# Konqueror stores samba passwords in plain text

## slon

Everything is great.Last edited by slon on Wed Dec 22, 2004 7:28 am; edited 1 time in total

----------

## slon

Everything is great.Last edited by slon on Wed Dec 22, 2004 7:29 am; edited 1 time in total

----------

## coax

Do you think there is a decent alternative to linux security? Ever heard of l0phtcrack for windows?

I also think this bug should be fixed, but saying that linux security is a big fat lie, now that's just idiotic.

----------

## slon

Everything is great.Last edited by slon on Wed Dec 22, 2004 7:29 am; edited 1 time in total

----------

## blaznyoght

Having kde on a box which needs high security is idiot.

If you need very high security don't install any wm on the box. The linux power is that you can have a good and secured server box without any *unsecured* interface.

Linux isn't kde.

----------

## coax

 *slon wrote:*   

> I have evidence on my side. All you've got is your bare statement.

 

Ever printed a textfile that you accessed through ftp with windows explorer?

Prints the username and password too, because it's in the path of the file.

And your "proof" ... do you know why there is something like file ownership? If you do an ls -l in your /tmp/kde-g00fy/ directory, you will see that the log files are -rw- --- ---, what means that only you (g00fy) and root can read them.

Don't get me wrong, I think using username and password in clear text in the path of a file is not a good idea, but don't forget that samba was built to serve als file server for windows machines (at least I think it was).

You are right if you say that some things "could" be safer on gnu/linux systems, but I think that as far as security linux is one of the most secure operating systems you'll find.

Don't like it? Then don't use it. 

You could always try one of the bsd's.

----------

## zerojay

 *slon wrote:*   

>  *Quote:*   kdelibs, kdebase: Multiple vulnerabilities
> 
> kdelibs and kdebase contain a flaw allowing password disclosure when creating a link to a remote file. Furthermore Konqueror is vulnerable to window injection.
> 
> For more information, please see the GLSA Announcement 
> ...

 

Well, you apparently didn't file a bug about it in KDE's Bugzilla so the only idiot here is you. Once the problem was mentioned to them, they fixed it about an hour later.

----------

## Bob P

 *DarkStalker wrote:*   

> Well, you apparently didn't file a bug about it in KDE's Bugzilla so the only idiot here is you. 

 

well, i'm not sure that i would go that far.  the developer who came up with that idea in the first place had to be an idiot too. 

i've encountered similar problems with KDE.  if you have a windows printer installed via SAMBA, kde openly displays the username:password in KDE > Control Center > Peripherals > Printers > Location.  IMHO displaying this information openly for all users in the KDE control center is a FAR greater offense than writing to a file that only root has privileges to read.  no doubt about it, KDE security sucks.

----------

## slon

Everything is great.Last edited by slon on Wed Dec 22, 2004 7:30 am; edited 1 time in total

----------

## deflin39

um...how does a security flaw in KDE translate to Linux not being secure?  Just because an application is designed to run on Linux doesn't mean it is automatically secure too.  I think your complant would better be suited for the KDE developers.  

The beauty of the Linux (expecially Gentoo!) is the base system is rather tried and tested.  Any additional packages you add are at your own risk.  But at least you have that option unlike some other $ystems.

deflin39

----------

## slon

Everything is great.Last edited by slon on Wed Dec 22, 2004 7:30 am; edited 1 time in total

----------

## zerojay

 *slon wrote:*   

> So when I say that I run linux on my box you understand it literally as in " I have a box that runs bare linux kernel and nothing else". Right?

 

His point is that KDE runs on a lot more OSes than just Linux.

----------

## Dolio

 *slon wrote:*   

> nfs-utils: Multiple remote vulnerabilities

 

nfs isn't exactly a shining example of security, even if you use the version provided by its inventor, Sun.

 *slon wrote:*   

> PHP: Multiple vulnerabilities

 

I suppose PHP also doesn't run on any other operating systems than Linux?

 *slon wrote:*   

> I stopped doing that after filing four bugs, every one of which have been confirmed but none was fixed. So why bother?

 

Were they all serious security vulnerabilities, and marked as such?

 *slon wrote:*   

> What if I'm root on my box and someone for whatever reason uses it (the box) to access any samba shares I don't have permissions to see? Now I can.

 

I'm not sure I understand what you're saying here. Are you complaining that if you leave your machine lying around logged in as root, people can do whatever they want to it?

Is it your opinion that for Linux to be considered secure, any program you wish to run on it has to be totally free of security holes? Even OpenBSD, which is known for high security, doesn't make that claim. Their claim goes something like, 'only one remote root exploit in the default install in however many years.' They only guarantee a small set of programs, and that set would never be useful as a desktop system.

Personally, I just enjoy the fact that I can plug default Linux install into a network connection without it being automatically exploited by tons of worms within 5 minutes.

As for your complaint about vulnerabilities being fixed promptly, well, they can only be fixed if people know about them, and all the ones you mention seem to have been fixed fairly quickly after they became known. The only exception being the one where you knew about it, but didn't tell anyone, which is entirely your fault.

If you think, "secure" means "never has any vulnerabilities ever," then I suggest you stop using computers all together.

----------

## slon

Everything is great.Last edited by slon on Wed Dec 22, 2004 7:31 am; edited 1 time in total

----------

## zerojay

 *slon wrote:*   

>  *Quote:*   I'm not sure I understand what you're saying here. Are you complaining that if you leave your machine lying around logged in as root, people can do whatever they want to it?  
> 
> No
> 
> Here's the scenario for you:
> ...

 

I don't understand why you didn't post to KDE's bugzilla instead. The Gentoo developers aren't responsible for KDE's samba implementation.

----------

## slon

Everything is great.Last edited by slon on Wed Dec 22, 2004 7:31 am; edited 1 time in total

----------

## slon

Everything is great.Last edited by slon on Wed Dec 22, 2004 7:32 am; edited 1 time in total

----------

## zerojay

 *slon wrote:*   

>  *Quote:*   His point is that KDE runs on a lot more OSes than just Linux. 
> 
> Why is it relevant?

 

[quote="slon"] *Quote:*   

> Nice. Now I know first hand that "Linux security" is a BIG FAT LIE. I was talking about it almost a year ago and nobody gave a fuck. 
> 
>  So next time someone tells me that linux is more secure and vulnerabilities are fixed promptly I will know that I'm looking at an idiot.

 

That's why. The whole reason "nobody gave a fuck" is because you didn't bother telling the people that made the mistake in the first place. Once it was actually brought up to them, it was fixed almost right away.

----------

## Dolio

 *slon wrote:*   

>  *Quote:*   The only exception being the one where you knew about it, but didn't tell anyone, which is entirely your fault.  
> 
> I beg your pardon? How much more blunt can I be?
> 
> Konqueror stores samba passwords in plain text 
> ...

 

1) This is not a Gentoo-specific issue at all, so it should have been reported to the KDE maintainers, who can actually do something about what you found. You didn't do that.

2) These forums are for community technical support. Bugs in Gentoo should be reported to bugs.gentoo.org. There is no guarantee that talking about a bug here will be seen by anyone in a position to correct the bug, as many developers don't read the forums, and even if they did, they don't have time to read every single post, so the odds that the right developer would read your specific post are slim.

So, in other words, no, you didn't report the problem in any way that has a significant probability of actually getting it fixed.

Feel free to brush the chip off your shoulder as well.

----------

## zerojay

 *Bob P wrote:*   

>  *DarkStalker wrote:*   Well, you apparently didn't file a bug about it in KDE's Bugzilla so the only idiot here is you.  
> 
> well, i'm not sure that i would go that far.  the developer who came up with that idea in the first place had to be an idiot too. 
> 
> i've encountered similar problems with KDE.  if you have a windows printer installed via SAMBA, kde openly displays the username:password in KDE > Control Center > Peripherals > Printers > Location.  IMHO displaying this information openly for all users in the KDE control center is a FAR greater offense than writing to a file that only root has privileges to read.  no doubt about it, KDE security sucks.

 

http://bugs.kde.org/show_bug.cgi?id=95543

Thanks for doing the right thing and opening up a bug for the problem at KDE's Bugzilla.

