Hacker News new | past | comments | ask | show | jobs | submit login

Having everything patched as soon as patches are available (or within, say, 6 hours of availability, for "routine" patches, with better responsiveness for critical patches) is a win.

The rest: not so much.

Rebuilding continuously for security is not something I would recommend.




> Rebuilding continuously for security is not something I would recommend.

So that I understand, could you elaborate?

Particularly, do you mean "not recommend" as in "recommend against" or "not worth the bother"?


It's not worth the bother. Apart from keeping patches up today --- which is a good idea --- it's probably not really buying you anything.

It's not crazy to periodically rotate keys, but attackers don't acquire keys by, you know, stumbling over them on the street or picking them up when you've accidentally left them on the bar. They get them because you have a vulnerability --- usually in your own code or configuration. Rebuilding will regenerate those kinds of vulnerabilities. Attackers will reinfect in seconds.


A lot of companies do lose their keys that way. www roots, gists, hardcoded in products, github history, etc.

The win to rotating them is not so much because you'll be regularly evicting attackers you didn't know had your keys, but because when you do have a fire, you won't be finding out for the first time that you can't actually rotate them.

It also forces you to design things much more reliably which helps continuity in non-security scenarios.

After redeploying and realizing that Todd has to ssh in and hand edit that one hostname and fix a symlink that was supposed to be temporary so the new version of A can talk to B, that's going to get rolled in pretty quickly. Large operations not doing this tend to quickly end up in the "nobody is allowed to touch this pile of technical debt because we don't know how to re-create it anymore" problem.


It seems like it's good to be able to rebuild everything at a moment's notice after patching against a major exploit, though. You should have a fast way to rebuild secrets and servers after the next heartbleed-scale vulnerability.


Being able to rebuild critical infrastructure from source, and know that you'll be able to reliably deploy it, is a _huge_ win for security.

After a bunch of harrowing experiences with clients, I'm pretty close to believing "using packages for critical infrastructure is a bad idea".


Being able to rebuild critical infrastructure from source, and know that you'll be able to reliably deploy it, is a _huge_ win for security.

In that case, you might be interested in bosh: http://bosh.io/docs/problems.html (the tool that enables the workflow jacques_chester was describing). It embraces the idea of reliably building from source for the exact reasons you've mentioned.


I'm confused now, earlier you recommended patches over rebuilding continuously from source, but this seems like the opposite?


What does "packages" mean here? Sorry.


My guess is that "packages" is shorthand for "binary packages", as opposed to being able to redeploy from source.


Nod.


I'm guessing they meant to write "patches".


That was my hunch too. Thanks. I'll ask more about whether I missed something on the other side of the argument.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: