In the CS community, it's well known that BSD is more stable, secure, and the best OS for critical infrastructure, while Linux is more friendly, flexible, and better for hobbyists or businesses that can save money (by hiring cheaper Linux fanboi rather than expensive real computer scientists).
Referring to a commonly known fact, such as the security of BSD vs Linux, is not an argument.
If it were a fact, then you would be able to point to some clear and objective evidence of that right? (Keep in mind that because you are referring to 'security' as some kind of blanket term you'd be responsible for providing that kind of evidence for the majority of aspects of the term and of course how exactly you know that your set of aspects is the majority). Nice labeling there mac. This isn't gainsaying. I, simply as a IT security professional and the holder of a degree in computer science, have seen no set of well-defined, broadly scoped evidence that BSD is superior in "security" to Linux. Nor in my conversation with other security professionals or members of the CS community (like my alumni, Usenix attendees) see any clear consensus as to the superiority of BSD. I have, certainly met people who make that claim but they always seem to fall down when trying to come up with a general definition of security or if they do they fall down in substantiating it with regard to their favored OS/Platform/Giant Spider. Ergo it seems reasonable to me to call such a term "complex" furthermore given that even the most secure systems from a theoretical point of view can be entirely undone in implementation (such as EMF side-channel attacks on QKDS) it seems again reasonable to me to call such a system "nuanced". Given these two facts (using the term correctly here). I think it is entirely justified to be mistrustful of any and all who consider "security' as an open and shut case for product (or platform or giant spider) X over product (you get the idea) Y. What do you want from me here guy? The two sentences above tell me to look at your use of the term "well-known" as: your opinion of the opinions of two very large groups of which your sample size is probably so small and poorly randomized it's useless. Not to mention that even if the majority of those two groups held the opinion you claim it still isn't necessarily meaningful Computer Science and EECS people do not always have a background in computer security. Making their opinion anywhere from questionable to useless. Given the size of the groups and the variance in the population's skill set you could easily be getting the opinion of the least qualified people. I mean would you really rank the opinion of someone's who's focus was in Combinatorics or AI or Queuing Theory as equal or greater than Bruce Schneier or (going old school) D. J. Bernstien when it comes to an application or operating systems "security". If you don't then how many Combinatoricists, AI researchers or Queuing Theorists make one Bruce or Dan? Not to mention it's not hard to find high-profile people in computer security who disagree on "well-known" concepts. You, BB, and Tux may huff, puff, insult, gainsay, and dissemble until blue in the face, but that won't change anything in reality. Bickering and playing word games don't cut it, especially when a statistical modeling expert (specialized in computer security) is schooling you on the facts and logic of the issue at hand. Thanks Maud-dib, for attempting to educate these stubborn script kiddies (1337 RHEL cert notwithstanding, LOL!). I repeat: Referring to a commonly known fact, such as the security of BSD vs Linux, is not an argument. What is the most secure operating system?In: Operating Systems, Computer Security http://wiki.answers.com/Q/What_is_the_most_secure_operating_system Answer: Security is a difficult and sometimes controversial thing to analyze. The only truly "secure" operating systems are those that have no contact with the outside world. The firmware in your DVD player is a good example. Among all modern general purpose operating systems (Windows, Mac OS X, Linux, Solaris, FreeBSD, NetBSD, OpenBSD) the most secure by default is by far OpenBSD.
OpenBSD has an extremely stringent security auditing policy; only two remote attack vulnerabilities have been found in the last ten years. This is because OpenBSD doesn't create a large attack surface by running a large number of networked apps. I've met Linus Torvalds in person. He's a nice guy, and it sucks his baby is being represented here by fanboi suffering from Tiny E-peen Complex. |
|
|
|
If anyone really has something to say other than a personal attack/rant I will be happy to respond! Pointing out that Greenspan left office years before you claim he "nationalized the banks" is not a personal attack. Until then i consider the so called "libertarians" to be about as rational and the "National Socialists" of 70 years ago. Godwin's Law
A term that originated on Usenet, Godwin's Law states that as an online argument grows longer and more heated, it becomes increasingly likely that somebody will bring up Adolf Hitler or the Nazis. When such an event occurs, the person guilty of invoking Godwin's Law has effectively forfeited the argument. Until then i consider the so called "libertarians" to be about as rational and the "National Socialists" of 70 years ago. Godwin's Rule of Nazi Analogies, sometimes also known as Godwin's Law, is a theory put forward by Mike Godwin in 1990. Godwin noticed that long-threaded discussions on the Internet tended to turn into mud slinging competitions by the end. The longer a thread got, the more likely it was that a Nazi comparison would be dragged into the discussion. Godwin's Rule states that: “As an online discussion grows longer, the probability of a comparison involving Nazis or Hitler approaches one.”