----------

## Evangelion

 *slon wrote:*   

>  *Quote:*   kdelibs, kdebase: Multiple vulnerabilities
> 
> kdelibs and kdebase contain a flaw allowing password disclosure when creating a link to a remote file. Furthermore Konqueror is vulnerable to window injection.
> 
> For more information, please see the GLSA Announcement 
> ...

 

Uh, has ANYONE EVER claimed that "there are no security-problems in Linux! It's impossible!"? What people have said is that there are less security-problems in Linux than there is in Windows. And that claim is true.

If you expect Linux to be 100% bug-free and that it will never have any security-problems, you will be disappointed. No OS can claim to be completely secure.

 *Quote:*   

>  I was talking about it almost a year ago and nobody gave a fuck. 
> 
> So next time someone tells me that linux is more secure and vulnerabilities are fixed promptly I will know that I'm looking at an idiot.

 

Linux IS more secure. Because there happens to be a bug in KDE's SMB-implementation, it somehow proves that Linux as a whole is just aas insecure as Windows is? If you really believe that, then I can't help but think that you are one clueless individual

----------

## Evangelion

 *slon wrote:*   

> How do you like them apples? 

 

Is it just me, or is this whole thread just one big troll? Here we have one individual screaming "oooh ooh! Linux has security-problems in some of the apps and utilities that can be used in Linux! How do you like them apples?". If you REALLY believed that Linux (The kernel and the userland) are 100% free of security-problem, then I'm afraid that you are a moron. And NO-ONE has EVER made any claims that Linux and it's userland are completely free from bugs!

Seriously, get back to your cave. And if you are not a troll, try to educate yourself before you start spouting BS!

----------

## slon

Everything is great.Last edited by slon on Wed Dec 22, 2004 7:32 am; edited 1 time in total

----------

## Evangelion

 *slon wrote:*   

> No it's not.
> 
> Security problems on linux discovered at the same or even higher rate.

 

you are comparing apples to oranges. For starters, you are comparing ALL Linuxes to Windows. And most of the problems in your list affect only one Linux-distro. For example: [SA13458] Red Hat update for itanium kernel. that only affect Red Hat, and furthermore it only affects one certain version of a certain niche-system.

Besides, you also listed vulnerabilities that are not about Linux! There are Solaris and Irix stuff there as well!

And then we have stuff like this: [SA13473] Debian update for atari800. uh-huh. Sounds really dangerous.... On the other hand, the Windows-vulnerabilities have stuff like:

[SA13466] Microsoft Windows WINS "Name" Validation Vulnerability

[SA13463] Microsoft Windows NT DHCP Buffer Overflow Vulnerabilities

[SA13465] Microsoft Windows Kernel and LSASS Privilege Escalation

Vulnerabilities

[SA13409] Microsoft Office SharePoint Portal Server Disclosure of User

Credentials

Sounds pretty critical to me.

How many of those Linux-holes are critical? Numerous studies have said that Linux has less bugs per SLOC than Windows does. And that Linus has less critical bugs than Windows does. And that bugs in linux are patched faster than they are patched in Windows.

Like I said: get back to your cave.

----------

## slon

Everything is great.Last edited by slon on Wed Dec 22, 2004 7:33 am; edited 1 time in total

----------

## Dolio

You should go use Windows. You'll be much happier.

----------

## Evangelion

 *slon wrote:*   

> So what. They are patched faster if they are discovered. I'm questioning the proccess of auditing Open Source apps for security problems.

 

Well, people smarter than you belive that there are no problems with the process. Hell, cryptography-guys believe strongy in opoen source, they do NOT belive in "security through obscurity". Maybe you should go tell them that they do not know anything about security?

 *Quote:*   

> You see: Linux under umbrella of Open Source is sold to the public as a better model because there are suposedly "thousands of eyeballs" on the code and therefore all problems are quickly discovered and fixed.

 

And you know what? That is how it works. Studies have shown that Linux has less bugs per SLOC than Windows does.

 *Quote:*   

> It is my contention that in reality it's just not true.

 

It is my contention that you do not know what you are talking about.

 *Quote:*   

> Otherwise how can you explain serious security holes in many apps that tag along from version to version sometimes for years.

 

So you assume that they should be found in a matter of hours, is that it? This particular SMB/KDE-bug appeared in February of this year, and it was discovered in december. Hardly "years", now is it?

To offer a counterpoint: Interbase Database. It contained a backdoor that was inserted in to the code in 1994 and it remained there untill 2001. That's SEVEN years! Borland opened the source in july of 2001, and open-source hackers discovered the backdoor in december. While the source was closed, that backdoor remained in the system for SEVEN years! That's  84 months! After the code was opened, it was discovered in 5 months.

How do you like them apples  :Wink: ?

And, I remember a bug that affected both Konqueror and Internet Explorer. The party that found the bug, announced it in the same time. How long did it take for the KDE-guys to patch that hole? 2-3 hours. How long did Microsoft take to patch the same hole in Internet Explorer? about 30 days.

Seriously: you have no idea what you are talking about. But do go on. I find your comments to be quite amusing  :Smile: .

----------

## slon

Everything is great.Last edited by slon on Wed Dec 22, 2004 7:34 am; edited 1 time in total

----------

## Evangelion

 *slon wrote:*   

>  *Quote:*   You should go use Windows. 
> 
> Very original.
> 
>  *Quote:*   That is how it works 
> ...

 

Yes it does. How do you explain Interbase?

 *Quote:*   

> And examples of NFS and PHP prove my point.

 

So let me get this straight: you claim that open-source model does not help find the bugs. Well, apparently the bugs are found since they are reported! How can the bugs not be found since you spend lots of time listing cases where bugs have been found? Apparently the system does work, since bugs are found and reported.

 *Quote:*   

> It took me two minutes to find those in recent GWN. If I did more in-depth research on the subject I'm sure I could find more of the same.

 

So, because some Linux-software has bugs, it somehow proves that open-source model does not work? Uh-huh.

 *Quote:*   

> Evangelion I'd like to see those studies that you mention. All I see from you just unsuported statements and bunch of insults.

 

Ask and ye shall receive:

The Linux operating system has many times fewer bugs than typical commercial software, according to an upcoming report.. "Hallem stressed that the research on Linux--specifically, version 2.6 of the kernel--indicated that the open-source development process produced a secure operating system."

"Even by Microsoft's subjective and flawed standards, fully 38% of the most recent patches address flaws that Microsoft ranks as Critical. Only 10% of Red Hat's patches and alerts address flaws of Critical severity."

In the cryptography world, we consider open source necessary for good security; we have for decades.

 *Quote:*   

> Are you capable of conducting a civilized discusion?

 

Funny, considering that your line of argument is "There's a bug in Linux software! That proves that open source-model does not work! Linux sucks!"

Seriously: I suggested that you should at least try to educate yourself about the subject-matter. It difficult to have a rational discussion about this, since you have no clue about the topic.

----------

## slon

Everything is great.Last edited by slon on Wed Dec 22, 2004 7:34 am; edited 1 time in total

----------

## blaznyoght

Are you paid by M$ to fl00d Gentoo forums with trolls about security problems ?

I am new to linux, but one thing I can tell is that you're messing up many things about security.

You seem to be misunderstanding the concept of the Linux Kernel and the open source software model that is built in top of it.

You seem to be summing all of the distribution's specific tools security problems and comparing it to the problems in a single system.

In each your answer you point out a single point, without justification either, while people here are making an effort to show you that ALL your arguments are inappropriate or just false. 

I really admire the gentoo guys who take of their time to explain you the security things, although it's obvious that you know and understand nothing about it.

----------

## Evangelion

 *slon wrote:*   

> Just a minute ago I discovered another "present" from Open Source project called Firefox

 

Why not list the holes IE has? Seriously? I mean, since Open source sucks so much, IE should be the paradigm of security, right?

For the last time: has anyone claimed that open source will produce flawless, 100% secure software? NO! Therefore your whining is both useless and pointless.

----------

## slon

Everything is great.Last edited by slon on Wed Dec 22, 2004 7:35 am; edited 1 time in total

----------

## Evangelion

 *slon wrote:*   

> Why is it relevant. I'm not making comparative analyses. Why are you insisting on pushing this discussion into MS v. Linux?

 

Since you keep on whining how crappy open source is. Well, the alternative to Open Source is Closed Source, and of that, Microsoft if the most prominent example. You also whined how crappy Firefox is. I asked you to compare it to it's most prominent closed-source alternative: Internet Explorer. So, how about that comparison? Does Internet Explorer have more holes than Firefox does? If it does, then how can Firefox be so crappy, if it's main rival has order of magnitude more holes in it?

Seriously, what do you want to happen here? Do you want open-source developers to write flawless, 100% bug-free code? I would like that as well. But I know that expecting something like that is completely unreasonable. But you seem to think that since open-source code is not 100% bug-free, it somehow demonstrates how crappy open source and it's developement-model is.

Your way of thinking clearly shows that you have no clue when it comes to security, and you have even less clue when it comes to software-developement!

----------

## slon

Everything is great.Last edited by slon on Wed Dec 22, 2004 7:35 am; edited 1 time in total

----------

## Evangelion

 *slon wrote:*   

> No. My argument is:
> 
> There are security holes in important applications that span across several major versions that nobody caught. As an example I posted GLSA from last week for PHP and NFS. Both of them have been in Open Source domain for quiet long time and yet all... AAALLLLL previous versions of these two applications are affected by their respective bugs.

 

Two words: so what? More precisely? What do you think it proves? Are you under the illusion that open source model guarantees that ALL bugs are found in relatively short period of time? No it does not. It makes it possible, but it does not guarantee it.

 *Quote:*   

> How does it relate to the subject of this thread? Simple. I voiced my concerns about passwords being stored in plain text and (as I mentioned several times before) nobody gave a fuck.

 

Apparently they did, since this particular problem was fixed. Did you BTW report it to the KDE-guys, instead of just whining about it in gentoo-forums? If you did not, then YOU are part of the problem!

 *Quote:*   

> Ether nobody is actively looking at the source or people who are doing it simply incompetent.

 

So, you draw that conclusion based on exactly ONE incident? People smarter that you disagree with you on that claim.

 *Quote:*   

> As a result we get apps that pose security problems. But people like Evangelion insist that everything is fine and there is nothing to worry about.

 

Don't put words in to my mouth. I merely pointed out the fact (several times in fact) that security in Linux and in related apps is ALOT better than it is Windows for example. It was you who claimed that because of this one incident Linux's security is "big fat lie". I merely pointed out that there are bugs in every system, including Linux. Yet Linux's security track-record is alot better than it is on Windows. is Linux perfect when it comes to security? Of course not! And no-one has claimed that it is! But it is ALOT better than Windows is! How can Linux be more secure if open-source developement-model is flawed (as you claim)? Why do experts agree that Linux is secure and relatively bug-free when compared to commercial software? How can that be if open-source model is "flawed"? Answer me that.

----------

## slon

Everything is great.Last edited by slon on Wed Dec 22, 2004 7:36 am; edited 1 time in total

----------

## Evangelion

 *slon wrote:*   

> Try to read my posts several times. Other than that I don't know what else to tell you.

 

I wasted several moments of my life going through your posts. And to me they were nothing but clueless whining. there was a security-bug in one certain Linux-app, and you used that as a "evidence" in your crusade to show how flaed the open-source model of developing software is.

But hey, let's go through your claims one by one, shall we? 

 *Quote:*   

> I know first hand that "Linux security" is a BIG FAT LIE.

 

You came to that conclusion through exactly ONE example.

 *Quote:*   

>  I was talking about it almost a year ago and nobody gave a fuck.

 

you talked about it 7 months earlier, not "almost a year ago". And you didn't talk to the relevant people (KDE-developers) but in gentoo-forums (not related to KDE)

 *Quote:*   

> So next time someone tells me that linux is more secure and vulnerabilities are fixed promptly I will know that I'm looking at an idiot.

 

Did you report the bug to KDE-developers? if not, then you have no basis to whine. they can't fix bugs, if those bugs are not reported to them. Once they are told of bugs, they usually get fixed promptly.

When you were asked that did you report the bug, you replied:

 *Quote:*   

> As I stated before nobody gives a fuck. If someone did we wouldn't have this conversation.

