The Palau Experiment


 
See Top 7 Desktop OSs in Palau from 1 Sept to 7 Oct 2015
It just dawned on me. The extravagant market-share shown for GNU/Linux in Palau is a real “experiment”. With GNU/Linux being part of a botnet that spoofs Palau, we can see the huge boost That Other OS must get with its multiple botnets and high percentage of infected hosts. Indeed, the 80% growth spurt of GNU/Linux in China may actually be due to the botnet which spews gigabits/s in a DDOS. On that other OS, with ~80% share of desktops, the malware may not be as dramatic but millions of bots running That Other OS are unfairly weighting TOOS’ share of page-views. I know StatCounter must filter some of those but clearly, it’s not filtering some GNU/Linux bots.

About Robert Pogson

I am a retired teacher in Canada. I taught in the subject areas where I have worked for almost forty years: maths, physics, chemistry and computers. I love hunting, fishing, picking berries and mushrooms, too.
This entry was posted in technology and tagged , , , , , , , , . Bookmark the permalink.

31 Responses to The Palau Experiment

  1. oiaohm says:

    Deafspy. Little problem. You want me to quote sections of the C89:1990 standard on-line. I am not that stupid ansi DCMAs anywhere that does that. You have to go to library and take it out and read it yourself.

    http://www.crasseux.com/books/ctutorial/void.html
    Variables can be declared void as well as functions:

    void my_variable;
    void *my_pointer;

    The author of the book knew variables could be declared as void just did not know what I know is how to use it. & my_variable is valid to get the location address of my_variable and *my_pointer in K&R in that example. Yes a void variable has it usages.

    A variable that is itself declared void (such as my_variable above) is useless; it cannot be assigned a value, cannot be cast to another type, in fact, cannot be used in any way.
    So this line is a error. Yes you cannot assign it value in K&R but it still has an address value. So is not 100 percent useless.

    DrLoser claimed you could not assign void var; what is bogus in C89:1990 and before. I will give you a horible K&R trick that C89:1990 breaks.

    void var;
    int x;
    if( &var == &x) printf(“hello they are identical in K&R”);
    if( &var != &x) printf(“Hello C89:1990 due to void being int so int x and void var are two different addresses”);
    printf(“anything newer the code does not build because complier rejects”);

    This is a lot clearer than the void followed by void * pointer.

    Sorry a void var is in fact useful in K&R for declaring start and end of memory segments and has a different meaning in C89:1990 then not allowed in C90:1990/C89:1991 and newer.

    The differences in void is one of the reasons why you never say any C standard. C90 or newer is quite safe. C89:1991 or newer is a little hard to remember to say because C89:1990 is stuffed.

    Now if I find a C89:1990 published book that is not protected or disappear and are able to quote it you are completely screwed Deafspy. There comes a point where is safer to back off.

  2. Deaf Spy says:

    Interesting, Fraud. Your own source says:
    A variable that is itself declared void (such as my_variable above) is useless; it cannot be assigned a value, cannot be cast to another type, in fact, cannot be used in any way. (Emphasis mine).

    And you say:
    The reality is using void x; and x=value; is a test for C89;1990.

    Am I the only one who sees the controversy?

    Will you also show me the exact text in the standard you mention which describes how void can be used as a variable type? Not function result, Fifi, not expression result, Fraud. Variable type.

    Further, you still didn’t show me your code. And, it will be interesting – what kind of code is this which uses variables, which cannot be used?

  3. oiaohm says:

    Deaf Spy I showed him the code and I showed him the 1987 reference book quote on the topic.
    http://www.crasseux.com/books/ctutorial/void.html

    The reality is using void x; and x=value; is a test for C89;1990.

    I have shown you the code and I have showing you a book and you still call me fraud. The reality is you are the fraud her DeafSpy so get lost.

  4. Deaf Spy says:

    DrLoser you have proven you did not know C

    Actually, Fraud, he hasn’t. You has. By stating you have used a variable of type void.

    Show us the code, Fraud!

  5. oiaohm says:

    http://www.nsrl.nist.gov/
    Your proof of such a capability, Fifi, will naturally have to include a solution to the No Halting problem.
    LOLOLOLOLOL Sorry DrLoser being a idiot.
    Now … kindly explain how any operating system on Earth, whether present, future, or even imaginary, can “detect that it has happened.”
    I don’t need to be correct. US Homeland Security prescribe system maintenance procedures in fact cover it you super level idiot.

    The problem in my first link is US Homeland Security are having to generate work around tables for Windows. Workaround tables give false positives and negatives.

    The procedure is simple. You cannot 100 percent validate a running system. But systems need to be rebooted and replaced. Theses processes provide a opportunity to a cross compare between systems looking for abnormalities. The fact that an infected computer lists cannot be trusted you cross lists between computers. So computer 1 checksums are used on computer 2 and so on. Why it should match its own signatures as well as a mirror system installed with the same software. In fact the harddrive from debian installed machine can be checked in another machine so all the software of the install is off line when it checked.

    This process is your last line of defense. Yes you front lines are taken you find out they are taken and this gives you the opportunity to retake the ground.

    http://www.theregister.co.uk/2015/10/11/hp_says_get_sitescope_off_windows/

    Issues like this bring the idea that when a problem appears a signature will be revoked under Windows as laughable.

    This story gets more sad. Back in 1997before HP acquired Sitescope in 2006 and before Mercury Interactive acquired it in 2001 when it was still owned by Freshwater Software got complaints from Linux and Unix using companies about running at too high of privilege was raised. Yes the Linux and Unix editions was fixed. Windows editions was not.

    Worse is it not possible to reduce the privilege of Sitescope on Windows and have it work. The privilege allocation system of Windows is too limited.

    Yes the broken edition of HP Sitescope signing keys are going to remain valid on Windows. This is something truly different about Debian the major screwup up with openssl caused a signing key in Debian to be revoked so only updated versions of openssl library would appear to be correctly signed.

    Closed source developers have complained about Linux/Unix world being down right picky. The issue is the Linux/Unix world will audit and will make it known if you fail an audit.

    DrLoser you have proven you did not know C now you proving you don’t know how to audit a computer system in accordance with US HomeLand security rules.

  6. dougman says:

    Hmmm, when one downloads a ISO you always run a hash check. The MD5 calculation gives a checksum (called a hash value), which must equal the MD5 value of a correct ISO. I do know that my NAS uses a parity drive and creates a checksum whenever a file is added or removed.

    To do this on a live running OS is another story. I am aware of inotify, also Tripwire, Samhain, AIDE and utilizing the Linux Audit Framework, but never had a justification of needing or using them.

  7. DrLoser says:

    Your proof of such a capability, Fifi, will naturally have to include a solution to the No Halting problem.

    I’m fairly sure you can concoct some specious links to that effect.

  8. DrLoser says:

    The sad reality is you have to design systems on the presume attackers at times will get access to privilege and modify stuff. Then you need the ability to detect that it has happened.

    I see, Fifi, I see.

    Now … kindly explain how any operating system on Earth, whether present, future, or even imaginary, can “detect that it has happened.”

    Pfui.

  9. oiaohm says:

    the OS has to allow a signed exe to load non-signed dll without warning or nagging. Is this the case?
    kurkosdr that is the case. I don’t need to make an example. Existing one examples is the Amd driver tool installers. From time to time AMD developers have forgotten to sign Dll files. Worse where is the unsigned Dll placed other than the system32 directory what is the globally shared dll directory. Also using rundll32/rundll64 from a lnk file the installer created to run the unsigned dll happens in some of the AMD driver tools installers.

    He still need to manually rundll stuff. How many users know how to do this?
    All the end user has to know to do what I am talking is click on a installer and install it if the program program with fault is above board. Why the scripts in installer set everything up.

    AMD driver tools cases the installer is signed the exes are signed some of the dlls are signed and some are not. You would have found you own examples of this if you had run the signed checking tool and back tracked the unsigned dlls you had found.

    The ability to replace core dll files with fakes is how when malware/virus gets into a system at privileged users then it manages to get access to users who profile directories are encrypted. All it takes is one privilege exploit then you have a guest level user doing a privileged modification to system.

    The sad reality is you have to design systems on the presume attackers at times will get access to privilege and modify stuff. Then you need the ability to detect that it has happened.

    Do you mean that an attacker can take a zip which contains an application consisted of a bunch of signed exe and signed dll files, replace one signed dll file with his own malicious non-signed version, and the OS won’t complain that a signed exe is loading an unsigned dll?
    What is the point of this to malware writers. The dll replacement is how attack on system that gets privilege ends up able to access all user data include users who data was encrypted at time of first compromise.

    Of course this becomes worse kurkosdr. Some application provided automatic update tools under windows. Download there files from server by http and don’t check signing before using their privilage to install stuff. Like you they have blindly presumed Windows will not allow unsigned dll to be used by signed application that is not true. So man in middle attack on one of those update solutions swap a dll that the application installs and no alarm is going to be raised. Rundll32/rundll64 is only what you demo the problem with.

    Debian package provide can be pure http but all downloaded packages are signature checked and due to package updating system. Debian design is the bare min you want. Being signed packages and checksums for every installed file. Any lower than this you have trouble detecting compromise. Windows is far too hard to detect that it has been compromised.

  10. kurkosdr says:

    the OS has to allow a signed exe to load non-signed exe without warning or nagging. Is this the case? = the OS has to allow a signed exe to load non-signed dll without warning or nagging. Is this the case? (sorry for the typo)

  11. kurkosdr says:

    You will find a user set to run only signed code can in fact have rundll32/rundll64 run unsigned dll.

    He still need to manually rundll stuff. How many users know how to do this? If you know how to do this, you know why you shouldn’t, unless the unsigned file is from someone you trust (aka some open source project, because most open source projects don’t care about signing their windows exe files). Sounds like a non-issue.

    Funny enough there are enough ways this does not show. You are forgetting cmd is signed.
    Again, how many users know how to do this? If you know how do do this, you probably know the security ramifications…

    Yes place a replacement dll in the same directory with a copy of a exe on the allowed list hello party.

    I didn’t understand what you said (please learn English). Do you mean that an attacker can take a zip which contains an application consisted of a bunch of signed exe and signed dll files, replace one signed dll file with his own malicious non-signed version, and the OS won’t complain that a signed exe is loading an unsigned dll? If so, that’s a valid penetration strategy:
    1)Take a honest-and-signed application, replace a signed DLL with your own, and put it up your site.
    2) User sees the “verified publisher”, runs the app without fear… wham!

    But again, in order for this to happen, the OS has to allow a signed exe to load non-signed exe without warning or nagging. Is this the case?

  12. oiaohm says:

    You know that this requires a user with access rights and who already has priviledges to run unsigned code and -clue following- requires the user to manually do this?
    kurkosdr check again. You will find a user set to run only signed code can in fact have rundll32/rundll64 run unsigned dll. Why rundll32 and rundll64 are signed. Windows signing is checking the exe not the dll file so rundll32/rundll64 loading a unsigned dll is no alarm while signed only executables is on is the bug. A fairly big opps.

    What I also described is a hole around “run only specified Windows Applications” Yes place a replacement dll in the same directory with a copy of a exe on the allowed list hello party.

    UAC warning when the unsigned exe tries to mess with the program files folder of a signed app.
    Funny enough there are enough ways this does not show. You are forgetting cmd is signed. Only saving grace is if the user does not have permission to alter the application installed directory. Some signed applications screw up there install directory locations permissions so even allowing guest users and unsigned applications to write to them without a UAC warning.

    The problem is how do you find that this has happened on your system.

    Mal-ware replacing application dll files once they are in can be a cause of repeating failure to remove the malware under Windows.

    The problem here is dll signing is optional under Windows.

    kurkosdr there is a little tool SigCheck
    https://technet.microsoft.com/en-us/sysinternals/bb897441
    Run it some time over you copy of Windows. I think you will be surprised by how many unsigned dll files you have. Worse is finding how many of those did not have checksums record in manifest.

    SigCheck is meant to be the windows equal to debsums but when you attempt to use SigCheck you find swiss cheese.

    You should investigate the purpose of any files that are not signed.
    I like this from the SigCheck instructions. Yes you are meant to run a scan for unsigned to make sure your Windows systems are secure. Problem here is tell you unsigned does not tell you if that is what was installed or if it was replaced and telling you its signed also does not tell you if the file is the lasted update.

    Attackers will put old dlls back into systems if they can to open up old security flaws.

    kurkosdr running a dll is different to running a exe they are two different code paths inside Windows. Proper signing checking was only added to 1 of the code paths.

  13. kurkosdr says:

    Running a unsigned library raises no alarm under even under Windows 10. That right you make your program be started by rundll32/rundll64 and now all that magical signing requirement of Windows goes poof.

    You know that this requires a user with access rights and who already has priviledges to run unsigned code and -clue following- requires the user to manually do this? So, you managed to find a really fancy way to run unsigned code for users who already have that right and who want to do it. I dunno, can’t they just click run in the unsigned exe warning dialog and be done with it?

    And yes, an unsigned exe could spawn unsigned rundll processes, but an unsigned exe could spawn as many processes it wants anyway.

    And the dll replacement thing also requires the user to want to try and trash his system by manually copying files around, or run unsigned aps by clicking yes on the warning, and then click yes in the UAC warning when the unsigned exe tries to mess with the program files folder of a signed app.

    So, your penetration scenario relies on the user running unsigned code on frickin purpose, manually. That works on gnu/linux too.

  14. oiaohm says:

    dougman its true Android has a horible patching. Mostly problem between keyboard and chair at manufactures.

    Even with the horible bad update deployment system combined with the large market share of Android you are more likely to find a infected Windows Phone than an Android one.

    Simply Microsoft Desktop security and Windows Phone security is very similar and it is crap.

  15. dougman says:

    MP3 vulnerability, oh you mean the “malicious MP4” issue that could possibly bypass the patch? Which is it doofus??

    First you start out comparing Android to XP, which it is not. Android is light-ears ahead of XP, hell M$ cannot even get a phone OS to gain acceptance.

    Then you assert that Google has a horrible patching strategy. If that is the case, where are the news mentions of all these exploits occurring in the wild? You won’t find any as it is a non-issue being hyped.

    Re: give me a penetration strategy that proves windows is more vulnerable to malware than gnu/linux.

    Sure.

    Create a Word file and edit the macro with VBA script.

    and/or

    Create an executable file and rename it “randomfilename.exe.doc”

    Send said files via email to target.

    FYI: Executables do not work Linux, same with VBA macro files.

    Since we are discussion malware, check this out:

    https://securityintelligence.com/news/why-windows-devices-are-topping-mobile-malware-infection-rates-at-80-percent/

    So, Windows mobile devices account for 80% of malware. LOL…and you’re the one running around all chicken little like about some hyped Android flow.

    Eh.

  16. oiaohm says:

    kurkosdr I told you to perform a particular task.

    Ever used Windows the last decade? No? Well, let me inform you they have a signing thing going on, and the OS fires a warning when you run unsigned code. The antimalware is for fools who ignore the warning.
    Really I have used Windows in the last decade and I have used past the window dressing.

    To be correct not in all cases. Running a unsigned library raises no alarm under even under Windows 10. That right you make your program be started by rundll32/rundll64 and now all that magical signing requirement of Windows goes poof.

    If you look a bit closer on Windows you are running unsigned code.

    This is the sad reality Debian packages are signed but debian executables are normally not signed. So you have people argue signed binaries are more secure. Then you have to remember Debian systems have debsums that are a checksum for every single part installed. So it does not matter if it a Library an executable an script an help file.

    Please checksum all a Windows machine installed binaries.
    kurkosdr please read what I said. Binaries are not just executables. Binaries are anything that is not text. hlp files are binaries.

    Once you attempt to check every binary on a Windows system then you see the signing system of Windows is flawed badly.

    So… this means i am STILL waiting for you folks (Pog and Dougman) to give me a penetration strategy that proves windows is more vulnerable to malware than gnu/linux.
    I am not either of those people given you that. A common Windows penetration method of malware and virus is add unsigned .dll files. Since unsigned dll files on windows is normal you have just slipped straight into a security crack.

    Unsigned executables and libraries are normal on Debian and Android but a dubsums and IMA equal exists on both detecting tampering. Developer signs the package not the executable. System signs the executable that the installation was approved.(yes different method to windows)

    Ok when you sign a executable under Debian how do you do it.
    http://sourceforge.net/p/linux-ima/wiki/Home/
    Its the Integrity Measurement Architecture(IMA) that does it. The difference is the Integrity Measurement Architecture is not shared signing between everyone. The IME executable signature is an extend attribute unique to that system. IME prevents swapping a old binary for a new binary to recreate security flaw.

