Does Microsoft Need a New Source Code for the Future?

I want to start a new topic on this because the Biometrics debate has gotten
too long. I will now post Chris Quirke, MVPs reply to me about my thinking
the 9x (98 Second Edition) should be part of the internal Defense Network of
this source code.

Chris Quirke, MVP says:

I think we have the same ideas, but weigh things differently and
reach different conclusions - you see the 9x code base itself as
being something to be preserved at all costs, where I see the
factors that make the 9x code base safer in certain respects as
something that should inform other code base development.

An interesting point from the article I linked for you, was the
difference between deeply re-architecting an existing code base,
and starting a new code base from scratch. I'd have though such
deep design change to be as disruptive as re-coding from scratch,
but apparently this is not the case. If that's so, then it may be
practical to re-architect the NT code base as a true stand-alone
OS, which keeps networking out of the center as an discardable
subsystem should unexpected risks demand that response.

I put it this way; exposed code surfaces are like points of wear
in a car. You don't merge piston rings into pistons (or brake
shoes into axles) so that when these parts get worn, they are
easy to replace. Same thing with code surfaces; you may have
to suddenly amputate or replace them, so don't embed them in
the core of how the OS works.

For example, an OS should be able to wipe its own butt without
RPC, and/or not expose RPC to network surfaces (especially
the Internet). It shouldn't rely on RPC to do internal things, weld
this into Internet exposure, and then rely on a firewall as a band
aid over this clickless, remotable risk surface.

S
Fri Jul 25 09:23:53 CDT 2008

G'day:

"Dan" <Dan@discussions.microsoft.com> wrote in message
news:9FE39DA9-023E-49AE-9D5A-3D78E30372BA@microsoft.com...

> I think we have the same ideas, but weigh things differently and
> reach different conclusions - you see the 9x code base itself as
> being something to be preserved at all costs, where I see the
> factors that make the 9x code base safer in certain respects as
> something that should inform other code base development.

Windows 3.1/9x code base is now dead. Everything is NT. Not sure about
mobile devices but will not be surprised with XP as the base for Windows
Mobile next version.

> For example, an OS should be able to wipe its own butt without
> RPC, and/or not expose RPC to network surfaces (especially
> the Internet). It shouldn't rely on RPC to do internal things, weld
> this into Internet exposure, and then rely on a firewall as a band
> aid over this clickless, remotable risk surface.

RPC is as good (or bad, depending on your by-default attitude) as any other
IPC. I can disable RPC in Windows and still run software, but I see no
reason to.

--
Svyatoslav Pidgorny, MS MVP - Security, MCSE
-= F1 is the key =-

* http://sl.mvps.org * http://msmvps.com/blogs/sp *

Dan
Fri Jul 25 12:39:19 CDT 2008

Windows 9x may be dead somewhat to Microsoft but it is alive and kicking
everywhere else with Mozilla still supporting it with their web browser as
well as AVG 7.5 supporting it as well. People do not realize how stable it
has become.

Heck, 98 Second Edition for me is more stable than XP Professional. Vista
while it is stable enough for me still suffers somewhat with compatibility
issues. However, Vista is indeed tops with external security. However,
Windows 9x has the internal safety and less surface area to attack because it
does not have the services that XP has and XP likes to throw all the
information back compared to 98 Second Edition which is a lot quieter and
runs really well on older PC's. You talk about a great opportunity for all
those used computers that cannot run XP and why not have them run 98SE
instead of being tossed in the landfill. I am sure there are many people
around the world that would see having a computer as a great luxury.

Thanks for replying though and I appreciate your views and I already know
about the end of life software date of July 11, 2006. BTW, did you know this
fact on the Microsoft 98 Second Edition page:

http://support.microsoft.com/ph/1139

Last Review : February 28, 2008

It sounds like Microsoft does care for 98 Second Edition users like myself
who are looking into ways for the company to expand and explore new avenues
into the future of information technology. Microsoft is really great about
supporting their legacy users and I feel that Microsoft has a much better
track record of caring than say Apple who thinks their products are, oh so
great, that Apple can charge a huge premium for them when Apples are based
upon open source code anyway.

You talk about how ironic that is. Furthermore, Bill Gates and Microsoft
are the bad guys in many people's eyes but that is simply not true because
Microsoft is gladly willing to help its users and Bill Gates is now working
to make the world a better place for people who have limited opportunities
and are starving and sick with Aids and Malaria through his Foundation.

So you see that Windows 9x is not truly dead. The reason being is that it
still has life in it and why do you think Microsoft has not sold the 9x
source code if it is useless. The great thing about 9x is that it is
compatibility with older software and games and uses MS-DOS as a maintenance
operating system compared to Vista.
I am using 98 Second Edition as I post back to you and it never seems to
have any issues anymore as long as you don't use too much ram.

I use 512 megabytes of ram with it and editted the system.ini to recognize
less and have a 256 megabyte ATI video card. Nope, it is Windows XP Service
Pack 3 that is having the issues right now with people having trouble getting
updates for it without the proper patch to register the *.dlls again. In
addition, Windows Vista has great external security but lacks the internal
safety of a 9x operating system.

I use XP Professional in a dual-boot on the same machine on a seperate hard
drive. It is NTFS file system compared to the Fat32 file system of 98 Second
Edition.

The thing is when the APS domain was hacked into last summer (2007), the
hacker(s) got into the XP Professional side of my machine because the
external security of the network was destroyed. However, I was also using
VPN to link with the Intranet of the APS domain and 9x did not get hacked
because it has internal safety of a smaller surface area, no rpc, a true
maintenance operating system of MS-DOS, etc. So you can see how 9x machines
were meant to be stand alone. In this ever increasing digital age, I am
surprised that more home consumers do not rise up and demand another 9x
operating system to be able to be more stand-a-lone and not report in to
their boss and/or the government all of the time. Are people really that
willing to give up their precious freedoms to others and end up having the
equivalent of a network computer that does not have an essence of its own
individuality.

It surprises that so many people do not see this and the coming danger of
willing to have just one easily hackable source code out there. You must
have a comprehensive internal safety and external security solution with
closed and open source technologies available from Microsoft and others to
make the best operating systems out there possible and to help mitigate any
incoming threats that may want to harm the Matrix FrameWork and Subsystems of
the Network.

----------------------------------------------------------------------------------------------

"S. Pidgorny <MVP>" wrote:

> G'day:
>
> "Dan" <Dan@discussions.microsoft.com> wrote in message
> news:9FE39DA9-023E-49AE-9D5A-3D78E30372BA@microsoft.com...
>
> > I think we have the same ideas, but weigh things differently and
> > reach different conclusions - you see the 9x code base itself as
> > being something to be preserved at all costs, where I see the
> > factors that make the 9x code base safer in certain respects as
> > something that should inform other code base development.
>
> Windows 3.1/9x code base is now dead. Everything is NT. Not sure about
> mobile devices but will not be surprised with XP as the base for Windows
> Mobile next version.
>
> > For example, an OS should be able to wipe its own butt without
> > RPC, and/or not expose RPC to network surfaces (especially
> > the Internet). It shouldn't rely on RPC to do internal things, weld
> > this into Internet exposure, and then rely on a firewall as a band
> > aid over this clickless, remotable risk surface.
>
> RPC is as good (or bad, depending on your by-default attitude) as any other
> IPC. I can disable RPC in Windows and still run software, but I see no
> reason to.
>
> --
> Svyatoslav Pidgorny, MS MVP - Security, MCSE
> -= F1 is the key =-
>
> * http://sl.mvps.org * http://msmvps.com/blogs/sp *
>
>
>
>

S
Fri Jul 25 21:07:21 CDT 2008

G'day:

"Dan" <Dan@discussions.microsoft.com> wrote in message
news:55349169-F536-4137-B4A3-

> So you see that Windows 9x is not truly dead. The reason being is that it
> still has life in it and why do you think Microsoft has not sold the 9x
> source code if it is useless.

I didn't say that Windows 9x is dead, or that the code is useless. I said
the codebase is dead - in a sense that there is no active development on the
code base. Why it is not sold, or made open - I don't know, and cannot
speculate.

> The thing is when the APS domain was hacked into last summer (2007), the
> hacker(s) got into the XP Professional side of my machine because the
> external security of the network was destroyed. However, I was also using
> VPN to link with the Intranet of the APS domain and 9x did not get hacked
> because it has internal safety of a smaller surface area, no rpc, a true
> maintenance operating system of MS-DOS, etc.

The reason your internal network wasn't hacked is not that Windows 95
doesn't have RPC. In targeted attacks, platform switch doesn't stop
intruders who usualy collect credentials and go from there.

> So you can see how 9x machines
> were meant to be stand alone. In this ever increasing digital age, I am
> surprised that more home consumers do not rise up and demand another 9x
> operating system to be able to be more stand-a-lone and not report in to
> their boss and/or the government all of the time. Are people really that
> willing to give up their precious freedoms to others and end up having the
> equivalent of a network computer that does not have an essence of its own
> individuality.

Nonsense, Slashdot-style.

--
Svyatoslav Pidgorny, MS MVP - Security, MCSE
-= F1 is the key =-

* http://sl.mvps.org * http://msmvps.com/blogs/sp *

Paul
Fri Jul 25 22:58:03 CDT 2008

On Fri, 25 Jul 2008 10:39:19 -0700, Dan wrote:

> Windows 9x may be dead somewhat to Microsoft but it is alive and kicking
> everywhere else with Mozilla still supporting it with their web browser as
> well as AVG 7.5 supporting it as well. People do not realize how stable it
> has become.

Just because some application vendor's products run on Windows 9x still
does not mean they are supporting it. If a vulnerability is discovered in
the OS, the app vendors are not about to provide a patch for it. Windows 9x
is no more stable now than when it was originally released.
>
> Heck, 98 Second Edition for me is more stable than XP Professional. Vista
> while it is stable enough for me still suffers somewhat with compatibility
> issues. However, Vista is indeed tops with external security. However,
> Windows 9x has the internal safety and less surface area to attack because it
> does not have the services that XP has and XP likes to throw all the
> information back compared to 98 Second Edition which is a lot quieter and
> runs really well on older PC's.

Compared to Vista and XP, Windows 9x has almost no "internal security"
which is a false term in the first place.

> You talk about a great opportunity for all
> those used computers that cannot run XP and why not have them run 98SE
> instead of being tossed in the landfill. I am sure there are many people
> around the world that would see having a computer as a great luxury.


Since the discussion is about security, the above has nothing at all to do
with the topic at hand.

>
> Thanks for replying though and I appreciate your views and I already know
> about the end of life software date of July 11, 2006. BTW, did you know this
> fact on the Microsoft 98 Second Edition page:
>
> http://support.microsoft.com/ph/1139


What "fact" are you referring to? If you're referring to the end of life
date, that is well known and can be found on lots of pages on the Microsoft
web site.

>
> It sounds like Microsoft does care for 98 Second Edition users like myself
> who are looking into ways for the company to expand and explore new avenues
> into the future of information technology. Microsoft is really great about
> supporting their legacy users and I feel that Microsoft has a much better
> track record of caring than say Apple who thinks their products are, oh so
> great, that Apple can charge a huge premium for them when Apples are based
> upon open source code anyway.

This makes no sense at all.

>
> You talk about how ironic that is. Furthermore, Bill Gates and Microsoft
> are the bad guys in many people's eyes but that is simply not true because
> Microsoft is gladly willing to help its users and Bill Gates is now working
> to make the world a better place for people who have limited opportunities
> and are starving and sick with Aids and Malaria through his Foundation.

Again completely irrelevant.

>
> So you see that Windows 9x is not truly dead. The reason being is that it
> still has life in it and why do you think Microsoft has not sold the 9x
> source code if it is useless. The great thing about 9x is that it is
> compatibility with older software and games and uses MS-DOS as a maintenance
> operating system compared to Vista.
> I am using 98 Second Edition as I post back to you and it never seems to
> have any issues anymore as long as you don't use too much ram.

Microsoft has not sold the source code because they don't sell source code.
You can assign all the motives you want to this but the bottom line is that
not selling the source code has nothing at all to do with whether or not
Microsoft thinks it is useless or not. It is Microsoft's intellectual
property and they simply don't sell it. MS DOS 4.0 was a piece of crap and
the source code hasn't been sold. MS BOB was a piece of crap and the source
code hasn't been sold.

>
> I use 512 megabytes of ram with it and editted the system.ini to recognize
> less and have a 256 megabyte ATI video card. Nope, it is Windows XP Service
> Pack 3 that is having the issues right now with people having trouble getting
> updates for it without the proper patch to register the *.dlls again. In
> addition, Windows Vista has great external security but lacks the internal
> safety of a 9x operating system.

Again, you have no idea what you're talking about here. You really need to
expand your horizons beyond your pet MVP. His opinions are not well
regarded in the security community.

>
> I use XP Professional in a dual-boot on the same machine on a seperate hard
> drive. It is NTFS file system compared to the Fat32 file system of 98 Second
> Edition.

So?

>
> The thing is when the APS domain was hacked into last summer (2007), the
> hacker(s) got into the XP Professional side of my machine because the
> external security of the network was destroyed. However, I was also using
> VPN to link with the Intranet of the APS domain and 9x did not get hacked
> because it has internal safety of a smaller surface area, no rpc, a true
> maintenance operating system of MS-DOS, etc. So you can see how 9x machines
> were meant to be stand alone. In this ever increasing digital age, I am
> surprised that more home consumers do not rise up and demand another 9x
> operating system to be able to be more stand-a-lone and not report in to
> their boss and/or the government all of the time. Are people really that
> willing to give up their precious freedoms to others and end up having the
> equivalent of a network computer that does not have an essence of its own
> individuality.
>
> It surprises that so many people do not see this and the coming danger of
> willing to have just one easily hackable source code out there. You must
> have a comprehensive internal safety and external security solution with
> closed and open source technologies available from Microsoft and others to
> make the best operating systems out there possible and to help mitigate any
> incoming threats that may want to harm the Matrix FrameWork and Subsystems of
> the Network.

Wow, you've really drunk the Chris Quirke kool-aid here and you really have
no concept of what security is all about.

--
Paul Adare
MVP - Identity Lifecycle Manager
http://www.identit.ca
If a train station is where the train stops, what is a work station?

PA
Sat Jul 26 14:10:47 CDT 2008

How collegial of you, Paul!

Paul Adare - MVP wrote:
> ...Again, you have no idea what you're talking about here. You really need
> to
> expand your horizons beyond your pet MVP. His opinions are not well
> regarded in the security community.
<snip>

Paul
Sat Jul 26 14:37:35 CDT 2008

On Sat, 26 Jul 2008 15:10:47 -0400, PA Bear [MS MVP] wrote:

> How collegial of you, Paul!
>
> Paul Adare - MVP wrote:
>> ...Again, you have no idea what you're talking about here. You really need
>> to
>> expand your horizons beyond your pet MVP. His opinions are not well
>> regarded in the security community.
> <snip>

The truth is what the truth is. You obviously have nothing at all to add to
the conversation at hand, which coming from you is about par for the
course.

--
Paul Adare
MVP - Identity Lifecycle Manager
http://www.identit.ca
Nice computers don't go down.

PA
Sat Jul 26 15:32:35 CDT 2008

Dan and I have had many fruitful discussions in the past.

Paul Adare - MVP wrote:
> On Sat, 26 Jul 2008 15:10:47 -0400, PA Bear [MS MVP] wrote:
>
>> How collegial of you, Paul!
>>
>> Paul Adare - MVP wrote:
>>> ...Again, you have no idea what you're talking about here. You really
>>> need
>>> to
>>> expand your horizons beyond your pet MVP. His opinions are not well
>>> regarded in the security community.
>> <snip>
>
> The truth is what the truth is. You obviously have nothing at all to add
> to
> the conversation at hand, which coming from you is about par for the
> course.

