Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 29 Mar 2005 15:16:37 -0500
From:      Bart Silverstrim <bsilver@chrononomicon.com>
To:        freebsd-questions@freebsd.org
Subject:   Re: Anthony's drive issues.Re: ssh password delay
Message-ID:  <a37ff467011f3f0e5f2f1fc80575226b@chrononomicon.com>
In-Reply-To: <1965951106.20050329180958@wanadoo.fr>
References:  <154613622.20050327112206@wanadoo.fr> <LOBBIFDAGNMAMLGJJCKNAEOLFAAA.tedm@toybox.placo.com> <1666987759.20050328012237@wanadoo.fr> <4247420E.1030307@makeworld.com> <405056772.20050328020101@wanadoo.fr> <b59dd13095fa4194699ba40fde8f2e36@chrononomicon.com> <1965951106.20050329180958@wanadoo.fr>

next in thread | previous in thread | raw e-mail | index | archive | help

On Mar 29, 2005, at 11:09 AM, Anthony Atkielski wrote:

> Bart Silverstrim writes:
>
>> What did they say?
>
> MS developers are much like most other developers: it's never their
> fault.

 From the way you were complaining, I had the impression that MS was 
bending backwards to help in issues while the FreeBSD people were 
immature children.  Is this evidence to the contrary, that MS isn't the 
pinnacle of perfection in dealing with every software issue?

>> Isn't that how many FOSS projects get started...do some task more
>> efficiently and "better"?
>
> FOSS?

http://en.wikipedia.org/wiki/FLOSS
http://www.dwheeler.com/oss_fs_why.html
http://www.dwheeler.com/oss_fs_refs.html

>> Nope, but it sure makes it a lot simpler!  Actually it helps hamper
>> finding bugs that allow it to happen.
>
> It depends on how the code is written, but I'll agree that most bloated
> code is written in great haste, with no attention at all given to the
> many holes that are opened by all those millions of extra lines of
> deadwood.

Especially in projects driven by money and politics in a workplace, and 
with looming deadlines.  You can do the job to get it shoved out the 
door or do the job right.  In the "practical" world, you end up shoving 
it out the door 99% of the time.  In a world where you do it as a hobby 
in spare time, it takes longer, but there's far more leeway to "do it 
right" instead of just shoving it out the door.  It happens, as with 
everything else, that there are exceptions but the primary reason for 
the shoving to happen isn't as great.

>> As has been shown time and time again in Microsoft-sponsored studies
>> comparing Windows to Linux.  After removing the power supply and
>> encasing my system in concrete, it is FAR more secure than I've ever
>> dreamt possible, and that was with it running DOS! :-)
>
> There's nothing unique about Windows.  But more people attack Windows,
> so more holes are found and exploited.  Linux is rapidly catching up.
> And Mac OS X isn't immune, although I suspect that almost all the holes
> being found in OS X are in Apple's code, not the base OS.

A) No OS is immune, because they are
	1) complicated, thus have bugs and
	2) are used by people, so stupid social engineering tricks (see anna 
kournikova nude!) will get idiots to click click on things they 
shouldn't be click clicking on
B) The "More popular thus more exploited" is a crap argument.  Why?  
Ask the three little pigs.  Any twit can build a "shelter" that is 
architecturally poor but cheap, so it falls apart or is broken into 
easily.  Notice how quakes can do a LOT more damage in areas where 
buildings are not built to withstand the tremors, while other places 
like San Francisco, where people spend huge amounts of money in 
research and proper implementation, limit the damage a similar quake 
would inflict?  Windows was "designed" for single user non-network 
desktops.  It was extended to encompass the current network-is-the-rule 
environment.  It's legacy shows.  That "30 year old UNIX" was better 
designed for network sharing and multiple users in scant resources.  It 
has since been extended and modified, but the legacy shows.

The "more popular thus more exploited" just means there are more 
targets available.  Spreading a limited-target virus has BEEN DONE; it 
was targeting a specific vendor's firewall product, and it inflicted a 
noticeable amount of damage on the Internet in the form of bandwidth 
stealing and because of the rapid spread of higher-bandwidth 
connections, the number of targets available isn't quite such a big 
deal.  It only takes a small number to be able to saturate connections 
and inflict damage.  I'd dig out AGAIN the research paper summarizing 
the attack and it's affects, but I'm sure that the intended audience 
wouldn't bother reading it anyway.  Search for it yourself if you're 
such a big boy and everyone else is too immature to know about this 
sort of idea.

If apologists would get their heads out of their butts they'd see that 
it isn't always "There's more Windows, thus easier to exploit!", it's 
"Windows' design is inherently less secure, so it's easier to target!", 
as well as a healthy dose of "the average Windows user is more clueless 
than the average Linux user!" thrown in to boot.  Many of the features 
in the recent "The Road to Windows "Longhorn" 2005" article on Paul 
Thurrott's Supersite for Windows seems oddly to match many of the 
features already available on OS X...Hmm, wonder why...could it be 
because of the security imposed by "UNIX" under OS X that makes that 
kind of model a decent tradeoff of usability and security in the first 
place?  If it wasn't such a pain in the butt for Joe Sixpack to use, 
ideas in EROS would help a helluva lot more on the desktop for 
security.  Security is an inconvenience.  Users want mindless 
interactions.  Somewhere it meets in the middle in order to be usable.



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?a37ff467011f3f0e5f2f1fc80575226b>