Originally posted by jacob
View Post
Announcement
Collapse
No announcement yet.
Firewalld 1.0 Released With Big Improvements
Collapse
X
-
-
Originally posted by sdack View PostSo, do you now agree that you are also using nftables when you use firewalld or are you still saying that you do not and that you would only need firewalld?
Do you know that firewalld is using nftables?
Leave a comment:
-
Originally posted by sdack View PostThis is not reality what you are talking about, it is called theory. Proof is only a form of control. By making a proof do you take control over terms, conditions and parameters and so create certainty over the correctness, and eliminate the need for trust. You may have started with a trust or a belief, but at the end of your proof will you have certainty, or you just have not learned what the point of a proof is yet.
Trust is a poor man's security.Last edited by jacob; 25 July 2021, 04:30 AM.
- Likes 1
Leave a comment:
-
Originally posted by pal666 View Postif those gui or app talks to firewalld then you need firewalld.
Do you know that firewalld is using nftables?Last edited by sdack; 24 July 2021, 03:11 PM.
Leave a comment:
-
Originally posted by sdack View PostWhen you are using a GUI or another app then you are not really using firewalld.
Originally posted by sdack View PostOr, when you do want to say so, then you also have to say you are using nftables, because firewalld is based on nftables. You cannot ride half a horse and pretend the other half had nothing to do with you.
- Likes 1
Leave a comment:
-
ITT people coming up with obscure corner cases that explain why things could be bad... whilst showing that they have enough knowledge to come up with solutions to their particular scenario anyway. Technology has limitations, any abstration will have assupmtions and limitations intended to make life easier. We all work within imperfect systems and try our best to use them to meet our needs.
And trying to summarise the other random spurs of conversation:
- assembly can be faster, in certain circumstances, but its also a pain to manage for humans. It's literally why we invented abstracted 'languages' to represent intent & then an algorithym to make the assembly. The loss of efficiency is the trade off for managable code. Purist arguments that X is better than Y is akin to looking at a grey picture and arguing whether its black or white. Both are true and both are useful where it makes sense.
- language X is better than language Y is also asinine, they are tools. Use the tool that best works for you at the time. Hardly worth the time arguing a shovel is better than a spade when all you want is a hole.
- security is never absolute, and always compromises convenience. Your house isnt secure because it has a lock on the door. Your network isnt secure because you have a firewall. We build upon mostly-trusted structures to implement deterrants based on perceived threats. if someone asserts "my network is totally secure", you know they have more to learn.
Some people seem bent on trying to be negative. There's a new tool, it might have some limitations, they might be annoying for your specific use case, but lets look for the positives and try to help make it amazing. I like CLI but GUI's are often extremely useful.
Leave a comment:
-
Originally posted by jacob View PostIn reality security doesn't come from control, it comes from proof.
Trust is a poor man's security.
Leave a comment:
-
Originally posted by sdack View PostYou are doing it again. You say trust was no replacement for security but you keep arguing like it was.
Security does not come from trust. Security comes from control. Without control do you have no power and trust is merely the first thing that you will lose. Trust is also not useful for starting a discussion on security, only distrust is. Trust is the fallout of good security, but also a weak substitute for not having absolute security. If there was absolute security then there would be no need for trust.
- Likes 2
Leave a comment:
-
Originally posted by jacob View PostActually codecs are mostly implemented using the compiler's SIMD intrinsics. Ok, technically they are basically assembly instructions.
It avoids race conditions by using assembly instructions and so creates a lockfree malloc()-implementation.
Leave a comment:
Leave a comment: