Slashdot Mirror

← Back to Stories (view on slashdot.org)

Welcome Back Kernel.org

Posted by samzenpus on from the look-who's-back dept.

Hummdis writes "After more than a month of being offline due to a security breach at Kernel.org, they're back! While they were down, they took the time to 're-architect' the site for developers and users. A statement reads: 'As noted previously, kernel.org suffered a security breach. Because of this, we have taken the time to re-architect the site in order to improve our systems for developers and users of kernel.org. To this end, we would like all developers who previously had access to kernel.org who wish to continue to use it to host their git and static content, to follow the instructions here. Right now, www.kernel.org and git.kernel.org have been brought back online. All developer git trees have been removed from git.kernel.org and will be added back as the relevant developers regain access to the system. Thanks to all for your patience and understanding during our outage and please bear with us as we bring up the different kernel.org systems over the next few weeks. We will be writing up a report on the incident in the future.'"

2 of 94 comments (clear)

  1. Re:Maybe they should switch to OpenBSD... by kthreadd · · Score: 1, Troll

    Last time I checked Apple runs their stuff on Windows Azure so maybe Kernel.org should do the same. I mean, Kernel.org have been hacked what now, two or three times? How many times have Windows Azure been hacked? Zero. So, just by looking at statistics moving to that platform could be a good move.

    I mean, since we just went odd-version and have the Visual Basic rewrite imminent, being open towards new hosting platforms should be an option.

  2. Re:Lessons for others? by LordLimecat · · Score: 1, Troll

    The common wisdom is, our security is superior to Window's security,

    And on what do you base that assumption? Because scores of users get pwned by Acrobat and Java exploits, but it just happens to be hitting windows machines?

    I have never seen any credible proof that your common Linux server distros (RedHat, CentOS, Debian) are more secure out of the box than Windows Server 2003 or 2008-- and I have seen a LOT to suggest that 2008 (and Win7) are more secure than their *nix counterparts.

    I really dont want to start a flamewar on this (though I probably just did), but its ridiculous to continue acting like this is 1995 and Windows is the piece of garbage it once was. Since NT, the filesystem security is better than your most common *nix variants (more granularity, more specificity). Since XP, the system has mechanisms to detect filesystem tampering and to repair it (SFC). Since XP SP3, it comes with a deny-all firewall built in and supports DEP. Since Vista, everyone runs as least-privileged, the browser is sandboxed, the RAM is ASLR'd, the kernel refuses unsigned patches / hooking, and the firewall has been upgraded to something that is on par with iptables. And since 7 x64, all drivers require a digital signature.

    A great many of those features came much later in Linux and OSX, and some are STILL lacking (due to fears about centralization, potential for abuse, etc-- valid reasons, but still resulting in lesser security). As it is now, for the most part, there is no appreciable difference between the security of Linux and that of Windows, and I defy anyone to provide a compelling argument to the contrary.