RE: Firewall Throughput

["Robert Purdy" <liteyear () ihug co nz>]

> > No offense, but I have Solaris, BSD, AIX, and Linux running here--and
> > all of them are stable and reliable.  I had one hard-used Linux server
> > running for almost 2 years before I recently took it down for some
> > upgrades.
>
> Do yourself a favour and stay ignorant of the development methodology
> that goes on "behind the scenes" with Linux.  What are they now,
> 2.4.pre34-test83, and still making major architectural changes inside it.
> That's *insane*.  Sure, Solaris is stable, but you can't strap it down
> as securely as you can BSD, plus you get source code for BSD.


Thats great, I can get the source code for BSD.... well I know I have 2
months and $16,000 dollars to loose in down time while I pour over BSD code
to make sure its safe to use.  Don't get me wrong; I am an avid fan of the
GNU project and of Linux, (I run it at home as my firewall), but the idea of
"source code being available" as an argument dosen't sit with me.

Purely because business' don't have the time or capital to pay someone to
got over the code and check it.  I know 15-25yo males with a lot of spare
time do, and they find holes.  Whats to say the 18yo Joe hasn't found a hole
in the BSD code and its exploiting it left right and center? (There is a
flip side to the argument for this that there could be a hole in CP or PIX
that is unreported)

At least with closed code its going to take something more than a script
kiddie or someone with time on thier hands to break it.

I dunno, maybe I am off the beaten track, but I certainly prefer someone to
shout at when things turn to custard.  And strangly enough so do the people
that pay my fees.

Regards,
Rob Purdy


_______________________________________________
Firewall-wizards mailing list
Firewall-wizards () nfr net
http://www.nfr.net/mailman/listinfo/firewall-wizards