Zealocy: Reporting from Linux-land

In pursuit of more Linux experts I hit the chat circuit. IRC and even *gasp* Yahoo Chat. As a rule, I just watched passively to see anyone who seemed a little more knowledgeable than the rest. What did I learn?

Apparently the following is true in Linux-land:

Microsoft.com is hosted on a Linux server
Hotmail.com is hosted on a Linux server
Top Secret government computers run Windows NT
Thousands of the TS NT systems are compromised every year
Top secret government computers run Linux
None of the TS Linux systems are ever compromised
Nearly all self-procliamed Linux experts are MCSEs
Windows 2003 is a “small services system”
Recent versions of Solaris are based on Linux
Recent versions of FreeBSD are based on Linux
IP Chains is the strongest firewall in the world
The answer to every Linux security deficiency is “SE Linux”
SE Linux is part of the kernel and is not a research prototype
The TCSEC and all its derivatives are a joke
Linux’s open source nature means you can run it as a microkernel
If you claim to have credentials people put more weight in what you say, if they agree with you

Now, many of these points were repeated time and place again and again. I couldn’t believe it.

Look Linux-land, we get your point. You don’t mind 0.x software, you don’t mind informal development models, and you think that the total number of exploits is the exemplification of all information security.

You can be forgiven for those sins… but the rest of this misinformation?
Asking a bit much.

cheers,

catch

PS. One person stated that they planned to turn over the logs of our conversation (where they told me about all the hacked TS NT systems and secure TS Linux systems that they knew about from their work at the State government) over to the people at 2600 (I thought they were dead?), so keep an eye out for that gem.

Hi all ...

I'm the inventor of Linux ...my alias is Linus Torvalds ... I use some guy to do all public relations things like give speeches and stuff. But I'm the real genius behind Linux.

So you could say I'm the über linux geek ... and I say that all the things stated in the above post are true .

realy they are !

:rolleyes: :D

C.

Quote:

---

I'm the inventor of Linux ...my alias is Linus Torvalds ... I use some guy to do all public relations things like give speeches and stuff. But I'm the real genius behind Linux.

So you could say I'm the über linux geek ... and I say that all the things stated in the above post are true .

---

Perfect.. I believe you.. At last I succeded in finding the real genius 'The Creator of Linux'...

Quote:

---

Microsoft.com is hosted on a Linux server
Hotmail.com is hosted on a Linux server

---

My google search for the phrase 'where microsoft.com is hosted' has given me this result in its top 5 results in less than half a minute...
http://uptime.netcraft.com/up/hosted...,65.55.255.255


How the netcraft people lie so bluntly... I cant believe this...

Anyway... Pray that saints dont get offended at no0b this time.. Just tried to find out the truth.

C'mon catch fess up...........................

Did you really get to meet Michael Jackson?

:eek: :p :D

Quote:

---

Microsoft.com is hosted on a Linux server
Hotmail.com is hosted on a Linux server

---

Try replacing the IS with WAS. Hotmail at one point was indeed on a *nix box (not sure if it was Linux or not). This was prior to Hotmail being purchased by Microsoft and eventually, MS phased them out. I believe (and don't quote me on this) at one point as well Microsoft was experimenting with *nix and Windows webservers and compatibility (most likely for the Unix tools). Further, I suspect that there was an association of Microsoft running *nix when it was the Hotmail servers specifically that did it.

Quote:

---

Top Secret government computers run Windows NT
Thousands of the TS NT systems are compromised every year
Top secret government computers run Linux
None of the TS Linux systems are ever compromised

---

So are thousands of *nix boxes. Incompetent admins are not solely the realm of Windows. They are within the Realm of IT itself. There's also a belief that the gov't has proof of Aliens.

Quote:

---

Nearly all self-procliamed Linux experts are MCSEs

---

So are nearly all admins. When you have 350K MCSEs everyone is one (dime a dozen)

Quote:

---

Windows 2003 is a “small services system”

---

Isn't that why MS created Data Center and other variants of Windows?

Quote:

---

Recent versions of Solaris are based on Linux
Recent versions of FreeBSD are based on Linux

---

No but I believe they've incorporated a lot of what Linux has brought to the market.

Quote:

---

IP Chains is the strongest firewall in the world

---

Definately not. It's a good home level firewall but these days one should at least be using IPTables or something strong. Static packet filtering is extremely limited.

