Embed Size (px)
Citation preview
O P E N S O U R C E FA I R Y D U S TJOHN MENERICK
S E C U R I T Y D R A G O N @ N E T S U I T E
T H E V I E W S A N D O P I N I O N S E X P R E S S E D H E R E A R E M Y O W N O N LY A N D I N N O W AY R E P R E S E N T T H E V I E W S , P O S I T I O N S O R O P I N I O N S - E X P R E S S E D O R I M P L I E D - O F M Y E M P L O Y E R ( P R E S E N T A N D PA S T ) O R A N Y O N E E L S E .
M Y T H O U G H T S A N D O P I N I O N S C H A N G E F R O M T I M E T O T I M E ; T H I S I S A N AT U R A L O F F S H O O T O F H AV I N G A N O P E N A N D I N Q U I S I T I V E M I N D .
S E C U R I T Y D R A G O N @ N E T S U I T E
T H E V I E W S A N D O P I N I O N S E X P R E S S E D H E R E A R E M Y O W N O N LY A N D I N N O W AY R E P R E S E N T T H E V I E W S , P O S I T I O N S O R O P I N I O N S - E X P R E S S E D O R I M P L I E D - O F M Y E M P L O Y E R ( P R E S E N T A N D PA S T ) O R A N Y O N E E L S E .
M Y T H O U G H T S A N D O P I N I O N S C H A N G E F R O M T I M E T O T I M E ; T H I S I S A N AT U R A L O F F S H O O T O F H AV I N G A N O P E N A N D I N Q U I S I T I V E M I N D .
W H AT W E A R E N O T TA L K I N G A B O U T
W H AT W E A R E TA L K I N G A B O U T
THE INTERNET - C IRCA 2007
THE INTERNET - C IRCA 2007
N O O N E S A I D I T WA S S E C U R E
N O O N E S A I D I T WA S S E C U R E
N O O N E S A I D I T WA S S E C U R E
O O P S !
O O P S !
” O P E N S O U R C E I S M O R E S E C U R E . ”
O O P S !
” O P E N S O U R C E I S M O R E S E C U R E . ”
O O P S !
I N T E R N E T S O C I E T Y P R E S I D E N T
E V E RY B O D Y ’ S J O B I S N O B O D Y ’ S J O B
E V E RY B O D Y ’ S J O B I S N O B O D Y ’ S J O B
“This is a story about four people named
E V E RY B O D Y ’ S J O B I S N O B O D Y ’ S J O B
“This is a story about four people namedEverybody,
E V E RY B O D Y ’ S J O B I S N O B O D Y ’ S J O B
“This is a story about four people namedEverybody,Somebody,
E V E RY B O D Y ’ S J O B I S N O B O D Y ’ S J O B
“This is a story about four people namedEverybody,Somebody,
Anybody, and
E V E RY B O D Y ’ S J O B I S N O B O D Y ’ S J O B
“This is a story about four people namedEverybody,Somebody,
Anybody, andNobody.
E V E RY B O D Y ’ S J O B I S N O B O D Y ’ S J O B
“This is a story about four people namedEverybody,Somebody,
Anybody, andNobody.
E V E RY B O D Y ’ S J O B I S N O B O D Y ’ S J O B
There was an important job to be done and Everybody was asked to do it.
E V E RY B O D Y ’ S J O B I S N O B O D Y ’ S J O B
Everybody was sure
E V E RY B O D Y ’ S J O B I S N O B O D Y ’ S J O B
Somebody would do it.
E V E RY B O D Y ’ S J O B I S N O B O D Y ’ S J O B
Anybody could have done it, but
E V E RY B O D Y ’ S J O B I S N O B O D Y ’ S J O B
Nobody did it.
E V E RY B O D Y ’ S J O B I S N O B O D Y ’ S J O B
Somebody got angry about that,
E V E RY B O D Y ’ S J O B I S N O B O D Y ’ S J O B
because it was
E V E RY B O D Y ’ S J O B I S N O B O D Y ’ S J O B
Everybody's job.
E V E RY B O D Y ’ S J O B I S N O B O D Y ’ S J O B
Everybody thought
E V E RY B O D Y ’ S J O B I S N O B O D Y ’ S J O B
Anybody could do it but
E V E RY B O D Y ’ S J O B I S N O B O D Y ’ S J O B
Nobody realized that
E V E RY B O D Y ’ S J O B I S N O B O D Y ’ S J O B
Everybody wouldn't do it.
E V E RY B O D Y ’ S J O B I S N O B O D Y ’ S J O B
It ended up that Everybody blamed Somebody when Nobody did what Anybody could have done.”
E V E RY B O D Y ’ S J O B I S N O B O D Y ’ S J O B
It ended up that Everybody blamed Somebody when Nobody did what Anybody could have done.”
E V E RY B O D Y ’ S J O B I S N O B O D Y ’ S J O B
It ended up that Everybody blamed Somebody when Nobody did what Anybody could have done.”
E V E RY B O D Y ’ S J O B I S N O B O D Y ’ S J O B
It ended up that Everybody blamed Somebody when Nobody did what Anybody could have done.”
Financial
Fun
Hobbyist
Activist
Financial
Fun
Hobbyist
Activist
“ O P E N S O U R C E P R O J E C T S P L AY A C R U C I A L R O L E I N T H E D I G I TA L A G E B U T A R E M A I N TA I N E D B Y A S M A L L ,
S T R A I N E D C A D R E O F V O L U N T E E R S . ”
Functionality
UsabilityPerformance Security
Stability Compliance
UsabilityPerformance Security
Stability Compliance
UsabilityPerformance Security
Stability
Performance Security
Stability
Performance
Stability
Performance
Stability
” T H E R E A R E L O T S O F C R I T I C A L L I B R A R I E S M A I N TA I N E D B Y V O L U N T E E R S T H AT A R E N O T G I V E N E N O U G H
AT T E N T I O N ”
C / C + +
C / C + +
” W H E N Y O U C A R RY P O I N T E R S A R O U N D A N D C A N N O T T R A C K W H E T H E R T H E Y A R E A L I V E A N D
H O W L O N G T H E Y A R E , I T ' S G O I N G T O H U R T. ”
J AVA
J AVA
“ I T I S N O T L I K E J AVA G O T I N S E C U R E A L L O F A S U D D E N . I T H A S B E E N I N S E C U R E F O R Y E A R S . ”
P H P
NO STRATEGY
N O S E C U R I T Y C O N TA C T O R R E P O R T I N G D E F I N E D
Inconsistent coding styles, usage, or complex code
”System administrators hate change when they have to bear the brunt of adverse effects of change.”
CHANGE IS HARD
”System administrators hate change when they have to bear the brunt of adverse effects of change.”
WHAT DO WE
DO NOW?
DEMOS
Hadoop HDFS 2.4.1
Free Radius 3.0.3
Exim
( A N D S O C A N Y O U ! )
WHAT IS YOUR INCENTIVE?
F U L L D I S C L O S U R ES T R E E T C R E D
L U L Z
TOOLING
TUNING AND CORRELATION
TUNING AND CORRELATION
TUNING AND CORRELATION
• hacktheplanet.ninja/index.html
O N E M O R E T H I N G …
2788: char name[PATH_MAX]; // 4,096 Bytes
2802: fscanf is 33,554,431 bytes
