Grinder
Legendary
 Offline
Activity: 1284
Merit: 1001
|
 |
June 20, 2011, 11:37:08 AM |
|
I'm not going to start a flamewar. Please respect my objective opinion. I will respect your personal belief.
So your cherry picking of data points is objective, but pointing out the obvious fact that you're cherry picking is subjective? Also, I have never said anywhere that Linux is more secure than *BSD. |
|
|
|
|
|
|
|
|
|
Every time a block is mined, a certain amount of BTC (called the
subsidy) is created out of thin air and given to the miner. The
subsidy halves every four years and will reach 0 in about 130 years.
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
|
muad_dib (OP)
Member
Offline
Activity: 140
Merit: 10
|
|
June 20, 2011, 11:42:14 AM |
|
So your cherry picking of data points is objective, but pointing out the obvious fact that you're cherry picking is subjective?
Also, I have never said anywhere that Linux is more secure than *BSD.
I'm not sure what we are discussing about. Quoting a reliability chart is cherry picking? Quoting a vulnerability chart is cherry picking? Maybe my sources were biased? Are you suggesting that there is no significant statistical difference between Linux/FreeBSD reliability/security? My opinion is that this is just free polemic. Maybe I'm wrong. |
|
|
|
|
Grinder
Legendary
Offline
Activity: 1284
Merit: 1001
|
|
June 20, 2011, 12:16:29 PM |
|
Maybe my sources were biased?
Except for the sales piece made by a FreeBSD fan they probably weren't, but the way you use them is. |
|
|
|
|
muad_dib (OP)
Member
Offline
Activity: 140
Merit: 10
|
|
June 20, 2011, 12:42:02 PM |
|
Maybe my sources were biased?
Except for the sales piece made by a FreeBSD fan they probably weren't, but the way you use them is. Ok. Let's rephrase my previous sentence: Given that a Serious security flaw is a flaw that permits privilege escalation, or leakage of database. Given that parameter Psi = [ ( # of serious security flaws - 1 ) / ( # of running systems )^2 ] remapped in [0, 1] Do you agree that, with a confidence level of 0.99, the correlation between the parameter Psi and Linux is stronger than with FreeBSD? |
|
|
|
|
Sukrim
Legendary
Offline
Activity: 2618
Merit: 1006
|
|
June 20, 2011, 01:29:25 PM |
|
Given that parameter Psi = [ ( # of serious security flaws - 1 ) / ( # of running systems )^2 ] remapped in [0, 1]
Do you agree that, with a confidence level of 0.99, the correlation between the parameter Psi and Linux is stronger than with FreeBSD?
As "serious" is not defined and subjective and the number of running systems is not known/hard to estimate (Linux gets used in embedded environments too, where it will never show up in "server statistics") I can only say with 0.99 confidence level, that you are far off topic by now.  |
|
|
|
muad_dib (OP)
Member
Offline
Activity: 140
Merit: 10
|
|
June 20, 2011, 01:52:42 PM |
|
As "serious" is not defined and subjective
check better 
and the number of running systems is not known/hard to estimate (Linux gets used in embedded environments too, where it will never show up in "server statistics")
Also BSD is implemented in EE. Anyhow since we're speaking of webservers, we have good estimators for this quantity. I can only say with 0.99 confidence level, that you are far off topic by now. Lol (L) |
|
|
|
|
|
Rob P.
|
|
June 20, 2011, 02:04:16 PM |
|
P.s.: If, as I suspect, that there has been an injection and possibly a root escalation on mt. gox, expect to see this problem happening soon.
To be safe, Mt. gox need a complete rewrite of their code, plus the use of a stronger infrastructure. But they wont do this, because it would cost them Millions to keep the server offline for 1 month.
Rewrite of their code? They weren't hacked with a SQL Injection. Someone who had access from their laptop had their laptop compromised. They need better security measures, but they aren't from the site standpoint. |
--
If you like what I've written here, consider tipping the messenger:
1GZu4CtHa6ai8iWoWiVFxV5VVoNte4SkoG
If you don't like what I've written, send me a Tip and I'll stop talking.
|
|
|
|
FooDSt4mP
|
|
June 20, 2011, 02:05:07 PM |
|
I'm with you maud_dib... All my opinions are totally objective too  Also, in my objective opinion more discovered vulnerabilities != less secure. More eyes find more bugs. I know you're talking freebsd, but look at openbsd. It had a backdoor for years exactly because less people audit the code. |
As we slide down the banister of life, this is just another splinter in our ass.
|
|
|
kokjo
Legendary
Offline
Activity: 1050
Merit: 1000
You are WRONG!
|
|
June 20, 2011, 02:24:42 PM |
|
freebsd is also less used  so there might be more bugs and exploits to discover. i acatualy like that there has been more holes in linux, because it means that they are fixed. |
"The whole problem with the world is that fools and fanatics are always so certain of themselves and wiser people so full of doubts." -Bertrand Russell
|
|
|
ShadowOfHarbringer
Legendary
Offline
Activity: 1470
Merit: 1005
Bringing Legendary Har® to you since 1952
|
|
June 20, 2011, 02:53:07 PM |
|
freebsd is also less used so there might be more bugs and exploits to discover. i acatualy like that there has been more holes in linux, because it means that they are fixed. +1 Everything that i wanted to say was already said here. muad_dib, you have no idea what you are talking about. There isn't any 100% proof that BSD is either more secure or more reliable than Linux. |
|
|
|
muad_dib (OP)
Member
Offline
Activity: 140
Merit: 10
|
|
June 20, 2011, 02:55:20 PM |
|
Rewrite of their code? They weren't hacked with a SQL Injection. Someone who had access from their laptop had their laptop compromised. They need better security measures, but they aren't from the site standpoint.
