Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Damn Vulnerable Linux — Most Vulnerable Linux Ever

timothy posted more than 4 years ago | from the in-context-it's-barely-vulgar dept.

Security 227

An anonymous reader writes "Usually, when installing a new operating system, the hope is that it's as up-to-date as possible. After installation there's bound to be a few updates required, but no more than a few megabytes. Damn Vulnerable Linux is different; it's shipped in as vulnerable a state as possible. As the DVL website explains: 'Damn Vulnerable Linux (DVL) is everything a good Linux distribution isn't. Its developers have spent hours stuffing it with broken, ill-configured, outdated, and exploitable software that makes it vulnerable to attacks. DVL isn't built to run on your desktop – it's a learning tool for security students.'"

cancel ×

227 comments

Sorry! There are no comments related to the filter you selected.

Wait, so I shouldn't have used that at work? (5, Funny)

Anonymous Coward | more than 4 years ago | (#32939760)

Don't tell my boss.

Re:Wait, so I shouldn't have used that at work? (5, Funny)

binarylarry (1338699) | more than 4 years ago | (#32939922)

Don't worry, it's still safer than the Windows servers you run.

Re:Wait, so I shouldn't have used that at work? (0)

Anonymous Coward | more than 4 years ago | (#32940388)

Funny? This should be modded informative.

The chance of getting a virus on DVL is orders of magnitude smaller than on Windows.

Re:Wait, so I shouldn't have used that at work? (1)

Neoprofin (871029) | more than 4 years ago | (#32940496)

Some would argue that means Linux lacks functionality.

Re:Wait, so I shouldn't have used that at work? (1)

ozmanjusri (601766) | more than 4 years ago | (#32940582)

Such as?

Re:Wait, so I shouldn't have used that at work? (4, Funny)

ae1294 (1547521) | more than 4 years ago | (#32940646)

Such as?

The ability to run the Malware he writes for fun and profit. Ok... mostly profit...

Re:Wait, so I shouldn't have used that at work? (4, Funny)

Darkness404 (1287218) | more than 4 years ago | (#32940628)

I know! I've been wanting to get these free kitten screensavers and family guy cursors and they aren't working! And I can't get sexyladies4324aefe.exe to run either! Man, Linux doesn't run anything good...

Re:Wait, so I shouldn't have used that at work? (0)

Anonymous Coward | more than 4 years ago | (#32940698)

Shooting for redundancy here, but if you can't those screensavers, pointers, porn downloaders and so on to run then it kinda fails considering it's supposed to be damn vulnerable?

Re:Wait, so I shouldn't have used that at work? (1)

Cheeze (12756) | more than 4 years ago | (#32940846)

I bet they run in Wine!

Re:Wait, so I shouldn't have used that at work? (2, Insightful)

jellomizer (103300) | more than 4 years ago | (#32940898)

Yes the random poke at Microsoft...
Lets stay blind dumb and happy with our Linux.

Linux isn't any more secure then Windows is. However Linux users like to get bragging rights because they release fixes to security glitches fixes (a good thing) much faster then Windows does. However security patches isn't the only thing...

Usually the reason for most Vulnerabilities in Windows is due to stupid Administration. Being that windows is easier to maintain by the average joe, means that a lot of Windows Server Networks are being administered by people who really don't have any rights administering a network. Having Poor Security procedures, buzzword based security settings, Firewall with holes.

Linux users are either the Old time Unix administers or people who actually think about technology as a bit more of a means to an end, actually on the average are at least bit better then the laimo Windows Server non-administrators.

However Linux is still quite vulnerable. Updates may not be run as often as they should, legacy code needing older versions of software to run. The fact that they think they are immune makes sure fixing these problems are a less of a priority.

I have seen man Linux Systems hacked into more then I have seen windows systems, why because the administrators of the Linux systems were Lazy and bought into the fact that Linux is SO MUCH MORE SECURE THEN WiNDOWS and let the Servers Run Bragging about their huge uptimes while it keep on getting rooted. Yes the times I have seen Windows get compromised it is often a bigger problem then when it happens to Linux, as windows vulnerabilities make it more possible to spread viruses across the unsecured intranet.

