<style>@font-face{font-family:Calibri;panose-1:2 15 5 2 2 2 4 3 2 4;}</style><font face="Calibri"><p dir="ltr">As far as vulnerabilities go, here is a terrible idea:<br>
Write a little login patch that grabs your own email address and uses it<br>
to attempt to login to Facebook without a password 1000 times per <br>
second. Kill the script after two seconds. You want to read the Facebook <br>
head first so you can kick all the noise to /dev/null. It is brute force <br>
based on a query.</p>
<br><br>On August 18, 2018, at 10:12 PM, John Hearns via Beowulf <beowulf@beowulf.org> wrote:<br><br><br></font><div dir="ltr"><div>Rather more seriously, this is a topic which is well worth discussing,</div><div>What are best practices on patching HPC systems?</div><div>Perhaps we need a separate thread here.</div><div><br></div><div>I will throw in one thought, which I honestly do not want to see happening.</div><div>I recently took a trip to Bletchley Park in the UK. On display there was an IBM punch card machine and sample punch cards Back in the day one prepared a 'job deck' which was collected by an operator in a metal hopper then wheeled off to the mainframe. You did not ever touch the mainframe. So effectively an air gapped system. A system like that would in these days kill productivity.</div><div>However should there be 'virus checking' of executables  before they are run on compute nodes.</div><div>One of the advantages lauded for Linux systems is of course that anti-virus programs are not needed.</div><div><br></div><div>Also I should ask - in the jargon of anti-virus is there a 'signature' for any of these exploit codes? One would guess that bad actors copy the example codes already published and use these almost in a cut and paste fashion. So the signature would be tight loops repeatedly reading or writing to the same memory locations. Can that be distinguished from innocent code?<br></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div></div><br><div class="gmail_quote"><div dir="ltr">On Sun, 19 Aug 2018 at 05:59, John Hearns <<a href="mailto:hearnsj@googlemail.com">hearnsj@googlemail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><i><font color="#1f1f1f" size="4">To patch, or not to patch, that is the question:<br style="background:none;text-align:left;text-transform:none;text-indent:0px;letter-spacing:normal;font-variant:normal;font-weight:400;text-decoration:none;word-spacing:0px;white-space:normal;box-sizing:border-box"></font></i><span style="text-align:left;color:rgb(31,31,31);text-transform:none;text-indent:0px;letter-spacing:normal;font-family:"Open Sans","Helvetica Neue","Arial",sans-serif;font-size:18px;font-style:normal;font-variant:normal;font-weight:400;text-decoration:none;word-spacing:0px;display:inline;white-space:normal;float:none;background-color:transparent">
Whether 'tis nobler in the mind to suffer</span><br style="background:none;text-align:left;color:rgb(31,31,31);text-transform:none;text-indent:0px;letter-spacing:normal;font-size:18px;font-style:normal;font-variant:normal;font-weight:400;text-decoration:none;word-spacing:0px;white-space:normal;box-sizing:border-box"><span style="text-align:left;color:rgb(31,31,31);text-transform:none;text-indent:0px;letter-spacing:normal;font-family:"Open Sans","Helvetica Neue","Arial",sans-serif;font-size:18px;font-style:normal;font-variant:normal;font-weight:400;text-decoration:none;word-spacing:0px;display:inline;white-space:normal;float:none;background-color:transparent">
The loops and branches of speculative execution,</span><br style="background:none;text-align:left;color:rgb(31,31,31);text-transform:none;text-indent:0px;letter-spacing:normal;font-size:18px;font-style:normal;font-variant:normal;font-weight:400;text-decoration:none;word-spacing:0px;white-space:normal;box-sizing:border-box"><span style="text-align:left;color:rgb(31,31,31);text-transform:none;text-indent:0px;letter-spacing:normal;font-family:"Open Sans","Helvetica Neue","Arial",sans-serif;font-size:18px;font-style:normal;font-variant:normal;font-weight:400;text-decoration:none;word-spacing:0px;display:inline;white-space:normal;float:none;background-color:transparent">
Or to take arms against a sea of exploits</span><br style="background:none;text-align:left;color:rgb(31,31,31);text-transform:none;text-indent:0px;letter-spacing:normal;font-size:18px;font-style:normal;font-variant:normal;font-weight:400;text-decoration:none;word-spacing:0px;white-space:normal;box-sizing:border-box"><span style="text-align:left;color:rgb(31,31,31);text-transform:none;text-indent:0px;letter-spacing:normal;font-family:"Open Sans","Helvetica Neue","Arial",sans-serif;font-size:18px;font-style:normal;font-variant:normal;font-weight:400;text-decoration:none;word-spacing:0px;display:inline;white-space:normal;float:none;background-color:transparent">
And by opposing end them. To die—to sleep,</span><br style="background:none;text-align:left;color:rgb(31,31,31);text-transform:none;text-indent:0px;letter-spacing:normal;font-size:18px;font-style:normal;font-variant:normal;font-weight:400;text-decoration:none;word-spacing:0px;white-space:normal;box-sizing:border-box"><span style="text-align:left;color:rgb(31,31,31);text-transform:none;text-indent:0px;letter-spacing:normal;font-family:"Open Sans","Helvetica Neue","Arial",sans-serif;font-size:18px;font-style:normal;font-variant:normal;font-weight:400;text-decoration:none;word-spacing:0px;display:inline;white-space:normal;float:none;background-color:transparent">
No more; and by a sleep to say we end</span><br style="background:none;text-align:left;color:rgb(31,31,31);text-transform:none;text-indent:0px;letter-spacing:normal;font-size:18px;font-style:normal;font-variant:normal;font-weight:400;text-decoration:none;word-spacing:0px;white-space:normal;box-sizing:border-box"><span style="text-align:left;color:rgb(31,31,31);text-transform:none;text-indent:0px;letter-spacing:normal;font-family:"Open Sans","Helvetica Neue","Arial",sans-serif;font-size:18px;font-style:normal;font-variant:normal;font-weight:400;text-decoration:none;word-spacing:0px;display:inline;white-space:normal;float:none;background-color:transparent">
The heart-ache and the thousand natural shocks</span><br style="background:none;text-align:left;color:rgb(31,31,31);text-transform:none;text-indent:0px;letter-spacing:normal;font-size:18px;font-style:normal;font-variant:normal;font-weight:400;text-decoration:none;word-spacing:0px;white-space:normal;box-sizing:border-box"><span style="text-align:left;color:rgb(31,31,31);text-transform:none;text-indent:0px;letter-spacing:normal;font-family:"Open Sans","Helvetica Neue","Arial",sans-serif;font-size:18px;font-style:normal;font-variant:normal;font-weight:400;text-decoration:none;word-spacing:0px;display:inline;white-space:normal;float:none;background-color:transparent">
That HPC is heir to: 'tis a consummation</span><br style="background:none;text-align:left;color:rgb(31,31,31);text-transform:none;text-indent:0px;letter-spacing:normal;font-size:18px;font-style:normal;font-variant:normal;font-weight:400;text-decoration:none;word-spacing:0px;white-space:normal;box-sizing:border-box"><span style="text-align:left;color:rgb(31,31,31);text-transform:none;text-indent:0px;letter-spacing:normal;font-family:"Open Sans","Helvetica Neue","Arial",sans-serif;font-size:18px;font-style:normal;font-variant:normal;font-weight:400;text-decoration:none;word-spacing:0px;display:inline;white-space:normal;float:none;background-color:transparent">
Devoutly to be wish'd. To die, to sleep</span><br></div><br><div class="gmail_quote"><div dir="ltr">On Sun, 19 Aug 2018 at 02:31, Chris Samuel <<a href="mailto:chris@csamuel.org" target="_blank">chris@csamuel.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">On Sunday, 19 August 2018 5:19:07 AM AEST Jeff Johnson wrote:<br>
<br>
> With the spate of security flaws over the past year and the impacts their<br>
> fixes have on performance and functionality it might be worthwhile to just<br>
> run airgapped.<br>
<br>
For me none of the HPC systems I've been involved with here in Australia would <br>
have had that option.  Virtually all have external users and/or reliance on <br>
external data for some of the work they are used for (and the sysadmins don't <br>
usually have control over the projects & people who get to use them).<br>
<br>
All the best,<br>
Chris<br>
-- <br>
 Chris Samuel  :  <a href="http://www.csamuel.org/" rel="noreferrer" target="_blank">http://www.csamuel.org/</a>  :  Melbourne, VIC<br>
<br>
<br>
<br>
_______________________________________________<br>
Beowulf mailing list, <a href="mailto:Beowulf@beowulf.org" target="_blank">Beowulf@beowulf.org</a> sponsored by Penguin Computing<br>
To change your subscription (digest mode or unsubscribe) visit <a href="http://www.beowulf.org/mailman/listinfo/beowulf" rel="noreferrer" target="_blank">http://www.beowulf.org/mailman/listinfo/beowulf</a><br>
</blockquote></div>
</blockquote></div>