Pages:
Author

Topic: About Mt. Gox flaw from a security expert - page 2. (Read 34182 times)

full member
Activity: 224
Merit: 100
People, this isn't about Linux vs FreeBSD. 

This is about good sysadmins vs mediocre (or even bad) ones.

The latter make life difficult for the entire world, particularly when they manage machines that a) deal with $$$ and b) have a large user base.

Running a RaidZ is a plus for security.

Meh, unless you say how (which is kind of the thing that you keep "forgetting" to do here) it's not much of a point.

RAIDZ in terms of it's disk layout isn't significantly different (in function) from a number of other dynamically expandable RAIDs system.  The fact it is part of ZFS means that it has the checksum and copy-on-write facilities which make it a good choice for preventing accidental loss of data integrity. However that's not really what we're talking about when we mean 'security'.   What does ZFS really bring to the security party though?  Assuming all the solaris stuff came with it into FreeBSD - ACLs? What doesn't have at least some ACL support these days? although I'm not positive how the various features trade off between systems e.g. delegation.  For the record I'm running ZFS on my gentoo box.

(For reference the above is closer to an actual discussion on the security merits of RAIDZ as opposed to just calling it "a plus" which is more of a lame pontification).

Quote
Maybe you should go to them and tell that it's not true, linux is as safe as BSD, maybe even better. I'm sure they will be more than happy to follow your, jgraham and the other linux kid advices.

You have (temporarily?) confused yourself...who's advising to switch from FreeBSD to Linux?  Nobody.  Who's arguing that someone who needs a secure environment switch from Linux to FreeBSD - you.   Just to look at the logic.   Assuming I'm right and a properly secured Linux box is as good as a properly secured FreeBSD box (although in each case 'properly secured' would mean different things).   There would be zero advantage in moving (assuming the existing platform is meeting their needs).
full member
Activity: 140
Merit: 100
Running a RaidZ is a plus for security.

Meh, unless you say how (which is kind of the thing that you keep "forgetting" to do here) it's not much of a point.

RAIDZ in terms of it's disk layout isn't significantly different (in function) from a number of other dynamically expandable RAIDs system.  The fact it is part of ZFS means that it has the checksum and copy-on-write facilities which make it a good choice for preventing accidental loss of data integrity. However that's not really what we're talking about when we mean 'security'.   What does ZFS really bring to the security party though?  Assuming all the solaris stuff came with it into FreeBSD - ACLs? What doesn't have at least some ACL support these days? although I'm not positive how the various features trade off between systems e.g. delegation.  For the record I'm running ZFS on my gentoo box.

(For reference the above is closer to an actual discussion on the security merits of RAIDZ as opposed to just calling it "a plus" which is more of a lame pontification).

Quote
Maybe you should go to them and tell that it's not true, linux is as safe as BSD, maybe even better. I'm sure they will be more than happy to follow your, jgraham and the other linux kid advices.

You have (temporarily?) confused yourself...who's advising to switch from FreeBSD to Linux?  Nobody.  Who's arguing that someone who needs a secure environment switch from Linux to FreeBSD - you.   Just to look at the logic.   Assuming I'm right and a properly secured Linux box is as good as a properly secured FreeBSD box (although in each case 'properly secured' would mean different things).   There would be zero advantage in moving (assuming the existing platform is meeting their needs).
member
Activity: 84
Merit: 10
Yay!!!!!!  That would either be very true or an exceedingly large number.
legendary
Activity: 1050
Merit: 1000
You are WRONG!
I have a silly question, DON'T CHEAT, do it by hand on paper....what is 11010110101011001011111001000111 xor'ed with 00101001010100110100000110111000?  This is not a quiz, it is an exercise.
alot of ones: 11111....
member
Activity: 84
Merit: 10
Good lord, this damn Bitcoin thing is making me remember what I used to know - I'm serious, Little Mouse, if you are going to be quoting random stuff about RAID but have never known what logic-gates were by building, testing, and debugging them yourself,if you insist on talking about security perimeters...I mean parameters, without having written bad code yourself and been embarrassed enough to fix it BEFORE you handed it in, have never had your own FreeBSD (I always thought OpenBSD was slightly better, but that was 10 years ago) get its ass handed to you from the get-go because your video-card wasn't handled properly by the stable X Server version that was out that year.....you have to fail by trying, and you have to understand that this is how we all learn.  You weren't criticised so much for your ignorance as for your attitude.  Although the pretense of experience was in there too, it was the lesser offense.
member
Activity: 84
Merit: 10
I have a silly question, DON'T CHEAT, do it by hand on paper....what is 11010110101011001011111001000111 xor'ed with 00101001010100110100000110111000?  This is not a quiz, it is an exercise.
member
Activity: 84
Merit: 10
Compatible with other license (sic)?  You don't need a license.  You need a bigger fence.  Or an electrified one.  Or an automated laser guided grenade launching robotic monster attack dog.  Oh, hell, Boston Dynamics has that, why don't you?  The real tactics of the military and the government are not primarily designed by theoreticians.  They are designed by story-tellers and engineers.  Why do old churches have gargoyles on their parapets?  The people like you did the math for the archways, the people that like scaring the credulous did the gargoyles, the people like me said "Imma need a slot to shoot through."
member
Activity: 140
Merit: 10
At this point, that is not exactly a strong draw...although I will say again that the BSD's in general have always had a notably better reputation for security.  At a certain point, out of the box features become meaningless when you become a likely target.

Well the fact that BSD is compatible with other license is also a plus. Running a RaidZ is a plus for security. It has alos better link aggregation protocols (something which lags a little behind in linux).

Maybe you should go to them and tell that it's not true, linux is as safe as BSD, maybe even better. I'm sure they will be more than happy to follow your, jgraham and the other linux kid advices.
member
Activity: 84
Merit: 10
At this point, that is not exactly a strong draw...although I will say again that the BSD's in general have always had a notably better reputation for security.  At a certain point, out of the box features become meaningless when you become a likely target.  Recognizing that change in your own world is where MTGox dropped the ball.  I can relate.  I tend to trust people and always think that smarter people are kinder as a result of their intelligence.  It has taken me most of my life to realize that there is zero correlation between the two.
member
Activity: 140
Merit: 10
So, again, what are the professionals using and why?  And how?

Mt. Gox Uses FreeBSD.
member
Activity: 84
Merit: 10
Let the Little Mouse in the moon rest, he started this, none of us have to continue it.  Kid needs his sleep, whether he knows it or not.  I don't look at security from either an engineer's or a mathematician's point of view, although at times I have been both in my own little ways.  Locks aren't designed to be unbreakable, just nuisances, something other than low-hanging fruit.  Security systems get hacked for two main reasons.  They are commonly used, or they are known to be used specifically by stupid rich people.  Macs have their very own fake antivirus attack going on right now, and its a pretty big deal.  It isn't buffer overflows and unsalted brute-forceable encryption passwords that is the day to day problem for most users. 
Its not knowing that the internet is at war with them.  Not seeing that that you don't have to run faster than the bear, you just have to run faster than your neighbor.  Basic tactics.  Which brings me back to my question about obscure operating systems.  All specific knowledge of kernel coding and security models and statistics (heaven forfend) aside...what operating systems do the actual commercial exchanges use?  Again, basic tactics. Don't bring a gun into an argument about a knife fight seems to be what I hear from the Linuxists. A gunslinger can secure any operating system, which was the Little Mouse's argument about SELinux, as far as I can tell.  He did not prove that he was a gunslinger, but it is a valid point.  So, again, what are the professionals using and why?  And how?
full member
Activity: 140
Merit: 100
A few people (mostly maud_dib) seem to be saying "Linux can not possibly in any reasonable circumstance be as secure as FreeBSD" (although maud_dib hedged his bet a bit after he googled about OpenBSD and now just says BSD).


See that never happens to me because the next thing she says is:

"Come to bed or I'll stab you in the eye!"

