Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 03 Dec 2003 14:47:55 +0100
From:      "Roger 'Rocky' Vetterberg" <listsub@401.cx>
To:        Paul Robinson <p.robinson@mmu.ac.uk>
Cc:        freebsd-advocacy@freebsd.org
Subject:   Re: uptime 4.0
Message-ID:  <3FCDE98B.8020701@401.cx>
In-Reply-To: <002b01c3b99e$a1dc3340$6c01a8c0@MITERDOMAIN>
References:  <002b01c3b99e$a1dc3340$6c01a8c0@MITERDOMAIN>

next in thread | previous in thread | raw e-mail | index | archive | help
Paul Robinson wrote:

> Dirk Meyer wrote:
> 
> 
>>Local system status:
>> 1:59AM  up 1212 days, 17:50, 0 users, load averages: 0.00, 0.00, 0.00
> 
> 
> Now, please don't take this the wrong way Dirk, but I need to use you to
> make a point here.
> 
> 1. Uptimes of 1,200 days says wonderful things about FreeBSD.
> 2. Uptimes of 1,200 days says terrible things about the administrators
> of those boxes.
> 
> You were attempting to make point 1, and yes, FreeBSD is very stable and
> that's all very impressive. However, point 2 needs some consideration.
> There are good reasons to be keeping track of -STABLE and even more
> reasons to be keeping track of -RELEASE. You can't have been doing
> either of those for the last 4 years. That, in my opinion, leaves you
> vulnerable in a few ways.
> 
> Of course, the real answer here is to work on a way of allowing for an
> "upgrade" to happen without re-booting the machine, thereby getting
> kerenel patching without losing service or uptime. However, until we get
> to that point, consider patching at least once a quarter to a recent
> -RELEASE or even better, -STABLE cvsup, and go from there.

I have to jump in and defend Dirk here, since I frequently get the 
exact same kind of comments when I tell people about the 900 days 
uptime on some openbsd boxes I admin.
These boxes are pure bridges, sitting in front of other boxes and 
doing simple bridging with some filtering. They have no IP addresses 
on any of the interfaces and they have no services running, not even 
sshd. The only way to access them is via local console, or in some 
cases via serial console.

I have checked the archives, and I cant find a single patch or 
exploit the last 4 years that would help the functionality or 
security of these boxes. Now, does my 900 days uptime still say 
terrible things about me as an administrator?

I do take for granted that the machine Dirk mentioned in the 
original post is unreachable or in some other way impossible to 
penetrate similar to my bridges. If it is not, and is indeed 
reachable from the internet, then I fully agree with Paul and must 
question Dirk's administrator skills. Todays internet is to hostile 
for systems that isnt frequently and regularly patched and maintained.

--
R




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3FCDE98B.8020701>