Then we are pretty much in agreement here, regarding the claims made by the other member of the list, I do think if you are going to make a claim and state it as if it is fact, you should back it up
On Oct 10, 2014, at 1:23 PM, Valeri Galtsev galtsev@kicp.uchicago.edu wrote:
On Fri, October 10, 2014 1:07 pm, William Woods wrote: Not at all, and please don’t tell me what I prefer, All I prefer is that people try to be homiest, you are right all software has bugs, but to imply in any way that open source is better is a misnomer.
I use open source, closed source, whatever tool fits the job, I don’t belong to any specific church re: software, nor am I a closed/open source zealot.
I know its kinda hard for people to accept someone on a centos mailing list would use closed source, I am sorry some of you purists are offended.
No, I'm happy and not offended at all. And it turns out we do pretty much the same thing. I do use closed source wherever it does the job, and for tasks that are not cover by open source. Some closed source software is great. But wherever I do want to save brain figuring out what to use for the task that has highest demands in security... you already know my answer.
Valeri
On Oct 10, 2014, at 1:01 PM, Valeri Galtsev galtsev@kicp.uchicago.edu wrote:
On Fri, October 10, 2014 12:33 pm, William Woods wrote: So claim made, nothing to back it up. Got it.
all I need to say is…BASH , OpenSSL…..
Nice examples. One-sided though. All software has bugs. You prefer security through obscurity (closed source, and you have to _trust_ the vendor of it). But there are numerous security issues with closed source M$ Windows system. Of course, you would prefer closed source example UNIX. Here it goes: SSH (as opposed to openSSH we all have thanks to OpenBSD project). There was an awful security hole in it about 13 years ago and as sshd daemon runs by user root, we were just waiting if stray root just will walk into our Solaris boxes. Waiting for parch from system vendor and simultaneously compiling openssh as a replacement. Those of us who had majority of boxes under Linux (hence with openssh that wasn't vulnerable) had less trouble...
I guess, you go you to your church, and I will go to mine. I do not consider "security through obscurity" a security. I prefer not to wreck my brain thinking "to what extent can I trust this corporate vendor". I prefer the code put out into open so everybody can review it. I doesn't mean that open source code will be audited diligently. But the fact that it can be gives the best reassurance for me. I do join that clever person who said "security only can be in open source".
Valeri
I am sure there are more.
But really, if you are going to claim something, at least be willing to back up what you claim is that asking to much ?
On Oct 10, 2014, at 12:21 PM, Valeri Galtsev galtsev@kicp.uchicago.edu wrote:
On Fri, October 10, 2014 12:01 pm, William Woods wrote: Really, you have some URL’s to back up the paranoia ?
Well, that's the problem with closed source systems (Which MS Windows is and commercial antiviruses for it are). One can claim something and there is no way to prove it is right or it is wrong (or left? ;-)
I remember some clever person said: "security can only be in open source". There are systems that are not [quite] open source, even though they are based on open source. I may be out of date but some time ago (last time I cared to check) Android was not (even though it is based on Linux kernel, there is fair chunk of closed code in its kernel). Everybody is free to imagine me with tin foil hat on, or with pointy hat on...
Valeri
On Oct 10, 2014, at 12:00 PM, Always Learning centos@u62.u22.net wrote:
> >> On Fri, 2014-10-10 at 12:19 -0400, James B. Byrne wrote: >> >>> On Thu, October 9, 2014 21:11, John R Pierce wrote: >>>> On 10/9/2014 6:07 PM, Valeri Galtsev wrote: >>>> BTW, the whole idea of "antivirus" is flawed. It is based on >>>> "enumerate >>>> bad". You can't, as one never knows what will be invented in a >>>> future. >>> >>> I agree, but I don't know what else you can put in the hands of >>> the >>> novice, unless its the iPhone world of corporate approved apps >>> only >>> purchased through a monopoly 'app store'. >> >> Which simply means: Only 'Government Approved' viruses allowed. > > Excellent point. Windows 95 was designed to be accessible by the USA > authorities. USA anti-virus software "allows" access from the USA > authorities.
++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++ _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++ _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++ _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos