From owner-freebsd-questions@FreeBSD.ORG Fri Feb 17 18:09:57 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 632DF16A420 for ; Fri, 17 Feb 2006 18:09:57 +0000 (GMT) (envelope-from scrappy@hub.org) Received: from hub.org (hub.org [200.46.204.220]) by mx1.FreeBSD.org (Postfix) with ESMTP id E2D6A43D48 for ; Fri, 17 Feb 2006 18:09:56 +0000 (GMT) (envelope-from scrappy@hub.org) Received: from localhost (unknown [200.46.204.144]) by hub.org (Postfix) with ESMTP id 20B7562C900; Fri, 17 Feb 2006 14:09:56 -0400 (AST) Received: from hub.org ([200.46.204.220]) by localhost (av.hub.org [200.46.204.144]) (amavisd-new, port 10024) with ESMTP id 87547-07; Fri, 17 Feb 2006 14:09:55 -0400 (AST) Received: from ganymede.hub.org (blk-222-82-85.eastlink.ca [24.222.82.85]) by hub.org (Postfix) with ESMTP id 95F1262C883; Fri, 17 Feb 2006 14:09:55 -0400 (AST) Received: by ganymede.hub.org (Postfix, from userid 1000) id 4D333399B5; Fri, 17 Feb 2006 14:09:55 -0400 (AST) Received: from localhost (localhost [127.0.0.1]) by ganymede.hub.org (Postfix) with ESMTP id 19388394D1; Fri, 17 Feb 2006 14:09:55 -0400 (AST) Date: Fri, 17 Feb 2006 14:09:54 -0400 (AST) From: "Marc G. Fournier" To: lars In-Reply-To: <43F5F149.1040001@gmx.at> Message-ID: <20060217140638.B60635@ganymede.hub.org> References: <20060216005036.L60635@ganymede.hub.org> <20060216053725.GB15586@parts-unknown.org> <20060216085304.GA52806@storage.mine.nu> <43F4CAA3.1020501@schultznet.ca> <43F4F43D.2090304@gmx.at> <20060216194336.L60635@ganymede.hub.org> <43F5F149.1040001@gmx.at> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-Virus-Scanned: by amavisd-new at hub.org Cc: freebsd-questions@freebsd.org Subject: Re: [Total OT] Trying to improve some numbers ... X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Feb 2006 18:09:57 -0000 On Fri, 17 Feb 2006, lars wrote: > Marc G. Fournier wrote: >> On Thu, 16 Feb 2006, lars wrote: >> >>> If your machine only runs an NFS daemon and is behind a firewall, >>> ok, you don't need to patch it asap when an NFS SA and patch is issued, if >>> all clients connecting to the machine are benign. >> >> Actually, there are alot of situations where this sort of thing is possible >> ... hell, I could probably get away with running a FreeBSD 3.3 server since >> day one, that has all ports closed except for sshd, imap/pop3/smtp, and be >> 100% secury ... sshd can be easily upgraded without a reboot, with the same >> applying to imap/pop3/smtp if I use a port instead of what comes with the >> OS itself ... >> >> You can say you are losing out on 'stability fixes', else the server itself >> wouldn't stay up that long ... so about the only thing you lose would be >> performance related improvements and/or stuff like memory leakage ... >> >> And I could do this all *without* any firewalls protecting it ... > Even if you managed to maintain an old version of a particular OS's > uptime for so long, what did you prove? Wasn't arguing that I "proved" anything, only that a long uptime could be achieved *without* any security implications :) > IMHO 'uptime' as a 'feature' is overrated, not to say obsolete. Agreed 100% ... Availability is the useful metric, not how long a stretch of time the OS can remain running ... not necessarily worded the best way, but our uptime policy (http://www.hub.org/uptime_policy.php) was such that we tried to upgrade our servers once every 30 days or so ... not always possible, and lately less so, but it was our aim ... ---- Marc G. Fournier Hub.Org Networking Services (http://www.hub.org) Email: scrappy@hub.org Yahoo!: yscrappy ICQ: 7615664