[148924] in cryptography@c2.net mail archive
Re: [Cryptography] defaults, black boxes, APIs,
daemon@ATHENA.MIT.EDU (Jonathan Thornburg)
Sun Jan 5 00:32:33 2014
X-Original-To: cryptography@metzdowd.com
Date: Sat, 4 Jan 2014 18:23:32 -0800 (PST)
From: Jonathan Thornburg <jthorn@astro.indiana.edu>
To: Cryptography Mailing List <cryptography@metzdowd.com>
In-Reply-To: <1C8E7A54-C0A2-41D2-9860-F5B427703023@gmail.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
> Have you noticed how the entire world is moving to a much more
> sophisticated update model, typically dynamically, monthly?
I'm not sure if that's true. What I see is low-security consumer
systems (e.g., the usual stuff from Microsoft, Adobe, etc) doing
dynamic updates every month or even every week. But OSs which make
security a very high priority, like (say) OpenBSD, aren't moving that
way at all -- they're staying with the old "updates are manually
applied by a (human) system administrator" model.
The OpenBSD website points out that they've only had two remote holes
in the default install in "a heck of a long time" (I think more than a
decade). So perhaps the manual-updates security model remains viable....
ciao,
--
-- "Jonathan Thornburg [remove -animal to reply]" <jthorn@astro.indiana-zebra.edu>
Dept of Astronomy & IUCSS, Indiana University, Bloomington, Indiana, USA
"There was of course no way of knowing whether you were being watched
at any given moment. How often, or on what system, the Thought Police
plugged in on any individual wire was guesswork. It was even conceivable
that they watched everybody all the time." -- George Orwell, "1984"
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
