Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 23 Apr 2002 11:28:44 -0700
From:      Terry Lambert <tlambert2@mindspring.com>
To:        Jochem Kossen <j.kossen@home.nl>
Cc:        frank@exit.com, Greg 'groggy' Lehey <grog@FreeBSD.ORG>, hackers@FreeBSD.ORG
Subject:   Re: Security through obscurity? (and /etc/defaults/rc.conf changes)
Message-ID:  <3CC5A7DC.FD06DC11@mindspring.com>
References:  <200204231454.g3NEsxFR019646@realtime.exit.com> <200204231839.44923.j.kossen@home.nl>

next in thread | previous in thread | raw e-mail | index | archive | help
Jochem Kossen wrote:
> On Tuesday 23 April 2002 16:54, Frank Mayhar wrote:
> > Jochem Kossen wrote:
> > > Because things evolve? :)
> >
> > You say "evolve."  I say "get broken."
> 
> Don't tell me that in 11 years, defaults never change

When the routing code was changed, back in the mid 1990's, X.25
and ISODE were both broken, for lack of maintenance: the changes
were not made globally.

X.25 and ISODE were then removed "due to bit rot".

The entire idea of "bit rot" is really "the code did not keep
``up to date'' with my changes, which broke the code", which
is really a ridiculous position.

It really pissed me off when the AHA-1742 support dropped out
when CAM came in, but that, at least, was understandable, since
it was a trade: something deisrable for something less desirable
to the majority of users.

You really *can not* blame breaking "something that used to work
but which no longer works" on "evolution".


> > It's not obvious when one has been starting X with the same command
> > for years and it has never before changed.  Gee, seems to seriously
> > violate POLA, eh?
> 
> I agree, but i still wonder why people didn't come up with it sooner

Mostly, because most people don't run -current, and because the
X11 distribution is not nearly as modular as it should be, if
this type of change is to be generally permitted.


> > Just don't do it in the first place.  If you must have this, make a
> > _new_ command ("secure-startx," perhaps) and point to it in the
> > release notes.
> 
> This is a very good idea IMHO, although without the patch 'startx
> -nolisten_tcp' works too...Then i'd say rip the patch out completely

That handles this particular case, but dodges the general policy
issue ...which I guess is the point: "Never put off until tomorrow
what you can put off indefinitely"  ;^).


> It is useless to _me_ because i don't use it. Like i said in a previous
> mail, I didn't like the default, so I sent in the patch as a proposal
> to the ports@ mailinglist, and they all seemed to like it too. Nobody
> complained, thus the patch was integrated. Simple.

Not the most likely place for X11 people to see the issue and
become involved in a discussion: X11 is unfortunately not a proper
port in the common case, but is rather a set of distfiles: a tar
archive split into chunks, and managed by "sysinstall".

-- Terry

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3CC5A7DC.FD06DC11>