Originally posted by intelfx
View Post
Announcement
Collapse
No announcement yet.
Firewalld 1.0 Released With Big Improvements
Collapse
X
-
-
Originally posted by intelfx View PostIt never was, and I never said that. ... A well-designed system will accomodate various levels of trust and thus various levels of security. ...
Security does not come from trust. Security comes from control. Without control do you have no power and trust is merely the first thing that you will lose. Trust is also not useful for starting a discussion on security, only distrust is. Trust is the fallout of good security, but also a weak substitute for not having absolute security. If there was absolute security then there would be no need for trust.Last edited by sdack; 23 July 2021, 02:03 PM.
Comment
-
Originally posted by sdack View PostIndeed. One has to learn about firewalld's command options and its syntax before one can use it
Originally posted by sdack View Postand it requires to have a good understanding of networking and how it is handled within the kernel. So for a lot of people is it indeed better to use nftables directly when it already does what they need.
- Likes 2
Comment
-
Originally posted by sdack View Postespecially where performance is needed are algorithms implemented in assembly instructions. It is one of the few domains where assembly programming has always ruled over compilers.Last edited by pal666; 23 July 2021, 02:58 PM.
- Likes 1
Comment
-
Originally posted by pal666 View Postnot true. one can use gui or just leave it up to apps which will work without user supervision
if nftables alredy were doing what is needed, firewalld would have nothing to do
Comment
-
sdack
"Security does not come from trust.."
Ok, this comment shows clearly you have no idea what you're talking about. Of course, clearly, security at some level relies on trust. Anyone that has taken a basic course in software security at University knows this. Do you inspect the source code of the version of ssh you currently have installed before using it? Do you inspect the source code of the version of nftables you have installed before using it? If not, you are in fact relying on "trust".
- Likes 1
Comment
-
Originally posted by tomas View Postsdack
"Security does not come from trust.."
Ok, this comment shows clearly you have no idea what you're talking about. Of course, clearly, security at some level relies on trust. Anyone that has taken a basic course in software security at University knows this. Do you inspect the source code of the version of ssh you currently have installed before using it? Do you inspect the source code of the version of nftables you have installed before using it? If not, you are in fact relying on "trust".
Take traffic lights as an example. Do you believe traffic security comes from people trusting the lights? I hope not. Security comes from control and taking action against those who break the traffic rules. This is the control we use to ensure that people follow the traffic lights. In countries where i.e. jaywalking goes unpunished do many people in fact ignore the traffic lights. People will run across streets and ignore red pedestrian lights like it was a national sport. This should tell you that control does not come from people trusting in the lights, but it comes from people knowing that they get punished when they ignore them.
It is simply wrong to assume trust would create security. If anything is it distrust that leads to security. If we could create absolute security would we not need trust, but we would have certainty instead. And only because we cannot create absolute security do we trust that in the absence of absolutely security would we still have enough relative security to keep us safe. This is what trust is. Trust is not a replacement for security.Last edited by sdack; 23 July 2021, 03:43 PM.
Comment
Comment