Slashdot Mirror

← Back to Domains

Domain: wirex.com

Stories and comments across the archive that link to wirex.com.

Comments · 193

  1. Re:Torches, anyone? by Crispin+Cowan · · Score: 1 · on Digital Rights Management Operating System
    Quite a pity that a freedom-loving person didn't think of this and patent it. Were I the patent owner on this patent, I would not market it as a product, and I would demand a truly exhorbinant licensing fee to use it, i.e. no one would be selling a DRM OS :-)

    Crispin
    ----
    Crispin Cowan, Ph.D.
    Chief Scientist, WireX Communications, Inc.
    Immunix: Security Hardened Linux Distribution
    Available for purchase

  2. Re:Torches, anyone? by Crispin+Cowan · · Score: 1 · on Digital Rights Management Operating System
    Quite a pity that a freedom-loving person didn't think of this and patent it. Were I the patent owner on this patent, I would not market it as a product, and I would demand a truly exhorbinant licensing fee to use it, i.e. no one would be selling a DRM OS :-)

    Crispin
    ----
    Crispin Cowan, Ph.D.
    Chief Scientist, WireX Communications, Inc.
    Immunix: Security Hardened Linux Distribution
    Available for purchase

  3. My Wishlist by Crispin+Cowan · · Score: 1 · on Network Webcurity Wishlist?
    My wishlist, in priority order:
    1. Back off on making various forms of tools illegal. This just makes it that much harder for the defenders.
    2. Impose liability on networks that do not do egress filtering.
    3. Oppose the SSSCA .
    4. Fix the DMCA .
    Crispin
    ----
    Crispin Cowan, Ph.D.
    Chief Scientist, WireX Communications, Inc.
    Immunix: Security Hardened Linux Distribution
    Available for purchase
  4. My Wishlist by Crispin+Cowan · · Score: 1 · on Network Webcurity Wishlist?
    My wishlist, in priority order:
    1. Back off on making various forms of tools illegal. This just makes it that much harder for the defenders.
    2. Impose liability on networks that do not do egress filtering.
    3. Oppose the SSSCA .
    4. Fix the DMCA .
    Crispin
    ----
    Crispin Cowan, Ph.D.
    Chief Scientist, WireX Communications, Inc.
    Immunix: Security Hardened Linux Distribution
    Available for purchase
  5. Re:As a recipient of a subpoena... by Crispin+Cowan · · Score: 1 · on Network Webcurity Wishlist?
    At that point I told them that I was not going to do anything for them without talking to counsel, and they backed off.

    You should not do anything at all without talking to the company's conusel, lest ye get a lawsuit from the accused.

    Crispin
    ----
    Crispin Cowan, Ph.D.
    Chief Scientist, WireX Communications, Inc.
    Immunix: Security Hardened Linux Distribution
    Available for purchase

  6. Re:As a recipient of a subpoena... by Crispin+Cowan · · Score: 1 · on Network Webcurity Wishlist?
    At that point I told them that I was not going to do anything for them without talking to counsel, and they backed off.

    You should not do anything at all without talking to the company's conusel, lest ye get a lawsuit from the accused.

    Crispin
    ----
    Crispin Cowan, Ph.D.
    Chief Scientist, WireX Communications, Inc.
    Immunix: Security Hardened Linux Distribution
    Available for purchase

  7. Professionalizing Software is Premature by Crispin+Cowan · · Score: 5, Insightful · on Software Engineering Body of Knowledge
    Professionalizing software development entails:
    1. Codifying a set of "best practicies" that, when applied, assure a solid product.
    2. Codifying educational programs that teach these best practices.
    3. Certifying people who graduate from the educational process as "Software Engineers".
    The big problem with this idea is step 1: Sure, we have best practices, but they do not assure a solid product. By far, the highest assurance practice to date for developing working software is to make sure the developers have a lot of talent and dedication. There are software engineering best practices, but when goobers apply them, they are fully capable of producing bloated non-working crap. This is characteristic of an art, not an engineering discipline.

    It is very nice that people are sufficiently concerned about software quality and its impact on the real world (e.g. comp.risks). But this in no way means that we actually have best practices that will assure that mediocre developers can produce working product. Wishing for it (or mandating it) will not make it so.

    Crispin
    --
    Crispin Cowan, Ph.D.
    Chief Scientist, WireX Communications, Inc.
    Immunix: Security Hardened Linux Distribution
    Available for Purchase

  8. Professionalizing Software is Premature by Crispin+Cowan · · Score: 5, Insightful · on Software Engineering Body of Knowledge
    Professionalizing software development entails:
    1. Codifying a set of "best practicies" that, when applied, assure a solid product.
    2. Codifying educational programs that teach these best practices.
    3. Certifying people who graduate from the educational process as "Software Engineers".
    The big problem with this idea is step 1: Sure, we have best practices, but they do not assure a solid product. By far, the highest assurance practice to date for developing working software is to make sure the developers have a lot of talent and dedication. There are software engineering best practices, but when goobers apply them, they are fully capable of producing bloated non-working crap. This is characteristic of an art, not an engineering discipline.

    It is very nice that people are sufficiently concerned about software quality and its impact on the real world (e.g. comp.risks). But this in no way means that we actually have best practices that will assure that mediocre developers can produce working product. Wishing for it (or mandating it) will not make it so.

    Crispin
    --
    Crispin Cowan, Ph.D.
    Chief Scientist, WireX Communications, Inc.
    Immunix: Security Hardened Linux Distribution
    Available for Purchase

  9. Re:Same problem with 800 phone numbers? by Crispin+Cowan · · Score: 1 · on More Domain Disputes Labeled 'Reverse-Hijacking'
    IANAL, but didn't Intel go with "Pentium" partly because they couldn't trademark "586?"

    Yes, that's correct. What's dissapointing is that Intel didn't proceed to name the subsequent product "Hexium", leading to dorky, hard to remember product names like "Pentium III" :-)

    Crispin
    ----
    Crispin Cowan, Ph.D.
    Chief Scientist, WireX Communications, Inc.
    Security Hardened Linux Distribution
    Available for purchase

  10. Re:Same problem with 800 phone numbers? by Crispin+Cowan · · Score: 1 · on More Domain Disputes Labeled 'Reverse-Hijacking'
    IANAL, but didn't Intel go with "Pentium" partly because they couldn't trademark "586?"

    Yes, that's correct. What's dissapointing is that Intel didn't proceed to name the subsequent product "Hexium", leading to dorky, hard to remember product names like "Pentium III" :-)

    Crispin
    ----
    Crispin Cowan, Ph.D.
    Chief Scientist, WireX Communications, Inc.
    Security Hardened Linux Distribution
    Available for purchase

  11. Re:Some Actual Research by Crispin+Cowan · · Score: 1 · on Security-Meantime Between Rootshell?
    Crispin - Where have you guys been? I was wondering when you would re-release the 7.0 version.
    Takin' care of business:
    Does this release take care of the compilation problems of RH7?
    That's a matter of perspective :-) Immunix OS 7.0 ships with StackGuard 2.0 (which is a modified GCC 2.91) as the standard compiler, and glibc 2.2. It also ships with FormatGuard protection throughout.

    Can I build a 2.4 kernel with this?
    We're not shipping 2.4 kernels yet, but we are working on forward porting. Note: You should not try to compile kernels with StackGuard. You either need to patch the kernel make files to turn StackGuard off, or use RPM to switch to the non-StackGuard compiler while building kernels.

    I would really like to use XF86 4.03
    We are a server company, so we focus on server support, and not really desktop stuff. However, our engineers like to run Immunix on their desktops too, so we share what we use in our contrib directory.

    Crispin
    ----
    Crispin Cowan, Ph.D.
    Chief Scientist, WireX Communications, Inc.
    Immunix: Security Hardened Linux Distribution
    Now available for purchase

  12. Re:Some Actual Research by Crispin+Cowan · · Score: 1 · on Security-Meantime Between Rootshell?
    Crispin - Where have you guys been? I was wondering when you would re-release the 7.0 version.
    Takin' care of business:
    Does this release take care of the compilation problems of RH7?
    That's a matter of perspective :-) Immunix OS 7.0 ships with StackGuard 2.0 (which is a modified GCC 2.91) as the standard compiler, and glibc 2.2. It also ships with FormatGuard protection throughout.

    Can I build a 2.4 kernel with this?
    We're not shipping 2.4 kernels yet, but we are working on forward porting. Note: You should not try to compile kernels with StackGuard. You either need to patch the kernel make files to turn StackGuard off, or use RPM to switch to the non-StackGuard compiler while building kernels.

    I would really like to use XF86 4.03
    We are a server company, so we focus on server support, and not really desktop stuff. However, our engineers like to run Immunix on their desktops too, so we share what we use in our contrib directory.