Quote:

---

The answer to every Linux security deficiency is “SE Linux”
SE Linux is part of the kernel and is not a research prototype

---

Then why would I have to recompile the kernel to get SE Linux in? And the true answer to every security deficiency, regardless of Windows or Linux, is the human being admining it.

Quote:

---

The TCSEC and all its derivatives are a joke

---

Only to those that don't understand.

Quote:

---

Linux’s open source nature means you can run it as a microkernel

---

It's not the open source nature that makes this. It's the design. IMO.

Quote:

---

If you claim to have credentials people put more weight in what you say, if they agree with you

---

Again. This isn't unique to *nix.


Then again.. these are all just my opinions and others opinions. Take them as you will. Catch, if you're not keen on using *nix (whichever flavour) then don't. I fail to see the purpose behind the religious debates other than for the sake of debate.

PS to your PS:

Quote:

---

over to the people at 2600 (I thought they were dead?)

---

No. Phrack closed. 2600 still publishes quarterly. You can visit their website at... 2600

There is a paper online on how Microsoft did the research about how to switch everything at Hotmail over to Windows, and how they had to craft some tools that didn't exist in Windows (but did in *nix) to do it. There are of course also situations of tools that exist in Windows and not in *nix, but those worked out in their favor ;)
The whole thing is actually quite ingenious.. Let me see if I can find it..
Nope, can't right now. *sigh*.

Quote:

---

Linux’s open source nature means you can run it as a microkernel

---

I think they have mistaken running linux on top of a microkernel for running linux as a microkernel..

As my custom title states I am a GNU/Linux fan..
But as you know (atleast I hope most of you know) I am realistic..

The last couple of years I've had so much fun argueing with other linux fanboys over some magical stuff they attribute to linux and opensource in general..
You have only skimmed the top of the iceberg that is GNU/Misinformation..
The stuff I read on IRC and in forums..

I think that is the price GNU/Linux has to pay for it's incresing popularity..

It's not just GNU/Linux that seems to be having these kinds of problems..
http://www.theregister.co.uk/2005/10...ality_problem/

I usualy prefer to get my information from established sources like man pages, /usr/doc, tldp and fsf instead of forums and hearsay..
Only if I can't find what I'm looking for I'll ask some help on forums and selected IRC rooms, usualy just to get some good keywords to help my search for credable information..


When I started using Linux in 1998 things were quite different :)

That's zealotry. And no wonder you found so much bogus info.
You consulted the internet. Did you really expect anything else?

Here's what you do. get a second computer. Download a copy of linux.
Install and try it yourself. Careful! It's addictive. Newbs become zealots
overnight.
:cool:

Hotmail was freeBSD and apache. I was part of the joint development team that helped bring Exchange up to snuff to be used by ISP's and extremely large web based email providers like hotmail.


Here is the article that somebody else referred to- http://www.microsoft.com/technet/int...l/default.mspx


The only place you would probably find even more bogus information would be wikipedia..

Quote:

---

Originally posted here by catch

Apparently the following is true in Linux-land:
[..]
SE Linux is part of the kernel and is not a research prototype

---

Well I'd consider that SELinux is a kernel patch. It is a research in and of itself but once you patch it becomes part of the kernel. The fact that it's not in the vanilla [yet] is a matter of stability and average user needs.

It depends who you talk to and where you talk to them [IRC nets]. There's gonna be a lot of joking around to weed out users that don't bother to actually research; in a serious conversation most Linux users know what's true and what's not. IT professionals especially [you have to realize that many people you've spoken to are users not IT/IS personnel] would be aware of what's really going on. Beyond the joking around and rumours that are usually sprung from people not being able to read information properly.

It's not a fault of Linux or the community. You can't force a stupid person not to use Linux or have them shut their mouth, they'll eventually give up when they're far enough from the truth. I know you can argue that the community is made up of all users, including the dumb ones; but they are just passing by, like skiddies pass by AO once in a while, like dumb sysadmins pass through admin roles in various companies.

mohauhgn : That's the one :) I didn't actually think to search on the Microsoft website, as when I read it, it was just one long HTML document, and Microsoft actually has formatting :)

That was a neat job, and grats to you for working on it.

A bit of info on the MS on linux claim. Around the time of code erd Microsofts ISP put a stop gap fix in. They frontended MS's web site (running on then vunerable IIS servers) withe some apache servers running modproxy and modrewrite to implament a passthrough proxy. In fact if you talk to a MS consualtent this is still one of the ways they recomend securing OWA. Seems the thinking is anything that exploits apache will be dead in teh water at IIS and anything that exploits IIS will die at the proxy layer. We used this method heavely at one of the compaines I worked for, if you can wrap our brain around regular expressions it works like a charm.

I wasn't actually a part of the hotmail conversion. JDP was a team that MS put together that consisted of extremely large corporate exchange installations and a team of MS developers. We were basically a really big team of beta testers that had resources to really stress windows 2000 and exchange 2000 in a lab environment. We did a lot of beta testing and a lot of product improvement recommendations.

Quote:

---

Well I'd consider that SELinux is a kernel patch. It is a research in and of itself but once you patch it becomes part of the kernel.

---

This should REALLY concern you.


NSA: "Yay we made a neat kernel patch, we shall dub it SE Linux. It's too bad this SE Linux is just a research prototype, but it served our needs."

Ghost of Torvalds: "Wow, that research prototype is cool! Let's add it to the production system, giving it the guise of being something more or safer than a research prototype."

Linux Users: "Well it is in the kernel, it must be stable and proven! The Ghost of Torvalds would never trick us like that, and even though people joke about anyone being able to just piss in the kernel, we know in our hearts it isn't true!"

At the end of the day you've been lied to by kernel.org.

cheers,

catch

PS. Not to be too harsh to Linux users, I could go around and interview Windows users as well... except all I'd have to post bck is people telling me about their grandchildren or that they finally mastered the more complex "one bunny ear goes under the tree trunk" method of tying their shoes.

Quote:

---

they finally mastered the more complex "one bunny ear goes under the tree trunk" method of tying their shoes.

---

Hey catch can you give me more details?............I am fed up with having to wear slip-ons

:p :D

Quote:

---

Originally posted here by catch
[B]This should REALLY concern you.


NSA: "Yay we made a neat kernel patch, we shall dub it SE Linux. It's too bad this SE Linux is just a research prototype, but it served our needs."

---

Quote:

---

NSA SELinux
The results of several previous research projects in this area have been incorporated in a security-enhanced Linux system.

---

So, previous research projects. Everything starts out as research but matures in time. It's the scientific process at work. But the [sometimes good] folks at NSA wanted to make sure it all works well together so they've worked on it a bit. It's reached a level of maturity that got it into the kernel tree.

Now I understand that neither SELinux nor other Linux 'things' provide what you need... and that's fine. You have two options:

1. stick with the proprietary things considering that you trust them [and aren't particularly obsessed by conspiracy theories]

2. start a project to implement what you need [for Linux and open source it]

In terms of the other thread and your TCB path requirements, I undersand you were looking for a finite product rather than the possibility of developing one. But that's there and this is here =)

P.S. Not to show too much zealotry, I'm trying to play a bit of devil's advocate about some things for the sake of discussion and more and more arguments being brought to the table... in the end that's what makes a good debate.

cheers!

Quote:

---

1. What is Security-enhanced Linux?
Security-enhanced Linux is a research prototype of the Linux® kernel

---

- http://www.nsa.gov/selinux/info/faq.cfm#I1

Quote:

---

So, previous research projects.

---

...Were incorporated into this new research project... which has had no further development by the NSA or plans for further development. Don't kid yourself, it is still a research level project... why in god's name it is in the kernel tree is beyond me.

Quote:

---

start a project to implement what you need [for Linux and open source it]

---

Unfortunately I've never been much of a programmer, all of my experience and skill lies in top level design, verification, risk management, and such.

Quote:

---

Not to show too much zealotry, I'm trying to play a bit of devil's advocate about some things for the sake of discussion and more and more arguments being brought to the table... in the end that's what makes a good debate.

---

I couldn't agree more.

cheers,

catch

PS. nihil: http://wiki.ehow.com/Tie-Shoelaces

Edited for PS

catch, what OS do you run?

If its BSD I'll laugh.

I am largely a Windows 2000 user... though being as a result of being involved in OS research for such a long time I have a number of systems... including FreeBSD and SecureOS (which is a seriously mutilated version of BSDI)

cheers,

catch