Paul
Sat Jul 26 17:11:14 CDT 2008

On Sat, 26 Jul 2008 16:32:35 -0400, PA Bear [MS MVP] wrote:

> Dan and I have had many fruitful discussions in the past.

That doesn't surprise me.
Have you got nothing better to do? I'm not going to waste my time with an
off-topic discussion with you, even an on-topic discussion with you
wouldn't be a very productive use of time.

--
Paul Adare
MVP - Identity Lifecycle Manager
http://www.identit.ca
Transistor: A sibling, opposite of transbrother.

PA
Sat Jul 26 19:46:24 CDT 2008

Buh-bye!

Paul Adare - MVP wrote:
> On Sat, 26 Jul 2008 16:32:35 -0400, PA Bear [MS MVP] wrote:
>
>> Dan and I have had many fruitful discussions in the past.
>
> That doesn't surprise me.
> Have you got nothing better to do? I'm not going to waste my time with an
> off-topic discussion with you, even an on-topic discussion with you
> wouldn't be a very productive use of time.

~BD~
Sun Jul 27 00:56:52 CDT 2008

Paul - nipping in with a question!

I notice that you are an MVP

I notice that Robear Dyer is a MS MPV

Does the MS make PA Bear 'special' in some way?

Dave

"Paul Adare - MVP" <pkadare@gmail.com> wrote in message
news:ypc9xklb4sqk$.twvg0n5omxof$.dlg@40tude.net...
> On Sat, 26 Jul 2008 16:32:35 -0400, PA Bear [MS MVP] wrote:
>
>> Dan and I have had many fruitful discussions in the past.
>
> That doesn't surprise me.
> Have you got nothing better to do? I'm not going to waste my time with an
> off-topic discussion with you, even an on-topic discussion with you
> wouldn't be a very productive use of time.
>
> --
> Paul Adare
> MVP - Identity Lifecycle Manager
> http://www.identit.ca
> Transistor: A sibling, opposite of transbrother.
>

Paul
Sun Jul 27 01:53:09 CDT 2008

On Sun, 27 Jul 2008 06:56:52 +0100, ~BD~ wrote:

> I notice that you are an MVP
>
> I notice that Robear Dyer is a MS MPV
>
> Does the MS make PA Bear 'special' in some way?

Not at all. We're both Microsoft Valuable Professionals, just have
different ways of indicating that. Doesn't really make either of us
particularly special at all.

--
Paul Adare
MVP - Identity Lifecycle Manager
http://www.identit.ca
Those who can, do. Those who cannot, teach. Those who cannot teach,
HACK!

Paul
Sun Jul 27 01:59:49 CDT 2008

On Sun, 27 Jul 2008 02:53:09 -0400, Paul Adare - MVP wrote:

> We're both Microsoft Valuable Professionals

Sorry Microsoft Most Valuable Professionals.
--
Paul Adare
MVP - Identity Lifecycle Manager
http://www.identit.ca
Thrashing is just virtual crashing.

~BD~
Sun Jul 27 02:08:19 CDT 2008

Thanks for answering Paul.

My question was rather 'tongue-in-cheek' - I should have added a ;) or <wink> !

Maybe if you peruse this thread you'll have a better understanding!
Re: POSSIBLE HACK...PLEASE, PLEASE HELP! (Nine threads below this one!)

Dave

PS your correction noted .......... 'Most'


"Paul Adare - MVP" <pkadare@gmail.com> wrote in message
news:1o6rdguugf8z9.gp6rzhyuy826$.dlg@40tude.net...
> On Sun, 27 Jul 2008 06:56:52 +0100, ~BD~ wrote:
>
>> I notice that you are an MVP
>>
>> I notice that Robear Dyer is a MS MPV
>>
>> Does the MS make PA Bear 'special' in some way?
>
> Not at all. We're both Microsoft Valuable Professionals, just have
> different ways of indicating that. Doesn't really make either of us
> particularly special at all.
>
> --
> Paul Adare
> MVP - Identity Lifecycle Manager
> http://www.identit.ca
> Those who can, do. Those who cannot, teach. Those who cannot teach,
> HACK!
>

Paul
Sun Jul 27 02:21:50 CDT 2008

On Sun, 27 Jul 2008 08:08:19 +0100, ~BD~ wrote:

> Maybe if you peruse this thread you'll have a better understanding!
> Re: POSSIBLE HACK...PLEASE, PLEASE HELP! (Nine threads below this one!)

I really have no desire to get involved in a discussion about Ahuma or any
other forum. It doesn't belong here. If you and PA have a problem with each
other then you should you take it out of here.

--
Paul Adare
MVP - Identity Lifecycle Manager
http://www.identit.ca
This screen intentionally left blank.

~BD~
Sun Jul 27 02:33:03 CDT 2008

You are right, of course, Paul. (You appreciate that you are PA too!! <grin>)

I had hoped you might have been able to respond to this item in that thread:

"I wonder if you can tell me why it is that if I type www.Aumha.com into my
browser address bar I'm whisked off to this URL - http://downloadprograms.biz/?rid=544620 "

This is a technical question and should have a straight-forward answer.

