Re: red worm amusement

[CaT <cat@zip.com.au>]

On Sat, Jul 21, 2001 at 08:51:23PM -0700, Jacob Meuser wrote:
> On Sun, Jul 22, 2001 at 12:54:49PM +1000, CaT wrote:
> > 
> > You know. You're right. We should make it as difficult as possible
> > to install software. Right down to removing makefiles from source
> > repositories and rot13ing the source code because the harder it is
> > to install a piece of software, the more secure a box is.
> 
> No, I'm simply saying not to start services immediately.  I mean really,

That wasn't what you were saying before. You were saying that the
ease of install you get with apt-get is bad. This is a rather different
issue.

> who in their right mind starts a service without looking at the config
> files?  How hard is it to add the links from /etc/rc?.d to /etc/init.d
> (isn't there script to do this anyway)?

Some packages already practice safety-first. You need to remove an
echo and an exit from the init.d once you're good and ready. This
just has to become more widespread.

Then again, most of the time I install a service (>90%) I want it
to start running immediately. apache, ftp etc I compile by hand.

> > And then the computer you just spent a few grand on will be about
> > as useful as a toaster without heating elements.
> 
> That's better than them getting sued for a hell of a lot more than they
> paid for their machine because someone launched an attack from their
> machine, and they can't prove they didn't to it.

No machine is 100% secure, except those machines that do not exist.
Anyone who thinks their box is 100% secure has rocks in their heads,
regardless what OS they are running.

-- 
CaT (cat@zip.com.au)		*** Jenna has joined the channel.
				<cat> speaking of mental giants..
				<Jenna> me, a giant, bullshit
				<Jenna> And i'm not mental
					- An IRC session, 20/12/2000