From owner-freebsd-advocacy@FreeBSD.ORG Wed Dec 3 06:03:30 2003 Return-Path: Delivered-To: freebsd-advocacy@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8D63916A4CE for ; Wed, 3 Dec 2003 06:03:30 -0800 (PST) Received: from otter3.centtech.com (moat3.centtech.com [207.200.51.50]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4E97343FDD for ; Wed, 3 Dec 2003 06:03:29 -0800 (PST) (envelope-from anderson@centtech.com) Received: from centtech.com (neutrino.centtech.com [10.177.171.220]) by otter3.centtech.com (8.12.3/8.12.3) with ESMTP id hB3E3S6T032006 for ; Wed, 3 Dec 2003 08:03:28 -0600 (CST) (envelope-from anderson@centtech.com) Message-ID: <3FCDED20.8050508@centtech.com> Date: Wed, 03 Dec 2003 08:03:12 -0600 From: Eric Anderson User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-advocacy@freebsd.org References: <002b01c3b99e$a1dc3340$6c01a8c0@MITERDOMAIN> <3FCDE98B.8020701@401.cx> In-Reply-To: <3FCDE98B.8020701@401.cx> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: uptime 4.0 X-BeenThere: freebsd-advocacy@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: FreeBSD Evangelism List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Dec 2003 14:03:30 -0000 Roger 'Rocky' Vetterberg wrote: > Todays internet is to hostile for systems that isnt frequently and > regularly patched and maintained. Just curious, but, has anyone ever heard of a firewall? I typically don't let my machines be accessed from the internet, and I don't run services on an box that isn't needed. I'm just saying that there are levels of security - any machine touching the net (we all agree here) should have the latest patches and updates, without a doubt. What about a box that is internal, that doesn't allow local user logins, and/or runs a minimal amount of services (say, httpd and sshd)? Of course, those tools should be patched, and why not do the others too - but no reboot is needed for a lot of patches. I just think that "large uptime = bad admin" is a pretty shallow and close minded way to stereotype people based on how long a machine has been powered on without a reboot. Nobody said "1200 days without a security patch! woohoo!".. Anyway, this thread should probably move to -chat.. Eric -- ------------------------------------------------------------------ Eric Anderson Systems Administrator Centaur Technology All generalizations are false, including this one. ------------------------------------------------------------------