'Unbreakable Linux' 434
Zadig writes "It appears as if Dell, Oracle, and Red Hat CEOs have decided to make 'Unbreakable Linux'. Could a giant arise amidst today's insecure and constantly patched linux world that could hold the title of Unbreakable Linux? I doubt it, but it will be fun to try, what are your thoughts?" There's a similar article on CNet.
Obligatory Funny Comment (Score:4, Funny)
Re:Obligatory Funny Comment (Score:3, Funny)
Oracle? (Score:3, Insightful)
So how much money do we get when some admin forgets to patch zlib or whatever? $100 million?
They can work day and night to make Linux more secure, but if the customers don't maintain the systems, they're perfectly breakable.
I'll take my $100M now.
Re:Oracle? (Score:2, Offtopic)
Hello nurse! C'mon, you dont really want to detroy the utopian 'once the *cough*secure*cough* product is bought/installed, we're secure' view we all have, do you?
Please, this culture abhorrs responsibility. Thats why we champion a system where responsibiltiy can be outsourced.
Re:Oracle? (Score:2, Insightful)
By "unbreakable," I think they mean reliable, not uncrackable.
Let's learn from "Unbreakable Oracle" (Score:2)
Re:Let's learn from "Unbreakable Oracle" (Score:3, Insightful)
Re:Let's learn from "Unbreakable Oracle" (Score:3, Funny)
So how about tamper evident, like food packaging?
You know, when you log in as root, you should hear the pop. If you don't, it means someone else has already r00t3d J00r 80X.
Re:Let's learn from "Unbreakable Oracle" (Score:3, Funny)
Re:Let's learn from "Unbreakable Oracle" (Score:2)
Murphy's Laws of Hacking: (Score:3, Insightful)
Unbreakable isn't.
Doesn't matter whether you're talking about a database, an operating system, or a bank vault. The only way to make something unbreakable is not to make it in the first place.
Redhat (Score:4, Funny)
Re:Redhat (Score:3, Funny)
Try SCO Open Server.
Unbreakable Linux... is that like my ol'... (Score:2, Insightful)
Let's hope... (Score:3, Funny)
Wow, taking on IBM mainframes... (Score:5, Interesting)
To quote Oracle CEO Larry Ellison
Taking on IBM? Taking on IBM mainframes? That is truly a serious statement.
If nobody ever gets (got?) fired for buying IBM, what does this mean?
Re:Wow, taking on IBM mainframes... (Score:3, Funny)
Re:Wow, taking on IBM mainframes... (Score:4, Interesting)
N.B.: this is NOT flamebait
I think it means that IBM is going to have wake up and smite someone.
With what? A bargain-basement priced cluster of AS/400s? zServers are DAMNED reliable, but they are *single* systems in a *single* location. A high-availability cluster doesn't HAVE to be located in a *single* server room, or even a *single* geographic location
Give me 16 "Unbreakable Linux" PowerEdges and some damned fat pipes and I can design you a cluster that a nuclear attack probably couldn't take out. Edge-of-the-network clusters give good performance and DAMNED good availability.
Re:Wow, taking on IBM mainframes... (Score:5, Funny)
Give me 16 "Unbreakable Linux" PowerEdges and some damned fat pipes and I can design you a cluster that a nuclear attack probably couldn't take out.
Cool. If you do consultancy then it may be a good time to start marketing your services in the Indian subcontinent.
Re:Wow, taking on IBM mainframes... (Score:4, Interesting)
Indeed.
>A cluster of four Linux machines is more reliable and less expensive than an IBM mainframe.
Less expensive? No question. More reliable? Hmm.. I guess I'd have to see some hard numbers to back that up.
Notice he doesn't mention "more secure"... probably a reason for that, huh? Of course, a lot of it is good old fashioned security through obscurity. How many 14-year-old kids have OS/360 / MVS / [insert your big iron poison here] experience? How many have linux experience? Right. (Yeah, some whacko is bound to point out http://www.conmicro.cx/hercules/, and to that whacko I say "I didn't say *no* script kiddies would have the experience.. just a lot fewer.)
Its all semantics anyways. Everyone knows the ultimate in reliability and security is MPE running on an HP3000...
Re:Wow, taking on IBM mainframes... (Score:4, Funny)
Nah - MSDOS 3.1 (and nothing else) running on a 486 is far more reliable and secure, but probably not as useful. If you did't bother to switch it on it would be even more reliable and secure, and not much less useful. ;-)
Re:Wow, taking on IBM mainframes... (Score:2)
Noooo kidding! I learned to compute/administrate on a VAX 11/780 back in the mid 80's, and it was funny how environments seemed to be way more solid and reliable back then. The more I thought about it though, I kept coming to the conclusion that this was probably because even the guys running them didn't really understand them all THAT well, and everybody was scared shitless to actually "hack" around with them. The only time you did anything was when you really HAD to.
These days, some (if not most) *nix admins think nothing of logging in as root and dicking around to try stuff out, all because they've got 4 different boxes at home running the same OS. That makes it much more familiar (dangerously so) to them.
All I know is that I didn't have an 11/780 at home in the garage to mess around with.
On a side note, I had a chance to pick one up a while ago, but the better half wouldn't let me get it, never mind power it up. Every time she asked "WHY!?" she wouldn't take "cuz it'd be cool" as an answer. *sigh*
Re:Wow, taking on IBM mainframes... (Score:4, Informative)
There's an interesting piece about exactly this topic in today's Register: security through obsolescence [theregister.co.uk].
Re:Wow, taking on IBM mainframes... (Score:3, Interesting)
Now they plan to take on IBM with something they considered cheap? Amazing.
Don't forget: Larry often talks sh*t (Score:4, Interesting)
Anyways, to come back on-topic, Larry talk a lot of sh*t. And he isn't really trying to promote Linux, only to bash IBM DB/2. And the reason he's bash DB/2 is that Oracle has being losing a fair amount of share in the database market, particularly at the high-end.
For the last nine months, Larry's hobby-horse has been 'unbreakable' real-application database clustering. Yet, there has been remarkably little support: partly at least because early point releases of Oracle software have a reputation for instability (and possibly insecurity, too) that make Microsoft look... well only very bad rather than really, really bad. (Take Oracle 11i, their latest application suite; now on 11.5.4 and still not stable, allegedly.)
Anyway, I take anything Larry says with a very large grain of salt.
Unbreakable & unsinkable? (Score:5, Funny)
No intention to be troll...
Re:Unbreakable & unsinkable? (Score:2)
Administration (Score:2)
Re:Administration (Score:2)
Agreed
However, when the e-commerce site goes down because of a broken database server and they are losing $100K/MINUTE of REAL money
Wanna know why admins have greying hair in their 20s???
Desktop computers/laptops (Score:2)
"Unbreakable Linux" (Score:5, Insightful)
Another lesson that this new coalition should learn is humility. I would hope after the "Unbreakable" campaign Oracle launched, and the blowback it received, that they'd take the time to tone down their attitude and ensure they're somewhere near as unbreakable as they'd like to think. If their claims aren't so grandiose they're less likely to suffer an explosive userland reaction when a flaw is (and there will be flaws, it's just Murphy's law) is discovered.
Otherwise, I applaud the idea. Linux can benefit from a hardened, secure-from-the-box distribution initiative powered by folks with the pockets to fund the massive codewalks it will take to tighten things up. OpenBSD brought several benefits to the BSD community, I can see this doing much the same thing.
Re:"Unbreakable Linux" (Score:2, Insightful)
So, the Linux vs. BSD trolls can go away now.
Any idiot can break OpenBSD (Score:2)
Any idiot can break OpenBSD if he dicks around with the configuration. I'm sure "Unbreakable Linux" will suffer the same fate. Of course that's breakability by the administrator. Root access can be a very dangerous thing for most. The question is, can they make a system that can't be broken even by the owner, at least without trying to break it? I doubt it. They'd have to not give root access.
And this won't be the same kind of thing as OpenBSD is. I would trust Theo a whole lot more than Larry or Mike. Where's the source?
Re:"Unbreakable Linux" (Score:2)
Gotta disagree. Granted it is more hype than expectation, but they've made a very clear statement of intention. I'd much rather see fireworks with no real damage done than "Well what do you expect?". The lesson to be learned from OpenBSD is to get your priorities straight.
'Unbreakable' and linux (Score:3, Insightful)
Why linux/dell? Cause compared to a couple hundred thousand dollar sun 4500 or hp V class machine, it's all but pennies on the dollar!
have i been wrong all this time? (Score:3, Funny)
Have I been wrong all this time?
Wow these guys are serious (Score:5, Funny)
Re:Wow these guys are serious (Score:2)
Re:Wow these guys are serious (Score:3, Funny)
If it includes a power cord and an ethernet cable it's crackable
And tell me, Mr Anderson, what good is an ethernet cable if you don't have any I/O devices? Hmm?
It already exists. (Score:2)
(yeah, yeah, I know BSD isn't linux. It's a joke)
Were this to be true... (Score:3, Insightful)
And with PHBs being more comfortable everywhere, that means the possibility of more ISV stuff which is currently held up by politics (as opposed to tech issues) alone.
And that would be Good (TM)
So they're finally going to cave in ... (Score:4, Funny)
So... (Score:4, Funny)
Unbreakable apps (Score:2, Funny)
My list:
man
ls
ping
who
Re:Unbreakable apps (Score:2)
Re:Unbreakable apps (Score:3, Informative)
man is okay though....
Oh yeah? [redhat.com] :)
Re:Unbreakable apps (Score:2)
The Unix philosophy is that you write small programs that do ONE thing VERY well, then string them together with pipes, tees and scripts
Good plan, EXCEPT when someone decides to trust the program they are piping into NOT to return a buffer overflowing string
The GID vulnerability in man is a WONDERFUL example of "trust NOTHING"
Re:Unbreakable apps (Score:2)
How Oracle Plans To Do It (Score:3, Funny)
The whole thing will be packaged with Oracle's Java-based installer. After 40 days and nights of installation time, the machine will run so slow that no one would even consider breaking into it.
In summary, the entire package is estimated to cost $55,000 USD.
Read Before You Rant, Folks. (Score:3, Insightful)
But Really... (Score:2)
If they are just talking about their clustering solution, thats pretty cheesy. You could cluster a bunch of NT boxes to get the same effect. Sounds like they just want to sell linux on a bunch of clustered IBM machines running Oracle.
Not bad, not good, not GNU (Score:3, Interesting)
Hey, I'm a BSD user anyways, but I think that the last month has shaped the way that Linux will be seen to the business consumer.
Enough of this crap.. (Score:5, Insightful)
a) User Error (@see shitty passwords)
or
b) The system was not kept up to date.
Beyond that, nothing can be unbreakable. There will always be the 0.01% of hacks that occur because of a design fault, and you will never get rid of that 0.01% no matter how many eyeballs you have. But if you're serious about security use good passwords, and keep your system up to date. Sure it's not sexy, and it won't make stock prices jump, and most of the time it isn't much fun, but unless you're the NSA you will never, ever have to do more than those two things to keep your system safe.
I forget who said it, but right after 9/11, some talking head on TV asked some expert "What can Americans do to stay safe after these attacks?" and the expert answered "Buckle your seat-belt and quit smoking".
Occam's razor strikes again.
Re:Enough of this crap.. (Score:2, Insightful)
Security depends on good system design and good programming and diligent systems administration and careful users. Throw in good physical security and reliable hardware for good measure. If any one of these links breaks down, your security could be gone.
"Have you disciplined your users today?" -- The System Adminastrix.
Re:Enough of this crap.. (Score:2)
Thank you, as an admin, all props are appreciated. 99.999% (5 9's
99.99% of hacks occur because either:
a) User Error (@see shitty passwords)
which is why my NIS master server refuses to accept passwords that are less than 8 characters long and that have less than 2 non-alpha characters in them. Okay, I COULD require tougher passwords, but there is a limit to what faculty will accept at an
or
b) The system was not kept up to date.
You'll RARELY find one of my UNIX servers with an uptime of more than 90 days. Reason why? My team applies the quarterly (maintenance stream) overlays from SGI and the [7-8]_Recommended patch clusters from Sun religiously. They usually, generally, almost ALWAYS require a reboot because of kernel patches. We also troll (not THAT kind of trolling) CERT, bugtraq and CVE for vulnerabilities so we will know what "interim" bugfix patches really NEED to be applied.
For an admin, ANY admin, but ESPECIALLY a Unix admin<super>footnote 1</super>, a healthy dose of paranoia is a professional requirement.
<super>1</super> - 5kr1p7 k1dd13z would rather 0wN a RISC-based Unix box than anything else on the planet
Re:Enough of this crap.. (Score:2)
Security.
NIS.
Security.
I try and I try, but I can't make these go together in my head.
Re:Enough of this crap.. (Score:2)
Re:Enough of this crap.. (Score:5, Insightful)
Worst. Name. Ever. (Score:4, Insightful)
BS. (Score:2)
Penguin Pictures. (Score:2)
Would an AMD Hammer work on Unbreakable Linux?
Red Hat's business tactics (Score:2, Insightful)
It had to be said... (Score:4, Funny)
Unhackable Linux (Score:2, Funny)
for i in `chkconfig --list | cut -f 1`; do
doneThen, echo -n > /etc/shadow
for i in `cat /etc/shells` ; do rm -f $i ; done
No hacking then!
No need to renegotiate. (Score:2)
When asked if the new and cheaper solution would be offered to the State of California as an alternative to its outstanding, yet controversial, $95 contract, Ellison said the state of course has the option. Oracle has said repeatedly that it is willing to renegotiate the deal.
As for Oracle's recent threat of a profit warning for its fourth-quarter, Ellison said Oracle was in its quiet period but would not issue a profit warning.
At $95, I'd say there's no real need to renegotiate.
This is a Good Thing(tm)... (Score:3, Troll)
This could easily keep Microsoft from ever breaking into the enterprise market. The simple truth is that PC boxes could not support enterprise and mission critical applications in the past because of the hardware reliability factor. Unbreakable Linux has the power to change this, and keep Microsoft out of the enterprise-level market indefinitely. Get used to the desktop, Microsoft, because you aren't going anywhere else!
Re:This is a Good Thing(tm)... (Score:2)
Gee
'Nuff said for me
Re:This is a Good Thing(tm)... (Score:2)
*cough*part-time effort*cough* by *cough*amateur*cough* developers
includes:
Linus Torvalds, Alan Cox, Bruce Perens, Miguel de Icaza, Tridge, Rasterman, TigerT, ESR, RMS (I LIKE Emacs
Re:This is a Good Thing(tm)... (Score:2, Informative)
Huh? You must be smoking something really strong. Windows2000 Advanced server offers clustering services out of the box. SQL 2000 also offers clustering. Exchange2000 offers clustering. What do you mean that Microsoft doesn't offer clustering support? Get off the soap box dude before I push you off.
Unbreakable Linux would work for me. (Score:2)
I'd certainly use Unbreakable Linux before I would even consider UnitedLinux based on the things I've heard so far.
Unbreakable... (Score:3, Insightful)
No system can be made 100% secure AND be totally functional.
