[Info-vax] Questions and observations about OpenVMS

Dave Froble davef at tsoft-inc.com
Mon Mar 8 13:54:58 EST 2021 

On 3/8/2021 1:07 PM, jimc... at gmail.com wrote:
> On Sunday, March 7, 2021 at 5:25:29 PM UTC-8, Stephen Hoffman wrote:
>> Modern networks best assume compromise.
>
> Modern *products* best assume compromise.  We know that state and private actors are now executing skilled supply-chain attacks on software and hardware companies both.  The ongoing fiasco around Solarwinds shows just how effective they can be -- if the nefarious actors have managed to install their attack systems in the very hardware and software you rely on for security, or even to get your work done, how do you protect your customers?
>
> Lots of work on a "zero-trust" security model is necessary as a result -- https://www.crowdstrike.com/cybersecurity-101/zero-trust-security/
>
> We should keep in mind that the ancient vulnerability Simon points out is not just a single bug, but highlighted a number of the architectural vulnerabilities that he, Stephen, and others have pointed out multiple times in OpenVMS.  And that many of the same engineers who designed and implemented those vulnerabilities went on to develop the OS architecture for Windows NT.
>
> Are VSI's engineering practices up to snuff with zero-trust?  Can we be confident that malicious actors aren't already inside their network, with the capability to touch their source and engineering systems, as they have been with pretty much every other product in the world?  The obscurity of OpenVMS and lack of expertise in the research community is likely helpful here, but as VSI modernizes the product, that obscurity will continue to fade.
>
> As an aside, there was some language in the thread earlier that doesn't bear repeating about Iran and Chinese nation-state attackers.  One key part of making OpenVMS vital again will be to eliminate that sort of old-school racism from its technical community.
>

I'll take up that challenge.

Just about every day, you can open up a news page and ead about some of 
the things happening in our world.

Hacking, two serious incidents in what, a week?  People who work on this 
stuff are the ones pointing the finger at the perps, not me.  Perhaps 
they know a few things.

It's not racism, it's reality.  Attempting to ignore reality in the name 
of politically correct sure won't help.  Just makes the bad guys job 
that much easier.  If you cannot understand that,  it's you that has a 
problem.

Is it racist to be upset about how Nazanin Zaghari-Ratcliffe has been 
used as a hostage by the Iranians?

Is it raciest to be upset that girls can be  chucked into a pit and have 
rocks chucked at them?

Uighurs ...

Real easy to throw out a claim of racism.  Perhaps a bit harder for you 
to recognize evil, and to denounce it.

As for computer security, we should not need it.  But we do, because of 
evil.

-- 
David Froble                       Tel: 724-529-0450
Dave Froble Enterprises, Inc.      E-Mail: davef at tsoft-inc.com
DFE Ultralights, Inc.
170 Grimplin Road
Vanderbilt, PA  15486

More information about the Info-vax mailing list