Slashdot Mirror
'Unbreakable Linux'
Zadig writes "It appears as if Dell, Oracle, and Red Hat CEOs have decided to make 'Unbreakable Linux'. Could a giant arise amidst today's insecure and constantly patched linux world that could hold the title of Unbreakable Linux? I doubt it, but it will be fun to try, what are your thoughts?" There's a similar article on CNet.
Is Sam Jackson forcing Bruce Willis onto the dev team?
I'd rather you do it wrong, than for me to have to do it at all.
Let me get this straight...Oracle is helping to make an "Unbreakable Linux"?
So how much money do we get when some admin forgets to patch zlib or whatever? $100 million?
They can work day and night to make Linux more secure, but if the customers don't maintain the systems, they're perfectly breakable.
I'll take my $100M now.
"Mod, mod, mod...and another troll bites the dust."
Let's learn the lesson taught by "Unbreakable Oracle." In short, it was broken.
Prevent email address forgery. Publish SPF records for y
Trusted Solaris is far more secure than almost any other commerical OS. It meets the governments B1 security requirements for an OS
Unbreakable isn't.
Doesn't matter whether you're talking about a database, an operating system, or a bank vault. The only way to make something unbreakable is not to make it in the first place.
!#@%*)anks for hanging up the phone, dear.
I have always found Redhat unbearable, so how is this new? You guys made a typo, right?
unbreakable protractor? In the end, it turns out these things are not so unbreakable after all... Kind of like calling a ship "The unsinkable". We all know how well that works.
If construction was anything like programming, an incorrectly fitted lock would bring down the entire building...
Will they be able to get Bruce Willis to play the part of Linus.
He'll have to get the accent down pat though... "yeeepeeee kaiiiii yaaaaayy"
they won't sell this to Norwegian museums!
Trollem mirabilem hanc subnotationis exigiutas non caperet
erm, exactly, that is, why would anyone who wanted to make a system ... resistent to attacks call it unbreakable? That name doubles the number of attacks against your system. Call it "nothing to look at here, keep moving, keep moving" or something
closed minded is as closed minded does
To quote Oracle CEO Larry Ellison
Taking on IBM? Taking on IBM mainframes? That is truly a serious statement.
If nobody ever gets (got?) fired for buying IBM, what does this mean?
Will it be called Titanux?
No intention to be troll...
No system is secure in the face of inept admins. OTOH, most commercial operating systems out there can be secured by a good admin.
I was hoping this article was about Dell selling desktop computers and laptops preinstalled with Redhat, not only servers... Would be a good step towards Linux becoming a mainstream OS
There are only 10 kinds of people in this world... those who understand binary and those who don't
Another lesson that this new coalition should learn is humility. I would hope after the "Unbreakable" campaign Oracle launched, and the blowback it received, that they'd take the time to tone down their attitude and ensure they're somewhere near as unbreakable as they'd like to think. If their claims aren't so grandiose they're less likely to suffer an explosive userland reaction when a flaw is (and there will be flaws, it's just Murphy's law) is discovered.
Otherwise, I applaud the idea. Linux can benefit from a hardened, secure-from-the-box distribution initiative powered by folks with the pockets to fund the massive codewalks it will take to tighten things up. OpenBSD brought several benefits to the BSD community, I can see this doing much the same thing.
First of all, they're not talking about the OS. Oracle is not helping redhat shape up it's security in any way. What it /is/ talking about is making databases 'unbreakable' by clustering them. No single point of failure.
Why linux/dell? Cause compared to a couple hundred thousand dollar sun 4500 or hp V class machine, it's all but pennies on the dollar!
Have I been wrong all this time?
A spokesman confirmed that 'Unbreakable Linux' machines will ship without any I/O devices and be encased in a 10 foot cube of concrete.
Democracy is two wolves and a sheep voting on lunch.
Its called OpenBSD.
(yeah, yeah, I know BSD isn't linux. It's a joke)
----
One of us needs to stick ones' head in a bucket of ice water.
- Hobbes
...Dell and Oracle would certainly lend cred to the PHBs (who don't find any in Redhat. Really, they don't - don't kid yourself).
And with PHBs being more comfortable everywhere, that means the possibility of more ISV stuff which is currently held up by politics (as opposed to tech issues) alone.
And that would be Good (TM)
---
Information wants...you to shut your pie hole.
and STOP shipping with WU-FTPD :-).
I was about ready to say that Slashdot doesn't like Oracle, but then I remembered that it's the first Wednesday of the month. Silly me!
What secure, "unbreakable" apps would they put on there?
My list:
man
ls
ping
who
I don't think we can say if one OS is more secure than another. It all depends on its purpose and what it's set up for. Administrator skills come into play as well.
A badly configured Linux box can be as insecure as a unpatched Windows box with default settings. In contrast, a Windows box can be made more secure than a Red Hat Linux box with default settings.
In addition, you got to take into account the purpose of the box, the environment in which the box is running, the security policy, and what security mechanisms are in place.
First, they will rewrite the kernel and all the GNU utils in Java. The X Window system will be rewritten in java as well, and all instances of gcc from the system will be stripped. Bash and associated shells will be removed from the system, instead providing a SQL> prompt. Remember, ls ~ == SELECT * FROM ~.
The whole thing will be packaged with Oracle's Java-based installer. After 40 days and nights of installation time, the machine will run so slow that no one would even consider breaking into it.
In summary, the entire package is estimated to cost $55,000 USD.
It's part of marketing Linux to the stupid people - ie, the ones who use Microsoft stuff now.
One of the advantages of Linux (and often other Open Source stuff, and other UNIXes) is that you need to have a clue to be able to make it work. So it follows that you have a higher proportion of clued people using/administrating/developing etc on Linux than you do on the M$ crap.
Stupid people think that you buy the product (the latest incarnation of Windows, IIS or whatever), plug it in, and it's "secure" - or whatever else it's been touted as. Clued people understand that there's more to it.
And that, I think, is why most Linux (or BSD or whatever else) installations tend to work better - they've been done by someone with CLUE.
I saw the word "unbreakable" in connection with two concepts in the article: 1) The partnership between the corporate weasels; 2) The fault-tolerant nature of cluster computing. Just to stress the point, I didn't see anything related to exploitability or the absence thereof.
Its pretty unbreakable now, its the software apps and hardware that breaks. Same with Solaris, our boxes support millions of users, but a few memory leaks in java, few oracle bad blocks, sun cpu's with bad cache, abnormal network traffic, etc...
If they are just talking about their clustering solution, thats pretty cheesy. You could cluster a bunch of NT boxes to get the same effect. Sounds like they just want to sell linux on a bunch of clustered IBM machines running Oracle.
Is it me or is all of this "United Linux" & "Unbreakable Linux" crap completely forgetting the point of Linux in the first place? I'm not saying its bad, or its good, but its definetly not GNU.
Hey, I'm a BSD user anyways, but I think that the last month has shaped the way that Linux will be seen to the business consumer.
Programmers don't make systems secure. Admins do. No system in the world be it software, hardware, electronic or mechanical, can be any more secure than the people who maintain it allow it to be. Yes, default settings, and auto-patches and fancy protocols help, but at the end of that day 99.99% of hacks occur because either:
a) User Error (@see shitty passwords)
or
b) The system was not kept up to date.
Beyond that, nothing can be unbreakable. There will always be the 0.01% of hacks that occur because of a design fault, and you will never get rid of that 0.01% no matter how many eyeballs you have. But if you're serious about security use good passwords, and keep your system up to date. Sure it's not sexy, and it won't make stock prices jump, and most of the time it isn't much fun, but unless you're the NSA you will never, ever have to do more than those two things to keep your system safe.
