Disagreed, mostly
I've watched this story -- it's actuallly originated from NewsForge by Robin Miller.
It's true that ancient systems can offer network security. But you could make the same arguments for MacOS, DOS, or a Commodore 64. None of these systems, in default mode, offers any remote access capabilities (hell, most don't support sockets). While this offers security, it also makes things like, say, remote administration, impossible.
There are balances between security and convenience. The rock-solid accessible 'Nix of the moment is [link|http://www.openbsd.org/|OpenBSD]. It's not absolutely proof, there have been some local exploits in the past year, but it's been safe from remote root exploits in the default install for five years. This is achieved both through choosing what's on the system, but also by using prophylactically secure tools (rewritten system libs that avoid many stack smashing and buffer overflow problems by disallowing them in the first place), and by painstakingly auditing all code on the system.
I subscribe to a slightly different philosophy, though. I prefer Debian, and rely on the fact that it keeps current updates, and allows (and supports) removal of packages not required on the current system. This effectively achieves the same result (or approximates it) as the "security by obsolescence" school, because you're following one of its tenets: don't install crap you don't need.
Turning a blind eye to updates itself doesn't work. Once you're open to the 'Net, you need to keep an eye on it, and make sure that bugs are fixed. And with a sufficiently complex system, updates of one component will often mean that others have to be rejiggered to keep things working smoothly. This is where Debian, with its policy, dependencies, and package management tools, wins.
Note too, however, that Debian's stable release does somewhat follow the philosophy of minimal change. Once released, the secure track changes little, with only security updates being made to it. This means that you're buying tested, proven, stable, solutions, but are also keeping up to date on patches. If you prefer bleeding a bit, you can jump up to testing or unstable, but for the dependable iron out back, there's no need.
Keeping your base stable helps. Freezing it in the face of all external factors is idiotic.
--
Karsten M. Self [link|mailto:kmself@ix.netcom.com|kmself@ix.netcom.com]
[link|http://kmself.home.netcom.com/|[link|http://kmself.home.netcom.com/|http://kmself.home.netcom.com/]]
What part of "gestalt" don't you understand?
Keep software free. Oppose the CBDTPA. Kill S.2048 dead.
[link|http://www.eff.org/alerts/20020322_eff_cbdtpa_alert.html|[link|http://www.eff.org/alerts/20020322_eff_cbdtpa_alert.html|http://www.eff.org/...a_alert.html]]