From owner-freebsd-questions@FreeBSD.ORG Tue Mar 29 20:16:38 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CC76E16A4CE for ; Tue, 29 Mar 2005 20:16:38 +0000 (GMT) Received: from trans-warp.net (hyperion.trans-warp.net [216.37.208.37]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0F96743D1F for ; Tue, 29 Mar 2005 20:16:38 +0000 (GMT) (envelope-from bsilver@chrononomicon.com) Received: from [127.0.0.1] (unverified [65.193.73.208]) by trans-warp.net (SurgeMail 2.2g3) with ESMTP id 1657550 for ; Tue, 29 Mar 2005 15:16:40 -0500 Mime-Version: 1.0 (Apple Message framework v619.2) In-Reply-To: <1965951106.20050329180958@wanadoo.fr> References: <154613622.20050327112206@wanadoo.fr> <1666987759.20050328012237@wanadoo.fr> <4247420E.1030307@makeworld.com> <405056772.20050328020101@wanadoo.fr> <1965951106.20050329180958@wanadoo.fr> Content-Type: text/plain; charset=US-ASCII; format=flowed Message-Id: Content-Transfer-Encoding: 7bit From: Bart Silverstrim Date: Tue, 29 Mar 2005 15:16:37 -0500 To: freebsd-questions@freebsd.org X-Mailer: Apple Mail (2.619.2) X-Server: High Performance Mail Server - http://surgemail.com X-Authenticated-User: bsilver@chrononomicon.com X-DNS-Paranoid: DNS ptr lookup of (65.193.73.208) failed Subject: Re: Anthony's drive issues.Re: ssh password delay X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Mar 2005 20:16:38 -0000 On Mar 29, 2005, at 11:09 AM, Anthony Atkielski wrote: > Bart Silverstrim writes: > >> What did they say? > > MS developers are much like most other developers: it's never their > fault. From the way you were complaining, I had the impression that MS was bending backwards to help in issues while the FreeBSD people were immature children. Is this evidence to the contrary, that MS isn't the pinnacle of perfection in dealing with every software issue? >> Isn't that how many FOSS projects get started...do some task more >> efficiently and "better"? > > FOSS? http://en.wikipedia.org/wiki/FLOSS http://www.dwheeler.com/oss_fs_why.html http://www.dwheeler.com/oss_fs_refs.html >> Nope, but it sure makes it a lot simpler! Actually it helps hamper >> finding bugs that allow it to happen. > > It depends on how the code is written, but I'll agree that most bloated > code is written in great haste, with no attention at all given to the > many holes that are opened by all those millions of extra lines of > deadwood. Especially in projects driven by money and politics in a workplace, and with looming deadlines. You can do the job to get it shoved out the door or do the job right. In the "practical" world, you end up shoving it out the door 99% of the time. In a world where you do it as a hobby in spare time, it takes longer, but there's far more leeway to "do it right" instead of just shoving it out the door. It happens, as with everything else, that there are exceptions but the primary reason for the shoving to happen isn't as great. >> As has been shown time and time again in Microsoft-sponsored studies >> comparing Windows to Linux. After removing the power supply and >> encasing my system in concrete, it is FAR more secure than I've ever >> dreamt possible, and that was with it running DOS! :-) > > There's nothing unique about Windows. But more people attack Windows, > so more holes are found and exploited. Linux is rapidly catching up. > And Mac OS X isn't immune, although I suspect that almost all the holes > being found in OS X are in Apple's code, not the base OS. A) No OS is immune, because they are 1) complicated, thus have bugs and 2) are used by people, so stupid social engineering tricks (see anna kournikova nude!) will get idiots to click click on things they shouldn't be click clicking on B) The "More popular thus more exploited" is a crap argument. Why? Ask the three little pigs. Any twit can build a "shelter" that is architecturally poor but cheap, so it falls apart or is broken into easily. Notice how quakes can do a LOT more damage in areas where buildings are not built to withstand the tremors, while other places like San Francisco, where people spend huge amounts of money in research and proper implementation, limit the damage a similar quake would inflict? Windows was "designed" for single user non-network desktops. It was extended to encompass the current network-is-the-rule environment. It's legacy shows. That "30 year old UNIX" was better designed for network sharing and multiple users in scant resources. It has since been extended and modified, but the legacy shows. The "more popular thus more exploited" just means there are more targets available. Spreading a limited-target virus has BEEN DONE; it was targeting a specific vendor's firewall product, and it inflicted a noticeable amount of damage on the Internet in the form of bandwidth stealing and because of the rapid spread of higher-bandwidth connections, the number of targets available isn't quite such a big deal. It only takes a small number to be able to saturate connections and inflict damage. I'd dig out AGAIN the research paper summarizing the attack and it's affects, but I'm sure that the intended audience wouldn't bother reading it anyway. Search for it yourself if you're such a big boy and everyone else is too immature to know about this sort of idea. If apologists would get their heads out of their butts they'd see that it isn't always "There's more Windows, thus easier to exploit!", it's "Windows' design is inherently less secure, so it's easier to target!", as well as a healthy dose of "the average Windows user is more clueless than the average Linux user!" thrown in to boot. Many of the features in the recent "The Road to Windows "Longhorn" 2005" article on Paul Thurrott's Supersite for Windows seems oddly to match many of the features already available on OS X...Hmm, wonder why...could it be because of the security imposed by "UNIX" under OS X that makes that kind of model a decent tradeoff of usability and security in the first place? If it wasn't such a pain in the butt for Joe Sixpack to use, ideas in EROS would help a helluva lot more on the desktop for security. Security is an inconvenience. Users want mindless interactions. Somewhere it meets in the middle in order to be usable.