On 04/03/14 22:04, Martin Braun wrote: ... > Maybe I am just plain stupid, but could someone explain to me the point in > "bragging" about only two remote holes in the default install, when the > default install is useless before you add some content to the system, > unless you're running a web server serving static content only.
Let's pretend your statement about the default install being "useless" hadn't been totally disproved already... If you are building a big, complicated house, the first thing you need is a solid foundation. Now, you can build the rest of the house poorly or well, but if the foundation is bad, the house is not going to be solid, no matter the effort put into it. The start to a good structure is a solid foundation. Yes, put crapplications on OpenBSD, and you won't have good security (though -- you MAY get lucky and have OpenBSD save your *** anyway). But put good applications on a bad platform, you are unlikely to have good security. Now, you have been taking shortcuts to get bad applications running on "easy" OSs (which probably means you were able to google for complete "how-tos" so you didn't have to understand your task at hand), and I'm sure like most people, you figure, what does it matter? You can always blame the attackers, you can say "everything has bugs", "nothing is perfect", and all the other excuses and evasions people have used. News flash: the world is changing -- The general public is starting to realize that the people they entrust with their data ARE responsible for the security of that data, and not quite willing to accept the same old crap excuses anymore. Nick.
