CORRECTEDRe: [svlug] Rules -> was postfix

John Conover conover at
Fri Jan 17 16:39:20 PST 2003

Yea, its kind of what MS markets/sells. If you look at what it takes
to configure a Unix system, one must have some competency with the
concepts of formal computer languages, (knowing the syntax of
bind/named, ipchains/iptables, ~/.fvwmrc2, etc.) Its kind of a
Unix'ism paradigm.

If one understands state/stack machines, the syntax is esoteric,
(well, maybe with the exception of bind.)

For MS stuff, most of the configuration is through filling out the
Wizard's dialog boxes. MS kind of shields the sysadm from having to
know much about such things, so an MS machine can be maintained by at
best a vocational school graduate with an MCSE, (and at worst, someone
who is self trained,) and does not have to know the fundamentals of
regex, state/stack machines, etc.

And MS is exploiting that; the new FUD/TCO stuff that MS has
sponsored/released recently is that for Unix/Linux, a more
expensive/qualified person is involved in the operational costs of
maintaining a machine-where the big chunk of TCO is. (The implication
being that Unix/Linux is for power users, and a small company with
less than 22 folks-MS' traditional market-doesn't need that kind of
power for its IT system.)

MS' marketing philosophy is that one does not have to know the
details-its all taken care of by MS. Computation for the masses.

IMHO ...


BTW, as a case in point, Win2K has MAC, (Mandatory Access Control, a
la NSA's secure Linux,) but it is impossible to configure through
dialog boxes, so it gets honorable mentions in the MS docs, and virii
keep propagating across the Internet. There are certain things that
can be done through dialog boxes, but a lot requires a more
sophisticated approach, like configuration files that determine the
actions of state machines. (Skully was write when he took over
Apple-you spend the first six weeks amazed at what windows can do, and
the next five years amazed at what it can't.)

Nimbda was a good example of folks plugging a machine into an RJ45
SOHO router, and slinging web pages. Security is something that is
very difficult to configure without formal configuration files. Nimbda
is what happens when folks think they are CS folks because they can
install MS Windows, answer some dialog box questions, and plug things
into an RJ45. (BTW, the total attention in the MCSE course offered at
a local community college to MS Win2K security was 26 minutes out of
the 28 hour course-all they said about security was how to use an
online port scanner.) Although MS has some complicity in Nimbda, the
propagation of Nimbda was the MCSE's fault. I still get Nimbda scans
on port 80 in my Apache logs-a year after the fact.

James Leone writes:
> Walter Reed wrote:
> >Same as with Windows.
> >You seem to think that it's different here. You are wrong.
> >
> Too many secrets Walter.  

John Conover, conover at,

More information about the svlug mailing list