    Crispin
    ----
    Crispin Cowan, Ph.D.
    Chief Scientist, WireX Communications, Inc.
    Immunix: Security Hardened Linux Distribution
    Now available for purchase

  13. Re:Some Actual Research by Crispin+Cowan · · Score: 1 · on Security-Meantime Between Rootshell?
    Crispin - Where have you guys been? I was wondering when you would re-release the 7.0 version.
    Takin' care of business:
    Does this release take care of the compilation problems of RH7?
    That's a matter of perspective :-) Immunix OS 7.0 ships with StackGuard 2.0 (which is a modified GCC 2.91) as the standard compiler, and glibc 2.2. It also ships with FormatGuard protection throughout.

    Can I build a 2.4 kernel with this?
    We're not shipping 2.4 kernels yet, but we are working on forward porting. Note: You should not try to compile kernels with StackGuard. You either need to patch the kernel make files to turn StackGuard off, or use RPM to switch to the non-StackGuard compiler while building kernels.

    I would really like to use XF86 4.03
    We are a server company, so we focus on server support, and not really desktop stuff. However, our engineers like to run Immunix on their desktops too, so we share what we use in our contrib directory.

    Crispin
    ----
    Crispin Cowan, Ph.D.
    Chief Scientist, WireX Communications, Inc.
    Immunix: Security Hardened Linux Distribution
    Now available for purchase

  14. Re:Some Actual Research by Crispin+Cowan · · Score: 1 · on Security-Meantime Between Rootshell?
    Crispin - Where have you guys been? I was wondering when you would re-release the 7.0 version.
    Takin' care of business:
    Does this release take care of the compilation problems of RH7?
    That's a matter of perspective :-) Immunix OS 7.0 ships with StackGuard 2.0 (which is a modified GCC 2.91) as the standard compiler, and glibc 2.2. It also ships with FormatGuard protection throughout.

    Can I build a 2.4 kernel with this?
    We're not shipping 2.4 kernels yet, but we are working on forward porting. Note: You should not try to compile kernels with StackGuard. You either need to patch the kernel make files to turn StackGuard off, or use RPM to switch to the non-StackGuard compiler while building kernels.

    I would really like to use XF86 4.03
    We are a server company, so we focus on server support, and not really desktop stuff. However, our engineers like to run Immunix on their desktops too, so we share what we use in our contrib directory.

    Crispin
    ----
    Crispin Cowan, Ph.D.
    Chief Scientist, WireX Communications, Inc.
    Immunix: Security Hardened Linux Distribution
    Now available for purchase

  15. Some Actual Research by Crispin+Cowan · · Score: 5 · on Security-Meantime Between Rootshell?
    Here's some actual research in this area:
    • At last week's IEEE Symposium on Security and Privacy Bill Arbaugh presented a very interesting paper on trend analysis of exploitation, as represented by CERT incident reports. Summary: most attacks exploit known security vulnerabilites that a site admin did not patch.
    • Jim Reavis at Securityportal.com did this great study examining the "days of recess" for each of Red Hat, Solaris, and Windows NT. "Days of recess" is the total number of days that an exploit was known but no patch available, summed over all vulnerabilities for that platform.
    • At WireX, we are working on a related concept that we call "Relative Invulnerability". Here, the idea is to consider the number of vulnerabilities for a "base" system (e.g. unpatched Red Hat 7.0) that appear over a period of months, and then consider how many of those unpatched vulnerabilities are successfully mediated by some protective technology such as SELinux or Immunix. The fraction of vulnerabilities stopped is the "relative invulnerability" of the defensive technology. This is written up in a paper that is currently being reviewed.
    Crispin
    ----
    Crispin Cowan, Ph.D.
    Chief Scientist, WireX Communications, Inc.
    Immunix: Security Hardened Linux Distribution
    Now available for purchase
  16. Some Actual Research by Crispin+Cowan · · Score: 5 · on Security-Meantime Between Rootshell?
    Here's some actual research in this area:
    • At last week's IEEE Symposium on Security and Privacy Bill Arbaugh presented a very interesting paper on trend analysis of exploitation, as represented by CERT incident reports. Summary: most attacks exploit known security vulnerabilites that a site admin did not patch.
    • Jim Reavis at Securityportal.com did this great study examining the "days of recess" for each of Red Hat, Solaris, and Windows NT. "Days of recess" is the total number of days that an exploit was known but no patch available, summed over all vulnerabilities for that platform.
    • At WireX, we are working on a related concept that we call "Relative Invulnerability". Here, the idea is to consider the number of vulnerabilities for a "base" system (e.g. unpatched Red Hat 7.0) that appear over a period of months, and then consider how many of those unpatched vulnerabilities are successfully mediated by some protective technology such as SELinux or Immunix. The fraction of vulnerabilities stopped is the "relative invulnerability" of the defensive technology. This is written up in a paper that is currently being reviewed.
    Crispin
    ----
    Crispin Cowan, Ph.D.
    Chief Scientist, WireX Communications, Inc.
    Immunix: Security Hardened Linux Distribution
    Now available for purchase
  17. What is a "Derived Work"? by Crispin+Cowan · · Score: 1 · on Ask an Attorney About Open Source Licensing
    The GPL says in 2.b:
    You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License.
    For classical user-space programs written in C, this clearly means "if you link in GPL'd code, then you're derived." But there are much more ambiguous circumstances:
    • loadable kernel modules. Linus has said he does not view these as derived works of the kernel.
    • loadable kernel modules that require a custom-hacked kernel. Linus has said that he does view these as derived works of the kernel.
    • Perl modules: how intimate do you have to get with a module to be a derived work?
    • .Net, the hot topic de jour: if someone provides a GPL'd .Net service, are programs that use that service derived works? If so, is not a web client a derived work of a web server, and vice versa? If not, then is putting your program on a separate machine sufficient to escape the GPL of the software it connects to? Is putting it in a separate process sufficient to escape the GPL?
    Crispin
    ----
    Crispin Cowan, Ph.D.
    Chief Scientist, WireX Communications, Inc.
    Immunix: Security Hardened Linux Distribution
  18. Check out Wirex's ISP software by Paleolithic · · Score: 1 · on Webhosting Control Panels?

