On Tue, Apr 01, 2003 at 10:47:45PM +0800, Ian C. Sison wrote: > This is a call for volunteers. PLUG has been requested to field > volunteers to defend the Linux boxes they will deploy in the ManilaCon > Hackers convention in May. (details on http://www.isssp.org.ph)
I have been given permission to take the week of the ManilaCon 2003 (from Monday to Thursday, which includes all three days of the hardening period) off, so I'd like to confirm that I am volunteering for the PenguiGnu Team. As I mentioned on IRC, I recommend that we use Debian GNU/Linux 3.0r1 with complete security updates for the SittingPenguin, unless IBM or the organizers exert pressure to use RedHat. Why Debian? Because Debian has an excellent track record, IMO, and the stable tree is known to be acceptably rock solid at any given time. Furthermore I believe SittingPenguin should be fairly representative of the type of "secure servers" we actually use in the field. True we can hack things up to be as rock solid as igneous rocks can get, but if we don't actually use this kind of setup in the real world then I don't see the point other than having bragging rights. For the bulletin board system I would like to volunteer to set up a Debian Sid based system running a Squid accelerator, Zope and Plone, similar to what I actually have up and running at free.net.ph. I am busy preparing some final reports for school at the moment, but as soon as this is done I intend to get in touch with the Zope and Plone development teams to find out about the current state of security and the track records of these applications as well. The Zope + Plone combination seems to have a much better security track record than most popular PHP-based bulletin board solutions based on my subscription to BugTraq, but that could be because they're not as popular yet. Anyhow, I believe as Ian said that beyond bragging rights this is a chance to finally prove or disprove the FUD and our counterclaims, not just to the world but more importantly to ourselves. We must eat our own dogfood. ;) Ian, if you would like to set up a coordination list for the PenguiGnu team for ManilaCon 2003 just let me know. I'll be more than willing to host one at lists.free.net.ph. As an aside, I'm most displeased to announce that marc.free.net.ph will be down indefinitely. Lurker has decided to fuck up thoroughly, and segfaults during database rebuilding every time. This is only happenning now with XFS (worked fine with ext3), but I don't think XFS can be blamed completely for that. Everything else in userland works perfectly. The Lurker list is quiet despite extensive reports I've filed, so I don't know if I can get things fixed soon. I'll send a broadcast to let everyone know when things are ok again. ... unless of course anyone has mailing list archival software recommendations other than mhonarc. --> Jijo -- Federico Sevilla III : http://jijo.free.net.ph : When we speak of free Network Administrator : The Leather Collection, Inc. : software we refer to GnuPG Key ID : 0x93B746BE : freedom, not price. _ Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph To leave: send "unsubscribe" in the body to [EMAIL PROTECTED] Fully Searchable Archives With Friendly Web Interface at http://marc.free.net.ph To subscribe to the Linux Newbies' List: send "subscribe" in the body to [EMAIL PROTECTED]
