On Torsdag 30. april 2009, Jonas Smedegaard wrote: > I am baffled that Knut still consider switches a security measure now 6 > years later.
Jonas'es ideal take on the world is always exiting, especially when he takes things out of context, using a straw man argument. Here is what I wrote: > switching gives you a better starting point preventing > package sniffing compared with hubs. Does this sentence says that I'm asking people to disregard use of other security measures? No, it does not. It only states a fact. Switches provides a better starting point preventing package sniffing than hubs, implying that you should do more. Secondly. In an educational context, a schools with scarce resources may have to throw out 250 fully working pc's to the junk yard, if developers under estimates how little computational power such clients may have. What may seems as a small insignificant security addition, might be a measure which stops Skolelinux, where the clients don't work. Then Skolelinux get the blame. Some municipalities which has experienced this have later switched to Windows. Such municipalities are able to get a full Windows solution with the costly licenses and twice as expensive hardware at every school. And I'm talking about twice the cost compared to a full hardware upgrade with Skolelinux clients. Clients which can run all security measures you recommend Jonas. My concern is to prevent an unfortunate assumption: That Skolelinux don't work because of a small technical security chance, which may give a huge change on old machines (changes which has almost no impact on newer machines with 10X power compared to old ones). The security change may not be a show stopper in it self. But the software which runs the new security feature may use more resources. And Jonas, since you're using a straw man argument. I'm asking for a little perceptive concerning security, not a circus. Linus Torvalds had a comment on that (15 Jul 2008): "one reason I refuse to bother with the whole security circus is that I think it glorifies -- and thus encourages -- the wrong behavior. It makes 'heroes' out of security people, as if the people who don't just fix normal bugs aren't as important. In fact, all the boring normal bugs are way more important, just because there's a lot more of them." Source: http://article.gmane.org/gmane.linux.kernel/706950 Best regards Knut Yrvin -- Open Source Community Manager Qt Software, Nokia cell: + 47 934 79 561, phone: +47 21 60 27 58 http://qtsoftware.com -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
