From owner-freebsd-hackers Tue Apr 23 11:30:11 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from avocet.prod.itd.earthlink.net (avocet.mail.pas.earthlink.net [207.217.120.50]) by hub.freebsd.org (Postfix) with ESMTP id AB48F37B400; Tue, 23 Apr 2002 11:29:44 -0700 (PDT) Received: from pool0547.cvx22-bradley.dialup.earthlink.net ([209.179.200.37] helo=mindspring.com) by avocet.prod.itd.earthlink.net with esmtp (Exim 3.33 #2) id 17052U-0004nn-00; Tue, 23 Apr 2002 11:29:18 -0700 Message-ID: <3CC5A7DC.FD06DC11@mindspring.com> Date: Tue, 23 Apr 2002 11:28:44 -0700 From: Terry Lambert X-Mailer: Mozilla 4.7 [en]C-CCK-MCD {Sony} (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: Jochem Kossen Cc: frank@exit.com, Greg 'groggy' Lehey , hackers@FreeBSD.ORG Subject: Re: Security through obscurity? (and /etc/defaults/rc.conf changes) References: <200204231454.g3NEsxFR019646@realtime.exit.com> <200204231839.44923.j.kossen@home.nl> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Jochem Kossen wrote: > On Tuesday 23 April 2002 16:54, Frank Mayhar wrote: > > Jochem Kossen wrote: > > > Because things evolve? :) > > > > You say "evolve." I say "get broken." > > Don't tell me that in 11 years, defaults never change When the routing code was changed, back in the mid 1990's, X.25 and ISODE were both broken, for lack of maintenance: the changes were not made globally. X.25 and ISODE were then removed "due to bit rot". The entire idea of "bit rot" is really "the code did not keep ``up to date'' with my changes, which broke the code", which is really a ridiculous position. It really pissed me off when the AHA-1742 support dropped out when CAM came in, but that, at least, was understandable, since it was a trade: something deisrable for something less desirable to the majority of users. You really *can not* blame breaking "something that used to work but which no longer works" on "evolution". > > It's not obvious when one has been starting X with the same command > > for years and it has never before changed. Gee, seems to seriously > > violate POLA, eh? > > I agree, but i still wonder why people didn't come up with it sooner Mostly, because most people don't run -current, and because the X11 distribution is not nearly as modular as it should be, if this type of change is to be generally permitted. > > Just don't do it in the first place. If you must have this, make a > > _new_ command ("secure-startx," perhaps) and point to it in the > > release notes. > > This is a very good idea IMHO, although without the patch 'startx > -nolisten_tcp' works too...Then i'd say rip the patch out completely That handles this particular case, but dodges the general policy issue ...which I guess is the point: "Never put off until tomorrow what you can put off indefinitely" ;^). > It is useless to _me_ because i don't use it. Like i said in a previous > mail, I didn't like the default, so I sent in the patch as a proposal > to the ports@ mailinglist, and they all seemed to like it too. Nobody > complained, thus the patch was integrated. Simple. Not the most likely place for X11 people to see the issue and become involved in a discussion: X11 is unfortunately not a proper port in the common case, but is rather a set of distfiles: a tar archive split into chunks, and managed by "sysinstall". -- Terry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message