Nekochan Net

Official Chat Channel: #nekochan // irc.nekochan.net
It is currently Mon Nov 24, 2014 3:40 pm

All times are UTC - 8 hours [ DST ]


Forum rules


Any posts concerning pirated software or offering to buy/sell/trade commercial software are subject to removal.



Post new topic Reply to topic  [ 60 posts ]  Go to page Previous  1, 2, 3, 4  Next
Author Message
 Post subject: Re: OpenBSD/sgi
Unread postPosted: Tue Jun 30, 2009 10:08 am 
Offline

Joined: Tue Feb 24, 2004 5:10 pm
Posts: 9778
iKitsune wrote:
As much as I hate to say it, I think that'd work out well on an Origin 300 for a webserver. IRIX is kind of dated, security-wise, and I don't want to put a huge break-in target on the public Internet.

Since there's no graphics on an Origin, it's not like you're losing so much. I wonder if most exploits are operating system or application weaknesses, tho ? If it's applications then heck, we're already using the latest and greatest.


Top
 Profile  
 
 Post subject: Re: OpenBSD/sgi
Unread postPosted: Tue Jun 30, 2009 10:09 am 
Offline
Site Admin
Site Admin
User avatar

Joined: Thu Jan 23, 2003 2:31 am
Posts: 7991
Location: Pleasanton, California
indyman007 wrote:
So just out of interest, how is nekochan.net kept 'secure'?


The same way you keep any system secure - make sure all public facing services are patched and up to date.

_________________
Twitter: @neko_no_ko
IRIX Release 4.0.5 IP12 Version 06151813 System V
Copyright 1987-1992 Silicon Graphics, Inc.
All Rights Reserved.


Top
 Profile  
 
 Post subject: Re: OpenBSD/sgi
Unread postPosted: Tue Jun 30, 2009 1:52 pm 
Offline
User avatar

Joined: Thu May 14, 2009 10:31 am
Posts: 504
Location: Huntsville, Alabama, USA
I'm just afraid of a breakin. I'm sure IRIX would be fine, but meh.

_________________
:O3000: :1600SW: :Indigo2IMP: :0300:

"Remember, if they can't find you handsome, they should at least find you handy."


Top
 Profile  
 
 Post subject: Re: OpenBSD/sgi
Unread postPosted: Tue Jun 30, 2009 4:29 pm 
Offline

Joined: Wed Jul 19, 2006 8:37 am
Posts: 5758
Location: Renton, WA
iKitsune wrote:
I'm just afraid of a breakin. I'm sure IRIX would be fine, but meh.


Then keep your eyes on the advisories and swap in rebuilt binaries from your favorite FOSS system (Solaris would probably be closest, followed by GNU/Linux and then xBSD) when a compromise comes up.

The important ones will be the services you use (SSH/SSL, HTTP, FTP), and those are the most likely to be third-party anyway.

_________________
Damn the torpedoes, full speed ahead!

There are those who say I'm a bit of a curmudgeon. To them I reply: "GET OFF MY LAWN!"

:Indigo: :Octane: :Indigo2: :Indigo2IMP: :Indy: :PI: :O3x0: :ChallengeL: :O2000R: (single-CM)


Top
 Profile  
 
 Post subject: Re: OpenBSD/sgi
Unread postPosted: Tue Jun 30, 2009 4:37 pm 
Offline
Site Admin
Site Admin
User avatar

Joined: Thu Jan 23, 2003 2:31 am
Posts: 7991
Location: Pleasanton, California
SAQ wrote:
The important ones will be the services you use (SSH/SSL, HTTP, FTP), and those are the most likely to be third-party anyway.


Yep, exactly right. I roll my own builds of all those (excepting a commercial, third-party FTP server), plugging them in usually within hours of release. I'm even running openssl-1.0.0-beta2 for grins :) I also offer all of the Nekochan builds for download if anyone desires to use them elsewhere.

Another part of the equation is the software you run on the stack (things like phpBB, Gallery, SquirrelMail, etc.). Those need to be kept up to date as well on any platform you ultimately choose.

Security is an ongoing process on any platform. The only truly secure system is one not connected to the public internet.

(And yes, hamei - I know php-5.3.0 was just released today. xcache doesn't support 5.3 just yet so I'm going to wait a little) ;)

_________________
Twitter: @neko_no_ko
IRIX Release 4.0.5 IP12 Version 06151813 System V
Copyright 1987-1992 Silicon Graphics, Inc.
All Rights Reserved.


Top
 Profile  
 
 Post subject: Re: OpenBSD/sgi
Unread postPosted: Tue Jun 30, 2009 7:33 pm 
Offline

Joined: Tue Feb 24, 2004 5:10 pm
Posts: 9778
nekonoko wrote:
(And yes, hamei - I know php-5.3.0 was just released today. xcache doesn't support 5.3 just yet so I'm going to wait a little) ;)

Hey, the only way I know about these releases is when I see them here. When Nekochan gets a new subsystem, that means that 2 1/2 hours ago a new version came out :D


Top
 Profile  
 
 Post subject: Re: OpenBSD/sgi
Unread postPosted: Wed Jul 01, 2009 1:45 am 
Offline
User avatar

Joined: Thu Jun 17, 2004 11:35 am
Posts: 3948
Location: Wijchen, The Netherlands
nekonoko wrote:
The only truly secure system is one not connected to the public internet.

Don't forgot to put it in a closed room with an armed guard in the front ;)

_________________
Now this is a deep dark secret, so everybody keep it quiet :)
It turns out that when reset, the WD33C93 defaults to a SCSI ID of 0, and it was simpler to leave it that way... -- Dave Olson, in comp.sys.sgi

Currently in commercial service: Image :Onyx2:(2x) :O3x02L:
In the museum: almost every MIPS/IRIX system.
Wanted: GM1 board for Professional Series GT graphics (030-0076-003, 030-0076-004)


Top
 Profile  
 
 Post subject: Re: OpenBSD/sgi
Unread postPosted: Wed Jul 01, 2009 2:43 am 
Offline

Joined: Tue Feb 24, 2004 5:10 pm
Posts: 9778
jan-jaap wrote:
nekonoko wrote:
The only truly secure system is one not connected to the public internet.

Don't forgot to put it in a closed room with an armed guard in the front ;)

And NO USB !!!


Top
 Profile  
 
 Post subject: Re: OpenBSD/sgi
Unread postPosted: Wed Jul 01, 2009 6:47 am 
Offline

Joined: Fri Jul 29, 2005 3:38 pm
Posts: 796
Location: Boston, MA
hamei wrote:
And NO USB !!!

Guess SGI has got that one covered....

Why has everyone been complaining about the security features of IRIX?


Top
 Profile  
 
 Post subject: Re: OpenBSD/sgi
Unread postPosted: Wed Jul 01, 2009 7:52 am 
Offline
User avatar

Joined: Mon Nov 15, 2004 11:36 pm
Posts: 1850
Location: Nor Cal
dc_v01 wrote:
hamei wrote:
And NO USB !!!

Guess SGI has got that one covered....

Why has everyone been complaining about the security features of IRIX?


Irix at some point had a reputation for not being that secure, I think it had to do with the fact that a ton of stuff was open in the default install, whether that reputation still stands today is a bit moot since the system is pretty much EOL for all intents and purposes and the damage in "mindshare" was already done.

Also early releases of Irix were awful, and that also affected the perception of the OS. A shame since it ended up being a nice Unix variant.

_________________
"Was it a dream where you see yourself standing in sort of sun-god robes on a
pyramid with thousand naked women screaming and throwing little pickles at you?"


Top
 Profile  
 
 Post subject: Re: OpenBSD/sgi
Unread postPosted: Wed Jul 01, 2009 9:40 am 
Offline

Joined: Wed Jul 19, 2006 8:37 am
Posts: 5758
Location: Renton, WA
R-ten-K wrote:
dc_v01 wrote:
hamei wrote:
And NO USB !!!

Guess SGI has got that one covered....

Why has everyone been complaining about the security features of IRIX?


Irix at some point had a reputation for not being that secure, I think it had to do with the fact that a ton of stuff was open in the default install, whether that reputation still stands today is a bit moot since the system is pretty much EOL for all intents and purposes and the damage in "mindshare" was already done.

Also early releases of Irix were awful, and that also affected the perception of the OS. A shame since it ended up being a nice Unix variant.


Compared to contemporary UNIXes I don't think the 4D1-3.x or 4.0.5 releases were very bad. SunOS 4 might have been a bit better, but 3.x wasn't too bad. Early IRIX 5 releases were, though. I recall one bug (I think it was in Objectserver) that was particularly pernicious and compromised security.

SGI was building systems for people who wanted to throw them on LANs and not worry about them, so they were pretty much wide open. Unfortunately this translated into them keeping things open for a long time after they branched into HPC/servers so they didn't get too many disgruntled "I want to plug it in and have it work instead of having to worry about all this password junk" types.

_________________
Damn the torpedoes, full speed ahead!

There are those who say I'm a bit of a curmudgeon. To them I reply: "GET OFF MY LAWN!"

:Indigo: :Octane: :Indigo2: :Indigo2IMP: :Indy: :PI: :O3x0: :ChallengeL: :O2000R: (single-CM)


Top
 Profile  
 
 Post subject: Re: OpenBSD/sgi
Unread postPosted: Wed Jul 01, 2009 2:07 pm 
Offline
User avatar

Joined: Mon Nov 15, 2004 11:36 pm
Posts: 1850
Location: Nor Cal
True.

However, the perception did a lot of damage. I remember some sysadmins being completely hostile to the idea of having Irix machines into the network of the school I was at the time. Probably due more to FUD than reality, but I assume such a negative view must have hurt sales of SGI systems, esp. when the internet was taking off.

Anyhow, all major operating systems seem to have had growing pains at some point in their development. Early releases of Irix 5 were utter sh*t, and same goes for the first releases of Solaris.

_________________
"Was it a dream where you see yourself standing in sort of sun-god robes on a
pyramid with thousand naked women screaming and throwing little pickles at you?"


Top
 Profile  
 
 Post subject: Re: OpenBSD/sgi
Unread postPosted: Thu Jul 02, 2009 4:27 am 
Offline
User avatar

Joined: Sun Jun 14, 2009 11:53 pm
Posts: 26
Location: Moscow / Russian Federation
Only moron, crazy-minded or envious will be intreresting in hacking not a production box from outside.
Or did someone put his eye on nekochan already? :lol:
If you'll stop and pull out all useless services like time and e.t.c., and keep only really using (like ftpd, sshd, httpd, e.t.c.) and better to use stable versions with security patches applied services, well then you may say that the box is not just critical hole from outside view.
Of course if you get ssh accounts to anyone from your friends, wait presents :lol: But in this war case almost all UNIXes are under disgrace if there are just installed out from a box.

_________________
:rx2600: (CHNPP node), custom build PC (duckstar host), one dead PowerBook G4 (nokacheflush host)

More info at my web page!


Top
 Profile  
 
 Post subject: Re: OpenBSD/sgi
Unread postPosted: Thu Jul 02, 2009 7:57 am 
Offline
User avatar

Joined: Fri May 27, 2005 11:43 am
Posts: 810
hamei wrote:
jan-jaap wrote:
nekonoko wrote:
The only truly secure system is one not connected to the public internet.

Don't forgot to put it in a closed room with an armed guard in the front ;)

And NO USB !!!


And don't forget the Faraday cage. :mrgreen:

_________________
Sitting in a room.....thinkin' shit up. :evil:

:O2: 400MHz R12k - :320: Dual 550MHz PIII - Apple G4 Cube dual 500MHz/GF6200 - Newton Messagepad 2100 - Apple PowerBook 2400c/G3@240 - DECstation5000/133 - Apple Workgroup Server 9150/120 G3@280 - Apple Macintosh IIfx - Apple Macintosh Color Classic (Mystic upgrade) - Sun Cobalt Cube 3 - Tadpole RDI UltraBook IIi - Digital HiNote Ultra II - HP 200LX


Top
 Profile  
 
 Post subject: Re: OpenBSD/sgi
Unread postPosted: Thu Jul 02, 2009 11:59 am 
Offline

Joined: Wed Jul 19, 2006 8:37 am
Posts: 5758
Location: Renton, WA
zahal wrote:
And don't forget the Faraday cage. :mrgreen:



Just turn it off, pull the cables, and weld some steel plate over the back just in case.

I remember when my college moved from SunOS 4.1.4 to Solaris 2.can't_remember. I think it was 2.6 (1997-1998 year). First halfway decent Solaris 2 release, and I hated it.

Solaris has gotten better, and I've gotten more used to it, but 5 years after first release to get a decent product is pretty bad.

_________________
Damn the torpedoes, full speed ahead!

There are those who say I'm a bit of a curmudgeon. To them I reply: "GET OFF MY LAWN!"

:Indigo: :Octane: :Indigo2: :Indigo2IMP: :Indy: :PI: :O3x0: :ChallengeL: :O2000R: (single-CM)


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 60 posts ]  Go to page Previous  1, 2, 3, 4  Next

All times are UTC - 8 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group