About Mt. Gox flaw from a security expert - page 10.

kokjo

legendary

Activity: 1050

Merit: 1000

You are WRONG!

Quote from: iCEBREAKER on June 20, 2011, 04:11:54 PM

Quote from: muad_dib on June 20, 2011, 03:57:35 PM

Quote from: kokjo on June 20, 2011, 03:46:47 PM

i have read most of the core code in Linux and Freebsd.

Did you really read MILLIONS of line of code?

Linux kernel codebase is roughly 10 millions lines of code just for the kernel (excluding the comments and the toolchain to compile it. The full system with also GUI and other stuff is roughly 2.4 billions lines).

Imagine you read 50% of it, at one second per line (whoa, you're a living compiler), it makes 158 years.

The eldest living compiler!

Now I understand you go around calling other people trolls. You have all the rights.

This little calculation avoided me to explain that if you really read at least some of the BSD and Linux codebase you would know how much tidier BSD kernelspace is.

Of course he didn't actually read "most of the core code in Linux and Freebsd." That's absurd.

We are dealing with a poser (the worst kind of Linux fanboi is the wanna-be); notice how he splits hairs about Open vs Free BSD, yet never mentions which flavor of Linux he's jocking.

Someone who finds "freeBSD kind of difficult to understand" is probably not a *nix expert of any kind!

LOL. you dont know what you are talking about.
for your information i can say that im right now on a gentoo, my home server runs ubuntu. i also have another computer which runs CentOS 5.
freebsd userland is much easier to understand then the kerneland.

kokjo

legendary

Activity: 1050

Merit: 1000

You are WRONG!

Quote from: muad_dib on June 20, 2011, 03:57:35 PM

Quote from: kokjo on June 20, 2011, 03:46:47 PM

i have read most of the core code in Linux and Freebsd.

Did you really read MILLIONS of line of code?

Linux kernel codebase is roughly 10 millions lines of code just for the kernel (excluding the comments and the toolchain to compile it. The full system with also GUI and other stuff is roughly 2.4 billions lines).

Imagine you read 50% of it, at one second per line (whoa, you're a living compiler), it makes 158 years.

The eldest living compiler!

Now I understand you go around calling other people trolls. You have all the rights.

This little calculation avoided me to explain that if you really read at least some of the BSD and Linux codebase you would know how much tidier BSD kernelspace is.

yes thats many lines. but not in the core code, that excludes all the drivers(90%), and all the archs(5-8%)(except x86 and arm). it not that many, i only have read 2-5% of the whole linux code, and only the parts that concerns me.
some of the toolchain i have also read, gcc and binutils, not all of it but some.
the FreeBSD source only did confuse me.

iCEBREAKER

legendary

Activity: 2156

Merit: 1072

Crypto is the separation of Power and State.

Quote from: muad_dib on June 20, 2011, 03:57:35 PM

Quote from: kokjo on June 20, 2011, 03:46:47 PM

i have read most of the core code in Linux and Freebsd.

Did you really read MILLIONS of line of code?

Linux kernel codebase is roughly 10 millions lines of code just for the kernel (excluding the comments and the toolchain to compile it. The full system with also GUI and other stuff is roughly 2.4 billions lines).

Imagine you read 50% of it, at one second per line (whoa, you're a living compiler), it makes 158 years.

The eldest living compiler!

Now I understand you go around calling other people trolls. You have all the rights.

This little calculation avoided me to explain that if you really read at least some of the BSD and Linux codebase you would know how much tidier BSD kernelspace is.

Of course he didn't actually read "most of the core code in Linux and Freebsd." That's absurd.

We are dealing with a poser (the worst kind of Linux fanboi is the wanna-be); notice how he splits hairs about Open vs Free BSD, yet never mentions which flavor of Linux he's jocking.

Someone who finds "freeBSD kind of difficult to understand" is probably not a *nix expert of any kind!

jgraham

full member

Activity: 140

Merit: 100

Quote from: muad_dib on June 20, 2011, 11:55:12 AM

FreeBSD has less bugs than Linux (one fold less).
FreeBSD bugs went up because there has been a MAJOR review of code, both from volunteers and paid developers. http://marc.info/?l=openbsd-tech&m=129236621626462&w=2
The production machines with the best uptime are FreeBSD based.
Still you think that Linux is safer than FreeBSD?

Your original point seemed to be that FreeBSD is more secure than Linux. I'd say you haven't made your point.

muad_dib

member

Activity: 140

Merit: 10

Quote from: kokjo on June 20, 2011, 03:46:47 PM

i have read most of the core code in Linux and Freebsd.

Did you really read MILLIONS of line of code?

Linux kernel codebase is roughly 10 millions lines of code just for the kernel (excluding the comments and the toolchain to compile it. The full system with also GUI and other stuff is roughly 2.4 billions lines).

Imagine you read 50% of it, at one second per line (whoa, you're a living compiler), it makes 158 years.

The eldest living compiler!

Now I understand you go around calling other people trolls. You have all the rights.

This little calculation avoided me to explain that if you really read at least some of the BSD and Linux codebase you would know how much tidier BSD kernelspace is.

kokjo

legendary

Activity: 1050

Merit: 1000

You are WRONG!

Quote from: muad_dib on June 20, 2011, 03:34:56 PM

Quote from: iCEBREAKER on June 20, 2011, 02:46:32 PM

Quote

BSD is designed. Linux is grown.

This is such a beautiful sentence.

When developing some serial drivers for a vending machines running linux, me and my team went crazy handling all the hacks, specifications and modules the kernel had. It is just a bloated monster, on a driver I found a comment:

"We don't know why it is this way, but please dont touch it"

The server controlling the vending machines instead run on FreeBSD and its much tidier and organized kernel space has been a pleasure to work with.

comments like that is because of some old hacks on very old buggy hardware, these types of comments is also in the FreeBSD sourcecode.
some people would also find it easier to run windows xp on your vending machine.
i have read most of the core code in Linux and Freebsd. and i found that linux's source is simpler.
while freeBSD kind of difficult to understand sometimes.
it just my opinion.

muad_dib

member

Activity: 140

Merit: 10

Quote from: iCEBREAKER on June 20, 2011, 02:46:32 PM

Quote

BSD is designed. Linux is grown.

This is such a beautiful sentence.

When developing some serial drivers for a vending machines running linux, me and my team went crazy handling all the hacks, specifications and modules the kernel had. It is just a bloated monster, on a driver I found a comment:

"We don't know why it is this way, but please dont touch it"

The server controlling the vending machines instead run on FreeBSD and its much tidier and organized kernel space has been a pleasure to work with.

kokjo

legendary

Activity: 1050

Merit: 1000

You are WRONG!

Quote from: iCEBREAKER on June 20, 2011, 02:46:32 PM

Quote from: kokjo on June 20, 2011, 09:24:42 AM

Quote from: muad_dib on June 20, 2011, 05:37:34 AM

Quote from: Grinder on June 20, 2011, 05:34:53 AM

http://en.wikipedia.org/wiki/Correlation_does_not_imply_causation

Especially when you're picking data as selectively as you do.

I'm not going to start a flamewar. Please respect my objective opinion. I will respect your personal belief.

http://people.freebsd.org/~murray/bsd_flier.html

http://www.cvedetails.com/vendor/6/Freebsd.html

http://www.cvedetails.com/vendor/33/Linux.html

Not only freebsd has less vulnerabilities, but they are also less serious (check exploit or data execution)

freebsd is also less used Tongue

so there might be more bugs and exploits to discover.
i acatualy like that there has been more holes in linux, because it means that they are fixed.

Linux is used more than *BSD as a desktop OS by fangurlz with Tux The Penguin avatars (excluding OSX).
Linux is used more than *BSD as a server OS by businesses that hire fangurlz with Tux The Penguin avatars.

On the other hand, when me move into the world of the critical systems that keep the Linux kiddies' interwebs running smoothly, we find that *BSD has been used for much longer and with greater success:

Quote

Over ten years of work have been put into enhancing BSD, adding industry-leading SMP, multithreading, and network performance, as well as new management tools, file systems, and security features. As a result, FreeBSD may be found across the Internet, in the operating system of core router products, running root name servers, hosting major web sites, and as the foundation for widely used desktop operating systems.

The reason for this is that:

Quote

BSD is designed. Linux is grown.

You do know that without BIND and BSD, there would never have been any Linux or Tux, right?

You do know that the root nameservers have always and will always run BIND on BSD, right?

So why don't you write to the Internet Assigned Numbers Authority about how your magical Tux so much more secure and popular than BSD.

I'm sure they'll be blown away by the force of your irrefutable, highly technical argument that "bugs, holes, and exploits are good."

linux are used more on servers and desktops. true!
FreeBSD is not the only thing that runs the root nameservers, core routers, etc...
NSD is also running instead of BIND on some root servers.

btw. linux is designed and BSD is grown, take a look at the unix family tree:

linux is a strait line from 1991 to now, and *BSD history goes back 1969 from unics.
its true that *BSD is older then linux. but its grown.

btw. the quote:

Quote

Over ten years of work have been put into enhancing BSD, adding industry-leading SMP, multithreading, and network performance, as well as new management tools, file systems, and security features. As a result, FreeBSD may be found across the Internet, in the operating system of core router products, running root name servers, hosting major web sites, and as the foundation for widely used desktop operating systems.

is taken from freebsd website, and is therefor heavily biased.

i think you are a troll too. all your arguments are wrong.

iCEBREAKER

legendary

Activity: 2156

Merit: 1072

Crypto is the separation of Power and State.

Quote from: kokjo on June 20, 2011, 09:24:42 AM

Quote from: muad_dib on June 20, 2011, 05:37:34 AM

Quote from: Grinder on June 20, 2011, 05:34:53 AM

http://en.wikipedia.org/wiki/Correlation_does_not_imply_causation

Especially when you're picking data as selectively as you do.

I'm not going to start a flamewar. Please respect my objective opinion. I will respect your personal belief.

http://people.freebsd.org/~murray/bsd_flier.html

http://www.cvedetails.com/vendor/6/Freebsd.html

http://www.cvedetails.com/vendor/33/Linux.html

Not only freebsd has less vulnerabilities, but they are also less serious (check exploit or data execution)

freebsd is also less used Tongue

so there might be more bugs and exploits to discover.
i acatualy like that there has been more holes in linux, because it means that they are fixed.

Linux is used more than *BSD as a desktop OS by fangurlz with Tux The Penguin avatars (excluding OSX).
Linux is used more than *BSD as a server OS by businesses that hire fangurlz with Tux The Penguin avatars.

On the other hand, when me move into the world of the critical systems that keep the Linux kiddies' interwebs running smoothly, we find that *BSD has been used for much longer and with greater success:

Quote

Over ten years of work have been put into enhancing BSD, adding industry-leading SMP, multithreading, and network performance, as well as new management tools, file systems, and security features. As a result, FreeBSD may be found across the Internet, in the operating system of core router products, running root name servers, hosting major web sites, and as the foundation for widely used desktop operating systems.

The reason for this is that:

Quote

BSD is designed. Linux is grown.

You do know that without BIND and BSD, there would never have been any Linux or Tux, right?

You do know that the root nameservers have always and will always run BIND on BSD, right?

So why don't you write to the Internet Assigned Numbers Authority about how your magical Tux so much more secure and popular than BSD.

I'm sure they'll be blown away by the force of your irrefutable, highly technical argument that "bugs, holes, and exploits are good."

finack

member

Activity: 126

Merit: 10

Amusingly, more or less right after defending tradehill by saying they allowed me to use ssl for everything, they changed their site so that it now gives mixed content warnings for script elements. This means that anyone who was sniffing my network could probably just pull the session cookie off of the script requests, and even if they've correctly set it to ssl cookie, any attacker running a MITM or on your local network could insert a modified script resource that could steal your account credentials or take control of your logged in account.

I'm sure they did this for performance reasons as their site is running slow as shit right now, but it doesn't give me any faith that tradehill is conducting themselves with a better security posture than anyone else.

kokojie

legendary

Activity: 1806

Merit: 1003

It doesn't really matter what OS you use, it is important that you really "know" the OS you have chosen, I mean really "know" your sh*t about the OS.

FreeBSD/Linux can be set up poorly with tons of security holes.
Windows Server can be set up with rock solid security and nearly impossible to break.

It just depends on how well you know security, the OS and programming.

jjiimm_64

legendary

Activity: 1876

Merit: 1000

I am just sorry that I wont be able to get these 10 minutes back!!

muad_dib

member

Activity: 140

Merit: 10

Quote from: kokjo on June 20, 2011, 12:18:00 PM

no freebsd has less discovered bugs..

after a major review.

Quote

and now you are talking about openbsd instead of freebsd.
either you are stupid or you dont know what you are talking about.
openbsd is maybe the most paranoid OS in the world, yes thats right.

Because FreeBSD and OpenBSD has a totally different codebase, and the bugs
increase after the review is just a coincidence.