    I work for Wirex. Check out our Immunix ISP Appliance Server Software. We think our interface is very easy to use; we built in some mini-expert systems in the form of "wizards" (yes, like them :-) so that the web interface is more intelligent than just filling in fields that would otherwise be the content of conf files.

    The appliance software is integrated with Immunix which is a security hardened Linux distribution. Security hardening is important in a web-managed appliance, precisely because the web interface (and the users that accompany them :-) don't have the smarts to address security issues in a timely fashion.

  19. Check out Wirex's ISP software by Paleolithic · · Score: 1 · on Webhosting Control Panels?

    I work for Wirex. Check out our Immunix ISP Appliance Server Software. We think our interface is very easy to use; we built in some mini-expert systems in the form of "wizards" (yes, like them :-) so that the web interface is more intelligent than just filling in fields that would otherwise be the content of conf files.

    The appliance software is integrated with Immunix which is a security hardened Linux distribution. Security hardening is important in a web-managed appliance, precisely because the web interface (and the users that accompany them :-) don't have the smarts to address security issues in a timely fashion.

  20. free karma!!! woo hoo! by Error27 · · Score: 5 · on New Security Module For Kernel 2.5

    I can't believe someone hasn't posted this yet.

    It's a fairly informative email that describes what the modules would do and what the reasons behind it are.

    http://mail.wirex.com/pipermail/linux-security-mod ule/2001-April/000005.html

    This should answer some questions people had and also explain how this is different from the "why don't audit everything instead" type posts.

  21. Re:Ouch by Kelvin · · Score: 2 · on New Security Module For Kernel 2.5

    The article here on /. has a typo in it. Crispin is actually at crispin@wirex.com, not wizex.com.

  22. The actual post by dudle · · Score: 5 · on New Security Module For Kernel 2.5
    One of the byproducts of the Linux 2.5 Kernel Summit http://lwn.net/2001/features/KernelSummit/ was the notion of an enhancement of the loadable kernel module interface to facilitate security-oriented kernel modules. The purpose is to ease the tension between folks (such as Immunix and SELinux) who want to add substantial security capabilities to the kernel, and other folks who want to minimize kernel bloat & have no use for such security extensions.

    Modules that can be loaded, or not, are the obvious solution, but the current LKM does not export sufficient hooks to support many security mechanisms. Thus many current security enhancements end up existing as kernel patches, which marginalizes their utility by making distribution problematic. The proposed solution is to enhance the LKM with a variety of new kernel elements exported to the module interface, so as to support a reasonable variety of security enhancements.

    We have started a new mailing list called linux-security-module. The charter is to design, implement, and maintain suitable enhancements to the LKM to support a reasonable set of security enhancement packages. The prototypical module to be produced would be to port the POSIX Privs code out of the kernel and make it a module. An essential part of this project will be that the resulting work is acceptable for the mainline Linux kernel.

