[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Linux vs. NT Security contest

Some very intelligent comments. I think the phenomenon you see is a result
of the upsurge in popularity Linux has experienced. Folks learn a bit
about something more intellectually challenging than the 'off the shelf'
detritus from Redmond and find themselves a part of a 'movement',
something sort of grass roots. Enthusiasm prevails over common sense and
the philosophical underpinnings of the 'movement'. It is easy to focus on
a 'result' like Linux instead of the 'open source' model that gave rise to
it. As someone whom I respect a lot wrote recently, a lot of open source
code is just plain crap (para-phrased I'm sure, forgive me Theo), but the
underlying model still works and out of that crap some cream rises to the
surface - eg OpenBSD and other things like Apache etc. (flames ignored

On Tue, 21 Sep 1999, alex wrote:

> I'm new here, so I hope this isn't out of line.
> I think this NT bashing is a big mistake.  We all like OpenBSD, we
> know it's better.  All we're doing is patting ourselves on the back.
> I've been running linux for more than seven years.  The great thing
> about linux used to be the mail lists and usenet groups.  They were
> technical and I learned a lot from them.  When I signed up for this
> list a week ago or so, I thought, "This is what linux was like four
> years ago."  People actually talk about technical things -- security,
> drivers, etc.  What's more, many of the people here actually seem to
> know what they're talking about.
> Now the linux community seems to be filled with strident kids who are
> developing some sort of political correctness agenda for software.  A
> couple of days ago, someone at slashdot suggested compling and
> publishing lists of companies that don't want to use open source
> code.  It seems to me that they're coming very close to making people
> wear a scarlet "M".  What's the point?  And why don't more people see
> how distateful that is?
> This is the bottom line of this list as I see it.  There are a lot of
> smart people reading it.  In particular, there are a lot of people who
> understand security reading it.  OpenBSD has a lot of terrific
> security tools.  
> But security, even with a good base like the one we've got with
> OpenBSD, is hard.  Solaris isn't very secure, but when a friend went
> looking for holes on a solaris box I was running, it turned out the
> most of the big ones he found were of my own making.  In other words,
> my ignorance is a bigger danger than sun's inattention to security.
> I'd be very surprised if there aren't quite a few people reading this
> who have compromised their OpenBSD boxes without even realizing it.
> How does that happen?  How do people who don't do that approach
> installing software and admining their boxes?  What's the difference
> betewen them and me?
> So with all the people here, do we want to talk about how bad MS
> sucks?  Or do we want to talk about how to think about security in a
> proactive way?  We know that NT sucks, it's a given.  It doesn't do me
> any good to hear about how bad MS sucks.  I have NT, I know from
> experience that it sucks.  So does everyone else here.
> The idea of OpenBSD is tremendously appealing to almost everyone I
> know who works with computers.  There are a lot of people who want
> exactly what OpenBSD delivers.  Teaching people how to run secure
> systems with OpenBSD is the way to make it grow.  Let's make it less
> intimidating.  Bashing MS doesn't help.
> In my opinion, the famous web server benchmarks pointed up a lot of
> the problems with both MS and Linux.  On the one hand, you had MS
> cheating.  And on the other hand, you had the linux kids refusing to
> accept the final results, which exposed some weakenesses in the linux
> kernel.
> I liked linux a lot better when people wanted to publicize weaknesses
> so that they'd get fixed.  Now if you criticize it they slashdot you
> and bury you with hate mail.  They're bullies.  Maybe not as big of
> bullies as the MS crowd, but hey, they're just starting out, give them
> some time, maybe they'll catch up.
> I realize that this post violates the principles it pretends to
> champion.  I apologize.  I'm coming from the perspective of someone
> who's fleeing linux, in large part to escape ideological rigidity.  I
> don't want to think of system administration in political terms.  I
> just want my systems to work and not get cracked.  I want to be able
> to boot up NT and fire up premiere when I need to edit video, without
> being called a fascist collaborator.
> I really just want to learn from the people here who understand
> security.


John Horn
City of Tucson, IT Dept.