[linux-elitists] Are we Dead Yet? (or "For every sprinkle I find, I shall kill you!)

Aaron Burt aaron@bavariati.org
Thu Feb 3 19:31:29 PST 2005


On Thu, Feb 03, 2005 at 12:16:29AM -0800, Rick Moen wrote:
> Quoting Karsten Self (kmself@ix.netcom.com):
> 
> > Note too:  embedded systems.
> 
> Exposed to hostile networks?  Running every conceivable network daemon
> service, _and_ with IP-filtering scripts disabled?  

Why, yes.  A Friend Of Mine is working for a small company that's
developing a Linux-based appliance running on a slightly-disguised PC.
An engineer was picked more-or-less at random to put together the base
system, so he installed a standard desktop distro and then randomly
disabled features and installed tarballs ("packages?  what're those?")
until it more-or-less worked.  Needless to say, the firewall was one
of the first features to go, and automated updates are out of the
question.

Given the pressure to ship ASAP, I suspect the product will go out
pretty much as it sits.  Cleaning up and securing it would take time
away from development and testing, and would risk breaking things.
Besides, would it move more product, short-term?  Not likely.

Cheap PC hardware and useful apps like Asterisk seem to be inspiring
quite a few li'l Tivo-wannabe startups trying to get sophisticated
internet-connected Linux appliances out the door.  Few of these
companies will have experienced, security-conscious sysadmins who are
able to articulate the need to ship a secure product.  And who listens
to sysadmins, anyway?

Not that I'm terribly worried.  Why hassle with an J. Average
Unmaintained SuSE box when there's hordes of trivially-compromised
Winders PCs out there?


-- 
"There is no such thing as a parasite-free complex ecology"
 --Kathryn Myronuk



More information about the linux-elitists mailing list