On Wed, May 22, 2002 at 10:50:16AM -0400, Nathan Hawkins wrote: > Jeroen Dekkers wrote: > >On Tue, May 21, 2002 at 06:09:08PM +0200, Marcus Brinkmann wrote: > >>Al those features are useful. Nobody is claiming that the Hurd shouldn't > >>have these features, or shouldn't have firewall features. The Hurd should > >>have everything anybody ever wants ;) > > > > > >By first reading this I agreed with you. After pondering about this > >issue I claim that the Hurd should not have IP filtering features. > > > >The fact is that because of the Hurd's design IP filtering is *not > >useful*. The only reason I can come up with is a system administrator > >trying to limit what the user does. This is directly against the GNU > >philosophy of user freedom. The whole GNU system (including the Hurd) > >is designed around this user freedom. (I got this logic from the book > >"Free as in Freedom") > > That is ridiculously stupid. Could you back that up? > A sysadmin's system is his. Not the user's, and not your's. He should be > free to pursue _his_ philosophy about security. If end-users have a > problem with it, they can buy their own box, and become sysadmins > themselves. The GNU system has the GNU philosophy, not the philosophy of a random sysadmin. And why do you think the GNU system doesn't give sysadmins the freedom to pursue his philosophy? He could download another TCP/IP stack somewhere else. > Now speaking as a professional sysadmin, if the Hurd operates on the > kind of thinking you describe, I'll forbid attaching it to any network I > manage. Can you elaborate? The operates with almost everything in user-space. This makes the more secure. Running a lot of things in user-space is actually what every modern operating system does (and unix is not modern, it's 30 years old). > Given that the Internet is a lot like a warzone these days, with > unsecured systems being cracked within minutes of going online, I don't > believe anyone should even consider shipping a general-purpose OS > without IP filtering. You should solve the real problem: Making computers uncrackable. > >The Hurd's design is so secure that it makes firewalls immoral IMHO. > > This is a priceless quote. I couldn't think up anything that surreal if > my life depended on it. If you would learn what the Hurd's design is it could make sense to you, if you keep thinking the Hurd is some variant of unix then it will never make any sense. Jeroen Dekkers -- Jabber ID: jdekkers@jabber.org IRC ID: jeroen@openprojects GNU supporter - http://www.gnu.org
Attachment:
pgpZfPRTy0Vya.pgp
Description: PGP signature