 

What makes you think "nobody gives a fuck". Because KDE-developers are not psychic and that they cannot read your mind? Here's a hint: if you want to see the bugs get fixed YOU HAVE TO REPORT THEM! Seriously, this is not rocket-science! Once they were aware of the bug, it was fixed promptly.

 *Quote:*   

> Security problems on linux discovered at the same or even higher rate. 

 

And, as I showed you, most of the Linux-problems are not critical (around 10% is), whereas about 40% of Windows-problems are. And I also showed you that the Linux-problems are quite often limited to one particular distribution, instead of all Linuxes.

 *Quote:*   

> They are patched faster if they are discovered.

 

true. But discovery is not enough, they must be reported as well! And this is something you failed at! MISERABLY!

your comment about discovering bugs in open source apps:

 *Quote:*   

> That's how it's supose to work. But in reality it just doesn't.

 

And I showed you that it does work (Interbase).

 *Quote:*   

> Evangelion I'd like to see those studies that you mention. All I see from you just unsuported statements and bunch of insults. Are you capable of conducting a civilized discusion?

 

And I gave you links to some relevant studies

Seriously, what more do you want? I read your comments, I replied to them with accurate information. Do I have to draw you pictures or what is the problem here?

----------

## firephoto

I looked at the bug [*edit] Bob P [/*edit] posted and it just looks like someone setup a windows share without secure passwords. My Printer info for the samba printer is,

```

smb://sambanet/host/printer

```

You can have secure or insecure passwords with samba so I really don't see what the big issue here besides an oppurtunity to troll. If you can't fix it, and it bothers you so much, then move on and use something else and quit complaining. I also find it rather stupid to have the company payroll info on a samba/windows share and your buddy storing mp3's on the payroll server (very dumb example you gave srry.). Samba or windows share passwords seem more for with limiting user access rather than for security and I've never used a 'real' passwd with samba or windows shares for that reason. Now if you are logged in to your system as root for any reason and leave your system physically unsecure when you are physically not their then you're asking for trouble if there's the chance someone will physically sit down and start punching keys.

 :Rolling Eyes: Last edited by firephoto on Tue Dec 21, 2004 10:26 pm; edited 2 times in total

----------

## Dolio

slon, your arguments are ridiculous. You don't want to compare to Microsoft? Then what do you want to compare to?

Do you want open source software to never have any bugs ever? Well, sorry, no software on earth is like that. The software that comes the closest is TeX, as far as I know, and that was written by a man who is quite likely a genius. Since not everyone is a genius, and much open source software is more complex than TeX, most software can't even live up to TeX as a, by your standards, pretty shitty piece of software, with a a few bugs over its lifetime.

It's impossible to have software that never has bugs in it. It doesn't matter how much auditing you do, it will still probably have bugs, because the people working on it are still human, and prone to error. Arguing otherwise doesn't make any sense.

One note: you cited the fact that more bugs got reported about open source than did about proprietary Windows software last week. Doesn't that indicate that more flaws are being fixed in open source software? Can you prove that Windows and associated software don't have equal or more bugs, but that those bugs simply go undiscovered and unrepaired? If not, then it's entirely possible that open source developers are simply finding and fixing existing bugs more often than Windows people are. Isn't that a good thing?

No development system guarantees that software has no bugs whatsoever. Thinking otherwise is ludicrous.

----------

## Bob P

 *DarkStalker wrote:*   

> Thanks for doing the right thing and opening up a bug for the problem at KDE's Bugzilla.

 

Just trying to do my part to help keep Linux better than Windows!   :Wink: 

----------

## DarkMatter

 *Dolio wrote:*   

> It's impossible to have software that never has bugs in it. It doesn't matter how much auditing you do, it will still probably have bugs, because the people working on it are still human, and prone to error. Arguing otherwise doesn't make any sense.

 

I beg to differ.  I wrote a handy little app the other day that is completely secure and bug free.  I call it "Hello World", it's gonna be big.   :Very Happy: 

Sorry, just trying to lighten the mood in here a bit.

