For example binary logs. Everyone can tell?

http://lwn.net/Articles/468078/

I've read as well, that binary logs are more secure, since if someone will hack your system, he can't just remove some logs that tell about his actions in the system but you will see in logs if something is wrong.

Your "objectivity" is just an one sighted point of view. There are hundreds of topics where technical pros and cons of systemd are discussed (therefore I don't want to get more technical details, the internet is rife with them). Everything you need is a bit will to use google and objectivity (I mean real objectivity, not the objectivity of the type: Everything who thinks different has less experience than me or is by nature stupid).

I have much to do with the computers and I'm learning a lot. What I study is my decision.

please do

Beware ! Nowadays for saying things like this you might be accused to be "outdated" with a "narrow point of view" ! :)

A few month ago I was in an influence conflict between the production team (us) and the investors... The lead of the investors had a new "network friend with benefit daughter of highly placed persons", a girl who was pretending to have "made the google algorithm" (and those stupid bilionnaires believed her... well she had "others" arguments)... She sold herself as a "cloud expert" a super talented engineer, wizkid etc... And when we had problem because we had a home grade ISP with a "home modem" for a whole working team of 20, using extensively the net, and we explained that we were generating more data that the connection capacity... She simply said I was an "artesian programmer" (understand "stone age", artesian wells are old water wells...), which I took proudly... But she added, with heavy sarcastisc tone:

"You know there is new technology ? You know the cloud ? (sarcarstic laugh) You should be updated ! You login to amazon in your browser, you just press the button and you have more bandwidth."

I was like... Huh ? You know that situation where you're the only one being able to understand the distance in the 'understanding' of the system, and you are "judged" by some "politician" which have more credit with the boss than you. (And yes, she wanted me to get out). Guess what, the investors believed it... I was obviously "too old", imagine: i had TEXT TERMINAL windows on my computer !! What an old school, spoiled developer !

:)

If at least it was a single extraordinary event... Well no... Sad stuff is that in recent years, I've had series of SERIOUS problems with proud and hungry newcomers, or "method fashion victims" who "method jump" on the current trend of agility-scrummity-xtremity-book-to-sell. And believing that because they had some kind of PhD or MBA could give sensible orientations to developments, supposedly reducing the risk... And so hungry they want to be "boss" without producing anything first, with some investors/CEO trusting them because of the "fresh label stamped"... All long term knowledge and wisdom trapped in the trash bin... See where we are ! :)

Cheers.

Garry.

PS/ Someone will notify me that, again, I sound upset... :)

Sorry to ask you, but do you have any experience in programming ? And please, since when and on which subject ? Do you know about parsing ? About endianess ? Have you ever wrote a parser ? In C ? In ASM ? In C++ ? In Haskell ?

Because "if you read well" you can read very well any sort of propaganda, but if it's just based on your reading, of could you "believe" more in one "opinion" vs another one ?

I tell you binary anything is just the opposite that "more secure", "easy to read because of field" (<--- who find that causality ????)... This is just marketing for the masses...

Cheers

Garry.

PS/ not talking about the flexibility with the nix standard (shell) and lose all pipe related tools unless you have some kind of "binary to text" and "text to binary" converter to call each time...

Yes, mostly web programming, about 7 years. I have also done some C programming in the last time (but pretty basic). No, I haven't written any parsers.

And you advice me to take side of blind systemd-haters and not the side of marketing and propaganda? Hm... I'll think about it.

That's nice story, you told, but... I won't accept it as justification to argue like my aunt: "I'm elder -> I have more experience in life -> I'm right"

No. I respect your experience. The problem is, that I haven't said I would know it better. There are just people, who aren't newbies and newcomers and who welcome systemd; there is Torvalds, if you want, who uses systemd on all his home machines and I'm sure, there are also others. You can dream, that all experienced hackers are on your side but the world isn't so narrow as my narrow point of view of a newcomer and social "scientist".


edit: except of parsing some data like CSV or html-pages or eBooks to get some data and put them into the database.

Sorry but this is just an urban myth. When an attacker gains a privileged access on the logging machine, logs format either binary or text won't prevent him to clean all his tracks. In theory only logs stored encrypted with an asymetric cipher where the decryption key is nowhere present (even in a deferred not-yet-expunged memory block) can complicate the job, but again it does not matter if they are originally binary or in a text format. The only `protection' are immediate log backups on a remote storage (non-rewritable disk, machine attacker has no privileged access or even printed on paper). If he does not care about intrusion detected, he can just simply wipe them.

I'm a bit sad so many FUD is spread around those projects. It does not matter if RedHat's propaganda can be blamed exclusively, the reality is politics infected more than ever the GNU/Linux world and indirectly other OSS :( So many useful idiots are playing this game.

Can someone just remove logs selectively? or do you mean that he can remove all the logs from the system?

Didn't said that and you didn't answer the point. On what 'technical basis' do you believe in one "technical opinion" or another... I still don't know.

I gave you a technical argument that parsing "binary" is not a good solution, doesn't warranty "security" (which is a graal), and is not easy to integrate in the middle of the existing tool-chain, tool chain that impact more than boot, but how servers are managed, low level programs can communicate together.

