"Last week, the Internet Storm Center, a group of security professionals
that track threats on the Net, flagged a flaw in how a common Microsoft
Windows utility and several anti-spyware utilities detect system changes
made by malicious software. By using long names for registry keys, spyware
programs could, in a simple way, hide from such utilities yet still force
the system to run the malicious program every time the compromised computer
starts up."

http://www.securityfocus.com/news/11300

Im

Well, the Windoze Registry has blossomed from an ill-conceived concept
in Win95 to the sprawling, totally out-of-control nightmare that it now
is. It is totally beyond redemption, and I would challenge anyone that
claims to know what every single entry in the Registry is, or does.

e.g. WTF? {2D18D25D-8E3D-F766-DF01-828AAC3A96F8} etc, etc

OK this is not code, but I think the quote still applies - Eric Raymond
"Elegant code is not only correct, but visibly, transparently correct."

I suppose Jim will disagree

Imhotep wrote:

Steve Welsh wrote:

Yes, I agree with you. The registry was intentionally made overly complex as
to force companies to become a "Microsoft partner". In doing so, it has
augmented into a sloppy beast ripe for hackers/crackers.

I still the the old Linux/Bsd way: A simple configuration file the you can
edit with any text processor. Clean and simple...

Imhotep

In the Usenet newsgroup alt.computer.security, in article
<TmvRe.97175$dJ5.76786@tornado.tampabay.rr.com>, Imhotep wrote:

It's also one massive single point of failure. If it gets trashed for any
reason, your box is setting there totally screwed. At least with the Mac
from that era, if it couldn't boot, it gave you an icon of a sick looking
computer and asked for a boot floppy.

s/Linux\/Bsd/UNIX/

Simple???

[compton ~]$ wc -l /etc/sendmail.cf
1490 /etc/sendmail.cf
[compton ~]$

When I started using Linux in 1994, I probably wasted a day or two trying
to read the stupid boot scripts. Miquel van Smoorenburg started that mess,
and others took it and ran with it. The guys REALLY knew the nitty-gritties
of Bourne shell scripting, but they absolutely flaunted it. Eric Raymond's
quote "Elegant code is not only correct, but visibly, transparently correct."
was NOT followed. And yes, I do know something about shell scripting, as
I've been using UNIX since 4.1BSD (and I _still_ hate csh).

As far as editing with "any text processor", you do have to be aware that
some "user friendly" editors (pico - the skript kiddiez friend is one
example) auto-wrap lines longer than 70-odd characters at a word break,
and that will screw up your day just fine.

Old guy

Bah, play fair, that's 90% comments.

[mail /root]# cat /etc/mail/sendmail.cf | wc -l
1127
[mail /root]# cat /etc/mail/sendmail.cf | grep -v # | wc -l
84
[mail /root]#

and of course when it wraps you can back space and remove the wrapping
until you edit the line again... or convert to a real editor... like vim
or emacs or... ed (j/k)

--
Shadus

On 2005-09-01, Jim Watt <jimwatt@aol.no_way> blabbed:
powerful, and does everything I could want out of an editor for source
code, text files, configs, etc. I can use emacs in a pinch, jed, jove,
pico, nano, whatever. I prefer vi, even use it in windows when I'm
forced to work there.

To give up an entire os because you don't like/can't grasp its default
editor seems... eh nevermind, it speaks for itself.

original thread regarded the registery if I remember right. The
original point if memory serves was that unix config files are much
simplier than the registry and safer too since a single change in one
value won't leave your machine in an unbootable state.

nice... compared to the registry, especially when dealing with 3rd party
applications and programs which may or may not have a key there that is
required... shrug, I'll stick to configs.

--
Shadus

In the Usenet newsgroup alt.computer.security, in article
<-v2dnYb6s5dc_IreRVn-3w@giganews.com>, Shadus wrote:

Yet even sendmail.org doesn't recommend messing with the .cf file, wanting
you to use the sendmail.mc file - not that it's a whole lot easier to
understand.

man pico and look for the -w option

or 'echo' ;-)

The problem with "real editors" other than "/bin/vi" (which given the
license problems is often a link to or a subset of a vi clone) is that they
are often not available when you need them. Yes, you should also have the
even more "user unfriendly" /bin/ed, and most vi users know enough of the
commands to get ed to do something useful. :wq!

Old guy

Jim Watt wrote:
NAME
wc -- word, line, character, and byte count

SYNOPSIS
wc [-clmw] [file ...]

DESCRIPTION
The wc utility displays the number of lines, words, and bytes contained in
each input file (or standard input, by default) to the standard output. A
line is defined as a string of characters delimited by a <newline>
character, and a word is defined as a string of characters delimited by
white space characters. White space characters are the set of characters
for which the isspace(3) function returns true. If more than one input
file is specified, a line of cumulative counts for all the files is
displayed on a separate line after the output for the last file.

Looks like there's 1490 lines in your sendmail.cf file, if I read the
manpage correctly. Sounds pretty simple to me, but then again, it's
written in English, so I could be wrong..

"Shadus" <shadus@shadus.org> wrote in message
news:HvydnXg-zJ7f9IXeRVn-sA@giganews.com...
LMAO on that one - VI is a perfectly reasonable line editor (first used 'em
on Cyber mainframes), but a fairly poor excuse for the FSEs that emerged in
the 1980s. Heck, EVE showed how to convert a perfectly good VAX line-editor
into an excellent FSE. More than two decades ago.