----------

## Bob P

 *DarkMatter wrote:*   

>  *Dolio wrote:*   It's impossible to have software that never has bugs in it. It doesn't matter how much auditing you do, it will still probably have bugs, because the people working on it are still human, and prone to error. Arguing otherwise doesn't make any sense. 
> 
> I beg to differ.  I wrote a handy little app the other day that is completely secure and bug free.  I call it "Hello World", it's gonna be big.  
> 
> Sorry, just trying to lighten the mood in here a bit.

 

i thought about a "hello world" wisecrack, but passed on the idea.  i think its a pretty safe assumption that we'd all agree that the probability of a bug creeping into a program is more or less directly proportional to the number of lines of code.  people need to keep that in mind when they complain about somebody else's work.  no matter how conscientious a programmer you may be, its impossible to eliminate all bugs.  the expectation that a complex system should be a perfect system is a bit naive, imho.

----------

## slon

Everything is great.Last edited by slon on Wed Dec 22, 2004 7:37 am; edited 1 time in total

----------

## firephoto

 *slon wrote:*   

> I guess I do have to spell it out for some people.

 

If you're so sure of whatever it is you're trying to get across then why don't you?

You found what might be a problem with samba and KDE but you didn't file a bug report because you're ticked off some other bug got no attention. (This was your reason for another "problem" with KDE also in another thread) To go along with this you claim "linux" is insecure because of this supposed problem and that it has "more" bugs and security problem than Windows which is untrue unless you're into spinning numbers to make  Windows look better. (you've beaten this drum before also)

 *slon wrote:*   

> 
> 
> I stopped doing that after filing four bugs, every one of which have been confirmed but none was fixed. So why bother?
> 
> 

 

What's the bug numbers for the bugs you haven't had resolved?

----------

## MighMoS

I skipped past the last few posts, but it seems to me that Gentoo Linux, is a distributer of software, and not the developer.  To find a flaw in PHP and blame linux is like finding a flaw in AIM and blame microsoft.  Gentoo Linux should be in charge of the base core utilities and the kernel (in terms of security).  Everything listed under `emerge -ep system`.  Past that, you're barking up the wrong tree.

The problem with software --any software-- is that anyone can write bad code.  For anyone.  And then the wrong people get blamed.  Is Linus Torvalds responcible for not placing better checks into his kernel that prevents PHP from being exploited (thereby increasing his code to 14MB kernels) no.  He's responcible for the framework, and people below that take care of their ends.  

To make a comparison, bugs are still being found in Windows 2000 that have been around for 5 years now!  Where's the magic of proprietary software?  Is that what you call more successful? 

If you don't like the GNU/Linux system, refuse to switch to BSD, and say that "go to windows" responses are so classic, then just don't use a computer.  Or at least buy one with a double-encrypted loopback filesystem, no network card, and makes you type a password every 5 seconds and scan your eyes to make sure its really you working there and not a hacker.  If none of these options seem viable, then I don't know what to tell you.

----------

## MighMoS

Holy crap I took the flamebait!  *hangs head in shame*

----------

## Bob P

 *firephoto wrote:*   

> I looked at the bug [*edit] Bob P [/*edit] posted and it just looks like someone setup a windows share without secure passwords.

 

well, the problem wasn't one of an insecure SMB server -- it turns out that my bug report wasn't really a bug.  the problem was caused by unclear/ambiguous use of sytax in the Samba Printers HowTo.  There's an update there if anyone is interested.

The only reason that I post this information is to comment about the rapidity with which KDE's people addressed the situation.  I had a response from the author of the KDE Printer Manager the day after I had filed the report, and the problem was very quickly identified and resolved.  I couldn't have asked for better support.  :Wink:   (score another point for the KDE guys!)

----------

## firephoto

You might want to post a notice to that other thread with the howto so more people don't set the printer up the wrong way. I never looked at the first post over there but It's pretty clear what happened there now. In the KDE Printers setup if you look at the properties on a samba printer you'll see that the location is described as not being necessary, I think it just gives you the "Printing my.txt to Epson on Workgroup" if Workgroup is the location.

----------

## Bob P

i've already posted the solution to that thread.  i had planned on adding a new post, but somehow, when i tried to copy text from a previous post, i ended up editing the earlier post instead of creating a new one.   :Embarassed: 

the good news is that all of the necessary info is now in the thread, so anyone reading it will see it.

----------

