Slashdot Mirror
'Unbreakable Linux'
Zadig writes "It appears as if Dell, Oracle, and Red Hat CEOs have decided to make 'Unbreakable Linux'. Could a giant arise amidst today's insecure and constantly patched linux world that could hold the title of Unbreakable Linux? I doubt it, but it will be fun to try, what are your thoughts?" There's a similar article on CNet.
Is Sam Jackson forcing Bruce Willis onto the dev team?
I'd rather you do it wrong, than for me to have to do it at all.
Let me get this straight...Oracle is helping to make an "Unbreakable Linux"?
So how much money do we get when some admin forgets to patch zlib or whatever? $100 million?
They can work day and night to make Linux more secure, but if the customers don't maintain the systems, they're perfectly breakable.
I'll take my $100M now.
"Mod, mod, mod...and another troll bites the dust."
Trusted Solaris is far more secure than almost any other commerical OS. It meets the governments B1 security requirements for an OS
Unbreakable isn't.
Doesn't matter whether you're talking about a database, an operating system, or a bank vault. The only way to make something unbreakable is not to make it in the first place.
!#@%*)anks for hanging up the phone, dear.
I have always found Redhat unbearable, so how is this new? You guys made a typo, right?
they won't sell this to Norwegian museums!
Trollem mirabilem hanc subnotationis exigiutas non caperet
erm, exactly, that is, why would anyone who wanted to make a system ... resistent to attacks call it unbreakable? That name doubles the number of attacks against your system. Call it "nothing to look at here, keep moving, keep moving" or something
closed minded is as closed minded does
To quote Oracle CEO Larry Ellison
Taking on IBM? Taking on IBM mainframes? That is truly a serious statement.
If nobody ever gets (got?) fired for buying IBM, what does this mean?
Will it be called Titanux?
No intention to be troll...
Another lesson that this new coalition should learn is humility. I would hope after the "Unbreakable" campaign Oracle launched, and the blowback it received, that they'd take the time to tone down their attitude and ensure they're somewhere near as unbreakable as they'd like to think. If their claims aren't so grandiose they're less likely to suffer an explosive userland reaction when a flaw is (and there will be flaws, it's just Murphy's law) is discovered.
Otherwise, I applaud the idea. Linux can benefit from a hardened, secure-from-the-box distribution initiative powered by folks with the pockets to fund the massive codewalks it will take to tighten things up. OpenBSD brought several benefits to the BSD community, I can see this doing much the same thing.
First of all, they're not talking about the OS. Oracle is not helping redhat shape up it's security in any way. What it /is/ talking about is making databases 'unbreakable' by clustering them. No single point of failure.
Why linux/dell? Cause compared to a couple hundred thousand dollar sun 4500 or hp V class machine, it's all but pennies on the dollar!
Have I been wrong all this time?
A spokesman confirmed that 'Unbreakable Linux' machines will ship without any I/O devices and be encased in a 10 foot cube of concrete.
Democracy is two wolves and a sheep voting on lunch.
...Dell and Oracle would certainly lend cred to the PHBs (who don't find any in Redhat. Really, they don't - don't kid yourself).
And with PHBs being more comfortable everywhere, that means the possibility of more ISV stuff which is currently held up by politics (as opposed to tech issues) alone.
And that would be Good (TM)
---
Information wants...you to shut your pie hole.
and STOP shipping with WU-FTPD :-).
I was about ready to say that Slashdot doesn't like Oracle, but then I remembered that it's the first Wednesday of the month. Silly me!
First, they will rewrite the kernel and all the GNU utils in Java. The X Window system will be rewritten in java as well, and all instances of gcc from the system will be stripped. Bash and associated shells will be removed from the system, instead providing a SQL> prompt. Remember, ls ~ == SELECT * FROM ~.
The whole thing will be packaged with Oracle's Java-based installer. After 40 days and nights of installation time, the machine will run so slow that no one would even consider breaking into it.
