Hello, test

On 13/09/2022 15:11, chris wrote:
> Hello, test
>

Your Usenet setup is working. So now you can post your question or
start a discussion about anything related to embedded programming,
microcontrollers, etc. There is not a lot of traffic in this group, but
there are quite a number of regulars who will see posts and jump in if
there is something interesting to talk about. It's a sleepy group - we
just need someone to wake us up!

On 9/14/22 07:58, David Brown wrote:
> On 13/09/2022 15:11, chris wrote:
>> Hello, test
>>
>
> Your Usenet setup is working.  So now you can post your question or
> start a discussion about anything related to embedded programming,
> microcontrollers, etc.  There is not a lot of traffic in this group, but
> there are quite a number of regulars who will see posts and jump in if
> there is something interesting to talk about.  It's a sleepy group - we
> just need someone to wake us up!
>
>

Good morning David. Have just upgraded the host I use for usenet and
email and had to import settngs etc from a previous host. Long term
association with Sun Sparc has been broken, as the cost of keeping
them powered up is becoming oppressive. This machine is running open
Indiana hipster, an open solaris fork and so far, seems very good. Mate
desktop and a fresh zfs pool. almost duplicates the Solaris 10 used
for a decade or more. I try to evaluate several os's a year and have
looked at Open Solaris in the past, but this is the first serious
evaluation. Still getting used to the bang up to date Thunderbird 102,
replacing the old version 10, used for years here...

Chris

On 14/09/2022 13:07, chris wrote:
> On 9/14/22 07:58, David Brown wrote:
>> On 13/09/2022 15:11, chris wrote:
>>> Hello, test
>>>
>>
>> Your Usenet setup is working.  So now you can post your question or
>> start a discussion about anything related to embedded programming,
>> microcontrollers, etc.  There is not a lot of traffic in this group,
>> but there are quite a number of regulars who will see posts and jump
>> in if there is something interesting to talk about.  It's a sleepy
>> group - we just need someone to wake us up!
>>
>>
>
> Good morning David. Have just upgraded the host I use for usenet and
> email and had to import settngs etc from a previous host. Long term
> association with Sun Sparc has been broken, as the cost of keeping
> them powered up is becoming oppressive. This machine is running open
> Indiana hipster, an open solaris fork and so far, seems very good. Mate
> desktop and a fresh zfs pool. almost duplicates the Solaris 10 used
> for a decade or more. I try to evaluate several os's a year and have
> looked at Open Solaris in the past, but this is the first serious
> evaluation. Still getting used to the bang up to date Thunderbird 102,
> replacing the old version 10, used for years here...
>
> Chris
>

This is not exactly on-topic for the group, but I expect people will
figure that out from the subject, and it's not as though on-topic
threads are getting lost in the crowd!

I haven't used a Sparc since a Sun-4 at university, nearly thirty years
ago. I didn't think they had been much used for workstations for
decades (though they were of course found in some kinds of servers, big
iron and supercomputers until much more recently).

What factors lead you to OpenIndiana, rather than a more mainstream
alternative like Linux or at least FreeBSD? Of course you can compile a
lot of *nix software for it, as it is a perfectly standard POSIX system,
but you're going to have a lot more challenge with anything pre-built.
And like it or not, that's almost unavoidable for a lot of embedded
development.

On 9/14/22 14:36, David Brown wrote:
> On 14/09/2022 13:07, chris wrote:
>> On 9/14/22 07:58, David Brown wrote:
>>> On 13/09/2022 15:11, chris wrote:
>>>> Hello, test
>>>>
>>>
>>> Your Usenet setup is working.  So now you can post your question or
>>> start a discussion about anything related to embedded programming,
>>> microcontrollers, etc.  There is not a lot of traffic in this group,
>>> but there are quite a number of regulars who will see posts and jump
>>> in if there is something interesting to talk about.  It's a sleepy
>>> group - we just need someone to wake us up!
>>>
>>>
>>
>> Good morning David. Have just upgraded the host I use for usenet and
>> email and had to import settngs etc from a previous host. Long term
>> association with Sun Sparc has been broken, as the cost of keeping
>> them powered up is becoming oppressive. This machine is running open
>> Indiana hipster, an open solaris fork and so far, seems very good. Mate
>> desktop and a fresh zfs pool. almost duplicates the Solaris 10 used
>> for a decade or more. I try to evaluate several os's a year and have
>> looked at Open Solaris in the past, but this is the first serious
>> evaluation. Still getting used to the bang up to date Thunderbird 102,
>> replacing the old version 10, used for years here...
>>
>> Chris
>>
>
> This is not exactly on-topic for the group, but I expect people will
> figure that out from the subject, and it's not as though on-topic
> threads are getting lost in the crowd!
>
> I haven't used a Sparc since a Sun-4 at university, nearly thirty years
> ago.  I didn't think they had been much used for workstations for
> decades (though they were of course found in some kinds of servers, big
> iron and supercomputers until much more recently).
>
> What factors lead you to OpenIndiana, rather than a more mainstream
> alternative like Linux or at least FreeBSD?  Of course you can compile a
> lot of *nix software for it, as it is a perfectly standard POSIX system,
> but you're going to have a lot more challenge with anything pre-built.
> And like it or not, that's almost unavoidable for a lot of embedded
> development.

Will try to bring it back on topic, but what factors ?. Have been
using Sparc based machines as a more secure solution for main server
tasks, but also ftp and web server, as well as a desktop for some
software and other development work. Windows is here on sufferance
and run FreeBSD as the main software dev system. Always did like
Solaris, mainly for the zfs file system, zones and just the general
robustness of the os and the hardware. Have built and used cross
gnu for both 68K and arm, and here's quite a bit of history that
openindiana will hopefully provide continuity for, even though some
rebuilding will be needed. A bit of an experiment, but the cost of
energy, ever increasing, means some compromise needed in the number
and type of machines running 24x7. Save around 200 watts by replacing
the Sun and disk array with a 1U i5 based machine. If it doesn't
work out, Freebsd with zfs and jails will be the preferred solution.

FreeBSD is the os of choice now. Much more lean and less bloat than
Linux. Docs and package availability excellent. The Arm X
compiler tools being just a package install, for example and a full
set of gnu related tools out of the box as well. Still a makefile
environment here, xnedit editor, less is more etc...

Chris

On 9/14/2022 9:41 AM, chris wrote:

> Will try to bring it back on topic, but what factors ?. Have been
> using Sparc based machines as a more secure solution for main server

If the servers are routed, this can offer some protection; but note that
each service typically advertises its hosting system (you can munge that
with a bit of effort). So, an adversary can tailor his attack to this
disclosure. Assuming all attacks unconditionally target "Windows/x86/64"
machines may be a bit naive.

I'd not rely on it to protect you from someone determined to go poking
around *your* system(s). But, it might help if the foes you encounter
are ONLY looking for low hanging fruit...

[I let my routed systems "hide" so they don't even respond to probes.
If you know where to find them and "how to get their attention", then
all is well. Otherwise, they don't exist. :> ]

> tasks, but also ftp and web server, as well as a desktop for some
> software and other development work.

I use a headless SB2000 to test portability of my codebase -- figuring
it (and the toolchain) are "different enough" (from other architectures
and toolchains) that any assumptions I may have let creep into my code
will manifest in *some* platform (I also use x86 and an ARM -- and a
variety of oddball processors and compilers just to keep my syntax clean,
avoid tool specific pragmas, etc.)

It's too loud and throws too many BTUs to use as a regular workstation
(I site it in another room and access it via an X Server). I've a cute
little Voyager but could never go back to a screen that small (or a processor
that slow!). I guess I could use rn/trn on such a box, but why?

> Windows is here on sufferance

I use Windows tools for CAD/EDA, 3D modeling, DTP, multimedia preparation,
photoediting, etc. I.e., most of the non-software development activities.
(though I also have several of those as Windows-hosted tools for convenience)
I've found it takes too long for the FOSS community to "catch up" with
their offerings (e.g., I was doing 3D CAD in the mid 80's, schematic capture
before that, PCB layout, etc.)

> and run FreeBSD as the main software dev system. Always did like

I opted for NetBSD. I started off with NetBSD 0.8. Then, over to FreeBSD
until about 2.1R. Then, back to NetBSD when FreeBSD started acting like
a Linux wannabe (the NetBSD camp is more low-key... "it just works"; I
don't want to be updating software as a *career*!)

I run it on my appliances as well as use it for my software development
efforts, VCS, etc. I've some small 1.6GHz Atoms that are scattered
around (under various bits of furniture) providing headless services.
They won't set the world on fire (performance) but are sufficient,
use little power (24/7/365) and don't require *fans*! (important if
they are located near your bed, etc.)

As each holds a full NetBSD distribution, I can write bits of code
on them -- and test it -- without having to fire up my main development
system. But, "make world" is just not practical, there.

> Solaris, mainly for the zfs file system, zones and just the general
> robustness of the os and the hardware. Have built and used cross

You *feel* like you are a "computer operator/sysadm" on Sun Boxen.
There's more you can do to tailor the machine to your needs as well
as troubleshooting a misbehaving system even WITHOUT a disk installed
(but a boatload of mnemonics and openboot syntax!)

> gnu for both 68K and arm, and here's quite a bit of history that
> openindiana will hopefully provide continuity for, even though some
> rebuilding will be needed. A bit of an experiment, but the cost of
> energy, ever increasing, means some compromise needed in the number
> and type of machines running 24x7. Save around 200 watts by replacing

Heh... you should see what it's like when I run the SB2000 (dual 1050's
at ~600W)! Or, fire up the T5220 hosted 24 drive (48T) SAN. Or the
*120* drive array! Or the 16T ESXi server. Or... :-/ It's REALLY
nice to be able to have them "elsewhere" when working (between the sound
and BTUs...)

(I live in desert southwest; *trying* to keep warm is never a problem!)

> the Sun and disk array with a 1U i5 based machine. If it doesn't
> work out, Freebsd with zfs and jails will be the preferred solution.

What are you trying to protect against? My solution is not to route any
"critical machines" so I don't have to fret about them being compromised,
up-to-date with latest patchlevels, etc.

> FreeBSD is the os of choice now. Much more lean and less bloat than
> Linux. Docs and package availability excellent. The Arm X
> compiler tools being just a package install, for example and a full
> set of gnu related tools out of the box as well. Still a makefile
> environment here, xnedit editor, less is more etc...

A big advantage to a simple build environment is that you can support
it on a variety of platforms instead of hoping the toolchain is
bland enough (or versatile enough!) to accommodate the changes from
platform to platform. You want to concentrate on the code, not the
tools to build it!

On 14/09/2022 18:41, chris wrote:
> On 9/14/22 14:36, David Brown wrote:
>> On 14/09/2022 13:07, chris wrote:
>>> On 9/14/22 07:58, David Brown wrote:
>>>> On 13/09/2022 15:11, chris wrote:
>>>>> Hello, test
>>>>>
>>>>
>>>> Your Usenet setup is working.  So now you can post your question or
>>>> start a discussion about anything related to embedded programming,
>>>> microcontrollers, etc.  There is not a lot of traffic in this group,
>>>> but there are quite a number of regulars who will see posts and jump
>>>> in if there is something interesting to talk about.  It's a sleepy
>>>> group - we just need someone to wake us up!
>>>>
>>>>
>>>
>>> Good morning David. Have just upgraded the host I use for usenet and
>>> email and had to import settngs etc from a previous host. Long term
>>> association with Sun Sparc has been broken, as the cost of keeping
>>> them powered up is becoming oppressive. This machine is running open
>>> Indiana hipster, an open solaris fork and so far, seems very good. Mate
>>> desktop and a fresh zfs pool. almost duplicates the Solaris 10 used
>>> for a decade or more. I try to evaluate several os's a year and have
>>> looked at Open Solaris in the past, but this is the first serious
>>> evaluation. Still getting used to the bang up to date Thunderbird 102,
>>> replacing the old version 10, used for years here...
>>>
>>> Chris
>>>
>>
>> This is not exactly on-topic for the group, but I expect people will
>> figure that out from the subject, and it's not as though on-topic
>> threads are getting lost in the crowd!
>>
>> I haven't used a Sparc since a Sun-4 at university, nearly thirty
>> years ago.  I didn't think they had been much used for workstations
>> for decades (though they were of course found in some kinds of
>> servers, big iron and supercomputers until much more recently).
>>
>> What factors lead you to OpenIndiana, rather than a more mainstream
>> alternative like Linux or at least FreeBSD?  Of course you can compile
>> a lot of *nix software for it, as it is a perfectly standard POSIX
>> system, but you're going to have a lot more challenge with anything
>> pre-built. And like it or not, that's almost unavoidable for a lot of
>> embedded development.
>
> Will try to bring it back on topic, but what factors ?. Have been
> using Sparc based machines as a more secure solution for main server
> tasks, but also ftp and web server, as well as a desktop for some
> software and other development work.

More "secure" than what? Secure against what?

As long as you take a few basic precautions (such as a solid firewall),
a desktop is as secure as the person using it - regardless of the
system. If you run random programs from random places, click on random
links without thought, believe emails telling you about free bitcoins,
then you'll get in trouble. If you are careful, you won't. I have
once, in my 30 years or so as a professional developer, had malware on a
computer - when I accidentally booted from an infected 3.5" floppy.

Now, there is no doubt it is a lot easier to get problems accidentally
with Windows - the target is bigger, the software quality is often
poorer, the pressure to click "OK" is higher, and the sources are not
controlled. But I think you would have a very hard time finding clear
evidence or statistics showing significant security differences between
any of the *nix systems that is inherent in the system - it all comes
down to who uses it, and what programs they run.

Similarly, on the server side it is a matter of making sure that the
only ports accessible from outside, are the ones that you want to be
accessible. Lock down "risky" ports appropriately, such as very good
password and/or passwordless keys for ssh, using connection limits to
stop brute force attacks, and so on. You do all this on your
firewall/router - the server system doesn't matter.

Then it is about the server software you run, and the website setup.
The server OS is irrelevant in comparison. If you've got Java and use
the log4j (if I remember the name correctly) with its vulnerability,
then you are in /exactly/ the same position with Sparc/Solaris,
NetBSD/68k, Linux/x86-64, or whatever. And if you've got a website that
does not have such risks, you don't have a problem.

Security is not an end result, it's a process. It is never absolute,
and too much security is as bad as too little (after all, your system
can always be made more secure by pulling out the plug). You want
security that is /good enough/. When you have less chance of
script-kiddie and drive-by attacks than the chances of a lightning
strike or flood, and when targetted attacks are easier by breaking down
your door and stealing your server, your security is good enough (for now).

> Windows is here on sufferance
> and run FreeBSD as the main software dev system. Always did like
> Solaris, mainly for the zfs file system, zones and just the general
> robustness of the os and the hardware. Have built and used cross
> gnu for both 68K and arm, and here's quite a bit of history that
> openindiana will hopefully provide continuity for, even though some
> rebuilding will be needed. A bit of an experiment, but the cost of
> energy, ever increasing, means some compromise needed in the number
> and type of machines running 24x7. Save around 200 watts by replacing
> the Sun and disk array with a 1U i5 based machine. If it doesn't
> work out, Freebsd with zfs and jails will be the preferred solution.
>

You saved 200 W ? I don't know what kind of traffic you are seeing and
what kind of site you are serving on your web server, but it can't be
too demanding if it ran on an old Sun machine. You could probably run
it on a Raspberry Pi 4, or an x86 mini PC like an ASUS PN50 or similar.

> FreeBSD is the os of choice now. Much more lean and less bloat than
> Linux. Docs and package availability excellent. The Arm X
> compiler tools being just a package install, for example and a full
> set of gnu related tools out of the box as well. Still a makefile
> environment here, xnedit editor, less is more etc...
>
> Chris
>
>
>
>
>
>
>
>
>
>

On 09/16/22 08:51, David Brown wrote:
> On 14/09/2022 18:41, chris wrote:
>> On 9/14/22 14:36, David Brown wrote:
>>> On 14/09/2022 13:07, chris wrote:
>>>> On 9/14/22 07:58, David Brown wrote:
>>>>> On 13/09/2022 15:11, chris wrote:
>>>>>> Hello, test
>>>>>>
>>>>>
>>>>> Your Usenet setup is working. So now you can post your question or
>>>>> start a discussion about anything related to embedded programming,
>>>>> microcontrollers, etc. There is not a lot of traffic in this
>>>>> group, but there are quite a number of regulars who will see posts
>>>>> and jump in if there is something interesting to talk about. It's
>>>>> a sleepy group - we just need someone to wake us up!
>>>>>
>>>>>
>>>>
>>>> Good morning David. Have just upgraded the host I use for usenet and
>>>> email and had to import settngs etc from a previous host. Long term
>>>> association with Sun Sparc has been broken, as the cost of keeping
>>>> them powered up is becoming oppressive. This machine is running open
>>>> Indiana hipster, an open solaris fork and so far, seems very good. Mate
>>>> desktop and a fresh zfs pool. almost duplicates the Solaris 10 used
>>>> for a decade or more. I try to evaluate several os's a year and have
>>>> looked at Open Solaris in the past, but this is the first serious
>>>> evaluation. Still getting used to the bang up to date Thunderbird 102,
>>>> replacing the old version 10, used for years here...
>>>>
>>>> Chris
>>>>
>>>
>>> This is not exactly on-topic for the group, but I expect people will
>>> figure that out from the subject, and it's not as though on-topic
>>> threads are getting lost in the crowd!
>>>
>>> I haven't used a Sparc since a Sun-4 at university, nearly thirty
>>> years ago. I didn't think they had been much used for workstations
>>> for decades (though they were of course found in some kinds of
>>> servers, big iron and supercomputers until much more recently).
>>>
>>> What factors lead you to OpenIndiana, rather than a more mainstream
>>> alternative like Linux or at least FreeBSD? Of course you can
>>> compile a lot of *nix software for it, as it is a perfectly standard
>>> POSIX system, but you're going to have a lot more challenge with
>>> anything pre-built. And like it or not, that's almost unavoidable for
>>> a lot of embedded development.
>>
>> Will try to bring it back on topic, but what factors ?. Have been
>> using Sparc based machines as a more secure solution for main server
>> tasks, but also ftp and web server, as well as a desktop for some
>> software and other development work.
>
> More "secure" than what? Secure against what?
>
> As long as you take a few basic precautions (such as a solid firewall),
> a desktop is as secure as the person using it - regardless of the
> system. If you run random programs from random places, click on random
> links without thought, believe emails telling you about free bitcoins,
> then you'll get in trouble. If you are careful, you won't. I have once,
> in my 30 years or so as a professional developer, had malware on a
> computer - when I accidentally booted from an infected 3.5" floppy.
>
> Now, there is no doubt it is a lot easier to get problems accidentally
> with Windows - the target is bigger, the software quality is often
> poorer, the pressure to click "OK" is higher, and the sources are not
> controlled. But I think you would have a very hard time finding clear
> evidence or statistics showing significant security differences between
> any of the *nix systems that is inherent in the system - it all comes
> down to who uses it, and what programs they run.
>
> Similarly, on the server side it is a matter of making sure that the
> only ports accessible from outside, are the ones that you want to be
> accessible. Lock down "risky" ports appropriately, such as very good
> password and/or passwordless keys for ssh, using connection limits to
> stop brute force attacks, and so on. You do all this on your
> firewall/router - the server system doesn't matter.
>
> Then it is about the server software you run, and the website setup. The
> server OS is irrelevant in comparison. If you've got Java and use the
> log4j (if I remember the name correctly) with its vulnerability, then
> you are in /exactly/ the same position with Sparc/Solaris, NetBSD/68k,
> Linux/x86-64, or whatever. And if you've got a website that does not
> have such risks, you don't have a problem.
>
> Security is not an end result, it's a process. It is never absolute, and
> too much security is as bad as too little (after all, your system can
> always be made more secure by pulling out the plug). You want security
> that is /good enough/. When you have less chance of script-kiddie and
> drive-by attacks than the chances of a lightning strike or flood, and
> when targetted attacks are easier by breaking down your door and
> stealing your server, your security is good enough (for now).
>
>
>> Windows is here on sufferance
>> and run FreeBSD as the main software dev system. Always did like
>> Solaris, mainly for the zfs file system, zones and just the general
>> robustness of the os and the hardware. Have built and used cross
>> gnu for both 68K and arm, and here's quite a bit of history that
>> openindiana will hopefully provide continuity for, even though some
>> rebuilding will be needed. A bit of an experiment, but the cost of
>> energy, ever increasing, means some compromise needed in the number
>> and type of machines running 24x7. Save around 200 watts by replacing
>> the Sun and disk array with a 1U i5 based machine. If it doesn't
>> work out, Freebsd with zfs and jails will be the preferred solution.
>>
>
> You saved 200 W ? I don't know what kind of traffic you are seeing and
> what kind of site you are serving on your web server, but it can't be
> too demanding if it ran on an old Sun machine. You could probably run it
> on a Raspberry Pi 4, or an x86 mini PC like an ASUS PN50 or similar.
>
>> FreeBSD is the os of choice now. Much more lean and less bloat than
>> Linux. Docs and package availability excellent. The Arm X
>> compiler tools being just a package install, for example and a full
>> set of gnu related tools out of the box as well. Still a makefile
>> environment here, xnedit editor, less is more etc...
>>
>> Chris
>>

More secure in that X86 binaries won't execute on sparc or any other
arch hardware. A small point, but since many exploits depend on
getting a binary executable into the the target machine, then running
it, just one of the many things that constitute an overall security
frame work. Assuming that any security can be broken given sufficient
resources, the idea is to make it as difficult as possible and not
worth the return on investment to try and break a given system.

Anyway, HP are to release a Proliant Arm based server in the next
year, which might be interesting. Arm in a commodity server package,
now all we need is an arm based workstation...

