinfo/plug
>>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL:
> <http://lists.netisland.net/pipermail/plug/attachments/20110523/39eef958/attachment.htm>
>
> ------------------------------
>
> Message: 4
> Date: Mon, 23 May 2011 18:10:58 -0700 (PDT)
> From: Bob Schwier <schwepes2002@yahoo.com>
> Subject: Re: [PLUG] Microsoft's Many Eyeballs?
> To: Philadelphia Linux User's Group Discussion List
> 	<plug@lists.phillylinux.org>
> Message-ID: <646115.25017.qm@web161716.mail.bf1.yahoo.com>
> Content-Type: text/plain; charset=iso-8859-1
>
> Microsoft has a publicity machine that has more power than most
> governments and religions in history.
> Sheeple only know that it exists and if they don't like it they must
> do Apple.
> The data administrators and other software geeks are the only ones
> who can explain that there are other approaches.
> Most of the sheeple are simply unused to maintaining any thing except
> by calling the expert.  I had a problem with my oven, an error code,
> and it was like pulling teeth to get them to tell me what it was.
> Their continual response was for me to set up an appointment where I
> could spend $240 to get an expert's opinion.  I had to explain that
> I had worked with 440v 3 phase power and microwave systems to get
> even the most modest dose of information.  They told me it was unsafe
> for me to even think of looking at the problem myself.
> I'm just a perpetual novice but it is far easier maintaining my machine
> than my wife's Windows box.  I've never had those unfortunate virus
> issues, etc.
> bs
>
>
>
>
> --- On Mon, 5/23/11, Paul Walker <starsinmypockets@gmail.com> wrote:
>
> From: Paul Walker <starsinmypockets@gmail.com>
> Subject: Re: [PLUG] Microsoft's Many Eyeballs?
> To: "Philadelphia Linux User's Group Discussion List"
> <plug@lists.phillylinux.org>
> Date: Monday, May 23, 2011, 6:28 PM
>
> Linux and linux-based OSX are way more stable than Windows, in my
> experience.
>
> Paul
>
> On Mon, May 23, 2011 at 4:25 PM, Julien Vehent <julien@linuxwall.info>
> wrote:
>
> On Mon, 23 May 2011 16:08:39 -0400, Stephen Slaughter wrote:
>
>
> What do you folks think about this article?
>
>
>
>
>
> http://blogs.msdn.com/b/shawnhernan/archive/2010/02/13/microsoft-s-many-eyeballs-and-the-security-development-lifecycle.aspx
>
>
> [1]
>
>
>
> Is it true that open source code is reviewed by many fewer eyes than
>
> we might think?
>
>
>
> I'm dubious about the opinion of this article (i.e.. proprietary code
>
> from Microsoft is more secure) considering it was written by a
>
> Microsoft developer; however, people who think Linux is more secure
>
> are usually Linux developers and enthusiasts.
>
>
>
> Can anyone point me to an impartial opinion on this subject?
>
>
>
>
>
>
>
>
> FUD.
>
> Microsoft has been doing closed source development for almost 40 years, and
> so far they didn't prove they could provide code free of bugs or security
> issues.
>
>
>
> I see people coming from nowhere proposing patches to open source projects
> (not only security patches, all sorts of patches), that's the strengths of
> the Open Source model.
>
> OpenSSL, for example, is ultra secure partly because of the many reviewers
> that have access to the source. Now, the code is beefy, and reviewing is
> hard, but it happens, and probably more often than at microsoft.
>
>
>
>
>
>
>
> Julien
>
>
>
> ___________________________________________________________________________
>
> Philadelphia Linux Users Group ? ? ? ? -- ? ? ? ?http://www.phillylinux.org
>
> Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
>
> General Discussion ?-- ? http://lists.phillylinux.org/mailman/listinfo/plug
>
>
>
>
> -----Inline Attachment Follows-----
>
> ___________________________________________________________________________
> Philadelphia Linux Users Group? ? ? ???--? ? ? ? http://www.phillylinux.org
> Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
> General Discussion? --???http://lists.phillylinux.org/mailman/listinfo/plug
>
>
>
> ------------------------------
>
> Message: 5
> Date: Mon, 23 May 2011 21:34:47 -0400
> From: jeff <jeffv@op.net>
> Subject: [PLUG] xfce cont'd
> To: Philadelphia Linux User's Group Discussion List
> 	<plug@lists.phillylinux.org>
> Message-ID: <4DDB0B37.4040607@op.net>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>
> I tried reinstalling xfce and xdm, to no avail.
