On 20/09/2022 13:30, chris wrote:
> On 09/16/22 08:51, David Brown wrote:
>> On 14/09/2022 18:41, chris wrote:
>>> On 9/14/22 14:36, David Brown wrote:
>>>> On 14/09/2022 13:07, chris wrote:
>>>>> On 9/14/22 07:58, David Brown wrote:
>>>>>> On 13/09/2022 15:11, chris wrote:
>>>>>>> Hello, test
>>>>>>>
>>>>>>
>>>>>> Your Usenet setup is working.  So now you can post your question or
>>>>>> start a discussion about anything related to embedded programming,
>>>>>> microcontrollers, etc.  There is not a lot of traffic in this
>>>>>> group, but there are quite a number of regulars who will see posts
>>>>>> and jump in if there is something interesting to talk about.  It's
>>>>>> a sleepy group - we just need someone to wake us up!
>>>>>>
>>>>>>
>>>>>
>>>>> Good morning David. Have just upgraded the host I use for usenet and
>>>>> email and had to import settngs etc from a previous host. Long term
>>>>> association with Sun Sparc has been broken, as the cost of keeping
>>>>> them powered up is becoming oppressive. This machine is running open
>>>>> Indiana hipster, an open solaris fork and so far, seems very good.
>>>>> Mate
>>>>> desktop and a fresh zfs pool. almost duplicates the Solaris 10 used
>>>>> for a decade or more. I try to evaluate several os's a year and have
>>>>> looked at Open Solaris in the past, but this is the first serious
>>>>> evaluation. Still getting used to the bang up to date Thunderbird 102,
>>>>> replacing the old version 10, used for years here...
>>>>>
>>>>> Chris
>>>>>
>>>>
>>>> This is not exactly on-topic for the group, but I expect people will
>>>> figure that out from the subject, and it's not as though on-topic
>>>> threads are getting lost in the crowd!
>>>>
>>>> I haven't used a Sparc since a Sun-4 at university, nearly thirty
>>>> years ago.  I didn't think they had been much used for workstations
>>>> for decades (though they were of course found in some kinds of
>>>> servers, big iron and supercomputers until much more recently).
>>>>
>>>> What factors lead you to OpenIndiana, rather than a more mainstream
>>>> alternative like Linux or at least FreeBSD?  Of course you can
>>>> compile a lot of *nix software for it, as it is a perfectly standard
>>>> POSIX system, but you're going to have a lot more challenge with
>>>> anything pre-built. And like it or not, that's almost unavoidable for
>>>> a lot of embedded development.
>>>
>>> Will try to bring it back on topic, but what factors ?. Have been
>>> using Sparc based machines as a more secure solution for main server
>>> tasks, but also ftp and web server, as well as a desktop for some
>>> software and other development work.
>>
>> More "secure" than what? Secure against what?
>>
>> As long as you take a few basic precautions (such as a solid firewall),
>> a desktop is as secure as the person using it - regardless of the
>> system. If you run random programs from random places, click on random
>> links without thought, believe emails telling you about free bitcoins,
>> then you'll get in trouble. If you are careful, you won't. I have once,
>> in my 30 years or so as a professional developer, had malware on a
>> computer - when I accidentally booted from an infected 3.5" floppy.
>>
>> Now, there is no doubt it is a lot easier to get problems accidentally
>> with Windows - the target is bigger, the software quality is often
>> poorer, the pressure to click "OK" is higher, and the sources are not
>> controlled. But I think you would have a very hard time finding clear
>> evidence or statistics showing significant security differences between
>> any of the *nix systems that is inherent in the system - it all comes
>> down to who uses it, and what programs they run.
>>
>> Similarly, on the server side it is a matter of making sure that the
>> only ports accessible from outside, are the ones that you want to be
>> accessible. Lock down "risky" ports appropriately, such as very good
>> password and/or passwordless keys for ssh, using connection limits to
>> stop brute force attacks, and so on. You do all this on your
>> firewall/router - the server system doesn't matter.
>>
>> Then it is about the server software you run, and the website setup. The
>> server OS is irrelevant in comparison. If you've got Java and use the
>> log4j (if I remember the name correctly) with its vulnerability, then
>> you are in /exactly/ the same position with Sparc/Solaris, NetBSD/68k,
>> Linux/x86-64, or whatever. And if you've got a website that does not
>> have such risks, you don't have a problem.
>>
>> Security is not an end result, it's a process. It is never absolute, and
>> too much security is as bad as too little (after all, your system can
>> always be made more secure by pulling out the plug). You want security
>> that is /good enough/. When you have less chance of script-kiddie and
>> drive-by attacks than the chances of a lightning strike or flood, and
>> when targetted attacks are easier by breaking down your door and
>> stealing your server, your security is good enough (for now).
>>
>>
>>> Windows is here on sufferance
>>> and run FreeBSD as the main software dev system. Always did like
>>> Solaris, mainly for the zfs file system, zones and just the general
>>> robustness of the os and the hardware. Have built and used cross
>>> gnu for both 68K and arm, and here's quite a bit of history that
>>> openindiana will hopefully provide continuity for, even though some
>>> rebuilding will be needed. A bit of an experiment, but the cost of
>>> energy, ever increasing, means some compromise needed in the number
>>> and type of machines running 24x7. Save around 200 watts by replacing
>>> the Sun and disk array with a 1U i5 based machine. If it doesn't
>>> work out, Freebsd with zfs and jails will be the preferred solution.
>>>
>>
>> You saved 200 W ? I don't know what kind of traffic you are seeing and
>> what kind of site you are serving on your web server, but it can't be
>> too demanding if it ran on an old Sun machine. You could probably run it
>> on a Raspberry Pi 4, or an x86 mini PC like an ASUS PN50 or similar.
>>
>>> FreeBSD is the os of choice now. Much more lean and less bloat than
>>> Linux. Docs and package availability excellent. The Arm X
>>> compiler tools being just a package install, for example and a full
>>> set of gnu related tools out of the box as well. Still a makefile
>>> environment here, xnedit editor, less is more etc...
>>>
>>> Chris
>>>
>
> More secure in that X86 binaries won't execute on sparc or any other
> arch hardware. A small point, but since many exploits depend on
> getting a binary executable into the the target machine, then running
> it, just one of the many things that constitute an overall security
> frame work.

