From: Mike '/m' 



Your ignorance, whether real or feigned, is becoming tiresome.  So I'll bow out.

Enjoy.

 /m


On Mon, 9 Dec 2002 20:20:18 -0500, "Geo."  wrote:

>"Mike '/m'"  wrote in message
>news:5l49vushnkvmoq7ve7shnf3ct9r54ld8bb{at}4ax.com...
>
>> Just because a feature (in this case, source code availability) is
>> present does not mean that every user has to use that feature.
>
>But your argument is like saying a cpu is better simply because it comes
>with appendix G of the manual. Have you found your computer lacking because
>you don't have appendix G?
>
>> Yup.  Many times.   As I mentioned previously, your ignorance is
>> showing.
>
>I was pretty specific in my example, do you have a message number here to
>refer me to because I sure don't remember anyone here posting source code
>snippets to help people fix problems? Or are you thinking I'm going to
>wander off to some remote corner of the net where the programmers hang out?
>I don't deny that those places exist and that source code is traded freely
>is it a support area for users?
>
>> And your point is?
>
>Source code is not required to fix most security issues.
>
>> >> > Nobody needs the source code to IIS to write an
ISAPI filter or
>> >> >to change a system variable.
>> >>
>> >> So?  What's your point here?
>> >
>> >It only matters to programmers. (source code that is)
>>
>> I don't agree, but you're so determined in your ignorance on this that
>> I'll just disagree and let it drop.
>
>Why? I really would like you to explain why you take the position that you
>do because I don't understand. Make me understand, please?
>
>> Yes, it is your strawman.
>
>Fine, consider it dropped.
>
>> Your messages do not indicate any such understanding.  Before you can
>> learn you have to acknowledge your ignorance.
>
>duh? Will that do? 
>
>> What wasn't mentioned in the articles you cite was that the clean
>> source code is tagged with a MD5 checksum.  After you download the
>> source code, you check validate the checksum.  That simple check would
>> have caught the tainted source code.
>
>Klaus mentioned doing this with the ISO downloads for Knoppix as well, but
>his reason was because some browsers don't get clean downloads when it's a
>large file. I can't remember ever having to do that with NT patches, I don't
>think I'd trust it anyway as you and I know very well how reliable signing
>code can be. :>
>
>> If it had occurred to Microsoft, I probably would have reacted in the
>> same manner I reacted when a hacker broke into the Microsoft corporate
>> network, and had full access to the MS source code.  Does Microsoft
>> *really* know that there were no changes made to the source code, as
>> they have publically stated?  At least with Open Source, there are
>> thousands of copies around the world that can server as 'offsite'
>> disaster recovery copies.
>
>I don't know what MS does or doesn't do for backup but I would hope they
>have a few archive copies laying around.. Maybe even an offsite backup if
>they ever talked to chronister . IIRC there are a few universities
>licensed for the source code to NT as well aren't there?
>
>Geo.
>

--- BBBS/NT v4.01 Flag-4