| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: yossarian at planet.nl (yossarian) Subject: SQL Slammer - lessons learned (fwd) Steve Wray wrote >So demonstrate to your ISP that you are competent. >Whats wrong with that? There is a lot wrong wit that. Maybe not at first sight. Why should I prove anything? Who is competent to be the judge? And, what is worse, demonstrate my skills on what? Suppose I am very competent in setting up a Mickeysoft server farm, but suddenly decide to do mail and web on a *NIX I've never used before. Or will I just be allowed S/W I demonstrated my skills on? Or I take one day instead of three weeks to set up a system, knowing that the install will be leaky, but I really need a beer or 27, so the fixes are not loaded on the host - I have demonstrated my skills but just decided not to use them. Will I have to swear on my mother never to forget a patch on a machine? Must I vow never to skip reading a README? Get a brain. Who is to judge whether I am competent in setting up a mailserver with a homemade OS and app? Will just bigger OS-es qualify? If so, should these same ISP's also qualify applications as fit for the net? Will non-qualifying operating systems be banned? Does anyone expect this to be done unbiased, considering the vast commercial interests at stake? Or will only Palladium, or whatever it will be called, qualify? And a small practical question - how to set up this wise rule worldwide? If you decide to stop users from doing certain things, it would be very odd at least, to let vuln-ridden server apps be used, by whoever, however qualififed. Now give me faultless OS - I'll use it. Or just a flawless stack. It don't exist. With these naive controlfreaks mongering and rambling on and on, no person came up with the real problem this list is for - lousy coding/lack of QC. Regulations of any type cannot be set up in the international entity the net is, there is no regulatory power and there cannot be such thing. Why do you think these so called internetstandards are not so very standard - we all have to agree, and we don't. The net is put together on consensus alone, and anything we cannot get a consensus on, just will not happen. Steve wrote: > My guess? Unless the internet community shapes up or > oh maybe unless ipv6 becomes the standard for most of > the internet (*snicker* yeah RIGHT) within, say, 5 years > there will be NO open pipe ISP left anywhere in the, uh, > civilised world. You will have to go to somewhere more > interesting like Tuvalu Well, some place might get run over be these no-brain control freaks. But funny thing is, that if the ISP's close the lines to anything deemed dangerous or illegal, or just unwanted, there probably won't be a reason left to use the internet, except maybe e-mail, but then with an encryption not breakable by moron-enforcement.
Powered by blists - more mailing lists