Slashdot Mirror
DARPA-Funded Linux Security Hub Withers
mAriuZ writes "Initially funded by a grant from the Pentagon's DARPA, the Sardonix project aspired to replace the Linux security review process with a public website that meticulously tracks which code has been audited for security holes, and by whom. As conceived by Crispin Cowan, Sardonix was to attract volunteer auditors by automatically ranking them according to the amount of code they've examined, and the number of security holes they've found. Auditors would lose points if a subsequent audit by someone else turned up bugs they missed. ... In the end, though, nobody showed up."
If there is a bug in the kernel and nobody notices it, can we still flame Microsoft?
Looking for an Information Security student project suggestion?
Try http://dotcrimeManifesto.com/
NOBODY showed up? I would think having a high Sardonix rating would be a nice piece of "hacker-street-cred", like a low /. ID number, or running Linux on a beowulf cluster of 286s.
You are not the customer.
What size tin-hat do you wear? You might want to try a larger size.
-- You see, there would be these conclusions that you could jump to
Tin is a bit expensive and difficult to find these days; I would recommend using aluminum foil.
or you could always go the Open BSD route:
/etc/inetd.conf >> /tmp /tmp/inetd.conf /etc/inetd.conf /\#/'{print $1,$2}' /etc/inetd.conf < gpg -s tradesekrits.asc
theo$ sed 's/^/\#/g'
theo$ mv
theo$ echo "No r3m0t3 h0l3 in 30nS"
theo$ awk
theo$ echo "ey3 j4m th3 k1ng 0f s3kur1ty and my p3n1s is sm4ll"
Read, L
I didn't create an account on slashdot until almost a year after I'd first started visiting and I have this horribly high UID to show for it. Who could have known that, years later, a low UID would be such a symbol of power, fear, and respect!
:-)
I'm glad I didn't have to say that in person; I couldn't possibly have kept a straight face
A preposition is a terrible thing to end a sentence with.
How do you know that the NSA is only supporting Linux so that you will suspect them of malicious intent and therefore making it more likely that you will use FreeBSD which the NSA actually has critical exploits for.
You've fallen right into their trap.
You've fell victim for one of the classic blunders. The most famous is never get involved in a land war in Asia.
But only slightly less well known is this never go in against a Sicilian when (FreeBSD) death is on the line.
Who can blame the project for having failed, when it was named for the famous "stone of all bad" Sardonyx, i.e. Chtrag Sardius, the opposite of the Orb, or Chtrag Yaska?
Who 'lead' the project, Ctuchik The Grolim High Priest?
------>
Ok, ok... I'm a dork. Read David Eddings' "Belgariad" and "Malloreon" though - they make for a great read.
1. Read some router code
2. Document all critical security vulnerabilities
3. Do not report any bugs
4. ???
5. Profit!
There you are, staring at me again.
Auditing is boring.
Don't forget we live in a world where people collect stamps..
"It's too bad that stupidity isn't painful." - Anton LaVey
Not long ago there was a guy arrested driving down the wrong way on a one way street with no pants on. He was making use of unsecured wireless hot spots to surf for kiddie porn.
Damn, was there a law he DIDN'T BREAK?