Date: Tue, 23 Apr 2002 11:28:44 -0700 From: Terry Lambert <tlambert2@mindspring.com> To: Jochem Kossen <j.kossen@home.nl> Cc: frank@exit.com, Greg 'groggy' Lehey <grog@FreeBSD.ORG>, hackers@FreeBSD.ORG Subject: Re: Security through obscurity? (and /etc/defaults/rc.conf changes) Message-ID: <3CC5A7DC.FD06DC11@mindspring.com> References: <200204231454.g3NEsxFR019646@realtime.exit.com> <200204231839.44923.j.kossen@home.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
Jochem Kossen wrote:
> On Tuesday 23 April 2002 16:54, Frank Mayhar wrote:
> > Jochem Kossen wrote:
> > > Because things evolve? :)
> >
> > You say "evolve." I say "get broken."
>
> Don't tell me that in 11 years, defaults never change
When the routing code was changed, back in the mid 1990's, X.25
and ISODE were both broken, for lack of maintenance: the changes
were not made globally.
X.25 and ISODE were then removed "due to bit rot".
The entire idea of "bit rot" is really "the code did not keep
``up to date'' with my changes, which broke the code", which
is really a ridiculous position.
It really pissed me off when the AHA-1742 support dropped out
when CAM came in, but that, at least, was understandable, since
it was a trade: something deisrable for something less desirable
to the majority of users.
You really *can not* blame breaking "something that used to work
but which no longer works" on "evolution".
> > It's not obvious when one has been starting X with the same command
> > for years and it has never before changed. Gee, seems to seriously
> > violate POLA, eh?
>
> I agree, but i still wonder why people didn't come up with it sooner
Mostly, because most people don't run -current, and because the
X11 distribution is not nearly as modular as it should be, if
this type of change is to be generally permitted.
> > Just don't do it in the first place. If you must have this, make a
> > _new_ command ("secure-startx," perhaps) and point to it in the
> > release notes.
>
> This is a very good idea IMHO, although without the patch 'startx
> -nolisten_tcp' works too...Then i'd say rip the patch out completely
That handles this particular case, but dodges the general policy
issue ...which I guess is the point: "Never put off until tomorrow
what you can put off indefinitely" ;^).
> It is useless to _me_ because i don't use it. Like i said in a previous
> mail, I didn't like the default, so I sent in the patch as a proposal
> to the ports@ mailinglist, and they all seemed to like it too. Nobody
> complained, thus the patch was integrated. Simple.
Not the most likely place for X11 people to see the issue and
become involved in a discussion: X11 is unfortunately not a proper
port in the common case, but is rather a set of distfiles: a tar
archive split into chunks, and managed by "sysinstall".
-- Terry
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3CC5A7DC.FD06DC11>