(Of course, there's an easy way to defang many of them: remove the C compiler from your servers/front-line machines, which would make building exploits rather impossible. A malicious script could still download precompiled exploits from a website; though if you run your servers on something weird, it may not be able to find one; if crackers had to precompile exploits, they would probably go mostly after the 95% of machines which run Red Hat Linux on a x86 or something equally common.)
<img src="http://www.adage.com/images/random/lips01_big.jpg">
Ah yeah thanks for that Kenny. Always nice to see the NSA getting some free publicity, God knows they need it with shrinking military budgets this xmas and all.
And yes, Andrew, the Reg certainly brought the concept of "security by weird-ass hardware" idea into the mainstream. I ran a NetBSD/SPARC gateway for a while but life was too boring without intrusions. Even now I've switched to juicy Linux/x86, all I see are TCP wrapper refusals. (Touch wood:)
Now if I can just get UNIX running on this PDP-11 I'll have a flamin secure bastion host. :P
The guy who hosted dev.null.org a while back has a Vax of some sort running OpenBSD.
I've fired up NetBSD on at least one of my VAXes. My Alphas run Debian Linux, of course. My PDPs will *eventually* run something like 6th ed. UNIX - or 2.9BSD - they are small UNIBUS models of 11/34 and 11/20 ilk. Working disk subsystems are going to be a big hurdle.
Not so easy. A lot of commercial unices require a cc on the system to do kernel rebuilds/relinks/et al after patch upgrades... and the patching program (*cough*dupatch*cough*) is too dumb to consider that maybe you could cross-compile a kernel elsewhere and move it.