| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: steve.wray at paradise.net.nz (Steve Wray) Subject: SQL Slammer - lessons learned (fwd) One word. Ok two; Driving Test. Do you have a driving license? Did you buy it from a shop or did you have to demonstrate an acceptable level of competence? Who administers it? > -----Original Message----- > From: full-disclosure-admin@...ts.netsys.com > [mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of yossarian > Sent: Monday, 10 February 2003 2:48 p.m. > To: full-disclosure@...ts.netsys.com > Subject: Re: [Full-Disclosure] SQL Slammer - lessons learned (fwd) > > > Steve Wray wrote > > >So demonstrate to your ISP that you are competent. > >Whats wrong with that? > > There is a lot wrong wit that. Maybe not at first sight. > > Why should I prove anything? Who is competent to be the > judge? And, what is > worse, demonstrate my skills on what? Suppose I am very > competent in setting > up a Mickeysoft server farm, but suddenly decide to do mail > and web on a > *NIX I've never used before. Or will I just be allowed S/W I > demonstrated my > skills on? Or I take one day instead of three weeks to set up > a system, > knowing that the install will be leaky, but I really need a > beer or 27, so > the fixes are not loaded on the host - I have demonstrated my > skills but > just decided not to use them. Will I have to swear on my > mother never to > forget a patch on a machine? Must I vow never to skip reading > a README? Get > a brain. > > Who is to judge whether I am competent in setting up a > mailserver with a > homemade OS and app? Will just bigger OS-es qualify? If so, > should these > same ISP's also qualify applications as fit for the net? Will > non-qualifying > operating systems be banned? Does anyone expect this to be > done unbiased, > considering the vast commercial interests at stake? Or will > only Palladium, > or whatever it will be called, qualify? And a small practical > question - how > to set up this wise rule worldwide? > > If you decide to stop users from doing certain things, it > would be very odd > at least, to let vuln-ridden server apps be used, by whoever, however > qualififed. Now give me faultless OS - I'll use it. Or just a flawless > stack. It don't exist. > > With these naive controlfreaks mongering and rambling on and > on, no person > came up with the real problem this list is for - lousy > coding/lack of QC. > Regulations of any type cannot be set up in the international > entity the net > is, there is no regulatory power and there cannot be such > thing. Why do you > think these so called internetstandards are not so very > standard - we all > have to agree, and we don't. The net is put together on > consensus alone, and > anything we cannot get a consensus on, just will not happen. > > Steve wrote: > > My guess? Unless the internet community shapes up or > > oh maybe unless ipv6 becomes the standard for most of > > the internet (*snicker* yeah RIGHT) within, say, 5 years > > there will be NO open pipe ISP left anywhere in the, uh, > > civilised world. You will have to go to somewhere more > > interesting like Tuvalu > > Well, some place might get run over be these no-brain control > freaks. But > funny thing is, that if the ISP's close the lines to anything deemed > dangerous or illegal, or just unwanted, there probably won't > be a reason > left to use the internet, except maybe e-mail, but then with > an encryption > not breakable by moron-enforcement. > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html >
Powered by blists - more mailing lists