Will This Be A Nail In The Coffin Of The Note 5 Before It Hits The Shelves

Gromett · Jun 1, 2015

DBK said:
Bit disingenuous Grommet. With Linux being only less than 2% of the market, why would anyone bother to target it? I'm discounting android from that figure as it has I believe the largest share of any OS if you count all devices, including mobile phones, but I'm not sure Google would agree it is Linux - only the kernal is and that seems to be drifting away from the rest of the Linux community.

And I learned my first computing on a mainframe which spoke Fortran - so I am really up to date on these things!

Now you are taking a statement I made and twisting it

. I said 2% of the desktop market.
In the server market which is what most hackers involved in major breaches target, then Linux holds the Lions share. The only place that windows still holds the majority share of the market is the desktop.

As for Google drifting away from Linux that is not true, Most of googles infrastructure still runs on Linux. Android has a Linux Kernel at it's heart. True it has some modifications such as to the scheduler. But quite a bit of stuff that google develops finds it way back into the mainline Kernel sources. That is the way linux works. Last time I looked Android was using the 3.10 version of the kernel as it's base.

If you includes super computers, servers, microcontroller devices, appliances, tablets, phones etc etc then Linux is pretty much dominating everything. Even the International Space Station and stock exchange has dropped windows and moved across to linux. It is only on the desktop that Linux hasn't made much inroads yet...

I still want to know what major breach has happened to a linux system. There are enough linux systems around containing plenty of sensitive data but I have yet to hear of one being breached yet.

sdc77 · Jun 1, 2015

Gromett said:
I do know or should know. Until February I ran a hosting company and kept up with all security issues as a matter of necessity. I cannot recall the last time I heard of a breach caused by Linux. All the largest breaches over the last 3 years that I recall such as Target, Staples etc have all been due to bugs in Windows generally using tools such as BlackPOS.

If you can show me even one major breach attributable to a security issue in Linux I will publicly apologise to you and if I meet you at a show give you a beer.

I was also responsible for the PCI/DSS status of my company a job I took extremely seriously.

Well apart from Linux Australia... (lol)

Op windingo ..

We won't mention botnets

olley · Jun 1, 2015

Broken Link Removed

Beers are on Gromett.

Gromett · Jun 1, 2015

sdc77 said:
Well apart from Linux Australia... (lol)

Op windingo ..

We won't mention botnets

Linux australia it was Zookeeper software that was breached not linux. It was also not exactly a major breach.

Op Windingo. Never heard of it. So I just did a bit of searching. And found a comprensive document on it. In its initial notes though it says the following.
http://www.welivesecurity.com/wp-content/uploads/2014/03/operation_windigo.pdf

wide range of operating system have been compromised by the attackers; Apple OS X,OpenBSD, FreeBSD, Microsoft Windows (through Cygwin) and Linux, including Linux on the ARM architecture
No vulnerabilities were exploited on the Linux servers; only stolen credentials were leveraged.
We conclude that password-authentication on servers should be a thing of the past.

What I take from this is that weak passwords were used or passwords were not stored safely. If you don't lock the door to your house you can't blame the lock on the door for being insecure.

Botnets? Name any of the major ones that are linux based. Then look at those and tell me just one that can be installed on linux using a vulnerability in Linux as opposed to being installed by conning the user or user failure. (phishing for example)

In contrast the Target Breach which leaked 40 Million credit cards onto the scammers market places. This was done using a piece of Malware called BlackPOS and was installed on the terminals running windows using a bug in the windows OS. This same group hit Home Depot amongst others.

Linux is not immune to malware but it's design means it is a lot less likely to be infected by remote attacker. It usually requires some error on the users part or some interaction by the user. Even if malware could be installed without user interaction it would not have access to the system files (root) due to how security is built in from the ground up in Linux like all Unix like OS's.

Gromett · Jun 1, 2015

olley said:
Broken Link Removed

Beers are on Gromett.

Just reading up on it now. Found an in depth write up as per my previous link and studying it carefully.

sdc77 · Jun 1, 2015

Grommet.. I think the beers are on you..
And your arguments about Linux password and user security apply to Windows... The target and home depot beaches are well documented as being unpatched xpe terminals and more down to lack of chip and pin tech than anything else

Gromett · Jun 1, 2015

ok, I do know about this but didn't know it had been given a name.
It is not caused by a vulnerability in Linux. It is caused by people using weak passwords to secure SSH accounts on Linux systems.

