[Cryptography] defaults, black boxes, APIs, and other engineering thoughts
Jonathan Thornburg
jthorn at astro.indiana.edu
Sat Jan 4 21:23:32 EST 2014
> Have you noticed how the entire world is moving to a much more
> sophisticated update model, typically dynamically, monthly?
I'm not sure if that's true. What I see is low-security consumer
systems (e.g., the usual stuff from Microsoft, Adobe, etc) doing
dynamic updates every month or even every week. But OSs which make
security a very high priority, like (say) OpenBSD, aren't moving that
way at all -- they're staying with the old "updates are manually
applied by a (human) system administrator" model.
The OpenBSD website points out that they've only had two remote holes
in the default install in "a heck of a long time" (I think more than a
decade). So perhaps the manual-updates security model remains viable....
ciao,
--
-- "Jonathan Thornburg [remove -animal to reply]" <jthorn at astro.indiana-zebra.edu>
Dept of Astronomy & IUCSS, Indiana University, Bloomington, Indiana, USA
"There was of course no way of knowing whether you were being watched
at any given moment. How often, or on what system, the Thought Police
plugged in on any individual wire was guesswork. It was even conceivable
that they watched everybody all the time." -- George Orwell, "1984"
More information about the cryptography
mailing list