Re: Linux Vulnerable... BBBWWWWAAAAA HHHHHAAAAAA HAAAAA HAAAA
From: Tim Haynes (usenet@stirfried.vegetable.org.uk)Date: 12/24/01
- Next message: Darren Davison: "Re: Linux Vulnerable... BBBWWWWAAAAA HHHHHAAAAAA HAAAAA HAAAA"
- Previous message: Jeroen: "Re: free space wiper..."
- In reply to: Felmon John Davis: "Re: Linux Vulnerable... BBBWWWWAAAAA HHHHHAAAAAA HAAAAA HAAAA"
- Next in thread: Ian Jones: "Re: Linux Vulnerable... BBBWWWWAAAAA HHHHHAAAAAA HAAAAA HAAAA"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Tim Haynes <usenet@stirfried.vegetable.org.uk> Date: 24 Dec 2001 11:13:09 +0000
"Felmon John Davis" <nemo@nowhere.edu> writes:
[snip]
> > Linux *is* only the kernel. Without it you wouldn't have a
> > linux-anything, let alone an OS. Anything else in a distribution has
> > come from the compilers of the distro; the majority of that is GNU
> > tools, as well. There is nothing more correct than to say that Linux is
> > the kernel, and a distro may well be GNU/Linux.
> I'm skeptical about the usefulness of this kind of definition. When I
> tell people, "I use Linux," I am not referring exclusively to the kernel.
But you are. You're not saying whether you've magically ported a *BSD
toolset across, for example. The kernel defines the OS.
> The real issue is commensurability: I want to compare things that are
> comparable. If CuteFTP crashes, I don't say, "Windows crashed" (unless it
> was in fact a kernel panic).
Then you're already half-way there to separating the two. :)
> If I say, "Windows is less secure than Linux," I want to know what I'm
> comparing with what. Otherwise, the statement is meaningless.
You'd have to be a lot more precise, at least in the case of linux. If you
look at kernel security errata, that might be one metric.
OTOH you might want to look at the `system's that people have installed:
that's best defined as "what you might expect to fall off the install CD",
so a windoze kernel + applications versus a linux kernel plus GNU + other
applications.
> > If M$loth one the one hand say that XP is the most secure windoze ever,
> > and on the other that it has the world's biggest cockup ever in it too,
> > judge their consistency for yourself. If your (GNU/)Linux distro claims
> > to be secure, first shoot the messenger, then look for the
> > corresponding world's-biggest-cockup in it too, and judge the
> > consistency for yourself.
>
> I understand. So here we are comparing 'distros' with Windows, not just
> 'kernels'.
For your purposes, given that all worms have only used holes in user-space
in the linux world, yes.
Or you can compare unreliability of kernel by looking at blue-screen versus
count(kernel bugs that affect you), if you want.
> >> What I'm gathering is:
> >> (a) it's partly 'technical inferior' in the way that a distribution of
> >> Linux would be 'technically inferior' if it included an easily
> >> exploitable service such as 'wu-ftpd' turned on and set up by default
> > Yes. If you have remote-root vulnerabilities out of the box, you're
> > shipping <excrement>.
>
> The Linux distros _used_ to have certain risky services on by default and
> as I recall, wu_ftpd used to be among them. I wouldn't have called them
> <exrement> though. But now the world is quite a bit more dangerous.
It's a matter of timing. Anyone shipping such a thing *now* would be
alluded to in a most offensive manner, rightly so; there were those of us
who've spent the last 2 years being paranoid blighters and knowing how to
install a box minimally given a reasonable starting distro...
[snip]
> Now, if a distro included wu_ftpd switched on by default, I guess I
> _would_ call it <exrement>.
Emphasis on the `now', correct.
> > For bonus points, consider the approach that says "but a *competant*
> > admin would turn that off", and contemplate what proportion of *windoze*
> > people are likely to be competant, versus the proportion of linux folks.
> > While there are still far too many linux-idiots out & about who don't
> > give a fig for security and are therefore responsible for adore/ramen et
> > al being able to spread, I think things still err in linux's favour.
>
> MS needs to do something to educate their users even _while_ the user is
> installing the software. Maybe they do - I am not familiar with anything
> other than the Win9x series. They usually, however, want to hide anything
> that looks 'too' technical from the user. This is an error in today's
> dangerous world and maybe also an insult.
They've managed to con the public into thinking it's not an insult. Me, I
differ.
What was it Feynman suggested? A nation-wide billboard advertisement saying
"it the advert insults your intelligence, don't buy the product". *Good*
plan.
~Tim
-- 11:05:16 up 47 days, 12:58, 12 users, load average: 0.23, 0.24, 0.17 piglet@stirfried.vegetable.org.uk |Windows 98 is year 2000-ready http://piglet.is.dreaming.org |(seen during a recent, >y2000, installation)
- Next message: Darren Davison: "Re: Linux Vulnerable... BBBWWWWAAAAA HHHHHAAAAAA HAAAAA HAAAA"
- Previous message: Jeroen: "Re: free space wiper..."
- In reply to: Felmon John Davis: "Re: Linux Vulnerable... BBBWWWWAAAAA HHHHHAAAAAA HAAAAA HAAAA"
- Next in thread: Ian Jones: "Re: Linux Vulnerable... BBBWWWWAAAAA HHHHHAAAAAA HAAAAA HAAAA"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
