no 'commodity' OS is 'secure' Re: [Beowulf] Which distro for the cluster?

Steve Heaton steve_heaton at
Wed Jan 10 22:16:42 PST 2007

G'day all

I agree with Andrew et al.

Having spent a short sentence inside a major financial institution's 
security section I just thought I'd add a bit more.

They don't run Linux for *anything* related to security (although it's 
starting to do well elsewhere). Everything is from 'major software 
vendors'. The big boys in *NIX OS and apps.

In their opinion there is no Linux vendor (or associated financial 
support) that could cover the risk. This place has bigger financial 
teeth than most countries.

Nothing from M$, Apple or anyone else is allowed anywhere near the live 
perimeter. No exceptions. Ever. They regularly get approached directly 
and indirectly on the Evil Empire's behalf, as I'm sure you can imagine. 
They also find this a regular source of mirth.

While I agree they're conservative they also run "relatively" recent aka 
'stable' releases. Their test suite is awesome... and they have two 
mirrors of the live environment: development and testing. 'Dev' is the 
same platforms but typically less storage. The 'test' is an *exact* copy 
of what is a huge environment. (Completely separate DR/BC as well).
They don't do squat without it having run through the test process.

This really blew me away... an >exact< copy of the whole live 
environment. Platforms, versions, BIOS the whole shabang. (Rumour has it 
even patch lead lengths). It was then pointed out that they're a bank. 
Money is what they do. Money is what they have. Yours! :)


More information about the Beowulf mailing list