 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
Skype replaces P2P supernodes with Linux boxes hosted by Microsoft http://arstechnica.com/business/news/2012/05/skype-replaces-p2p-supernodes-with-linux-boxes-hosted-by-microsoft.ars Microsoft has drastically overhauled the network running its Skype voice-over-IP service, replacing peer-to-peer client machines with thousands of Linux boxes... a major departure from the design that has powered Skype for the past decade. ...there were typically a little more than 48,000 [peer-to-peer supernodes]...Skype is now being powered by a little more than 10,000 supernodes that are all hosted by the company. ...the boxes are running a version of Linux using grsecurity, a collection of patches and configurations designed to make servers more resistant to attacks. In addition to hardening them to hacks, the Microsoft-hosted boxes are able to accommodate significantly more users. Supernodes under the old system typically handled about 800 end users, Kortchinsky said, whereas the newer ones host about 4,100 users and have a theoretical limit of as many as 100,000 users. As I don't use Skype any more, the interesting bit to me is grsecurity: https://grsecurity.net/ http://en.wikipedia.org/wiki/Grsecurity grsecurity is a set of patches for the Linux kernel with an emphasis on enhancing security. [The] PaX...patch flags data memory--such as that on the stack--as non-executable, and program memory as non-writable. The aim is to prevent memory from being overwritten, which prevents many types of security vulnerabilities, such as buffer overflows. ...grsecurity...provides a full role-based access control (RBAC) system. RBAC is intended to restrict access to the system further than what is normally provided by Unix access control lists, with the aim of creating a fully least-privilege system, where users and processes have the absolute minimum privileges to work correctly and nothing more. How is RBAC different from SELinux or AppArmor? (And why didn't they incorporate one of those?) GRSecurity restricts chroot in a variety of ways to prevent a variety of vulnerabilities and privilege escalation attacks, as well as to add additional checks and balances. grsecurity also adds enhanced auditing to the Linux kernel. It can be configured to audit a specific group of users, mounting/unmounting of devices, changes to the system time and date, and chdir logging, amongst other things. Some of these other audits allow the admin to also log denied resource attempts, failed fork attempts, IPC creation and removal, and Exec logging with arguments. Anyone using grsecurity? What do you think of it? Any distributions that bundle it? -Tom -- Tom Metro Venture Logic, Newton, MA, USA "Enterprise solutions through open source." Professional Profile: http://tmetro.venturelogic.com/
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