> I installed Gnome, which I bent mostly to my will.  I miss the panel
> add-in that tells me how much disk space I have free.  I hope that in
> some little corner of the universe, something is out of whack because I
> made Gnome look like xfce.
>
> Aside from actually fixing xfce, the only mystery left is who keeps
> turning the bathroom sink on full blast in the middle of the night.
> Wife claims no knowledge, dog doesn't care, so I'm left with the
> suspicion that this is feline in nature.
>
> Thank you and good evening.
>
>
>
> --
> -----
> the new home of ThermionicEmissions - the blog
> http://leftystrat.blogspot.com
>
>
> ------------------------------
>
> Message: 6
> Date: Mon, 23 May 2011 22:17:40 -0400
> From: Paul Walker <starsinmypockets@gmail.com>
> Subject: Re: [PLUG] Trying to config xhprof on gridserver
> To: plug@lists.phillylinux.org
> Message-ID: <BANLkTin5QLGT8i1yeyr1=9jZBnUjuqaPCA@mail.gmail.com>
> Content-Type: text/plain; charset="iso-8859-1"
>
> Well, I got the extension installed. Mediatemple actually had a doc
> outlining how to install xhprof .. Now my problem is that the UI won't show
> up. I stuck the xhprof_html folder in the root directory of the site I'm
> working on, but when I load it in the browser, it just gives me a white
> screen... no errors in the php log... hmph.
>
> On Mon, May 23, 2011 at 1:46 PM, Paul Walker
> <starsinmypockets@gmail.com>wrote:
>
>> Hey my name is Paul. This is my first post to the PLUG list. I'm a
>> Drupal/PHP developer who is also learning the linux environment (Debian
>> and
>> Darwin) and basic server admin. I'm currently trying to install the xhprof
>> (PECL) onto my Mediatemple gridserver. I'm having a bit of a time of it
>> since write restrictions won't allow the PECL installer to work. I've done
>> the following:
>>
>> mkdir /home/#####/data/lib/xhprof-0.9.2
>> wget http://pecl.php.net/get/xhprof-0.9.2.tgz
>> uncompress into /home/#####/data/lib/xhprof-0.9.2
>> cd ./xhprof-0.9.2/extension/
>> phpize
>> ./configure  (see below)
>> make
>> make install
>> make test
>> (make test returns 8 successful tests - 0 failures.)
>> mkdir /var/tmp/xhprof
>>
>> then I'm adding the following to my php.ini (at /home/#####/etc):
>>
>> [xhprof]
>> extension=xhprof.so
>> xhprof.output_dir="/var/tmp/xhprof"
>>
>> At this point, xhprof still doesn't work (ie - a call to xhprof_enable()
>> returns a fatal error - undefined function)
>>
>> Also, the php.ini parsed by phpinfo() is read only on my server. The above
>> php.ini file (created accdording to the mediatemple's docs) seems to not
>> be
>> being parsed by the server.
>>
>> Other specs:
>> PHP Version 5.2.14Apache/2.0.54 My questiosn:What is the proper php-config
>> path?
>> How do I tell php to parse my additional php.ini file?
>>
>> Am I doing anything else wrong?
>>
>> Thanks in advance for any help..
>>
>>
>>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL:
> <http://lists.netisland.net/pipermail/plug/attachments/20110523/cad380f6/attachment.htm>
>
> ------------------------------
>
> _______________________________________________
> plug mailing list
> plug@lists.phillylinux.org
> http://lists.netisland.net/mailman/listinfo/plug
>
>
> End of plug Digest, Vol 78, Issue 26
> ************************************
>

-- 
Sent from my mobile device

"We can only see a short distance ahead, but we can see plenty there that
needs to be done.”
- Alan Turing
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug