[Total OT] Trying to improve some numbers ...
Marc G. Fournier
scrappy at hub.org
Fri Feb 17 10:09:57 PST 2006
On Fri, 17 Feb 2006, lars wrote:
> Marc G. Fournier wrote:
>> On Thu, 16 Feb 2006, lars wrote:
>>
>>> If your machine only runs an NFS daemon and is behind a firewall,
>>> ok, you don't need to patch it asap when an NFS SA and patch is issued, if
>>> all clients connecting to the machine are benign.
>>
>> Actually, there are alot of situations where this sort of thing is possible
>> ... hell, I could probably get away with running a FreeBSD 3.3 server since
>> day one, that has all ports closed except for sshd, imap/pop3/smtp, and be
>> 100% secury ... sshd can be easily upgraded without a reboot, with the same
>> applying to imap/pop3/smtp if I use a port instead of what comes with the
>> OS itself ...
>>
>> You can say you are losing out on 'stability fixes', else the server itself
>> wouldn't stay up that long ... so about the only thing you lose would be
>> performance related improvements and/or stuff like memory leakage ...
>>
>> And I could do this all *without* any firewalls protecting it ...
> Even if you managed to maintain an old version of a particular OS's
> uptime for so long, what did you prove?
Wasn't arguing that I "proved" anything, only that a long uptime could be
achieved *without* any security implications :)
> IMHO 'uptime' as a 'feature' is overrated, not to say obsolete.
Agreed 100% ... Availability is the useful metric, not how long a
stretch of time the OS can remain running ... not necessarily worded the
best way, but our uptime policy (http://www.hub.org/uptime_policy.php) was
such that we tried to upgrade our servers once every 30 days or so ... not
always possible, and lately less so, but it was our aim ...
----
Marc G. Fournier Hub.Org Networking Services (http://www.hub.org)
Email: scrappy at hub.org Yahoo!: yscrappy ICQ: 7615664
More information about the freebsd-questions
mailing list