[clug] Secure your Internet facing stuff (was Re: googlebot doing funny things in logs)

Sam Couter sam at couter.id.au
Fri Jun 17 03:34:38 MDT 2011 

Robert Edwards <bob at cs.anu.edu.au> wrote:
> How would an un-"secured" web server at someone's home (running Myth, or
...
> little to do with running un-"secured" web servers.
...
> I can see how an un-"secured" web site could be used for the unwitting
...
> "secure". I think most of us know that most spam is not coming from
> non-"secure" home web servers...

I like the use of scare-quotes around the word security, as if it's some
imaginary concept that you don't believe in.

> I have been accused in the past of being anti-peer-to-peer because I
> won't jump onto the IPv6 bandwagon where everyone can have their own
> 2^53 static IP addresses. And yet I see this insidious trend towards
> corporate web portals (the Facebooks, Twitters, iStores etc. of the
> world) where everything on the web/Internet is centralised and
> controlled by fewer and fewer people. And many 'net users seem more and
> more happy to buy into this model. It makes them feel "safe"...

I agree with you about the insidiousness of Facebook and other massive
asocial network sites, but I don't think they're really relevant to this
discussion.

Facebook is not popular because of security concerns. I don't believe
Facebook users really care about security at all. It's popular because
it's popular (network effect) and because it's convenient and easy.

Facebook is not an alternative to running your own web server. A hosted
web service is an alternative, and there are at least a billion of them
around.

> It is not dangerous to run a moderately well-maintained public-facing
> web server at home.

Depends what you mean by "dangerous". Your machine is not very dangerous
to you, but collectively all those unsecured machines on DSL and cable
connections are anywhere from extremely annoying to business-destroyingly
expensive to everyone else on the net.

> It is dangerous to buy into the argument that
> only the big end of town should be allowed to run our web servers,
> for "security" reasons...

There's the scare quotes again, along with another strawman.
-- 
Sam Couter         |  mailto:sam at couter.id.au
OpenPGP fingerprint:  A46B 9BB5 3148 7BEA 1F05  5BD5 8530 03AE DE89 C75C
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.samba.org/pipermail/linux/attachments/20110617/5106f890/attachment.pgp>

More information about the linux mailing list