[ cyb / tech / λ / layer ] [ zzz / drg / lit / diy / art ] [ w / rpg / r ] [ q ] [ / ] [ popular / ???? / rules / radio / $$ / news ] [ volafile / uboa / sushi / LainTV / lewd ]

tech - God bless the AMD

2nd chances
Name
Email
Subject
Comment
File
Password (For file deletion.)
BUY LAINCHAN STICKERS HERE

STREAM » LainTV « STREAM
[Return][Go to bottom]

File: 1446760847083.png (14.04 MB, 3420x2280, 1440043414029.png) ImgOps iqdb

 No.13563

https://archive.is/2wwMz

Apparently Linus admits that the linux kernel is designed without security in mind but says that it doesnt really matter : “If I have to worry about that kind of scenario happening,” Torvalds added with a wry grin, “I won’t get any work done.”.

What are your thoughts on this? Is this just normies trying justify their decision to not install gentoo?

So just how secure is linux really? Does linux implement good security or does it just benefit from the fact that not many people use it therefore no one really bothers to write malware for linux? Also this happened today

https://archive.is/kQSzd
>>

 No.13567

I don't give a soykaf . Give me my freedom.

>>

 No.13569

Like said, linux isn't built for security. The kernel is a mess, and don't let me started on systemd. Keep in mind a hacker is just one buffer overflow away from a total access on your system.

If you want a secure operating system, look for OpenBSD.

>>

 No.13573

Why is OpenBSD better? Doesnt Gentoo have bsd like security features?

But yeah, systemd running as root and being an extremely large and messy code bound to have a bug or two doesnt put my mind at ease.

I think linus and company are careful enough with C to not make the kernel vulnerable to buffer overflows though.

>>

 No.13574

>>13573
BSD-like security measures != OpenBSD-like security measures. As theo de raadt said himself, MS is actually ahead of FreeBSD and Linux as far as some select security features are concerned. This doesn't mean that Windows is more secure than Linux, but he does have a point.

>>

 No.13575

>>13563
Developing a "secure" OS, would for one part mean that you would have to prove that your OS works as intended, in any situation. This means using math and soykaf and I know nobody who would be crazy enough to actually try to do this seriously. (It's already painful enough to do this for sorting algorithms)

>>13573
Systemd is actually quite readable code and one of the reasons why so many things are linked together in systemd, is because they are writing clean code once and reusing it every time. Instead of writing hundreds of bash scripts, they simply write once code to handle units and they are done.
Linux' virtual memory implementation on the other hand is still kind of a mystery for me.

>>

 No.13576

So, what is the best BSD, and will I have issues installing a BSD if I have a laptop with Windows 8 in mind? Or if I'm a normie would I just be better off with Xubuntu?

>>

 No.13577

>>13576
depends on your laptop but openbsd has great power management support and stuff partly because a lot of the devs themselves use laptops.

>>

 No.13581

So what about security minded OS's like Tails?
And what about having dedicated security devices like ASAs and hardware firewalls, would that make the security of your actual OS irrelevant for the most part?

>>

 No.13582

File: 1446770820499.png (31.86 KB, 300x255, obsd.png) ImgOps iqdb

Linux from a design point is horse soykaf .

Use *BSD if you want actual security.

>>

 No.13583

>>13577
>>13582
Are there ways to streamline the installation process of a BSD? Like make it as n00b friendly as Ubuntu?

Also are there any resources that explain the major differences between BSD and Linux in terms of security and pros and cons. I understand the difference between Linux and Windows but it isn't as clear between BSD and Linux.

Or if I'm unwilling to play around with BSD installers should I consider a Mac or Hackintosh, or is there some very n00b friendly BSD variants out there?

>>

 No.13588

>>13575
>Developing a "secure" OS, would for one part mean that you would have to prove that your OS works as intended, in any situation. This means using math and soykaf and I know nobody who would be crazy enough to actually try to do this seriously. (It's already painful enough to do this for sorting algorithms)

This is not so true anymore, especially now that we have machine-assisted proof and proof verifiers. There is a real renaissance going on in verification in the last few years.

Just some happenstance:

>L3 is verified
>several compilers are verified
>dependent types are going to be in the next or next+1 generation of system programming languages (Rust and Ocaml are the closest to this; Coq already compiles to ocaml which compiles to native code)

It isn't a stretch to think of some sort of HURD/Singularity type OS running on verified L3, compiled with a verified compiler, with all the OS services implemented as highly sandboxed servers written themselves in a high level language.

Microsoft is probably the closest to this point; they've invested very heavily in verification and it's paid off for them immensely. The main reason why BSODs have gone down is because they flat out refuse to sign vendor drivers if it doesn't pass their model checker. And that's a fuarrrking model checker, just imagine when they have the option to write kernel modules in verified F#.

>>13583
The main market for BSD is infrastructure still. There isn't a lot of investment in user-friendly installers.

My advice would be to buy a second hard drive, and just swap it in and out of your laptop when you want to work on the BSD system. When it gets to the point where you can go a month without swapping the drives, just switch to BSD as your primary system.

>>

 No.13589

>>13581
TAILs isn't a "secure" OS in the general case; it's a special-purpose OS that can do a specific task (secure communication) very well. Some of the tradeoffs it makes are incompatible with general purpose computer use, like a total lack of local storage or configuration.

So if you want to send email or go on Tor without the NSA finding out, by all means use TAILs, but you'd have a problem using it for your primary system.

Unless... there was some sort of darknet-cloud-based ChromeOS based on TAILs. Which is not even a stretch.

Hm.

>>

 No.13591

>>13588
A formally verified kernel has actually been done
https://github.com/seL4/seL4
https://en.wikipedia.org/wiki/L4_microkernel_family#High_assurance:_seL4

>>

 No.13603

>>13588
After some serious digging, I did find GhostBSD, which does have a streamlined installer. My main worry is whether I'll be in the clear in terms of hardware support. Because of the UEFI and Secureboot trash, quite a few Linux distros will install but will give me the terminal instead of letting me log in. Elementary OS was a good example of that.

>>

 No.13608

File: 1446829696458.jpg (171.74 KB, 1520x1080, 874445.jpg) ImgOps Exif iqdb

If somebody is already sniffing in your personal PC or knows about your location.

You are already fuarrrked.

>>

 No.13617

>>13575
>Systemd is actually quite readable code and one of the reasons why so many things are linked together in systemd, is because they are writing clean code once
Hello Greg, how's that kernel infec....kdbus development going? And what about that gpl-evasion business?

>>

 No.13619

>>13588
>The main reason why BSODs have gone down is because they flat out refuse to sign vendor drivers if it doesn't pass their model checker.
Do you have a source for that? It's cool that they're using their monopoly to improve the quality of hardware.

>>

 No.13620

>>13608
>If somebody is already sniffing in your personal PC or knows about your location.
Assuming they have infinite resources to waste on you.

>>

 No.13621

>>13575
>This means using math and soykaf and I know nobody who would be crazy enough to actually try to do this seriously. (It's already painful enough to do this for sorting algorithms)

NICTA and GDC4S were crazy enough to make seL4. https://sel4.systems/About/seL4/

>>

 No.13624

File: 1446837676501.jpg (97.44 KB, 1520x1080, mib.jpg) ImgOps Exif iqdb

>>13620
I mean if it is somebody you know and its a petty dispute you can always beat him up or throw the cops at them.

If it is a government agency they probably don't care about your stuff and if they do you already fuarrrked up.

If you are really paranoid just put you pc inside a faraday cage, use tails everywhere else and never write or say anything that compromises you.

>>

 No.13625

>>13608
>>13624
privacy and staying under the radar are just means to an end. do you have an end, or are you being paranoid while forgetting to live the life you protect from surveillance?

