From owner-freebsd-advocacy@FreeBSD.ORG Thu Aug 14 14:03:50 2003 Return-Path: Delivered-To: freebsd-advocacy@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 77CF537B401; Thu, 14 Aug 2003 14:03:50 -0700 (PDT) Received: from fubar.adept.org (fubar.adept.org [63.147.172.249]) by mx1.FreeBSD.org (Postfix) with ESMTP id C0FC943FBD; Thu, 14 Aug 2003 14:03:49 -0700 (PDT) (envelope-from mike@adept.org) Received: by fubar.adept.org (Postfix, from userid 1001) id 56E0915256; Thu, 14 Aug 2003 14:03:49 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by fubar.adept.org (Postfix) with ESMTP id 55D341524D; Thu, 14 Aug 2003 14:03:49 -0700 (PDT) Date: Thu, 14 Aug 2003 14:03:49 -0700 (PDT) From: Mike Hoskins To: twig les In-Reply-To: <20030814191319.27694.qmail@web10101.mail.yahoo.com> Message-ID: <20030814135153.I19401@fubar.adept.org> References: <20030814191319.27694.qmail@web10101.mail.yahoo.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-advocacy@freebsd.org cc: Robert Watson Subject: Re: Certification (was RE: realpath(3) et al) - jumping to -advocacy X-BeenThere: freebsd-advocacy@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: FreeBSD Evangelism List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Aug 2003 21:03:50 -0000 -security CC removed... retaining the others in case you're not on advocacy. On Thu, 14 Aug 2003, twig les wrote: > I have the distinct pleasure of working at a huge telco so I > have a pretty good sense of what big business wants in > computing, which is: big-name company, commercial, supported, > reliable software/hardware with "canned" interoperability with > other like hardware/software. how about stability, performance/robustness, ease of upgradability/maintainability... i agree with what you say, but we should remember our current strengths as well when making the corporate case. i don't believe we're bad for the corporate world now, just that we could be better. > RSA Ace server natively, which I believe the library exists, it > just costs $2000 or so, so this one might be BS. how feasible is this? i can't really comment. > A large company that has a roll-out hardware/software package. > This includes support. I *know* that it is easy to patch/make > world, but the number of "computer engineers" that have never > heard of SSH is astounding. Management needs a 3rd-party to > bitch about and know will still be around in 5 years. support's one thing -- just don't turn the project into RH. no offense to the RH fans, but i don't personally like the way they've went. computer engineers that haven't heard of SSH is... more of a training issue, right? i'm not saying it wouldn't behoove us to help those people along, but it is a slightly different topic perhaps. along those lines, i'm trying to workup a script that uses the various FreeBSD security checklists to 'secure' a base system. something like bastille, for BSD. (and probably only CLI-based, for now.) others have had that idea as well, and i've sort of been waiting to see if it materializes. > A console port on the hardware platform. Have you ever tried > sending management to the pcweasel web site? that depends on the hardware, yes? i just got a handfull of new dell 1650s that have serial port/console redirection built into the BIOS. i'm going to play with getting that working on 4.8-s later today... i'm hoping it's cake, so don't expect a need for any sort of writeup. if that's not the case, i'll write a little howto and link it into the codereview.org site. > As silly as it sounds (and I understand how silly it sounds), a > certification like the Red Hack one would help. I apologize > profusely for saying that. this is just like my request for 3rd-party security certification... getting the cert doesn't (necessarily) say anything about your product, it's more of a PR/press issue. i think it has value, just like 3rd-party security certs, in that it encourages acceptance amongst certain types of people who may otherwise never consider our product. that said... how would we make it a reality? > I'm sure I'm missing a lot but if we want a corporate sponsor > like my massive mother company (which rhymes with AT&C) then it > seems like we need different medium companies pushing FreeBSD > instead of redhat as a packaged solution. i fight the war every day to replace RH with FreeBSD. in the places i've been (admittedly, only a few), that wasn't too hard (if you're willing to do the work yourself). the only time it's been hard, to date, has been places (including now) where a lot of RH boxes are being used to run backend Java apps. Java's came a long way, and i thank all the folks that've made the patchsets happen... but it's hard to justify that switch in production environments right now. i've found it easier to switch to more-manageable Linux environments in those cases, like Gentoo. still, since IBM (the JDK we currently use) develops specifically on RH... the guys with the money like to see RH on the backend. (for now.) -mrh -- From: "Spam Catcher" To: spam-catcher@adept.org Do NOT send email to the address listed above or you will be added to a blacklist!