    This is the problem Windows Signing is major-ally incomplete. Yes signed is good but you also need locally signed using TPM to prevent rollback. IMA validation does not have to be restricted to just executables either.

    Linux in the form of Debian and Android are using more compressive security designs than Windows. So making them harder to attack and not be detected. Now Android issue of not having effective update systems is a major problem.

    Yes just because the design is more compressive does not mean problem cannot exist between keyboard and chair.

  17. kurkosdr says:

    is as inpenetrable = is as inpenetrable as google thinks it is

  18. kurkosdr says:

    So again, it is highly doubtful that this issue is a serious problem you make it out to be.

    There is also the MP3 vulnerability you know….

    Anyway… you say that there won’t be a working exploit for those two vulns in the coming months or 2 years and hence users running vulnerable versions of android are not like XP users, I say there will be and they are.

    The gist of the story is that Google adopted a horrible patching strategy and just hopes nobody will develop successful exploits that will turn Android users running unpatched versions into XP users. In plain english, all it takes is one successful webpage or file preview exploit that works and all those unpatched systems are in big big trouble. Let us pray Android’s ASLR is as inpenetrable, although nothing is really inpenetrable for too long in this industry and hence the need for auto-patching…

    If stagefright vuln or the mp3 vuln don’t give us that exploit, something else will…

    Anyway, back to windows (which actually gets auto-patched by default btw)…

    By the way, signed software for Win-Dohs or any other platform can be “faked”, horrible I know.

    Any malware caught having being signed with keys will result in the revockation of said keys (see Sony’s keys, they were revoked within hours). Considering the fact key leaks happen rarely, it’s a non issue.

    And if you like repositories/stores so much, you can stop downloading apps from sites anyway save for very well known ones. Windows offers many stores (windows store and steam for example).

    So… this means i am STILL waiting for you folks (Pog and Dougman) to give me a penetration strategy that proves windows is more vulnerable to malware than gnu/linux.

  19. dougman says:

    KUKU, please post your video of “you” bruteforcing ASLR in 5-seconds, I think everyone here would be interested to see your prowess.

    According to the project zero team at Google they performed some testing just last month and results were pretty much as expected. “In 4096 exploit attempts they achieved 15 successful callbacks; the shortest time-to-successful-exploit was lucky, at around 30 seconds, and the longest was over an hour. Given that the mediaserver process is throttled to launching once every 5 seconds, and the chance of success is 1/256 per attempt, this gives us a ~4% chance of a successful exploit each minute.”

    So again, it is highly doubtful that this issue is a serious problem you make it out to be.

    Furthermore, you’re asking me if I have used Win-Dohs in the last decade? LMAO…I used to get paid to fix M$ dogsh1t. I am starting to see a pattern with Windows users, the majority of them are angry, angry that they are forced to deal with MS bullsh1t daily. In getting paid to fix computers, I got tired of dealing with it and sold off. Now I set back and enjoy my free time.

    By the way, signed software for Win-Dohs or any other platform can be “faked”, horrible I know.

    http://www.tomsguide.com/us/apple-mac-adware-fake-flash,news-21616.html
    http://www.winbeta.org/news/many-fake-apps-windows-phone-store-cyber-security-company-avast-might-know
    http://www.theregister.co.uk/2015/09/18/d_link_code_signing_key_leak/

    Eh.

  20. kurkosdr says:

    I think KUKU is making much ado about nothing here, as Google states that the over 95 percent of Android devices have a technology called ASLR enabled, which protects users from the issue.

    I think dogbrain doesn’t know the ASLR for Android 32bit is just 8-bits and can be brute forced in 5 seconds, and it’s not a substitute for patching. So, all those Android 32bit running vulnerable versions of android are basically XP users when it comes to exploits from pages or files.

    This is the difference Windows you have anti-virus and anti-malware what are black list methods. Debian on the other hand has white list methods.

    Ever used Windows the last decade? No? Well, let me inform you they have a signing thing going on, and the OS fires a warning when you run unsigned code. The antimalware is for fools who ignore the warning.

  21. dougman says:

    Re: Android & Stagefright

    I think KUKU is making much ado about nothing here, as Google states that the over 95 percent of Android devices have a technology called ASLR enabled, which protects users from the issue.