>>

 No.13627

File: 1446840421868-0.png (25.25 KB, 256x192, cf.png) ImgOps iqdb

File: 1446840421868-1.bmp (150.12 KB, 640x480, MenuV0104.BMP) ImgOps iqdb

>>13575
>Developing a "secure" OS, would for one part mean that you would have to prove that your OS works as intended, in any situation. This means using math and soykaf and I know nobody who would be crazy enough to actually try to do this seriously.
No. Like many, you enjoy complicating simple ideas. The tire has to meet the road at some point and that requires someone to understand it. You can't hide under abstractions forever. The key to developing a "secure" operating system is to have a small and understandable operating system.
http://www.colorforth.com/cf.htm
http://www.templeos.org/

TempleOS is significantly more complicated than colorForth, but it probably fits the criteria well enough, although colorForth is built from very simple primitives:
http://www.colorforth.com/forth.html

Here's an IDE driver:
http://www.colorforth.com/ide.html

Despite the simplicity, even arithmetic is optimized:
http://www.colorforth.com/arith.htm
http://www.colorforth.com/add.htm

TempleOS would probably be easier for someone familiar with C though. I haven't looked into HolyC or its compiler much, but at least the entire environment is intended to be below 100,000 lines, which means that alone probably isn't too large. It's feasible for a single person to verify the entire system.

Looking around, I did find this covering the compiler, assembler, and disassembler:
https://www.youtube.com/watch?v=v9yctup6bIw

>>13583
The OpenBSD installation is just a series of questions. It's very easy and only uses basic terminal features, meaning it will function properly on most anything.


Really, the only reason to use UNIX or Windows nowadays is because of the support for all of the incredibly complicated "standards" out now. The only way this will ever get better is if better standards are developed. Just look at all of the trouble involved in "securing" a web browser, for example. The protocol and all of the standards make it practically impossible.
Standards can be judged by how many implementations they have. Any standard should be implementable by a single person.

>>

 No.13628

>>13625
neither of those you quotes, but.. the latter.. damn.

>>

 No.13630

Colourforth looks beautiful from a design standpoint.

>>

 No.13634

>>13588
Rust and OCaml have nothing to do with dependent type...
Anyway, I agree with you, a lot of research are going in this area.
The most important group today working on this is INRIA, I think.

For the ones interested see also refinement type like LiquidHaskell and metaheuristics optimization, like OpenPAT.

>>

 No.13637

>>13635
Even with all that, the maximum you will get is something that is proved to comply to some spec. And specs is made by humans. It just allows better security, not perfect (if that exists at all).

>>

 No.13641

>>13591
Yeah, I fuarrrked up and thought it was L3 and not L4.

>>

 No.13642

>>13619
Just Bing it. It's common knowledge in PL academia and I think is publicized, but it might be word of mouth. I interned in MSR last year in this area and can say with confidence this is what they're doing.

>>

 No.13644

>>13634
Rust and OCaml are the languages closest to mainstream with these features. I can see Rust++ having dependent types or verification annotations, depending on who designs it. OCaml I think has dependent typed extensions.

And Haskell probably does too but nobody can use it so it's irrelevant. Haskell is what you get when you learn type theory on the street, as a colleague of mine used to say.

>>

 No.13645

>>13627
TempleOS is verified by the LORD

>>

 No.13648

>>13627
the dev of pic related is literally schizophrenic

>>

 No.13649

>>13644
>Haskell is what you get when you learn type theory on the street, as a colleague of mine used to say.
More like what you get when you learn type theory through category theory.
Hask is pretty much Cat.

>>

 No.13652

>>13644
I think it's exactly the opposite. Some teachers that use SML in class are considering migrate to Haskell. We have high-order logic provers likes Haskabelle (used on prototypes of seL4 kernel), refinement type like LiquidHaskell, checking methods like QuickCheck, lot's of libraries in cabal and many tools using haskell.

I think the evolution of the software engineering will go in future to two different ways: one will be the practical thing, using component based approach with dependent type languages like Idris, and the other a much more "conservative" using things like retrenchment and Teyjus or Curry...
That's, of course, an idealistic view, because we all know that soykaf like javascript will increase the development, the user base, and gain the market entirely.
The development of more efficient optimization algorithms is also a interesting area of research, like the cited OpenPAT, great project.

http://www.cs.man.ac.uk/~banach/retrenchment/
http://teyjus.cs.umn.edu/
http://www-ps.informatik.uni-kiel.de/currywiki/

>>

 No.13657

>>13644
A Rust with dependent types will take forever to happen, even more than any other language with dependent types, because it is imperative, and that's another conceptual jump.

And your last phrase just shows that you are not looking very much. Haskell is blooming, and will only get bigger in the next years.

>>

 No.13663

>>13569
>don't let me started on systemd.
I would honestly like to hear if you have a valid complaint regarding systemd.

>>13573
>systemd running as root and being an extremely large
I don't think you understand what systemd is.

>and messy code
Have you ever looked at the code? It lacks comments but the code itself is generally clear.

>>

 No.13690

>>13648
Doesn't mean he didn't make a really interesting operating system.

Sure he's a racist, crazy man that leaves mean comments all over the internet, but what he made is a lot better than what most could do.

>>

 No.13692

>>13625
>being paranoid while forgetting to live the life you protect from surveillance
tinfoils btfo

>>

 No.13694

>>13625
I'm sorry, what should my hobbies be then? Buying things I don't need? Watching TV? I am living my life.

>>

 No.13702

>>13694
I think the point is you shouldn't allow paranoia get the best of you. The hobbies themselves don't matter, you could just be someone who does absolutely nothing, but the second you start obsessing too much about spying, you've lost.

The best thing to do, assuming you aren't doing anything massively illegal is to just avoid the corporate spying done with cookies, avoid companies like Google whenever possible or otherwise remove the Google elements from Android and use fake names whenever allowed to do so with companies like Apple and MS.

Anything more than that seems crazy. Just have more fun, I can't tell you how much of a headache it is to find a decent smartphone that won't crap itself using Android and will allow me to root and delete the Google Apps. It makes me wish Apple would make cheaper phones or MS make a better mobile OS with better apps.

>>

 No.13707

>>13702
>Anything more than that seems crazy
To ignorant, to naive and the company shill.

>>

 No.13709

>>13707
Seeing as data on company servers is fair game for governments, falsifying info is a good start. Not to mention cloud storage on your own terms is pretty sweet, as well as self hosted email. But even more tech savvy people won't do this, due to a lack of time or will.

However, merely reducing your profile on these company servers seems like the best course of action. Don't use Facebook, use flash drives instead of cloud storage, etc. but don't make yourself crazy trying to cover every single track.

ISPs know otaku torrent anime by the buttload. They know people are obsessed with cat memes. Your cellphone provider has info on your location based on towers not very accurate for some people since people are now warning us to not use cellphones for 911 calls due to inaccurate locations.

Sure, you can obscure yourself to some degree, but it'll come at the price of your free time and your health. Which comes to the point that other anon was making. Do you have a reason for demanding privacy like avoiding the corporate spying, which imo is the opposite of being a company wage slave or ignorant. Or are you spending too much time thinking about how you are in the Truman Show?

>>

 No.13712

13709
>it'll come at the price of your free time and your health.
Yes, positive that is.

You're spouting services or types of services that i have never used and never will.
I was not born into world where outgoing networks were a thing in the corporate (or maybe small business) world, even less for domestic use. For example: to me, WAN is something that is not used constantly: i can go months without connecting to outgoing network and still use computer 15 hours a day and produce thousands of lines of code.
Hell, when and where i produced my first commercial programs, the environment was completely isolated.

>>

 No.13713

>>13712
This sounds like a major generational gap, I was born in the early 90s, so by the time I was on a computer, the Internet was really getting big. To some degree, electronic devices for me need the Internet else they are worthless. Some periods of my life have been seeing my computer as a chan terminal.

Using Linux has helped giving me tools like GIMP and GNUcash to let me be more productive. But I use the Internet to check my banking, my email, cut the cord for cable, various things for my job, etc.

I use my cellphone to talk family members and clients, etc. sorry I assumed we were in the same situation. That makes a lot of sense.

>>

 No.13729

File: 1447037661766.png (32.73 KB, 1027x477, aylmao1.PNG) ImgOps iqdb

>>13709
>Seeing as data on company servers is fair game for governments, falsifying info is a good start.
And how!

>>

 No.13745

>>13729

/dev/random >> lol-die-google.bin
? :'D

>>

 No.13751

File: 1447082755922.jpg (54.85 KB, 686x529, 1435075530866.jpg) ImgOps Exif iqdb

>>13745
That's the gist of it.

>>

 No.13754

>>13563
Security of Linux is not far away from the security of OpenBSD. Linus is well aware that programming for security is bull soykaf and even 1 bit overflow can be used a serious exploit, so instead he makes sure that Linux's source is good and bugless in general.

Then how OpenBSD is more secure than Linux? It implements things that make it harder to exploit a system, when you are already fuarrrked – in other words, when your system is already compromised.

For example OpenBSD has randomized memory allocations. To be able to use arbitrary code execution exploit, you need to know the address of the function you want to use. Assuming on one run of some exploitable binary libc's system() function will be present at 0xB19B00B5 address, the next time you run the same binary, system() might be at 0xDEADBEEF.

>https://archive.is/kQSzd
It literally asks user if they wanted to install an apk on their Android phone with shitload of permissions. Only an idiot would fall for it (read: 90% of human beings).

Every system is as secure as their user is smart.

>>

 No.13764

http://www.washingtonpost.com/sf/business/2015/11/05/net-of-insecurity-the-kernel-of-the-argument/

Pretty good article on the subject. The comments are fuarrrking awful and have people saying the fact it's open source is the reason it's insecure, because it's an open book for hackers... which is stupid.

Also they fail to mention Stallman, and refer to it as "linux" not GNU/Linux, and the article itself seems to imply that Linus is some kind of god king over GNU/Linux, and fails to bring up any of the philosophical underpinnings of the OS, but it's still an interesting article.

>>

 No.13765

>>13764
That article is full of holes. They talk about what Linus said about the philosophy of design behing the kernel, and then go on to talk about flaws in the userspace and common Linux server apps.

In my humble opinion, the recent Linux security scare is just a bunch of baseless FUD (but as I've always said, you should be using Free/OpenBSD anyway).

>>

 No.13773

>>13764
Stallman and GNU have nothing to do with the subject.

>>

 No.13774

>>13773
There is no GNU/Linux without Stallman.

>>

 No.13775

>>13774
There's no Windows without Gary Kildall. It's not relevant.

>>

 No.13788

If anyone has ever looked at a CVE, all of the critical patches for remote and local exploits are usually fixed within a week tops.

Secondly, what is this article even trying to say? They are writing about the side that is criticizing Linus for focusing too much on the performance and progress of the kernel and then go around to talk about completely different software that has nothing to do with or are completely unrelated to the kernel.

>>

 No.13810

>>13773
Actually, this is one of the few times that the distinction between GNU/Linux and Linux seems very important.
>Yet even among Linux’s many fans there is growing unease about vulnerabilities in the operating system’s most basic, foundational elements — housed in something called “the kernel,” which Torvalds has personally managed since its creation in 1991. Even more so, there is concern that Torvalds’s approach to security is too passive, bordering on indifferent.

>>

 No.13812

>>13810
Sounds like it's time to shove a boot up Linus's Scandinavian ass and start Freenix.


Delete Post [ ]
[ cyb / tech / λ / layer ] [ zzz / drg / lit / diy / art ] [ w / rpg / r ] [ q ] [ / ] [ popular / ???? / rules / radio / $$ / news ] [ volafile / uboa / sushi / LainTV / lewd ]
[ Return / Go to top /