Dave


"Paul Adare - MVP" <pkadare@gmail.com> wrote in message
news:1ocj7u0qftf6w.18lypu7v0touz$.dlg@40tude.net...
> On Sun, 27 Jul 2008 08:08:19 +0100, ~BD~ wrote:
>
>> Maybe if you peruse this thread you'll have a better understanding!
>> Re: POSSIBLE HACK...PLEASE, PLEASE HELP! (Nine threads below this one!)
>
> I really have no desire to get involved in a discussion about Ahuma or any
> other forum. It doesn't belong here. If you and PA have a problem with each
> other then you should you take it out of here.
>
> --
> Paul Adare
> MVP - Identity Lifecycle Manager
> http://www.identit.ca
> This screen intentionally left blank.
>

Shenan
Sun Jul 27 10:32:09 CDT 2008

<snipped>

~BD~ wrote:
> You are right, of course, Paul. (You appreciate that you are PA
> too!! <grin>)
> I had hoped you might have been able to respond to this item in
> that thread:
> "I wonder if you can tell me why it is that if I type www.Aumha.com
> into my browser address bar I'm whisked off to this URL -
> http://downloadprograms.biz/?rid=544620 "
> This is a technical question and should have a straight-forward
> answer.

Sure - which means you could research it and discover how domain names and
such work pretty easily using Google and other fine internet search
engines - where I am sure you could find a wealth of useful information.

Technical questions - when meant as technical questions - have answers you
can learn the answer to from books/published works - and in the case of a
technical 'Internet' question - searching for the answer on the Internet
would be a fine place to start...

First thing - whois on the web page in question:
http://reports.internic.net/cgi/whois?whois_nic=Aumha.com&type=domain
http://www.networksolutions.com/whois/results.jsp?domain=Aumha.com

Which gives you a link to:
http://search.yahoo.com/search/dir?p=AUMHA.COM

Which has a link to:
http://www.castlecops.com/a5944-F_Secure_Warns_Beware_How_You_Google.html

Which can be used to give you a timeframe for reference (Friday, 29 April
2005) although they have a site listed I know nothing about - makes me think
"typo in the warning message." However - for those who can realize that -
the search continues (unless you want to ask the non-technical question of
why "negster22" on "Friday, 29 April 2005" typed "Ahumha.org" instead of
"Aumha.org" in their posting as a warning to others?)

Knowing that aumha.org is the site you are referring to here (in reference
to you pointing to the following thread - the last (at this time) response
by you asking the question you repeat in partial above):
http://groups.google.com/group/microsoft.public.security/browse_frm/thread/816467d0f856cd80/a95d6909031bbe63?lnk=st&q=#a95d6909031bbe63

I'll get you a whois result for that web page as well:
http://reports.internic.net/cgi/whois?whois_nic=Aumha.org&type=domain
http://www.networksolutions.com/whois/results.jsp?domain=Aumha.org

The answer may or may not be technical. My bet is very much against it
being a technical answer that you would get if anyone cared to answer - and
I fully believe you likely know that and are asking the question as nothing
more than a rub. ;-)

Many people own just the .net, .com or .org representation of a given web
page. Either because they see no point in owning everything, doesn't feel
like paying for all of the different names each year, etc. Personal choice.

If you think of it as a name (which is what it is) - then it is completely
different than any other and if someone makes a mistake with the name - that
is their bad. If I call you Boater Dan - instead of Boater Dave - my bad.

Now you may wish to argue that the site is an important resource and should
have all the possible names someone could accidentally put in associated
with it. However - that's not even realistic in my opinion. After all -
the first link I came up with using your query (AUMHA.COM) had some person
asking about a situation and typing the actual web page address incorrectly
by *one letter* - should everyone purchase all the sites one letter off from
theirs so this mistake means nothing? If I call you Boater Davie - is that
the same person even? All that is different is the second (or last) name -
same as aumha.org vs aumha.com... And by even more letters than the mistake
made on the 3 year old posting I refer to.

Perhaps you are just trying to point out that they should - because of what
the site is supposed to represent - at least own all the domains (last
names, if you will) that someone could use. Not realistic for a place being
ran by an individual doing this because they desire to - not for profit - in
my opinion. Consider the cost of getting all available domains... .com,
.net, .mobi, .org, .us, .us.com, .info, .tv, .cc, .bz, .biz, .co.uk, all
come to mind, and that is just the tip of the iceberg. It could get quite
expensive very quickly to own all those names.

Here's a link to a list of top level domains...
http://data.iana.org/TLD/tlds-alpha-by-domain.txt
Not as well kept up - but another with more information behind each:
http://en.wikipedia.org/wiki/List_of_Internet_top-level_domains

The .org (which the aumha.org site obviously uses) is one of the original
top-level domains. Read more about its original purpose and how that has
been modified over the years here:
http://en.wikipedia.org/wiki/.org

Which can, specifically - lead you to this:
".org is one of the seven original "generic" Top Level Domains. It is
currently the Internet's fifth-largest TLD, with over two million
registrations worldwide. .org was originally intended as a "miscellaneous"
TLD for organizations that weren't commercial entities, educational
institutions, network providers, or governmental agencies. In recent years
registration in .org has become open and unrestricted (it will stay that way
under its new operator.)"

You seem to be essentially asking why the top-level domain being different
takes you to a site you did not expect to be taken to - and from your
postings, one could easily surmise you expected to be take to the one with
the .org top-level domain instead of where ever the .com top-level domain
version takes you.


