Then we are pretty much in agreement here, regarding the claims made by the other member of the list, I do think if you are going to make a claim and state it as if it is fact, you should back it up > On Oct 10, 2014, at 1:23 PM, Valeri Galtsev <galtsev at kicp.uchicago.edu> wrote: > > >> On Fri, October 10, 2014 1:07 pm, William Woods wrote: >> Not at all, and please don’t tell me what I prefer, All I prefer is that >> people try to be homiest, you are right all software has bugs, but to >> imply in any way that >> open source is better is a misnomer. >> >> I use open source, closed source, whatever tool fits the job, I don’t >> belong >> to any specific church re: software, nor am I a closed/open source zealot. >> >> I know its kinda hard for people to accept someone on a centos mailing >> list would >> use closed source, I am sorry some of you purists are offended. > > No, I'm happy and not offended at all. And it turns out we do pretty much > the same thing. I do use closed source wherever it does the job, and for > tasks that are not cover by open source. Some closed source software is > great. But wherever I do want to save brain figuring out what to use for > the task that has highest demands in security... you already know my > answer. > > Valeri > >> >> On Oct 10, 2014, at 1:01 PM, Valeri Galtsev <galtsev at kicp.uchicago.edu> >> wrote: >> >>> >>>> On Fri, October 10, 2014 12:33 pm, William Woods wrote: >>>> So claim made, nothing to back it up. Got it. >>>> >>>> all I need to say is…BASH , OpenSSL….. >>> >>> Nice examples. One-sided though. All software has bugs. You prefer >>> security through obscurity (closed source, and you have to _trust_ the >>> vendor of it). But there are numerous security issues with closed source >>> M$ Windows system. Of course, you would prefer closed source example >>> UNIX. >>> Here it goes: SSH (as opposed to openSSH we all have thanks to OpenBSD >>> project). There was an awful security hole in it about 13 years ago and >>> as >>> sshd daemon runs by user root, we were just waiting if stray root just >>> will walk into our Solaris boxes. Waiting for parch from system vendor >>> and >>> simultaneously compiling openssh as a replacement. Those of us who had >>> majority of boxes under Linux (hence with openssh that wasn't >>> vulnerable) >>> had less trouble... >>> >>> I guess, you go you to your church, and I will go to mine. I do not >>> consider "security through obscurity" a security. I prefer not to wreck >>> my >>> brain thinking "to what extent can I trust this corporate vendor". I >>> prefer the code put out into open so everybody can review it. I doesn't >>> mean that open source code will be audited diligently. But the fact that >>> it can be gives the best reassurance for me. I do join that clever >>> person >>> who said "security only can be in open source". >>> >>> Valeri >>> >>>> I am sure there are more. >>>> >>>> But really, if you are going to claim something, at least be willing to >>>> back up what you claim is that asking to much ? >>>> >>>> On Oct 10, 2014, at 12:21 PM, Valeri Galtsev >>>> <galtsev at kicp.uchicago.edu> >>>> wrote: >>>> >>>>> >>>>>> On Fri, October 10, 2014 12:01 pm, William Woods wrote: >>>>>> Really, you have some URL’s to back up the paranoia ? >>>>> >>>>> Well, that's the problem with closed source systems (Which MS Windows >>>>> is >>>>> and commercial antiviruses for it are). One can claim something and >>>>> there >>>>> is no way to prove it is right or it is wrong (or left? ;-) >>>>> >>>>> I remember some clever person said: "security can only be in open >>>>> source". >>>>> There are systems that are not [quite] open source, even though they >>>>> are >>>>> based on open source. I may be out of date but some time ago (last >>>>> time >>>>> I >>>>> cared to check) Android was not (even though it is based on Linux >>>>> kernel, >>>>> there is fair chunk of closed code in its kernel). Everybody is free >>>>> to >>>>> imagine me with tin foil hat on, or with pointy hat on... >>>>> >>>>> Valeri >>>>> >>>>>> >>>>>> On Oct 10, 2014, at 12:00 PM, Always Learning <centos at u62.u22.net> >>>>>> wrote: >>>>>> >>>>>>> >>>>>>>> On Fri, 2014-10-10 at 12:19 -0400, James B. Byrne wrote: >>>>>>>> >>>>>>>>> On Thu, October 9, 2014 21:11, John R Pierce wrote: >>>>>>>>>> On 10/9/2014 6:07 PM, Valeri Galtsev wrote: >>>>>>>>>> BTW, the whole idea of "antivirus" is flawed. It is based on >>>>>>>>>> "enumerate >>>>>>>>>> bad". You can't, as one never knows what will be invented in a >>>>>>>>>> future. >>>>>>>>> >>>>>>>>> I agree, but I don't know what else you can put in the hands of >>>>>>>>> the >>>>>>>>> novice, unless its the iPhone world of corporate approved apps >>>>>>>>> only >>>>>>>>> purchased through a monopoly 'app store'. >>>>>>>> >>>>>>>> Which simply means: Only 'Government Approved' viruses allowed. >>>>>>> >>>>>>> Excellent point. Windows 95 was designed to be accessible by the USA >>>>>>> authorities. USA anti-virus software "allows" access from the USA >>>>>>> authorities. >>>>> >>>>> >>>>> ++++++++++++++++++++++++++++++++++++++++ >>>>> Valeri Galtsev >>>>> Sr System Administrator >>>>> Department of Astronomy and Astrophysics >>>>> Kavli Institute for Cosmological Physics >>>>> University of Chicago >>>>> Phone: 773-702-4247 >>>>> ++++++++++++++++++++++++++++++++++++++++ >>>>> _______________________________________________ >>>>> CentOS mailing list >>>>> CentOS at centos.org >>>>> http://lists.centos.org/mailman/listinfo/centos >>>> >>>> _______________________________________________ >>>> CentOS mailing list >>>> CentOS at centos.org >>>> http://lists.centos.org/mailman/listinfo/centos >>> >>> >>> ++++++++++++++++++++++++++++++++++++++++ >>> Valeri Galtsev >>> Sr System Administrator >>> Department of Astronomy and Astrophysics >>> Kavli Institute for Cosmological Physics >>> University of Chicago >>> Phone: 773-702-4247 >>> ++++++++++++++++++++++++++++++++++++++++ >>> _______________________________________________ >>> CentOS mailing list >>> CentOS at centos.org >>> http://lists.centos.org/mailman/listinfo/centos >> >> _______________________________________________ >> CentOS mailing list >> CentOS at centos.org >> http://lists.centos.org/mailman/listinfo/centos > > > ++++++++++++++++++++++++++++++++++++++++ > Valeri Galtsev > Sr System Administrator > Department of Astronomy and Astrophysics > Kavli Institute for Cosmological Physics > University of Chicago > Phone: 773-702-4247 > ++++++++++++++++++++++++++++++++++++++++ > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos