> And make uptime a design goal: a thousand-day uptime shouldnβt be folklore, it should be normal. Not a party trick, not a screenshot to boast about, but simply the natural consequence of a system built to endure.
But in all, beautifully-written article. I don't agree that trying to cater to the desktop is a bad thing, though, although the warnings they spoke of were valid.
That server had absolutely zero open ports to the internet and only acted as a transparent network traffic shaper with IPFW/ALTQ. It provided 10 years of service providing rock solid performance in this environment. I don't recall there being any CVEs that affected IPFW/ALTQ or any other TCP/IP functionality that it exposed.
I'm also an ex-infosec grump :)
Why is having a 10 year uptime on a FreeBSD network appliance so much different than a 10 year uptime on a Cisco switch/router? That is not uncommon either. If a CVE is only exploitable if you can somehow access the private management network I generally don't care so much because if they can access your management network you have much much bigger problems to deal with
I think they're a little confused because they seem to think that pkgbase means base comes from the ports tree and it's not stable anymore but rolling release instead. That's not what's even happening here.
Though they are correct at alluding to a more rapid development future being possible where we could have desktop users targeting STABLE or even CURRENT quite easily
feld
in reply to ClaudioM • • •R.L. Dane π΅
in reply to feld • • •Unless we're doing some kind of livepatching, a 10 year uptime isn't something to be happy about.
Sincerely,
Ex-#infosec grump. π
But in all, beautifully-written article. I don't agree that trying to cater to the desktop is a bad thing, though, although the warnings they spoke of were valid.
feld
in reply to R.L. Dane π΅ • • •That server had absolutely zero open ports to the internet and only acted as a transparent network traffic shaper with IPFW/ALTQ. It provided 10 years of service providing rock solid performance in this environment. I don't recall there being any CVEs that affected IPFW/ALTQ or any other TCP/IP functionality that it exposed.
I'm also an ex-infosec grump :)
Why is having a 10 year uptime on a FreeBSD network appliance so much different than a 10 year uptime on a Cisco switch/router? That is not uncommon either. If a CVE is only exploitable if you can somehow access the private management network I generally don't care so much because if they can access your management network you have much much bigger problems to deal with
feld
in reply to R.L. Dane π΅ • • •> although the warnings they spoke of were valid.
I think they're a little confused because they seem to think that pkgbase means base comes from the ports tree and it's not stable anymore but rolling release instead. That's not what's even happening here.
Though they are correct at alluding to a more rapid development future being possible where we could have desktop users targeting STABLE or even CURRENT quite easily