On Thu, 2012-05-10 at 06:29 -0400, Paul Ammann wrote:
> I read your post and thought I add my 2 cents: When did insecure
> operating systems become an international standard?

I don't think I brought up any standards.

> Good security design takes time, and necessarily means limiting
> functionality. Good security testing takes even more time, especially if
> the product is any good. This means the less-secure product will be
> cheaper, sooner to market, and have more features. In the case of *BSD,
> the last two points apply.

Did you type all of this expecting me not to agree or something? Come on
man, give me some credit. I do think you're trying to put a
generalization on this though where it doesn't always belong; You have
to remember that even though not many people CAN do this, you DO have
the option to basically start out by taking FreeBSD, for example,
download it, install it, then, using Source Code, change and modify it
to almost nothing but a Kernel, and I know you can basically Hack a Web
Server of some type into that, and then, set it to deny all non basic
web traffic.

I really would love to remember what this process is called, because I
was talking about it not to long ago to someone who'd never heard of it,
and I only read about it once, then basically asked a very good trusted
friend who works for the govt about it and he knew exactly what it was. 

What you end up with, at the end of all this, is something that
basically won't need down time ever. The article I read, said a lot of
porn sites were now paying for this to be done because they were
targeted by crackers a lot, and with this, they can't really get in,
because the traffic rules, added to a TOTALLY stripped down system,
leaves little to exploit. 

I mean really, when there is only one service running, and there's no
Processes running and no Daemons to try to connect to other than HTTP,
and even then, if the traffic isn't "normal" you can't connect, and it
drops ALL other, it's pretty close to about as solid as it can get. The
one I read stated that you remove everything you don't need to BOOT, and
run the Web Server itself, and everything else is gone. The Web Server,
is put in the Kernel to get rid of other needs.

> If we look at the late 1980s and early 1990s, there were more than a
> hundred competing firewall products. The few that "won" weren't the most
> secure firewalls; they were the ones that were easy to set up, easy to
> use, and didn't annoy users too much. Because buyers couldn't base their
> buying decision on the relative security merits, they based them on
> these other criteria. The IDS market evolved the same way, and before
> that the antivirus market. The few products that succeeded weren't the
> most secure, because buyers couln't tell the difference. 

That happens in every industry really. I mean, The Dead Kennedys, had it
right; Give me Convenience, or give me death.

> I think people don't understand the economic liability. When you
> purchase an insecure operating system, who is most concerned about
> economic liability. Hint: it's not the company making the software.
> Consumers and companies spend additional money in antivirus software,
> firewalls, maybe an IDS, etc. This has been going on for so long, people
> don't seem to know any better. It's become a standard.

Yea but you have to admit; Unlike stupid or ignorant drivers who may
harm someone, this one only creates jobs lol.

> Unfortunately software industry isn't like the any other industry. You
> don't see Microsoft or Apple doing a product recall, because of safety
> issues in their product. Instead, they release duct tape, er, patches to
> limit liability for their negligence or to limit damage to publicity.

Wow... I swear I typed the reply to the part above this before I even
saw this part, damn we ARE on the same page.

> If you want to promote or educate people, as Michael Lucas says: *BSD
> needs books. If you wander into any bookstore, brick or virtual, you'll
> see books on Linux, Solaris, Macintosh, and even non-Unix-like operating
> systems. The BSD books are far between. We as a community need to
> address this if we're to expand our reach. 

I usually buy mine from the FreeBSD Mall, but I have bought locally as
well, which, it's nice when I can, but it IS rare as you stated; The
Barnes and Noble here, DOES stock BSD books sometimes, and I buy them,
as well as ask them to order more, but they can't always stock a product
that only a handful of people are going to buy. But I keep asking anyway
since we alone have spent thousands there in a year, so they tend to at
least see we spend a lot, and will usually start bugging people to order
them.

It's one of the small ways we can keep BSD books on Shelves.

_______________________________________________
freebsd-advocacy@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-advocacy
To unsubscribe, send any mail to "freebsd-advocacy-unsubscr...@freebsd.org"

Reply via email to