On Mon, 8 Jul 2013, davidschaak1@xxxxxxxxxxxxxxxxxxxxxxxxx wrote:
Sorry for top posting this. My bb won't allow bottom posting. My $0.02 on this topic. My nfs server is running fc5. Very outdated but I see no reason to upgrade it as there are 3 firewalls between it and the Net. It is doing what I want it to do. Serve files. My other machines are all F17. Only one of them is connected to the net. They do specialized tasks. If your OS is doing what you want, you have had no crack attempts, and is working properly, why upgrade your OS? Dave Sent from my BlackBerry® smartphone powered by Mobilicity
One security-oriented response to your statement is that you fundamentally never know whether or not you have been compromised. You only know you have not discovered evidence of a compromise. I have a friend who worked for the government. His job was, literally, to break into homes/businesses and manually install keyloggers on computers (with a warrant, I assume). His whole orientation was to ensure that there was no evidence of his intrusion, since he was all about surveillance. I tend to upgrade my personal box via fresh install just as a periodic spring cleaning. The bottom line is that I know a lot of stuff about these computing machines, but I don't know everything. There's always the chance that there's some security breach that I don't know about, some rootkit that has outwitted me, etc. And, of course, a lot of these compromises lay dormant for a long time before they pop up and you find yourself the source of spam or a zombie in a DoS or something. Yeah, I'm careful. Yeah, I run tripwire. Yeah, I read my logs. But still... So, every couple of months, I back up my box and install something. Usually it's Fedora, but every now and then it's something else just for kicks. Mint was fun. Mageia was a little disappointing. Backtrack was cool. What does that do for me? Well, I clean my disk. If I have an intrusion, it's gone. I wipe my slack space. I'm not going to be anybody's zombie in the near future. I get to learn about some new stuff, because there's always some new stuff. Since I always do an epoch-level backup at that point, then I know I have a full backup in my pocket. Setting up the servers again is really not much of a hassle for a one-horse operation like mine. If I ran a distributed web server with a hundred boxes and had my own mini-isp, then it might be a problem. But with basically a couple of personal/home-business boxes, and one-box mailserver, webserver, nameserver, etc., it takes just a few more minutes after the installation to get back up in business. You just gotta plan things out. I could speed it up even more by scripting it, but I like to poke around by hand. The only time this hasn't held is when I moved some of my stuff to a virtual box in the cloud. It turns out that apparently you gotta get the box reprovisioned by the company running the virtual server (at least for me), so it's a hassle getting everything done on my schedule. Choosing F16 was a mistake -- I can't even upgrade because I can't see or interact with the boot screen. I'm moving to CentOS for that machine, and will likely sit on it for awhile... billo
-- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