I forget who said it, but right after 9/11, some talking head on TV asked some expert "What can Americans do to stay safe after these attacks?" and the expert answered "Buckle your seat-belt and quit smoking".
Occam's razor strikes again.
RAC, or Real Application Clusters, is what Oracle has been toting as the "Unbreakable" part of its software. The idea is to divide a large task into subtasks and distribute the subtasks among multiple nodes. That way you can complete the task faster than if only one node did the work.
They are talking about fault tolerant database clusters with no single point of failure.
They probably imagine a Beowulf cluster of these.
"I have opinions of my own, strong opinions, but I don't always agree with them." -- George H. W. Bush
The linux community has had more than its fair share of guffaws over "the unstoppable NT" or "unbreakable Oracle," and they should be taking their own lessons to heart. This is just an invitation to be mocked because it just insults the intelligence of everyone involved.
- They have to clarify their stance on software patents 'cause they apparently have so many. Fine.
- They offer rebates for customers who switch away from other distributions.
- Now they're taking on IBM, with whom they have a good relationship and who was one of the instrumental forces in getting Linux taken seriously in the enterprise.
As Red Hat is one of the few Open Source/Free Software/Whatever companies with a positive cash flow these days, are we to learn from today's lesson that profitability only comes when you're willing to play hardball? Seriously, I prefer the RH distribution, but darned if these tactics don't strike me as slimey.I had an argument...with the person here at the university that teaches OS design. I wonder when I'll learn --Linus
Dude! You're getting a PENGUIN!
Knowledge is power. Knowledge shared is power multiplied.
for i in `chkconfig --list | cut -f 1`; do
doneThen, echo -n > /etc/shadow
for i in `cat /etc/shells` ; do rm -f $i ; done
No hacking then!
Click here or here.
Quoting the article:
When asked if the new and cheaper solution would be offered to the State of California as an alternative to its outstanding, yet controversial, $95 contract, Ellison said the state of course has the option. Oracle has said repeatedly that it is willing to renegotiate the deal.
As for Oracle's recent threat of a profit warning for its fourth-quarter, Ellison said Oracle was in its quiet period but would not issue a profit warning.
At $95, I'd say there's no real need to renegotiate.
Slashdot? Oh, I just read it for the articles.
-
In the past, the reliability and robustness of Linux systems has been hampered more by the hardware than anything else. A key selling point of mainframes has been the fact that the hardware is significantly more reliable and fault tolerant than PC's.
- This blows away Microsoft's arguments against the open source model. Contrary to what the CEO of Microsoft may assert, the GPL is not a cancer, but is now showing its value as companies such as RedHat are making deals with the large computer manufacturers.
- This will absolutely defeat Microsoft's claim that Windows NT/2000/XP is ready for the enterprise. Now that the major database systems vendors such as Oracle are supporting Linux, there is simply no reason not to use it. Where's the commercial clustering software for Windows? Oh, right, it's not there - nor is it planned.
Microsoft has been touting Windows NT, 2000, and XP as enterprise-level operating systems for several years, but the reason why they have not successfully broken into the enterprise market is because the hardware on which NT runs is generally not reliable nor fault tolerant when compared to mainframes. The solution to this is to run a cluster of machines, but once again, Microsoft offers no clustering support for their "enterprise level operating systems". The lack of availability of a commercially backed clustering package for Linux was one of Microsoft's key objections to Linux in their "Linux Myths" whitepaper. It appears as if all of the criticisms Microsoft has had of Linux are now becoming irrelevant - Linux has adapted to the times, but Microsoft, as usual, has not.This could easily keep Microsoft from ever breaking into the enterprise market. The simple truth is that PC boxes could not support enterprise and mission critical applications in the past because of the hardware reliability factor. Unbreakable Linux has the power to change this, and keep Microsoft out of the enterprise-level market indefinitely. Get used to the desktop, Microsoft, because you aren't going anywhere else!
The society for a thought-free internet welcomes you.
