Lists Home |
Date Index |
Tim Bray wrote:
> Dare Obasanjo wrote:
> >>>Can we 'do the simplest thing that will possibly work'
> >>>and still produce a secure system.
> >>Sure; viz Unix.
> > This is probably the funniest thing I've ever read on XML-DEV.
> Really? Which part? The assertion that Unix is basically simpler than
> the alternatives, or the assertion that it achieves a good level of
> security? I happen to think that both are true.
I thought the proposition that Unix is "the simplest thing
that will possibly work" was the funny part. Let's face it,
any OS that ships with sendmail(8) as the default MTA cannot
by any stretch of the imagination be considered the "simplest
thing possible". Or a "secure system", for that matter.
True, Unix has had a fairly good track record of security --
there have only been a handful of Code Red/NIMDA/Blaster/Sobig/SWEN/
etc., etc., etc., bring-down-the-entire-internet scale security
breaches that I can think of -- the Morris Worm in 1988, that
Apache exploit in 2002 -- but there's a big difference between
being "reasonably secure" and being a "secure system".
NIS and SunRPC in particular have been a longstanding security
headache. So has sendmail.
Don't get me wrong -- I think the Unix family really *is* the
greatest thing since sliced bread, and that it's the best thing
we've got. I just don't believe it's the best thing possible.