lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: mailinglists at wjnconsulting.com (Wes Noonan)
Subject: Religion... was RE: Re: January 15 is Personal Firewall Day, help the cause

> Uh, no.  Where do you get that from?

>From a good chunk of the Linux admins I know.
 
> If you think editing configuration files and changing settings is
> "modifying
> Linux", then I can equally claim you have to "modify Windows" to harden
> it.

Sure. I've never said or implied otherwise. 
 
> Recompiling is not modifying.

What is it then? If I need to recompile the kernel to support something new,
lets say a new version of ipTables, am I not modifying things?
 
> So you're proving my point. ;-)  What possible incentive could Microsoft
> have to improve its security, if you (and others) answer my question
> the way you do?  (I'd actually appreciate a "Yes" or "No" answer rather
> than a paragraph.)

Because unlike you seem to portray it, there isn't some mutual exclusion.
One doesn't need to ignore security to choose other things. Likewise one
doesn't need to ignore other things when choosing security.

As for the incentive though, customer satisfaction is certainly a healthy
one. Do you not do things because it satisfies your customers?

As for a yes or a no, it unfortunately isn't that simple a question or
response. The best I can offer is a firm "it depends".
 
> Except we give out source code and permission to modify it and have it
> audited for security (even for our commercial software.)

Sure, but this is just another "commercial software bad, open source good"
point. As previously mentioned, I don't want to waste time arguing those.
It's pointless IMO for reasons I previously cited.

Also, I don't want to argue *your* product. I merely used it as an example.
  
> Of course I think you're wrong.  They essentially dumped IE on the market
> in order to kill Netscape.
> 
> But that's OK.  Linux is doing to MS what MS did to Netscape, except
> through
> ethical means rather than dumping.

Bah. There is little to no difference. The claims of "ethical" go back to
another religious war. As others have requested, and as I have mentioned,
I'm not going to continue with a religious debate over operating systems. My
point, as Mike Marshall also mentioned, has been made.
 
> I'll rephrase it:  Today, insecurity is one of the most important threats
> to a business's profit.

Sure, which is why Microsoft and pretty much everyone else is working on
insecurity issues.

Thanks for the lively discussion. I'm going to end it from my end at least
though. Take it easy.

Wes Noonan
mailinglists@...consulting.com
http://www.wjnconsulting.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