From owner-freebsd-security Wed Jul 30 16:26:32 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id QAA12269 for security-outgoing; Wed, 30 Jul 1997 16:26:32 -0700 (PDT) Received: from time.cdrom.com (root@time.cdrom.com [204.216.27.226]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id QAA12247 for ; Wed, 30 Jul 1997 16:26:26 -0700 (PDT) Received: from time.cdrom.com (jkh@localhost.cdrom.com [127.0.0.1]) by time.cdrom.com (8.8.6/8.6.9) with ESMTP id QAA15075; Wed, 30 Jul 1997 16:24:58 -0700 (PDT) To: Vincent Poy cc: Nate Williams , Marco Molteni , security@FreeBSD.ORG, "[Mario1-]" Subject: Re: security hole in FreeBSD In-reply-to: Your message of "Wed, 30 Jul 1997 08:28:47 PDT." Date: Wed, 30 Jul 1997 16:24:58 -0700 Message-ID: <15071.870305098@time.cdrom.com> From: "Jordan K. Hubbard" Sender: owner-freebsd-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk > The docs that came with the product. As for books, I don't have > that much time to go through reading books because by the time I finish > reading it, it'll be too late. Heh. Vinnie, that is the most completely and utterly bogus argument I've ever heard. I have the Stevens book on Networking right here, for example, and it's as relevant today as it was the day it was published (and a great book on network programming besides). The same goes for the 4.4 BSD book from McKusick et al. If you want to know about the kernel, it's a fine place to start. Or how about Evi Nemeth'd book on system admin? Even the old editions are still largely relevant, and I'd recommend the book to anyone. This sounds like a pathetic excuse for avoiding your necessary reading and nothing else but. Give it up - now you're just trying to cram the other foot in where the first is already taking up all the space. :-) > You're still forgetting the fact that when you are physically > there next to the router machine, it's a night and day difference in > figuring things out. But when it's like totally remote, then you do need > to verify things first instead of totally screwing it up. Besides, for You first run simulations on your own machine, Vince. If you haven't got a machine for doing this kind of thing then I suggest that you de-volunteer for this position you've taken on because you are NOT QUALIFIED to admin a system under these constraints. Believe it or not, admin'ing for an ISP is is not a kiddy game. Anyway, I think you simply need to listen more, argue less and be willing to do more basic research before reaching for the red phone in the future if you want to be a success at this and not have everybody hating the very sight of your email address to boot. When my martial arts teacher tells me that I'm not standing straight enough or that I'm too tense and am blowing some form I'm doing, I don't sass back and claim that Sifu doesn't know what he's talking about - of course he knows all that waaaaay better than I do and that's why I'm going to his bloody class. Similarly, people like Nate and I know this stuff a hell of a lot better than you do and when we say "Vince, you're fucking up - go read this book" then you should go read it, you shouldn't fire off another diatribe in response about how you don't have time or that the space aliens from the planet Zoobula who live in your sock drawer will be displeased. If you really do see yourself as such a beginner then LISTEN to those who know and stop being so bleeding contentious about everything. When we tell you to do something it's for a reason and we expect you to either do it or simply stop asking questions since you've obviously reached expert status on your own and no longer need our advice. Jordan