    So looking at https://developer.android.com/intl/zh-cn/about/dashboards/index.html one finds a paltry 4% of Android devices under vesion 4.0. That’s about 96 percent of all active devices with Google services — that have protection against a buffer overflow attack built in.

  22. oiaohm says:

    kurkosdr Linux malware is normally cross distribution binaries.

    Ok kurkosdr I have a simple task I want you to perform. Please checksum all a Windows machine installed binaries.

    Debian has a little beast debsums. This is the difference Windows you have anti-virus and anti-malware what are black list methods. Debian on the other hand has white list methods.

    –automatic updates enabled–
    Debian year 2000 by default attempted to enabled automatic updates by default and also gave option of trigger update process before first boot that lets users in. So this is only catching up with year 2000 debian.

    What is still missing is the whitelist to allow searching for modifications to system can be performed.

    Basically there is 2 ways to skin a cat.

    1 is make a black list and search for that. 2 make a list of what should be there and if anything is changed repair. Debian design is about doing number 2 over doing number 1.

    http://www.howtogeek.com/135392/htg-explains-why-you-dont-need-an-antivirus-on-linux-and-when-you-do/

    OS security is partly linked to user behavior.
    https://wiki.debian.org/ReproducibleBuilds

    This is the difference. A lot of people say I would never build application from source. Notice what Debian is doing here. Multi parties build a binary then the final produced binary should 100 percent match. If it does not one of your building locations is infected.

    Remember the recent virus break out on OSi caused by infected tools.
    http://www.trendmicro.com.au/vinfo/au/security/news/mobile-safety/malware-laced-xcode-tool-used-to-infect-ios-apps

    People using illegally acquired copies of visual studio and the like can run into this problem.

    Debian repositories has a fairly complete vetting process and that vetting process is getting stronger.

    kurkosdr the big problem I have is how can I vet Windows binaries when I cannot see the source and cannot rebuild and check for identical match?

    Debian is just more vetable than Windows.

  23. kurkosdr says:

    No anti-virus software gets them all and the bad guys make
    Which is why Windows 7, Windows 8.1 and Windows 10 ship with other defensive measures, as the best practice tends to be, and which are clearly outlined in my previous post, and which where conveniently ignored by you.

    ~1K new malwares per day for TOOS and almost nothing for GNU/Linux.
    That’s… the same reason nobody bothers to make malicious apps for Windows Phone or Blackberry OS because they are not as popular as other mobile OSes. Even a clueless person with average intelligence should understand what I just said. Do you understand Pogson?

    Further, TOOS is overly complex and offers many more surfaces to the bad guys.
    And what’s the penetration testing scenario to exploit this alleged attribute Pog?

    (before you say something juvenile like “moar code means more vulnerabilities” let me inform you that Windows 7, 8 and 10 ship with automatic updates enabled)

  24. kurkosdr wrote, “I ask you to explain how an OS like Windows 8.1 and Windows 10, which ship with a user-permissions restrictions tool (aka UAC), firewall, automatic updates turned on by default and an anti-malwar plus anti-virus solution is “more prone to malware” than an OS like Debian.”

    That’s easy. No anti-virus software gets them all and the bad guys make ~1K new malwares per day for TOOS and almost nothing for GNU/Linux. Further, TOOS is overly complex and offers many more surfaces to the bad guys.

    I’ve noticed on TV some ads for TOOS lately. Kids don’t even need to log in, just smile… What could possibly go wrong?

  25. kurkosdr says:

    Dear Pogson,

    I ask you to explain how an OS like Windows 8.1 and Windows 10, which ship with a user-permissions restrictions tool (aka UAC), firewall, automatic updates turned on by default and an anti-malwar plus anti-virus solution is “more prone to malware” than an OS like Debian.

    Please respond with penetration testing scenarios that support your case (which you constantly repeat attempting to make it a truth), not with kiddie responses like “there is more malware in win32/exe format than deb!” (well duh, there is more Android malware than Windows Phone malware too, because popularity)

    Signed,
    kurks

    PS: Also, you still haven’t answered what a user with an Android phone running Android 4.3 or earlier should do to protect himself from stagefright, without having to change the OS or flash buggy third-party ROMs. Ditch the phone they paid several hundred bucks not long ago and get a new one? A user with a phone running a version of Android vulnerable to stagefright can get infected just by visiting a page or opening/previewing a file, no need to download an app. Much like an XP user can.

