Re: hurd does NOT need /hurd

To: debian-devel@lists.debian.org
Subject: Re: hurd does NOT need /hurd
From: Glenn Maynard <g_deb@zewt.org>
Date: Wed, 22 May 2002 12:37:15 -0400
Message-id: <[🔎] 20020522163715.GA5213@zewt.org>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] 20020522150653.GH1905@celeron.dekkers>
References: <[🔎] 87661iwah0.fsf@becket.becket.net> <[🔎] 20020521071623.GA17880@azure.humbug.org.au> <[🔎] 87vg9i0wpm.wl@alien.enbug.org> <[🔎] 3CEA5AA5.4030308@quic.net> <[🔎] 20020521152518.GI890@212.23.136.22> <[🔎] 3CEA6E40.10803@quic.net> <[🔎] 20020521160908.GM890@212.23.136.22> <[🔎] 20020522135805.GB1905@celeron.dekkers> <[🔎] 3CEBB028.7090808@quic.net> <[🔎] 20020522150653.GH1905@celeron.dekkers>

On Wed, May 22, 2002 at 05:06:53PM +0200, Jeroen Dekkers wrote:
> The GNU system has the GNU philosophy, not the philosophy of a random
> sysadmin. And why do you think the GNU system doesn't give sysadmins
> the freedom to pursue his philosophy? He could download another TCP/IP
> stack somewhere else.

Telling us to download our own TCP stack isn't very interesting until
other TCP stacks exist.  (Telling a sysadmin to write their own TCP
stack would be even less interesting.)

> > Given that the Internet is a lot like a warzone these days, with 
> > unsecured systems being cracked within minutes of going online, I don't 
> > believe anyone should even consider shipping a general-purpose OS 
> > without IP filtering.
> 
> You should solve the real problem: Making computers uncrackable.

Telling us to do the impossible is, like the above, not interesting.

What about selectively blocking ICMP at a router, to cut off an attack
before it hits a low-bandwidth link?  Immoral?

> > >The Hurd's design is so secure that it makes firewalls immoral IMHO.

The Hurd's design is irrelevant if it's to be used as a router; it's
not routing packets exclusively for other Hurd systems; in fact, it's
likely to be routing packets for systems completely out of the control
of whoever runs that router.

Also, IP filtering rules are just a small feature of a modern routing
stack.  Any routing system that allows NAT, intelligent forwarding,
packet logging, and so on would probably have to go to lengths to *avoid*
having a way to bitbucket packets.

And, all this aside, I hope you'll agree that it's a bad idea to make a
program prohibit doing something legitimately useful to many people
because it can be abused.

I agree, of course, that there are clearly other, far more pressing
things to be implemented than routing and filtering.  Not having time
is a valid reason to hold off on it.  Calling it "immoral" is not.

-- 
Glenn Maynard

-- 
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

References:
- Re: hurd does NOT need /hurd
  - From: tb@becket.net (Thomas Bushnell, BSG)
- Re: hurd does NOT need /hurd
  - From: Anthony Towns <aj@azure.humbug.org.au>
- Re: hurd does NOT need /hurd
  - From: "Yoshinori K. Okuji" <okuji@enbug.org>
- Re: hurd does NOT need /hurd
  - From: Nathan Hawkins <utsl@quic.net>
- Re: hurd does NOT need /hurd
  - From: Marcus Brinkmann <Marcus.Brinkmann@ruhr-uni-bochum.de>
- Re: hurd does NOT need /hurd
  - From: Nathan Hawkins <utsl@quic.net>
- Re: hurd does NOT need /hurd
  - From: Marcus Brinkmann <Marcus.Brinkmann@ruhr-uni-bochum.de>
- Re: hurd does NOT need /hurd
  - From: Jeroen Dekkers <jeroen@dekkers.cx>
- Re: hurd does NOT need /hurd
  - From: Nathan Hawkins <utsl@quic.net>
- Re: hurd does NOT need /hurd
  - From: Jeroen Dekkers <jeroen@dekkers.cx>

Prev by Date: Re: what happened to libapt-pkg-libc6.2-3-2-3.2?
Next by Date: Re: what happened to libapt-pkg-libc6.2-3-2-3.2?
Previous by thread: Re: hurd does NOT need /hurd
Next by thread: Re: hurd does NOT need /hurd
Index(es):
- Date
- Thread