[linux-elitists] Are we Dead Yet? (or "For every sprinkle I find, I shall kill you!)
Karsten M. Self
Thu Feb 3 00:01:11 PST 2005
on Wed, Jan 26, 2005 at 11:22:32AM +1100, Martin Pool (firstname.lastname@example.org) wrote:
> On 21 Jan 2005, Rick Moen <email@example.com> wrote:
> > One is moved to wonder _why_ you would leave a glaringly obsolete
> > Linux distribution unpatched. Both RH 9 and 7.3 are now EOL; even
> > errata for them are no longer published: Updates, as you say, ended
> > last April.
> It's unrepresentative, but still there must be thousands of such
> machines. Many people do just install Linux and never do any
Note too: embedded systems.
Gig a couple years back was a legacy MS Windows-only shop on SBC DSL in
SF. Internet started going whacky at one point. Turns out that Linksys
firewall/router was a few firmware revs out of date, though it may also
have had a hardware fault. IIRC we flashed it once or twice, and
finally swapped it. Issues stopped.
Much similar kit is running an embedded GNU/Linux. And is deployed by
Joe/Joelle Sixpack who's got no _idea_ that the blue box even has an OS.
It's just an appliance.
While vulnerabilities are limited, there's going to be growing piles of
that stuff sitting on the 'Net for _years_ open to vulnerabilities, and
the customer perception of the product is that it's an inert mass.
The increasing risk isn't that the systems are disabled (the owners will
toss and replace them -- probably a win for the vendor), but that they
are exploited for network abuse -- spam, open proxies, etc. Even the
modest processing of a router can be useful in aggregate to the black
hats. And the irony is that these are supposed to be security tools....
> > And, c'mon: Those distributions were released 20 months and 32
> > months prior to the study's date of operation, respectively.
> I would hope that sometime in the future it would be possible to
> install a machine, seal it behind a wall with only net/power, and have
> it run securely without owner intervention until the hardware fails.
> Why not?
We've already got those...but there's still risks.
> (I realize this is not an Elite way to run a machine, but it would be
> pretty cool to fix the engineering problems so that it is possible.)
Oh, I think it's pretty elite, actually.
Karsten M. Self <firstname.lastname@example.org> http://kmself.home.netcom.com/
What Part of "Gestalt" don't you understand?
MX Radio - With Bob Edwards, who needs NPR? http://www.xmradio.com/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: Digital signature
Url : http://allium.zgp.org/pipermail/linux-elitists/attachments/20050203/6958ffe4/attachment.pgp
More information about the linux-elitists