[Coco] CoCo Gallery

Aaron Wolfe aawolfe at gmail.com
Thu Jun 10 01:05:04 EDT 2010


On Wed, Jun 9, 2010 at 11:18 PM, Gene Heskett <gene.heskett at gmail.com> wrote:
> On Wednesday 09 June 2010, Frank Swygert wrote:
>>Mark wrote:
>>I recall there was a major Russian? spammer a few years ago who was
>> tracked down and had his address published on the net. He wound up dead a
>> few days later IIRC... I for one did not shed any tears.
>>
>>I hope you find a more secure solution!
>>
>>-----------------
>>
>>I don't think there is a more secure solution than that one.... ;>
>>
>>I know that's not what you meant... couldn't help taking it out of context
>> a bit!
>>
>>As for the question about open source... Roger stated that he thought
>> Gallery 2 was open source. If it is, then the code is accessible to
>> hackers to take advantage of. If not, then his comment can be
>> disregarded.
>
> And if it is, the many eyes makes short work of fixing any exploits found.
> This above is miss-info AFAIC.  I recall one hole that was found 3 or 4
> years ago, and the program was fixed to block that hole in 20 minutes.  You
> can't get MS to answer the phone in 20 minutes.
>

Whether open source or closed source is inherently more secure is
something that security experts do not agree on, but there are plenty
who will argue one way or the other.  Reality is that there are other
factors common to both models which have a much greater influence on
the ultimate security of an individual installation.  During my years
spent as a network security guy (usually called in after, rather than
before a problem)  I found that the primary factors in most
compromises were lack of maintenance, installations done
incorrectly/left at default settings, trading security for
convenience, and other silly things that people do.  Actual flaws in
software were seldom the cause, and when they were it was usually
something that had been corrected many versions ago had the server
been kept up to date.  Until we eliminate the humans, no system will
be truly secure :)


> It is also known the WordPress's output can be hacked by a teeny bopper in
> 10 minutes, at least in Linux circles.  I understand they are trying hard to
> fix it, hence a fairly active update cycle.  Roger would be better off using
> Amaya, the W3C's own program.  But I'll be the first to say the learning
> curve to fully use it, is steep.
>
>>It seems like there are few Linux hackers, or rather few who do things
>> destructively to systems just for the fun of it. I think part of the
>> reason is many Linux users are pretty darned good at programming and
>> technical issues themselves (me NOT included!) and retaliation or
>> tracking down the culprit is a lot more likely.
>
> And I'm only half included, getting rusty in my dotage.
>
> --
> Cheers, Gene
> "There are four boxes to be used in defense of liberty:
>  soap, ballot, jury, and ammo. Please use in that order."
> -Ed Howdershelt (Author)
> Loneliness is a terrible price to pay for independence.
>
> --
> Coco mailing list
> Coco at maltedmedia.com
> http://five.pairlist.net/mailman/listinfo/coco
>



More information about the Coco mailing list