FTP Server

Craig White plug-discuss@lists.plug.mybutt.net
Thu, 17 Jan 2002 20:00:14 -0700 

Blake Barnett wrote:
> 
> Tom,
> 
> I'm sorry if you felt I was being condescending, that was not my
> intention.  I was trying to clear the air a little w/regards to FTP and
> security.  They are only my opinions and were given with the best of
> intentions.
> 
> The comment about RedHat was all in good fun, I know Mr. White knows
> RedHat is not "Linux", but a distribution of it.
> 
> I find it disturbing when people won't switch from the "top-dog" simply
> because they are the "top-dog", or because they are just used to
> whatever it is.  Change is good, as long as it is for the right
> reasons.  ;)
> 
----
Hey - no problem here, I only wish I knew 25% of what Blake understands
about this stuff. I've only been at this a relatively short amount of
time.

As far as RedHat being the only linux - I never made that comment and
wouldn't think of making that comment and hope that many other distro's
continue to prosper. Redhat happens to be the only one I have made a
concentrated effort in learning - much as I have done with WinNT/2K. One
thing is absolutely certain, that is all software is imperfect. The last
time I sat down with Suse, I had to figure out where things were, kneel
in front of almighty yast and I felt clumsy - no doubt I would get it
over time but I also have this OSX machine that I don't understand and
I've been playing with wireless stuff. Playing with other linux distro's
is a low point on the totem pole. My comment about RedHat including
wu-ftpd was specifically in response to Nigel's comment "any other
Decent distro of Linux stopped putting Wu-ftp on their distro's" and if
nothing else, I figure, it's at least a decent distro.

As for ftp server software, I could easily take either side of the
argument and still end up with the same conclusion that Blake gave us,
that it is by it's nature, insecure. Security through obscurity is a
strategy, so is security through a well maintained system but any system
that allows remote users to give a name/password to a netmask of 0.0.0.0
is bound to be a problem.

Lastly, and I apologize if I sounded arrogant - I cannot condone...User
with problem, "How do I get software A to do this?" and answer - "Don't
use software A, use B or C" This is despite the fact that software A is
widely in use. The answer was condenscending and ineffective. It offered
no solution...only another problem.

Craig