    The list is open to all. You can subscribe here http://mail.wirex.com/mailman/listinfo/linux-secur ity-module or by sending e-mail to linux-security-module-request@wirex.com with a subject of subscribe.

    Crispin

  23. Re:#1 problem is the students by Crispin+Cowan · · Score: 1 · on Improving CS Education?
    This is actually pretty normal for novice instructors. Your are clearly one of the better students from your class, because you made it to grad school. Yet when you recall your experience as an undergrad, you probably assumed that you were middle of the pack (as this study).

    Then you go to teach, and the top few students seem pretty decent (they're much like you) and the rest of the class seems to suck. Well, no. The rest of the class sucks as much as they ever did, only now you have to notice, because you're grading all the papers, instead of hanging out with the leet geek types.

    Crispin
    ----
    Crispin Cowan, Ph.D
    Research Scientist, WireX Communications, Inc.
    Immunix: Security Hardened Linux Distribution
    ----
    Research Assistant Professor of Computer Science
    Oregon Graduate Institute

  24. It's Feedback by Crispin+Cowan · · Score: 2 · on Improving CS Education?
    I've been at three different computer science schools (Waterloo, UWO, and OGI) as an undergrad, grad student, and professor. Some of these schools are great, and some not so great (no comment :-) The teaching quality does vary, but not that much. I've conclucded that the real difference is the quality of the students, which induces a feedback loop.

    What happens is at a great school, you have a strong student body. This lets the faculty run the program at a high level (teach fast, advanced content, etc.). This attracts even stronger students, forming a positive feedback loop.

    At a not so great school, the students are relatively weak. This forces the faculty to teach slowly, remedial content, etc. Students may also be looking for that "quick fix carreer change", which means teaching technology (Java, JDBC, VB) instead of fundamental concepts (algorithms, data structures, abstraction). This in turn attracts more of the weaker students, forming a negative feedback loop.

    So if you're hot stuff, go to a hot school. When the assignments are hard, don't be surprised. If you're more into a slack lifestyle, go to a lesser school.

    Of course, teaching quality does vary. But contrary to what some other posters have said, teaching quality is not the inverse of research quality. Some research-oriented faculty are too busy to spend time on their students, while others are also truly great teachers. At small colleges, some faculty are there because they truly love to teach and are great at it, and some are there because they are lamers and a Moo U appointment is the best faculty job they could get. But my basic observation is that these variations are minor compared to the student body feedback effect.

    ----
    Crispin Cowan, Ph.D
    Research Scientist, WireX Communications, Inc.
    Immunix: Security Hardened Linux Distribution
    ----
    Research Assistant Professor of Computer Science
    Oregon Graduate Institute

  25. Re:"Bollocks" ? by Crispin+Cowan · · Score: 1 · on Emergence of SMT
    It's not true that doubling L1$ and adding a selection bit costs you nothing. In fact, the size of L1$ is rather limited, and cutting size in half substantially increases the miss rate. It is also fairly expensive to add selection bits.

    SMT also doesn't save you from cache miss latency. Out-of-order instruction issue saves you from that.

    The main advantage of SMT is that it gives computer architecture scholars something interesting to study :-)

    Crispin
    ----
    Crispin Cowan, Ph.D.
    Chief Research Scientist, WireX Communications, Inc.
    Immunix: Security-hardened Linux

  26. Bollocks by Crispin+Cowan · · Score: 1 · on Emergence of SMT
    IMHO, SMT is a load. Modern microprocessors are mostly cache-starved. SMT puts two processors on the wrong side of the L1$, aggrevating the cache bandwidth problem. Worse, the two processors in SMT degrade referential locality, further degrading the performance of the cache.

    I'm much more interested in enhanced cache ideas like IRAM that seek to enhance performance by putting a very large L2$ on chip by combining the discrete logic circuits of the CPU and static L1$ with the capacitor cell circuits of DRAM.

    Crispin
    ----
    Crispin Cowan, Ph.D.
    Chief Research Scientist, WireX Communications, Inc.
    Immunix: Security Hardened Linux Distribution

  27. Re:SlashPatents by Crispin+Cowan · · Score: 2 · on Author of Archie Challenges Alta Vista Patents
    Patents appear rather quickly for that. Patent #6,000,000 was granted December 7, 1999, and #6,100,000 was granted August 8, 2000. That makes 406 patents per day. Small wonder that the prior art search is lame.

    Crispin
    ----
    Chief Research Scientist, WireX Communications, Inc.
    Immunix: Hardened Linux Distribution

  28. Immunix 7 & FormatGuard Resist Ramen by Crispin+Cowan · · Score: 1 · on Cracking All The Live Long Day & RH6/7 Worms
    Upon reviewing the excellent technical summary over at Securityfocus, we found that Immunix's FormatGuard stops all three of the exploits that Ramen uses: Crispin
    ----
    Crispin Cowan, Ph.D.
    Chief Research Scientist, WireX Communications, Inc.
    Immunix: Free Hardened Linux Distribution
  29. Re:Infosplit web site by Crispin+Cowan · · Score: 1 · on Yahoo Geographically Targeting Users
    I e-mailed them to bitch about the blank web page, and they said they had problems this morning, but you can now get non-flash pure HTML here http://www.infosplit.com/no_flash.htm

    Crispin
    ---
    Crispin Cowan, Ph.D.
    Chief Research Scientist, WireX Communications, Inc.
    Immunix: Free Hardened Linux Distribution

  30. Re:Infosplit web site by Crispin+Cowan · · Score: 1 · on Yahoo Geographically Targeting Users
    It's not just you; I also get a blank page. I even enabled Javascript, and still got a blank page.

    Presumably, they have a Flash home page (I don't have a Flash plug-in, and don't want one). I don't object to web developers using Flash, but I do object to Flash being critical to content & navigation.

    Crispin
    ----
    Crispin Cowan, Ph.D.
    Chief Research Scientist, WireX Communications, Inc.
    Immunix: Free Hardened Linux Distribution

  31. Re:Where do I apply? by Rheingold · · Score: 2 · on IBM, HP, Intel, NEC Announce Open Source Lab

    I dunno about this, but if you're looking for Linux work in Portland, check out WireX. We're hiring, and it's a pretty good place to work.


    Wil
    --
  32. Annals of the History of Computing by Crispin+Cowan · · Score: 1 · on Computer Historian?
    A great place to start your investigation might be the IEEE Annals of the History of Computing.

    Crispin
    ----
    Immunix: Free, Hardened Linux Distribution
    Chief Scientist, WireX

  33. Dissecting the Buffer Overflow Problem by Crispin+Cowan · · Score: 3 · on Are Buffer Overflow Sploits Intel's Fault?
    For a great deal of technical data on how buffer overflows work, and how to stop them, read this paper. While I appreciate the plug that Bruce gave me for StackGuard, it does seem that he has not researched this topic very well:
    • Make the stack non-executable: Yes, this works, and security-conscious people will use Solar Designer's Kernel Patch to do that. It works great.
    • Make the data segment non-executable: This works a whole lot less well. Too many UNIX programs depend on being able to execute code in the data segment. This is UNIX's fault, not Intel's fault.
    • Use the MMU For Enforcement: Ancient Burroguhs mainframes (the 6500 IIRC) actually stored each array in a separate segment. They also ran like a dog compared to modern RISC(y) architectures. We tried the MMU approach for StackGuard in 1997, and it imposed an 8000% overhead to do it that way. Read about it in this paper.

    Crispin
    -----
    Immunix: Free Hardened Linux
    Chief Scientist, WireX

  34. Adventure Shell by Crispin+Cowan · · Score: 1 · on Natural Language CLIs?
    Once again, Microsoft seems to have invented 20-year-old technology. The "type in-line" interface sounds exactly like the ancient "adventure shell".

    Cliff is right: it is not better to type move all files beginning with the letter a to the directory called 'foo'" than to type "mv a* foo". I predict this one will be as much of a hit as Microsoft's Bob.

    Crispin Cowan
    -----
    Immunix: Free Hardened Linux
    Chief Scientist, WireX

  35. Re:You are in a fashion industry by Crispin+Cowan · · Score: 1 · on What About Functional Languages?
    I totally agree with this comment. We even have empirical evidence to support it: Java.

