I love IP Tables....

Wed May 30 00:28:11 UTC 2007

From: "Mikkel L. Ellertson" <mikkel at infinity-ltd.com>
> jdow wrote:
>>
>> FreeBSD is supposed to be more secure than Linux. (And based on security
>> bug reports that "seems" to be the case.) Apple's OS-X is built on
>> FreeBSD, an old one to be sure, though. They just released 17 patches....
>>
>> Microsoft has the bankroll to survive the suits. Red Hat doesn't. Be
>> careful what you wish for.
>> {^_-}
>>
> There are different levels of liberality. Try this example:
>
> You buy a car with break lines that are not designed to handle the
> pressure surge when you do panic breaking, that is a design flaw.
> You do a panic stop and the line breaks.

If you buy a car with break lines designed to handle the surge but
had a design flaw due to unexpected operations being performed on it
and when you perform the panic stop the line breaks who is at fault?

Suppose you buy a car with break lines designed to handle the surge
but had a design flaw due to unexpected operations being performed
on it. Suppose the manufacturer was made aware of the defect and
suppressed the knowledge....

Suppose you buy a car with break lines designed to handle the surge
but had a design flaw due to unexpected operations being performed
on it. Suppose the manufacturer was made aware of the defect and
effected a repair.... - that one is your last case, of course.

> You buy a car with a break line that has a hairline crack that
> causes it to break when you do a panic stop. That is not a design
> flaw in the car.
>
> You buy a car that is part of a batch that ended up with bad break
> lines because of a supplier mistake. The break lines were recalled.
> You ignore the recall. the line breaks when you make a panic stop.
>
> All three result in a broken break line, and very likely a crash.
> but who is responsible is different in each case.
>
> Now, I can see why, as a programmer, you would not want to be held
> liable for damage cause by a mistake in programming. After all, who
> has time to get all the bugs out. but there is a BIG difference
> between a bug in a program, and a program that is poorly designed in
> the first place.

The point is that there are things a user can do to prevent consequences
during periods of vulnerability. You can, for example, reduce your
likelihood of a panic stop by driving a little more prudently. You can
review how to handle the car if a break line goes out. Or for a more
recent experience I had a nearly new (from a tread wear standpoint)
tire shredded on my left rear wheel while I was driving to Las Vegas
(from the LA area) for the recent NAB convention. I knew what to do to
handle the situation. The car was hurt from the steel belt shredding the
plastic bumper and marring the finish in several places. But no accident
happened and I was over on the shoulder quickly because I had been
watching traffic around me and knew when I could move to the right in
a controlled manner and ease to a stop. I minimized the exposure to
danger. Now I know MORE of how to see potential problems before they
happen and can inspect my tires for cracks along the tread line as well
as for proper pressure and cracks on the side walls.

Yes, I do expect people to run anti-virus tools and maintain a tight
computer. Unfortunately, even here, people insist on exposing themselves
because of all the goofy goodies like flash, pdf, .mov, etc files that
appear on web pages as content. The more you expose yourself the more
it behooves you to maintain internal defenses. Blandly asserting that
viruses are not a problem for Linux is burying your head in the sand.
Is your firewall setup sanely? Are your passwords good? Are any tools
running on your system that might lead to a possible rootkit attack?
Do you regularly scan for rootkits? And so forth.

Admittedly Microsoft is extremely lax "right out of the box" and Red Hat
goodies are generally pretty good. But all it takes is once and you are
muttering "I wish I had...." as you flush your disk, including your data
files, to get a clean install and go back to backups known to be from
before you were infected. How many weeks of lost data is that? How much
time do you lose? Linux is bulletproof against a 5.62 level round. It
may be bulletproof against a .50. Is it bulletproof against an RPG? The
latter attack may come IF some cracker decides your system, for some reason
looks too juicy to ignore.

{^_^}

{^_^} 