One extraordinary characteristic of this operation is the sheer number of infected servers supporting the above mentioned malicious activities. In other words, there are two kinds of victims here: Windows end-users visiting legitimate web sites hosted on compromised servers, and Linux/Unix server operators whose servers were compromised through the large server-side credential stealing networks

On my servers I never enable password access. You need an SSL private key to get onto my servers. If more people used this recommended security measure then this kind of problem wouldn't happen.

Basically, SSH allows remote access to a server to run command line programs. Once you are logged in via SSH and authenticated on the system the system believes you to be who you say you are. If you use a weak password which can be guessed how is that the fault of Linux?

I run a service on all my servers called Fail2Ban. This basically allows you X number of attempts to login to my server. If you fail then you are banned at the firewall. Too many server admin use passwords to secure their SSH access and don't have something like fail2ban installed.

As I say, this is a server admin/user failure not a failure of the OS.

Unlike for instance the Target breach which used Malware called BlackPos which was installed using a zero day bug in Windows itself. Although there is talk that they gained access to the network through their airconditioning company contractors. Why is their airconditioning on the same network as their Financial system is something I really can't understand?

Gromett · Jun 1, 2015

sdc77 said:
Grommet.. I think the beers are on you..
And your arguments about Linux password and user security apply to Windows... The target and home depot beaches are well documented as being unpatched xpe terminals and more down to lack of chip and pin tech than anything else

I think you are wrong on that. Look up Zero Day Exploits and you will see that Windows is the king of these closely followed by Adobe and Sun (Java). A zero day exploit is a security hole in an operating system where a patch is not available.

I will just leave you with this.

http://recode.net/2015/01/20/heres-what-helped-sonys-hackers-break-in-zero-day-vulnerability/

sdc77 · Jun 1, 2015

You're just not acknowledging things you don't like.. We can all Google stuff..
Sony... There's lots of stuff on Sony.. Mainly to do with accounts compromised... Which is how access is gained.. No matter what server

Beers

Gromett · Jun 1, 2015

No I am not, I am pointing out that there is a difference between an OS being compromised due to bugs or security issues in the software itself and a system being compromised due to bad practices or user problems.

Lets go back to your original Statement....

Most of the huge data breaches that have occurred recently have been via Linux based servers...

All the systems used in all the major breaches I could find or remember were windows based systems.
Target, Staples, carefirst blue cross, Sally Beauty, Harbortouch, Sony, Kmart, Dairy queen and loads more. In all cases these were windows system that were compromised not Linux systems.

Saying that most huge data breaches happened to linux systems is just plain wrong. Name ONE big data breach that has happened via a linux based server. You can't even say a significant minority of data breaches happened via Linux based servers.

tonyidle · Jun 2, 2015

Gromett said:
Redhat would be my last choice for a desktop OS. It is designed to be a very basic but stable and secure OS for the corporate world. Generally used for running their own software.

The button being on the wrong side happens in some distributions of Linux but not many. Linux is not just one operating system. It is just the Kernel or the heart of the OS. On top of this you have the Desktop enviroment and there are almost 100 of these. The most popular being KDE, Gnome, XFCE and Unity amongst others. Unity is one of those that have played around with how things are done and I find it unusable but people coming from tablets love it.

As for why should you change anything. Well, because you can. With Linux there is no master controller who tells you how things should be done. If you don't like something you don't have to hope Microsoft will change it. You just install a bit of software to do it for you.

As for Drive letters. I hate those bloody things. I have 5 hard drives in my main computer and sometimes up to 4 USB drives not to mention DVD player and mountable ISO's. if I had to rely on drive letters I would never know which one was which and would end up saving stuff to the wrong place. With linux like most sensible OS's you can mount the new hard drive or USB stick wherever you want in the file system tree. On mine I have 3 mount points.
/USB
/Media
/mnt

As an example. I have a couple of 4TB hard disks. One has TV programs on it another films. I also have smaller hard disks which have my books, music and lecture videos. These are mounted as
/Media/TV HDD1
/Media/Films HDD2
/Media/Books HDD3
/Media/Music HDD3 etc etc

I then have links in my file manager that shortcut TV -> /Media/TV for example.

This is much better than having to remember that my books are on Drive F: this time and in a subdirectory called Books. The linux method means that all my files are within one filing system not across random drives identified by a single letter. Once you get used to it being different going back to drive letters is a ballache.

The DVD access issue was probably a restriction in Redhat or a driver issue. You can get these on Windows as well.

As for Powerpoint not working. When that software dies I will be so happy . That is actually an issue of interoperability between software and nothing to do with Linux. You would have had the same problem operating on 2 different windows system and going from MS Office to say OpenOffice or even across two different versions of Office.

I will be speaking to Jim about the following to check it is ok. But I am hoping to bring some Linux laptops to the Stratford show.

You can of course name the drives in Windows ............................. ?

olley · Jun 2, 2015

This makes interesting reading: http://www.gfi.com/blog/most-vulnerable-operating-systems-and-applications-in-2014/

It is interesting that although Microsoft operating systems still have a considerable number of vulnerabilities, they are no longer in the top 3. Apple with OS X and iOS is at the top, followed by Linux kernel.

2014 was a tough year for Linux users from a security point of view, coupled with the fact that some of the most important security issues of the year were reported for applications that usually run on Linux systems. Heartbleed, for example, is a critical security vulnerability detected in OpenSSL while Shellshock is a vulnerability that affects GNU Bash.

Ian

34127 · Jun 2, 2015

I like windows because a nice gentleman rings me up on a regular basis to tell me there is a problem with my system and for a small fee he will fix it on line.

34127 · Jun 2, 2015

Can I ask a serious question for all you windows experts.
I have a new laptop with windows 8.1 and internet explorer. When searching using IE, I can't sign in to ebay - keep getting message something to do with preventing cookies on website. This is the 2nd new laptop as the original was faulty and returned to seller. I can sign onto ebay using google chrome but just don't understand why I can't with IE. The error message says to update browser but I have already done that.
Any help appreciated.

Gromett · Jun 2, 2015

olley said:
This makes interesting reading: http://www.gfi.com/blog/most-vulnerable-operating-systems-and-applications-in-2014/

It is interesting that although Microsoft operating systems still have a considerable number of vulnerabilities, they are no longer in the top 3. Apple with OS X and iOS is at the top, followed by Linux kernel.

2014 was a tough year for Linux users from a security point of view, coupled with the fact that some of the most important security issues of the year were reported for applications that usually run on Linux systems. Heartbleed, for example, is a critical security vulnerability detected in OpenSSL while Shellshock is a vulnerability that affects GNU Bash.

Ian

Heartbleed wasn't a Linux bug it was an OpenSSL bug. It was a serious one but wasn't limited to Linux. It would be a bit like blaming a bug on windows that was actually in the flash player. Heartbleed was mainly a risk of data leakage which is extremely serious, however it did not allow the hacker to gain access to the server unless the server admin was doing something silly.

The GNU Bash bug was the same, not a Linux bug but a GNU bug. However it did primarily affect linux and Apple systems as Microsoft wrote their own SSL layer. I didn't hear of any systems that were hacked using this bug.

olley said:
It is interesting that although Microsoft operating systems still have a considerable number of vulnerabilities, they are no longer in the top 3. Apple with OS X and iOS is at the top, followed by Linux kernel.

The table is also very misleading in that it splits windows out into separate versions but doesn't do the same for Linux. For instance I use Centos which is based on RedHat Enterprise which only had 6 Serious Vulnerabilities reported. If you compare this to Windows Server 2008 (26) or Windows Server 2012 (24), You get a fairer comparison.

The other problem with the article it only reports on the number of vulnerabilities not the the number of Zero Day vulnerabilities. Nor does it tell you how long a Zero day was open for.

Finally, Linux is open source. It makes no attempts to hide security fixes. They are discovered daily and fixed daily. Linux doesn't distinguish between a bug and a security issue. Where as Microsoft will only report a security update if it is above a certain level of risk. This explains why Linux shows so many low and medium risk issues and Microsoft reports Zero or Low figures respectively. Being open has it's advantages but in reports like this it can make things look worse than what it actually is.

I could do a similar report using the same stats that would could make Microsoft look like the biggest risk but it would have as much value as this one.

Billy23 · Jun 2, 2015

Sooo @Gromett do I take it that you are not a fan of Windows

JJ · Jun 2, 2015

Reading this interesting thread (even though I don't understand a great deal of it) has reminded me of discussions I have attempted in my (former) speciality of (mostly) sleight of hand magic.

If someone starts talking to me about magic, I can establish, within seconds, to what level the chat is going to reach.

Most folk have experienced some aspect of magic via kids' parties, or television shows, or magic sets given at Christmas and sometimes use this limited knowledge to voice opinions about the subject.

Cliches such as "it is done by camera tricks, or mirrors" and "the quickness of the hand deceives the eye" immediately signal to me that a conversation on magic in real depth is not possible in this instance.

