April 23rd, 2001


My response to some Stupidy on embsd list

This is my response to some foolishness on the embsd list about GUI
admin tools and their usefulness. EmBSD is an embeddable teardown of
OpenBSD. Read from the middle down, then the top, for maximum understanding.

To: embsd@research.suspicious.org
Subject: OT : clients, was: [embsd] Re: Management interface
<Offtopic tangent=clients>
The people who I sell firewalls to, run Windows and related garbage. This
is the current scheme by which I'm trying to pay bills..

Part of the reason they need a firewall is what they run. If they were all
running properly administered OBSD boxen on their desks, they would
be a lot safer.

If they had a full-time security admin, they'd be safer.

They want to run crap software, and they can't afford a fulltime security admin,
so I (we) try and get them the next best thing, which is a tightly secured firewall
appliance gizmo that in it's default configuration improves their security immensely
(NAT + stateful filtering, etc) .

But: They paid for the thing, and (hopefully) have a service contract, so if
they want to 'configure' it or want me to, then that's fine: It makes it more useful,
and hopefully I get paid for the work.. And how else would VPNs work?
We don't have opportunistic enc[r]yption yet, do we?

Hopefully that assists in your understanding of the problem we're trying to solve.
Something close to 80% of the desktops in the world run Windows, and we'd
be fools to assume all those Linux, Solaris, and Mac desktops are much
more secure by default..

</offtopic rant about clients>

At 05:04 PM 4/23/01 -0700, you wrote:
On Mon, Apr 23, 2001 at 07:47:52PM -0400, Rob Funk wrote:
> You misunderstand me. Firewall admins are users of the firewall.
> They are not necessarily developer-types who run Unix and always have
> a terminal window handy. In fact, they probably run Windows on their
> desktop more often than not.
> They often like happy-friendly graphical configurator interfaces.

Did I read that correctly? Did you *actually* just say that Firewall
admins usually run Windows?


The cluetrain station is that way. --> Train leaves in 3 minutes. If
you hurry, you can still catch it....

