Then we are pretty much in agreement here, regarding the claims made
by the other member of the list, I do think if you are going to make a
claim and state it as if it is fact, you should back it up
> On Oct 10, 2014, at 1:23 PM, Valeri Galtsev <galtsev@xxxxxxxxxxxxxxxxx> wrote:
>
>
>> On Fri, October 10, 2014 1:07 pm, William Woods wrote:
>> Not at all, and please don’t tell me what I prefer, All I prefer is that
>> people try to be homiest, you are right all software has bugs, but to
>> imply in any way that
>> open source is better is a misnomer.
>>
>> I use open source, closed source, whatever tool fits the job, I don’t
>> belong
>> to any specific church re: software, nor am I a closed/open source zealot.
>>
>> I know its kinda hard for people to accept someone on a centos mailing
>> list would
>> use closed source, I am sorry some of you purists are offended.
>
> No, I'm happy and not offended at all. And it turns out we do pretty much
> the same thing. I do use closed source wherever it does the job, and for
> tasks that are not cover by open source. Some closed source software is
> great. But wherever I do want to save brain figuring out what to use for
> the task that has highest demands in security... you already know my
> answer.
>
> Valeri
>
>>
>> On Oct 10, 2014, at 1:01 PM, Valeri Galtsev <galtsev@xxxxxxxxxxxxxxxxx>
>> wrote:
>>
>>>
>>>> On Fri, October 10, 2014 12:33 pm, William Woods wrote:
>>>> So claim made, nothing to back it up. Got it.
>>>>
>>>> all I need to say is…BASH , OpenSSL…..
>>>
>>> Nice examples. One-sided though. All software has bugs. You prefer
>>> security through obscurity (closed source, and you have to _trust_ the
>>> vendor of it). But there are numerous security issues with closed source
>>> M$ Windows system. Of course, you would prefer closed source example
>>> UNIX.
>>> Here it goes: SSH (as opposed to openSSH we all have thanks to OpenBSD
>>> project). There was an awful security hole in it about 13 years ago and
>>> as
>>> sshd daemon runs by user root, we were just waiting if stray root just
>>> will walk into our Solaris boxes. Waiting for parch from system vendor
>>> and
>>> simultaneously compiling openssh as a replacement. Those of us who had
>>> majority of boxes under Linux (hence with openssh that wasn't
>>> vulnerable)
>>> had less trouble...
>>>
>>> I guess, you go you to your church, and I will go to mine. I do not
>>> consider "security through obscurity" a security. I prefer not to wreck
>>> my
>>> brain thinking "to what extent can I trust this corporate vendor". I
>>> prefer the code put out into open so everybody can review it. I doesn't
>>> mean that open source code will be audited diligently. But the fact that
>>> it can be gives the best reassurance for me. I do join that clever
>>> person
>>> who said "security only can be in open source".
>>>
>>> Valeri
>>>
>>>> I am sure there are more.
>>>>
>>>> But really, if you are going to claim something, at least be willing to
>>>> back up what you claim is that asking to much ?
>>>>
>>>> On Oct 10, 2014, at 12:21 PM, Valeri Galtsev
>>>> <galtsev@xxxxxxxxxxxxxxxxx>
>>>> wrote:
>>>>
>>>>>
>>>>>> On Fri, October 10, 2014 12:01 pm, William Woods wrote:
>>>>>> Really, you have some URL’s to back up the paranoia ?
>>>>>
>>>>> Well, that's the problem with closed source systems (Which MS Windows
>>>>> is
>>>>> and commercial antiviruses for it are). One can claim something and
>>>>> there
>>>>> is no way to prove it is right or it is wrong (or left? ;-)
>>>>>
>>>>> I remember some clever person said: "security can only be in open
>>>>> source".
>>>>> There are systems that are not [quite] open source, even though they
>>>>> are
>>>>> based on open source. I may be out of date but some time ago (last
>>>>> time
>>>>> I
>>>>> cared to check) Android was not (even though it is based on Linux
>>>>> kernel,
>>>>> there is fair chunk of closed code in its kernel). Everybody is free
>>>>> to
>>>>> imagine me with tin foil hat on, or with pointy hat on...
>>>>>
>>>>> Valeri
>>>>>
>>>>>>
>>>>>> On Oct 10, 2014, at 12:00 PM, Always Learning <centos@xxxxxxxxxxx>
>>>>>> wrote:
>>>>>>
>>>>>>>
>>>>>>>> On Fri, 2014-10-10 at 12:19 -0400, James B. Byrne wrote:
>>>>>>>>
>>>>>>>>> On Thu, October 9, 2014 21:11, John R Pierce wrote:
>>>>>>>>>> On 10/9/2014 6:07 PM, Valeri Galtsev wrote:
>>>>>>>>>> BTW, the whole idea of "antivirus" is flawed. It is based on
>>>>>>>>>> "enumerate
>>>>>>>>>> bad". You can't, as one never knows what will be invented in a
>>>>>>>>>> future.
>>>>>>>>>
>>>>>>>>> I agree, but I don't know what else you can put in the hands of
>>>>>>>>> the
>>>>>>>>> novice, unless its the iPhone world of corporate approved apps
>>>>>>>>> only
>>>>>>>>> purchased through a monopoly 'app store'.
>>>>>>>>
>>>>>>>> Which simply means: Only 'Government Approved' viruses allowed.
>>>>>>>
>>>>>>> Excellent point. Windows 95 was designed to be accessible by the USA
>>>>>>> authorities. USA anti-virus software "allows" access from the USA
>>>>>>> authorities.
>>>>>
>>>>>
>>>>> ++++++++++++++++++++++++++++++++++++++++
>>>>> Valeri Galtsev
>>>>> Sr System Administrator
>>>>> Department of Astronomy and Astrophysics
>>>>> Kavli Institute for Cosmological Physics
>>>>> University of Chicago
>>>>> Phone: 773-702-4247
>>>>> ++++++++++++++++++++++++++++++++++++++++
>>>>> _______________________________________________
>>>>> CentOS mailing list
>>>>> CentOS@xxxxxxxxxx
>>>>> http://lists.centos.org/mailman/listinfo/centos
>>>>
>>>> _______________________________________________
>>>> CentOS mailing list
>>>> CentOS@xxxxxxxxxx
>>>> http://lists.centos.org/mailman/listinfo/centos
>>>
>>>
>>> ++++++++++++++++++++++++++++++++++++++++
>>> Valeri Galtsev
>>> Sr System Administrator
>>> Department of Astronomy and Astrophysics
>>> Kavli Institute for Cosmological Physics
>>> University of Chicago
>>> Phone: 773-702-4247
>>> ++++++++++++++++++++++++++++++++++++++++
>>> _______________________________________________
>>> CentOS mailing list
>>> CentOS@xxxxxxxxxx
>>> http://lists.centos.org/mailman/listinfo/centos
>>
>> _______________________________________________
>> CentOS mailing list
>> CentOS@xxxxxxxxxx
>> http://lists.centos.org/mailman/listinfo/centos
>
>
> ++++++++++++++++++++++++++++++++++++++++
> Valeri Galtsev
> Sr System Administrator
> Department of Astronomy and Astrophysics
> Kavli Institute for Cosmological Physics
> University of Chicago
> Phone: 773-702-4247
> ++++++++++++++++++++++++++++++++++++++++
> _______________________________________________
> CentOS mailing list
> CentOS@xxxxxxxxxx
> http://lists.centos.org/mailman/listinfo/centos
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
