Pages:
Author

Topic: About Mt. Gox flaw from a security expert - page 10. (Read 34182 times)

legendary
Activity: 1050
Merit: 1000
You are WRONG!

i have read most of the core code in Linux and Freebsd.


Did you  really read MILLIONS of line of code?

Linux kernel codebase is roughly 10 millions lines of code just for the kernel (excluding the comments and the toolchain to compile it. The full system with also GUI and  other stuff is roughly 2.4 billions lines).

Imagine you read 50% of it, at one second per line (whoa, you're a living compiler), it makes 158 years.


The eldest living compiler!

Now I understand you go around calling other people trolls. You have all the rights.


This little calculation avoided me to explain that if you really read at least some of the BSD and Linux codebase you would know how much tidier BSD kernelspace is.

Of course he didn't actually read "most of the core code in Linux and Freebsd."  That's absurd.

We are dealing with a poser (the worst kind of Linux fanboi is the wanna-be); notice how he splits hairs about Open vs Free BSD, yet never mentions which flavor of Linux he's jocking.

Someone who finds "freeBSD kind of difficult to understand" is probably not a *nix expert of any kind!


LOL. you dont know what you are talking about.
for your information i can say that im right now on a gentoo, my home server runs ubuntu. i also have another computer which runs CentOS 5.
freebsd userland is much easier to understand then the kerneland.
legendary
Activity: 1050
Merit: 1000
You are WRONG!

i have read most of the core code in Linux and Freebsd.


Did you  really read MILLIONS of line of code?

Linux kernel codebase is roughly 10 millions lines of code just for the kernel (excluding the comments and the toolchain to compile it. The full system with also GUI and  other stuff is roughly 2.4 billions lines).

Imagine you read 50% of it, at one second per line (whoa, you're a living compiler), it makes 158 years.


The eldest living compiler!

Now I understand you go around calling other people trolls. You have all the rights.


This little calculation avoided me to explain that if you really read at least some of the BSD and Linux codebase you would know how much tidier BSD kernelspace is.
yes thats many lines. but not in the core code, that excludes all the drivers(90%), and all the archs(5-8%)(except x86 and arm). it not that many, i only have read 2-5% of the whole linux code, and only the parts that concerns me.
some of the toolchain i have also read, gcc and binutils, not all of it but some.
the FreeBSD source only did confuse me.
legendary
Activity: 2156
Merit: 1072
Crypto is the separation of Power and State.

i have read most of the core code in Linux and Freebsd.


Did you  really read MILLIONS of line of code?

Linux kernel codebase is roughly 10 millions lines of code just for the kernel (excluding the comments and the toolchain to compile it. The full system with also GUI and  other stuff is roughly 2.4 billions lines).

Imagine you read 50% of it, at one second per line (whoa, you're a living compiler), it makes 158 years.


The eldest living compiler!

Now I understand you go around calling other people trolls. You have all the rights.


This little calculation avoided me to explain that if you really read at least some of the BSD and Linux codebase you would know how much tidier BSD kernelspace is.

Of course he didn't actually read "most of the core code in Linux and Freebsd."  That's absurd.

We are dealing with a poser (the worst kind of Linux fanboi is the wanna-be); notice how he splits hairs about Open vs Free BSD, yet never mentions which flavor of Linux he's jocking.

Someone who finds "freeBSD kind of difficult to understand" is probably not a *nix expert of any kind!

full member
Activity: 140
Merit: 100
FreeBSD has less bugs than Linux (one fold less).
FreeBSD bugs went up because there has been a MAJOR review of code, both from volunteers and paid developers. http://marc.info/?l=openbsd-tech&m=129236621626462&w=2
The production machines with the best uptime are FreeBSD based.
Still you think that Linux is safer than FreeBSD?

Your original point seemed to be that FreeBSD is more secure than Linux.  I'd say you haven't made your point.
member
Activity: 140
Merit: 10

i have read most of the core code in Linux and Freebsd.


Did you  really read MILLIONS of line of code?

Linux kernel codebase is roughly 10 millions lines of code just for the kernel (excluding the comments and the toolchain to compile it. The full system with also GUI and  other stuff is roughly 2.4 billions lines).

Imagine you read 50% of it, at one second per line (whoa, you're a living compiler), it makes 158 years.


The eldest living compiler!

Now I understand you go around calling other people trolls. You have all the rights.


This little calculation avoided me to explain that if you really read at least some of the BSD and Linux codebase you would know how much tidier BSD kernelspace is.
legendary
Activity: 1050
Merit: 1000
You are WRONG!

Quote
BSD is designed. Linux is grown.

This is such a beautiful sentence.


When developing some serial drivers for a vending machines running linux, me and my team went crazy handling all the hacks, specifications and modules the kernel had. It is just a bloated monster, on a driver I found a comment:

"We don't know why it is this way, but please dont touch it"


The server controlling the vending machines instead run on FreeBSD and its much tidier and organized kernel space has been a pleasure to work with.
comments like that is because of some old hacks on very old buggy hardware, these types of comments is also in the FreeBSD sourcecode.
some people would also find it easier to run windows xp on your vending machine.
i have read most of the core code in Linux and Freebsd. and i found that linux's source is simpler.
while freeBSD kind of difficult to understand sometimes.
it just my opinion.
member
Activity: 140
Merit: 10

Quote
BSD is designed. Linux is grown.

This is such a beautiful sentence.


When developing some serial drivers for a vending machines running linux, me and my team went crazy handling all the hacks, specifications and modules the kernel had. It is just a bloated monster, on a driver I found a comment:

"We don't know why it is this way, but please dont touch it"


The server controlling the vending machines instead run on FreeBSD and its much tidier and organized kernel space has been a pleasure to work with.
legendary
Activity: 1050
Merit: 1000
You are WRONG!

http://en.wikipedia.org/wiki/Correlation_does_not_imply_causation

Especially when you're picking data as selectively as you do.

I'm not going to start a flamewar. Please respect my objective opinion. I will respect your personal belief.

http://people.freebsd.org/~murray/bsd_flier.html

http://www.cvedetails.com/vendor/6/Freebsd.html

http://www.cvedetails.com/vendor/33/Linux.html

Not only freebsd has less vulnerabilities, but they are also less serious (check exploit or data execution)
freebsd is also less used Tongue so there might be more bugs and exploits to discover.
i acatualy like that there has been more holes in linux, because it means that they are fixed.

Linux is used more than *BSD as a desktop OS by fangurlz with Tux The Penguin avatars (excluding OSX).
Linux is used more than *BSD as a server OS by businesses that hire fangurlz with Tux The Penguin avatars.

On the other hand, when me move into the world of the critical systems that keep the Linux kiddies' interwebs running smoothly, we find that *BSD has been used for much longer and with greater success:

Quote
Over ten years of work have been put into enhancing BSD, adding industry-leading SMP, multithreading, and network performance, as well as new management tools, file systems, and security features. As a result, FreeBSD may be found across the Internet, in the operating system of core router products, running root name servers, hosting major web sites, and as the foundation for widely used desktop operating systems.

The reason for this is that:

Quote
BSD is designed. Linux is grown.
You do know that without BIND and BSD, there would never have been any Linux or Tux, right?

You do know that the root nameservers have always and will always run BIND on BSD, right?

So why don't you write to the Internet Assigned Numbers Authority about how your magical Tux so much more secure and popular than BSD.

I'm sure they'll be blown away by the force of your irrefutable, highly technical argument that "bugs, holes, and exploits are good."
linux are used more on servers and desktops. true!
FreeBSD is not the only thing that runs the root nameservers, core routers, etc...
NSD is also running instead of BIND on some root servers.

btw. linux is designed and BSD is grown, take a look at the unix family tree:

linux is a strait line from 1991 to now, and *BSD history goes back 1969 from unics.
its true that *BSD is older then linux. but its grown.

btw. the quote:
Quote
Over ten years of work have been put into enhancing BSD, adding industry-leading SMP, multithreading, and network performance, as well as new management tools, file systems, and security features. As a result, FreeBSD may be found across the Internet, in the operating system of core router products, running root name servers, hosting major web sites, and as the foundation for widely used desktop operating systems.
is taken from freebsd website, and is therefor heavily biased. Smiley

i think you are a troll too. all your arguments are wrong.
legendary
Activity: 2156
Merit: 1072
Crypto is the separation of Power and State.

http://en.wikipedia.org/wiki/Correlation_does_not_imply_causation

Especially when you're picking data as selectively as you do.

I'm not going to start a flamewar. Please respect my objective opinion. I will respect your personal belief.

http://people.freebsd.org/~murray/bsd_flier.html

http://www.cvedetails.com/vendor/6/Freebsd.html

http://www.cvedetails.com/vendor/33/Linux.html

Not only freebsd has less vulnerabilities, but they are also less serious (check exploit or data execution)
freebsd is also less used Tongue so there might be more bugs and exploits to discover.
i acatualy like that there has been more holes in linux, because it means that they are fixed.

Linux is used more than *BSD as a desktop OS by fangurlz with Tux The Penguin avatars (excluding OSX).
Linux is used more than *BSD as a server OS by businesses that hire fangurlz with Tux The Penguin avatars.

On the other hand, when me move into the world of the critical systems that keep the Linux kiddies' interwebs running smoothly, we find that *BSD has been used for much longer and with greater success:

Quote
Over ten years of work have been put into enhancing BSD, adding industry-leading SMP, multithreading, and network performance, as well as new management tools, file systems, and security features. As a result, FreeBSD may be found across the Internet, in the operating system of core router products, running root name servers, hosting major web sites, and as the foundation for widely used desktop operating systems.

The reason for this is that:

Quote
BSD is designed. Linux is grown.
You do know that without BIND and BSD, there would never have been any Linux or Tux, right?

You do know that the root nameservers have always and will always run BIND on BSD, right?

So why don't you write to the Internet Assigned Numbers Authority about how your magical Tux so much more secure and popular than BSD.

