OpenBSD/sgi

Additional operating system/hardware discussion (Windows, Linux, *BSD and others)
Forum rules
Any posts concerning pirated software or offering to buy/sell/trade commercial software are subject to removal.
hamei
Posts: 10103
Joined: Tue Feb 24, 2004 4:10 pm
Location: over the rainbow

Re: OpenBSD/sgi

Unread postby hamei » Tue Jun 30, 2009 10:08 am

iKitsune wrote:As much as I hate to say it, I think that'd work out well on an Origin 300 for a webserver. IRIX is kind of dated, security-wise, and I don't want to put a huge break-in target on the public Internet.

Since there's no graphics on an Origin, it's not like you're losing so much. I wonder if most exploits are operating system or application weaknesses, tho ? If it's applications then heck, we're already using the latest and greatest.

User avatar
nekonoko
Site Admin
Site Admin
Posts: 8041
Joined: Thu Jan 23, 2003 1:31 am
Location: Pleasanton, California
Contact:

Re: OpenBSD/sgi

Unread postby nekonoko » Tue Jun 30, 2009 10:09 am

indyman007 wrote:So just out of interest, how is nekochan.net kept 'secure'?


The same way you keep any system secure - make sure all public facing services are patched and up to date.
Twitter: @neko_no_ko
IRIX Release 4.0.5 IP12 Version 06151813 System V
Copyright 1987-1992 Silicon Graphics, Inc.
All Rights Reserved.

User avatar
iKitsune
Posts: 504
Joined: Thu May 14, 2009 10:31 am
Location: Huntsville, Alabama, USA

Re: OpenBSD/sgi

Unread postby iKitsune » Tue Jun 30, 2009 1:52 pm

I'm just afraid of a breakin. I'm sure IRIX would be fine, but meh.
:O3000: :1600SW: :Indigo2IMP: :0300:

"Remember, if they can't find you handsome, they should at least find you handy."

SAQ
Posts: 5771
Joined: Wed Jul 19, 2006 8:37 am
Location: Renton, WA

Re: OpenBSD/sgi

Unread postby SAQ » Tue Jun 30, 2009 4:29 pm

iKitsune wrote:I'm just afraid of a breakin. I'm sure IRIX would be fine, but meh.


Then keep your eyes on the advisories and swap in rebuilt binaries from your favorite FOSS system (Solaris would probably be closest, followed by GNU/Linux and then xBSD) when a compromise comes up.

The important ones will be the services you use (SSH/SSL, HTTP, FTP), and those are the most likely to be third-party anyway.
"Brakes??? What Brakes???"

:Indigo: :Octane: :Indigo2: :Indigo2IMP: :Indy: :PI: :O3x0: :ChallengeL: :O2000R: (single-CM)

User avatar
nekonoko
Site Admin
Site Admin
Posts: 8041
Joined: Thu Jan 23, 2003 1:31 am
Location: Pleasanton, California
Contact:

Re: OpenBSD/sgi

Unread postby nekonoko » Tue Jun 30, 2009 4:37 pm

SAQ wrote:The important ones will be the services you use (SSH/SSL, HTTP, FTP), and those are the most likely to be third-party anyway.


Yep, exactly right. I roll my own builds of all those (excepting a commercial, third-party FTP server), plugging them in usually within hours of release. I'm even running openssl-1.0.0-beta2 for grins :) I also offer all of the Nekochan builds for download if anyone desires to use them elsewhere.

Another part of the equation is the software you run on the stack (things like phpBB, Gallery, SquirrelMail, etc.). Those need to be kept up to date as well on any platform you ultimately choose.

Security is an ongoing process on any platform. The only truly secure system is one not connected to the public internet.

(And yes, hamei - I know php-5.3.0 was just released today. xcache doesn't support 5.3 just yet so I'm going to wait a little) ;)
Twitter: @neko_no_ko
IRIX Release 4.0.5 IP12 Version 06151813 System V
Copyright 1987-1992 Silicon Graphics, Inc.
All Rights Reserved.

hamei
Posts: 10103
Joined: Tue Feb 24, 2004 4:10 pm
Location: over the rainbow

Re: OpenBSD/sgi

Unread postby hamei » Tue Jun 30, 2009 7:33 pm

nekonoko wrote:(And yes, hamei - I know php-5.3.0 was just released today. xcache doesn't support 5.3 just yet so I'm going to wait a little) ;)

Hey, the only way I know about these releases is when I see them here. When Nekochan gets a new subsystem, that means that 2 1/2 hours ago a new version came out :D

User avatar
jan-jaap
Posts: 4160
Joined: Thu Jun 17, 2004 11:35 am
Location: Wijchen, The Netherlands

Re: OpenBSD/sgi

Unread postby jan-jaap » Wed Jul 01, 2009 1:45 am

nekonoko wrote:The only truly secure system is one not connected to the public internet.

Don't forgot to put it in a closed room with an armed guard in the front ;)
Now this is a deep dark secret, so everybody keep it quiet :)
It turns out that when reset, the WD33C93 defaults to a SCSI ID of 0, and it was simpler to leave it that way... -- Dave Olson, in comp.sys.sgi

Currently in commercial service: Image :Onyx2:(2x) :O3x02L:
In the museum: almost every MIPS/IRIX system.
Wanted: GM1 board for Professional Series GT graphics (030-0076-003, 030-0076-004)

hamei
Posts: 10103
Joined: Tue Feb 24, 2004 4:10 pm
Location: over the rainbow

Re: OpenBSD/sgi

Unread postby hamei » Wed Jul 01, 2009 2:43 am

jan-jaap wrote:
nekonoko wrote:The only truly secure system is one not connected to the public internet.

Don't forgot to put it in a closed room with an armed guard in the front ;)

And NO USB !!!

dc_v01
Posts: 796
Joined: Fri Jul 29, 2005 3:38 pm
Location: Boston, MA

Re: OpenBSD/sgi

Unread postby dc_v01 » Wed Jul 01, 2009 6:47 am

hamei wrote:And NO USB !!!

Guess SGI has got that one covered....

Why has everyone been complaining about the security features of IRIX?

User avatar
R-ten-K
Posts: 1856
Joined: Mon Nov 15, 2004 10:36 pm
Location: Nor Cal

Re: OpenBSD/sgi

Unread postby R-ten-K » Wed Jul 01, 2009 7:52 am

dc_v01 wrote:
hamei wrote:And NO USB !!!

Guess SGI has got that one covered....

Why has everyone been complaining about the security features of IRIX?


Irix at some point had a reputation for not being that secure, I think it had to do with the fact that a ton of stuff was open in the default install, whether that reputation still stands today is a bit moot since the system is pretty much EOL for all intents and purposes and the damage in "mindshare" was already done.

Also early releases of Irix were awful, and that also affected the perception of the OS. A shame since it ended up being a nice Unix variant.
"Was it a dream where you see yourself standing in sort of sun-god robes on a
pyramid with thousand naked women screaming and throwing little pickles at you?"

SAQ
Posts: 5771
Joined: Wed Jul 19, 2006 8:37 am
Location: Renton, WA

Re: OpenBSD/sgi

Unread postby SAQ » Wed Jul 01, 2009 9:40 am

R-ten-K wrote:
dc_v01 wrote:
hamei wrote:And NO USB !!!

Guess SGI has got that one covered....

Why has everyone been complaining about the security features of IRIX?


Irix at some point had a reputation for not being that secure, I think it had to do with the fact that a ton of stuff was open in the default install, whether that reputation still stands today is a bit moot since the system is pretty much EOL for all intents and purposes and the damage in "mindshare" was already done.

Also early releases of Irix were awful, and that also affected the perception of the OS. A shame since it ended up being a nice Unix variant.


Compared to contemporary UNIXes I don't think the 4D1-3.x or 4.0.5 releases were very bad. SunOS 4 might have been a bit better, but 3.x wasn't too bad. Early IRIX 5 releases were, though. I recall one bug (I think it was in Objectserver) that was particularly pernicious and compromised security.

SGI was building systems for people who wanted to throw them on LANs and not worry about them, so they were pretty much wide open. Unfortunately this translated into them keeping things open for a long time after they branched into HPC/servers so they didn't get too many disgruntled "I want to plug it in and have it work instead of having to worry about all this password junk" types.
"Brakes??? What Brakes???"

:Indigo: :Octane: :Indigo2: :Indigo2IMP: :Indy: :PI: :O3x0: :ChallengeL: :O2000R: (single-CM)

User avatar
R-ten-K
Posts: 1856
Joined: Mon Nov 15, 2004 10:36 pm
Location: Nor Cal

Re: OpenBSD/sgi

Unread postby R-ten-K » Wed Jul 01, 2009 2:07 pm

True.

However, the perception did a lot of damage. I remember some sysadmins being completely hostile to the idea of having Irix machines into the network of the school I was at the time. Probably due more to FUD than reality, but I assume such a negative view must have hurt sales of SGI systems, esp. when the internet was taking off.

Anyhow, all major operating systems seem to have had growing pains at some point in their development. Early releases of Irix 5 were utter sh*t, and same goes for the first releases of Solaris.
"Was it a dream where you see yourself standing in sort of sun-god robes on a
pyramid with thousand naked women screaming and throwing little pickles at you?"

User avatar
dukzcry
Posts: 26
Joined: Sun Jun 14, 2009 11:53 pm
Location: Moscow / Russian Federation
Contact:

Re: OpenBSD/sgi

Unread postby dukzcry » Thu Jul 02, 2009 4:27 am

Only moron, crazy-minded or envious will be intreresting in hacking not a production box from outside.
Or did someone put his eye on nekochan already? :lol:
If you'll stop and pull out all useless services like time and e.t.c., and keep only really using (like ftpd, sshd, httpd, e.t.c.) and better to use stable versions with security patches applied services, well then you may say that the box is not just critical hole from outside view.
Of course if you get ssh accounts to anyone from your friends, wait presents :lol: But in this war case almost all UNIXes are under disgrace if there are just installed out from a box.
:rx2600: (CHNPP node), custom build PC (duckstar host), one dead PowerBook G4 (nokacheflush host)

More info at my web page!

User avatar
zahal
Posts: 813
Joined: Fri May 27, 2005 11:43 am

Re: OpenBSD/sgi

Unread postby zahal » Thu Jul 02, 2009 7:57 am

hamei wrote:
jan-jaap wrote:
nekonoko wrote:The only truly secure system is one not connected to the public internet.

Don't forgot to put it in a closed room with an armed guard in the front ;)

And NO USB !!!


And don't forget the Faraday cage. :mrgreen:
Sitting in a room.....thinkin' shit up. :evil:

:O2: 400MHz R12k - :320: Dual 550MHz PIII - Apple G4 Cube dual 500MHz/GF6200 - Newton Messagepad 2100 - Apple PowerBook 2400c/G3@240 - DECstation5000/133 - Apple Workgroup Server 9150/120 G3@280 - Apple Macintosh IIfx - Apple Macintosh Color Classic (Mystic upgrade) - Sun Cobalt Cube 3 - Tadpole RDI UltraBook IIi - Digital HiNote Ultra II - HP 200LX

SAQ
Posts: 5771
Joined: Wed Jul 19, 2006 8:37 am
Location: Renton, WA

Re: OpenBSD/sgi

Unread postby SAQ » Thu Jul 02, 2009 11:59 am

zahal wrote:And don't forget the Faraday cage. :mrgreen:



Just turn it off, pull the cables, and weld some steel plate over the back just in case.

I remember when my college moved from SunOS 4.1.4 to Solaris 2.can't_remember. I think it was 2.6 (1997-1998 year). First halfway decent Solaris 2 release, and I hated it.

Solaris has gotten better, and I've gotten more used to it, but 5 years after first release to get a decent product is pretty bad.
"Brakes??? What Brakes???"

:Indigo: :Octane: :Indigo2: :Indigo2IMP: :Indy: :PI: :O3x0: :ChallengeL: :O2000R: (single-CM)


Return to “Miscellaneous Operating Systems/Hardware”

Who is online

Users browsing this forum: No registered users and 1 guest