Steve Clark wrote:
On 07/14/2014 11:26 AM, William Woods wrote:
On Jul 14, 2014, at 10:19 AM, m.roth@5-cent.us wrote:
William Woods wrote:
Please stop top posting.
On Jul 14, 2014, at 9:48 AM, m.roth@5-cent.us wrote:
William Woods wrote:
On Jul 14, 2014, at 7:15 AM, Always Learning centos@u62.u22.net wrote: > On Mon, 2014-07-14 at 06:42 -0400, Steve Clark wrote: > >> Having been working with UNIX like systems since 1985 >> my biggest complaint with systemd is it so intrusive, it wants to >> be everything which makes it vulnerable to bugs and exploits - >> umm.. like Windoze! >> My $.02 > + $ 10.00 :-) Because UNIX has never had a bug or exploit right ?
Well... we know that > 50% of the Web and 'Net runs on Linux and other unices. Compare and contrast the number of Windows Server vulnerabilities that have been exploited to those of *Nix... and, for extra credit, how fast they were admitted, and fixed.....
Like OpenSSL ?
I suggest you google with the following search criteria: "windows server" exploits
Sigh, nothing like a zealot. ALL OS's have vulns and exploits, no matter what you decide to believe.
Sigh, nothing like someone who is in a constant state of deniability.
Replying to this, because I saw a reply from him, but there was no new content, for some reason.
Anyway, he also seems determined to see it all as black and white, rather than looking at the *much* larger set of bugs and vulnerabilities that Windows Server has had than any version of 'Nix. Sure, we have some... but a *lot* fewer, and overwhelmingly far less serious.
mark
On Mon, Jul 14, 2014 at 11:38 AM, m.roth@5-cent.us wrote:
Steve Clark wrote:
On 07/14/2014 11:26 AM, William Woods wrote:
On Jul 14, 2014, at 10:19 AM, m.roth@5-cent.us wrote:
William Woods wrote:
Please stop top posting.
On Jul 14, 2014, at 9:48 AM, m.roth@5-cent.us wrote:
William Woods wrote: > On Jul 14, 2014, at 7:15 AM, Always Learning centos@u62.u22.net > wrote: >> On Mon, 2014-07-14 at 06:42 -0400, Steve Clark wrote: >> >>> Having been working with UNIX like systems since 1985 >>> my biggest complaint with systemd is it so intrusive, it wants to >>> be everything which makes it vulnerable to bugs and exploits - >>> umm.. like Windoze! >>> My $.02 >> + $ 10.00 :-) > Because UNIX has never had a bug or exploit right ? > Well... we know that > 50% of the Web and 'Net runs on Linux and other unices. Compare and contrast the number of Windows Server vulnerabilities that have been exploited to those of *Nix... and, for extra credit, how fast they were admitted, and fixed.....
Like OpenSSL ?
I suggest you google with the following search criteria: "windows server" exploits
Sigh, nothing like a zealot. ALL OS's have vulns and exploits, no matter what you decide to believe.
Sigh, nothing like someone who is in a constant state of deniability.
Replying to this, because I saw a reply from him, but there was no new content, for some reason.
Anyway, he also seems determined to see it all as black and white, rather than looking at the *much* larger set of bugs and vulnerabilities that Windows Server has had than any version of 'Nix. Sure, we have some... but a *lot* fewer, and overwhelmingly far less serious.
mark
Yup, overwhelmingly less serious.
Oh, wait.
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Andrew Wyatt wrote:
On Mon, Jul 14, 2014 at 11:38 AM, m.roth@5-cent.us wrote:
Steve Clark wrote:
On 07/14/2014 11:26 AM, William Woods wrote:
On Jul 14, 2014, at 10:19 AM, m.roth@5-cent.us wrote:
William Woods wrote:
Please stop top posting.
On Jul 14, 2014, at 9:48 AM, m.roth@5-cent.us wrote: > William Woods wrote: >> On Jul 14, 2014, at 7:15 AM, Always Learning centos@u62.u22.net >> wrote: >>> On Mon, 2014-07-14 at 06:42 -0400, Steve Clark wrote: >>> >>>> Having been working with UNIX like systems since 1985 >>>> my biggest complaint with systemd is it so intrusive, it wants
to
>>>> be everything which makes it vulnerable to bugs and exploits - >>>> umm.. like Windoze! >>>> My $.02 >>> + $ 10.00 :-) >> Because UNIX has never had a bug or exploit right ? >> > Well... we know that > 50% of the Web and 'Net runs on Linux and > other unices. Compare and contrast the number of Windows Server > vulnerabilities that have been exploited to those of *Nix... and, > for extra credit, how fast they were admitted, and fixed..... > Like OpenSSL ?
