>All in all, this has been a useful discussion. i agree, but i think we have collectively lowered the GDP by some measurable amount by participating in it instead of "working". ;-)
alright, let's move on to the next discussion.. Josh Coates http://www.jcoates.org -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Grant Robinson Sent: Monday, August 30, 2004 4:20 PM To: BYU Unix Users Group Subject: Re: [uug] linux most vulnerable os? (time to move on) On Aug 30, 2004, at 3:33 PM, Josh Coates wrote: <snip> > >> It is not a lame excuse for Linux... > > yes it is. you can't blame linux security breaches on careless windows > admins. if you do, then i guess you can also blame windows security > breaches on careless unix admins? sorry. Please don't do that. There was a lot more to my comment than the first line, and my point was very valid and was what Matai said. If you want to quote a line, pick one that describes my salient point: the increase in linux compromises stems from a swift increase in the use of linux coupled with inadequate training and knowledge of how to keep that environment secure. > >> yes, successful attacks of linux are on the rise but Linux by design >> is >> not more vulnerable than Windows... > > i don't think anyone is suggesting that linux by design is more > vulnerable > than windows. it just seems to be successfully breached more often. In January 2004, yes, it was. In June 2003 (or would that be July), it was not. > >> Many more Windows systems were compromised because of inherent design >> flaws > in >> Windows itself, as stated by Michael Torrie and seconded by most any >> other computer scientist and security researcher who is able to look >> objectively or somewhat objectively at the situation. > > sorry, but this gets a big 'ol LOL from me. > > i submit that windows fundamentally has a very excellent design, and > the > security design is also very good. though many of it's apps have > security > problems. you're going to have to show me a stack of papers from > "objective" computer scientists elaborating on the fundamental design > flaws > in windows. vms and mach are admirable models, and david cutler is an > extraordinary engineer. If that is the case(very excellent design and good security design), then answer me the million dollar question: Why did Microsoft pull a significant number of it's engineers off Longhorn to work on SP2 and still was unable to plug the holes, but rather shored up the defenses by providing a built-in firewall? I submit it is because of too much integration (i.e. tight coupling). It would be nearly impossible to plug all the holes in Windows without re-writing large portions of the code, which is why each Service Pack or hotfix fixes each vulnerability rather than going to the root of the problem and curing that. However, I have never seen a line of Windows source code, so I could be way off base. If you have a better answer, I would love to hear it. > >> Now, as for techno-agnostic...I see several possiblities for what that > means: >> 1) You do not believe that we can prove technology exists >> 2) You believe that technology exists, but it does not care about you >> individually >> 3) You doubt the truth of all technology > > let me help you out: > > 1) I don't believe we can prove one technology is "right"/"good" and > another > is "wrong"/"bad" > 2) I believe that technology exists, but I don't care about it > emotionally > 3) I think all technology mostly sucks, but some technology sucks less > than > others > > you can also say i'm technology neutral, but since many people attach a > religious zeal to technology, i find the term techno-agnostic suits the > methaphor, wouldn't you say? I was mainly playing around, as most of the definitions of agnostic concerns whether God exists, but in common usage means someone who doesn't take sides (or believe in) organized religion. Although I believe we _can_ prove one technology is "good" or better than another technology for a specific purpose, those are very subjective terms. What is "good" for one company may be "bad" for a home user. (i.e. the RIAA would say that P2P is bad, but most college students love it.) Therefore, the blanket terms good and bad depend entirely on your point of view. All in all, this has been a useful discussion. For the record, I don't think Windows is all bad or Linux all good, so I guess I would be technology neutral as well. I also think most studies show a bit of bias, especially when they are funded by one of the interested parties (and I don't know if this one was), but most of the ones you see that get people all worked up are funded by IBM or RedHat or Microsoft, and therefore biased from the outset. Grant ____________________ BYU Unix Users Group http://uug.byu.edu/ ___________________________________________________________________ List Info: http://uug.byu.edu/cgi-bin/mailman/listinfo/uug-list ____________________ BYU Unix Users Group http://uug.byu.edu/ ___________________________________________________________________ List Info: http://uug.byu.edu/cgi-bin/mailman/listinfo/uug-list