The technical answer is easy:
Boater Dave and Boater Erik are different people - as denoted by their
different chosen 'surname' (if you will give the leeway that is a first and
last name.) No different here where aumha.org is different than aumha.com -
as denoted by their different top-level domain designation.

If you wish to go deeper and less technical - the owner of aumha.org is not
the owner of aumha.com. The owners of the two different sites have chosen
to point their individual sites to different name servers as well as have
different content. If you wish to specifically answer your question - you
must ask the proper people.

In this case, given your exact question wording and the information above,
specifically...

"I wonder if you can tell me why it is that if I type www.Aumha.com into my
browser address bar I'm whisked off to this URL -
http://downloadprograms.biz/?rid=544620 ?"

along with :

http://www.networksolutions.com/whois/results.jsp?domain=Aumha.com

The answer to your 'technical' query will come from asking
domainadmin@navigationcatalyst.com - if they feel like answering why they
pointed their given web page the way they have. After all - your query is,
per the wording, about the aumha.com address - which they
(navigationcatalyst.com) own and according to the whois - administer (decide
what is done with it.)


Ask yourself if you would ask the same gist of a question while looking
through a telephone directory for a large city: "Why is it when you call
the listing for "Dave Peterson", you get a different person answering the
phone than when you call "Dave McCraw"?" ;-)

--
Shenan Stanley
MS-MVP
--
How To Ask Questions The Smart Way
http://www.catb.org/~esr/faqs/smart-questions.html

~BD~
Sun Jul 27 12:21:54 CDT 2008

Shenan - Thank you for such a comprehensive and thought-provoking answer. I
really do appreciate your guidance!

When I googled ............. I ended up here:
http://www.google.com/search?hl=en&ie=ISO-8859-1&q=aumha.com&btnG=Google+Search

The first result is www.minscape.com If I type that into my address bar,
or follow the link, I get taken to exactly the same place as if I type in
Aumha.com. Hmmmm!

The fourth entry is Naive question about a URL - Malwarebytes Security
Forums posted by me to determine alternate views. You may be interested to
follow up on this.

My only concern is that the bad guys don't win. I believe you feel the same
way.

Dave

"Shenan Stanley" <newshelper@gmail.com> wrote in message
news:OLJQw3$7IHA.3624@TK2MSFTNGP05.phx.gbl...
> <snipped>
<snipped>

Shenan
Sun Jul 27 13:03:05 CDT 2008

~BD~ wrote:
<snipped>
> When I googled ............. I ended up here:
> http://www.google.com/search?hl=en&ie=ISO-8859-1&q=aumha.com&btnG=Google+Search
>
> The first result is www.minscape.com If I type that into my
> address bar, or follow the link, I get taken to exactly the same
> place as if I type in Aumha.com. Hmmmm!
<snipped>

The second link found in your given search (above) is more interesting to
me...
http://www.robtex.com/dns/aumha.com.html
Really lays out more detail.

Another link found shows that people have made this 'typo' for years...
http://forums.cnet.com/5208-7813_102-0.html?forumID=6&threadID=24370&messageID=267140
( 5/31/04 )

Also - this hosts file:
http://hosts-file.net/hphosts-partial.asp
Distributed by the owners of this page:
http://hosts-file.net/

Includes aumha.com in their list (as well as www.aumha.com) and more
information on that is something they *do* give:
http://hosts-file.net/?s=aumha.com
http://hosts-file.net/?s=www.aumha.com

Those sites were added for a specific reason to that HOSTS file...

"GRM - sites engaged in astroturfing otherwise known as grass roots
marketing
For full details on what constitues astroturfing, please see;
http://en.wikipedia.org/w/index.php?title=Astroturfing"

In any case - hopefull you can reason out that the owner of a site has no
obligation to purchase/create every iteration of their site name -
especially when it comes to .org sites in my humble opinion and also when it
comes to top-level domain differentiation. I know many "Dave's" in my life
outside these newsgroups. When I call them up, email them, go out with
them - I'm pretty sure it is not you. ;-)

Another example of a good site people could type in incorrectly and get to
something they were not expecting...
http://www.betanews.com/
http://www.betanews.org/


What does it all mean? People should be more careful. ;-)

--
Shenan Stanley
MS-MVP
--
How To Ask Questions The Smart Way
http://www.catb.org/~esr/faqs/smart-questions.html

~BD~
Sun Jul 27 13:30:23 CDT 2008

How can I answer all that? <wink>

Here is a stab! http://www.weirdity.com/internet/eoti.html

Dave

"Shenan Stanley" <newshelper@gmail.com> wrote in message
news:%23mZVGMB8IHA.3624@TK2MSFTNGP05.phx.gbl...
> ~BD~ wrote:
> <snipped>

PA
Sun Jul 27 18:31:02 CDT 2008

<plonk yet another of BoaterDave's posting aliases>

~BD~ wrote:
> Shenan - Thank you for such a comprehensive and thought-provoking answer.
> I
> really do appreciate your guidance!
>
> When I googled ............. I ended up here:
> http://www.google.com/search?hl=en&ie=ISO-8859-1&q=aumha.com&btnG=Google+Search
>
> The first result is www.minscape.com If I type that into my address bar,
> or follow the link, I get taken to exactly the same place as if I type in
> Aumha.com. Hmmmm!
>
> The fourth entry is Naive question about a URL - Malwarebytes Security
> Forums posted by me to determine alternate views. You may be interested to
> follow up on this.
>
> My only concern is that the bad guys don't win. I believe you feel the
> same
> way.
>
> Dave
>
> "Shenan Stanley" <newshelper@gmail.com> wrote in message
> news:OLJQw3$7IHA.3624@TK2MSFTNGP05.phx.gbl...
>> <snipped>
> <snipped>

