[AccessD] OT: Firewall

Frank Tanner III pctech at mybellybutton.com
Mon Oct 10 22:07:22 CDT 2005 

On Mon, 2005-10-10 at 17:36 -0400, John Colby wrote:
> pctech at mybellybutton.com
> 
> I take it you want to be known as pctech at mybellybutton.com?  I have to
> assume that if you can figure out how to do software firewalls you can
> figure out how to do signatures?
> 
> >Actually, using a "live" CD it WOULD be trivial to build a firewall based
> on a "boot CD".  But would you REALLY want to?  Think about it.  That "live"
> CD wouldn't have updates on it.  This means you'd have to have new "live" CD
> every time that you wanted to update the OS on the firewall.
> 
> I don't want to have to update the OS on the firewall.  I don't want to know
> that the firewall exists.  I currently own a Dlink 624.  Once a year or so I
> go download any firmware updates, over the web.  Pretty much click, click, I
> am done.  Other than that I pay no attention to it.
> 
> I do not consider myself closed minded.  I downloaded (about two years ago)
> one of the Linux distros.  I got it working.  I even downloaded and
> installed OfficeStar.  I know it is getting easier and easier.  None of
> which means I personally want to do that stuff.  I think you have an agenda
> (to have people build a firewall themselves).  I do not (at least in this
> area).  I don't care if you set up a spare PC as a firewall, or teach others
> how.  I don't care if Rocky goes out and buys a multi-hundred dollar "out of
> the box" solution, or builds your custom firewall, or uses some software
> firewall, or indeed, if he uses nothing at all.  I just don't care.   
> 
> However... I have been in computers since 1972.  I know enough to know that
> whether it is Windows, or Linux, or VMS, or CPM, if something goes wrong it
> takes digging to figure out what is happening.  The more you know about the
> OS, the less digging it takes.  I know that things DO go wrong, and the less
> you know, the more likely something WILL go wrong.
> 
> I personally know nothing about Linux.  I don't want to know anything about
> Linux.  I am CAPABLE of learning enough to do what you propose, I just don't
> WANT to.  The very fact that you are discussing OS updates tells me I don't
> want to.  Additionally, I think the effort to do so is not in proportion to
> any risk I might be taking by not doing so.  
> 
> >However when someone that doesn't do this for a living tries to correct me
> on something that I do on a daily basis, I will correct them.
> 
> I am not attempting to correct you, I am stating an opinion, which I believe
> I very clearly stated.  My opinion still is, that setting up and MAINTAINING
> a custom firewall is a non-trivial task.  Getting it running is no doubt the
> easiest part of the project.  Setting up a complex SQL Server database is
> non-trivial, but even if you get it set up, MAINTAINING it is beyond the
> capability of anyone not trained in SQL Server.  THAT is my point.  Things
> happen.  Handling those things requires training.  
> 
> If this firewall sits in the corner and never needs to be touched, then we
> are back to "give me a disk that I can install it with" and I will do so.
> You can't have it both ways, either it is no maintenance and I can just load
> the disk and go (and leave it humming in the corner for the next 10 years),
> or things happen and I will have to deal with them.  I don't WANT to deal
> with them.
> 
> >Without the screen shots, the document itself is less than 30 pages. 
> 
> In none of your emails so far have you offered up this document, in fact you
> seemed to indicate it was not really in a state to share.  Do you need a
> place to post it?  I just happen to have a brand new web site (part of what
> I spend MY time doing) where I can offer a page to you to put this document
> on if you care to publish it.  I can also put the document itself up with a
> hotlink for anyone who desires to do so can download the entire thing.
> 
> I am always happy to help you assist anyone who is interested in doing
> something like this.
> 
> John W. Colby
> www.ColbyConsulting.com 
> 
> Contribute your unused CPU cycles to a good cause:
> http://folding.stanford.edu/
> 
> 
> Actually, using a "live" CD it WOULD be trivial to build a frewall based on
> a "boot CD".  But would you REALLY want to?  Think about it.  That "live" CD
> wouldn't have updates on it.  This means you'd have to have 
> new "live" CD every time that you wanted to update the OS on the firewall.
> This is a non-starter without some sort of subscription service.  This sorta
> defeats the whole purpose.
> 
> Without the screen shots, the document itself is less than 30 pages. 
> The screen shots themselves take up alot of real estate in the document.
> The screen shots were done with useability in mind.  How many times have you
> read a book on something and though, "I wish I could see what they were
> talking about"?  These screen shots obviate that statement.
> 
> You misunderstand.  You think I am taking it personal.  I'm not. 
> However when someone that doesn't do this for a living tries to correct me
> on something that I do on a daily basis, I will correct them.  Just as I'd
> expect that you would if I were to make some off-base development comment.
> You are the one that seems close-minded about this, without even having seen
> the document, I might add.
> -- 
> AccessD mailing list
> AccessD at databaseadvisors.com
> http://databaseadvisors.com/mailman/listinfo/accessd
> Website: http://www.databaseadvisors.com
> 
> 

You've OBVIOUSLY never dealt with web based e-mail clients.  I was
answering you via web mail from my ISP rather than answering from home.
Web based e-mail doesn't always support signatures.

Once again, you judge long before you have the facts in and attempt to
assert your superiority based on your "facts.
-- 
Frank Tanner III <pctech at mybellybutton.com>

More information about the AccessD mailing list