    Java is (IMHO) the coolest popular language around, and the most popular cool language around. Before jumping on me with your favorite language, let me explain these terms:

    • coolest: supporting the most wizzy features, e.g. type safety, distributed computing. Thus the list of "cool" languages is very, very large, and would include the likes of Java, Eiffel, Haskall, Scheme, ML, Hermes (my personal favorite) and the hundreds of others that the PL community has produced.
    • popular: used by so many people that you can reasonably post a job ad seeking programmers with experience in that language and expect to get responses. Thus the list of "poplular" languages is relatively short. This list is nearly inclusive (I may have left out a few):
      • C/C++
      • Pascal
      • Java
      • VB (very popular, not so cool :-)
      • PERL (very popular, coolness hotly disputed)
      • Python ("popularity" getting marginal here)
    So now do the intersection of the two, and just about the only languages that are both "cool" and "popular" are Java, and maybe Python (depending on whether you believe that Python is either "cool" or "popular").

    Now, how did Java get to be so popular? I argue that it has nothing to do with how "cool" Java is. Java could be every bit as sucky as VB, and still be nearly where it is today. Java became popular through the networking effect of being first to enable animated web pages. Yep, that's right: dancing pigs.

    If Java had come out three months after animated GIFs instead of three months before, then no one ever would have heard of it.

    Topical flamebait: Yes, functional programming languages are obscure and impractical. They may be "cool", but because they are hard to understand without a degree in mathematics, they have zero chance of ever becomming "popular". You will continuously see FP showing up in niche markets where correctness matters, no matter what the cost, (e.g. verifying CPUs such as the AMD/ACL2 case mentioned elsewhere, or the Hawk project being used to verify Intel processors) but you won't see FP enter the mass programming market.

    Crispin Cowan
    -----
    CTO, WireX Communications, Inc.
    Immunix: Free, Hardened Linux Distribution

  36. It's To Protect the Merchant by Crispin+Cowan · · Score: 1 · on A Matter Of Trust?
    The vast majority of Internet e-commerce fraud is people buying stuff with stolen credit card numbers. When a merchant ships goods to someone and the number turns out to be bad, the merchant gets to eat the loss. This action looks like a merchant that has been burned once too often trying to protect themselves.

    Crispin
    --------
    Crispin Cowan, CTO, WireX Communications, Inc.
    Free Hardened Linux Distribution

  37. Libsafe and StackGuard by Crispin+Cowan · · Score: 4 · on Libsafe: Protecting Critical Elements of Stacks
    Perry Wagle (principle StackGuard developer) has done some analysis comparing libsafe to stackguard. Here's the short version:

    • Use StackGuard when you can, because it's safer:
      • Libsafe only protects selected library string functions, while StackGuard protects all potential sources of stack overflow.
      • Libsafe depends on the existance of the frame pointer in the stack frame to parse/detect the stack frame. Unfortunately, the frame pointer may not be there, either because of a compile option to remove it, or because the optimizer took it out.
    • Use libsafe where you cannot use StackGuard. It's better than nothing, and it can protect closed-source apps where StackGuard cannot.
    The long version of the analysis is here.

    My further comment on libsafe: the paper that the authors will be presenting at USENIX in June presents two forms of defense ("library intercept" and binary-rewrite (BRW)) and only the library intercept appears to be embodied in the publicly available libsafe, which is why libsafe only protects against overflows that use particular string library functions.

    The BRW method is a pseudo-compiler that can transform binaries into "safe" programs by transforming the binary. It copies program onto the heap, inserting checks as it goes. The copy-to-the-heap is to make space for the additional checks. I really like the BRW method, and hope it becomes available.

    If my understanding is mistaken, and BRW is actually in the distributed libsafe, please correct me.

    Crispin
    -------
    CTO, WireX Communciations, Inc.
    Immunix: Free Hardened Linux

  38. The Actual Story Link by Crispin+Cowan · · Score: 2 · on Wyse Ditches Linux For WinCE
    Since the main body of the Slashdot article pointed to cnet's home page instead of the actual story, I thought I'd provide the link.

    Crispin
    --------
    CTO, WireX
    Immunix: Free Security Hardened Linux OS

  39. Security Auditing for Linux by Crispin+Cowan · · Score: 5 · on Auditing for Linux?
    There are two projects you may be interested in. The first is the Linux BSM project at U.C. Davis (home of an excellent security research lab by the way). The project's goal is to provide TCSEC-compliant auditing for Linux. They appear to have made reasonable progress. The last update to the web page was Feb. 15.

    The second project you may want to consider is that SGI is building an "orange book" Linux, with a goal of C2 by October, and B1 by next spring.

    Note that this question was posted to Slashdot last year so you probably want to go check out the responses there.

