Quote:
Quote:
I've read as well, that binary logs are more secure, since if someone will hack your system, he can't just remove some logs that tell about his actions in the system but you will see in logs if something is wrong. Your "objectivity" is just an one sighted point of view. There are hundreds of topics where technical pros and cons of systemd are discussed (therefore I don't want to get more technical details, the internet is rife with them). Everything you need is a bit will to use google and objectivity (I mean real objectivity, not the objectivity of the type: Everything who thinks different has less experience than me or is by nature stupid). Quote:
|
Quote:
|
Quote:
A few month ago I was in an influence conflict between the production team (us) and the investors... The lead of the investors had a new "network friend with benefit daughter of highly placed persons", a girl who was pretending to have "made the google algorithm" (and those stupid bilionnaires believed her... well she had "others" arguments)... She sold herself as a "cloud expert" a super talented engineer, wizkid etc... And when we had problem because we had a home grade ISP with a "home modem" for a whole working team of 20, using extensively the net, and we explained that we were generating more data that the connection capacity... She simply said I was an "artesian programmer" (understand "stone age", artesian wells are old water wells...), which I took proudly... But she added, with heavy sarcastisc tone: "You know there is new technology ? You know the cloud ? (sarcarstic laugh) You should be updated ! You login to amazon in your browser, you just press the button and you have more bandwidth." I was like... Huh ? You know that situation where you're the only one being able to understand the distance in the 'understanding' of the system, and you are "judged" by some "politician" which have more credit with the boss than you. (And yes, she wanted me to get out). Guess what, the investors believed it... I was obviously "too old", imagine: i had TEXT TERMINAL windows on my computer !! What an old school, spoiled developer ! :) If at least it was a single extraordinary event... Well no... Sad stuff is that in recent years, I've had series of SERIOUS problems with proud and hungry newcomers, or "method fashion victims" who "method jump" on the current trend of agility-scrummity-xtremity-book-to-sell. And believing that because they had some kind of PhD or MBA could give sensible orientations to developments, supposedly reducing the risk... And so hungry they want to be "boss" without producing anything first, with some investors/CEO trusting them because of the "fresh label stamped"... All long term knowledge and wisdom trapped in the trash bin... See where we are ! :) Cheers. Garry. PS/ Someone will notify me that, again, I sound upset... :) |
Quote:
Because "if you read well" you can read very well any sort of propaganda, but if it's just based on your reading, of could you "believe" more in one "opinion" vs another one ? I tell you binary anything is just the opposite that "more secure", "easy to read because of field" (<--- who find that causality ????)... This is just marketing for the masses... Cheers Garry. PS/ not talking about the flexibility with the nix standard (shell) and lose all pipe related tools unless you have some kind of "binary to text" and "text to binary" converter to call each time... |
Quote:
And you advice me to take side of blind systemd-haters and not the side of marketing and propaganda? Hm... I'll think about it. That's nice story, you told, but... I won't accept it as justification to argue like my aunt: "I'm elder -> I have more experience in life -> I'm right" Quote:
edit: except of parsing some data like CSV or html-pages or eBooks to get some data and put them into the database. |
Quote:
I'm a bit sad so many FUD is spread around those projects. It does not matter if RedHat's propaganda can be blamed exclusively, the reality is politics infected more than ever the GNU/Linux world and indirectly other OSS :( So many useful idiots are playing this game. |
Quote:
|
Quote:
I gave you a technical argument that parsing "binary" is not a good solution, doesn't warranty "security" (which is a graal), and is not easy to integrate in the middle of the existing tool-chain, tool chain that impact more than boot, but how servers are managed, low level programs can communicate together. At the 'metal' level the ultimate abstraction is "binary" (cpu wins with numerical values). At the 'OS' level, unix showed that the ultimate abstraction is the "text" format (and I'm not found with localization trending of programming language, low level ones I mean, English is a standard 'de facto'). At a Web level the "abstraction" is the HTML node which have it's own constraint and benefits. You can't apply to low level init and programming interface "ideologies" (that might be well usage in their realms) that belongs to "high level of human abstraction"... Well some did that, Windows... It's a complete mess in term of API... It is NOT because the end user MUST have easy access that you can apply "dumbness" down throw the layers. Of course "low level layers" might integrate some good stuff from higher level in times, but paradoxically there are two abstraction path in software, one top-bottom, and one bottom-up... The "Ultimate abstraction" for the CPU is the "worst" for the human (bit fields). Whereas the "Ultimate abstraction" for the human (Natural Localized language, mouse, icons, audio, video), is the worst for the CPU and is very "specialized". When you have to design the whole stack, and you have to do it several time, you know that you shouldn't have to mess with "layers" and each of them must have LIMITED GOALS and separated the abstractions with different "methods" on each level. Your graphic OpenGL "driver" shouldn't mess with the artist editor or the AI of NPCs in a game... You audio shouldn't depend on graphic, UNLESS you reach the higher enough level of abstraction that glue both together... That is "fact" and "pure painful experience"... So you might just reduce that as "I'm your uncle and shut up", which is not, but give me facts that my arguments are not valid, or ask question if some of them are not clear enough, or ambiguous or say if some are completely wrong and why. But don't give me words I didn't have. Give me solid concrete arguments. Cheers Garry. |
Quote:
And that is the point where I find that localization should be limited to "higher level application" and not to things like "source files" or "scripts" or "shell"... But I might be "extreme" in that :). This is the part where it comes to opinions... And yes I confirm what dunric says, security with binary more than with text is a myth. The goal of a breach is to gain "root access"... With that, never will have any protection that can resist. The idea of security is to prevent the bad one to have access to the right things (become root) NOT to add trouble to the administrator because "someone might have become root" (which is simply: too late). Cheers Garry. |
The thought of equating security to binary files reminds me of DRM. It ends up only hurting the person who is trying to use it properly.
If an attacker really didn't want the log files to be viewed, it would be super easy to just load up the file in a hex editor, modify something, and then the file would be "corrupt" and the administrator wouldn't know why. And with everything that has been cracked in our DRM filled world, who's to say that someone won't create a systemd logfile editor? And I chuckled to myself when they started talking about data being split into fields. How hard is that to do with text files? Have you seen /etc/passwd? How about a .csv file? And I've read through plenty of logs where a line is long enough it needs to move to the next line down. Pretty much all of your programs capable of reading text support that. The point is, you shouldn't be worrying about securing your logs. If an attacker is able to manipulate those, you are facing much bigger issues than modified logfiles. Maybe you should work on securing your system rather than just making sure the logfiles can't be changed. Out of all the things that systemd is introducing, except for the fact that they're all lumped together in one package, I think this is one of the stupidest. I can't think of one benefit that outweighs all the downsides, the biggest being the possibility of corruption. If something happens to your system in the middle of writing to that logfile, (and many times when something bad does happen, it is hopefully writing to the logfile before it completely locks up) and it crashes, your logfiles might be gone, along with your ability to troubleshoot the issue through the logfile. |
Quote:
To me, his story sounded like the other person didn't have a clue: "You login to amazon in your browser, you just press the button and you have more bandwidth." He specifically stated that they were having local bandwidth issues, that the residential line they were using was not enough for the amount of users and computers on the network. How would pressing a button on the Amazon site help with that (unless you can now order residential/business internet service through Amazon now)? Her ignorance in the matter is what Garry was talking about. |
An editorial from OSNews.org, from jessesmith:
http://www.osnews.com/story/28026/Ed...edom_to_Choose |
Quote:
|
Quote:
|
I've been trying to stay out of this, but I do need add the following:
Just hearing about binary logs is bringing back bad memories of having to deal with the Windows Event Logs (which are binary). |
All times are GMT -5. The time now is 02:25 AM. |