But the moral of this post is. Don't put your faith in the software for security, Keeping a secure network is up to a human hopefully they are skilled to keep it secure.
 

Or (4, Funny)

Voulnet (1630793) | more than 4 years ago | (#32939764)

Or use a fresh install of XP.

Re:Or (4, Funny)

Luckyo (1726890) | more than 4 years ago | (#32940040)

Ebola or AIDS. Choices!

Re:Or, So needed! (1)

linuxiac (1831824) | more than 4 years ago | (#32940604)

Those are threats to human survival. Way out of the league of this discussion... This distro is SO needed!

Re:Or (4, Interesting)

Co0Ps (1539395) | more than 4 years ago | (#32940042)

Seriously, I once attempted to see how long it would take to get a fresh install of XP hijacked on a virtual box. After about one hour of bad IE6 surfing on suspicious sites (would you like to download and run this? yes please) I had one or two pieces of malware installed that had taken over the computer completely, filling the screen with popups and disabling all kinds of system configuration tools.

Re:Or (0)

Anonymous Coward | more than 4 years ago | (#32940084)

How accepting to install malware a proof that winxp suck ?

You're the moron.

Re:Or (4, Insightful)

maxwell demon (590494) | more than 4 years ago | (#32940094)

To be fair, if you download run random stuff from the web, your Linux computer isn't too secure either.

Re:Or (0)

Anonymous Coward | more than 4 years ago | (#32940188)

> implying malware would be able to install software on Linux

Re:Or (-1, Offtopic)

Anonymous Coward | more than 4 years ago | (#32940280)

summerfag

Re:Or (0)

Anonymous Coward | more than 4 years ago | (#32940316)

It would if it asked you to and you said yes. Though, to be honest, it would probably ask you to download a bunch of libraries, fix a few compilation errors, and then copy files manually because the makefile doesn't work on your distro.

Re:Or (-1, Offtopic)

Khyber (864651) | more than 4 years ago | (#32940562)

Go away, chanfag.

Re:Or (4, Insightful)

tuxgeek (872962) | more than 4 years ago | (#32940408)

To be fair..
most malware available for download on the web is designed to be run on windows
It doesn't do anything much less run in linux

Windows is such an easy target for exploit and success, it's everywhere and run by every bone-head idiot on the planet
Linux on the other hand is most used by advanced individuals and can be very difficult to exploit making it a waste of time for the black hats, it can be done, but rarely successful

Re:Or (4, Insightful)

bigstrat2003 (1058574) | more than 4 years ago | (#32940668)

That's not the point. The point is that even if OS security were perfect, there would still be machines which were completely fucked. No amount of OS security will stop the user from wanting free kitten screen savers.

This doesn't excuse vulnerabilities that do exist in operating systems, but since Co0Ps specifically mentioned that he/she was actively agreeing to download certain pieces of malware, it bears mentioning.

Re:Or (0)

Anonymous Coward | more than 4 years ago | (#32940744)

So you're basing Linux's entire security on the basis of its terrible popularity? Good move! Now if only EVERYONE would install Linux to take advantage of its low popularity, there would be no more malware!

Re:Or (1)

jmerlin (1010641) | more than 4 years ago | (#32940818)

"Windows is such an easy target for exploit and success"

It's not Windows that's being targeted. It's the people using Windows. Get it right.

Re:Or (0)

Anonymous Coward | more than 4 years ago | (#32940894)

advanced individuals who used weakened SSL libraries for so long... oops

Re:Or (1)

RocketRabbit (830691) | more than 4 years ago | (#32940806)

Oh yeah, there's tons of malware out there for Linux.

I know of concept pieces but genuine malware, even on ancient distros is really hard to find, especially the kid you'd pick up from just browsing web sites. Rooting incidents are much more common, but still rare enough that it's barely worth worrying about.

Re:Or (5, Informative)

Culture20 (968837) | more than 4 years ago | (#32940578)

That's nothing. During the Blaster days, I stood by and let someone attach their computer to the network for updates after a clean install. It was an object lesson: Before she could navigate to windows update, it started rebooting again. Always update security patches from a known-safe medium.

Re:Or (1)

samurphy21 (193736) | more than 4 years ago | (#32940712)

Or at the very least, from behind a hardware firewall/router.

Or... dont put fresh OS in DMZ (0)

Anonymous Coward | more than 4 years ago | (#32940886)

it it wasnt in teh DMZ the NAT should have stopped any incoming connections from wreaking havoc.

Re:Or (1)

causality (777677) | more than 4 years ago | (#32940450)

Or use a fresh install of XP.

Yeah but this is a learning distribution for security students. "Download this script-kiddie tool and point it at the XP machine's IP address" doesn't allow for much learning and understanding...

Re:Or (1)

rtp (49744) | more than 4 years ago | (#32940560)

DVL is effectively the Crash Test Dummy for Linux.

Big deal (4, Funny)

Anonymous Coward | more than 4 years ago | (#32939768)

So it's like Fedora then.

Re:Big deal (0)

Anonymous Coward | more than 4 years ago | (#32939794)

You're not far off. I remember installing Redhat ten years back: the first thing anyone ever did after logging in as root was to edit /etc/inetd.conf and switch off all the fucking crap that was enabled by default.

Re:Big deal (1)

hdparm (575302) | more than 4 years ago | (#32939958)

You're not far off. I remember installing Redhat ten years back:

No, not too far. Just about 10 years.

Re:Big deal (0)

Anonymous Coward | more than 4 years ago | (#32939976)

He said Fedora, I said Redhat. You're talking about time, not distance. Nice try.

Re:Big deal (0)

Anonymous Coward | more than 4 years ago | (#32940482)

One was built on the ruins of another.

Re:Big deal (5, Insightful)

magsol (1406749) | more than 4 years ago | (#32939868)

Why is the OP - who is denigrating a Linux distro - modded a Troll, whereas the poster above him - denigrating Windows - modded as Funny?

Re:Big deal (5, Funny)

basscomm (122302) | more than 4 years ago | (#32939912)

Why is the OP - who is denigrating a Linux distro - modded a Troll, whereas the poster above him - denigrating Windows - modded as Funny?

You must be new here.

Re:Big deal (5, Insightful)

keatonguy (1001680) | more than 4 years ago | (#32940092)

Don't be obtuse, he raises a good point. Linux is not infallible and shouldn't be treated as such even in light of it's advantages and the personal support we all have for it. Criticism breeds improvement. Keep that in mind, mods.

Re:Big deal (0)

Anonymous Coward | more than 4 years ago | (#32940254)

Another new guy

Re:Big deal (0)

Anonymous Coward | more than 4 years ago | (#32940340)

You must be new here. (Treat this as criticism that breeds improvement.)

Re:Big deal (1)

DittoBox (978894) | more than 4 years ago | (#32940400)

Constructive criticism said sans doucheiness breeds improvement.

Criticism said to build oneself up breeds contempt.

Re:Big deal (1)

sea4ever (1628181) | more than 4 years ago | (#32940438)

Criticism breeds improvement.

The amount of criticism that Microsoft and Windows in particular have received from /. over the years...
Are you sure about that one there?

Re:Big deal (4, Funny)

LynnwoodRooster (966895) | more than 4 years ago | (#32940456)

Exactly. Everyone knows the only OS that gets to claim invulnerability is OSX...

Re:Big deal (4, Insightful)

causality (777677) | more than 4 years ago | (#32940606)

Don't be obtuse, he raises a good point. Linux is not infallible and shouldn't be treated as such even

Did it occur to you that the more experienced/advanced/technical users who tend to gravitate towards Linux are very much aware of this, that they administer their systems accordingly, and that this is in fact a big reason why successful malware "in the wild" is all but unheard-of on this platform? Compare to "buy the next version of Windows, it's easier and more secure than ever!" that carries the strong implication of "oh, security is someone else's problem". Not noticing or appreciating that difference would also be obtuse.

What I am getting at is that there are both technical and cultural differences between the two platforms.

