About Mt. Gox flaw from a security expert

[muad_dib]

I think this point stands mousey!

It looks like you have a lot of spare time

Maybe you should find yourself a job, this would also reduce the hate in your posts.

Maybe you're enough qualified for this job. I don't know. Anyhow I'm sure they will be more than happy to receive your application.

[1714953921]

1714953921

[cunicula]

Ok. Let's rephrase my previous sentence:

Given that a Serious security flaw is a flaw that permits privilege escalation, or leakage of database.

Given that parameter Psi  = [ ( # of serious security flaws - 1 ) / ( #  of running systems )^2 ] remapped in [0, 1]

Do you agree that, with a confidence level of 0.99,  the correlation between the parameter Psi and Linux is stronger than with FreeBSD?

Were You asking  me?

http://en.wikipedia.org/wiki/Statistical_hypothesis_testing

http://en.wikipedia.org/wiki/Statistic

http://en.wikipedia.org/wiki/Confidence_level

http://en.wikipedia.org/wiki/Statistically_significant

Sorry i don't understand how this to relates to these websites. Could you explain what your hypothesis is and how you would go about testing it in words? Is this Psi you mention a random variable? I thought you said it was a parameter? But then it is a constant, no? I'm really confused. Please, OP help me out? This statistics stuff is confusing.

[jgraham]

What happened to talking about facts?  That's just conjecture.

I got bored of you flamers.

What there was less than 10 min between your assertion that you were talking about facts.  I guess that's what you say when you can't defend your position?  That and assertions that people can't read the language you obviously have only marginal competence writing in?

You discuss like you're an expert about selinux, still you missed that it isn't just for linux.

Depends on what you mean.  As is becoming your habit you just make vague statements rather than facts.  Actually make an argument for a change and we'll talk...but of course that would open you up to being wrong.   Which is a good reason why you won't. ;-)

[jgraham]

It looks like you have a lot of spare time
Maybe you should find yourself a job, this would also reduce the hate in your posts.

Ooooh snap!  Yawn.  Where's that argument you were trying to make? Oh let me guess it's all the readers fault...and you're being *sniff* insulted and you're bored...anything else?  Sheeesh I rarely see someone spend as much time saying nothing as you have in this thread.

[muad_dib]

Sorry i don't understand how this to relates to these websites. Could you explain what your hypothesis is and how you would go about testing it in words?

Sure. We take a statistic (Psi) which in our hypothesis is strongly connected to security. Then we take a probability space given by (Critical flaws, Running servers).

Of this space we take a sample (2005-2011 for example), and on this sample we make a measure using the statistic.

We build then an hypotesis test:

H1: Psi(linux) = Psi(BSD)

H2: Psi(linux) > Psi(BSD)


Picking a high confidence level (0.99), we can say that H1 is false.

Is this Psi you mention a random variable? I thought you said it was a parameter? But then it is a constant, no? I'm really confused. Please, OP help me out? This statistics stuff is confusing.

No it is a statistic, or a function over a sample.

[

[marcus_of_augustus]

Got a makefile for your *BSD bitcoind build you'd like to share?

Would help the community with more/different OS builds out there.

I don't think we need to run bitcoind on BSD. You can or you can't, depends on your choice.


The web frontend needs to run on bsd, FOR SURE.

So, have you actually built bitcoind on any linux OS (particularly RH or BSD) ... besides downloaded the pre-chewed windows binaries or ubuntu packages?

Seems you are making lots of sweeping statements without actually getting your hands dirty here.

[BBanzai]

Something about a "stoneburner" as I recall, you wouldn't be in Japan by chance?

[muad_dib]

Depends on what you mean.

LOLOLOLOL

Third line on wikipedia:

It is not a Linux distribution, but rather a set of modifications that can be applied to Unix-like operating system kernels, such as Linux and that of BSD.

Obviously when you people bought the paper that allows to call yourself an engineer, they forgot to tell you that if you want to be a good professional you need to be able to read, not only have money to make stupid tests.

LOLOLOL

[jgraham]

Sure. We take a statistic (Psi) which in our hypothesis is strongly connected to security. Then we take a probability space given by (Critical flaws, Running servers).

So what are you doing now?

You have assumed that some variable is strongly connected to some vaguely defined concept.  Then without defining the mapping between that and your sample set (just because A correlates with B doesn't mean it's 1:1).  Then you look like you are just assuming that the R is .99?

Ever hear of showing your work?

[muad_dib]

So, have you actually built bitcoind on any linux OS (particularly RH or BSD) ... besides downloaded the pre-chewed windows binaries or ubuntu packages?

Seems you are making lots of sweeping statements without actually getting your hands dirty here.

I ported android to the vending machines. And if you have a barely knowledge of how android is structured, you would know how complex is this task. Obviusly I was not alone.


Anyhow, did this change anything? Are we speaking about facts or people?

[muad_dib]

So what are you doing now?

You have assumed that some variable is strongly connected to some vaguely defined concept.  Then without defining the mapping between that and your sample set (just because A correlates with B doesn't mean it's 1:1).  Then you look like you are just assuming that the R is .99?

Ever hear of showing your work?

you simply lack any basic knowledge of statistics. Sorry.

Start here:

http://www.amazon.com/Statistics-Dummies-Math-Science/dp/0470911085/ref=sr_1_1?ie=UTF8&qid=1308643898&sr=8-1


p.s.: the indicator is not mine. It is taken from another source.

http://www.amazon.com/Statistical-Process-Control-Industry-Implementation/dp/0792355709/ref=sr_1_2?ie=UTF8&qid=1308644011&sr=8-2

[jgraham]

Depends on what you mean.