I suggest you google with the following search criteria: "windows server" exploits
Sigh, nothing like a zealot. ALL OS's have vulns and exploits, no
matter
what you decide to believe.
Sigh, nothing like someone who is in a constant state of deniability.
Replying to this, because I saw a reply from him, but there was no new content, for some reason.
Anyway, he also seems determined to see it all as black and white, rather than looking at the *much* larger set of bugs and
vulnerabilities that
Windows Server has had than any version of 'Nix. Sure, we have some... but a *lot* fewer, and overwhelmingly far less serious.
Yup, overwhelmingly less serious.
Oh, wait.
This is *pointless*. Point to something *OTHER* than heartbleed. And as this is the CentOS list, please note that 5.x was *not* affected at all.
Or does your attention span not go back more than a couple of months?
mark, getting annoyed
On Mon, Jul 14, 2014 at 11:52 AM, m.roth@5-cent.us wrote:
Andrew Wyatt wrote:
On Mon, Jul 14, 2014 at 11:38 AM, m.roth@5-cent.us wrote:
Steve Clark wrote:
On 07/14/2014 11:26 AM, William Woods wrote:
On Jul 14, 2014, at 10:19 AM, m.roth@5-cent.us wrote:
William Woods wrote:
Please stop top posting. > On Jul 14, 2014, at 9:48 AM, m.roth@5-cent.us wrote: >> William Woods wrote: >>> On Jul 14, 2014, at 7:15 AM, Always Learning <centos@u62.u22.net
>>> wrote: >>>> On Mon, 2014-07-14 at 06:42 -0400, Steve Clark wrote: >>>> >>>>> Having been working with UNIX like systems since 1985 >>>>> my biggest complaint with systemd is it so intrusive, it wants
to
>>>>> be everything which makes it vulnerable to bugs and exploits - >>>>> umm.. like Windoze! >>>>> My $.02 >>>> + $ 10.00 :-) >>> Because UNIX has never had a bug or exploit right ? >>> >> Well... we know that > 50% of the Web and 'Net runs on Linux and >> other unices. Compare and contrast the number of Windows Server >> vulnerabilities that have been exploited to those of *Nix... and, >> for extra credit, how fast they were admitted, and fixed..... >> > Like OpenSSL ? I suggest you google with the following search criteria: "windows server" exploits
Sigh, nothing like a zealot. ALL OS's have vulns and exploits, no
matter
what you decide to believe.
Sigh, nothing like someone who is in a constant state of deniability.
Replying to this, because I saw a reply from him, but there was no new content, for some reason.
Anyway, he also seems determined to see it all as black and white, rather than looking at the *much* larger set of bugs and
vulnerabilities that
Windows Server has had than any version of 'Nix. Sure, we have some... but a *lot* fewer, and overwhelmingly far less serious.
Yup, overwhelmingly less serious.
Oh, wait.
This is *pointless*. Point to something *OTHER* than heartbleed. And as this is the CentOS list, please note that 5.x was *not* affected at all.
Or does your attention span not go back more than a couple of months?
mark, getting annoyed
Ok, older. I can do that.
https://bugzilla.redhat.com/show_bug.cgi?id=962792
Have another one. Doesn't matter that 5.x wasn't affected at all by Heartbleed, 5.x is ancient and had its own set of flaws over its lifecycle.
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
On Mon, 2014-07-14 at 12:02 -0500, Andrew Wyatt wrote:
.... 5.x is ancient and had its own set of flaws over its lifecycle.
1/3 of my servers use C 5.10, 2/3 use C 6.5. I use C 5.10 as my individual development server and desktop.
C 5 works well for me.
Centos 5 Fan :-)
On Mon, Jul 14, 2014 at 2:02 PM, Always Learning centos@u62.u22.net wrote:
On Mon, 2014-07-14 at 12:02 -0500, Andrew Wyatt wrote:
.... 5.x is ancient and had its own set of flaws over its lifecycle.
1/3 of my servers use C 5.10, 2/3 use C 6.5. I use C 5.10 as my individual development server and desktop.
C 5 works well for me.
Centos 5 Fan :-)
Ancient ≠ bad. :)
-- Regards,
Paul. England, EU.
Centos, Exim, Apache, Libre Office. Linux is the future. Micro$oft is the past.