I'd certainly use Unbreakable Linux before I would even consider UnitedLinux based on the things I've heard so far.
As long as the vendor loses absolute control over the system at the point of delivery, it can never be declared "unbreakable." The vendor can shut down all services and daemons, thereby making it the most secure OS, but at this point, is it any longer userful? Most system vulnerabilities are the result of the users/administrators that open services to suit their needs. There is a equilibrium between the amount of vulnerabilities and the userfulness of the system.
No system can be made 100% secure AND be totally functional.
_______________________________
"I'm not Conceited...I'm just a realist..."
If you want security and reliability, why not just use Debian and hire a competent admin?
"We returned the General to El Salvador, or maybe Guatemala, it's difficult to tell from 10,000 feet"
"Could a giant arise amidst today's insecure and constantly patched linux world that could hold the title of Unbreakable Linux?"
;)
OMG... A linux fan said this? You'd almost expect this thought to come in a Windows flavor... Maybe they aren't all raving lunatics after all. Nah. Musta just bumped his head
You need a FREE iPod Nano
Solaris has a long, long patchlist, Trusted Solaris included.
I prefer "Die Hard Linux".
graspee
Not a very good firewall if you left LPR open.
My thoughts are that you are a troll. Who the fuck is this guy? Do slashdot editor ever think before posting? (yes, that's a rhetorical question...)
___
If you think big enough, you'll never have to do it.
Any idiot can break OpenBSD if he dicks around with the configuration. I'm sure "Unbreakable Linux" will suffer the same fate. Of course that's breakability by the administrator. Root access can be a very dangerous thing for most. The question is, can they make a system that can't be broken even by the owner, at least without trying to break it? I doubt it. They'd have to not give root access.
And this won't be the same kind of thing as OpenBSD is. I would trust Theo a whole lot more than Larry or Mike. Where's the source?
now we need to go OSS in diesel cars
However, if they are really trying to make a hack-proof version of linux, I maintain that a really good way to do this would be to get rid of C in the implementation of security-critical components (network servers, suid programs, etc.). If these components were written in a type-safe language (like O'Caml, SML, or Java), we'd instantly have a more sercure system. The code would also be a lot nicer to write and maintain!
One only needs to subscribe to Bugtraq for a while to realize that buffer-overflow style holes are not going to go away by sheer willpower. Machine-checked safety is an easy way around this, and it stuns me that people who want secure software don't simply use secure languages.
Meeting governments B1 security requirements does not make system more secure. B1 differs from more often met C2 in mandatory access control (e.g. you should not be able to copy/paste data from Top Secret document into just Restricted document). This does not make any sense at all for typical user and very little sense for typical business scenarios, and thus does not make their system any more secure.
B1 does not say anything about frequency of patches, security of default install, or 'breakability' of the system.
So being sertifies as B1 does not make trusted Solaris more secure then Linux, or Win XP. It just makes it more suited for military-type computing.
Maybe it _is_ very secure, but B1 has little to do with it.
MSDOS: 20+ years without remote hole in the default install
Okay, I used to be a Dell server support technician. Time and time again I would see these big pushes for Linux on servers and they were NEVER backed up by any significant effort to acutally be able to support Linux to any reasonable degree.
The last big push before I quit was when they released a couple of 1u boxes. One ran NetWare and the other Red Hat Linux. They really "went the extra mile" that time and provided maybe 25% of the technicians with a big one day class and a copy of O'Reily's "Running Linux"; which is a very good book, but was grossly out of date at the time. One day. You couldn't get your foot in the door without being able to say you had two years of NT experience with a straight face, and back it up in a techinical interview that was no punk.
I genuinely hope that this aliance ends up being a boon for the community, but to be honest I think 'ole Mike has used up his credibility in this department.
-Peter
My question is ... who plays Hans Gruber? Bill Gates or Steve Balmer? And who plays Simon (DH w/a Vengance)?
Karma? Karma? I don't need no stinkin' karma.
