lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Sat, 15 Jul 2006 18:03:20 -0600
From: Bob Beck <beck@...h.cns.ualberta.ca>
To: Darren Reed <avalon@...igula.anu.edu.au>
Cc: Bob Beck <beck@...h.cns.ualberta.ca>, bugtraq@...urityfocus.com
Subject: Re: LAMP vs Microsoft

> 
> You're confusing what I'm interested in (platform security) with

	No, I'm not confusing it at all, I'm saying it's a non-issue.  Any
Von Neuman type of architecture is "secure" - it does exactly what you
tell it to do. If you don't tell it to do insecure things. it does
not. If it's not deterministic, then fine, you have an issue.

> the people who use the platform to develop on top of.  If the
> foundations of what you're using are insecure, then the web
> developer has a harder task.

	I disagree. I think most modern computing platforms start
out as "secure" within their limitations if you understand them.
It's code written for them that is the problem, plain and simple. 

	The more complexity you add what you implement on top of a platform,
the more bugs you add in the implementation, and the more opportunity
for people not to understand the side effects. But I expect to see a
great market for people reinventing the wheel for people who don't
understand that life is pain, and anyone who says otherwise is selling
something. 

	Oh, and since you mention it, I doubt anyone the OpenBSD mob would
disagree with what I'm saying, or that I would care if they did.
Unlike the corporate world there are still some free projects that
allow for participants to speak their mind freely and not toe the
party line. Of course, I haven't yet asked what you're selling. Sounds
to me like it's another effort to convince the unwitting that life
isn't pain and blow SuNshine up their posteriors. 

	-Bob

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