Paul
Sun Jul 27 19:01:51 CDT 2008

On Sun, 27 Jul 2008 19:31:02 -0400, PA Bear [MS MVP] wrote:

> <plonk yet another of BoaterDave's posting aliases>

Announcing this accomplishes less than nothing. Apparently you've got
nothing better to do than to announce to BD that it is time for him to
change his From header again. As an "MS" MVP one would assume that you'd be
smarter than that. Apparently not.

--
Paul Adare
MVP - Identity Lifecycle Manager
http://www.identit.ca
If a program is useful, it must be changed.

Paul
Sun Jul 27 19:07:59 CDT 2008

On Sun, 27 Jul 2008 19:31:02 -0400, PA Bear [MS MVP] wrote:

> My only concern is that the bad guys don't win.

Then start educating yourself and try to have at least a rudimentary
knowledge of the who the bad guys are. Redirecting ahuma.com is not a sign
of a bad guy.

--
Paul Adare
MVP - Identity Lifecycle Manager
http://www.identit.ca
Every program is a part of some other program, and rarely fits.

Dan
Tue Jul 29 04:04:01 CDT 2008

Robear is a really good guy and I am disappointed that Microsoft hires MVP's
like you Paul that do not live up to your name in helping the little people.
I guess you are just interested in the big bucks from the cooperations.

"Paul Adare - MVP" wrote:

> On Sat, 26 Jul 2008 16:32:35 -0400, PA Bear [MS MVP] wrote:
>
> > Dan and I have had many fruitful discussions in the past.
>
> That doesn't surprise me.
> Have you got nothing better to do? I'm not going to waste my time with an
> off-topic discussion with you, even an on-topic discussion with you
> wouldn't be a very productive use of time.
>
> --
> Paul Adare
> MVP - Identity Lifecycle Manager
> http://www.identit.ca
> Transistor: A sibling, opposite of transbrother.
>

Dan
Tue Jul 29 04:07:01 CDT 2008

"S. Pidgorny <MVP>" wrote: <response bottom posted>

> G'day:
>
> "Dan" <Dan@discussions.microsoft.com> wrote in message
the base for Windows
> Mobile next version.
>
> > For example, an OS should be able to wipe its own butt without
> > RPC, and/or not expose RPC to network surfaces (especially
> > the Internet). It shouldn't rely on RPC to do internal things, weld
> > this into Internet exposure, and then rely on a firewall as a band
> > aid over this clickless, remotable risk surface.
>
> RPC is as good (or bad, depending on your by-default attitude) as any other
> IPC. I can disable RPC in Windows and still run software, but I see no
> reason to.
>
> --
> Svyatoslav Pidgorny, MS MVP - Security, MCSE
> -= F1 is the key =-
>
> * http://sl.mvps.org * http://msmvps.com/blogs/sp *
>
>

----------------------------------------------------------------------------

Here is Chris Quirke's reply:

At 09:36 26/7/2008, Dan wrote:

>Wow, you and I have really created in uproar in the security community and
>many people are not pleased at all about our opinions. Who would have
>thought that 2 people could upset the security community so much? <grin>

Especially when one of them isn't there ;-)

> From Microsoft.Public.Security Newsgroup
>
>Dan 7/24/2008 6:08 PM PST
>I will now post Chris Quirke, MVPs reply to me


>S. Pidgorny <MVP> 7/25/2008 7:26 AM PST
>
>Windows 3.1/9x code base is now dead. Everything is NT. Not
>sure about mobile devices but will not be surprised with XP as
>the base for Windows Mobile next version.

That's my take, too. I briefly thought of 9x (not 3.x, and yes, they are
different enough to be considered as different OS families) as a small
GUI OS for small devices (e.g. a diskless PDA with 4G flash memory
and 32M working RAM) but while it would fit the "size" and host plenty
of legacy apps, those apps won't match what a PDA is to do, and the
PDA's hardware is likely to be outside 9x's capabilities.

In any case, a core design requirement of 9x - the ability to run apps
written for DOS and Win3.yuk - is no longer relevant, so much of what
constrains how good 9x could be, is redundant and should be discarded.

> > For example, an OS should be able to wipe its own butt without
> > RPC, and/or not expose RPC to network surfaces ... It shouldn't
> > rely on RPC to do internal things, weld this into Internet exposure,
> > and then rely on a firewall as a band aid over this risk surface.
>
>I can disable RPC in Windows and still run software, but I see no
>reason to.

By design, it may be OK, but that design has failed due to code exploits
a couple of times. Not just the Lovesan-era thing (with the "take two"
re-patching of what was considered to have been "fixed" already) but the
Server 2003 era bug that allowed DNS servers to be exploited via RPC.

If I have NO contexts whatsoever, where I need remote systems to call
procedures on my PC, then why should I be forced to provide that "service"?
If the answer is because the internal OS can't do without it, and it can't be
ripped out of the obligatory "network" surface, then that is IMO a sucky
design for a stand-alone OS. I know you can run some things without RPC,
but few articles written at the time of the Lovesan onslaught recommend
disabling the RPC service... it's usually considered "essential".