And even modern editors could learn a few tricks from the 300kB or so of
MultiEdit (1988, DOS 3.01 or higher, if memory serves).

Anyway - the argument's pointless unless you've ever used CED Pro 2.
Blitters /rock/, when it comes to editing ;o)

--

Hairy One Kenobi

Disclaimer: the opinions expressed in this opinion do not necessarily
reflect the opinions of the highly-opinionated person expressing the opinion
in the first place. So there!

On Sat, 3 Sep 2005, Hairy One Kenobi wrote:

LMAO on that one. "ed" is the line editor, "vi" is the full screen editor.
vim is an incredibly powerful editor -- if you can learn how to use it.
Most people don't. And vim with config files is wonderful -- it
understands the syntax of many file types and highlights the various items
appropriately. If you are going to edit html files in a text editor, vim
is probably what you want to use.

But vi/vim's most powerful attribute is that it is available on just about
every *nix platform (although, for some strange reason, Gentoo uses pico
as its default).

Anyway, back to the original comment about the registry vs. config files:
yes some config files for *nix applications are complex, however, many are
quite simple and most contain detailed comments. I don't recall any
comments in the registry....

"Whoever" <nobody@devnull.none> wrote in message
news:Pine.LNX.4.63.0509022256350.27348@localhost.l ocaldomain...
<snip>

Take a closer look at the command structure... an FSE doesn't require a
keypress to (say) change a character in the display.

That makes it - as I said - a poor excuse for an FSE coded in th last
quarter-century. EVE (an FSE sitting on top of EDT) showed how to do it
/properly/...

Because an end user is supposed to be using the configuration tool, rather
than low-level editing? In the sixties and seventies, use of multiple config
files, shotgunned over every device on a system, was the norm. The registry
concept merged all of this into a single location - older versions of
Windows were just as guilty as everyone else at peppering your disks with
hard-to-find, hard-to-backup files.

Can't see what all the fuss is about.. unless you would care to argue about
piss-poor use of which sections in the registry bad developers tend to use?
Requiring admin rights?

H1K

Moe Trin wrote:

:-)

At least compared to a registry....
:-)

What do you prefer? zsh?

Ah come on EMACS baby!!! (I bet your a vi guy!)

Imhotep

Shadus wrote:

Are there no Emacs guys/girls around here????



Im

Jim Watt wrote:
<snip>
Why is it whenever anyone criticizes MS you always use that lame ass excuse
about bashing?

It is a fact, the registry sucks...

"Imhotep" <Imhotep@nospam.net> wrote in message
news:fZWdnQgnfrnPlofeRVn-hw@adelphia.com...
<snip>

Used to be (on the Amiga).

CED Pro 2 knocked it into a cocked hat.. as did MultiEdit on the PC
(required MS-DOS 3.02, though, IIRC. A pain on certain machines of the day)

That said, I stayed clear of buying my own PC until something half decent
came out (Windows 3.1, rapidly upgraded to a 3.11 hybrid)

--

Hairy One Kenobi

Disclaimer: the opinions expressed in this opinion do not necessarily
reflect the opinions of the highly-opinionated person expressing the opinion
in the first place. So there!

In the Usenet newsgroup alt.computer.security, in article
<fZWdnQknfrlCl4feRVn-hw@adelphia.com>, Imhotep wrote:

I stay with the Bourne shell - either direct, or BASH, and on rare
occasions the Korn shell.

---------------------
EMACS == Eight Megs And Constantly Swapping
---------------------
"Emacs is a great OS. The only thing it lacks is a decent editor."
---------------------
Computers tend to come with at least 512Mb RAM these days. Half for X,
half for emacs, what's the problem?
---------------------
"Thanks to the joint efforts of OpenOffice, Mozilla, and a few others, Emacs
officially entered the category of lightweight utilities." -- kalifa on /.
---------------------

So, when the computer is sick and barely able to open one eye - what do
you have access to? EMACS? Heck, if you're lucky, you have vi - maybe
only ed - otherwise, it's 'echo', redirection, and filename globbing.
That's why I've stuck with vi over the years.

Old guy

Moe Trin wrote:

Oh man that was funny. I still love Emacs despite it's bloated code!

Imhotep

Jim Watt wrote:

Jim, this thread is about a Hidden Code flaw relating to the Windows
Registry. Keep to the topic...

"Imhotep" <Imhotep@nospam.net> wrote in message
news:V6-dndoYTK-ISIbeRVn-pQ@adelphia.com...

OK, here goes for the very first on-topic post of this thread ;o)

MS are, regrettably (for some), perfectly correct - it's Bad Programming in
things /running/ on Windows.

Easy to duplicate with an INI file - cripple the line length that an editor
will cope with to (say) 255 characters* and then try to edit an INI file
with a longer line lurking in there somewhere.

Volia! You've just duplicated the problem on a different platform.

So, now that we've sorted that out, back to Windows-bashing for everyone..?
)

H1K

*Or simply use an old version. IIRC, the old "short string" type originated
in UNIX. Some people still seem to use it, despite it having been replaced
by full null-terminated support when 32-bit Windows came along.

Hairy One Kenobi wrote:

I believe you meant a different configuration source...

A criticism is bashing??? I guess it depends on which side you side
with....plus, face it, Microsoft just gives too much ammunition.