  26. ram wrote, “I think a more reasonable explanation is there is essentially one computer provider on the island and they choose to provide Linux for security and ease of support.”

    That could be true but then we’d be seeing GNU/Linux getting its fair share, not monopoly. Why would replacing TOOS with GNU/Linux affect MacOS share, for instance? Why would every version of TOOS disappear suddenly? Don’t get me wrong. I like to see GNU/Linux counted but this is the most GNU/Linux-centric place on the planet? More than France, Germany, Spain, Italy, India,… places where governments deliberately promote FLOSS?

  27. ram says:

    I think a more reasonable explanation is there is essentially one computer provider on the island and they choose to provide Linux for security and ease of support. Their customers are the government and the hotels on the island. Palau also has a large US military and contractor presence. They would be far more familiar with “Unix-like” operating systems such as Linux rather than certain consumer grade operating systems.

  28. God, you’re thick, DrLoser. The spoofing is not of StatCounter’s numbers but IP addresses in Palau. You know, a botnet in China tells the server monitored by StatCounter it’s from Palau and affects the count StatCounter makes for Palau. This has nothing to do with M$ except that a Hell of a lot of malware and botnets run on TOOS. We are seeing such an effect in Palau because this botnet happens to run on GNU/Linux so it’s not inflating TOOS’ numbers but GNU/Linux.

  29. DrLoser says:

    You’re missing the point, perhaps deliberately. The spoofing of Palau with its small population shows the magnitude of the botnet can move StatCounter’s numbers.

    What sort of a point is it, when your “point” is dependent upon spoofing the numbers of a community numbering 20,000 or so?

    Only a total lunatic would care, Robert. These things do not scale. In particular, whoever might be “spoofing” the numbers here, I sincerely doubt that they have anything to do with any other sort of market numbers whatsoever.

    If anybody is missing the point here, perhaps deliberately, Robert, it is you.

    What precisely are you trying to prove with this utterly pointless exercise?

  30. DrLoser wrote, “Spoofing any sort of numbers, for any sort of purpose, on an island chain with a population of 20,000 seems to be almost as pointless as…”

    You’re missing the point, perhaps deliberately. The spoofing of Palau with its small population shows the magnitude of the botnet can move StatCounter’s numbers. Well, TOOS is infected all over the world with similar malware. How many page-views come from TOOS machines generated by the malware rather than normal usage? I’d bet a DDOS attack counted as normal page-views by StatCounter could be a significant share of M$’s “popularity” which trolls here extol.

    Let’s do a thought experiment, for the sake of argument. Suppose some site on StatCounter’s list is DDOSed from TOOS botnets. The botnet hammers the site with as many page-views or whatever that they can throw at it. Suppose the “normal” traffic is 100 megabits/s and the botnet supplies 500 megabits/s. If the botnet is running TOOS, TOOS scores 6 times as many page-views as it should. Suppose MacOS gets 5% share of normal usage. Suppose TOOS gets 85% of normal usage. Suppose GNU/Linux gets 10% share of normal usage. 6*85/(6*85+15)*100 results in StatCounter showing TOOS at 97%, way too high, and GNU/Linux at 10/(6*85+15), just 1.9%. Sound familiar?

  31. DrLoser says:

    On the other hand, TOOS has ~80% of desktops, according to your figure. So why would Microsoft need to spoof any numbers at all?
    I’m not quite following your thesis here, Robert. Spoofing any sort of numbers, for any sort of purpose, on an island chain with a population of 20,000 seems to be almost as pointless as trying to fix a broken Chinese tractor with rotten engineering on the tail strut, a spike for a seat, and “Boolean power steering” for something that doesn’t actually run on rails, which to my mind makes “Boolean power steering” pretty much irrelevant, if not actually something that defeats the entire point of the “governor” principle as explained by, I think, James Maxwell.
    Speaking of Governors, have you written a letter to the Governor of Palau? I think you should.
    We live in exciting FLOSS times, and the Governor of Palau should hear from a lucid advocate of FLOSS, whilst that man is sitting on his spike in the middle of a clay loam field that he cannot get out of, what with having Boolean power steering and a broken tail strut.
    You, Robert, you are the man of the moment here!
    How’s the broccoli going?

Leave a Reply