>Finally, I am not beefing about SSH or other tech implementation. >Ya'll do whatever you like. I am, however, concerned about the "We >work at Sun and we know what's best" attitude. Solaris 10 _may_ be >the best operating system in the world, but if people don't use it >(for whatever reason, however misguided), then it will be just a >footnote in the History of Computing.
I don't think it's fair to accuse either me or Darren of a "we work at Sun and we know what's best" attitude. If our attempts to share our experience in developing Solaris come across in that manner, then rest assured that was purely unintentional. We do try to explain what the bigger picture looks like from where we are sitting. To cite one of many examples: there are those who feel that whenever a remotely exploitable security vulnerability is fixed, that you should make the code syslog() a message if an attempt to do so is ever detected. syslog("Barbarians Thwarted at the Moat"). I was once in that camp but I now firmly believe it is a *very*, *very* wrong thing to do. The reason for my change of position is fairly simple: - whatever the turn of phrase used, some customers will always think they've been hacked - most systems will see this message at one point or other anyway - the message is alarming and unhelpful - the message can be triggered when nothing is wrong - you can't track down the culprit anyway (That for Sun this also translates into service calls is another matter) Adding the message turns out to have no benefit at all and at a considerable cost. (Not to Sun in particular, but to the users) And this is not about "blissful ignorance"; the system wasn't broken into, period. And we all know that people or systems will continuously try to do so, and setting of the alarm is inappropriate. Similarly, we get reports from "vulnerability scanners" about software solely because we fix bugs differently in certain cases (or because they don't bother to weed out false positives) The computer security profession is the realm of con-artists and snake-oil salesmen. And much of the rest is not science, but the practice of religious rituals of some cult. Except that it's not "honor the sabbat" but rather "do not reveal thy OS version". What's worse, accounting firms, who we all know are not even up to doing their proper jobs, are really awful at security auditing; generally they come with pre-cooked checklists which we all known contains bullets that are provably *wrong*. (There was never a "sys:coredumpsize" variable in Solaris, ever) So for some it may seem perfectly reasonable to change the SSH banner string in Solaris, but from our perspective it's "no gain, considerable pain". Knobs that essentially have two settings "systems works", "systems works some of the time" are just wrong, especially considering staff turnover, remote vs. local behaviour, unpredictability, (it works just fine on this Solaris box, but not on that one) And think of it this way: - if they know the exact version of your OS, they use only the exploits for that single OS - if they don't, they use all exploits they have Do you rather have 10 or 1000s of exploits coming your way? Casper _______________________________________________ opensolaris-discuss mailing list opensolaris-discuss@opensolaris.org