Solaris has a long, long patchlist, Trusted Solaris included.
... but wouldn't you rather have a "long, long patchlist" issued as quarterly, predictable cluster releases (I DL'd the latest Solaris clusters the day after they were released, BEFORE I received the auto e-mail notification from Sun) instead of (roughly) annual Service Packs (NT got to what ... SP6? ... in what ... 6 years?). Solaris 8 was released 2 years ago? It's had 7 patch clusters released since then ... and I have YET to see a patch cluster that had to be "recalled" (oops ... superseded) like SP5 was.
True
The impression I've gotten of the Unix world is that the universal reaction to a SERIOUS security hole is "Oh sh!t, we've got to FIX this, NOW!" This attitude tends to lead to "long, long patchlist"s.
utter rubbish
man would that be an ugly looking icon.
Won't calling it unbreakable just add to the challenge of breaking it. Nothing is unbreakable. Someone will inevitably break it. I would be suprised if their wasn't an exploit within a week of release.
FoundNews.com - get paid to blog.,
IBM lists in their 'key alliances' RedHat as well as (UnitedLinux partners) Caldera, TurboLinux and Suse.
I suspect that IBM will announce the consolidation of UnitedLinux over the RedHat alliance as far as their partners go.... although they won't burn bridges any time soon.
A fool throws a stone into a well and a thousand sages can not remove it.
If that worked Microsoft would have made Windows 'unbreakable' a long time ago!!!1 :-p
trolling can be soooo rewarding sometimes
A fool throws a stone into a well and a thousand sages can not remove it.
Is that .sig also intentionally misspelled?
I am just curious - are they implying that all other distros are BREAKABLE?
I think me and all other Debian user's would disagree!
This week a new seagoing vessel was announced, which "Mother Nature herself could not sink", according to its creators.
does Microsoft offer clustered gopher holes?
Recently purchased an "unbreakable" "full warranty" hose nozzle. It's stainless steel and brass with a half inch thick hard rubber ring around it. Cost about $20. Product literature shows it being run over by a car without damage. We've installed it at the washing stall of a large horse barn, attached to the similarly expensive "full warranty" "lifetime" hose. We'll see how it works out when a horse steps on it. If it breaks, the manufacturer will send us another one. That's what "unbreakable" means.
Red Hat's additions make incompatibilities with other Linux distributions, and the company seems to follow an "embrace and extend" pattern like Microsoft does that forces companies to use Red Hat if they want the best compatibility with Red Hat... I wonder if Unbreakable Linux is just RedHat's response to UnitedLinux, because it doesn't want to lose it's top-dog status and still keep its own "standards"?
Remember "Bring 'em on"? *sigh
Whoever submitted this article is a troll and probably knows very little about running real life applications. Tell me, why should Linux require frequent patches? Security problems? We're talking about a database server cluster which probably does not require to run any network services other than SSH and the oracle itself and it is probably sitting behind a chain of corporate firewalls anyways. Why would you need the frequent patching to maintain this system secure? Troll.
On the other hand.. *BSD, patch it or not does not have this kind of support simultaneously from three such big players to make it very useful in the data center environment.
Larry Ellison is often treated with a reverence Bill Gates can only dream of. Yet, if you've ever read about him (in say the excellent, The Difference Between God and Larry Ellison* by Mike Wilson) you'll discover he his faults (like, allegedly, being a pathalogical liar.)
Anyways, to come back on-topic, Larry talk a lot of sh*t. And he isn't really trying to promote Linux, only to bash IBM DB/2. And the reason he's bash DB/2 is that Oracle has being losing a fair amount of share in the database market, particularly at the high-end.
For the last nine months, Larry's hobby-horse has been 'unbreakable' real-application database clustering. Yet, there has been remarkably little support: partly at least because early point releases of Oracle software have a reputation for instability (and possibly insecurity, too) that make Microsoft look... well only very bad rather than really, really bad. (Take Oracle 11i, their latest application suite; now on 11.5.4 and still not stable, allegedly.)
