I love IP Tables....

Rick Stevens rstevens at internap.com
Wed May 30 00:50:15 UTC 2007 

On Tue, 2007-05-29 at 17:28 -0700, jdow wrote:
> From: "Mikkel L. Ellertson" <mikkel at infinity-ltd.com>
> > jdow wrote:
> >>
> >> FreeBSD is supposed to be more secure than Linux. (And based on security
> >> bug reports that "seems" to be the case.) Apple's OS-X is built on
> >> FreeBSD, an old one to be sure, though. They just released 17 patches....
> >>
> >> Microsoft has the bankroll to survive the suits. Red Hat doesn't. Be
> >> careful what you wish for.
> >> {^_-}
> >>
> > There are different levels of liberality. Try this example:
> >
> > You buy a car with break lines that are not designed to handle the
> > pressure surge when you do panic breaking, that is a design flaw.
> > You do a panic stop and the line breaks.

Uh, sticking my oar in, it's "brake lines", not "break lines."  And
you certainly do NOT want your "brake" lines to "break".  That would be,
uhm, bad.  :-)

> If you buy a car with break lines designed to handle the surge but
> had a design flaw due to unexpected operations being performed on it
> and when you perform the panic stop the line breaks who is at fault?
> 
> Suppose you buy a car with break lines designed to handle the surge
> but had a design flaw due to unexpected operations being performed
> on it. Suppose the manufacturer was made aware of the defect and
> suppressed the knowledge....
> 
> Suppose you buy a car with break lines designed to handle the surge
> but had a design flaw due to unexpected operations being performed
> on it. Suppose the manufacturer was made aware of the defect and
> effected a repair.... - that one is your last case, of course.
> 
> > You buy a car with a break line that has a hairline crack that
> > causes it to break when you do a panic stop. That is not a design
> > flaw in the car.
> >
> > You buy a car that is part of a batch that ended up with bad break
> > lines because of a supplier mistake. The break lines were recalled.
> > You ignore the recall. the line breaks when you make a panic stop.
> >
> > All three result in a broken break line, and very likely a crash.
> > but who is responsible is different in each case.
> >
> > Now, I can see why, as a programmer, you would not want to be held
> > liable for damage cause by a mistake in programming. After all, who
> > has time to get all the bugs out. but there is a BIG difference
> > between a bug in a program, and a program that is poorly designed in
> > the first place.
> 
> The point is that there are things a user can do to prevent consequences
> during periods of vulnerability. You can, for example, reduce your
> likelihood of a panic stop by driving a little more prudently. You can
> review how to handle the car if a break line goes out. Or for a more
> recent experience I had a nearly new (from a tread wear standpoint)
> tire shredded on my left rear wheel while I was driving to Las Vegas
> (from the LA area) for the recent NAB convention. I knew what to do to
> handle the situation. The car was hurt from the steel belt shredding the
> plastic bumper and marring the finish in several places. But no accident
> happened and I was over on the shoulder quickly because I had been
> watching traffic around me and knew when I could move to the right in
> a controlled manner and ease to a stop. I minimized the exposure to
> danger. Now I know MORE of how to see potential problems before they
> happen and can inspect my tires for cracks along the tread line as well
> as for proper pressure and cracks on the side walls.
> 
> Yes, I do expect people to run anti-virus tools and maintain a tight
> computer. Unfortunately, even here, people insist on exposing themselves
> because of all the goofy goodies like flash, pdf, .mov, etc files that
> appear on web pages as content. The more you expose yourself the more
> it behooves you to maintain internal defenses. Blandly asserting that
> viruses are not a problem for Linux is burying your head in the sand.
> Is your firewall setup sanely? Are your passwords good? Are any tools
> running on your system that might lead to a possible rootkit attack?
> Do you regularly scan for rootkits? And so forth.
> 
> Admittedly Microsoft is extremely lax "right out of the box" and Red Hat
> goodies are generally pretty good. But all it takes is once and you are
> muttering "I wish I had...." as you flush your disk, including your data
> files, to get a clean install and go back to backups known to be from
> before you were infected. How many weeks of lost data is that? How much
> time do you lose? Linux is bulletproof against a 5.62 level round. It
> may be bulletproof against a .50. Is it bulletproof against an RPG? The
> latter attack may come IF some cracker decides your system, for some reason
> looks too juicy to ignore.
> 
> {^_^}
> 
> {^_^} 
> 
----------------------------------------------------------------------
- Rick Stevens, Principal Engineer             rstevens at internap.com -
- VitalStream, Inc.                       http://www.vitalstream.com -
-                                                                    -
-   The light at the end of the tunnel is really an oncoming train.  -
----------------------------------------------------------------------

More information about the users mailing list