There are perhaps two main kinds of malware, and three main kinds of
other attacks. (There are plenty of others, but they are relatively
rare in comparison.)

One kind of malware is Windows software. You don't get that without
Windows, or at least Wine (and you are usually explicit about which
programs you run with Wine). The other kind of malware is scripts and
small bits of code, run on interpreted languages - bash, python, java,
etc. These run as well on a Sparc as anything else.

One kind of attack is targeting weak passwords or authentication.
Another is targeting poor security in websites. A third kind attacks
flaws in software and tries to inject code. It is only this third type
that is at all influenced by the processor you use.

Running on a Sparc rather than an ARM or x86 is at best a very small
security benefit. And for every person running a server program on a
Sparc, there are 10,000 others running it on x86 - there are more
x86-specific attackers, but also many more x86-specific defenders.
Sparc has not been "mainstream" for decades, and does not see close to
the level of care and maintenance that you get in x86 and ARM. (Of
course, the majority of the code you are running is not sparc-specific.)

> Assuming that any security can be broken given sufficient
> resources, the idea is to make it as difficult as possible and not
> worth the return on investment to try and break a given system.
>

True. But using a weird platform that "nobody" has ever heard of does
not necessarily help. The biggest risk for any significant web site is
the web site code - PHP, Java, etc., along with SQL flaws, not machine code.

> Anyway, HP are to release a Proliant Arm based server in the next
> year, which might be interesting. Arm in a commodity server package,
> now all we need is an arm based workstation...
>

There are not many good ARM workstations, unfortunately.

But what are you running on your server that is so demanding? Maybe
I've misunderstood or am making completely incorrect assumptions, but I
got the impression this was running a website at home.