There are several implications to Godwin's Rule. Many online discussions involve intense personal beliefs and values, which sometimes clash quite dramatically. As the discussion continues, it tends to become less rational, especially after most of the valid arguments from both sides have been presented. On a hot button issue with no “right” answer, opponents may start to exchange insults because they become angry and frustrated.
Comparing someone, or an action, with the Nazis is a serious charge. The German Nationalsozialismus party dominated Germany from the 1920s through the 1940s. In 1921, Adolf Hitler was elected leader of the Nazi Party. Throughout most of the world, Hitler and the Nazis are equated with ultimate evil, due to their actions in the Second World War, which included the roundup of millions of Jewish people, homosexuals, gypsies, and other “undesirables” in the name of ethnic purity. The Nazis are associated with dictatorship, totalitarianism, and rigid order.
There are situations in which bringing up the Nazi party or Hitler is entirely legitimate. Any discussion of modern German history, for example, should include a discussion of the Nazis. Conversations about dictatorships and genocide are also situations in which a Nazi analogy is valid. However, when Nazis are brought up because a conversation is not going well, it suggests that the other side may have won the argument. Furthermore, it weakens valid comparisons.
Often, an example of Godwin's Rule accompanies hyperbole. The idea is to invalidate the opposition by comparing it to the Nazi Party. However, this can backfire, and usually does. Unless the comparison is valid, the person who brought up Nazis or Hitler is considered to be the loser. In a rational discussion or debate on or off the Internet, resorting to a Nazi comparison is generally a strong indicator that you have run out of material to discuss or support your claims.
Many Internet communities have taken Godwin's Rule to mean that when Nazis enter a conversation, the discussion is over. In some cases, someone may invoke Godwin's Rule to end a conversation before it gets worse. However, sometimes a discussion should continue, even though Godwin's Rule has been illustrated by a Nazi reference. Individual members of the discussion decide whether or not a conversation will be carried or ended with an instance of Godwin's Rule. |
|
|
|
Your original point seemed to be that FreeBSD is more secure than Linux. I'd say you haven't made your point. He doesn't really need to. I contend that if you are making an argument then it's up to you to support it. Clearly, he doesn't need to convince you. That's well and good but it still leaves the point as conjecture. In the CS community, it's well known that BSD is more stable, secure, and the best OS for critical infrastructure, while Linux is more friendly, flexible, and better for hobbyists or businesses that can save money (by hiring cheaper Linux fanboi rather than expensive real computer scientists).
I always find it interesting that people want to refer to the outcome of applying a complex and nuanced term like "security" to some product as being "well known". Speaking as a member of the aforementioned "CS community" (a la Dijkstra :-) ) Referring to a commonly known fact, such as the security of BSD vs Linux, is not an argument. Even if there happens to be a gainsaying fanboi present to dispute the widely recognized consensus reality. I always find it interesting that people want to refer to the principal concepts of a conversation as "complex" and "nuanced" as a way appear more deeply thoughtful than the other participants. BSD is not merely a security "product" it's the platform that the internet, and later the web, was built on and still runs on, to a large extent. Please re-read my use of the phrase "well-known" in its proper context of me speaking about the real CS community. And by "real" I mean EECS engineers and computer scientists, not cloud-happy corporate consultants and l33t Geek Squad linux fanboi. |
|
|
|
You are simply a trend following Richad Dawkins wanna-be, IE, a discredit to rational fair-minded people everywhere. People like you are giving all of us non-believers a bad name with your ugly Secular Jihad against personal spiritual beliefs.
The prejudiced idea that somebody else's spiritual beliefs are not compatible with evolutionary reality relies on the false premise that all religious people are stupid superstitious cretins.
I didn't say that all religious people are stupid superstitious cretins (sic). However, you must be in denial if you don't realise that "spiritual beliefs" do in fact conflict with the acceptance of evolution. That assumption cannot explain how Dr Paul graduated from one of the top 10 medical schools in the world, so therefore it is not valid.
Dude, you do realise that being an expert on evolution is not a prerequisite for graduating from a top medical school, do you? Jon, it was you who taught us all that evolution is the cornerstone of modern Biology. As Theodosius Dobzhansky famously stated, "Nothing in Biology Makes Sense Except in the Light of Evolution". It would be kind of hard to graduate from Duke Med without being able do understand biology, no? I can't think of a better way to get in touch with physical reality than by delivering 10,000 babies. Well, besides making 10,000 babies. Secular Humanist (ie, warmed-over post-Marxist) objections aside, the mutual compatibility of faith and reason has been well demonstrated over the years by scientific luminaries such as Newton, Einstein, and Darwin, who went as far as saying that "Science has nothing to do with Christ, except insofar as the habit of scientific research makes a man cautious in admitting evidence. For myself, I do not believe that there ever has been any revelation. As for a future life, every man must judge for himself between conflicting vague probabilities." http://en.wikipedia.org/wiki/Charles_Darwin%27s_religious_views] |
|
|
|
You certainly are a good representative of the typical trendy socialist /.'r Why?
I never respond to name calling. Your "facts" are totally wrong, especially about my TV habits (I don't even own a TV!) Nevermind your lack of a TV (I've never owned one either). Calling Ayn Rand, who is a respected figure among cyber-libertarians, a "Goddess of Libertarianism" is not going to engender a constructive conversation. You don't get to decide what years Greenspan was in office as Fed Chairman. That is a fact you have no jurisdiction over. Greenspan was not in office in the year 2008. There's no way he could have "nationalized the banks" that year. Understood? |
|
|
|
It's just stupid spam. I've added Tradehill to my spam list and now my inbox is beautifully clean.
Oh wow, you are going to be a hero to those poor people suffering from TradeHill's unforgivable incursion. Now Yahoo won't have to put a 'Start Complaint Thread on BTCForum' button next to the 'Flag as Spam' one. *cancels Project InstaWhine* |
|
|
|
Repressing volatility does not fix the underlying cause of the volatility.
If one or some exchanges decide to introduce circuit breakers, there no doubt would be other exchanges that would market themselves as insitutions that do not use them. Exaggerating volatility won't help things either. There is a market for markets, and most people will choose to use exchanges that don't externalize market friction caused by fraudulent events. You have fun with the hackers and their scripted flash crashes over there at MtAnarchist. The rest of us will be sane and use rational markets. |
|
|
|
Did you really read MILLIONS of line of code? ... Imagine you read 50% of it, at one second per line (whoa, you're a living compiler), it makes 158 years. You know, it is possible to be absolutely right and yet still come across as a bit of a dick...  You mean like someone who implies that (surprise!) some unspecified flavor of Linux is more secure than BSD, claims to have read the source code for both, then admits he actually hasn't, all while sporting a Tux avatar? By all means, let's indulge them and clap and sing their fanboi praises while they piss on us and say it's rain. |
|
|
|
Your original point seemed to be that FreeBSD is more secure than Linux. I'd say you haven't made your point. He doesn't really need to. In the CS community, it's well known that BSD is more stable, secure, and the best OS for critical infrastructure, while Linux is more friendly, flexible, and better for hobbyists or businesses that can save money (by hiring cheaper Linux fanboi rather than expensive real computer scientists). The vending machine story is a great parable of why sometimes you really, really want an OS designed by electronic engineers to be secure and robust, instead of a hobbyist's toy that is beloved by hipster dot-com wannabe types and businesses that love getting a cheap version knockoff version of genuine, authentic Unix. Let's bring the discussion back to MtGox. If I was setting up an online exchange, I would use Red Hat Linux for the public-facing front-ends. I would use Red Hat Linux for the database servers, both master and slaves. But for the critical stuff, such as the bitcoind instance, email, and SSL, etc. there is no choice except for the decision between FreeBSD and OpenBSD. I'd go with OpenBSD for the firewall, and FreeBSD for bitcoind. NetBSD for email. My users would get nothing less than the most secure set-up available outside NSA.  The fanbois really should realize there is life beyond LAMP. |
|
|
|
i have read most of the core code in Linux and Freebsd.
Did you really read MILLIONS of line of code? Linux kernel codebase is roughly 10 millions lines of code just for the kernel (excluding the comments and the toolchain to compile it. The full system with also GUI and other stuff is roughly 2.4 billions lines). Imagine you read 50% of it, at one second per line (whoa, you're a living compiler), it makes 158 years. The eldest living compiler! Now I understand you go around calling other people trolls. You have all the rights. This little calculation avoided me to explain that if you really read at least some of the BSD and Linux codebase you would know how much tidier BSD kernelspace is. Of course he didn't actually read "most of the core code in Linux and Freebsd." That's absurd. We are dealing with a poser (the worst kind of Linux fanboi is the wanna-be); notice how he splits hairs about Open vs Free BSD, yet never mentions which flavor of Linux he's jocking. Someone who finds "freeBSD kind of difficult to understand" is probably not a *nix expert of any kind! |
|
|
|
I am _SICK_ of the Tradehill spam. I got that email too. I feel like they are trying to shove this place down my throat.
If they want me to move over, they should concentrate on adding features and making their site better then Mt. Gox. Hell, I haven't even been there because of the irritating nature of the spam happy / Tradehill fan boys posting on the forums.
Just stop.
I get tons of real spam everyday, but I don't let it hurt my little feelings, and start bawling like a baby about it. The amount of peevish butthurt over a few HELPFUL emails around here is unreal. It's like some of you have never gotten an email from a third party in your entire sheltered onlive lives. If you truly hate spam that much, why did you GIVE your precious cloistered email address to MtGox, instead of using a one-time throwaway, or trackable email? It's because you are LAZY, and expect others to do the hard work of IT security for you, isn't it? What's going to happen when your MtGox email starts getting REAL spam, selling dick pills and prozac? I half expect to see a rash of suicides then, given how delicate you emo self-cutters' emotional states have been demonstrated to be.
OMG not ONE, but THREE SPAMSESES! It's The End of the World!!!1! *cuts wrists* *swallows tylenol, everclear* *CRIES MOAR* |
|
|
|
It doesn't seem that bad. He mentions exchanges other than Tradehill and you don't HAVE to click his link. Actually I think it could be quite informative to traders who don't follow the forums or know of any other exchanges.
So sending 60,000 emails using a stolen database is okay, because we didn't HAVE to click the link in it? That's insane, even coming from a guy named "pancakes". Just because I hate you now, I'm eating your namesake for breakfast tomorrow. I hope their fluffy, syrupy demise transmits some telepathic pain to you. Man, I'm telling you, I can eat a lot of pancakes, so prepare for my wrath. By the way, guy-who-did-this-if-you-are-reading-this, that counts as a felony if you happened to send emails to people in certain states, like Virginia. Hopefully tradehill has some good records of you. It's not a felony, or spam. So you can stop crying and shedding greasy burger tears everywhere. The situation is exactly the same as when Hint.io emailed the compromised Gawker users to inform them that their accounts were hacked. I'll even google that for you http://lmgtfy.com/?q=gawker+hint.io so (hopefully) all of you drama queens can stop being so huffy and butt-hurt. Get the picture? No? Well here it is anyway.  This morning I got an email from hint.io telling me that my Gawker account had been compromised. I very nearly ignored it as phishing. From the screenshot at the top of this post, you can probably see why. All three of the links in it, including the one to the Forbes article, link to the hint.io domain, which I'd never heard of. Googling the domain name mostly resulted in other people on message boards discussing it. The site itself has only a vague description of what it is and says that it's in beta. But it is in fact, a legitimate email, for certain definitions of legitimate. A legitimate email that should have come from Gawker. They have finally posted a brief apology and a FAQ, neither of which mention hint.io (presumably because they have nothing to do with each other). And as far as I can tell, Gawker still hasn't sent out emails to the compromised accounts themselves, although the FAQ suggests that they're "in the process of notifying those users." So what of hint.io, then? It appears to be the tool for a group that took matters into their own hands after Gawker opted to leave its users in the dark. TNW (The Next Web) calls them "good Samaritans." But at least one commenter there thinks that those sending the emails are as bad as those who compromised the accounts to begin with, since they're using the compromised data to sent the alerts. As one of the recipients, I disagree. I'm thankful for their transparency where Gawker was unwilling. The data has been released. That can't be changed. But they've used it for good, not evil. Or at least as an effort to help prevent more evil.http://opensource.com/life/10/12/what-hintio-and-why-are-they-emailing-youNow, tell us all how much success you had suing Hint.io for spamming Gawker users. Oh that's right you can't because your opinion is simply flat dead wrong! But something tells me that you'll keep clinging onto it, rather than admit you don't know understand the objective definition of spam, as opposed to your subjective, emotional 'I knows spam when I sees it' herpiddy-derp. |
|
|
|
freebsd is also less used  so there might be more bugs and exploits to discover. i acatualy like that there has been more holes in linux, because it means that they are fixed. Linux is used more than *BSD as a desktop OS by fangurlz with Tux The Penguin avatars (excluding OSX). Linux is used more than *BSD as a server OS by businesses that hire fangurlz with Tux The Penguin avatars. On the other hand, when me move into the world of the critical systems that keep the Linux kiddies' interwebs running smoothly, we find that *BSD has been used for much longer and with greater success: Over ten years of work have been put into enhancing BSD, adding industry-leading SMP, multithreading, and network performance, as well as new management tools, file systems, and security features. As a result, FreeBSD may be found across the Internet, in the operating system of core router products, running root name servers, hosting major web sites, and as the foundation for widely used desktop operating systems. The reason for this is that: BSD is designed. Linux is grown. You do know that without BIND and BSD, there would never have been any Linux or Tux, right? You do know that the root nameservers have always and will always run BIND on BSD, right? So why don't you write to the Internet Assigned Numbers Authority about how your magical Tux so much more secure and popular than BSD. I'm sure they'll be blown away by the force of your irrefutable, highly technical argument that "bugs, holes, and exploits are good." |
|
|
|
I'm a slashdot guy and I don't hate bitcoin. I don't love it either though.
I do however find the rampant libertarianism that comes with bitcoin somewhat annoying.
I too am a Slashdotter who is pretty neutral about BitCoin! Like Libertarianism itself Bitcoin is going through a transition from elegant theory to brutal reality. To put that another way: "In theory there is no difference between theory and practice, in practice there is!" The Goddess of Libertarianism and "Objectivism" (Ayn Rand) was happy to collect her (gasp) government Social Security checks for many years. Her great prophet Alan Greenspan was the (government) person who Nationalized the US banking system in 2008. Likewise the great and noble idea of a totally abstract form of money is starting to attract some serious crooks of various types. Up until a month ago all we saw were amateurs, now there is enough money (however you define it) to attract some serious thieves - not just script kiddies and small time con artists. Sorry folks "I calls them as I sees them". You certainly are a good representative of the typical trendy socialist /.'r Why? - You love to bash libertarians, but have a terrible command of the relevant facts. EG, Greenspan left office in 2006. And the Federal Reserve Act nationalized the banking system long ago, in 1913. - Your catty, emotional dislike of "all-time" bestselling author "Ayn Rand" makes you expose your ridiculous penchant for overusing the "Look@me, I'm being sooo snarky and sarcastic" quotation marks. - You get your worldview mostly from Viacom's corporate liberal entertainment complex (Mahar, Maddow, Stewart, Olbermann, etc.) and parrot it without the benefit of critical thought or even cursory fact-checking. - You think that Democrats are like, cool, and stuff. Or at least you did in 2008, when you voted for Obama. Sorry dumbo, but you're not the only one who ""calls them as I sees them"." And Ayn Rand had every right to reclaim the money stolen from her at gunpoint, under pretext of 'social security.' |
|
|
|
Looking at the comments in the few articles about Bitcoin that appeared on Slashdot so far, it seems the Slahsdot crowd really hates Bitcoin. However I do not see an obvious reason for that? Any ideas why the Slashdot crowd hates Bitcoin?
Philipp
It’s a condition called Being a Cynical Asshole. |
|
|
|
For this, you were put in your place (not by me) and you responded by retreating into generalities
are you confusing me with someone else? what you're saying seems incoherent; you seem to think i've been proven wrong about something, but you can't communicate what it is. are you just 'trolling' me? Nope. I triple-checked and bitcoin2cash is definitely talking to you, about your problematic slurs against libertarians, here: this may sound petulant, and my apologies if it is, but i distinctly recall the user "s" pointing out in this forum the importance of cross-site request forgeries and the fact that many popular bitcoin-related websites were vulnerable to them. he (or she) then left the forum and deleted all his/her posts, having been pushed away by extreme libertarians.
this is another example of the tone of the forums posing a problem for the bitcoin community, which could benefit from a more inclusiveness, diversity of opinion, and politeness. if people had listened to "s" rather than dismissing that user's concerns as somehow hostile to bitcoin because they didn't 'toe the line', many problems could have been addressed months ago.
I take offense to lumping all of us libertarians together as if we are the problem. ... Please rethink your opinion on libertarians because even when the speculators are long gone, we will still be here wanting to use this currency. Oh no, not a DISTINCT recollection! Zomg, that's the worst kind of recollection of all!!1! You *did* apologize in advance and libertarians can be prickly too, so.... Let's just be friends!  |
|
|
|
Hot Lava?!?  Duck, and Cover. |
|
|
|
This is a basic technical concept, which was clearly expressed by MtGox in their interview tonight:
The security breakdown occurred because of penetration from a trusted third party (our financial auditor) and not because of any SQL or XSRF vector.
MtGox credibility is going down quickly and I dont believe that statement. Its basically a leap of faith because they offered no proof. The staff at MtGox is a primary source. As such, what they say in an on-the-record public interview is considered to be our best bet for an accepted version of The Truth. Unless you have some evidence that would damage their credibility, of course. Otherwise we'd have to violate Occam's Razor and postulate some hidden entities, whose conspiratorial machinations are responsible for their MtGox representative puppets' phony baloney 'blame-the-accountant' excuses. The simplest explanation is the best. And a simple end-run through an untrustworthy third party seems more likely than exotic browser exploits. Time will tell. Time, and a couple boatloads of lawyers. |
|
|
|
It's not that hard: the interview tonight (did you watch it?) about the break-in proved that ALL the people who were claiming they knew the cause of the MtGox heist were WRONG.
and where do you think i ever claimed that i knew the cause of the problems on mt. gox? i wasn't even talking about them. note that we're in a discussion about a cross-site forgery problem on clearcoin. i brought up mt. gox only after you called me 'gotcha guy' and seemed to suggest they had never been vulnerable to such request-forgery problems. i know this is an internet forum and all, and reading comprehension may not be your strength, but it might be worth actually reading what i'm saying before criticising it, calling me a 'bozo', and referring to my 'e-peen'. grow up, please. The vulnerability at ClearCoin is ancient history, as announced upthread. Despite this, you had to vent, with self-admitted petulance, in a rambling attack on rude libertarians and how kids today won't listen when you warn them to stay off your lawn and fix obsure web bugs. For this, you were put in your place (not by me) and you responded by retreating into generalities about how " any criticism of the bitcoin protocol must be motivated by a brainwashing." THIS IS WHERE THE CONVERSATION, AT YOUR BEHEST, STOPPED BEING SPECIFICALLY ABOUT CLEARCOIN AND THE TOPIC CHANGES TO A LESS LIMITED FOCUS ON HOW:  these were not lessons to learn; these are obvious to anyone with even the slightest experience in systems security. as i said, a good critical user who visited the forum for a week pointed them out, specifically, along with a variety of other problems. either there's too much noise or too much complacency for people to listen or learn before the problems manifest themselves. No problems ever manifested themselves at ClearCoin, and the problem that did manifest at MtGox was not the result of an SQL or XSRF attack. Do try and keep up! |
|
|
|
It's not that hard: the interview tonight (did you watch it?) about the break-in proved that ALL the people who were claiming they knew the cause of the MtGox heist were WRONG.
That interview proved nothing except that the rep of mtgox present said some things with no evidence presented except for their willingness to make public statements without seeking legal counsel first and that they do not understand basic technical concepts. This is a basic technical concept, which was clearly expressed by MtGox in their interview tonight:
The security breakdown occurred because of penetration from a trusted third party (our financial auditor) and not because of any SQL or XSRF vector.
|
|
|
|
|
Show Posts
