 |
Recent
Articles |
Fighting Analysis Paralysis With Open Source?
I stumbled across this analysis of the Linux Kernel which brought back "fond" memories of my market opportunity forecasting days. In the analysis, the author, kripken, estimates that "at most, 60% of the Linux Kernel...
Novell Could Loose Access To New Linux Versions
Make a deal with a big closed source company and
the FSF (Free Software Foundation) may pull your
access rights to Linux Distro's. At least that is
what Novell is facing this week.
The Geek.com reports:
The Free Software Foundation may ban Novell from selling new
Invalidating The Linux Buffer Cache
When you write data, it doesn't necessarily get written to disk right then. The kernel maintains caches of many things, and disk data is something where a lot of work is done to keep everything fast and efficient.
Invalidating The Linux Buffer Cache
When you write data, it doesn't necessarily get written to disk right then. The kernel maintains caches of many things, and disk data is something where a lot of...
|
|
|
03.14.07
Enderle On Linux
 By Dan Morrill
Linux does not exist except as a concept, we can all move on now.
No I am not bashing Rob, but I did find his paper "The Five Things you Aren't Allowed to Discuss about Linux" to be interesting from the technological view point. Since I use both Windows and Linux boxes on a regular basis, I am fairly familiar with the physical existence of both, and that each Operating System has its own fundamental peculiarities in how they are setup and how they are secured.
I already said there is no "Linux," so how can I now treat it like a thing? The easy path here would be to present the different security models for the different distributions but, for this purpose, I'm going to leave Linux in abstract and talk about the unique security problem it represents. I'm not saying Windows is more secure either; I'm saying the products are so different from each other that comparisons may not actually make much sense, which is why there are reports supporting both sides of this. So, let's start by saying nothing is secure enough if people are involved. Source Rob Enderle
He is right, nothing is safe as long as a person is involved, and since people are involved in just about everything, then just about nothing is secure. What I think is most interesting about his view point into the security of Linux is:
Linux exists in an environment where there is broad collaboration, but no effort to validate the collaborators so the opportunity for traditional, old style, data breach is immeasurable.
We know that pretexting is wide-spread, how much easier (and harder to catch and convict) if the person doing the pretexting doesn't even have to come up with a real fake identity?
If you are using Linux and haven't done a physical security audit in a while and specifically looked at who is collaborating with whom, I would say it is likely well past time. Source Rob Enderle
He's right, and here's why.
When we hire someone for a company, it is pretty standard
to run a state level criminal background check (there are
a couple of companies I know that don't do this, but most
do). Some companies even run a federal level back ground check.
Want to write code for government, expect to get a clearance.
Want to write code for the NSA, you are going to get a polygraph
and a background check.
Unless you have a state mandate, view people are going to
do a background check on a volunteer. Rob has a point, and
it's a pretty good one.
Continue reading this arti
About the Author:
Dan Morrill has been in the information security field for 18 years, both
civilian and military, and is currently working on his Doctor of Management.
Dan shares his insights on the important security issues of today through
his blog, Managing
Intellectual Property & IT Security, and is an active participant in the
ITtoolbox blogging community.
|