I used to try to explain that what they thought was not always correct but now I simply don't bother.

I therefore applaud Karl (Gromett) here for patiently trying to explain, backed up by knowledge and experience and examples, the benefits of the Linex operating system over the mass market ones.

Whilst I do not know the actual level of the expertise of the others in this operating system discussion, I do know that, if it came to a vote as to who is most likely to be the closest to the facts, mine goes to Gromett!

JJ

(If enough people ask, I might tell my "Silves Internet" story where I tried to help a truly stubborn Aussie lady with her smartphone connection. I was so stupid that I failed to realise her knowledge of the subject was not enough to understand what I was explaining.)

buttons · Jun 2, 2015

JJ said:
Reading this interesting thread (even though I don't understand a great deal of it) has reminded me of discussions I have attempted in my (former) speciality of (mostly) sleight of hand magic.

If someone starts talking to me about magic, I can establish, within seconds, to what level the chat is going to reach.

Most folk have experienced some aspect of magic via kids' parties, or television shows, or magic sets given at Christmas and sometimes use this limited knowledge to voice opinions about the subject.

Cliches such as "it is done by camera tricks, or mirrors" and "the quickness of the hand deceives the eye" immediately signal to me that a conversation on magic in real depth is not possible in this instance.

I used to try to explain that what they thought was not always correct but now I simply don't bother.

I therefore applaud Karl (Gromett) here for patiently trying to explain, backed up by knowledge and experience and examples, the benefits of the Linex operating system over the mass market ones.

Whilst I do not know the actual level of the expertise of the others in this operating system discussion, I do know that, if it came to a vote as to who is most likely to be the closest to the facts, mine goes to Gromett! JJ

This thread is not about linux knowledge JJ......Windows who have 90% of the market share are bringing out a phablet using windows 10 as its operating system. This new product looks like a contender for the phablet market comparing favorably with the Note 5 that is due for release in July. After viewing my link to this new phone what do you think. Is it a contender or not.

JJ · Jun 2, 2015

buttons said:
This thread is not about linux knowledge JJ

Isn't it?

Did I not make my point clearly enough?

Misunderstood yet again. :crying:

JJ

JJ · Jun 2, 2015

buttons said:
After viewing my link to this new phone what do you think.

I don't know Mr Buttons... I am trying to steer clear of the reviews otherwise I will tell myself I want it...

I simply shouldn't keep buying the latest Note phablet each year.

(The Note 5 does have an extra gig of RAM over the Note 4 though...)

JJ

Peter A Forbes · Jun 12, 2015

Happy with WinXP, looking to changeto Win10 but waiting for the final update in July, we have Win8.1 on two machines at work but modified to look and run like XP.

I tried Linux, couldn't live with it after so many years with Windows, and many of my regular programmes wouldn't run under it.

Our friend in California is a Linux fan, but even he gets frustrated by some of the restrictions it imposes.

He suggested running XP in a virtual machine under Linux, but what's the point?

If my favourite email client and other editing packages won't run under Win10 then we'll stay with WinXP for now.

Peter

Gromett · Jun 12, 2015

Peter A Forbes said:
Our friend in California is a Linux fan, but even he gets frustrated by some of the restrictions it imposes.

Restrictions in Linux? You have lost me there. There are no restrictions that linux imposes on you. You can do what you want with it. It's free, open source and infinitely customisable.

Sorry just confused now.

MR. FUSION · Jul 19, 2015

Samsung have put the nails in the coffin of the note 5 themselves....by covering it in a coke can jewelry chassis and ditching the replaceable battery and ability to insert memory cards. Thats what I read anyway

tonyidle · Jul 19, 2015

W10 got an excellent review in the only PC mag I trust (PC Pro).

Will This Be A Nail In The Coffin Of The Note 5 Before It Hits The Shelves

Gromett

sdc77

Free Member

olley

Gromett

Gromett

^{_{Subscribers do not see these advertisements}}

sdc77

Free Member

Gromett

Gromett

sdc77

Free Member

Gromett

^{_{Subscribers do not see these advertisements}}

tonyidle

olley

34127

Deleted User

34127

Deleted User

Gromett

^{_{Subscribers do not see these advertisements}}

Billy23

Free Member

JJ

buttons

JJ

JJ

^{_{Subscribers do not see these advertisements}}

Peter A Forbes

Free Member

Gromett

MR. FUSION

tonyidle

Latest journal entries

The voie verte disused railway map

Belgium (previous)

Our roadtrip july 2023