From owner-freebsd-questions@FreeBSD.ORG Thu Dec 10 17:53:22 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D890F1065670 for ; Thu, 10 Dec 2009 17:53:22 +0000 (UTC) (envelope-from sisson.j@gmail.com) Received: from mail-fx0-f209.google.com (mail-fx0-f209.google.com [209.85.220.209]) by mx1.freebsd.org (Postfix) with ESMTP id 638F18FC1F for ; Thu, 10 Dec 2009 17:53:21 +0000 (UTC) Received: by fxm2 with SMTP id 2so123625fxm.13 for ; Thu, 10 Dec 2009 09:53:20 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:content-type; bh=rFN+Bq8mk/YLklPUtJAWZ+Lw/8G3u0VS3/Ei6H9g/hE=; b=BWhrkT415VWADZGISkjbGHSDKbYhAINlp9sgliMJO1BSKN1xHrcWNbyrYJfMMxk9vf kKT7itSdq6IqT23uVGKCJaRUjbYcEeYdj286QQZlHM3sw4ljVOwhTHC151e/ySC8Cm58 ps8m74EKUrI3ZDEeLewD54Iji/aH5geDhwGhg= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; b=grGYXnVh4m5VAbJ/bG9y24B0u4UmeJ44mmu7X4TTWcFqx/Owgnsj5pTjnfl1lgR0Be flRFF29UjVWoopLHxGQcn/s/WhIQfP4PYzgLHLl827candIfegRsU9co6BMedBYD5Ofh 25vosIG5UzVkgqGpMqfTUyzpzLMK/1t3dJP/c= MIME-Version: 1.0 Received: by 10.239.183.17 with SMTP id s17mr18021hbg.172.1260467599743; Thu, 10 Dec 2009 09:53:19 -0800 (PST) In-Reply-To: <20091210162150.GA1135@mech-cluster241.men.bris.ac.uk> References: <20091210144141.GB834@mech-cluster241.men.bris.ac.uk> <20091210095122.a164bf95.wmoran@potentialtech.com> <20091210162150.GA1135@mech-cluster241.men.bris.ac.uk> Date: Thu, 10 Dec 2009 11:53:19 -0600 Message-ID: <4297a9020912100953w4da66c89w2af37b9872c271aa@mail.gmail.com> From: J Sisson To: Anton Shterenlikht , freebsd-questions@freebsd.org, freebsd-current@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: Subject: Re: Root exploit for FreeBSD X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Dec 2009 17:53:22 -0000 On Thu, Dec 10, 2009 at 10:21 AM, Anton Shterenlikht wrote: > Perhaps I should start putting together > some statistics to make my case more forcefully. > I fought the same battle at the Univ. I attended (as a student). They were an M$ shop as well and had issues with me running OpenBSD. I stuck to it and finally got a "straight" answer from the Dean of CS: "I don't know anything about OpenBSD...please just use Windows and be like everyone else!". Odd, I thought that one role of higher education is to teach critical thinking, which by definition means disagreements will (and should!) occur. Apparently I was wrong. I later took a independent study at the same Univ. I wanted to compare security records for various OS's (FreeBSD and OpenBSD being listed in there). This was rejected in favor of me doing security research for Windows...so I wrote a program to demonstrate why Admins shouldn't blindly trust even system code (Windows Server 2003...stuff like netstat and task manager) and demonstrated that to the graduate level network security class (I was an undergrad at the time). I completely gave up when the grad students followed suit with the dean and tried arguing with me that my code was "hacked together specifically to exhibit the behavior I was trying to demonstrate"...as if it wasn't *real* and it couldn't be used to a malicious user's advantage. I guess it doesn't exist in the security world (according to the previously mentioned grad students) if it's not "mainstream thinking"...I feel sorry for the companies that depend on those idiots for security. If they've bought into M$ FUD, no amount of statistics/code/demonstrations will help. I'd skip the statistics in favor of putting together a resume.