LOLOLOLOL

Guess I'm getting under your skin.  That's pretty forced laughter there.  Sure, what does that have to do with anything that we've been talking about with regard to SELinux?

Obviously when you people bought the paper that allows to call yourself an engineer, they forgot to tell you that if you want to be a good professional you need to be able to read, not only have money to make stupid tests.

Well considering your writing is pretty horrible it's not surprising that your meaning wasn't conveyed.  As Randal would say...

[muad_dib]

No, actually you are probably lying.  In fact you seem to be making up how you're getting an R of .99.  

Again, I'm asking you to show your work...but instead you seem to be dodging the point.

LOL YOU choose the confidence level. The higher it is, the more meaningful your conclusion are.

LOLOLOL.

Guess I'm getting under your skin.  That's pretty forced laughter there.  Sure, what does that have to do with anything that we've been talking about with regard to SELinux?

If the paper you bought says you're an engineer, and you say SElinux is just for linux, I'm not going to argue. You the boss, boss.




You're now in ignore, let's see how many other people I have to ignore to stop this flamewar.

[jgraham]

you simply lack any basic knowledge of statistics. Sorry.

No, actually you are probably lying.  In fact you seem to be making up how you're getting an R of .99.  

Again, I'm asking you to show your work...but instead you seem to be dodging the point.

[jgraham]

If the paper you bought says you're an engineer, and you say SElinux is just for linux, I'm not going to argue. You the boss, boss.

Where did anyone (other than this loser) say anything like that?

You're now in ignore, let's see how many other people I have to ignore to stop this flamewar.

Uh, at any point in time you could have provided a rational defense of your position instead of....flaming people.
Seems a little like you didn't *want* to talk about the issues when it came down to brass tacks.

[BBanzai]

Unfortunately this topic has turned into a dick-measuring contest.

Yeah, the waters cold aint it?

Deep too.

[muad_dib]

Disclaimer: I am not a programmer.  But I know how to find out about industry standards:  "the marketing director of Compaq's OpenVMS Systems Group states that there are over 400,000 systems running OpenVMS, supporting over 10 million users. Sample VMS customer sites include: numerous stock exchanges, Bank Austria, Government Securities Clearing Corporation (GSCC), International Securities Exchange, Hydro Quebec, and Northern Light. Intel's fabrication plants rely on the use of VMS in the fabrication of their Pentium 4 and Merced class chips"  
  I have, however, attempted beating up a VAX.  I won, barely, but this was 20 years ago.  They have been improving it since then.

I never had the chance to play with Itanium.


Anyhow I'm not sure that there's a real need for Itanium. It's so overpriced that many times it is out of the market.

Take this as an example: Do you really think that a closed source OS, deployed just on 400.000 machines, is going to be safer or more reliable that an open source OS on x86, at same level of cost?

[jgraham]

No, actually you are probably lying.  In fact you seem to be making up how you're getting an R of .99.  

Again, I'm asking you to show your work...but instead you seem to be dodging the point.

LOL YOU choose the confidence level. The higher it is, the more meaningful your conclusion are.

Oh so *that's* what you're blathering about.  That's not exactly the case.  For example if your sample size is fixed (like it is here).  Choosing the CL alters your CI.  If you make your CL 'better' the CI becomes wider.   Now if, for example you haven't done your experiment yet and you are fixing your CI and your CL.  Your sample size changes.  It's a rookie mistake the kind I'd expect a non-math person to do.  "Meaningful" is also a kind of ambiguous word it's something a frequentist would say.

So again, so what dataset are you using here?

[cunicula]

Sure. We take a statistic (Psi) which in our hypothesis is strongly connected to security. Then we take a probability space given by (Critical flaws, Running servers).

Of this space we take a sample (2005-2011 for example), and on this sample we make a measure using the statistic.

We build then an hypotesis test:

H1: Psi(linux) = Psi(BSD)

H2: Psi(linux) > Psi(BSD)


Picking a high confidence level (0.99), we can say that H1 is false.

Quote
Is this Psi you mention a random variable? I thought you said it was a parameter? But then it is a constant, no? I'm really confused. Please, OP help me out? This statistics stuff is confusing.


No it is a statistic, or a function over a sample.

Okay much improved (B+), but here are some things to remember before you take your exam.

1) The statistic Psi-hat(linux) is a random variable that is an unbiased estimate of the constant parameter Psi(linux).
2) You are using random variables (sample statistics) to test a hypotheses about the constant parameters Psi(linux) and Psi (BSD)
    [Not testing a hypothesis about these random variables]
3) The parameter Psi(linux) is a constant, and is therefore not correlated with anything.
4) If your TA is an ass, they will dock you points for not using the conventional labels H0 and H1

Much More Important Lesson: Don't mix in random jargon about topics you don't fully understand to impress other people. Focus on your core competencies and people will take you more seriously.

[kokjo]

yes thats many lines. but not in the core code, that excludes all the drivers(90%),

drivers dont account for that much. They are roughly 55%

http://cityblogger.com/archives/2008/06/16/linux-kernel-stats

and all the archs(5-8%)(except x86 and arm).

I'm sure you know that source code doesn't depends on archs, as archs are handled by compilers.

But I'm sure you know that.

the FreeBSD source only did confuse me.

I think your confusion might not arise from BSD.

sorry for the bad estimate... it is still only 5% of the code that is relevant.
and the archs is not only handlet by the compiler, proof: http://lxr.linux.no/linux+v2.6.39/arch/
every platform needs to be written, it includes all the lowlevel functions for that arch: MMU, task sẃitching, detection of hardware, whole the startup stuff ...