At the 'metal' level the ultimate abstraction is "binary" (cpu wins with numerical values).
At the 'OS' level, unix showed that the ultimate abstraction is the "text" format (and I'm not found with localization trending of programming language, low level ones I mean, English is a standard 'de facto').
At a Web level the "abstraction" is the HTML node which have it's own constraint and benefits.

You can't apply to low level init and programming interface "ideologies" (that might be well usage in their realms) that belongs to "high level of human abstraction"... Well some did that, Windows... It's a complete mess in term of API...

It is NOT because the end user MUST have easy access that you can apply "dumbness" down throw the layers. Of course "low level layers" might integrate some good stuff from higher level in times, but paradoxically there are two abstraction path in software, one top-bottom, and one bottom-up... The "Ultimate abstraction" for the CPU is the "worst" for the human (bit fields). Whereas the "Ultimate abstraction" for the human (Natural Localized language, mouse, icons, audio, video), is the worst for the CPU and is very "specialized".

When you have to design the whole stack, and you have to do it several time, you know that you shouldn't have to mess with "layers" and each of them must have LIMITED GOALS and separated the abstractions with different "methods" on each level. Your graphic OpenGL "driver" shouldn't mess with the artist editor or the AI of NPCs in a game... You audio shouldn't depend on graphic, UNLESS you reach the higher enough level of abstraction that glue both together...

That is "fact" and "pure painful experience"... So you might just reduce that as "I'm your uncle and shut up", which is not, but give me facts that my arguments are not valid, or ask question if some of them are not clear enough, or ambiguous or say if some are completely wrong and why. But don't give me words I didn't have. Give me solid concrete arguments.

Cheers

Garry.

One other detail the "masses" (even in the programming crowd) often fail to understand is that "Text" IS a binary format !! It's just based on 8bit ASCII standard, can be with other binary format (Unicode etc) which are considered text...

And that is the point where I find that localization should be limited to "higher level application" and not to things like "source files" or "scripts" or "shell"... But I might be "extreme" in that :). This is the part where it comes to opinions...

And yes I confirm what dunric says, security with binary more than with text is a myth. The goal of a breach is to gain "root access"... With that, never will have any protection that can resist. The idea of security is to prevent the bad one to have access to the right things (become root) NOT to add trouble to the administrator because "someone might have become root" (which is simply: too late).

Cheers

Garry.

The thought of equating security to binary files reminds me of DRM. It ends up only hurting the person who is trying to use it properly.

If an attacker really didn't want the log files to be viewed, it would be super easy to just load up the file in a hex editor, modify something, and then the file would be "corrupt" and the administrator wouldn't know why. And with everything that has been cracked in our DRM filled world, who's to say that someone won't create a systemd logfile editor?

And I chuckled to myself when they started talking about data being split into fields. How hard is that to do with text files? Have you seen /etc/passwd? How about a .csv file? And I've read through plenty of logs where a line is long enough it needs to move to the next line down. Pretty much all of your programs capable of reading text support that.

The point is, you shouldn't be worrying about securing your logs. If an attacker is able to manipulate those, you are facing much bigger issues than modified logfiles. Maybe you should work on securing your system rather than just making sure the logfiles can't be changed.

Out of all the things that systemd is introducing, except for the fact that they're all lumped together in one package, I think this is one of the stupidest. I can't think of one benefit that outweighs all the downsides, the biggest being the possibility of corruption. If something happens to your system in the middle of writing to that logfile, (and many times when something bad does happen, it is hopefully writing to the logfile before it completely locks up) and it crashes, your logfiles might be gone, along with your ability to troubleshoot the issue through the logfile.

Just being at a position longer should never be a justification (unfortunately, some people think it is). But you have to take both knowledge and experience into factor. There are many times that someone who has more experience can't think out of the box they're in, and as such, can't see the possible improvements that can be made. But there are many times when new people are too inexperienced or lack the knowledge to properly solve a problem. They can introduce new issues while trying to solve older ones.

To me, his story sounded like the other person didn't have a clue: "You login to amazon in your browser, you just press the button and you have more bandwidth." He specifically stated that they were having local bandwidth issues, that the residential line they were using was not enough for the amount of users and computers on the network. How would pressing a button on the Amazon site help with that (unless you can now order residential/business internet service through Amazon now)? Her ignorance in the matter is what Garry was talking about.

An editorial from OSNews.org, from jessesmith:

http://www.osnews.com/story/28026/Ed...edom_to_Choose

It's assuming the people designing this log system try to accomplish something good for the user. Maybe they don't. There is a clear trend of disempowering users (including administrators) in the tech industry, and this "binary" log system fits this perfectly. DRM is a good keyword for this, because DRM proponents view the legitimate user as the black hat, from whom stuff has to be secured and hidden from. And while doing this they're helping the real black hats compromising your security.

On the other hand, if tampering with logs was detectable, there would be a real security benefit: an intrusion detection mechanism. But as others pointed out above, the only effective way to do it is by either keeping a read-only copy of the log or by signing it cryptographically. Using some binary format for this purpose is security by obscurity. Micro$oft perfected that technique, and the results speak for themselves.

I've been trying to stay out of this, but I do need add the following:

Just hearing about binary logs is bringing back bad memories of having to deal with the Windows Event Logs (which are binary).