Re: PING: Igor S. , regarding Kerberos v4.
- From: Anonyma <anon-bounces@xxxxxxxxx>
- Date: Wed, 21 Feb 2007 10:27:18 -0500 (EST)
"George Orwell" <nobody@xxxxxxxxxxxx> wrote in message
news:c385a8aa6a1774573bf8da62739855d3@xxxxxxxxxxxxxxx
Some other , far more important flaws exist and should be corrected by
some clever means , but have not been , and clear and unequivocal
statements have been made that they will NEVER be fixed. Rather than
mention the matter just here , I will start another thread. I've been
EXTREMELY peeved since I first became aware of the situation , not because
flaws had been found , but that high-level decisions had been summarily
made
to never fix the flaws. To never fix the flaws or even jettison the
entire
core functionality being provided rather than actually fix , rewrite , or
re-design the code.
Steve at fivetrees wrote:
Rightly or wrongly, I have more faith in the directors of the OpenBSD
project than you clearly have. Time and time again, they've been proved
right. I'd be very surprised if they didn't thoroughly understand the
issues - rather better than either you or me.
Just a thought.
Steve
http://www.fivetrees.com
Directors? It's not Microsoft you know. ;)
If I didn't have faith in those responsible for OpenBSD , I
wouldn't be using it. I however place "blind faith" in
nothing.
Talented experts frequently become complacent , I have no
doubts that these people can run circles around me in many ways.
But , my machine may end up being more secure than one of theirs
because I may choose NOT to install , enable , or use something ,
perhaps something that is more complex ; that they feel confident
(complacently) that such a thing could never pose a threat to them.
People die of the daftest things these days , if you are at home and
in your garden and you become complacent about your rake , it may end
up killing you. The Darwin Awards are prime examples of complacency
(and quite a bit of the less intelligent variety as well!).
I'm not saying that anyone in the project is being complacent , only that
they are subject to being so , and their expertise offers no protection
against it.
Some degrees of obsessiveness and paranoia can have advantages.
Should someone ever crack into one of my systems , someday , I won't be
telephoning Theo to ask him to hold my hand. If , in the final analysis
my system ever is compromised , I am the only person truly responsible and
I take that responsibility seriously. Of course , it would also be embarassing
to have this happen. <g>
Should you wish to test your faith , take a look at the "securelevel" and "chflags"
man pages. These man pages have not been updated. There is no mention of known
exploits that Theo does not want to fix. I see no mention anywhere that securelevels
are "useless" , one would assume that this "fact" would be highlighted somewhere.
At the least users should be warned of the known limitations that OpenBSD securelevels have.
IMO , OpenBSD man pages should be kept accurate and should not mislead users who read them.
These issues seem to be of the "hush-hush" variety , do not try to fix , take no action.
In addition to having a healthy level of faith in some things , I also believe what I
can see and test. Empiricism.
I have great respect for what Theo and the others do , I just don't necessarily always
agree with them. I don't necessarily always agree with anyone. If I see anomalies or
things I don't understand I like to learn why things exist as they do. My only goals are
to make my computer as secure and stable as I can and to have the most secure
and stable OS available to me. If I notice aspects in OpenBSD that seem odd to me I will let
people know , I prefer not to experience unexplained anomalies or to do so over long periods
of time.
Regards , An Odd User.
.
- Prev by Date: Re: Why can't OpenBSD's securelevels be saved?!
- Next by Date: Re: Why can't OpenBSD's securelevels be saved?!
- Previous by thread: Re: PING: Igor S. , regarding Kerberos v4.
- Next by thread: Re: PING: Igor S. , regarding Kerberos v4.
- Index(es):
Relevant Pages
|