I'm sure they'll be blown away by the force of your irrefutable, highly technical argument that "bugs, holes, and exploits are good."
member
Activity: 126
Merit: 10
Amusingly, more or less right after defending tradehill by saying they allowed me to use ssl for everything, they changed their site so that it now gives mixed content warnings for script elements. This means that anyone who was sniffing my network could probably just pull the session cookie off of the script requests, and even if they've correctly set it to ssl cookie, any attacker running a MITM or on your local network could insert a modified script resource that could steal your account credentials or take control of your logged in account.

I'm sure they did this for performance reasons as their site is running slow as shit right now, but it doesn't give me any faith that tradehill is conducting themselves with a better security posture than anyone else.

legendary
Activity: 1806
Merit: 1003
It doesn't really matter what OS you use, it is important that you really "know" the OS you have chosen, I mean really "know" your sh*t about the OS.

FreeBSD/Linux can be set up poorly with tons of security holes.
Windows Server can be set up with rock solid security and nearly impossible to break.

It just depends on how well you know security, the OS and programming.
legendary
Activity: 1876
Merit: 1000

I am just sorry that I wont be able to get these 10 minutes back!!
member
Activity: 140
Merit: 10


no freebsd has less discovered bugs..


after a major review.

Quote

and now you are talking about openbsd instead of freebsd.
either you are stupid or you dont know what you are talking about.
openbsd is maybe the most paranoid OS in the world, yes thats right.


Because FreeBSD and OpenBSD has a totally different codebase, and the bugs
increase after the review is just a coincidence.

Quote
and...? uptime != security



You = wrong

Unless you don't touch your server when an intrusion is detected.
member
Activity: 126
Merit: 10
You guys are pretty far off track arguing about socialism and BSD.

On that same TV show last night, Adam from Mt. Gox ([email protected] I believe) stated that they were looking to hire an app and systems security guy. It sounded like they wanted a full time employee, but they're liable to be fine with a consultant considering the bind they're in and how hard it would be to lure a full time type asset in Tokyo. If you're interested and looking for work maybe you should email them and set something up. It seems like that'd be a lot more productive than posting here about IIS vs. apache vs. ngix or session cookies.
legendary
Activity: 1540
Merit: 1002


You see what you want to see, I read somewhere Smiley

I do think that people should be paid the same for the same task, regardless of them being poor or rich. I also think that your hatred made you state the wrong idea. You mean rich people should not PAY the same as poor people, right? not GET PAID?

regardless, yes, I think a thing is a thing and has a value regardless of who pays and who gets paid. It's how much you are willing to pay that makes the price, not how wealthy you are, in my personal opinion. But I'm sure you are correct, and that's why the world is as it is today.

Are you american right?

Next time you fill your tax form aks to pay the same ammount as donald trump. Personal wealth doesn't matter, right? Smiley

Nope, not American at all. And yes, I would love to pay the same as donald trump for each unit of taxable income, he is much richer than I am and I pay much more per earned unit. Or was that your argument?

Ah, right, you are a troll, you make no arguments, only read hatred Smiley
legendary
Activity: 1050
Merit: 1000
You are WRONG!
What about DragonflyBSD? The Hurd? Or what about Haiku?!

Seriously! Stop feeding this troll, he won't share his "wisdom" anyways, neither here nor to anyone else who won't pay his little 5-digit sum.

Yes, Bitcoin exchanges were more or less overrun by users in the past few months - whoever didn't know this (there are charts, people!) does know now.
but... but.. its funny to feed him Cheesy
member
Activity: 140
Merit: 10
What about DragonflyBSD? The Hurd? Or what about Haiku?!

Seriously! Stop feeding this troll, he won't share his "wisdom" anyways, neither here nor to anyone else who won't pay his little 5-digit sum.

Yes, Bitcoin exchanges were more or less overrun by users in the past few months - whoever didn't know this (there are charts, people!) does know now.

the flaw is stated multiple time in this thread. Just read carefully.


Will you give me 5 BTC If I can link 5 post from 5 different users in THIS thread that explain which is the flaw?



Read better, hate less.
newbie
Activity: 39
Merit: 0
Anyhow let's put this way: My opinion is that FreeBSD is the most secure,  reliable and scalable OS. You think that Linux is more secure than FreeBSD.
Well i think OpenBSD is more secure..


Sorry, by saying FreeBSD I mean *BSD. Is just that I'm working on a big FreeBSD project and I have this name in my mind.


You are totally right by saying that OpenBSD is safer than FreeBSD
It's hard to configure stuff on it even for someone familiar with *nix but still it's worth it.

What are you working on btw i am a bit curious  Grin
legendary
Activity: 2618
Merit: 1007
What about DragonflyBSD? The Hurd? Or what about Haiku?!

Seriously! Stop feeding this troll, he won't share his "wisdom" anyways, neither here nor to anyone else who won't pay his little 5-digit sum.

Yes, Bitcoin exchanges were more or less overrun by users in the past few months - whoever didn't know this (there are charts, people!) does know now.
legendary
Activity: 1050
Merit: 1000
You are WRONG!
I read so much hate in these forums. People please, chill out.
oh im not hateing, just using my mind. and it tells me that you are a stupid troll. (sorry)
Pages:
Jump to: