I know I’m not going crazy. Well, not completely crazy but that’s neither here nor there.
A while back I had mutt up and functioning PERFECTLY (or near perfect). Then I messed up and lost the configuration files I was using. I’ve never been the same since the incident.
This morning I decided I was going rebuild the files and get mutt back up and running. I have most of it worked out but I’m missing one little piece… the outgoing portion. I’ve looked for documentation for how to define an SMTP server but all I’ve found is people saying how you CAN’T do it. I know I’m not going crazy with this part as I remember my old build actually connecting to the SMTP server and sending messages.
Does anyone have this up and running?
Been enjoying the Beijing Games. I’m considering attending the Vancouver Games. Is anyone else going?
I don’t hide the fact that I am a contractor to a few US Government organizations and deal specifically with security issues. As such, I’m asked if I’m seeing any open source or Linux items in my daily work. Unfortunately the answer is always “not as much as I’d like to see”. I know that a Linux system can be hardened faster and easier (and cheaper) than that other brand of OS. I know that doing compliance testing takes half as long on Linux (and Solaris) than that other brand as well. This all equals to a larger cost savings to the customer (the gov’t) and to the American public. So why isn’t there more open source solutions out there being used? Two words: “testing” and “certifications”.
I’ll use LUKS as a good example. LUKS provides “Data at Rest (DAR) Encryption” for computer hard drives and removable media. By default, in Fedora, it uses AES encryption and protects all data on the hard drive from being copied or altered on a system that is powered down. Simple, easy to install, free, and meets the basic requirements for DAR Encryption. Why isn’t this an approved solution, then? Because LUKS doesn’t meet FIPS 140-2 requirements. Well, I won’t say that it doesn’t meet the requirements because it probably does but it has never been certified as such. And to do so is usually takes at least $100k+ and a few months of government testing. Now if you are developing open source software you probably don’t have the money to fund such testing.
There are a few notable exceptions. SELinux was a joint project between the community and the NSA. That worked out well for all involved.
I’d like to see the bar lowered for software to become accepted as solutions instead of being discarded because they don’t have a large amount of funding.