>Dan 7/25/2008 10:39 AM PST
>
> Windows 9x may be dead somewhat to Microsoft but it is alive and kicking
>everywhere else with Mozilla still supporting it with their web browser as
>well as AVG 7.5 supporting it as well.

Er... AVG 7.5 is replaced with 8.0, and that no longer supports 9x.
There's still Avast as a free av for 9x, as at July 2008.

>Heck, 98 Second Edition for me is more stable than XP Professional. Vista
>while it is stable enough for me still suffers somewhat with compatibility

I haven't had stability issues with XP; as you say, much of the time, all
three are pretty stable. Are these three different systems, or groups of
systems? If groups, are there any commonalities (aside from OS) over
the comparatively-blighted XP group? Right now, I'd consider XP SP3 as
the top of the mature-and-stable pile.

>You talk about a great opportunity for all those used computers that
>cannot run XP and why not have them run 98SE

Old used PCs are a difficult resource to deploy (i.e. set up for others to
own and use) - they are usually heterogeneous in hardware, prone to
hardware failure, and difficult to source reliable and matching parts. If
the target users are, say, a PC maintenance school, it makes sense, so
a winning strategy may be to partner your intended users with such a
mainetance resource, so the community can support itself (and harness
problems as skill-building opportunities).

>Microsoft has not sold the source code because they don't sell source code.
>You can assign all the motives you want to this

One way to sanity-check such things (i.e. whether something is an inescapable
reality or a industry-motivated contrivance) is to watch what happens
in the open
source world. You do get small Linuxen that run on minimal hardware, but
while
the current versions of the main productivity distros may not need
Vista's hardware
specs, they won't be comfy on sub-XP hardware specs.

The cores of these OSs (Linux, BSD, the "new" MacOS) are a very long
evolution,
confirming the value of honing rather than re-inventing code. But
the original design
brief of those code bases was different to 9x; if anything, more like
that of NT, though
from an earlier age (and thus "smaller" hardware).

> > I use 512 megabytes of ram with it and editted the system.ini to recognize
> > less and have a 256 megabyte ATI video card. Nope, it is Windows
> XP Service
> > Pack 3 that is having the issues right now with people having
> trouble getting
> > updates for it without the proper patch to register the *.dlls again. In
> > addition, Windows Vista has great external security but lacks the internal
> > safety of a 9x operating system.
>
>Again, you have no idea what you're talking about here. You really need to
>expand your horizons beyond your pet MVP.

Dan, your terminology differs from mine, and I can't really "get" what you're
referring to, either - e.g. when you refer to "internal security".

I'm also something of an outside to pro-IT group-think, and I'll take this
oppo
to clarify my own (unfamiliar?) terminology.

I refer to safety as underlying security, and sanity as underlying safety.

For example, the purpose of securing a PC so that only Fred can use it,
can be undermined if safety failures mean that what Fred does, is not what
Fred wanted to do (but rather fulfilled the intentions of an attacker).

For example, a safe design that ensures code can't run from a context that
is presented as "viewing a .JPG image", is undermined if defects within the
.JPG-handling code allow insane behavior (i.e. behavior that bears no relation
to what the .JPG-handling code was expected to do).

I'm also entirely unapologetic about my focus on stand-alone and consumer
users, and what I have to say about PC safety is from that perspective. Such
things will probably NOT be applicable to server infrastructure, so if my
ideas
are quoted in inappropriate contexts, I'd expect them to be bounced away.

One such concept is the need for an effective off-HD maintenance OS. In
the pro_IT world, the usefulness of this may be undermined by dangers
from managed users using this to escape central management, so there
may be a risk/benefit decision to avoid such things.

That is exactly the kind of decision I'm talking about, for us who own our
own PCs and have no wish to extend any sort of "remotability" to anything
beyond those PCs. Just as a sysadmin may be happier if his users did
not have the ability to undermine his control, so we would be happy to
have no complex "remote admin" surfaces waved at the 'net.

>Wow, you've really drunk the Chris Quirke kool-aid here

Hmm... that snippage didn't smell like anything from *this* kool-aid
factory ;-)

>and you really have no concept of what security is all about.

Much of what is spoken of as "security" (even in these security circles)
isn't so much about securing X for Y but against Z, but is about safety,
i.e. making sure that unwanted situation S should never arise.

When I first dropped into security newsgroups and elists, I expected to
see 95% networking and domain-centric user admin, and little that was
relevant to my interests. Instead, I found much discussion of the same
malware attacks and safety failures - the problems I see in my terrain.

To me, that means "malware" is far from being a "solved problem",
despite the resources that professionally-managed IT can throw at it.

Paul
Tue Jul 29 04:15:38 CDT 2008

On Tue, 29 Jul 2008 02:04:01 -0700, Dan wrote:

> Robear is a really good guy and I am disappointed that Microsoft hires MVP's
> like you Paul that do not live up to your name in helping the little people.
> I guess you are just interested in the big bucks from the cooperations.

Microsoft does not hire MVPs, they are all, including myself and Robear,
volunteers.
FWIW, I don't help little people, I help people period. I generally learn
as much as I educate in the news groups.
--
Paul Adare
MVP - Identity Lifecycle Manager
http://www.identit.ca
Multitasking = screwing up several things at once.