OpenBSD/sgi

[hamei]

As much as I hate to say it, I think that'd work out well on an Origin 300 for a webserver. IRIX is kind of dated, security-wise, and I don't want to put a huge break-in target on the public Internet.

Since there's no graphics on an Origin, it's not like you're losing so much. I wonder if most exploits are operating system or application weaknesses, tho ? If it's applications then heck, we're already using the latest and greatest.

[nekonoko]

So just out of interest, how is nekochan.net kept 'secure'?

The same way you keep any system secure - make sure all public facing services are patched and up to date.

[iKitsune]

I'm just afraid of a breakin. I'm sure IRIX would be fine, but meh.

[SAQ]

I'm just afraid of a breakin. I'm sure IRIX would be fine, but meh.

Then keep your eyes on the advisories and swap in rebuilt binaries from your favorite FOSS system (Solaris would probably be closest, followed by GNU/Linux and then xBSD) when a compromise comes up.

The important ones will be the services you use (SSH/SSL, HTTP, FTP), and those are the most likely to be third-party anyway.

[nekonoko]

The important ones will be the services you use (SSH/SSL, HTTP, FTP), and those are the most likely to be third-party anyway.

Yep, exactly right. I roll my own builds of all those (excepting a commercial, third-party FTP server), plugging them in usually within hours of release. I'm even running openssl-1.0.0-beta2 for grins I also offer all of the Nekochan builds for download if anyone desires to use them elsewhere.

Another part of the equation is the software you run on the stack (things like phpBB, Gallery, SquirrelMail, etc.). Those need to be kept up to date as well on any platform you ultimately choose.

Security is an ongoing process on any platform. The only truly secure system is one not connected to the public internet.

(And yes, hamei - I know php-5.3.0 was just released today. xcache doesn't support 5.3 just yet so I'm going to wait a little)

[hamei]

(And yes, hamei - I know php-5.3.0 was just released today. xcache doesn't support 5.3 just yet so I'm going to wait a little)

Hey, the only way I know about these releases is when I see them here. When Nekochan gets a new subsystem, that means that 2 1/2 hours ago a new version came out

[jan-jaap]

The only truly secure system is one not connected to the public internet.

Don't forgot to put it in a closed room with an armed guard in the front

[hamei]

The only truly secure system is one not connected to the public internet.

Don't forgot to put it in a closed room with an armed guard in the front

And NO USB !!!

[dc_v01]

And NO USB !!!

Guess SGI has got that one covered....

Why has everyone been complaining about the security features of IRIX?

[R-ten-K]

And NO USB !!!

Guess SGI has got that one covered....

Why has everyone been complaining about the security features of IRIX?

Irix at some point had a reputation for not being that secure, I think it had to do with the fact that a ton of stuff was open in the default install, whether that reputation still stands today is a bit moot since the system is pretty much EOL for all intents and purposes and the damage in "mindshare" was already done.

Also early releases of Irix were awful, and that also affected the perception of the OS. A shame since it ended up being a nice Unix variant.

[SAQ]

And NO USB !!!

Guess SGI has got that one covered....

Why has everyone been complaining about the security features of IRIX?

Irix at some point had a reputation for not being that secure, I think it had to do with the fact that a ton of stuff was open in the default install, whether that reputation still stands today is a bit moot since the system is pretty much EOL for all intents and purposes and the damage in "mindshare" was already done.

Also early releases of Irix were awful, and that also affected the perception of the OS. A shame since it ended up being a nice Unix variant.

Compared to contemporary UNIXes I don't think the 4D1-3.x or 4.0.5 releases were very bad. SunOS 4 might have been a bit better, but 3.x wasn't too bad. Early IRIX 5 releases were, though. I recall one bug (I think it was in Objectserver) that was particularly pernicious and compromised security.

SGI was building systems for people who wanted to throw them on LANs and not worry about them, so they were pretty much wide open. Unfortunately this translated into them keeping things open for a long time after they branched into HPC/servers so they didn't get too many disgruntled "I want to plug it in and have it work instead of having to worry about all this password junk" types.

[R-ten-K]

True.

However, the perception did a lot of damage. I remember some sysadmins being completely hostile to the idea of having Irix machines into the network of the school I was at the time. Probably due more to FUD than reality, but I assume such a negative view must have hurt sales of SGI systems, esp. when the internet was taking off.

Anyhow, all major operating systems seem to have had growing pains at some point in their development. Early releases of Irix 5 were utter sh*t, and same goes for the first releases of Solaris.

[dukzcry]

Only moron, crazy-minded or envious will be intreresting in hacking not a production box from outside.
Or did someone put his eye on nekochan already?
If you'll stop and pull out all useless services like time and e.t.c., and keep only really using (like ftpd, sshd, httpd, e.t.c.) and better to use stable versions with security patches applied services, well then you may say that the box is not just critical hole from outside view.
Of course if you get ssh accounts to anyone from your friends, wait presents But in this war case almost all UNIXes are under disgrace if there are just installed out from a box.

[zahal]

The only truly secure system is one not connected to the public internet.

Don't forgot to put it in a closed room with an armed guard in the front

And NO USB !!!

And don't forget the Faraday cage.

[SAQ]

And don't forget the Faraday cage.

Just turn it off, pull the cables, and weld some steel plate over the back just in case.

I remember when my college moved from SunOS 4.1.4 to Solaris 2.can't_remember. I think it was 2.6 (1997-1998 year). First halfway decent Solaris 2 release, and I hated it.

Solaris has gotten better, and I've gotten more used to it, but 5 years after first release to get a decent product is pretty bad.