Re:Big deal (1)

w0mprat (1317953) | more than 4 years ago | (#32940710)

Agreed. So on the topic of infallibity, here's more criticism.
1. Linux is still vulnerable through software the user runs. Vulnerabilities in popular browsers are still exploitable (Chromium, Firefox, Opera) etc. This doesn't give you low level access to the users system, but there is a helluva lot you can do once you've taken over a browser's running instance. (But Chrome has done a lot of work around sandboxing to address this).

2. It's not necessary to have root to do a lot of damage - anything the user account can access is yours (keylogging, delete data, wreck havoc on network shares).

3. I've always been concerned that in most distributions the user enters a password for superuser functions - you only need to phish this and suddenly you have low level access to the system. Distros are frequently frivolous with the prompting for admin password, such that even a expert user may enter it like a reflex, especially if the dialog box is visually accurate. It is not too difficult to imagine a number of easy ways to implement this :S which I won't go into, although it is reliant on user stupidity - which unfortunately is in abundance.

4. Complacency is the most dangerous security flaw, and Linux users have this in abundance also. Assuming security is the most dangerous thing you can do. Also dangerous is assumptions about the users competence.

4a. Security is not a one-time effort. Software is so complex these days there are ALWAYS flaws that can be exploited.

5. The assumption the if Windows was replaced with Desktop Linux, everything would be better. Fact is, it is still not tested in wide distribution accross tens of millions of machines with all kinds of users from all walks of life. There must be a lot of undiscovered flaws lurking. I would expect if you suddenly replaced all Windows installs worldwide with a single distro it wouldn't be long before the malware and shitware purveyors are back to business as usual. It would be no magic cure for malware.

6. Anyone who's had a Linux firewall and looked at the logs knows Linux systems are routinely attacked. Brute forcing SSH for example.

6a. I have friends who hack each others systems all the time like a sport. These are common distributions like Ubuntu and Fedora.

7. This is /. where I will be modded troll, flamebait in 3...2...1..

Re:Big deal (0)

Anonymous Coward | more than 4 years ago | (#32940762)

Or you won't be moderated at all, since no one who actually read your post (did you?) will give a shit.

Re:Big deal (1)

Hurricane78 (562437) | more than 4 years ago | (#32940740)

But compared to Windows, it actually looks infallible. It’s like multiplying a very large number stored as floating point with a very small number. It won’t change the very small number because the small one is to small and it can’t compute. ^^

Re:Big deal (1)

RichardJenkins (1362463) | more than 4 years ago | (#32939974)

Because Fedora is no laughing matter.

Re:Big deal (1)

bsDaemon (87307) | more than 4 years ago | (#32940004)

that's what she said.

Re:Big deal (-1, Troll)

nacturation (646836) | more than 4 years ago | (#32940008)

When you denigrate Linux you get modded down as troll. When you denigrate Windows, you're modded up to +5. But denigrate Apple and you'll start a 100 post long flamewar with many +5 Troll and -1 Insightful posts along the way.

By the way, did you know "+5, Troll" is no longer possible? I hereby sacrifice my karma to any mods willing to try.

Re:Big deal (1)

inode_buddha (576844) | more than 4 years ago | (#32940568)

True, but Apple flamewars are fun; you can spend all day trying to get them to come out of the closet. Meanwhile you can watch the fanbois get all twisted until they grow a pair enough. Of course you can say the same thing about Linux guys. I've been running it since the mid-1990's and I have very few illusions. Main thing is, Yeah, bone-stock generic linux install is a shitload better than Windows, but that doesn't mean it's perfect. There's always ways to tighten up the generic distro defaults to fit your specific situation, even with the latest. As for myself, I haven't allowed MS products in my house since 1999. Not missing much of anything either, it seems. And yes, I still enjoy all of the new web crap.

Re:Big deal (0)

Anonymous Coward | more than 4 years ago | (#32940066)

> Why is the OP - who is denigrating a Linux distro - modded a Troll, whereas the poster above him - denigrating Windows - modded as Funny?

You really must be _very_ new here: nowadays we get labeled as trolls for denigrating Windows over here.

