[lbo-talk] Annalee says we all need porn, servers, and stem cells

Chuck Grimes cgrimes at rawbw.com
Fri Aug 19 07:40:48 PDT 2005


The feds ask for server logs and, with remarkable speed, you copiously piss your pants and hand over entire servers -- eagerly stumbling over your own feet to help since the smoke of a request must mean fire and 'we don't want any trouble.' .d.

---------

What I don't understand is why more techno-freaks with radical ideals haven't started their own isp's and server networks. How expensive are these systems to set up?

When I changed to FreeBSD in '98 I went looking for an isp that ran the same OS and found one pretty easily. It's a little hard to explain how transparent this kind of connection is unless you have tried it.

And another thing. I don't know why threatened servers keep their system logs in the first place. You can configure the logs to show what you need but would be useless for political surveillance purposes. Even if the isp keeps logs, there is no reason for a politically vulnerable subscriber like Indymedia to keep those kind of logs.


>From a link on Dwayne's homepage for cryptome.org:

``LAS VEGAS, July 28 -- Michael Lynn, the security researcher whose talk yesterday about new flaws in Cisco Systems routers landed him in court this morning, has settled the legal dispute with Cisco and his former employer, Atlanta-based Internet Security Systems.

Under the terms of a permanent injunction signed by a federal judge this afternoon, Lynn will be forever barred from discussing the details about his research into the vulnerabilities he claimed to have discovered in the widely used Cisco hardware...''

This reminds me that FreeBSD org has (or had) a whole network of developers who work on OS code and security on a continuous basis. They post weekly code upgrades via CVS mirrors with notes on bugs and security faults. The whole system is automated so if you are really worried about these things you can automate your system upgrades weekly (for free).

The point is that open source computer security does a couple of things that privately owned and copyrighted software can't do. First, there are no code secrets so developers, administrators and hackers are on the same level. This means that developers know their code is completely exposed, so they can't pretend a problem doesn't exist. When hackers find a bug or exploit and use it, the minute it is discovered, it is published and work starts on a fix. (Community cooperation between developers, administrators and users, means the hackers are out gunned.) Most fixes are ready in a few days or a week and the hack is gone. If the fix is more complex, then a temporary work-around is out in a few days. As far as I know, nobody in the FreeBSD community goes to court to protect a `feature'. Fault finders and vulnerability whistle blowers are more than welcome. The sooner the shit hits the fan, the faster the clean up can start.

CG



More information about the lbo-talk mailing list