Don't we have one already? (Score:2)
If you want security and reliability, why not just use Debian and hire a competent admin?
Red letter/hat day (Score:2)
OMG... A linux fan said this? You'd almost expect this thought to come in a Windows flavor... Maybe they aren't all raving lunatics after all. Nah. Musta just bumped his head
Score -1, Troll (Score:2)
My thoughts are that you are a troll. Who the fuck is this guy? Do slashdot editor ever think before posting? (yes, that's a rhetorical question...)
Making Hack-Proof Linux (Score:3, Interesting)
However, if they are really trying to make a hack-proof version of linux, I maintain that a really good way to do this would be to get rid of C [slashdot.org] in the implementation of security-critical components (network servers, suid programs, etc.). If these components were written in a type-safe language (like O'Caml, SML, or Java), we'd instantly have a more sercure system. The code would also be a lot nicer to write and maintain!
One only needs to subscribe to Bugtraq for a while to realize that buffer-overflow style holes are not going to go away by sheer willpower. Machine-checked safety is an easy way around this, and it stuns me that people who want secure software don't simply use secure languages.
Dell, Schmell (Score:4, Interesting)
The last big push before I quit was when they released a couple of 1u boxes. One ran NetWare and the other Red Hat Linux. They really "went the extra mile" that time and provided maybe 25% of the technicians with a big one day class and a copy of O'Reily's "Running Linux"; which is a very good book, but was grossly out of date at the time. One day. You couldn't get your foot in the door without being able to say you had two years of NT experience with a straight face, and back it up in a techinical interview that was no punk.
I genuinely hope that this aliance ends up being a boon for the community, but to be honest I think 'ole Mike has used up his credibility in this department.
-Peter
just so long... (Score:2, Funny)
man would that be an ugly looking icon.
In other news (Score:3, Funny)
Does "Unbreakable" come with a full warranty? (Score:3, Insightful)
Recently purchased an "unbreakable" "full warranty" hose nozzle. It's stainless steel and brass with a half inch thick hard rubber ring around it. Cost about $20. Product literature shows it being run over by a car without damage. We've installed it at the washing stall of a large horse barn, attached to the similarly expensive "full warranty" "lifetime" hose. We'll see how it works out when a horse steps on it. If it breaks, the manufacturer will send us another one. That's what "unbreakable" means.
holy shit (Score:4, Insightful)
NO ONE READ THE ARTICLE.
Not one person. Not the submitter, nor any of the people responding.
Unbreakable Linux has NOTHING to do with preventing hacking. It is about clustering, so that other nodes can take over when one node breaks. Not is broken into.
Depressing.
Follow the money trail ... (Score:3, Funny)
The Dot Com economics are back boys
Linux on Dell Desktops (Score:3, Interesting)
If Dell are so interested in this project, how about giving the option to buy a desktop online with RedHat [redhat.com] instead of just offering the latest M$ OS?
I'm sure sales at Dell.com [dell.com] would increase if Linux users could buy a new PC straight from Dell without having to go through the bother of uninstalling Windows and installing their own copy of Linux. Think of the cost savings as well! No XP license!
Re:insecure? (Score:3, Informative)
Re:insecure? (Score:3, Informative)
Re:insecure? (Score:2)
True
The impression I've gotten of the Unix world is that the universal reaction to a SERIOUS security hole is "Oh sh!t, we've got to FIX this, NOW!" This attitude tends to lead to "long, long patchlist"s.
Re:insecure? (Score:4, Insightful)
The way I see it, the unix world's reaction to possible security holes is the same. Just because a buffer overflow or whatever can be exploited doesn't mean it will be. I think this is where Microsoft's attitude comes into play. They wait for someone to exploit something, wait for enough people to complain, then do something about it. That's called being REactive. Unix and linux coders tend to be PROactive, i.e. issuing bugfixes and patches before anything serious comes to pass (i.e. your whole network getting rooted from an obscure overflow in an even more obscure kernel module/server daemon). Alot of patches are to prevent/repair potential exploits which are provable in theory only sometimes.