As a side note, are you into some kind of political correctness or something? Because even M$ people know Windows sucks ("it's not engineered for security" in their parlance IIRC)

Get a life, please, will you?

(Ooh, I get it, you're metatrolling, right? In this case, well done...)

Re:Big deal (2, Insightful)

causality (777677) | more than 4 years ago | (#32940520)

Why is the OP - who is denigrating a Linux distro - modded a Troll, whereas the poster above him - denigrating Windows - modded as Funny?

That has since been modded some more and now sits at +4 Funny at the time of this post.

Had he denigrated Apple or its products, it would have gone down to -1 and remained there.

Re:Big deal (1)

Charliemopps (1157495) | more than 4 years ago | (#32940882)

Because windows sucks and we all know it as fact?

Only a matter of time (0)

Anonymous Coward | more than 4 years ago | (#32939780)

How long until this is embedded into a device because no one knew better?

Re:Only a matter of time (1)

fuzzyfuzzyfungus (1223518) | more than 4 years ago | (#32939812)

"Its developers have spent hours stuffing it with broken, ill-configured, outdated, and exploitable software that makes it vulnerable to attacks. DVL isn't built to run on your desktop" is a chillingly accurate description of embedded systems design; but the risk you cite seems exceptionally remote. If the embedders are clueless and barely paying attention, they'll just default to the OS or distribution with the highest mindshare, which won't be this. If they are not clueless and barely paying attention, they'll select something approaching the right tool for the job, which won't be this.

Amusing (0, Redundant)

KingAlanI (1270538) | more than 4 years ago | (#32939792)

Okay, I wouldn't doubt it has legitimate use as a teaching tool, but the idea of doing the very opposite of what you're usually supposed to do is still rather entertaining.
Reminds me of when one of my scout leaders gave a "How not to pack for a camping trip" demo. :P

Re:Amusing (1)

Peach Rings (1782482) | more than 4 years ago | (#32939814)

A good rule of thumb is that you know you packed too much if your retinue for carrying your luggage needs more food per meal than one person can carry alone.

Great Learning Tool (4, Informative)

bytethese (1372715) | more than 4 years ago | (#32939806)

We used it in my Forensic Computing masters program in some classes, definitely useful in our Network Security and Architecture of Secure Operating Systems classes to show what can happen with buffer overflows, gaining root access, etc.

Security study DVL (5, Funny)

GNUALMAFUERTE (697061) | more than 4 years ago | (#32939836)

A notable team of security researches are suggesting windows users migrate to a platform known as DVL. "DVL is a mess. It is vulnerable to a variety of attacks, but it is still more secure than the average windows install". Another researched pointed "Windows users must migrate to DVL immediately, in order to protect their computers".

While several independent research groups are considering DVL as a valuable alternative to windows, Microsoft didn't stay behind, and promised to use DVL as the base of Windows 8, the upcoming version of windows. A spokesperson for Microsoft notified that microsoft decided to use DVL after thoroughly analyzing it, "It provides a great building block for the next release of our greatest product, DVL certainly fits like a glove within our strict security and QA policies".

Windows 8: DVL Edition, the most secure windows version ever released, is scheduled to hit the shelves next summer.

Re:Security study DVL (2, Interesting)

GNUALMAFUERTE (697061) | more than 4 years ago | (#32939850)

Heheh, previous story says:

"More than a year after Microsoft issue a patch to cover privilege escalation issues that could lead to complete system takeover, a security researcher plans to use the Black Hat conference spotlight to expose new design mistakes and security issues that can be exploited to elevate privileges on all Windows versions including the brand new Windows 2008 R2 and Windows 7."

Re:Security study DVL (1)

Internalist (928097) | more than 4 years ago | (#32940122)

Re: your sig...Try reading this one, instead...

Structured Procrastination [structured...nation.com]

Re:Security study DVL (1)

GNUALMAFUERTE (697061) | more than 4 years ago | (#32940682)

Very interesting. Thanks for the link.

I am an awful procrastinator, but I do get things done, usually in a very similar fashion to the one explained in the link, many times even staying on-project. I usually split up projects into its parts, and when I get bored and try to avoid writing complex functions, I do interface work, or write a generic library to do $task, and generally procrastinate within a project by doing other parts that are not the major work that I had pending at the moment. This proves eventually very productive, since unconsciously I am thinking about the complex task that I am avoiding, and when I finally get around doing it, I have not only done a huge part of the total project, but I also have a very good understanding and planning of that complex piece that I've been avoiding for so long. That is, when I am not reading /. :)

How long ? (5, Funny)

Pelekophori (1045104) | more than 4 years ago | (#32939854)

till Microsoft uses it in get the facts comparisons?

Re:How long ? (0, Offtopic)

ascari (1400977) | more than 4 years ago | (#32939902)

Modded funny - but is it really a joke?

Re:How long ? (1)

Pelekophori (1045104) | more than 4 years ago | (#32940090)

Well it was written in that spirit, but jokes get most laughs if they poke close to truth. Your interpretation is also acceptable.

Re:How long ? (1)

xs650 (741277) | more than 4 years ago | (#32940594)

When I read the title I thought Microsoft was releasing a version of Linux.

what about a weird-arch linux? (4, Interesting)

keeboo (724305) | more than 4 years ago | (#32939906)

Something philosophically similar which could be created is some sort of "weird arch" Linux for code debugging purpuses.
Like something with 16bit chars and ints, non-0 NULLs... Perhaps running under an emulated invented weird architecture with strange byte order (non-LSB/MSB) and weird alignment issues.
I wonder how many software would break.

Re:what about a weird-arch linux? (4, Interesting)

sconeu (64226) | more than 4 years ago | (#32939970)

architecture with strange byte order (non-LSB/MSB)

You mean like the PDP-11 [wikipedia.org] ?

0x11223344 was stored in memory as 0x33 0x44 0x11 0x22

I did it all for the NUXI (1)

tepples (727027) | more than 4 years ago | (#32940048)

0x11223344 was stored in memory as 0x33 0x44 0x11 0x22

I did it all for the NUXI [catb.org] (come on) the NUXI (come on) [wikipedia.org]
So you can take that cookie and stick it up your (yeah) [collegehumor.com] .

Re:what about a weird-arch linux? (3, Informative)

mmkkbb (816035) | more than 4 years ago | (#32940070)

And the PDP-10 had bytes in any size from 1 to 36 bits [wikipedia.org] .

Re:what about a weird-arch linux? (1)

maxwell demon (590494) | more than 4 years ago | (#32940072)

Some more strangeness to add (all conforming to the C standard, some of them violate Posix, though):
Pointers have different sizes, depending on type. Function pointers and data pointers cannot be cast to each other. Pointers with different representations can actually point to the same memory address, but still have p1<p2 (this happened in 16 bit real mode).

BTW, does the C standard demand that all integer types use the same representation? If not, one could imagine that e.g. char uses signed magnitude, short uses ones complement, and long uses twos complement.

And of course, the storage would contain some transparent type tagging mechanism, so that certain type punning operations which are undefined in C are guaranteed to fail at run time.

Re:what about a weird-arch linux? (1)

ls671 (1122017) | more than 4 years ago | (#32940124)

> Something philosophically similar

Maybe, but for me "weird arch" Linux equals security through obfuscation. I know it doesn't qualify as real security but "security through obfuscation" has saved our asses a few times against zero-day exploit or more like "less than 1 day exploits" I should say. In our case, "obfuscation" is just using custom configurations, chrooting things, using reverse proxies and limiting reachable URL. etc.

Just changing the default admin username on things like MySql, FreePBX, Joomla and the like can save your ass sometime. You can also pretty easily change the root user name on Linux by editing /etc/passwd and /etc/shadow and replacing "root|" with something else although I have never done it in production environments, maybe because I wrongly trust that gaining root on our system is impossible and that binary hacks will use user number 0 anyway ;-)

Also, most serious companies I have worked for use some level of obfuscation, host names like e444tyh56p, etc...

Using obfuscation brings an additional cost although because it goes against usability and ease of maintenance principles.

Re:what about a weird-arch linux? (1)

deniable (76198) | more than 4 years ago | (#32940662)

Well, let's see it breaks things. We'll call it Sid. Oh, damn. At a higher level, play with things like file permissions and see what kind of helpful error messages you get. Making developers watch their work tested in a toxic environment may be eye opening.

Re:what about a weird-arch linux? (1)

chgros (690878) | more than 4 years ago | (#32940680)

Well, POSIX requires CHAR_BIT to be 8, so if you change that it's normal if it breaks.
But otherwise to test portability this seems interesting, although it would be most interesting if it could detect when something isn't done right.
Most importantly though, you'd need a compiler to target this architecture.
For instance, NULL being 0 is usually not part of the computer architecture itself; 0 is addressable on x86, causing this bug:
http://lwn.net/Articles/341773/ [lwn.net]

Re:what about a weird-arch linux? (1)

Hurricane78 (562437) | more than 4 years ago | (#32940786)

Your imagination is weak! How about...

  • dog-eat-dog multi-tasking (who can grab the most resources, wins), with the kernel running in the outmost shell, being dominated by the apps
  • 9 bit “bytes”/chars, non- IEEE floating point with a structure that makes no fuckin sense at all, +INF and +0 being the same, but no -INF existing, overflow and underflow resulting in bitshifts, 27 bit words, with a fractal-reversion BIT (not byte) ordering that looks more like enryption than the same data,
  • pointers having 7 bits for the super-segment, 9 for the segment and 11 for the offset, starting from the top of the RAM for applications and the bottom for the kernel, but counting from the top end of the kernel space,
  • the kernel automatically trying to execute every segment (there are no separate data segments) loaded RAM as a separate task, in case it’s a program
  • A 7 bit address and data bus but a 144+1 bit CPU
  • Flippy (the chimp) — A kernel thread equivalent of Clippy, making weird assumptions “it looks like you are trying to corrupt your hard disk...”, but normally just flipping bits at random for “optimization”.

Re:what about a weird-arch linux? (1)

noidentity (188756) | more than 4 years ago | (#32940866)

I'd love something like that. Main problem is that getting Linux itself to run on it would probably be a big chore, due to dependencies on the arch not being weird.

You dun goofed (0)

Anonymous Coward | more than 4 years ago | (#32939932)

The consequences will never be the same

Source? (0)

lennier1 (264730) | more than 4 years ago | (#32939938)

Sounds like the article was written by Captain Obvious.
This distribution should be basic knowledge by now anyway.

Re:Source? (1)

IANAAC (692242) | more than 4 years ago | (#32939982)

This distribution should be basic knowledge by now anyway.

Basic knowledge for whom?

I'm not the most technical guy around, but I try to keep up on things (certainly WRT Linux, as it's my main OS), and I'd never heard of it. Of course, I'm not in school studying security concepts either, so there ya go.

Re:Source? (1)

lennier1 (264730) | more than 4 years ago | (#32940354)

DVL is mentioned quite regularly when the topic of securing Linux or webservers in general comes up or in topics discussing specialized distributions.
IIRC he last Slashdot article where it was explicitly mentioned was less than 3 weeks ago.

And I develop web applications for a living. Certainly not a Linux security expert but one has to have at least some knowledge of the tools of one's trade. ;)

About time Microsoft released a Linux distro (-1, Troll)

noidentity (188756) | more than 4 years ago | (#32939972)

Finally, a Linux distro from Microsoft. It took them long enough.

Honey Pot Module coming up next week. (5, Informative)

ls671 (1122017) | more than 4 years ago | (#32939998)

We are working on a honey pot module for Damn Vulnerable Linux, it should be coming out soon ;-)

Basically log all activity to a network server while hiding the fact that we are doing it. Just refresh from a fresh image once in a while. Once an intruder is noticed, we can give him as many rights as we want in real time, especially with regards to network connectivity, which is done at the firewall level. It is a nice way to get a good grip of what is running in the wilderness of the internet. If you are lucky enough, you can even learn about unpublished exploits although I would use a up to date distro to specifically discover these.

Re:Honey Pot Module coming up next week. (2, Funny)

lennier1 (264730) | more than 4 years ago | (#32940378)

Chances are the user will even get Chinese lessons free of charge. ;)

Sooo, Windows is now totally useless? (0)

Anonymous Coward | more than 4 years ago | (#32940056)

Now that we now have a Linux distribution that mimics Microsoft, why even learn how to spot crappy security on a Microsoft product?

It may be vulnerable, but... (0)

Anonymous Coward | more than 4 years ago | (#32940082)

I doubt it will be getting VirusResponse Lab 2009 any time soon.

The Year of Linux (1)

flimflammer (956759) | more than 4 years ago | (#32940098)

This will bring Linux to the desktop!

Re:The Year of Linux (-1, Troll)

Anonymous Coward | more than 4 years ago | (#32940390)

This will bring Linux to the desktop!

A perfect drop-in replacement for Microsoft Windows!

Re:The Year of Linux (1)

deniable (76198) | more than 4 years ago | (#32940672)

Yeah, I can bring a lot of computers to my desktop.

The future of Apple (0, Offtopic)

lucmove (757341) | more than 4 years ago | (#32940190)

Post a story about computer security and people will crack jokes to make fun of Windows right in one of the first comments. Like clockwork. Windows 7 is reported to be pretty secure, but Microsoft can't seem to shake off the bad reputation.

Anyone who has a stake at Apple, the company, should seriously weigh how much actual benefit and damage Steve Jobs' cavalier attitude has been causing to Apple over the last few years. The company's financial health is great, sure, but so is Microsoft's. Its health in terms of reputation, however, isn't so good, and it is likely to get worse over the next few years. Then we will see Apple dealing with whatever reputation it has built, that will be coming back to bite Apple in the ass.

Re:The future of Apple (1)

IANAAC (692242) | more than 4 years ago | (#32940294)

The company's financial health is great, sure, but so is Microsoft's. Its health in terms of reputation, however, isn't so good, and it is likely to get worse over the next few years. Then we will see Apple dealing with whatever reputation it has built, that will be coming back to bite Apple in the ass.

Apple will *always* have its fans to prop the company up, at least marginally.

Back during the Scully era I had a co-worker that worked on a Quadra, and no matter how many times a day we'd all hear the "bunnng" restart sound coming from his cubicle (at least 4 times a day), he swore it was the best thing ever and that's all he was ever going to use.

Of course, now Apple has an entirely different demographic with their iPods, iPhones and now iPads, so who knows.

My bet's on the fans though. Apple would have to really mess up to drive them away. This latest iPhone trouble isn't going to phase them. Seriously, how many times have we read posts from users parroting "A fix is coming out, so no worries"?

so if one were to do this with bsd... (2, Funny)

ducomputergeek (595742) | more than 4 years ago | (#32940194)

would it be ClosedBSD?

Re:so if one were to do this with bsd... (1)

deniable (76198) | more than 4 years ago | (#32940678)

Extremely Open BSD. Maybe Wide Open BSD.

Re:so if one were to do this with bsd... (0)

Anonymous Coward | more than 4 years ago | (#32940776)

GoatseBSD?

Darn, they stole my idea... (1)

Logaan (1769744) | more than 4 years ago | (#32940412)

I was thinking it might be fun to make a linux distro like this. I would have called it "OpenLinux - Opening your Systems to the World!"

Are the reviews in? (1)

interval1066 (668936) | more than 4 years ago | (#32940464)

What did Consumer Reports say about DVL? I predict its either "No thanks, we'll pass, not vulnerable enough." or "Excellent! The most vulnerable OS yet!"

Microsoft's Linux vulnerability stats (3, Insightful)

Tracy Reed (3563) | more than 4 years ago | (#32940486)

You just know MS is going to count the vulnerabilities in this distro against Linux just like how they count one vulnerability which affects 10 distros as 10 vulnerabilities because 10 warnings get sent out.

Semi-dupe (5, Insightful)

Improv (2467) | more than 4 years ago | (#32940724)

This was in the list of "most interesting linux distros" posted here maybe two weeks ago. Sigh.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>