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
On Jul 14, 2014, at 2:02 PM, Always Learning centos@u62.u22.net wrote:
On Mon, 2014-07-14 at 12:02 -0500, Andrew Wyatt wrote:
.... 5.x is ancient and had its own set of flaws over its lifecycle.
1/3 of my servers use C 5.10, 2/3 use C 6.5. I use C 5.10 as my individual development server and desktop.
C 5 works well for me.
Centos 5 Fan :-)
That is probably the most pointless comment you have made yet. Just because you use something, and you are a fan does not mean anything in the context of the discussion.
-- Regards,
Paul. England, EU.
Centos, Exim, Apache, Libre Office. Linux is the future. Micro$oft is the past.
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
On Mon, Jul 14, 2014 at 2:05 PM, William Woods woods.w@gmail.com wrote:
1/3 of my servers use C 5.10, 2/3 use C 6.5. I use C 5.10 as my individual development server and desktop.
C 5 works well for me.
Centos 5 Fan :-)
That is probably the most pointless comment you have made yet. Just because you use something, and you are a fan does not mean anything in the context of the discussion.
On the contrary - it means his services start just fine without systemd, and the best systemd is going to do is start them the same way - that is, not be an improvement even after someone wastes the time to rewrite the startup code.
On Mon, 2014-07-14 at 14:05 -0500, William Woods wrote:
On Jul 14, 2014, at 2:02 PM, Always Learning centos@u62.u22.net wrote:
C 5 works well for me.
Centos 5 Fan :-)
That is probably the most pointless comment you have made yet. Just because you use something, and you are a fan does not mean anything in the context of the discussion.
On the contrary it means a discerning user like me, never adverse to complaining, is satisfied with the quality product C 5 undoubtedly is. And satisfied sufficiently to use it instead of C6 and C7.
Elsewhere you subsequently mentioned, after your apparently derogatory remark about C5 being "ancient" that ancient does not mean bad. I concur.
Have a nice day.
On 7/14/2014 12:48 PM, Always Learning wrote:
On the contrary it means a discerning user like me, never adverse to complaining, is satisfied with the quality product C 5 undoubtedly is. And satisfied sufficiently to use it instead of C6 and C7.
perhaps you should change your username from Always Learning, as it appears you've decided to stop as of about 5 years ago.
John R Pierce wrote:
On 7/14/2014 12:48 PM, Always Learning wrote:
On the contrary it means a discerning user like me, never adverse to complaining, is satisfied with the quality product C 5 undoubtedly is. And satisfied sufficiently to use it instead of C6 and C7.
perhaps you should change your username from Always Learning, as it appears you've decided to stop as of about 5 years ago.
a) This is rude. b) We have several 5.x servers here. For one, we kept one or two home directory servers at 5.x due to writing to an NFS mounted home directory from a 6.x server could be a literal order of magnitude slower. It took us over a year to find that if we added nobarrier to the filesystems that it was < 10% slower. c) We have some production boxes that are 5.10. *YOU* go and tell managers that we're going to take down their production boxes and upgrade them, or were *you* personally going to assure that their budgets would be upped to provide replacement servers that could be built and tested prior to replacement (and note that the last set just got upgraded just before 6.0 came out in '12?)... and this is part of an agency of the US government, and we are *NOT* DOD. Care to talk to your Congresscritters to assure this, if you're a US resident?
mark, not sure when I'll go to 7 at home, what with systemd....
On 7/14/2014 1:56 PM, m.roth@5-cent.us wrote:
c) We have some production boxes that are 5.10.*YOU* go and tell managers that we're going to take down their production boxes and upgrade them, or were*you* personally going to assure that their budgets would be upped to provide replacement servers that could be built and tested prior to replacement (and note that the last set just got upgraded just before 6.0 came out in '12?)...
do you have plans to replace/upgrade them prior to the end of maintenance updates circa March 2017 ?
btw, 6.0 came out in july 2011
John R Pierce wrote:
On 7/14/2014 1:56 PM, m.roth@5-cent.us wrote:
c) We have some production boxes that are 5.10.*YOU* go and tell managers that we're going to take down their production boxes and upgrade them, or were*you* personally going to assure that their budgets would be upped to provide replacement servers that could be built and tested prior to replacement (and note that the last set just got upgraded just before 6.0 came out in '12?)...
do you have plans to replace/upgrade them prior to the end of maintenance updates circa March 2017 ?
Do I? I'm just a sysadmin. Perhaps you should reread the above... or maybe you're not familiar with working in a organizational environment. <snip>
mark
On 7/14/2014 2:30 PM, m.roth@5-cent.us wrote:
Do I? I'm just a sysadmin. Perhaps you should reread the above... or maybe you're not familiar with working in a organizational environment.
