Dear Sun: I love you, but...

you do so many things so stupidly. Your hardware is great! There's a lot of really awesome stuff about Solaris 10: Zones, ZFS, Dtrace, the whole deal. Even an acerbic BSD guy such as myself can appreciate it. But you have sooo much to learn.

For instance, take a look at this default port scan on a freshly-installed Sun running Solaris10. This machine was booted with the pre-installed OS -- I haven't touched a thing:

[mb]fcl46unt106519 $ nmap xxx

Starting Nmap 4.03 ( http://www.insecure.org/nmap/ ) at 2007-07-31 09:24 CDT
Host xxx.unt.edu (xxx.xxx.xxx.xxx) appears to be up ... good.
Interesting ports on xxx.unt.edu (xxx.xxx.xxx.xxx):
(The 1655 ports scanned but not shown below are in state: closed)
PORT      STATE SERVICE
21/tcp    open  ftp
22/tcp    open  ssh
23/tcp    open  telnet
25/tcp    open  smtp
79/tcp    open  finger
111/tcp   open  rpcbind
513/tcp   open  login
514/tcp   open  shell
587/tcp   open  submission
4045/tcp  open  lockd
6112/tcp  open  dtspc
7100/tcp  open  font-service
32771/tcp open  sometimes-rpc5
32772/tcp open  sometimes-rpc7
32773/tcp open  sometimes-rpc9
32774/tcp open  sometimes-rpc11
32777/tcp open  sometimes-rpc17
32778/tcp open  sometimes-rpc19
32779/tcp open  sometimes-rpc21

Nmap finished: 1 IP address (1 host up) scanned in 51.288 seconds

Sun, buddy: It's 2007. Do I really have to turn off telnetd, rlogin, et al, on a new machine? Why is this stuff even installed anymore by default?