[SunRescue] Re: Help!

Greg A. Woods rescue at sunhelp.org
Thu Apr 19 16:57:27 CDT 2001 

[ On Thursday, April 19, 2001 at 15:27:02 (-0500), Bill Bradford wrote: ]
> Subject: Re: [SunRescue] Re: Help!
>
> On Thu, Apr 19, 2001 at 01:23:08PM -0700, Robert Novak wrote:
> > We've secretly replaced Greg Woods with Eliza. Let's see if he notices. 
> 
> "Tell me how you feel..."

Hee hee!

> If I was doing this for MYSELF, I'd use OBSD, because I have the time
> to fuck with things if it doesent work.  I *know* I can get this setup
> quickly and easily with Linux (even tho I dont *like* putting a Linux
> box up as a firewall); and thats whats important to the client right
> now - getting this up and working as quickly as possible.

As with anything related to security (and how can a firewall not be?)
"quick" cannot enter into the equation lest you set yourself up for a
quick fall.

"Any job worth doing is worth doing correctly the first time" isn't just
a platitude when it's something related to security.

If the customer actually says "Damn the torpedos!  Full speed ahead!"
then don't call it a firewall and don't install any security whatsoever
and give them a quote to come back and "do it right" at some later time.
(and give them a warranty disclaimer that explicitly voids anything to
do with attackers or even blundering fools) 

Either that or walk away if you think the threats are serious enough to
pose a real risk.  No trustworthy engineer will knowingly build a bridge
that will fail no matter how much money the customer has and how quikly
they need to cross the gorge.

Back to my original question though:  won't the necessary ports/pkgsrc
modules in FreeBSD, NetBSD, or OpenBSD install just as easily and
quickly as any Linux stuff?  I don't see why not, which begs the
question:  Why don't you think you can succeed just as quickly with
OpenBSD (or FreeBSD or NetBSD)?  That's a serious question because a
serious answer may hold clues to help improve the *BSD systems.

-- 
							Greg A. Woods

+1 416 218-0098      VE3TCP      <gwoods at acm.org>     <woods at robohack.ca>
Planix, Inc. <woods at planix.com>;   Secrets of the Weird <woods at weird.com>

More information about the rescue mailing list