This is a discussion on Re: PING: Igor S. , regarding Kerberos v4. - BSD ; "George Orwell" wrote in message news:email@example.com ... > Some other , far more important flaws exist and should be corrected by > some clever means , but have not been , and clear and unequivocal > statements have been made ...
wrote in message
> Some other , far more important flaws exist and should be corrected by
> some clever means , but have not been , and clear and unequivocal
> statements have been made that they will NEVER be fixed. Rather than
> mention the matter just here , I will start another thread. I've been
> EXTREMELY peeved since I first became aware of the situation , not because
> flaws had been found , but that high-level decisions had been summarily
> to never fix the flaws. To never fix the flaws or even jettison the
> core functionality being provided rather than actually fix , rewrite , or
> re-design the code.
Steve at fivetrees wrote:
>Rightly or wrongly, I have more faith in the directors of the OpenBSD
>project than you clearly have. Time and time again, they've been proved
>right. I'd be very surprised if they didn't thoroughly understand the
>issues - rather better than either you or me.
>Just a thought.
Directors? It's not Microsoft you know.
If I didn't have faith in those responsible for OpenBSD , I
wouldn't be using it. I however place "blind faith" in
Talented experts frequently become complacent , I have no
doubts that these people can run circles around me in many ways.
But , my machine may end up being more secure than one of theirs
because I may choose NOT to install , enable , or use something ,
perhaps something that is more complex ; that they feel confident
(complacently) that such a thing could never pose a threat to them.
People die of the daftest things these days , if you are at home and
in your garden and you become complacent about your rake , it may end
up killing you. The Darwin Awards are prime examples of complacency
(and quite a bit of the less intelligent variety as well!).
I'm not saying that anyone in the project is being complacent , only that
they are subject to being so , and their expertise offers no protection
Some degrees of obsessiveness and paranoia can have advantages.
Should someone ever crack into one of my systems , someday , I won't be
telephoning Theo to ask him to hold my hand. If , in the final analysis
my system ever is compromised , I am the only person truly responsible and
I take that responsibility seriously. Of course , it would also be embarassing
to have this happen.
Should you wish to test your faith , take a look at the "securelevel" and "chflags"
man pages. These man pages have not been updated. There is no mention of known
exploits that Theo does not want to fix. I see no mention anywhere that securelevels
are "useless" , one would assume that this "fact" would be highlighted somewhere.
At the least users should be warned of the known limitations that OpenBSD securelevels have.
IMO , OpenBSD man pages should be kept accurate and should not mislead users who read them.
These issues seem to be of the "hush-hush" variety , do not try to fix , take no action.
In addition to having a healthy level of faith in some things , I also believe what I
can see and test. Empiricism.
I have great respect for what Theo and the others do , I just don't necessarily always
agree with them. I don't necessarily always agree with anyone. If I see anomalies or
things I don't understand I like to learn why things exist as they do. My only goals are
to make my computer as secure and stable as I can and to have the most secure
and stable OS available to me. If I notice aspects in OpenBSD that seem odd to me I will let
people know , I prefer not to experience unexplained anomalies or to do so over long periods
Regards , An Odd User.