on Fri, Nov 23, 2001 at 04:59:12PM -0800, Petro (petro@auctionwatch.com) wrote: > On Thu, Nov 22, 2001 at 09:40:37PM -0800, Karsten M. Self wrote: > > on Thu, Nov 22, 2001 at 02:12:17AM -0800, Petro (petro@auctionwatch.com) > > wrote: > > > On Wed, Nov 21, 2001 at 11:04:32PM -0800, Karsten M. Self wrote: <...> > > > Oh, and walking through that flicker? That was your power supply, > > > > Actually, I checked -- it's a power strip, not a surge protector. I > > think it's the heavy electrons, they take longer to slow down ;-) > > No, not the strip, THE SUPPLY, you know that little tin box in the > back of your machine that the long black cable sticks into? The one > that leads from the powerstrip to the the machine? Most modern > powersupplies can handle flickers fairly well. > > (and yes, that was a little more smartass than needed. I know from > another list that Karsten isn't an idiot). Heh. I'm a smartass though, when I can get away with it. I'd meant to clarify that the box wasn't on a surge protector. And I'm a bit surprised at the ability to handle current flux. <...> > > > > Bruce Schneier identifies four periods of concern for security > > > > issues: > > > > 1. Introduction of vulnerability. It exists, but is unknown. > > > > 2. Awareness. It is known, but not necessarially patched. > > > > 3. Introduction of fix. A software patch is available. > > > > 4. Application of fix. Software patch is widely applied. > > > > > > Number 4 is wishful thinking. > > > > It's a numbers game. Debian makes accomplishing # 4 far easier than any > > other system I'm familiar with. > > The problem is the space between 3 and 4. Mr. Schneier left out a > step: > 3.5 Broadcasting of fix availablility. Which again Debian speaks to with the apt process. *If* you're updating your systems regularly, you're being informed of the updates (or your system is), and they're being updated. <...> > > OpenBSD's audit focusses very heavily on eliminating buffer > > overflows and looking at use of UID 0. Between the two of these, > > you're attacking the foundations of a large number of possible > > exploits. The other attack angle is sane configuration defaults. > > Since the majority of users never touch the defaults, and a large > > number of exploits are based on buffer attacks, this actually cuts > > the vulnerability profile significantly. Debian could learn from > > this, and is, with the various hardened packages / tasks which can > > be applied. > > I hope I wasn't taken to be attacking either Debian/Linux or oBSD. > > Both are good systems and both have their place. Agreed, and no, it's not taken as an attack. I use oBSD. I somewhat like it. I'm not besotted by it. <...> > > > The web-based scheduling/calendaring pretty much sucks unless > > > you're willing to spend money on it. But this is going to be > > > true for any platform. > > > > Yeah, I guess the word with calendaring that it all sucks, and mostly > > doesn't exist. <...> > > OpenMail's one of HP's worse failings. The company really ought to > > pick up the product and run with it, free software if at all possible, > > and put the squeeze on MSFT. > > The current best bet is the OpenOffice team. They seem to be working > with the PHPGroupware guys, which is a decent enough project that > just isn't good enough yet, and with the 90/10 rule, I don't know if > it will be. I've sort of tracked this stuff, but not closely. Evolution's doing some interesting things, and I'd prefer a modularized, single-app approach to the monolithic design of OpenOffice. There's also a largely moribund OpenFlock project which is aimed at implementing the IETF calendaring standards. Peace. -- Karsten M. Self <kmself@ix.netcom.com> http://kmself.home.netcom.com/ What part of "Gestalt" don't you understand? Home of the brave http://gestalt-system.sourceforge.net/ Land of the free Free Dmitry! Boycott Adobe! Repeal the DMCA! http://www.freesklyarov.org Geek for Hire http://kmself.home.netcom.com/resume.html
Attachment:
pgp6RsTVj_hOa.pgp
Description: PGP signature