[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Linux vs. NT Security contest



I'm new here, so I hope this isn't out of line.

I think this NT bashing is a big mistake.  We all like OpenBSD, we
know it's better.  All we're doing is patting ourselves on the back.

I've been running linux for more than seven years.  The great thing
about linux used to be the mail lists and usenet groups.  They were
technical and I learned a lot from them.  When I signed up for this
list a week ago or so, I thought, "This is what linux was like four
years ago."  People actually talk about technical things -- security,
drivers, etc.  What's more, many of the people here actually seem to
know what they're talking about.

Now the linux community seems to be filled with strident kids who are
developing some sort of political correctness agenda for software.  A
couple of days ago, someone at slashdot suggested compling and
publishing lists of companies that don't want to use open source
code.  It seems to me that they're coming very close to making people
wear a scarlet "M".  What's the point?  And why don't more people see
how distateful that is?

This is the bottom line of this list as I see it.  There are a lot of
smart people reading it.  In particular, there are a lot of people who
understand security reading it.  OpenBSD has a lot of terrific
security tools.  

But security, even with a good base like the one we've got with
OpenBSD, is hard.  Solaris isn't very secure, but when a friend went
looking for holes on a solaris box I was running, it turned out the
most of the big ones he found were of my own making.  In other words,
my ignorance is a bigger danger than sun's inattention to security.

I'd be very surprised if there aren't quite a few people reading this
who have compromised their OpenBSD boxes without even realizing it.
How does that happen?  How do people who don't do that approach
installing software and admining their boxes?  What's the difference
betewen them and me?

So with all the people here, do we want to talk about how bad MS
sucks?  Or do we want to talk about how to think about security in a
proactive way?  We know that NT sucks, it's a given.  It doesn't do me
any good to hear about how bad MS sucks.  I have NT, I know from
experience that it sucks.  So does everyone else here.

The idea of OpenBSD is tremendously appealing to almost everyone I
know who works with computers.  There are a lot of people who want
exactly what OpenBSD delivers.  Teaching people how to run secure
systems with OpenBSD is the way to make it grow.  Let's make it less
intimidating.  Bashing MS doesn't help.

In my opinion, the famous web server benchmarks pointed up a lot of
the problems with both MS and Linux.  On the one hand, you had MS
cheating.  And on the other hand, you had the linux kids refusing to
accept the final results, which exposed some weakenesses in the linux
kernel.

I liked linux a lot better when people wanted to publicize weaknesses
so that they'd get fixed.  Now if you criticize it they slashdot you
and bury you with hate mail.  They're bullies.  Maybe not as big of
bullies as the MS crowd, but hey, they're just starting out, give them
some time, maybe they'll catch up.

I realize that this post violates the principles it pretends to
champion.  I apologize.  I'm coming from the perspective of someone
who's fleeing linux, in large part to escape ideological rigidity.  I
don't want to think of system administration in political terms.  I
just want my systems to work and not get cracked.  I want to be able
to boot up NT and fire up premiere when I need to edit video, without
being called a fascist collaborator.

I really just want to learn from the people here who understand
security.