From owner-freebsd-questions@freebsd.org Sun May 17 06:33:52 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id D9DA22C8144 for ; Sun, 17 May 2020 06:33:52 +0000 (UTC) (envelope-from kremels@kreme.com) Received: from mail.covisp.net (mail.covisp.net [65.121.55.42]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 49Psmc0QBhz41dq for ; Sun, 17 May 2020 06:33:51 +0000 (UTC) (envelope-from kremels@kreme.com) From: "@lbutlr" Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Subject: Re: [FreeBSD-Announce] FreeBSD 12.0 end-of-life Date: Sun, 17 May 2020 00:33:50 -0600 References: <20200217231452.717FA1E820@freefall.freebsd.org> <85E7C97E-EF8B-4FC7-8EF1-758B7BCBAE90@kreme.com> <05112EEC-7FA3-4E18-974B-263A58058E01@kicp.uchicago.edu> <332714B8-2798-42CF-A082-9EDA180CC65B@kreme.com> <20200516201923.8676289a.freebsd@edvax.de> <257EF587-92B5-4671-B6F4-89E86CC2ACA0@kreme.com> <20200516215437.4802660c.freebsd@edvax.de> To: FreeBSD In-Reply-To: <20200516215437.4802660c.freebsd@edvax.de> Message-Id: <2161E572-945A-44EC-9E70-35DA3552E8BD@kreme.com> X-Mailer: Apple Mail (2.3608.80.23.2.2) X-Rspamd-Queue-Id: 49Psmc0QBhz41dq X-Spamd-Bar: + Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of kremels@kreme.com designates 65.121.55.42 as permitted sender) smtp.mailfrom=kremels@kreme.com X-Spamd-Result: default: False [1.60 / 15.00]; ARC_NA(0.00)[]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+mx:c]; MISSING_MIME_VERSION(2.00)[]; MIME_GOOD(-0.10)[text/plain]; TO_MATCH_ENVRCPT_ALL(0.00)[]; DMARC_NA(0.00)[kreme.com]; RCPT_COUNT_ONE(0.00)[1]; TO_DN_ALL(0.00)[]; RCVD_COUNT_ZERO(0.00)[0]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:209, ipnet:65.112.0.0/12, country:US]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_IN_DNSWL_LOW(-0.10)[65.121.55.42:from] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 17 May 2020 06:33:52 -0000 On 16 May 2020, at 13:54, Polytropon wrote: > On Sat, 16 May 2020 12:56:25 -0600, @lbutlr wrote: >> Otherwise, old OSes are porous insecure botnets-in-wait with >> dozens or hundreds or thousands of exploits. >=20 > That is true, but is significant only as far as those systems > interact with other things, especially over Internet. If the computer is air-gapped, that is one thing. If the computer is on = a network and that network is air gapped, that is something else. Oof = that computer is on a network and any machines on that network have = access to the Internet, then that old insecure machine should be assumed = to be on the Internet. Just look at the many exploits for non-Internet connected LAN printers. > I just want to provide an example that "younger people" (TM) > might find strange: In mainframe world, you can still compile > and run programs written in a way to read data from a punched > card reader and write data to a chain printer or a tape drive. > There is no need to modify the source in order to run such a > program on a current mainframe with a current OS. To a certain > extent, you even have native binary compatibility. And when you have old tools that allow you to, for example, load = information off a tape, you have an attack vector that probably hasn=E2=80= =99t been secure because it was written before we figured out that = security was important (because people suck) and no one has gone back to = look at how exploitable that code is on a modern system. --=20 What we have here is a failure to communicate.