Slashdot Mirror
Debian Hardened Aims For Security
larryg writes "Debian Hardened is a new project that wants be an official Debian sub-project. It aims to provide a complete tree of hardened kernel and software packages for a standard Debian distribution, without changing to another like Adamantix and making easy the hardening of any machine running Debian GNU/Linux. The hardened kernels use the grSecurity patch and some of the Adamantix kernel patches; also, its packages are compiled with the ProPolice/SSP gcc extension and some libraries to prevent and trace buffer overflow attacks. Also, and as a second project, we are working on some enhacements against the Linux Entropy Pool engine, using an external TRNG (True Random Numbers Generator) device which uses thermal noise and also the atomic decay from a Geiger counter, making true unpredictable random numbers."
Doesn't provide as many choices or the technological /security understanding of Hardened Gentoo
While I confess to being a hard-core Gentoo nut, isn't choice often the mother of all fuck ups? What's wrong with doing one thing and doing it right?
Tubal-Cain smokes the white owl.
why would you need a distro for securing your machine? you should just secure your favorite distro yourself :)
soo.. what you're telling me is that just by using gentoo you gain magical insight into understanding secure systems and how security is built from ground up?
gentoo is nice and all, but it certainl doesn't make it's users magically understand the underlying system. btw, just because you can copy and 'discuss' compiler flags on a forum doesn't make yourself an expert on building fast software or make you understand what kind of speed ups are even technically possible and of all things it doesn't make you magically understand how software is executed at run time or the operating system built so you could see that saying stuff like "my mozilla has no ps/2 support" doesn't really show you in good light.
one choice in reducing possible user fuckups is reducing easy user choices("do you want to have a theoretical speedup by disabling using shadow file y/n?").
world was created 5 seconds before this post as it is.
Because people disagree what is the right way of doing it. I share some frustration that the choice offered of using linux makes some things more complicated than on a windows machine. But in the end, it just generate more competition, which is what has been killing the software industry for the past few years. Actually the industry has been fine, it's the consumers who are getting shafted.
isn't choice often the mother of all fuck ups
/.'s sig: "Freedom of choice is what you have. Freedom from choice is what you want". I think it applies to the general populace and is relevant here.
I read this in of the
Free XBox, PS2
Or maybe, just maybe the project is a ALPHA status and is very new and has only been active for 2 weeks so no one has had a chance to write any documentation?
Normal people worry me!
I kind of get a kick out of all of the anti US gov't people on /. using something the NSA developed and gave back to the community.
This guy is way out there
I prefer to discard only the bathwater. Baby can stay. I get a kick of the NSA giving back to the community that hates them...
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"