Interesting that Cisco has yet to implement SSH2. Their speed on fixing
bugs for the CallManager line is less than impressive (the Unity guys rock).
I really dislike selling broken products. And I *like* Cisco for the most
part (especially if you compare them to others). Just some thoughts.
Don't even get me started on a recent 1750 install that blew up today. All
20 routers are from a defective lot and work fine with data, but screech
horribly when you use FXS modules. Cisco TAC was going to replace
everything and drop-ship them to each site with all the right parts
installed, but the RMA team blocked it and is forcing us to go back to our
vendor (TechData), but the voice part of this install didn't take place
until 6 mos. later (customer didn't have the PBX equipment ready and didn't
care, just wanted data up), so we can't return it. Gotta love it, but at
this point I'm out of the loop until they get it straightened out.
Ok, I'll stop ranting now. I'm fighting an evil NT4 install so I can work
on CSPM. Yet another product that needs to be updated ;-p
--
Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+
List email: [EMAIL PROTECTED]
Homepage: http://jason.artoo.net/
""Carroll Kong"" wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> At 11:09 PM 5/7/01 -0400, Jason Roysdon wrote:
> >Of course if the source is open, it has more eyes looking at it (than say
M$
> >software which seems to be having a new security announcement every week
> >right now).
> >
> >--
> >Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+
> >List email: [EMAIL PROTECTED]
> >Homepage: http://jason.artoo.net/
> >
> >
> >
> >""Allen May"" wrote in message
> >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > > Being a Libra I have to agree & disagree about open source. Open
source
> > > also allows the good hackers to find exploits much more easily by
reverse
> > > engineering the whole process. Open source is very cool for
application
> > > design but gives too much information to those with more destructive
> > > tendencies.
> > >
> > > Just my re-contribution of 2 cents out of my stockpile I collected ;)
>
> Before we get into holy wars about this, open source is not always the
> ultimate end all solution. There is good and bad software out there, and
> they can be either open or closed source.
>
> The idea that a million eyes watching it sounds great in theory, but whose
> eyes are watching? Are a million monkeys going to be able to setup a
> network properly? Or would you trust a small team of CCIEs? Also, most
> people do not audit the code, or they fail to do so properly. So, that
> million might be cut down a few orders of magnitude.
>
> People sometimes work better when they are being paid and are somewhat
held
> liable for their work. With open source, it is really a "hey, if it
messes
> things up, sorry". Closed source is not liable either (they are to a
> certain degree though), however, there is less expectation from an open
> source product as a closed source. Cisco does not turn around and say
> "Hey, I will fix that bug a bit later on, I got other things to do." But
> the open source guy can. (Ok, sometimes the commercial guys do say
that...
> hehe, and you can get commercial support on open source software, but I
> think you guys get the idea).
>
> This is not to say all open source is bad, there is some excellent open
> source products out there which I would pick over commercial solutions. I
> just thing we really should not devolve the entire discussion to open vs
> closed. I do not think that is the case.
>
> On the side, when there was a vulnerability in ssh, for some odd reason,
> the simple buffer overflow was ALREADY Fixed in ALL commercial
> implementations, the only one vulnerable was OpenSSH 2.2.0 and previous
> friends or so. Sure the "many eyes" found it, but quite a bit late on a
> bit of code which should have been fixed eons ago. Not to say that I
would
> not use OpenSSH, I think it is great stuff. Just that, sometimes the
> commercial implementations are better for some products and part of it is
> the fact that they are getting paid and they have a public image to
maintain.
>
> Please note I said sometimes. If anything I am more so an open source fan
> than most would think. I am really more towards the right solution for
the
> right job be it open or closed.
>
>
>
>
> -Carroll Kong
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=3552&t=3362
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