Chris

On 20/09/2022 13:30, chris wrote:
> On 09/16/22 08:51, David Brown wrote:
>> On 14/09/2022 18:41, chris wrote:
>>> On 9/14/22 14:36, David Brown wrote:
>>>> On 14/09/2022 13:07, chris wrote:
>>>>> On 9/14/22 07:58, David Brown wrote:
>>>>>> On 13/09/2022 15:11, chris wrote:
>>>>>>> Hello, test
>>>>>>>
>>>>>>
>>>>>> Your Usenet setup is working.  So now you can post your question or
>>>>>> start a discussion about anything related to embedded programming,
>>>>>> microcontrollers, etc.  There is not a lot of traffic in this
>>>>>> group, but there are quite a number of regulars who will see posts
>>>>>> and jump in if there is something interesting to talk about.  It's
>>>>>> a sleepy group - we just need someone to wake us up!
>>>>>>
>>>>>>
>>>>>
>>>>> Good morning David. Have just upgraded the host I use for usenet and
>>>>> email and had to import settngs etc from a previous host. Long term
>>>>> association with Sun Sparc has been broken, as the cost of keeping
>>>>> them powered up is becoming oppressive. This machine is running open
>>>>> Indiana hipster, an open solaris fork and so far, seems very good.
>>>>> Mate
>>>>> desktop and a fresh zfs pool. almost duplicates the Solaris 10 used
>>>>> for a decade or more. I try to evaluate several os's a year and have
>>>>> looked at Open Solaris in the past, but this is the first serious
>>>>> evaluation. Still getting used to the bang up to date Thunderbird 102,
>>>>> replacing the old version 10, used for years here...
>>>>>
>>>>> Chris
>>>>>
>>>>
>>>> This is not exactly on-topic for the group, but I expect people will
>>>> figure that out from the subject, and it's not as though on-topic
>>>> threads are getting lost in the crowd!
>>>>
>>>> I haven't used a Sparc since a Sun-4 at university, nearly thirty
>>>> years ago.  I didn't think they had been much used for workstations
>>>> for decades (though they were of course found in some kinds of
>>>> servers, big iron and supercomputers until much more recently).
>>>>
>>>> What factors lead you to OpenIndiana, rather than a more mainstream
>>>> alternative like Linux or at least FreeBSD?  Of course you can
>>>> compile a lot of *nix software for it, as it is a perfectly standard
>>>> POSIX system, but you're going to have a lot more challenge with
>>>> anything pre-built. And like it or not, that's almost unavoidable for
>>>> a lot of embedded development.
>>>
>>> Will try to bring it back on topic, but what factors ?. Have been
>>> using Sparc based machines as a more secure solution for main server
>>> tasks, but also ftp and web server, as well as a desktop for some
>>> software and other development work.
>>
>> More "secure" than what? Secure against what?
>>
>> As long as you take a few basic precautions (such as a solid firewall),
>> a desktop is as secure as the person using it - regardless of the
>> system. If you run random programs from random places, click on random
>> links without thought, believe emails telling you about free bitcoins,
>> then you'll get in trouble. If you are careful, you won't. I have once,
>> in my 30 years or so as a professional developer, had malware on a
>> computer - when I accidentally booted from an infected 3.5" floppy.
>>
>> Now, there is no doubt it is a lot easier to get problems accidentally
>> with Windows - the target is bigger, the software quality is often
>> poorer, the pressure to click "OK" is higher, and the sources are not
>> controlled. But I think you would have a very hard time finding clear
>> evidence or statistics showing significant security differences between
>> any of the *nix systems that is inherent in the system - it all comes
>> down to who uses it, and what programs they run.
>>
>> Similarly, on the server side it is a matter of making sure that the
>> only ports accessible from outside, are the ones that you want to be
>> accessible. Lock down "risky" ports appropriately, such as very good
>> password and/or passwordless keys for ssh, using connection limits to
>> stop brute force attacks, and so on. You do all this on your
>> firewall/router - the server system doesn't matter.
>>
>> Then it is about the server software you run, and the website setup. The
>> server OS is irrelevant in comparison. If you've got Java and use the
>> log4j (if I remember the name correctly) with its vulnerability, then
>> you are in /exactly/ the same position with Sparc/Solaris, NetBSD/68k,
>> Linux/x86-64, or whatever. And if you've got a website that does not
>> have such risks, you don't have a problem.
>>
>> Security is not an end result, it's a process. It is never absolute, and
>> too much security is as bad as too little (after all, your system can
>> always be made more secure by pulling out the plug). You want security
>> that is /good enough/. When you have less chance of script-kiddie and
>> drive-by attacks than the chances of a lightning strike or flood, and
>> when targetted attacks are easier by breaking down your door and
>> stealing your server, your security is good enough (for now).
>>
>>
>>> Windows is here on sufferance
>>> and run FreeBSD as the main software dev system. Always did like
>>> Solaris, mainly for the zfs file system, zones and just the general
>>> robustness of the os and the hardware. Have built and used cross
>>> gnu for both 68K and arm, and here's quite a bit of history that
>>> openindiana will hopefully provide continuity for, even though some
>>> rebuilding will be needed. A bit of an experiment, but the cost of
>>> energy, ever increasing, means some compromise needed in the number
>>> and type of machines running 24x7. Save around 200 watts by replacing
>>> the Sun and disk array with a 1U i5 based machine. If it doesn't
>>> work out, Freebsd with zfs and jails will be the preferred solution.
>>>
>>
>> You saved 200 W ? I don't know what kind of traffic you are seeing and
>> what kind of site you are serving on your web server, but it can't be
>> too demanding if it ran on an old Sun machine. You could probably run it
>> on a Raspberry Pi 4, or an x86 mini PC like an ASUS PN50 or similar.
>>
>>> FreeBSD is the os of choice now. Much more lean and less bloat than
>>> Linux. Docs and package availability excellent. The Arm X
>>> compiler tools being just a package install, for example and a full
>>> set of gnu related tools out of the box as well. Still a makefile
>>> environment here, xnedit editor, less is more etc...
>>>
>>> Chris
>>>
>
> More secure in that X86 binaries won't execute on sparc or any other
> arch hardware. A small point, but since many exploits depend on
> getting a binary executable into the the target machine, then running
> it, just one of the many things that constitute an overall security
> frame work.

There are perhaps two main kinds of malware, and three main kinds of
other attacks. (There are plenty of others, but they are relatively
rare in comparison.)

One kind of malware is Windows software. You don't get that without
Windows, or at least Wine (and you are usually explicit about which
programs you run with Wine). The other kind of malware is scripts and
small bits of code, run on interpreted languages - bash, python, java,
etc. These run as well on a Sparc as anything else.

One kind of attack is targeting weak passwords or authentication.
Another is targeting poor security in websites. A third kind attacks
flaws in software and tries to inject code. It is only this third type
that is at all influenced by the processor you use.

Running on a Sparc rather than an ARM or x86 is at best a very small
security benefit. And for every person running a server program on a
Sparc, there are 10,000 others running it on x86 - there are more
x86-specific attackers, but also many more x86-specific defenders.
Sparc has not been "mainstream" for decades, and does not see close to
the level of care and maintenance that you get in x86 and ARM. (Of
course, the majority of the code you are running is not sparc-specific.)

On 9/20/2022 17:20, David Brown wrote:
> On 20/09/2022 13:30, chris wrote:
>> On 09/16/22 08:51, David Brown wrote:
>>> On 14/09/2022 18:41, chris wrote:
>>>> On 9/14/22 14:36, David Brown wrote:
>>>>> On 14/09/2022 13:07, chris wrote:
>>>>>> On 9/14/22 07:58, David Brown wrote:
>>>>>>> On 13/09/2022 15:11, chris wrote:
>>>>>>>> Hello, test
>>>>>>>>
>>>>>>>
>>>>>>> Your Usenet setup is working.  So now you can post your question or
>>>>>>> start a discussion about anything related to embedded programming,
>>>>>>> microcontrollers, etc.  There is not a lot of traffic in this
>>>>>>> group, but there are quite a number of regulars who will see posts
>>>>>>> and jump in if there is something interesting to talk about.  It's
>>>>>>> a sleepy group - we just need someone to wake us up!
>>>>>>>
>>>>>>>
>>>>>>
>>>>>> Good morning David. Have just upgraded the host I use for usenet and
>>>>>> email and had to import settngs etc from a previous host. Long term
>>>>>> association with Sun Sparc has been broken, as the cost of keeping
>>>>>> them powered up is becoming oppressive. This machine is running open
>>>>>> Indiana hipster, an open solaris fork and so far, seems very good.
>>>>>> Mate
>>>>>> desktop and a fresh zfs pool. almost duplicates the Solaris 10 used
>>>>>> for a decade or more. I try to evaluate several os's a year and have
>>>>>> looked at Open Solaris in the past, but this is the first serious
>>>>>> evaluation. Still getting used to the bang up to date Thunderbird
>>>>>> 102,
>>>>>> replacing the old version 10, used for years here...
>>>>>>
>>>>>> Chris
>>>>>>
>>>>>
>>>>> This is not exactly on-topic for the group, but I expect people will
>>>>> figure that out from the subject, and it's not as though on-topic
>>>>> threads are getting lost in the crowd!
>>>>>
>>>>> I haven't used a Sparc since a Sun-4 at university, nearly thirty
>>>>> years ago.  I didn't think they had been much used for workstations
>>>>> for decades (though they were of course found in some kinds of
>>>>> servers, big iron and supercomputers until much more recently).
>>>>>
>>>>> What factors lead you to OpenIndiana, rather than a more mainstream
>>>>> alternative like Linux or at least FreeBSD?  Of course you can
>>>>> compile a lot of *nix software for it, as it is a perfectly standard
>>>>> POSIX system, but you're going to have a lot more challenge with
>>>>> anything pre-built. And like it or not, that's almost unavoidable for
>>>>> a lot of embedded development.
>>>>
>>>> Will try to bring it back on topic, but what factors ?. Have been
>>>> using Sparc based machines as a more secure solution for main server
>>>> tasks, but also ftp and web server, as well as a desktop for some
>>>> software and other development work.
>>>
>>> More "secure" than what? Secure against what?
>>>
>>> As long as you take a few basic precautions (such as a solid firewall),
>>> a desktop is as secure as the person using it - regardless of the
>>> system. If you run random programs from random places, click on random
>>> links without thought, believe emails telling you about free bitcoins,
>>> then you'll get in trouble. If you are careful, you won't. I have once,
>>> in my 30 years or so as a professional developer, had malware on a
>>> computer - when I accidentally booted from an infected 3.5" floppy.
>>>
>>> Now, there is no doubt it is a lot easier to get problems accidentally
>>> with Windows - the target is bigger, the software quality is often
>>> poorer, the pressure to click "OK" is higher, and the sources are not
>>> controlled. But I think you would have a very hard time finding clear
>>> evidence or statistics showing significant security differences between
>>> any of the *nix systems that is inherent in the system - it all comes
>>> down to who uses it, and what programs they run.
>>>
>>> Similarly, on the server side it is a matter of making sure that the
>>> only ports accessible from outside, are the ones that you want to be
>>> accessible. Lock down "risky" ports appropriately, such as very good
>>> password and/or passwordless keys for ssh, using connection limits to
>>> stop brute force attacks, and so on. You do all this on your
>>> firewall/router - the server system doesn't matter.
>>>
>>> Then it is about the server software you run, and the website setup. The
>>> server OS is irrelevant in comparison. If you've got Java and use the
>>> log4j (if I remember the name correctly) with its vulnerability, then
>>> you are in /exactly/ the same position with Sparc/Solaris, NetBSD/68k,
>>> Linux/x86-64, or whatever. And if you've got a website that does not
>>> have such risks, you don't have a problem.
>>>
>>> Security is not an end result, it's a process. It is never absolute, and
>>> too much security is as bad as too little (after all, your system can
>>> always be made more secure by pulling out the plug). You want security
>>> that is /good enough/. When you have less chance of script-kiddie and
>>> drive-by attacks than the chances of a lightning strike or flood, and
>>> when targetted attacks are easier by breaking down your door and
>>> stealing your server, your security is good enough (for now).
>>>
>>>
>>>> Windows is here on sufferance
>>>> and run FreeBSD as the main software dev system. Always did like
>>>> Solaris, mainly for the zfs file system, zones and just the general
>>>> robustness of the os and the hardware. Have built and used cross
>>>> gnu for both 68K and arm, and here's quite a bit of history that
>>>> openindiana will hopefully provide continuity for, even though some
>>>> rebuilding will be needed. A bit of an experiment, but the cost of
>>>> energy, ever increasing, means some compromise needed in the number
>>>> and type of machines running 24x7. Save around 200 watts by replacing
>>>> the Sun and disk array with a 1U i5 based machine. If it doesn't
>>>> work out, Freebsd with zfs and jails will be the preferred solution.
>>>>
>>>
>>> You saved 200 W ? I don't know what kind of traffic you are seeing and
>>> what kind of site you are serving on your web server, but it can't be
>>> too demanding if it ran on an old Sun machine. You could probably run it
>>> on a Raspberry Pi 4, or an x86 mini PC like an ASUS PN50 or similar.
>>>
>>>> FreeBSD is the os of choice now. Much more lean and less bloat than
>>>> Linux. Docs and package availability excellent. The Arm X
>>>> compiler tools being just a package install, for example and a full
>>>> set of gnu related tools out of the box as well. Still a makefile
>>>> environment here, xnedit editor, less is more etc...
>>>>
>>>> Chris
>>>>
>>
>> More secure in that X86 binaries won't execute on sparc or any other
>> arch hardware. A small point, but since many exploits depend on
>> getting a binary executable into the the target machine, then running
>> it, just one of the many things that constitute an overall security
>> frame work.
>
> There are perhaps two main kinds of malware, and three main kinds of
> other attacks.  (There are plenty of others, but they are relatively
> rare in comparison.)
>
> One kind of malware is Windows software.  You don't get that without
> Windows, or at least Wine (and you are usually explicit about which
> programs you run with Wine).  The other kind of malware is scripts and
> small bits of code, run on interpreted languages - bash, python, java,
> etc.  These run as well on a Sparc as anything else.
>
> One kind of attack is targeting weak passwords or authentication.
> Another is targeting poor security in websites.  A third kind attacks
> flaws in software and tries to inject code.  It is only this third type
> that is at all influenced by the processor you use.
>
> Running on a Sparc rather than an ARM or x86 is at best a very small
> security benefit.  And for every person running a server program on a
> Sparc, there are 10,000 others running it on x86 - there are more
> x86-specific attackers, but also many more x86-specific defenders. Sparc
> has not been "mainstream" for decades, and does not see close to the
> level of care and maintenance that you get in x86 and ARM.  (Of course,
> the majority of the code you are running is not sparc-specific.)

On 20/09/2022 17:10, Dimiter_Popoff wrote:
> On 9/20/2022 17:20, David Brown wrote:
>>
>> Running on a Sparc rather than an ARM or x86 is at best a very small
>> security benefit.  And for every person running a server program on a
>> Sparc, there are 10,000 others running it on x86 - there are more
>> x86-specific attackers, but also many more x86-specific defenders.
>> Sparc has not been "mainstream" for decades, and does not see close to
>> the level of care and maintenance that you get in x86 and ARM.  (Of
>> course, the majority of the code you are running is not sparc-specific.)
>
> Begin mainstream unavoidably makes you more vulnerable, no matter
> what the "defenders" do. In fact the way x86 and ARM code is going soon
> neither the attackers nor the defenders will know what is going on
> (recently on a windows 10 laptop, after yet another update, their
> player told me I had not enough memory on the machine to play
> that video... The *entire* file (mp4) was 2G, the frame was 1920x1080,
> laptop memory 8G. At 24 fps they can easily buffer >20 seconds ahead
> in 4G memory - which they had free according to their "task manager"
> or whatever it was.

Just to be clear - we are talking about security on *nix systems here.
Windows, while much better than it used to be, has countless additional
opportunities for malware and breakins. We are also talking primarily
about servers rather than desktops - it's the desktop user that is the
main security flaw on most desktops!

> Mass illiteracy in today's mainstream coding does not make you safer,
> it just gives you a false feeling about safety because of being "like
> everyone else". The latter works to some extent say for food, buying
> from a large chain lowers a lot your chances to be the first one
> eating something poisonous before word goes out, but with code things
> go just much faster.
>

I am assuming that he is running serious server software, rather than
some random code found somewhere. Yes, there is a lot of rubbish
software written by people who should be kept well away from any
computers - but that's not the kind of people that write apache,
pure-ftpd, or whatever server software he is using, nor the OpenSolaris,
FreeBSD or Linux kernels. I am not suggesting that these programs are
perfect, but you /do/ have to consider whether code that is massively
used, regularly checked and audited and backed by big names with lots of
money and resources, is going to catch problems faster than something
used by perhaps a few hundred people. If a flaw is found in the PHP
runtime libraries, it will affect you whether you are using an
OpenSolaris descendent on SPARC or Red Hat on x86. But when the fix is
made the updated version will be in the Red Hat repositories as fast as
possible - usually long before public announcements are made. When will
your OpenSolaris system get fixed, do you think?

Any choices can have security implications, and there are no magic
bullets - choosing your platform and server software will make some
issues more likely, others less likely. All you can do is try to find a
balance that reduces the risks to as low as practically achievable
within desired budget, administrator experience, etc.

>>
>>> Assuming that any security can be broken given sufficient
>>> resources, the idea is to make it as difficult as possible and not
>>> worth the return on investment to try and break a given system.
>>>
>>
>> True.  But using a weird platform that "nobody" has ever heard of does
>> not necessarily help.  The biggest risk for any significant web site
>> is the web site code - PHP, Java, etc., along with SQL flaws, not
>> machine code.
>
> Using a platform "nobody" has ever heard of does have huge security
> benefits.
> Good luck say accessing my sources which have never seen another but a
> DPS machine.
>

Again, there are pros and cons. Sure, no one is going to find a flaw
based on their understanding of the source code. Equally, however, no
one is going to help /you/ find flaws in the design.

The success of open source, and its vastly better track record on
security in comparison to close source software, has shown that having
source code available and having lots of users and developers is a good
thing on balance. It's not perfect, and mistakes happen, but they are
usually found and corrected faster, and the chances of long-lasting
flaws is smaller.

That does not mean it is the "best" model for all software or all uses,
regardless of how you want to judge "best". But for general server
software, you should have good reason before picking something other
than "industry best practice" software.

On 9/20/22 17:19, David Brown wrote:
> On 20/09/2022 17:10, Dimiter_Popoff wrote:
>> On 9/20/2022 17:20, David Brown wrote:

>
> Just to be clear - we are talking about security on *nix systems here.
> Windows, while much better than it used to be, has countless additional
> opportunities for malware and breakins.  We are also talking primarily
> about servers rather than desktops - it's the desktop user that is the
> main security flaw on most desktops!

I guess mainly a unix of various flavours here. A few old laptops
used as terminals and one windows machine, but have been using
win server editions for desktop use for years now. Basic install
leaves most services disabled by default and any needed services
must be explicitly enabled. Only used for a few apps and web
browsing, so a few year old release is fine for that. Currently
server 2012, more or elss equivalent to windows 8, with an addon
package to get a traditional desktiop layout back. Better system
management tools out of the box and never crashes either. Desktop
editions are asking for trouble in a professional environment.

Everything else is mainly FreeBSD, some Linux, but try to keep up
with the state of the art elsewhere, Openindiana being the most
recent to look at in depth. Change is slow here and expect to
get several years use from an upgrade, to concentrate on work, not
fixing the machine or os. If only it were that simple.

It's not really the choice of OS that is the main security issue,
as most can be made reasonably secure, but a non mainstream os on
non X86 hardware must help. Only valid though in conjunction with
other security measures.

As you suggest though, once Arm becomes more mainstream, so it
will become a more significant target for the hackers...

Chris

>
>> Mass illiteracy in today's mainstream coding does not make you safer,
>> it just gives you a false feeling about safety because of being "like
>> everyone else". The latter works to some extent say for food, buying
>> from a large chain lowers a lot your chances to be the first one
>> eating something poisonous before word goes out, but with code things
>> go just much faster.
>>
>
> I am assuming that he is running serious server software, rather than
> some random code found somewhere.  Yes, there is a lot of rubbish
> software written by people who should be kept well away from any
> computers - but that's not the kind of people that write apache,
> pure-ftpd, or whatever server software he is using, nor the OpenSolaris,
> FreeBSD or Linux kernels.  I am not suggesting that these programs are
> perfect, but you /do/ have to consider whether code that is massively
> used, regularly checked and audited and backed by big names with lots of
> money and resources, is going to catch problems faster than something
> used by perhaps a few hundred people.  If a flaw is found in the PHP
> runtime libraries, it will affect you whether you are using an
> OpenSolaris descendent on SPARC or Red Hat on x86.  But when the fix is
> made the updated version will be in the Red Hat repositories as fast as
> possible - usually long before public announcements are made.  When will
> your OpenSolaris system get fixed, do you think?
>
> Any choices can have security implications, and there are no magic
> bullets - choosing your platform and server software will make some
> issues more likely, others less likely.  All you can do is try to find a
> balance that reduces the risks to as low as practically achievable
> within desired budget, administrator experience, etc.
>
>
>>>
>>>> Assuming that any security can be broken given sufficient
>>>> resources, the idea is to make it as difficult as possible and not
>>>> worth the return on investment to try and break a given system.
>>>>
>>>
>>> True.  But using a weird platform that "nobody" has ever heard of
>>> does not necessarily help.  The biggest risk for any significant web
>>> site is the web site code - PHP, Java, etc., along with SQL flaws,
>>> not machine code.
>>

Many people have heard of Sun and still very much in use, though
diminished since the trailblazing days. Just like the quality and
attention to detail, but but getting harder to justify ongoing
us for a number of reasons.

Agree about web code though and surprised that much ever works at
all. Crap code written on a budget, good enough quality, rather than
a software engineering approach.

>> Using a platform "nobody" has ever heard of does have huge security
>> benefits.
>> Good luck say accessing my sources which have never seen another but a
>> DPS machine.
>>
>
> Again, there are pros and cons.  Sure, no one is going to find a flaw
> based on their understanding of the source code.  Equally, however, no
> one is going to help /you/ find flaws in the design.
>
> The success of open source, and its vastly better track record on
> security in comparison to close source software, has shown that having
> source code available and having lots of users and developers is a good
> thing on balance.  It's not perfect, and mistakes happen, but they are
> usually found and corrected faster, and the chances of long-lasting
> flaws is smaller.
>
> That does not mean it is the "best" model for all software or all uses,
> regardless of how you want to judge "best".  But for general server
> software, you should have good reason before picking something other
> than "industry best practice" software.
>
>