Date: Thu, 5 Apr 2001 11:24:42 +0100 (BST) From: Jan Grant <Jan.Grant@bristol.ac.uk> To: Ted Mittelstaedt <tedm@toybox.placo.com> Cc: freebsd-questions <freebsd-questions@FreeBSD.ORG> Subject: RE: SSHD Problems... Message-ID: <Pine.GSO.4.31.0104051112080.14755-100000@mail.ilrt.bris.ac.uk> In-Reply-To: <000701c0bd93$f3a6a200$1401a8c0@tedm.placo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 4 Apr 2001, Ted Mittelstaedt wrote: > This is a shame because > the entire UNIX philosophy is one of simplicity is beauty. (or > at least _was_) Nope, it _was_ "keep it simple rather than right" or even "how do we get this thing to run space war?" :-) > [The 'security people'] are already well on the way to > making OpenBSD into a BSD UNIX that is impossible for ordinary > people to use, and FreeBSD is next on the list. You raise an important point, and that is that security (and crypto, even more so) is hard to understand. It's complicated. Unfortunately, it's likely to stay that way too, for quite some time. There is no crypto conspiracy, however. > Lest you laugh, let me point out that besides ssh, kerberos, pam, > login levels and all this security crap that has been developed, > there has been an enormous amount of OTHER non-security UNIX software > that has been developed in the last 5 years. However, things like > apache are still NOT standard items in a FreeBSD install, they are > add-on, because people recognize that they are additional things that > are not needed in all FreeBSD installs. The difference here is that PAM and login levels are part of the base system because they need integration at that level. Kerberos and ssh are system utilities that can be built on top, true. I'm less convinced of the necessity of kerberos (it needs a lot of in-depth understanding to get right, like most sysadmin tasks) but ssh is becoming a requirement. I'd rather have it maintained and built as part of my buildworld cycle, though, than have to look after it myself. > Yet, all the security stuff > _is_ deemed absolutely critical It's becoming so in this day and age. Sysadmin is about understanding your environment and setting up your systems appropriately. If you don't need it, turn it off. > Don't you see a disconnection from reality > here? Uhh, yeah, but probably not the same one that you do. Chill. jan PS. I can't believe I just said "chill". Yech. -- jan grant, ILRT, University of Bristol. http://www.ilrt.bris.ac.uk/ Tel +44(0)117 9287163 Fax +44 (0)117 9287112 RFC822 jan.grant@bris.ac.uk If it's broken really badly - don't fix it either. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.GSO.4.31.0104051112080.14755-100000>