Quote

and...? uptime != security

You = wrong

Unless you don't touch your server when an intrusion is detected.

finack

member

Activity: 126

Merit: 10

You guys are pretty far off track arguing about socialism and BSD.

On that same TV show last night, Adam from Mt. Gox ([email protected] I believe) stated that they were looking to hire an app and systems security guy. It sounded like they wanted a full time employee, but they're liable to be fine with a consultant considering the bind they're in and how hard it would be to lure a full time type asset in Tokyo. If you're interested and looking for work maybe you should email them and set something up. It seems like that'd be a lot more productive than posting here about IIS vs. apache vs. ngix or session cookies.

nelisky

legendary

Activity: 1540

Merit: 1002

Quote from: muad_dib on June 20, 2011, 12:10:38 PM

Quote from: nelisky on June 20, 2011, 12:07:46 PM

You see what you want to see, I read somewhere

I do think that people should be paid the same for the same task, regardless of them being poor or rich. I also think that your hatred made you state the wrong idea. You mean rich people should not PAY the same as poor people, right? not GET PAID?

regardless, yes, I think a thing is a thing and has a value regardless of who pays and who gets paid. It's how much you are willing to pay that makes the price, not how wealthy you are, in my personal opinion. But I'm sure you are correct, and that's why the world is as it is today.

Are you american right?

Next time you fill your tax form aks to pay the same ammount as donald trump. Personal wealth doesn't matter, right?

Nope, not American at all. And yes, I would love to pay the same as donald trump for each unit of taxable income, he is much richer than I am and I pay much more per earned unit. Or was that your argument?

Ah, right, you are a troll, you make no arguments, only read hatred

kokjo

legendary

Activity: 1050

Merit: 1000

You are WRONG!

Quote from: Sukrim on June 20, 2011, 12:19:42 PM

What about DragonflyBSD? The Hurd? Or what about Haiku?!

Seriously! Stop feeding this troll, he won't share his "wisdom" anyways, neither here nor to anyone else who won't pay his little 5-digit sum.

Yes, Bitcoin exchanges were more or less overrun by users in the past few months - whoever didn't know this (there are charts, people!) does know now.

but... but.. its funny to feed him Cheesy

muad_dib

member

Activity: 140

Merit: 10

Quote from: Sukrim on June 20, 2011, 12:19:42 PM

What about DragonflyBSD? The Hurd? Or what about Haiku?!

Seriously! Stop feeding this troll, he won't share his "wisdom" anyways, neither here nor to anyone else who won't pay his little 5-digit sum.

Yes, Bitcoin exchanges were more or less overrun by users in the past few months - whoever didn't know this (there are charts, people!) does know now.

the flaw is stated multiple time in this thread. Just read carefully.

Will you give me 5 BTC If I can link 5 post from 5 different users in THIS thread that explain which is the flaw?

Read better, hate less.

iBTC

newbie

Activity: 39

Merit: 0

Quote from: muad_dib on June 20, 2011, 12:15:34 PM

Quote from: iBTC on June 20, 2011, 12:12:31 PM

Quote from: muad_dib on June 20, 2011, 05:00:17 AM

Anyhow let's put this way: My opinion is that FreeBSD is the most secure, reliable and scalable OS. You think that Linux is more secure than FreeBSD.

Well i think OpenBSD is more secure..

Sorry, by saying FreeBSD I mean *BSD. Is just that I'm working on a big FreeBSD project and I have this name in my mind.

You are totally right by saying that OpenBSD is safer than FreeBSD

It's hard to configure stuff on it even for someone familiar with *nix but still it's worth it.

What are you working on btw i am a bit curious Grin

Sukrim

legendary

Activity: 2618

Merit: 1007

What about DragonflyBSD? The Hurd? Or what about Haiku?!

Seriously! Stop feeding this troll, he won't share his "wisdom" anyways, neither here nor to anyone else who won't pay his little 5-digit sum.

Yes, Bitcoin exchanges were more or less overrun by users in the past few months - whoever didn't know this (there are charts, people!) does know now.

kokjo

legendary

Activity: 1050

Merit: 1000

You are WRONG!

Quote from: muad_dib on June 20, 2011, 11:56:02 AM

I read so much hate in these forums. People please, chill out.

oh im not hateing, just using my mind. and it tells me that you are a stupid troll. (sorry)

Topic: About Mt. Gox flaw from a security expert - page 10. (Read 34165 times)