[FreeBSD-Announce] FreeBSD 12.0 end-of-life

Polytropon freebsd at edvax.de
Mon May 18 01:06:13 UTC 2020

On Sun, 17 May 2020 00:33:50 -0600, @lbutlr wrote:
> On 16 May 2020, at 13:54, Polytropon <freebsd at edvax.de> wrote:
> > On Sat, 16 May 2020 12:56:25 -0600, @lbutlr wrote:
> >> Otherwise, old OSes are porous insecure botnets-in-wait with
> >> dozens or hundreds or thousands of exploits.
> > 
> > That is true, but is significant only as far as those systems
> > interact with other things, especially over Internet.
> If the computer is air-gapped, that is one thing. If the computer
> is on a network and that network is air gapped, that is something
> else. Oof that computer is on a network and any machines on that
> network have access to the Internet, then that old insecure
> machine should be assumed to be on the Internet.

That is a fully valid opinion (and good description of reality).
It depends on how good you can control all involved factors, and
especially the "weakest links" in that chain. Luckily, for the
setting I've been refering to, everything is under control. There
are no "too intelligent" printers, but security-sensitive people
using that specific kind of equipment. Data that goes in and out
is quite restricted. There is no 100 % security, but you can at
least actively try to achieve it (instead of stupid claims or
"the PC told me I'm safe").

> Just look at the many exploits for non-Internet connected LAN
> printers.

Absolutely true. It also applies to battery chargers, fax machines
or any other "smart" device that can connect to something else (!)
on its own. But if your equipment is old enough, it probably won't
be that "smart". ;-)

A good countermeasure is to always keep complexity as low as
possible. Don't obtain or store data that you don't need. Don't
put functionality into the device that isn't neccessary. Test
your software. Watch for compiler warnings and _act_ according
to them. Check runtime warnings. Keep things simple and use
established approaches to problems. Physical security is a plus.
Know as much as possible about the things you're using. Understand
how things work, don't rely on 3rd party services too much without
proper understanding. Read the documentation. Write your own
documentation. Don't add things for the sake of adding them.
Think outside the box. Always wear a helmet. ;-)

Magdeburg, Germany
Happy FreeBSD user since 4.0
Andra moi ennepe, Mousa, ...

More information about the freebsd-questions mailing list