I work in a corporation, supporting software development for manufacturing. unsupported hardware/software is retired per corporate policy. I actually get a fair amount of grief from using Centos in my development environment, production uses RHEL under contract (or AIX or Solaris or...)
On 07/14/2014 02:03 PM, John R Pierce wrote:
On 7/14/2014 1:56 PM, m.roth@5-cent.us wrote:
c) We have some production boxes that are 5.10.*YOU* go and tell managers that we're going to take down their production boxes and upgrade them, or were*you* personally going to assure that their budgets would be upped to provide replacement servers that could be built and tested prior to replacement (and note that the last set just got upgraded just before 6.0 came out in '12?)...
do you have plans to replace/upgrade them prior to the end of maintenance updates circa March 2017 ?
btw, 6.0 came out in july 2011
This is the US gov he is dealing with. He will end up having to do what congress agrees he can do. When you get laws put forth (fortunately shouted down) that want to repeal Pi because it is irrational?
Look at Detroit for how governments like to kick problems down the road until the mudball is too big to kick anymore.
Look for an emergency funding request in Feb 2017...
On Mon, 2014-07-14 at 12:59 -0700, John R Pierce wrote:
On 7/14/2014 12:48 PM, Always Learning wrote:
On the contrary it means a discerning user like me, never adverse to complaining, is satisfied with the quality product C 5 undoubtedly is. And satisfied sufficiently to use it instead of C6 and C7.
perhaps you should change your username from Always Learning, as it appears you've decided to stop as of about 5 years ago.
Optimistically I will continue learning about a wide range of differing subjects until I die, probably in about 10 years or so.
I continue to learn new things about C5, and the programmes than run on it, the BSDs, Linux kernel, minor CSS syntaxes. It is fascinating.
Next month I hope to enrol in German and Polish evening classes. I would have preferred Norwegian (Bokmal) and Dutch (Nederlands) but the local college don't have them. In November I would like to start a law degree :-)
I am never complacent and tomorrow I do the first of the compulsory 3 tests for my motorbike licence (theory and hazard perception, despite riding my bike for the last year as a Learner) - I'm definitely Always Learning and not ashamed to admit it.
Centos is clearly a refreshing and invigorating breeze compared to Windoze. Having about 47 years years experience as a computer programmer, I am naturally reticent about systemd - but then every clever and thinking person would be too. I've experienced too many computer problems to trust everything to script kiddies or their grown-up enthusiastic cousins.
Have a nice evening.
On Mon, Jul 14, 2014 at 2:48 PM, Always Learning centos@u62.u22.net wrote:
On Mon, 2014-07-14 at 14:05 -0500, William Woods wrote:
On Jul 14, 2014, at 2:02 PM, Always Learning centos@u62.u22.net wrote:
C 5 works well for me.
Centos 5 Fan :-)
That is probably the most pointless comment you have made yet. Just
because
you use something, and you are a fan does not mean anything in the
context
of the discussion.
On the contrary it means a discerning user like me, never adverse to complaining, is satisfied with the quality product C 5 undoubtedly is. And satisfied sufficiently to use it instead of C6 and C7.
Elsewhere you subsequently mentioned, after your apparently derogatory remark about C5 being "ancient" that ancient does not mean bad. I concur.
Have a nice day.
William didn't say that it was ancient, I did. If you think that "5.x is ancient and had its own set of flaws over its lifecycle" is "derogatory", it should come as no surprise to us that you've mixed up who you were talking too.
-- Regards,
Paul. England, EU.
Centos, Exim, Apache, Libre Office. Linux is the future. Micro$oft is the past.
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
On Mon, 2014-07-14 at 15:10 -0500, Andrew Wyatt wrote:
William didn't say that it was ancient, I did. If you think that "5.x is ancient and had its own set of flaws over its lifecycle" is "derogatory", it should come as no surprise to us that you've mixed up who you were talking too.
I was preoccupied studying for my exam tomorrow. No harm done and my points are valid.
On Mon, Jul 14, 2014 at 11:47 AM, Andrew Wyatt andrew@fuduntu.org wrote:
Anyway, he also seems determined to see it all as black and white, rather than looking at the *much* larger set of bugs and vulnerabilities that Windows Server has had than any version of 'Nix. Sure, we have some... but a *lot* fewer, and overwhelmingly far less serious.
markYup, overwhelmingly less serious.
Oh, wait.
Openssl doesn't have much to do with Unix/linux. It is just one of a bazillion application level programs that you might run. Are you going to include all bugs in all possible windows apps in your security comparison?
But init/upstart/systemd are very special things in the unix/linux ecosystem. They become the parent process of everything else. For everything else, the only way to create a process is fork(), with it's forced inheritance of environment and security contexts.
In any case, giant monolithic programs that try to do everything sometimes become become better than a toolbox, but it tends to be rare. First, it takes years to fix the worst of the bugs - but maybe that has already happened in fedora... And after that it is an improvement only if the designers really did anticipate every possible need. Otherwise the old unix philosophy that processes are cheap - if you need another one to do something, use it - is still in play. If you need something to track how many times something has been respawned or to check/clean related things at startup/restart you'll probably still need a shell there anyway.
On Mon, Jul 14, 2014 at 12:10 PM, Les Mikesell lesmikesell@gmail.com wrote:
On Mon, Jul 14, 2014 at 11:47 AM, Andrew Wyatt andrew@fuduntu.org wrote:
Anyway, he also seems determined to see it all as black and white,
rather
than looking at the *much* larger set of bugs and vulnerabilities that Windows Server has had than any version of 'Nix. Sure, we have some...
but
a *lot* fewer, and overwhelmingly far less serious.
markYup, overwhelmingly less serious.
Oh, wait.
Openssl doesn't have much to do with Unix/linux. It is just one of a bazillion application level programs that you might run. Are you going to include all bugs in all possible windows apps in your security comparison?
OpenSSL is a library, not an application, but I understand where you're going with this. No you wouldn't include all Windows apps, but you would include anything that's immediately available to Windows. Same principle here. We wouldn't measure Oracle, like we wouldn't SQL server but we would OpenSSL because it's available in the repo and not third party.
But init/upstart/systemd are very special things in the unix/linux ecosystem. They become the parent process of everything else. For everything else, the only way to create a process is fork(), with it's forced inheritance of environment and security contexts.
Yes, they sure are, you're right about that. Without an init (of any kind), you only have a kernel. You don't have mounted filesystems, or anything else.
In any case, giant monolithic programs that try to do everything sometimes become become better than a toolbox, but it tends to be rare. First, it takes years to fix the worst of the bugs - but maybe that has already happened in fedora... And after that it is an improvement only if the designers really did anticipate every possible need. Otherwise the old unix philosophy that processes are cheap - if you need another one to do something, use it - is still in play. If you need something to track how many times something has been respawned or to check/clean related things at startup/restart you'll probably still need a shell there anyway.
It's very rare. I wasn't speaking to this though in this instance, I was only speaking to Windows security not being any better or worse than anything else. Security is only as good as your admins and your implementation. It's also an on-going process on any platform. I was just pointing out that it's beyond silly to "because windows is less secure!".
-- Les Mikesell lesmikesell@gmail.com _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
On Mon, Jul 14, 2014 at 12:20 PM, Andrew Wyatt andrew@fuduntu.org wrote:
Oh, wait.
Openssl doesn't have much to do with Unix/linux. It is just one of a bazillion application level programs that you might run. Are you going to include all bugs in all possible windows apps in your security comparison?
OpenSSL is a library, not an application,
And not used unless an application uses it.
But init/upstart/systemd are very special things in the unix/linux ecosystem. They become the parent process of everything else. For everything else, the only way to create a process is fork(), with it's forced inheritance of environment and security contexts.
Yes, they sure are, you're right about that. Without an init (of any kind), you only have a kernel. You don't have mounted filesystems, or anything else.
And no other processes....
In any case, giant monolithic programs that try to do everything sometimes become become better than a toolbox, but it tends to be rare. First, it takes years to fix the worst of the bugs - but maybe that has already happened in fedora... And after that it is an improvement only if the designers really did anticipate every possible need. Otherwise the old unix philosophy that processes are cheap - if you need another one to do something, use it - is still in play. If you need something to track how many times something has been respawned or to check/clean related things at startup/restart you'll probably still need a shell there anyway.
It's very rare. I wasn't speaking to this though in this instance, I was only speaking to Windows security not being any better or worse than anything else.
Yes, using window vs. unix/linux is an overreach as an analoy here - and unnecessary. It's just a matter of 'big, new, monolithic' code bases vs. a small set of well-tested reusable tools. We could just run everything under java if we wanted. But. how many years old is java and how often are there still mandatory updates of the whole thing because of some recently noticed security bug in some part of it?
-
Always Learning -
Andrew Wyatt -
John R Pierce -
Les Mikesell -
m.roth@5-cent.us -
Robert Moskowitz -
William Woods