Mailinglist Archive: opensuse-factory (564 mails)
| < Previous | Next > |
Re: [opensuse-factory] Re: Human readable, what is that? (was [12.1] massive data loss in /var/tmp/)
- From: Stefan Seyfried <stefan.seyfried@xxxxxxxxxxxxxx>
- Date: Mon, 26 Dec 2011 17:15:19 +0100
- Message-id: <4EF89D97.1010704@message-id.googlemail.com>
Am 26.12.2011 17:03, schrieb Sebastian Freundt:
No, if not implemented totally braindead, then it will just flag the
entry as "has a problem".
If you're doing forensics on a dying disc, then that problem flag is a
sign of "oh, a flipped bit!".
But if you are doing forensics after a security breach, then it is a
sign of "someone tried to do something bad".
You also depend on your dynamic linker still working. I have seen too
many machines where it was not, so I finally had to get out that rescue
system. So what.
Thanks for assuming I'm not farming 10000+ computers.
You're wrong.
So you surely have filed lots of bugzilla entries about all that bad
experience?
It is pretty rude assuming that the guys who are actually volunteering
to do parts the work (Cristian is) will certainly screw up.
If I'm looking at Cristians track record regarding openSUSE, I am
willing to give him some credit and I assume that he will not screw this up.
--
Stefan Seyfried
"Dispatch war rocket Ajax to bring back his body!"
--
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-factory+owner@xxxxxxxxxxxx
Stefan Seyfried <stefan.seyfried@xxxxxxxxxxxxxx> writes:
Am 26.12.2011 07:41, schrieb Claudio Freire:
2) Ability to write and read logs faster then before.Speed is not an issue.
I've processed gigabytes of text logs quickly enough when doing forensics.
If you've really ever done real forensics, you'd probably value signed
tamper-proof log entries.
That just proves that you've never done forensics. Relying on
tamper-proofness is a bad idea. The whole feature is a typical thing some
people seem to assume that everyone needs. I imagine the reader software
will be designed to detect such `tampering' and invalidate it one way or
the other.
No, if not implemented totally braindead, then it will just flag the
entry as "has a problem".
Just imagine a dying disk flipping bits at random with a probability of
X. At some point either the signature will be invalid, or the data.
Having discarded valuable redundancy by using a binary format, how do you
detect the validity and how do you cope with situations like these?
If you're doing forensics on a dying disc, then that problem flag is a
sign of "oh, a flipped bit!".
But if you are doing forensics after a security breach, then it is a
sign of "someone tried to do something bad".
I don't want to depend on that particular less feature, at least not in
real-life stress situations.
You also depend on your dynamic linker still working. I have seen too
many machines where it was not, so I finally had to get out that rescue
system. So what.
It pains me to see that some people seem to scale their experience with 2
or 3 computers to a farm of 10000+ computers. It's a LOT different.
Thanks for assuming I'm not farming 10000+ computers.
You're wrong.
Let's not forget this is new territory for anyone that hasn't done a
similar migration (for the better or worse) in the past, promises mean
nothing, *experience* is what counts.
So you surely have filed lots of bugzilla entries about all that bad
experience?
It is pretty rude assuming that the guys who are actually volunteering
to do parts the work (Cristian is) will certainly screw up.
If I'm looking at Cristians track record regarding openSUSE, I am
willing to give him some credit and I assume that he will not screw this up.
--
Stefan Seyfried
"Dispatch war rocket Ajax to bring back his body!"
--
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-factory+owner@xxxxxxxxxxxx
| < Previous | Next > |