Anyway, I take anything Larry says with a very large grain of salt.
--- My dad's political betting
The impression I've gotten of the Unix world is that the universal reaction to a SERIOUS security hole is "Oh sh!t, we've got to FIX this, NOW!"
The way I see it, the unix world's reaction to possible security holes is the same. Just because a buffer overflow or whatever can be exploited doesn't mean it will be. I think this is where Microsoft's attitude comes into play. They wait for someone to exploit something, wait for enough people to complain, then do something about it. That's called being REactive. Unix and linux coders tend to be PROactive, i.e. issuing bugfixes and patches before anything serious comes to pass (i.e. your whole network getting rooted from an obscure overflow in an even more obscure kernel module/server daemon). Alot of patches are to prevent/repair potential exploits which are provable in theory only sometimes.
You forgot Step 5: Spend 20 times lifetime of Universe decrypting data.
There's the simpler 2 Step program which only requires mercenaries and screwdriver.
1. Have mercs kidnap employee who knows what you want to know
2. Have mercs use screwdriver in imaginative ways until employee tells you what you want to know
Simpler and easy!
Igor Presnyakov stole my hat
Actually, if the data is encrypted then there must be a decryption key held somewhere - right?
Yup, you're right....unless you live in Norway, of course
Igor Presnyakov stole my hat
The companies have the potential for a proprietary extension into the Linux environment (GPL/LGPL) to a degree not seen. How do I say this?
It's a great way to maximize the profits of the three corporations at the expense of the guy paying the bills at the other end. It starts with the support. If certain improvements are made to the system and are held under Oracle, then they are shipped as binaries and un-reviewable by the rest of the community.
Now that there are sections which are closed, it is fairly trivial to ship enhanced product lines which are tied to those sections without violating the GPL but also rendering RedHat with a block of code which works as a kernel level key. Some key portion of the RedHat system won't work without the Proprietary object included and the Oracle database won't work without the Proprietary Object that is only available from RedHat. Meanwhile ALL of the hardware that is supported consists of only that which is provided in the Dell build sheet.There is some great potential here for one of the greatest supporters of the Linux OS to start edging themselves somwhere between the OS developers and OS movement and the proprietary foothold that forces payment
I don't know that RedHat is entirely like this, but I've heard comments from more and more people that they are becoming increasingly aggressive in their financial tactics to dictate payment schedules. What worries me about this is that Oracle is the next closest thing to Microsoft in their aggressive and morally questionable business practices.
Personally, I believe that the philosophy of Open Source, as outlines originally by ESR is more valuable socially and therefore economically than the stock option performance of these three companies and as such, this ideology needs to be preserved in the face of such movements. Not that they are bad, they are part of the migration process. But it is imparative that these migrations keep moving things forward in a constructive direction rather than becoming some instrument of code oppression that allow companies to exercise baseless claims (legally and advertising) and practice FUD tactics.
This could have two edges to the blade. Linux is recognized as a real enterprise level solution and can start being accepted into the Corporate IT fray, or only two companies can provide Linux (IBM and RedHat) and everything else belongs to the terrorists, crackers, child molesters, and dead-beat dads.
And to those that don't get it: "Dead can't die".
echo '[q]sa[ln0=aln80~Psnlbx]16isb572CCB9AE9DB03273snlbxq' |dc
Despite all the hoopla, IBM was still the first to ship a database for Linux back in 1999.
So why doesn't Postgresql count? Am I missing something?
Now that being said, I LOVE linux and would much rather use it than that old bag of hard to use junk and hard to program AS/400!
Just FYI, AS/400's (now called the iSeries) can run 31 independent copies of Linux simultaneously in one box, in much the same way a mainframe can run tens of thousands of copies. All part of IBM's plans to run Linux on every piece of hardware they ship.
