[Beowulf] Security issues

Jon Aquilina eagles051387 at gmail.com
Fri Oct 24 03:16:30 PDT 2008

>>my response

Im not goign to turn this into a distro war everyone is entitled to their
opinions and preferences. that is not the problem packaing or repackaing

are there any debian based distros out there?

>> from john hearns

Oooh, here we go again. Distro wars :-)

Jon, if I may be permitted to play the Devils Advocate this morning,
any "cluster distro" jsut has the same packages as any other server distro.
Kernel, init scripts, ssh daemon, ntp, blah de blah de blah.

The 'secret sauce' is in the HPC stack.
This consists of the drivers for any high performance interconnect,
the libraries for the HPC interconnect, the MPI libraries, the high
performance compilers,
the maths libraries, the batch shceduler and finally the applications on

In many cases the above are not packaged as RPMs (sorry - showing which side
of the fence I come from).
As an aside, all credit should be due here to Pathscale/Qlogic for superbly
packaging kernel modules and libraries for Infinipath, enabling you to
create a working MPI setup with little more than an 'rpm install' command.
Top marks.

To create this Debian based cluster distribution you're going to have to
package the above software types - and if anyone is going to actually use
it, they'll be looking at the most recent versions also. Quite often in a
distribution you will find an RPM for (say) LAMMPI or Gridengine - but
they're seriously out of date.
Let the debate begin.
On Fri, Oct 24, 2008 at 11:23 AM, Jon Aquilina <eagles051387 at gmail.com>wrote:

> now i see why the sudo approach adopted by debian and the kubuntu line is a
> good way to go. this is providing me with real motivation to start the
> development of my own kubuntu derived cluster distro. thing is i would need
> someone to give lists of pkgs that is used in a cluster and also testers and
> programmers to help me out seeing as i dont have a cluster.
> On Fri, Oct 24, 2008 at 10:55 AM, Kilian CAVALOTTI <
> kilian.cavalotti.work at gmail.com> wrote:
>> Jon Aquilina wrote:
>>> did this person use the ssh exploit that red hat found a few months ago?
>> Apparently not. From what Joe wrote, "the entry point was via a shared
>> user account". This account has been compromised, either with brute-force
>> ssh login attempts, or was socially engineered, it's not clear.
>> Nothing seems to indicate (as far as I can tell) that the entry point was
>> due to some weakness in one of the Rocks components. I second Mitch in
>> saying that this break-in isn't Rocks specific, but rather the result of
>> poor (lack of?) administration practices (especially from what I could read
>> here: http://scalability.org/?p=905, and assuming it's about the same
>> customer).
>> On the other hand, it's true that Rocks' philosophy (which I'm not a big
>> proponent of) doesn't make updates easy, nor encourage keeping systems
>> up-to-date. It tends to focus on the Windowsian "reinstall the whole
>> machine" approach in case of problem. Which makes perfect sense in specific
>> contexts, where no dedicated administration resources are available, or
>> where compute time is critical and understanding the root cause of technical
>> problems not so important.
>> But this can also lead to the kind of security problem Joe described, even
>> if here, I don't think one can blame any of the system's component being
>> outdated for this intrusion.
>> Cheers,
>> --
>> Kilian
> --
> Jonathan Aquilina

Jonathan Aquilina
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.beowulf.org/pipermail/beowulf/attachments/20081024/486d0205/attachment.html>

More information about the Beowulf mailing list