In summary, the entire package is estimated to cost $55,000 USD.
I saw the word "unbreakable" in connection with two concepts in the article: 1) The partnership between the corporate weasels; 2) The fault-tolerant nature of cluster computing. Just to stress the point, I didn't see anything related to exploitability or the absence thereof.
Is it me or is all of this "United Linux" & "Unbreakable Linux" crap completely forgetting the point of Linux in the first place? I'm not saying its bad, or its good, but its definetly not GNU.
Hey, I'm a BSD user anyways, but I think that the last month has shaped the way that Linux will be seen to the business consumer.
Programmers don't make systems secure. Admins do. No system in the world be it software, hardware, electronic or mechanical, can be any more secure than the people who maintain it allow it to be. Yes, default settings, and auto-patches and fancy protocols help, but at the end of that day 99.99% of hacks occur because either:
a) User Error (@see shitty passwords)
or
b) The system was not kept up to date.
Beyond that, nothing can be unbreakable. There will always be the 0.01% of hacks that occur because of a design fault, and you will never get rid of that 0.01% no matter how many eyeballs you have. But if you're serious about security use good passwords, and keep your system up to date. Sure it's not sexy, and it won't make stock prices jump, and most of the time it isn't much fun, but unless you're the NSA you will never, ever have to do more than those two things to keep your system safe.
I forget who said it, but right after 9/11, some talking head on TV asked some expert "What can Americans do to stay safe after these attacks?" and the expert answered "Buckle your seat-belt and quit smoking".
Occam's razor strikes again.
The linux community has had more than its fair share of guffaws over "the unstoppable NT" or "unbreakable Oracle," and they should be taking their own lessons to heart. This is just an invitation to be mocked because it just insults the intelligence of everyone involved.
Yes, but "Tamper Resistant" Linux just doesn't give the marketing department much to go on.
Dude! You're getting a PENGUIN!
Knowledge is power. Knowledge shared is power multiplied.
man is okay though....
Oh yeah? :)
Wasting your time since 1997.
-
In the past, the reliability and robustness of Linux systems has been hampered more by the hardware than anything else. A key selling point of mainframes has been the fact that the hardware is significantly more reliable and fault tolerant than PC's.
- This blows away Microsoft's arguments against the open source model. Contrary to what the CEO of Microsoft may assert, the GPL is not a cancer, but is now showing its value as companies such as RedHat are making deals with the large computer manufacturers.
- This will absolutely defeat Microsoft's claim that Windows NT/2000/XP is ready for the enterprise. Now that the major database systems vendors such as Oracle are supporting Linux, there is simply no reason not to use it. Where's the commercial clustering software for Windows? Oh, right, it's not there - nor is it planned.
Microsoft has been touting Windows NT, 2000, and XP as enterprise-level operating systems for several years, but the reason why they have not successfully broken into the enterprise market is because the hardware on which NT runs is generally not reliable nor fault tolerant when compared to mainframes. The solution to this is to run a cluster of machines, but once again, Microsoft offers no clustering support for their "enterprise level operating systems". The lack of availability of a commercially backed clustering package for Linux was one of Microsoft's key objections to Linux in their "Linux Myths" whitepaper. It appears as if all of the criticisms Microsoft has had of Linux are now becoming irrelevant - Linux has adapted to the times, but Microsoft, as usual, has not.This could easily keep Microsoft from ever breaking into the enterprise market. The simple truth is that PC boxes could not support enterprise and mission critical applications in the past because of the hardware reliability factor. Unbreakable Linux has the power to change this, and keep Microsoft out of the enterprise-level market indefinitely. Get used to the desktop, Microsoft, because you aren't going anywhere else!
The society for a thought-free internet welcomes you.
As long as the vendor loses absolute control over the system at the point of delivery, it can never be declared "unbreakable." The vendor can shut down all services and daemons, thereby making it the most secure OS, but at this point, is it any longer userful? Most system vulnerabilities are the result of the users/administrators that open services to suit their needs. There is a equilibrium between the amount of vulnerabilities and the userfulness of the system.
No system can be made 100% secure AND be totally functional.
_______________________________
"I'm not Conceited...I'm just a realist..."
no joke! I don't understand how larry can say the term without expecting an awkward silence from people who remember the last time he uttered "unbreakable"!
Solaris has a long, long patchlist, Trusted Solaris included.
However, if they are really trying to make a hack-proof version of linux, I maintain that a really good way to do this would be to get rid of C in the implementation of security-critical components (network servers, suid programs, etc.). If these components were written in a type-safe language (like O'Caml, SML, or Java), we'd instantly have a more sercure system. The code would also be a lot nicer to write and maintain!
One only needs to subscribe to Bugtraq for a while to realize that buffer-overflow style holes are not going to go away by sheer willpower. Machine-checked safety is an easy way around this, and it stuns me that people who want secure software don't simply use secure languages.
Meeting governments B1 security requirements does not make system more secure. B1 differs from more often met C2 in mandatory access control (e.g. you should not be able to copy/paste data from Top Secret document into just Restricted document). This does not make any sense at all for typical user and very little sense for typical business scenarios, and thus does not make their system any more secure.
B1 does not say anything about frequency of patches, security of default install, or 'breakability' of the system.
So being sertifies as B1 does not make trusted Solaris more secure then Linux, or Win XP. It just makes it more suited for military-type computing.
Maybe it _is_ very secure, but B1 has little to do with it.
MSDOS: 20+ years without remote hole in the default install
Okay, I used to be a Dell server support technician. Time and time again I would see these big pushes for Linux on servers and they were NEVER backed up by any significant effort to acutally be able to support Linux to any reasonable degree.
The last big push before I quit was when they released a couple of 1u boxes. One ran NetWare and the other Red Hat Linux. They really "went the extra mile" that time and provided maybe 25% of the technicians with a big one day class and a copy of O'Reily's "Running Linux"; which is a very good book, but was grossly out of date at the time. One day. You couldn't get your foot in the door without being able to say you had two years of NT experience with a straight face, and back it up in a techinical interview that was no punk.
I genuinely hope that this aliance ends up being a boon for the community, but to be honest I think 'ole Mike has used up his credibility in this department.
-Peter
This week a new seagoing vessel was announced, which "Mother Nature herself could not sink", according to its creators.
Recently purchased an "unbreakable" "full warranty" hose nozzle. It's stainless steel and brass with a half inch thick hard rubber ring around it. Cost about $20. Product literature shows it being run over by a car without damage. We've installed it at the washing stall of a large horse barn, attached to the similarly expensive "full warranty" "lifetime" hose. We'll see how it works out when a horse steps on it. If it breaks, the manufacturer will send us another one. That's what "unbreakable" means.
Larry Ellison is often treated with a reverence Bill Gates can only dream of. Yet, if you've ever read about him (in say the excellent, The Difference Between God and Larry Ellison* by Mike Wilson) you'll discover he his faults (like, allegedly, being a pathalogical liar.)
Anyways, to come back on-topic, Larry talk a lot of sh*t. And he isn't really trying to promote Linux, only to bash IBM DB/2. And the reason he's bash DB/2 is that Oracle has being losing a fair amount of share in the database market, particularly at the high-end.
For the last nine months, Larry's hobby-horse has been 'unbreakable' real-application database clustering. Yet, there has been remarkably little support: partly at least because early point releases of Oracle software have a reputation for instability (and possibly insecurity, too) that make Microsoft look... well only very bad rather than really, really bad. (Take Oracle 11i, their latest application suite; now on 11.5.4 and still not stable, allegedly.)
Anyway, I take anything Larry says with a very large grain of salt.
--- My dad's political betting
The impression I've gotten of the Unix world is that the universal reaction to a SERIOUS security hole is "Oh sh!t, we've got to FIX this, NOW!"