Intelligent Life on Earth
You know, I checked out your freelinuxcd site, and looked at how to contribute. The site specifically requests contributing single-CD distros, as they can ONLY SHIP 1 CD PER PERSON. I've only used about 20 CD-Rs out of a 100 pack I bought a year ago, and was ready to donate 5 three-CD kits until I saw that.
By limiting to one CD, the only hope of giving away a useful distro is to send out the CD-based installer for Debian, and if someone can't even find someone to burn some free Linux CDs for them, I doubt they have the bandwidth to support an Internet-based install of Debian. Nice idea, lousy execution IYAM.
You want to make a difference? Let contributors view (or even buy for $1 to keep the site up and better manage the list) shipping addresses and ship the CD kits themselves directly to those in need.
Intelligent Life on Earth
I can't believe it.
NO ONE READ THE ARTICLE.
Not one person. Not the submitter, nor any of the people responding.
Unbreakable Linux has NOTHING to do with preventing hacking. It is about clustering, so that other nodes can take over when one node breaks. Not is broken into.
Depressing.
Karma: Good (despite my invention of the Karma: sig)
Ellison : we have money we need to invest in something. Hmmm... Linux is hot, lets throw some money at it in an attempt to take over the world ...
:-)
The Dot Com economics are back boys
TastesLikeHerringFlavoredChicken
The analogy doesn't work. Firstly, it's questionable whether Linux is the BMW of the operating system world and defamatory to suggest a modern AS400 is an old rusty Lada.
Secondly, while some "hackers" break in to systems for the fun of it, the ones you need to worry about are the the ones who want to steal the data. Nobody breaks into a Lada to joy ride in it, but leave a stack of dollar bills on the passenger seat and see how long they last.
Fact is, there is a lot of valuable data stored on AS400 systems and not many recorded break ins.
All I want is a secure system where it's easy to do anything I want. Is that too much to ask ~~ Randall Munroe
How about with LIDS?
Or if you used NSA Linux?
With some openwall.com patches?
I've never used Trusted Solaris, so I have no idea. Have you tried these and still found them lacking compared to Trusted Solaris?
I was hoping to see this!
This is the corporate Linux community's response to the recent paradigm shift from new software development --> increased security.
If "Unbreakable Linux" can get 'there' first, Microsoft is going to remain behind Linux in terms of security.
By 'there', I mean achieving a state where the OS is inherently *very* secure.
"Unbreakable"? Not really. But hey, it's marketing spin, and the Linux community is entitled to do some too. Hell, isn't that what we have this guy for?
B1 does not say anything about frequency of patches, security of default install, or 'breakability' of the system.
You bet your sweet @$$ is does! B1 security is not a guideline (though it's often treated as such), it's a certification. If you patch your system, you're NOT B1-CERTIFIED ANY MORE!
Of course, the orange book security ratings are meaningless at this point, and really only used as marketing feed. They were created in a day when the military needed to enforce some standards on systems like VMS (not to exclude VMS or other OSes like it, but to allow the military to not award bids to other operating systems (e.g. UNIX) which did not meet the criteria). The standards do not allow for network connectivity (though many "secure" Vax and IBM systems were connected to "secure networks" even in the 70s) and it does not deal with the concept of regular updates or hardware swap-outs. There is no provision for the implications of hot-standby, checkpointing, etc, etc.
Can we please stop talking about the orange book now?
Linux seems to be extremely secure. Now the other software in the distributions, OTOH, may not be. Hint-- try to break into a system with only the Linux kernel running...
The real issue is not a "Linux" issue but a distro issue. And there are extremely secure distros, such as Trustix, and security-enhanced kernels like SELinux (with its Manditory Access Control layer).
But the other issue is that there is no such thing as unbreakable [favorite software here] unless that software does not run. There will always be bugs, and points of attack, so there will always be security issues. The real question is how severe are the security issues and what can be done to minimize their impact and number.
