[ubuntu-cloud] [ec2] RFC: server-lucid-ec2-config: user-data configuration file
hedgehogshiatus at gmail.com
Wed Jan 6 13:28:52 GMT 2010
-----BEGIN PGP SIGNED MESSAGE-----
On Tue, Jan 5, 2010 at 11:38 PM, Soren Hansen wrote:
> On Tue, Jan 05, 2010 at 03:11:50AM -0800, Eric Hammond wrote:
>> We choose when to update our running systems, often after testing in
>> development and QA environments. However, if systems are being fired
>> up automatically by Amazon's Auto Scaling or Spot Instances and those
>> instances upgrade themselves on boot, then package upgrades are forced
>> on you whether or not you have tested, unless you choose to use a
>> date-fixed apt mirror like RightScale offers.
> If Ubuntu were ever to offer date-fixed repositories, I would personally
> consider that having declared complete bankruptcy on our SRU and
> security update policies and procedures. If we don't even trust our own
> process for these updates, and acknowledge the need for date-fixed
> repositories, we've lost. If we discover shortcomings in these
> processes, we need to fix them, not offer ways to circumvent them.
> Furthermore, even the smallest delays in applying security updates means
> a window of opportunity for an attacker. I consider it a critical
People that concerned about such vulnerable components can/should
secure with something like fwknop - my understanding is such software
protects against 0th day attacks. Ideally they'd seperate such a
component and isolate it behind fwknop.
If they are not that concerned, or can't implement that architecture
then /maybe/ getting Canonical's N updates asap is worth the (v.small)
probability one or more updates brings in some problem. But that is a
It is worth reiterating when calculating expected losses/costs: very
small probability times extremely large state value = non-negligible
cost/loss. Its not the prob that defines the size of a 'risk', its
jointly the size of the prob /and/ the size of the payoff.
Soren seems to assume the potential losses from a security
vulnerability outweighs the potential losses from a introducing a
My opionion is the opposite - but it is just an opinion.
Not every machine in the cloud will hold millions of customers credit
Canaonical can make an effort to drive down the probablility of a
They can't do anything (without sending in their consultants) about
the size of the state variable.
So small probablility != small potential loss.
Long-winded way of saying: Yes. Try to make things secure and bug
free. No. It is not axiomatic that the benefits of speedy upgardes
outweigh the costs - until you get the probability to zero ;)
Until then I'm with Eric. I don't want things updating automagically
by default, but I would like that option from time-to-time, on a
> feature for Ubuntu that our users should feel comfortable applying our
> security updates without much scrutiny.
> Soren Hansen |
> Lead virtualisation engineer | Ubuntu Server Team
> Canonical Ltd. | http://www.ubuntu.com/
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (GNU/Linux)
> -----END PGP SIGNATURE-----
> Ubuntu-ec2 mailing list
> Ubuntu-ec2 at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-ec2
πόλλ' οἶδ ἀλώπηξ, ἀλλ' ἐχῖνος ἓν μέγα
[The fox knows many things, but the hedgehog knows one big thing.]
Archilochus, Greek poet (c. 680 BC – c. 645 BC)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.12 (GNU/Linux)
Comment: Use GnuPG with Firefox : http://getfiregpg.org (Version: 0.7.10)
-----END PGP SIGNATURE-----
More information about the Ubuntu-cloud