[gentoo-user] Re: Fwd:How about the gentoo server or cluster in production environment?

The 21/02/14, Andrew Savchenko wrote: Any decent security setup contains multiple layers of protection. Use of non-standard binaries, algorithms or implementations is just one of them and it is the simplest math to prove that security is _improved_ this way. The algorithms and

[gentoo-user] Re: Fwd:How about the gentoo server or cluster in production environment?

The 21/02/14, hasufell wrote: So you are saying compiling a minimal kernel to minimize exposure to subsystem bugs is only obscurity? (I really wonder what Greg would say to this) Developers made the kernel to rely on modules. Distributions relies on them. Since they are almost always loaded

[gentoo-user] Re: Fwd:How about the gentoo server or cluster in production environment?

The 21/02/14, Andrew Savchenko wrote: Are you considering Bruce Schneier's advice as a stupid nonsense? In his Applied cryptography he recommended one of the ways to straighten a system: to use not so frequently used algorithms instead of selected standards because less frequently used

Re: [gentoo-user] Re: Fwd:How about the gentoo server or cluster in production environment?

On Wed, Feb 26, 2014 at 5:55 AM, Nicolas Sebrecht nsebre...@piing.fr wrote: The 21/02/14, hasufell wrote: So you are saying compiling a minimal kernel to minimize exposure to subsystem bugs is only obscurity? (I really wonder what Greg would say to this) Developers made the kernel to rely

Re: [gentoo-user] Re: Fwd:How about the gentoo server or cluster in production environment?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Alan McKinnon: On 21/02/2014 16:15, hasufell wrote: Alan McKinnon: On 20/02/2014 22:41, Nicolas Sebrecht wrote: On Thu, Feb 20, 2014 at 08:52:07PM +0400, Andrew Savchenko wrote: And this point is one of the highest security benefits in

Re: [gentoo-user] Re: Fwd:How about the gentoo server or cluster in production environment?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Nicolas Sebrecht: The 21/02/14, hasufell wrote: So you are saying compiling a minimal kernel to minimize exposure to subsystem bugs is only obscurity? (I really wonder what Greg would say to this) Developers made the kernel to rely on

[gentoo-user] Re: Fwd:How about the gentoo server or cluster in production environment?

The 26/02/14, hasufell wrote: I wasn't only talking about modules and yes... loading them on demand actually proves my point. No. We are talking about servers. -- Nicolas Sebrecht

Re: [gentoo-user] Re: Fwd:How about the gentoo server or cluster in production environment?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Nicolas Sebrecht: The 26/02/14, hasufell wrote: I wasn't only talking about modules and yes... loading them on demand actually proves my point. No. We are talking about servers. I am aware of that. Please read the whole discussion.

Re: [gentoo-user] Re: Fwd:How about the gentoo server or cluster in production environment?

On 21/02/2014 16:15, hasufell wrote: Alan McKinnon: On 20/02/2014 22:41, Nicolas Sebrecht wrote: On Thu, Feb 20, 2014 at 08:52:07PM +0400, Andrew Savchenko wrote: And this point is one of the highest security benefits in real world: one have non-standard binaries, not available in the

Re: [gentoo-user] Re: Fwd:How about the gentoo server or cluster in production environment?

On Thu, 20 Feb 2014 21:41:03 +0100 Nicolas Sebrecht wrote: On Thu, Feb 20, 2014 at 08:52:07PM +0400, Andrew Savchenko wrote: And this point is one of the highest security benefits in real world: one have non-standard binaries, not available in the wild. Most exploits will fail on such

Re: [gentoo-user] Re: Fwd:How about the gentoo server or cluster in production environment?

On Thu, 20 Feb 2014 22:59:59 +0200 Alan McKinnon wrote: On 20/02/2014 22:41, Nicolas Sebrecht wrote: On Thu, Feb 20, 2014 at 08:52:07PM +0400, Andrew Savchenko wrote: And this point is one of the highest security benefits in real world: one have non-standard binaries, not available in

Re: [gentoo-user] Re: Fwd:How about the gentoo server or cluster in production environment?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Alan McKinnon: On 20/02/2014 22:41, Nicolas Sebrecht wrote: On Thu, Feb 20, 2014 at 08:52:07PM +0400, Andrew Savchenko wrote: And this point is one of the highest security benefits in real world: one have non-standard binaries, not available

[gentoo-user] Re: Fwd:How about the gentoo server or cluster in production environment?

The 20/02/14, Nilesh Govindrajan wrote: Gentoo makes the best server os because it's a custom built os where the admin knows each and every aspect of the os. Security wise, there are no unwanted or unused stuff, so lesser bugs to deal with. While I agree with the less code is less

Re: [gentoo-user] Re: Fwd:How about the gentoo server or cluster in production environment?

On Thu, 20 Feb 2014 11:29:52 +0100 Nicolas Sebrecht wrote: The 20/02/14, Nilesh Govindrajan wrote: Gentoo makes the best server os because it's a custom built os where the admin knows each and every aspect of the os. Security wise, there are no unwanted or unused stuff, so lesser

[gentoo-user] Re: Fwd:How about the gentoo server or cluster in production environment?

On Thu, Feb 20, 2014 at 08:52:07PM +0400, Andrew Savchenko wrote: And this point is one of the highest security benefits in real world: one have non-standard binaries, not available in the wild. Most exploits will fail on such binaries even if vulnerability is still there. While excluding

Re: [gentoo-user] Re: Fwd:How about the gentoo server or cluster in production environment?

On 20/02/2014 22:41, Nicolas Sebrecht wrote: On Thu, Feb 20, 2014 at 08:52:07PM +0400, Andrew Savchenko wrote: And this point is one of the highest security benefits in real world: one have non-standard binaries, not available in the wild. Most exploits will fail on such binaries even if