...and I like my eyes.
member
Activity: 126
Merit: 10
A few people (mostly maud_dib) seem to be saying "Linux can not possibly in any reasonable circumstance be as secure as FreeBSD" (although maud_dib hedged his bet a bit after he googled about OpenBSD and now just says BSD).

full member
Activity: 140
Merit: 100
guys, you may have more servers, but my fiber is longer!  Grin
WTF are we trying to accomplish with this thread? go buy a security book, take a couple classes, and spend a few months/years in the wild.
the rest is, sorry, just conversations  Grin
I can only speak for myself here.  If you're getting at the idea that the question of "what is more secure Linux or some form of BSD" is probably difficult or impossible to answer and it's stupid to try.   I agree.   

However here's what I see here.  A few people (mostly maud_dib) seem to be saying "Linux can not possibly in any reasonable circumstance be as secure as FreeBSD" (although maud_dib hedged his bet a bit after he googled about OpenBSD and now just says BSD).  That statement I think is a little different and can be falsified.  I think that would be clear if the people involved just showed some backbone and tried to support their arguments.   

I also think it's worthwhile, for the sake of the community to stand up to people who bully people with terminology prejudices and pseudo-expertise.

On the subject of security books....do you have a favorite?  On the subject of actually exploiting security holes.  I'd recommend picking up the Shellcoder's Handbook: http://www.amazon.ca/Shellcoders-Handbook-Discovering-Exploiting-Security/dp/047008023X/ref=sr_1_1?ie=UTF8&qid=1308916045&sr=8-1

It's a great intro to the subject.
newbie
Activity: 28
Merit: 0
guys, you may have more servers, but my fiber is longer!  Grin
WTF are we trying to accomplish with this thread? go buy a security book, take a couple classes, and spend a few months/years in the wild.
the rest is, sorry, just conversations  Grin
full member
Activity: 140
Merit: 100

What happened to talking about facts?  That's just conjecture.

You discuss like you're an expert about selinux, still you missed that it isn't just for linux.

Just pointing out one more factual error from the silly maud_dib.   Actually yes, it is just for Linux.   Parts of it, as I noted much earlier have been ported to things like TrustedBSD (which is why my response was 'it depends' but you can't just apply the kernel patches (possibly you could try to compile the userspace libraries under the Linux compatibility layer ... but I doubt that would work without the kernel layer to support it.

Kind of illustrates where he gets most of his information from.  eh?

As evidence (that thing that maud_db rarely provides) I offer you the following from the NSA's archives of the mailing list: http://www.nsa.gov/research/selinux/list-archive/0108/thread_body15.shtml

> 2. I read in the FAQ that selinux can be installed on an existing
> linux install. Can it be installed on a Freebsd system with linux
> compatibility? Is anyone working on a port for freebsd or openbsd?

no. its massive kernel changes, things that emulation ont matter at all about. for freebsd look into the trustedbsd project,


But thanks for the heads-up maud-dib....the Wiki is now corrected.
full member
Activity: 140
Merit: 100
You're pretty much all idiots for arguing about linux vs. bsd vs. dick size for twelve pages. Anyone who actually knew what they were talking about would have given up long ago - when you actually know what's up you don't need to prove it to everyone.

I totally agree with you. Infact I started ignoring the flamers a few posts ago.

Now I answer just to the legitimate questions.


uhhh...did you forget that they're talking about you?
member
Activity: 140
Merit: 10
You're pretty much all idiots for arguing about linux vs. bsd vs. dick size for twelve pages. Anyone who actually knew what they were talking about would have given up long ago - when you actually know what's up you don't need to prove it to everyone.

I totally agree with you. Infact I started ignoring the flamers a few posts ago.

Now I answer just to the legitimate questions.

member
Activity: 126
Merit: 10
You're pretty much all idiots for arguing about linux vs. bsd vs. dick size for twelve pages. Anyone who actually knew what they were talking about would have given up long ago - when you actually know what's up you don't need to prove it to everyone.
legendary
Activity: 3920
Merit: 2349
Eadem mutata resurgo
Hey guys -- just checking in. Has the undisputed winner of this thread been declared yet?

No, i think someone walked off with the dick measuring ruler and now its just a bunch of guys standing around with their dicks hanging out ....
Pages:
Jump to: