[NBLUG] Article "Why BSD will never be as secure as Linux"

ME dugan at passwall.com
Mon May 14 09:12:50 PDT 2001 

On Mon, 14 May 2001, Rick Moen wrote:
> Additions that Kurt, characteristically, speaks of in a generally
> laudatory fashion without a great deal of apparent understanding of
> their merits.  He's an avid collector of security trinkets.  For
> meaningful security information, look elsewhere.

Background information on the author is helpful for this.

> No, it is a very bad place for a beginner to start.  A _useful_ place to
> start would be one or two of the good Unix security books, such as
> Chapman's.  And there are much, much more generally useful sites than 
> Kurts, and less treacherous guides to the topic than his articles.

I think at this point we just have differing opinions. I can see the value
in your side of the arguement, but it does not change my opinion. It is
the old "commercial" to advertise about new stuff, but require the patron
to do their own research vs. having the beginner start learning how to
secure a system in a systematic fashion while their system remains open to
certain attacks. I will agree that for the long term, knowing system
security from the grouond up is the best destination. This is the route I
have chosen and I started with the physical security side. I feel that
having a beginner at least have some security in place while they spend
the time to bring themselves to the position of enlightenment can be a
good thing - after all it may take years to become well versed in
system security and it is nice to have some security in place while they
learn.

His article points to a few additions (like openwall and Solar Designed
NonExecutable Stack patch for Linux kernels plus other options) and can
allow a user to see a few of the things that are "out there" for improving
their system.

> It's late, I'm tired, and I don't have the time to hold forth on this 
> subject further.

OK, but back to the other question:

Do you recall any good security presenters from your LUG that might be
willing to come up to NBLUG to offer a security presentation?

More information about the talk mailing list