Nekochan Net

Since there's no graphics on an Origin, it's not like you're losing so much. I wonder if most exploits are operating system or application weaknesses, tho ? If it's applications then heck, we're already using the latest and greatest.

The same way you keep any system secure - make sure all public facing services are patched and up to date.

_________________
Twitter: @neko_no_ko
IRIX Release 4.0.5 IP12 Version 06151813 System V
Copyright 1987-1992 Silicon Graphics, Inc.
All Rights Reserved.

I'm just afraid of a breakin. I'm sure IRIX would be fine, but meh.

_________________


"Remember, if they can't find you handsome, they should at least find you handy."

Then keep your eyes on the advisories and swap in rebuilt binaries from your favorite FOSS system (Solaris would probably be closest, followed by GNU/Linux and then xBSD) when a compromise comes up.

The important ones will be the services you use (SSH/SSL, HTTP, FTP), and those are the most likely to be third-party anyway.

_________________
Damn the torpedoes, full speed ahead!

There are those who say I'm a bit of a curmudgeon. To them I reply: "GET OFF MY LAWN!"

(single-CM)

Yep, exactly right. I roll my own builds of all those (excepting a commercial, third-party FTP server), plugging them in usually within hours of release. I'm even running openssl-1.0.0-beta2 for grins I also offer all of the Nekochan builds for download if anyone desires to use them elsewhere.

Another part of the equation is the software you run on the stack (things like phpBB, Gallery, SquirrelMail, etc.). Those need to be kept up to date as well on any platform you ultimately choose.

Security is an ongoing process on any platform. The only truly secure system is one not connected to the public internet.

(And yes, hamei - I know php-5.3.0 was just released today. xcache doesn't support 5.3 just yet so I'm going to wait a little)

_________________
Twitter: @neko_no_ko
IRIX Release 4.0.5 IP12 Version 06151813 System V
Copyright 1987-1992 Silicon Graphics, Inc.
All Rights Reserved.

Hey, the only way I know about these releases is when I see them here. When Nekochan gets a new subsystem, that means that 2 1/2 hours ago a new version came out

Don't forgot to put it in a closed room with an armed guard in the front

_________________
Now this is a deep dark secret, so everybody keep it quiet
It turns out that when reset, the WD33C93 defaults to a SCSI ID of 0, and it was simpler to leave it that way... -- Dave Olson, in comp.sys.sgi
Currently in commercial service: (2x)
In the museum: almost every MIPS/IRIX system.
Wanted: GM1 board for Professional Series GT graphics (030-0076-003, 030-0076-004)

And NO USB !!!

Guess SGI has got that one covered....

Why has everyone been complaining about the security features of IRIX?

Irix at some point had a reputation for not being that secure, I think it had to do with the fact that a ton of stuff was open in the default install, whether that reputation still stands today is a bit moot since the system is pretty much EOL for all intents and purposes and the damage in "mindshare" was already done.

Also early releases of Irix were awful, and that also affected the perception of the OS. A shame since it ended up being a nice Unix variant.

_________________
"Was it a dream where you see yourself standing in sort of sun-god robes on a
pyramid with thousand naked women screaming and throwing little pickles at you?"

Compared to contemporary UNIXes I don't think the 4D1-3.x or 4.0.5 releases were very bad. SunOS 4 might have been a bit better, but 3.x wasn't too bad. Early IRIX 5 releases were, though. I recall one bug (I think it was in Objectserver) that was particularly pernicious and compromised security.

SGI was building systems for people who wanted to throw them on LANs and not worry about them, so they were pretty much wide open. Unfortunately this translated into them keeping things open for a long time after they branched into HPC/servers so they didn't get too many disgruntled "I want to plug it in and have it work instead of having to worry about all this password junk" types.

_________________
Damn the torpedoes, full speed ahead!

There are those who say I'm a bit of a curmudgeon. To them I reply: "GET OFF MY LAWN!"

(single-CM)

True.

However, the perception did a lot of damage. I remember some sysadmins being completely hostile to the idea of having Irix machines into the network of the school I was at the time. Probably due more to FUD than reality, but I assume such a negative view must have hurt sales of SGI systems, esp. when the internet was taking off.

Anyhow, all major operating systems seem to have had growing pains at some point in their development. Early releases of Irix 5 were utter sh*t, and same goes for the first releases of Solaris.

_________________
"Was it a dream where you see yourself standing in sort of sun-god robes on a
pyramid with thousand naked women screaming and throwing little pickles at you?"

Only moron, crazy-minded or envious will be intreresting in hacking not a production box from outside.
Or did someone put his eye on nekochan already?
If you'll stop and pull out all useless services like time and e.t.c., and keep only really using (like ftpd, sshd, httpd, e.t.c.) and better to use stable versions with security patches applied services, well then you may say that the box is not just critical hole from outside view.
Of course if you get ssh accounts to anyone from your friends, wait presents But in this war case almost all UNIXes are under disgrace if there are just installed out from a box.

_________________
(CHNPP node), custom build PC (duckstar host), one dead PowerBook G4 (nokacheflush host)

More info at my web page!

And don't forget the Faraday cage.

_________________
Sitting in a room.....thinkin' shit up.

400MHz R12k - Apple G4 Cube dual 500MHz/GF6200 - Newton Messagepad 2100 - Apple PowerBook 2400c/G3@240 - DECstation5000/133 - Apple Workgroup Server 9150/120 - Apple Macintosh IIfx - Apple Macintosh Color Classic (Mystic upgrade) - Sun Cobalt Cube 3 - Tadpole RDI UltraBook IIi - Digital HiNote Ultra II - HP 200LX

Just turn it off, pull the cables, and weld some steel plate over the back just in case.

I remember when my college moved from SunOS 4.1.4 to Solaris 2.can't_remember. I think it was 2.6 (1997-1998 year). First halfway decent Solaris 2 release, and I hated it.

Solaris has gotten better, and I've gotten more used to it, but 5 years after first release to get a decent product is pretty bad.

_________________
Damn the torpedoes, full speed ahead!

There are those who say I'm a bit of a curmudgeon. To them I reply: "GET OFF MY LAWN!"

(single-CM)