On Thu, 2012-05-10 at 06:29 -0400, Paul Ammann wrote: > I read your post and thought I add my 2 cents: When did insecure > operating systems become an international standard?
I don't think I brought up any standards. > Good security design takes time, and necessarily means limiting > functionality. Good security testing takes even more time, especially if > the product is any good. This means the less-secure product will be > cheaper, sooner to market, and have more features. In the case of *BSD, > the last two points apply. Did you type all of this expecting me not to agree or something? Come on man, give me some credit. I do think you're trying to put a generalization on this though where it doesn't always belong; You have to remember that even though not many people CAN do this, you DO have the option to basically start out by taking FreeBSD, for example, download it, install it, then, using Source Code, change and modify it to almost nothing but a Kernel, and I know you can basically Hack a Web Server of some type into that, and then, set it to deny all non basic web traffic. I really would love to remember what this process is called, because I was talking about it not to long ago to someone who'd never heard of it, and I only read about it once, then basically asked a very good trusted friend who works for the govt about it and he knew exactly what it was. What you end up with, at the end of all this, is something that basically won't need down time ever. The article I read, said a lot of porn sites were now paying for this to be done because they were targeted by crackers a lot, and with this, they can't really get in, because the traffic rules, added to a TOTALLY stripped down system, leaves little to exploit. I mean really, when there is only one service running, and there's no Processes running and no Daemons to try to connect to other than HTTP, and even then, if the traffic isn't "normal" you can't connect, and it drops ALL other, it's pretty close to about as solid as it can get. The one I read stated that you remove everything you don't need to BOOT, and run the Web Server itself, and everything else is gone. The Web Server, is put in the Kernel to get rid of other needs. > If we look at the late 1980s and early 1990s, there were more than a > hundred competing firewall products. The few that "won" weren't the most > secure firewalls; they were the ones that were easy to set up, easy to > use, and didn't annoy users too much. Because buyers couldn't base their > buying decision on the relative security merits, they based them on > these other criteria. The IDS market evolved the same way, and before > that the antivirus market. The few products that succeeded weren't the > most secure, because buyers couln't tell the difference. That happens in every industry really. I mean, The Dead Kennedys, had it right; Give me Convenience, or give me death. > I think people don't understand the economic liability. When you > purchase an insecure operating system, who is most concerned about > economic liability. Hint: it's not the company making the software. > Consumers and companies spend additional money in antivirus software, > firewalls, maybe an IDS, etc. This has been going on for so long, people > don't seem to know any better. It's become a standard. Yea but you have to admit; Unlike stupid or ignorant drivers who may harm someone, this one only creates jobs lol. > Unfortunately software industry isn't like the any other industry. You > don't see Microsoft or Apple doing a product recall, because of safety > issues in their product. Instead, they release duct tape, er, patches to > limit liability for their negligence or to limit damage to publicity. Wow... I swear I typed the reply to the part above this before I even saw this part, damn we ARE on the same page. > If you want to promote or educate people, as Michael Lucas says: *BSD > needs books. If you wander into any bookstore, brick or virtual, you'll > see books on Linux, Solaris, Macintosh, and even non-Unix-like operating > systems. The BSD books are far between. We as a community need to > address this if we're to expand our reach. I usually buy mine from the FreeBSD Mall, but I have bought locally as well, which, it's nice when I can, but it IS rare as you stated; The Barnes and Noble here, DOES stock BSD books sometimes, and I buy them, as well as ask them to order more, but they can't always stock a product that only a handful of people are going to buy. But I keep asking anyway since we alone have spent thousands there in a year, so they tend to at least see we spend a lot, and will usually start bugging people to order them. It's one of the small ways we can keep BSD books on Shelves. _______________________________________________ freebsd-advocacy@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-advocacy To unsubscribe, send any mail to "freebsd-advocacy-unsubscr...@freebsd.org"