topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Tuesday March 19, 2024, 3:34 am
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: Linux and Internet security  (Read 7287 times)

xtabber

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 618
    • View Profile
    • Donate to Member
Linux and Internet security
« on: November 06, 2015, 09:49 AM »
According to today's Washington Post, "The Internet’s future rests with a man who calls most security experts ‘completely crazy’"

I'd agree that Linus can be obnoxious at times, but I would certainly not call him crazy, or even wrong-headed about security experts.  But then, I'm not a security expert.


MilesAhead

  • Supporting Member
  • Joined in 2009
  • **
  • Posts: 7,736
    • View Profile
    • Donate to Member
Re: Linux and Internet security
« Reply #1 on: November 10, 2015, 05:29 PM »
Hmm, I remember reading a blog someplace where the person seriously advocated building the security into the system before the system has been made to work.  He noted that programmers leave out security measures because they are trying to get the code to work.  Then after the function is enabled they graft the security on later.  He suggested building in the security from line one of code.  Of course how to accomplish this new way of program design is never specified.

The blogger is even more inane than those people who posit that "everything should be free."  :)

Edit:  Sorry it was some time ago when I encountered the blog.  I have no clue where I could dig up the citation.


Tuxman

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 2,466
    • View Profile
    • Donate to Member
Re: Linux and Internet security
« Reply #2 on: November 11, 2015, 09:21 AM »
Linux's "security" records are awful indeed. I can't understand why anyone prefers it to other systems.

40hz

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 11,857
    • View Profile
    • Donate to Member
Re: Linux and Internet security
« Reply #3 on: November 11, 2015, 11:27 AM »
It's fairly straightforward to design security into a system, which basically comes down to controlling access to memory and the supervisor. The old mainframe security was virtually bulletproof in that regard. The real problem today is that this type of security can be cumbersome to deal with on a highly interactive interrupt-driven OS targeted for workstations as opposed to something intended for servers where the allowed running processes are usually very fixed and restricted. So the security usually gets "detuned" as the saying goes, until people stop complaining. AFAIK there's no easy way to work around that, so design compromises are unavoidable.

If anybody does find a way to get the absolute best of both worlds when it comes to operational transparency and strong security, they should be pleased to know there's a very large fortune and probably a Nobel Prize waiting for them to claim it.

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,153
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: Linux and Internet security
« Reply #4 on: November 11, 2015, 11:58 AM »
It's fairly straightforward to design security into a system, which basically comes down to controlling access to memory and the supervisor. The old mainframe security was virtually bulletproof in that regard.
That's only a very small part of the whole picture, though... there's a Whole Lot Of Horrible in that world because people mess up the (complicated!) security settings and then expose the boxes to the internet. Like when Anakata of PirateBay fame hacked the central Danish police mainframe.
- carpe noctem

40hz

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 11,857
    • View Profile
    • Donate to Member
Re: Linux and Internet security
« Reply #5 on: November 11, 2015, 12:06 PM »
It's fairly straightforward to design security into a system, which basically comes down to controlling access to memory and the supervisor. The old mainframe security was virtually bulletproof in that regard.
That's only a very small part of the whole picture, though... there's a Whole Lot Of Horrible in that world because people mess up the (complicated!) security settings and then expose the boxes to the internet. Like when Anakata of PirateBay fame hacked the central Danish police mainframe.

To be sure. But that's not a coding issue. It's an "interface" (i.e. human) issue. If we could just get the people out of the loop, security wouldn't be an issue at all.

Easy to say.

But not practical to do.

Nor necessarily desirable, as the cautionary scifi story Colossus: The Forbin Project suggested many years ago.  ;)
« Last Edit: November 12, 2015, 12:28 AM by 40hz »