[olug] Re: Linux??? [7:79346]

neal rauhauser neal at lists.rauhauser.net
Sun Nov 16 14:06:03 UTC 2003 

   This looks like it might be trollwords, but then again maybe not
supernet wrote:

> On 16 Nov 2003 at 17:59, supernet wrote:
>> 
>>1. I understand that Linux is open source. But isn't open source a
>>security hole? A friend of mine who is a security expert said that 

   Open Source means code gets looked over by many eyes and in some 
cases formally audited(OpenBSD comes to mind). It is *way* better than 
some proprietary OS where you have to hope the vendor will repair the 
problem.

   Your friend isn't much of a security expert, sounds like he might 
have the Microsoft Hot Dog Stand & Windows Security Operations 
certificate, but you won't find any serious security practitioner who 
believes that anything M$ does is secure when attached to the public 
internet - they tend to favor OpenBSD for high exposure environments and 
will generally take *any* OpenSource/FreeSoftware system over Windows no 
matter what the system's role will be.

> 
>> Red Hat had whole lot more security patches than Microsoft. Is it true?

   Red Hat is one Linux distribution, and not a particularly good on in 
my  opinion. If you want to compare security issues you must look at a 
security specific OS like OpenBSD, rather than a general purpose desktop 
or enterprise server centric OS like RedHat. I suppose if you *must* do 
Linux rather than a BSD derivative I'd start with Gentoo or Debian.

   And it is foolish to count security patches - count incidents. Maybe 
FreeBSD has double the security patches for M$, but are they counting 
patches for the OS itself and the three THOUSAND packages that it can 
install from ports? probably. Are they counting theoretical 
vunerabilties related to buffer overflows that get fixed before there 
are any exploits in the wild? probably.

   Incident wise over the last four years M$ has had many events where 
their stuff got rooted all at once and caused global problems, while the 
last time I can recall something like that happening with unix was the 
famous Morris sendmail event of 1988.




>>2. Since Linux is open source, it's much cheaper than other 
> operating systems. But I always believe you get what you paid for. What if 
> there s something wrong with it? What if something happens and your 


    There are some distributions (RedHat, SuSe) that have companies that 
provide support behind them. In general if you're using a front line 
program on a mainline distribution you'll get excellent support. Note 
that support in the open source/free software world does NOT mean 
someone to shield you from the results of your ignorance. Unix is user 
friendly, but its fussy about who it hangs out with - if you're clueless 
I'd kindly suggest you stay with windows since you've got a.) support 
and b.) an immediate goat when stuff doesn't work.

> CIO
> 
>>stands behind you? Who do you call for support?
>> 
>>3. I know some big companies, like IBM, are moving to Linux too. 
> Are they going to use open source? If not, isn't it become another 
> flavor of UNIX? Like SCO or Solaris?


   *sigh*

    SCO is dead meat, Solaris might end up in the same boat if they 
don't  figure out a new strategy, SGI is already on the death watch, and 
the story is the same for the rest of the proprietary unix derivatives.

    A large portion of 'unix' these days is the GNU programs from the 
Free Software Foundation. Linux is just a kernel that happens to get 
bundled with distributions that use the GNU stuff. BSD and its 
derivatives (FreeBSD, OpenBSD, NetBSD) all descend from the BSD code but 
they include much stuff that is under the GPL (FSF license) rather than 
under the BSD license.


   Any more questions?

More information about the OLUG mailing list