Slashdot Mirror
'Unbreakable Linux'
Zadig writes "It appears as if Dell, Oracle, and Red Hat CEOs have decided to make 'Unbreakable Linux'. Could a giant arise amidst today's insecure and constantly patched linux world that could hold the title of Unbreakable Linux? I doubt it, but it will be fun to try, what are your thoughts?" There's a similar article on CNet.
Is Sam Jackson forcing Bruce Willis onto the dev team?
I'd rather you do it wrong, than for me to have to do it at all.
I have always found Redhat unbearable, so how is this new? You guys made a typo, right?
To quote Oracle CEO Larry Ellison
Taking on IBM? Taking on IBM mainframes? That is truly a serious statement.
If nobody ever gets (got?) fired for buying IBM, what does this mean?
Will it be called Titanux?
No intention to be troll...
Another lesson that this new coalition should learn is humility. I would hope after the "Unbreakable" campaign Oracle launched, and the blowback it received, that they'd take the time to tone down their attitude and ensure they're somewhere near as unbreakable as they'd like to think. If their claims aren't so grandiose they're less likely to suffer an explosive userland reaction when a flaw is (and there will be flaws, it's just Murphy's law) is discovered.
Otherwise, I applaud the idea. Linux can benefit from a hardened, secure-from-the-box distribution initiative powered by folks with the pockets to fund the massive codewalks it will take to tighten things up. OpenBSD brought several benefits to the BSD community, I can see this doing much the same thing.
A spokesman confirmed that 'Unbreakable Linux' machines will ship without any I/O devices and be encased in a 10 foot cube of concrete.
Democracy is two wolves and a sheep voting on lunch.
and STOP shipping with WU-FTPD :-).
I was about ready to say that Slashdot doesn't like Oracle, but then I remembered that it's the first Wednesday of the month. Silly me!
Programmers don't make systems secure. Admins do. No system in the world be it software, hardware, electronic or mechanical, can be any more secure than the people who maintain it allow it to be. Yes, default settings, and auto-patches and fancy protocols help, but at the end of that day 99.99% of hacks occur because either:
a) User Error (@see shitty passwords)
or
b) The system was not kept up to date.
Beyond that, nothing can be unbreakable. There will always be the 0.01% of hacks that occur because of a design fault, and you will never get rid of that 0.01% no matter how many eyeballs you have. But if you're serious about security use good passwords, and keep your system up to date. Sure it's not sexy, and it won't make stock prices jump, and most of the time it isn't much fun, but unless you're the NSA you will never, ever have to do more than those two things to keep your system safe.
I forget who said it, but right after 9/11, some talking head on TV asked some expert "What can Americans do to stay safe after these attacks?" and the expert answered "Buckle your seat-belt and quit smoking".
Occam's razor strikes again.
The linux community has had more than its fair share of guffaws over "the unstoppable NT" or "unbreakable Oracle," and they should be taking their own lessons to heart. This is just an invitation to be mocked because it just insults the intelligence of everyone involved.
Dude! You're getting a PENGUIN!
Knowledge is power. Knowledge shared is power multiplied.
Meeting governments B1 security requirements does not make system more secure. B1 differs from more often met C2 in mandatory access control (e.g. you should not be able to copy/paste data from Top Secret document into just Restricted document). This does not make any sense at all for typical user and very little sense for typical business scenarios, and thus does not make their system any more secure.
B1 does not say anything about frequency of patches, security of default install, or 'breakability' of the system.
So being sertifies as B1 does not make trusted Solaris more secure then Linux, or Win XP. It just makes it more suited for military-type computing.
Maybe it _is_ very secure, but B1 has little to do with it.
MSDOS: 20+ years without remote hole in the default install
Okay, I used to be a Dell server support technician. Time and time again I would see these big pushes for Linux on servers and they were NEVER backed up by any significant effort to acutally be able to support Linux to any reasonable degree.
The last big push before I quit was when they released a couple of 1u boxes. One ran NetWare and the other Red Hat Linux. They really "went the extra mile" that time and provided maybe 25% of the technicians with a big one day class and a copy of O'Reily's "Running Linux"; which is a very good book, but was grossly out of date at the time. One day. You couldn't get your foot in the door without being able to say you had two years of NT experience with a straight face, and back it up in a techinical interview that was no punk.
I genuinely hope that this aliance ends up being a boon for the community, but to be honest I think 'ole Mike has used up his credibility in this department.
-Peter
Larry Ellison is often treated with a reverence Bill Gates can only dream of. Yet, if you've ever read about him (in say the excellent, The Difference Between God and Larry Ellison* by Mike Wilson) you'll discover he his faults (like, allegedly, being a pathalogical liar.)
Anyways, to come back on-topic, Larry talk a lot of sh*t. And he isn't really trying to promote Linux, only to bash IBM DB/2. And the reason he's bash DB/2 is that Oracle has being losing a fair amount of share in the database market, particularly at the high-end.
For the last nine months, Larry's hobby-horse has been 'unbreakable' real-application database clustering. Yet, there has been remarkably little support: partly at least because early point releases of Oracle software have a reputation for instability (and possibly insecurity, too) that make Microsoft look... well only very bad rather than really, really bad. (Take Oracle 11i, their latest application suite; now on 11.5.4 and still not stable, allegedly.)
Anyway, I take anything Larry says with a very large grain of salt.
--- My dad's political betting
The impression I've gotten of the Unix world is that the universal reaction to a SERIOUS security hole is "Oh sh!t, we've got to FIX this, NOW!"
The way I see it, the unix world's reaction to possible security holes is the same. Just because a buffer overflow or whatever can be exploited doesn't mean it will be. I think this is where Microsoft's attitude comes into play. They wait for someone to exploit something, wait for enough people to complain, then do something about it. That's called being REactive. Unix and linux coders tend to be PROactive, i.e. issuing bugfixes and patches before anything serious comes to pass (i.e. your whole network getting rooted from an obscure overflow in an even more obscure kernel module/server daemon). Alot of patches are to prevent/repair potential exploits which are provable in theory only sometimes.
I can't believe it.
NO ONE READ THE ARTICLE.
Not one person. Not the submitter, nor any of the people responding.
Unbreakable Linux has NOTHING to do with preventing hacking. It is about clustering, so that other nodes can take over when one node breaks. Not is broken into.
Depressing.
Karma: Good (despite my invention of the Karma: sig)