The way I see it, the unix world's reaction to possible security holes is the same. Just because a buffer overflow or whatever can be exploited doesn't mean it will be. I think this is where Microsoft's attitude comes into play. They wait for someone to exploit something, wait for enough people to complain, then do something about it. That's called being REactive. Unix and linux coders tend to be PROactive, i.e. issuing bugfixes and patches before anything serious comes to pass (i.e. your whole network getting rooted from an obscure overflow in an even more obscure kernel module/server daemon). Alot of patches are to prevent/repair potential exploits which are provable in theory only sometimes.
So how about tamper evident, like food packaging?
You know, when you log in as root, you should hear the pop. If you don't, it means someone else has already r00t3d J00r 80X.
Where do I download clues?
Here.
Intelligent Life on Earth
I can't believe it.
NO ONE READ THE ARTICLE.
Not one person. Not the submitter, nor any of the people responding.
Unbreakable Linux has NOTHING to do with preventing hacking. It is about clustering, so that other nodes can take over when one node breaks. Not is broken into.
Depressing.
Karma: Good (despite my invention of the Karma: sig)
Ellison : we have money we need to invest in something. Hmmm... Linux is hot, lets throw some money at it in an attempt to take over the world ...
:-)
The Dot Com economics are back boys
TastesLikeHerringFlavoredChicken
Linux seems to be extremely secure. Now the other software in the distributions, OTOH, may not be. Hint-- try to break into a system with only the Linux kernel running...
The real issue is not a "Linux" issue but a distro issue. And there are extremely secure distros, such as Trustix, and security-enhanced kernels like SELinux (with its Manditory Access Control layer).
But the other issue is that there is no such thing as unbreakable [favorite software here] unless that software does not run. There will always be bugs, and points of attack, so there will always be security issues. The real question is how severe are the security issues and what can be done to minimize their impact and number.
LedgerSMB: Open source Accounting/ERP
I think you're making things unnecessarily complicated. When I say "Linux", we all understand that I implicitly refer to a complete OS with the kernel, and that includes Red Hat, Debian, SuSE, etc. That's done for convenience. Regular Slashdotters should know this by now. I'm not gonna waste my time saying Red Hat Linux just to mean a complete Linux system.. and I don't wanna waste time going into another rather pointless RMS-style "Linux is just a kernel, but there are tools and apps around it" debate.
Sure, conceptually some other OS may be more secure. But administrator skills are still really important. Let's take NSA Security-Enhanced Linux for example. Unlike normal Linux systems, it uses Mandatory Access Control (MAC) instead of Discretionary Access Control (DAC). If you're not happy with me using a "linux-kernel based system" as an example, well, the Flask operating system which SELinux is based on will do too. Ok, now using MAC makes it conceptually "more secure", as you say. However, let's say the administrator uses a root password, "hello". Now, even if it has the best MAC mechanisms in the world, your OS is gonna be rooted. And if the admin does not define your MAC policy accurately because of lack of skill, there goes your OS as well.
How about OpenBSD? OpenBSD is known for its security.. default install and such. I really love OpenBSD and I use it for production systems, but I'm still cautious about what services I open and what I don't. Let's say an admin happily opens up a few services. And, due to lack of skill, the admin does not monitor security alerts and stuff like that regularly. So one of the services has a remote hole, and boom, there goes your ultra-secure OpenBSD box.
So it's either you're thinking in a narrow-minded way, or you're getting the concept and context of a secure OS entirely wrong in the first place. An OS may be theoretically secure, but we must always consider the practical aspects of any system. Otherwise it would just be unrealistic.
If Dell are so interested in this project, how about giving the option to buy a desktop online with RedHat instead of just offering the latest M$ OS?
I'm sure sales at Dell.com would increase if Linux users could buy a new PC straight from Dell without having to go through the bother of uninstalling Windows and installing their own copy of Linux. Think of the cost savings as well! No XP license!