At 06:27 AM 3/20/2002, you wrote: >You did not buy a car without breaks, you bought a car without getting a >drivers license first. > >Well, Although I agree on the statement that Sun Cobalt should maybe put >more effort in patching leakages, because they deliver a full product >including the software, I think you overreact now. I guess they can expect >the machines to be operated by skilled professionals. It's not a my first >sony. Part of the skill would be to understand to a certain level the kind >of thread there exists for a full-service server, and that this thread >exists from the moment you put the network cable in.
The lemon law would apply to the cobalt boxes if they were a car. >Ofcause no one can know everything, but I would expect you to know the basic >operation skills needed to secure the machine to quite a high level, so >stopping telnet, starting (and securing) sshd, putting on some kind of >firewall or portsentry, checking logs, blocking machines, using tools like >tripwire etc. etc. That's like going to buy a car and the sales man say's "hey it drives it's self, just turn the key and go" then later you find out you were Told a half truth.... assumption make both party's look bad no matter how you look at it. >When you buy a totally equiped holliday van, "ready to take you anywhere you >like", you can't complain if you hit the first tree because you don't know >how to drive it. > >Jelmer >----- Original Message ----- >From: "Simon Wilson" > > > Home to as many as 200 websites or a single, powerful dedicated server. > > If you're a service provider, the Sun Cobalt RaQT server appliance is > > the alternative to "big iron" servers. The Sun Cobalt RaQ server > > appliance includes everything you need to begin hosting now. > > > > > > A direct quote from Cobalts website. You see the last bit "everything > > you need to begin hosting now". > > Well read that as "everything you need provided you don't need it to be > > secure and don't mind if it gets hacked within 24 hours" > > > > I bought a RAQ4 it's the first server I ever bought, I new nothing about > > Linux, servers, dns, nothing. I bought it to host websites for my small > > business. Within one week of subscribing to this list, reading manuals, > > researching on the web, I realised that it is totally insecure. I had > > bought a car without breaks, a house without doors, I might as well have > > left it lying in the street with a sign on it saying "nick me". Since > > that time I have had to learn vary quickly all about the security issues > > and thanks to many people on this list I think my server stays > > reasonably secure. > > > > My point is: had the advertising been honest, had it said on the box - > > "looks good, nice spec but open door to hackers" I never would have > > touched it. > > > > In English law a product must be fit to perform the purpose for which it > > is sold. The RAQ4 out of the box is not fit to host websites. > > > > > > __________________________________________ > > Simon > > > > > > > > > > _______________________________________________ > > cobalt-security mailing list > > [EMAIL PROTECTED] > > http://list.cobalt.com/mailman/listinfo/cobalt-security > > > >_______________________________________________ >cobalt-security mailing list >[EMAIL PROTECTED] >http://list.cobalt.com/mailman/listinfo/cobalt-security _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