    Finally, while I'm here, I'll plug my own security-hardened Linux distro: Immunix. Immunix is not TCSEC compliant or anything like that. Rather, it is designed to be extremely difficult to break into, while preserving a high degree of Linux compatibility. Currently, it is just Red Hat hardened with StackGuard, but we will be releasing additional security technologies shortly.

    Crispin
    -------
    CTO, WireX Communications, Inc.
    Immunix: Free hardened Linux

  40. Where Linux Employers Post by Crispin+Cowan · · Score: 4 · on Finding a Linux Job
    Since I am an employer seeking Linux staff, I thought I'd provide my input. I agree with much of the advise in the article.

    However, at the end they recomend four job portals: Linux.com, Linux Today, User Friendly's GeekFinder and Linux.org.au. I agree with the first two, and (since I'm in North America) have no valid opinion on Linux.org.au.

    The problem with Geek Finder is that it is really just a front for Dice.com. Unlike all the other resources mentioned, dice.com charges employers for listings, instead of being community-based and advertiser-supported.

    Instead, I would recomend the following additional job portals, where I have actually posted jobs:

    • Superexpert.com: not great, but it does host linux jobs.
    • JustLinux: a smaller Linux portal, with a nice jobs page.
    • Free Software Jobs Page: This is the GNU jobs page. It is strictly for free software jobs, so only hard-core open source jobs get posted there.
    Finally, WireX's research jobs are here and our production jobs are here.

    Crispin
    -----
    Crispin Cowan, CTO, WireX Communications, Inc.
    Immunix: Free Hardened Linux Distribution
    Jobs!

  41. Where Linux Employers Post by Crispin+Cowan · · Score: 4 · on Finding a Linux Job
    Since I am an employer seeking Linux staff, I thought I'd provide my input. I agree with much of the advise in the article.

    However, at the end they recomend four job portals: Linux.com, Linux Today, User Friendly's GeekFinder and Linux.org.au. I agree with the first two, and (since I'm in North America) have no valid opinion on Linux.org.au.

    The problem with Geek Finder is that it is really just a front for Dice.com. Unlike all the other resources mentioned, dice.com charges employers for listings, instead of being community-based and advertiser-supported.

    Instead, I would recomend the following additional job portals, where I have actually posted jobs:

    • Superexpert.com: not great, but it does host linux jobs.
    • JustLinux: a smaller Linux portal, with a nice jobs page.
    • Free Software Jobs Page: This is the GNU jobs page. It is strictly for free software jobs, so only hard-core open source jobs get posted there.
    Finally, WireX's research jobs are here and our production jobs are here.

    Crispin
    -----
    Crispin Cowan, CTO, WireX Communications, Inc.
    Immunix: Free Hardened Linux Distribution
    Jobs!

  42. Where Linux Employers Post by Crispin+Cowan · · Score: 4 · on Finding a Linux Job
    Since I am an employer seeking Linux staff, I thought I'd provide my input. I agree with much of the advise in the article.

    However, at the end they recomend four job portals: Linux.com, Linux Today, User Friendly's GeekFinder and Linux.org.au. I agree with the first two, and (since I'm in North America) have no valid opinion on Linux.org.au.

    The problem with Geek Finder is that it is really just a front for Dice.com. Unlike all the other resources mentioned, dice.com charges employers for listings, instead of being community-based and advertiser-supported.

    Instead, I would recomend the following additional job portals, where I have actually posted jobs:

    • Superexpert.com: not great, but it does host linux jobs.
    • JustLinux: a smaller Linux portal, with a nice jobs page.
    • Free Software Jobs Page: This is the GNU jobs page. It is strictly for free software jobs, so only hard-core open source jobs get posted there.
    Finally, WireX's research jobs are here and our production jobs are here.

    Crispin
    -----
    Crispin Cowan, CTO, WireX Communications, Inc.
    Immunix: Free Hardened Linux Distribution
    Jobs!

  43. Whining by Crispin+Cowan · · Score: 2 · on FreeBSD at COMDEX
    I agree with many of the other posters; most of Bret's frustrations appear to be self-authored. Approach a hardware vendor with an in-your-face attitude, refer to products as "lobotomodems", and you should EXPECT to get the brush-off. There are advanced techniques like "tact" and "diplomacy" that need to be employed to successfully convince a vendor to invest effort (i.e. money) in supporting alternative systems.

    Furthermore, the whining about the isolation of the Linux Business Expo is also invalid. We were there selling our Linux-based product and promoting our free security portal and it was our choice to place our booth in the Linux Business Expo. Anyone who wanted to be in mainland could have chosen to do so.

    Crispin