Re:insecure? (Score:4, Informative)
B1 does not say anything about frequency of patches, security of default install, or 'breakability' of the system.
So being sertifies as B1 does not make trusted Solaris more secure then Linux, or Win XP. It just makes it more suited for military-type computing.
Maybe it _is_ very secure, but B1 has little to do with it.
Re:insecure? (Score:2)
A badly configured Linux box can be as insecure as a unpatched Windows box with default settings. In contrast, a Windows box can be made more secure than a Red Hat Linux box with default settings.
In addition, you got to take into account the purpose of the box, the environment in which the box is running, the security policy, and what security mechanisms are in place.
Re:redhat != linux (Score:3, Informative)
Sure, conceptually some other OS may be more secure. But administrator skills are still really important. Let's take NSA Security-Enhanced Linux for example. Unlike normal Linux systems, it uses Mandatory Access Control (MAC) instead of Discretionary Access Control (DAC). If you're not happy with me using a "linux-kernel based system" as an example, well, the Flask operating system which SELinux is based on will do too. Ok, now using MAC makes it conceptually "more secure", as you say. However, let's say the administrator uses a root password, "hello". Now, even if it has the best MAC mechanisms in the world, your OS is gonna be rooted. And if the admin does not define your MAC policy accurately because of lack of skill, there goes your OS as well.
How about OpenBSD? OpenBSD is known for its security.. default install and such. I really love OpenBSD and I use it for production systems, but I'm still cautious about what services I open and what I don't. Let's say an admin happily opens up a few services. And, due to lack of skill, the admin does not monitor security alerts and stuff like that regularly. So one of the services has a remote hole, and boom, there goes your ultra-secure OpenBSD box.
So it's either you're thinking in a narrow-minded way, or you're getting the concept and context of a secure OS entirely wrong in the first place. An OS may be theoretically secure, but we must always consider the practical aspects of any system. Otherwise it would just be unrealistic.
Linux and security (Score:3, Insightful)
The real issue is not a "Linux" issue but a distro issue. And there are extremely secure distros, such as Trustix, and security-enhanced kernels like SELinux (with its Manditory Access Control layer).
But the other issue is that there is no such thing as unbreakable [favorite software here] unless that software does not run. There will always be bugs, and points of attack, so there will always be security issues. The real question is how severe are the security issues and what can be done to minimize their impact and number.
How about reading the announcement first? (Score:2)
They are talking about fault tolerant database clusters with no single point of failure.
They probably imagine a Beowulf cluster of these.
Re:How about reading the announcement first? (Score:2)
Not really
Re:AS/400's (Score:2, Insightful)
Re:Yes but... (Score:2)
He'll have to get the accent down pat though... "yeeepeeee kaiiiii yaaaaayy"
Re:Yes but... (Score:2)
My question is ... who plays Hans Gruber? Bill Gates or Steve Balmer? And who plays Simon (DH w/a Vengance)?
Re:There is already an unbreakable OS (Score:3, Insightful)
Why "Unbreakable"? (Score:2, Informative)
One of the advantages of Linux (and often other Open Source stuff, and other UNIXes) is that you need to have a clue to be able to make it work. So it follows that you have a higher proportion of clued people using/administrating/developing etc on Linux than you do on the M$ crap.
Stupid people think that you buy the product (the latest incarnation of Windows, IIS or whatever), plug it in, and it's "secure" - or whatever else it's been touted as. Clued people understand that there's more to it.
And that, I think, is why most Linux (or BSD or whatever else) installations tend to work better - they've been done by someone with CLUE.
Re:Why "Unbreakable"? (Score:3, Funny)
Here. [linuxdoc.org]
Re:The Sixth Sense Linux (Score:2)
graspee
Re:Redhat IS unbreakable already. (Score:2, Insightful)