Michael Schmitz wrote:
Uh, please read my post. Words like "*less* vulnerable" in this quote were deliberately chosen.That's pretty close! One other factor nobody has mentioned here is SECURITY. For buffer-overflow type security holes, remote and local, almost all of the exploits are written for i386, so non-Intel platforms are inherently less vulnerable. Last week's LWN security section opened with a pieceSecurity through obscurity? Nope, doesn't work. Thanks for playing though.
Did you read the LWN piece? Do you really disagree with: "... a fast worm should in theory be able to spread to all vulnerable networked machines in the world in as little as 15 minutes, which is a whole heck of a lot faster than I apply upgrades, so any time which heterogeneity in OS, server software or CPU arch can buy is really crucial."?
I mean, if a cracker wants to develop shell code for Debian on i386, PPC, Alpha and Arm and unleash them simultaneousy, then my whole network is toast, but until then I'll always have some survivors. (Unless the worm grabs ssh keys, logs itself in everywhere, and uses local exploits or monitors keystrokes until it gets root access... etc. :-)
Then again, the first (disabled) rpc.statd exploit posted was for Debian PPC (this is the exploit used so successfully by Ramen), so "heterogeneity" seems to be the key, rather than everybody standardizing around our glorious platform. Hardware heterogeneity will help somewhat for buffer overflows. The ubiquity of Apache is a bit troubling, and might make alternatives more appealing for small servers (Roxen? Caudium?).
I think the point holds. If you can present a counterargument, I'm all ears...
Zeen, -- -Adam P. GPG fingerprint: D54D 1AEE B11C CE9B A02B C5DD 526F 01E8 564E E4B6Welcome to the best software in the world today cafe! <http://lyre.mit.edu/%7Epowell/The_Best_Stuff_In_The_World_Today_Cafe.ogg>