that's what they say. Anyhow also taking this as true, I think it has been evident that bitcoin greatly outgrown the original expectations, and thus we need stronger security policy. One example: Do you think that by compromising any of the laptop of any or all of the admins of the Visa Network, could you access any valuable information? |
|
|
|
|
muad_dib (OP)
Member
Offline
Activity: 140
Merit: 10
|
|
June 20, 2011, 02:57:00 PM |
|
freebsd is also less used so there might be more bugs and exploits to discover. i acatualy like that there has been more holes in linux, because it means that they are fixed. so windows has top-notch security? |
|
|
|
|
JJG
Member
Offline
Activity: 70
Merit: 20
|
|
June 20, 2011, 03:25:44 PM |
|
If you own an exchange and would like to be safer, for a small fee (in the 5 figures)...
for a small fee, and the promise of not being persecuted...
The problem with this community is it's full of people trying to make money. And the problem with most 'security experts' is that they think they walk on water. Even worse when they're in it for the money (5 figures of it, a 'small fee' for his great services). This guy has every incentive to showboat and attempt to show that he's a security expert, and nothing to lose. muad_dib, would you care to give us some background or show some of your previous work? |
|
|
|
|
kokjo
Legendary
Offline
Activity: 1050
Merit: 1000
You are WRONG!
|
|
June 20, 2011, 03:31:04 PM |
|
freebsd is also less used so there might be more bugs and exploits to discover. i acatualy like that there has been more holes in linux, because it means that they are fixed. so windows has top-notch security? LOL No. they are afraid if they open source the code, they will have 100 exploits/day. Windows is not opensource. you can compare linux and *bsd, and you can compare windows and mac. but not linux with windows. windows also uses a lot of security though obscurity, which means it sucks. (sorry all you windows fanbois, its not to start a flamewar) |
"The whole problem with the world is that fools and fanatics are always so certain of themselves and wiser people so full of doubts." -Bertrand Russell
|
|
|
Capitan
Member
Offline
Activity: 112
Merit: 10
|
|
June 20, 2011, 03:45:26 PM |
|
@muad_dib At first you post seemed wise, but 1) Use the right software. IIS is a big no-no Also Linux should frowned upon. Unix is the way to go. I stopped reading right here. I don't know who you are, but you know nothing about security. I will not start a flamewar here, I just want to make you a quick question: Here's a list of the most reliable hosting solutions. The first 3 spots, are linux or unix? That list proves nothing about the security of any OS over any other OS. There is no mention of how big of a factor the OS/platform's security plays into the ranking. From what I read on that page, a lot of other things can play into the ranking, including the level of managed service (e.g., the competence and response time of the sysadmins of those hosting services), the network quality, speed of their servers, etc. So that link proves nothing about Linus being better than windows, or Unix being more secure than Linux. |
|
|
|
|
muad_dib (OP)
Member
Offline
Activity: 140
Merit: 10
|
|
June 20, 2011, 03:55:01 PM |
|
Even worse when they're in it for the money (5 figures of it, a 'small fee' for his great services). This guy has every incentive to showboat and attempt to show that he's a security expert, and nothing to lose. muad_dib, would you care to give us some background or show some of your previous work?
Really I'm in for the money? I could make much more by moving the bitcoins in the accounts I spoofed. |
|
|
|
|
muad_dib (OP)
Member
Offline
Activity: 140
Merit: 10
|
|
June 20, 2011, 04:01:42 PM |
|
LOL
No. they are afraid if they open source the code, they will have 100 exploits/day.
Windows is not opensource.
you can compare linux and *bsd, and you can compare windows and mac. but not linux with windows.
windows also uses a lot of security though obscurity, which means it sucks.
(sorry all you windows fanbois, its not to start a flamewar)
so you can compare open source code and say that more bugs are better, while you cant compare open source and closed source? I'm not sure I follow you. |
|
|
|
|
JJG
Member
Offline
Activity: 70
Merit: 20
|
|
June 20, 2011, 04:03:35 PM |
|
Even worse when they're in it for the money (5 figures of it, a 'small fee' for his great services). This guy has every incentive to showboat and attempt to show that he's a security expert, and nothing to lose. muad_dib, would you care to give us some background or show some of your previous work?
Really I'm in for the money? I could make much more by moving the bitcoins in the accounts I spoofed. Bravo! Now that you're not in it for the money, I assume you'll be helping Bit_Happy patch whatever security vulnerability you found that exposed his apache config for free? That's very noble of you. Thanks! |
|
|
|
|
muad_dib (OP)
Member
Offline
Activity: 140
Merit: 10
|
|
June 20, 2011, 04:06:05 PM |
|
Bravo! Now that you're not in it for the money, I assume you'll be helping Bit_Happy patch whatever security vulnerability you found that exposed his apache config for free?
That's very noble of you. Thanks!
1) Maybe I dont want to help other exchange for free? 2) Maybe I like the bitcoin project, so maybe I would like to see as little bitcoin frauds as possible? Tell me. If you were able to steal all the bitocoin from mtgox, what would you do? (I'm not saying I can) |
|
|
|
|
finack
Member
Offline
Activity: 126
Merit: 10
|
|
June 20, 2011, 04:06:48 PM |
|
You don't sound like an expert to me. How about "About Mt. Gox flaw from a guy who's picked up some stuff about security browsing the net"
Don't get me wrong, we're all very impressed you can lift cookies over wifi.
|
|
|
|
|
|