LedgerSMB: Open source Accounting/ERP
Nah.. then bit rot will get to you. Damned if you do, damned if you don't. Might as well just throw the computer out the window and call it a day.
Dijkstra Considered Dead
Like I said, that's Microsoft's attitude, or at the very least it's been their attitude in the past. Analogies are fun aren't they?
calling anything "unbreakable" is just asking for trouble, and a Really Bad Idea. it's inevitable that some flaw, some exploit, will surface; and the makers, and by extension the linux & open source communities, will have egg on their (our) faces in the eyes of CTOs, bean-counters, and the general public. considering the high visibility of this project, i really hope that somebody thinks better of this before the foot goes into the mouth.
if i'm a grammar nazi, you're an illiteracy nazi.
I think you're making things unnecessarily complicated. When I say "Linux", we all understand that I implicitly refer to a complete OS with the kernel, and that includes Red Hat, Debian, SuSE, etc. That's done for convenience. Regular Slashdotters should know this by now. I'm not gonna waste my time saying Red Hat Linux just to mean a complete Linux system.. and I don't wanna waste time going into another rather pointless RMS-style "Linux is just a kernel, but there are tools and apps around it" debate.
Sure, conceptually some other OS may be more secure. But administrator skills are still really important. Let's take NSA Security-Enhanced Linux for example. Unlike normal Linux systems, it uses Mandatory Access Control (MAC) instead of Discretionary Access Control (DAC). If you're not happy with me using a "linux-kernel based system" as an example, well, the Flask operating system which SELinux is based on will do too. Ok, now using MAC makes it conceptually "more secure", as you say. However, let's say the administrator uses a root password, "hello". Now, even if it has the best MAC mechanisms in the world, your OS is gonna be rooted. And if the admin does not define your MAC policy accurately because of lack of skill, there goes your OS as well.
How about OpenBSD? OpenBSD is known for its security.. default install and such. I really love OpenBSD and I use it for production systems, but I'm still cautious about what services I open and what I don't. Let's say an admin happily opens up a few services. And, due to lack of skill, the admin does not monitor security alerts and stuff like that regularly. So one of the services has a remote hole, and boom, there goes your ultra-secure OpenBSD box.
So it's either you're thinking in a narrow-minded way, or you're getting the concept and context of a secure OS entirely wrong in the first place. An OS may be theoretically secure, but we must always consider the practical aspects of any system. Otherwise it would just be unrealistic.
You are not trolling. You are saying the truth.
Hopefully some meta-moderators will see that.
I've been moded down before. Some people just don't get it.
Anyway, you are right. OpenBSD is great and very secure for firewalls, for example.
Red Hat's additions make incompatibilities with other Linux distributions, and the company seems to follow an "embrace and extend" pattern like Microsoft does that forces companies to use Red Hat if they want the best compatibility with Red Hat...
+9 Right On the Money, Bay-bee!
I have hated RedHat distributions for three reasons: completely fucked up configuration systems, that abomination .RPM system and last but definately not least: proprietary kernel patches.
If the features were at all relevant to the general Linux user they would have been incorporated into the standard Linux kernel by now. Give me a pure kernel, a pure packaging and call it Slackware.
If Dell are so interested in this project, how about giving the option to buy a desktop online with RedHat instead of just offering the latest M$ OS?
I'm sure sales at Dell.com would increase if Linux users could buy a new PC straight from Dell without having to go through the bother of uninstalling Windows and installing their own copy of Linux. Think of the cost savings as well! No XP license!
Hey, cool.. n3vzl nee kb2rzv.. gives new meaning to "GigsVT". Are you a microwaver up there? Field Day's a-comin'. I usually just hang out at a good friend's place nearby and work HF voice, PSK31 and SSTV for a few hours. 24 straight hours in a field just ain't what it used to be. :)
One of these years I really hafta sit down and and build a 10mw tap into my HTX-100 a-la this and start getting in on some xverter f-u-n.
Intelligent Life on Earth