[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: hurd does NOT need /hurd

On Wed, May 22, 2002 at 10:50:16AM -0400, Nathan Hawkins wrote:
> Jeroen Dekkers wrote:
> >On Tue, May 21, 2002 at 06:09:08PM +0200, Marcus Brinkmann wrote:
> >>Al those features are useful.  Nobody is claiming that the Hurd shouldn't
> >>have these features, or shouldn't have firewall features.  The Hurd should
> >>have everything anybody ever wants ;)
> >
> >
> >By first reading this I agreed with you. After pondering about this
> >issue I claim that the Hurd should not have IP filtering features.
> >
> >The fact is that because of the Hurd's design IP filtering is *not
> >useful*. The only reason I can come up with is a system administrator
> >trying to limit what the user does. This is directly against the GNU
> >philosophy of user freedom. The whole GNU system (including the Hurd)
> >is designed around this user freedom. (I got this logic from the book
> >"Free as in Freedom")
> That is ridiculously stupid.

Could you back that up?
> A sysadmin's system is his. Not the user's, and not your's. He should be 
> free to pursue _his_ philosophy about security. If end-users have a 
> problem with it, they can buy their own box, and become sysadmins 
> themselves.

The GNU system has the GNU philosophy, not the philosophy of a random
sysadmin. And why do you think the GNU system doesn't give sysadmins
the freedom to pursue his philosophy? He could download another TCP/IP
stack somewhere else.

> Now speaking as a professional sysadmin, if the Hurd operates on the 
> kind of thinking you describe, I'll forbid attaching it to any network I 
> manage.

Can you elaborate?

The operates with almost everything in user-space. This makes the more
secure. Running a lot of things in user-space is actually what every
modern operating system does (and unix is not modern, it's 30 years

> Given that the Internet is a lot like a warzone these days, with 
> unsecured systems being cracked within minutes of going online, I don't 
> believe anyone should even consider shipping a general-purpose OS 
> without IP filtering.

You should solve the real problem: Making computers uncrackable.
> >The Hurd's design is so secure that it makes firewalls immoral IMHO.
> This is a priceless quote. I couldn't think up anything that surreal if 
> my life depended on it.

If you would learn what the Hurd's design is it could make sense to
you, if you keep thinking the Hurd is some variant of unix then it
will never make any sense.

Jeroen Dekkers
Jabber ID: jdekkers@jabber.org  IRC ID: jeroen@openprojects
GNU supporter - http://www.gnu.org

Attachment: pgpZfPRTy0Vya.pgp
Description: PGP signature

Reply to: