Slashdot Mirror
'Unbreakable Linux'
Zadig writes "It appears as if Dell, Oracle, and Red Hat CEOs have decided to make 'Unbreakable Linux'. Could a giant arise amidst today's insecure and constantly patched linux world that could hold the title of Unbreakable Linux? I doubt it, but it will be fun to try, what are your thoughts?" There's a similar article on CNet.
Let me get this straight...Oracle is helping to make an "Unbreakable Linux"?
So how much money do we get when some admin forgets to patch zlib or whatever? $100 million?
They can work day and night to make Linux more secure, but if the customers don't maintain the systems, they're perfectly breakable.
I'll take my $100M now.
"Mod, mod, mod...and another troll bites the dust."
Unbreakable isn't.
Doesn't matter whether you're talking about a database, an operating system, or a bank vault. The only way to make something unbreakable is not to make it in the first place.
!#@%*)anks for hanging up the phone, dear.
unbreakable protractor? In the end, it turns out these things are not so unbreakable after all... Kind of like calling a ship "The unsinkable". We all know how well that works.
If construction was anything like programming, an incorrectly fitted lock would bring down the entire building...
erm, exactly, that is, why would anyone who wanted to make a system ... resistent to attacks call it unbreakable? That name doubles the number of attacks against your system. Call it "nothing to look at here, keep moving, keep moving" or something
closed minded is as closed minded does
Another lesson that this new coalition should learn is humility. I would hope after the "Unbreakable" campaign Oracle launched, and the blowback it received, that they'd take the time to tone down their attitude and ensure they're somewhere near as unbreakable as they'd like to think. If their claims aren't so grandiose they're less likely to suffer an explosive userland reaction when a flaw is (and there will be flaws, it's just Murphy's law) is discovered.
Otherwise, I applaud the idea. Linux can benefit from a hardened, secure-from-the-box distribution initiative powered by folks with the pockets to fund the massive codewalks it will take to tighten things up. OpenBSD brought several benefits to the BSD community, I can see this doing much the same thing.
First of all, they're not talking about the OS. Oracle is not helping redhat shape up it's security in any way. What it /is/ talking about is making databases 'unbreakable' by clustering them. No single point of failure.
Why linux/dell? Cause compared to a couple hundred thousand dollar sun 4500 or hp V class machine, it's all but pennies on the dollar!
...Dell and Oracle would certainly lend cred to the PHBs (who don't find any in Redhat. Really, they don't - don't kid yourself).
And with PHBs being more comfortable everywhere, that means the possibility of more ISV stuff which is currently held up by politics (as opposed to tech issues) alone.
And that would be Good (TM)
---
Information wants...you to shut your pie hole.
I saw the word "unbreakable" in connection with two concepts in the article: 1) The partnership between the corporate weasels; 2) The fault-tolerant nature of cluster computing. Just to stress the point, I didn't see anything related to exploitability or the absence thereof.
Programmers don't make systems secure. Admins do. No system in the world be it software, hardware, electronic or mechanical, can be any more secure than the people who maintain it allow it to be. Yes, default settings, and auto-patches and fancy protocols help, but at the end of that day 99.99% of hacks occur because either:
a) User Error (@see shitty passwords)
or
b) The system was not kept up to date.
Beyond that, nothing can be unbreakable. There will always be the 0.01% of hacks that occur because of a design fault, and you will never get rid of that 0.01% no matter how many eyeballs you have. But if you're serious about security use good passwords, and keep your system up to date. Sure it's not sexy, and it won't make stock prices jump, and most of the time it isn't much fun, but unless you're the NSA you will never, ever have to do more than those two things to keep your system safe.
I forget who said it, but right after 9/11, some talking head on TV asked some expert "What can Americans do to stay safe after these attacks?" and the expert answered "Buckle your seat-belt and quit smoking".
Occam's razor strikes again.
The linux community has had more than its fair share of guffaws over "the unstoppable NT" or "unbreakable Oracle," and they should be taking their own lessons to heart. This is just an invitation to be mocked because it just insults the intelligence of everyone involved.
Yes, but "Tamper Resistant" Linux just doesn't give the marketing department much to go on.
- They have to clarify their stance on software patents 'cause they apparently have so many. Fine.
- They offer rebates for customers who switch away from other distributions.
- Now they're taking on IBM, with whom they have a good relationship and who was one of the instrumental forces in getting Linux taken seriously in the enterprise.
As Red Hat is one of the few Open Source/Free Software/Whatever companies with a positive cash flow these days, are we to learn from today's lesson that profitability only comes when you're willing to play hardball? Seriously, I prefer the RH distribution, but darned if these tactics don't strike me as slimey.I had an argument...with the person here at the university that teaches OS design. I wonder when I'll learn --Linus
As long as the vendor loses absolute control over the system at the point of delivery, it can never be declared "unbreakable." The vendor can shut down all services and daemons, thereby making it the most secure OS, but at this point, is it any longer userful? Most system vulnerabilities are the result of the users/administrators that open services to suit their needs. There is a equilibrium between the amount of vulnerabilities and the userfulness of the system.
No system can be made 100% secure AND be totally functional.
_______________________________
"I'm not Conceited...I'm just a realist..."
Trust me when you put the whole picture in linux has more patches overall. Given the nature of how trusted solaris runs buffer overflow attacks are almost non-existant to begin with. On top of that it offers a very high level of security that goes well beyond hacking. Security isn't all about not breaking into a system. Its about validating the actions of who did what when were and how. Linux does not come close to offering that capability, and is a long way off.
Not a very good firewall if you left LPR open.
Won't calling it unbreakable just add to the challenge of breaking it. Nothing is unbreakable. Someone will inevitably break it. I would be suprised if their wasn't an exploit within a week of release.
FoundNews.com - get paid to blog.,
Recently purchased an "unbreakable" "full warranty" hose nozzle. It's stainless steel and brass with a half inch thick hard rubber ring around it. Cost about $20. Product literature shows it being run over by a car without damage. We've installed it at the washing stall of a large horse barn, attached to the similarly expensive "full warranty" "lifetime" hose. We'll see how it works out when a horse steps on it. If it breaks, the manufacturer will send us another one. That's what "unbreakable" means.
The impression I've gotten of the Unix world is that the universal reaction to a SERIOUS security hole is "Oh sh!t, we've got to FIX this, NOW!"
The way I see it, the unix world's reaction to possible security holes is the same. Just because a buffer overflow or whatever can be exploited doesn't mean it will be. I think this is where Microsoft's attitude comes into play. They wait for someone to exploit something, wait for enough people to complain, then do something about it. That's called being REactive. Unix and linux coders tend to be PROactive, i.e. issuing bugfixes and patches before anything serious comes to pass (i.e. your whole network getting rooted from an obscure overflow in an even more obscure kernel module/server daemon). Alot of patches are to prevent/repair potential exploits which are provable in theory only sometimes.
Despite all the hoopla, IBM was still the first to ship a database for Linux back in 1999.
So why doesn't Postgresql count? Am I missing something?
I can't believe it.
NO ONE READ THE ARTICLE.
Not one person. Not the submitter, nor any of the people responding.
Unbreakable Linux has NOTHING to do with preventing hacking. It is about clustering, so that other nodes can take over when one node breaks. Not is broken into.
Depressing.
Karma: Good (despite my invention of the Karma: sig)
Linux seems to be extremely secure. Now the other software in the distributions, OTOH, may not be. Hint-- try to break into a system with only the Linux kernel running...
The real issue is not a "Linux" issue but a distro issue. And there are extremely secure distros, such as Trustix, and security-enhanced kernels like SELinux (with its Manditory Access Control layer).
But the other issue is that there is no such thing as unbreakable [favorite software here] unless that software does not run. There will always be bugs, and points of attack, so there will always be security issues. The real question is how severe are the security issues and what can be done to minimize their impact and number.
LedgerSMB: Open source Accounting/ERP
We're talking about the Dell that stopped selling linux boxes only to turn around and start selling them again. And the Oracle that has always supported linux but never GPLed anything. Why is RedHat in bed with these guys? I guess Dell and Oracle could just take RedHat linux and do what they want without cutting redhat a share, so maybe its a good thing that they're all so stupid. However, clustering linux boxen is the way to go.