Slashdot Mirror
Intel Opens CDSA Source
Quite a number of people have written over the last couple of days about Intel's decision to open-source CDSA, their security software, when it's released on May 15. That's their Common Data Security Architecture -- it's an enterprise-level security application.
Ingredients
-----------
2 qt Water
12 oz Quick grits
1/2 lb Butter
2 Jalapenos, diced, remove
- seeds for sissies.
1 md Red bell pepper, diced
1 md Poblano pepper, diced
1 md Onion, diced
1/2 lb Cheddar cheese, grated
1/2 lb Monteray Jack, grated
4 Eggs, beaten
Salt, to taste
Directions
----------
Bring water to a boil. Add grits and simmer for 5 minutes. (For thinner grits, add more water.) Set aside. Melt butter in a large skillet over medium high heat; add peppers and onion. Saute until tender, about 5 minutes. Add to grits, along with cheeses. Add eggs and season with salt. Pour into a 2-quart casserole and refrigerate until ready to cook. Bake in a preheated 350 degree oven for 25 minutes, or until set. Serve immediately.
Serves 10.
IBM is also contributing its JFS. So we have 4 journaled fs's on the horizon: ext3, journaled-Reiser, XFS, and JFS.
Why would OpenSource/FreeSoftware proponents want
*more* security? Doesn't information want to be
free? Aren't you hoarding information by scrambling
it so that only you and the recipient of your keys
can read it? Aren't we being hypocritical if we
want everybody else's information to be free?
At least RMS is consistent when he wants everybody to have root access.
Je ne parle pas francais.
See here
Are you sure about that? I seem to remember kipling launching a series of products named like 'hacker' and 'cyber' etc. Somebody got irritated about this (actually, most of us did), and cracked their webpage (Something most of us didn't do).
They were actually very nice bags, even if they were a little bit cheesy looking. In big plastic letters, the word HACKER was prominently displayed, and, for some reason they thought this was cool, they clipped on a plastic representation of a parallel port connector (easily removed). But, it was waterproof (lined with PVC), very comfortable to walk around with, and just the right size for my laptop. My wife was so impressed with the bag that she went out and bought one (a non-"hacker" model, of course).
"... message passing as the fundamental operation of the OS is just an excercise in computer science masturbation."
Actually, I did, and I agree. I just don't agree that this is an example of "security through obscurity."
My office has been taken over by iPod people.
Source code is one thing. Implementation is another, and more important.
If their code is solid there should be no problems in securing a site with it.
My office has been taken over by iPod people.
That's just it... "algorithms and keys." But, nobody with half a brain would ever keep the algorithms AND the keys in the same place. If you use a strong enough key you'll have plenty of time to detect a crack attempt. Once detected you can start changing your keys on a much more frequent basis. If a cracker can't get a reliable key they'll eventually be forced to give up on breaking your security.
My office has been taken over by iPod people.
So, download the source and tweak it to run on Alpha. Much easier said than done but, do-able.
My office has been taken over by iPod people.
Your challenge is to then find the holes and patch them.
My office has been taken over by iPod people.
I was reading the article and it made no mention of the style of license that will be used. They'd be crazy as hell to use GPL(would get news though..) Maybe they'll use something like the apple Open Source license.
Anyone know for sure?
-niteq
No, more like...Is it Free? I'd rather have _free_ open source software than have to obide by a "community license" or have to pay for the source, just like some companies *cough*microsoft*cough* do.
-niteq
Regarding:
Look at mozilla, they needed crypto, so they're using psm from sun (available from iplanet). PSM is closed source.
This is not at all accurate. Both the PSM application and the NSS libraries are available in source form from Mozilla.org. For more information, please see:
The Mozilla open source projects page
Please also see the FAQ and the newsgroup (referenced on that page).
Also, PSM is not "from Sun" (not that it really matters). It was written by Netscape engineers on my team. We are distributing binary versions for use with Netscape 4.7 and Mozilla from the iPlanet site. You'll notice that PSM is bundled with Netscape 6.
I encourage everyone interested in open source crypto to visit that web site above. It's the best way to keep up to date on what we're doing.
Female Prison Rape in NY
Female Prison Rape in NY
"IBM is already contributing some of its AIX UNIX technologies, including its journaling file system,to the open source process."
I am missing something? I thought SGI was contributing XFS.
True, but you don'ty need the cdr. Most modern linux have an ftp and/or nfs install, thus your cost, assuming already have a net connection is $0. It is also probably a little better for your sanity if you have something faster than a modem, but whatever.
If you do buy your cd, might I suggest Debian, their cd's are reasonably priced ( no 80+ dollars for Redhat, please....) even if you don't buy from cheapbytes.
Ok, finally a subject I have some practical information. *Disclaimer: I work for Intel in an unrelated group, but I figured I might add some info I found on the internal website.*
From the website:
"Software Availability A Windows* version of the CDSA open source software will be available from Intel in May. The 64- and 32-bit Linux versions will be available in August"
Also:
"CDSA software is currently approved for export" - a paragraph regarding the US Gov's change in encryption restrictions
And:
"...providing CDSA software as open source code..."
Granted, there is no mention of the liscence which it will be available under.
Eric VanAlstine All comments posted are mine alone, not Intel's
That joke is so old that the first time I heard it, I had a MillionInstructionsPerSecond processor and the name sounded impressive....
no
Will the software run on AMD, or will it depend on Intel-only extensions (PSN). I see this as a way for Intel to try and push their PSN stff more. It'd be nice to see someone port it to non-Intel chips if the license agreement doesn't restrict that.
Also, why is it that no one really cares about the PSN anymore? It seemed like it was going to be a huge deal, then it just kind of disappeared.
Not to mention being hella fast, too.
Why is this flame bait? Because I didn't say "but it would be great if the released it under the GPL because everyone knows that the GPL is God's gift to geeks.?"
Or perhaps it was because I gave Intel a little bit of props instead of just saying something cool about AMD.
One way or another, all I did was ask a simple fscking question related to the topic.
I guess this will just be moderated right down to "0" as "Offtopic."
CDSA sounds a lot like PAM. What does CDSA do that PAM does not?
From the Intel site:
Software Availability A Windows* version of the CDSA open source software will be available from Intel in May. The 64- and 32-bit Linux versions will be available in August. The software will be downloadable from Intel's Web site at http://developer.intel.com/ial/security.
Hmm. Few details. Long time table. Could do biometrics. I smell vapor. How many monkeys could port libpam to windows by August, and make the same claims that are in this release? It looks like there is no choice but to wait and see about the license, functionality, etc.
your cost, assuming already have a net connection is $0
Unless you're using dialup. Then you have to consider:
- the opportunity cost of having your phone line busy
- the fact that a freebeer ISP (e.g. freewwweb.com) limits the continuous hours online (killing your ftp install before it's even 1/3 done) and/or requires a proprietary client program (to display advertisements) that requires proprietary Microsoft® Windows®.
There ain't no such thing as a free lunch, but $10 Mandrake at Office Depot is pretty close.And yes, I use GNOME. Latest Helix Code preview distro.
Will I retire or break 10K?
When the zealots are whorin',
Keep the posts a trollin' - Slashdot
Flames and grits and dither
minus one forever
Wishin` Natalie was by my side
All the threads I`m postin'
The karma whores we're roastin'
Flames are waiting at the end of my post
Thread `em on
Mod `em up
Thread `em on
Slashdot
Karma out
Trollin' in
Karma out
Trollin' in
Slashdot
Keep Trollin', Trollin', Trollin'
When the moderator isn`t checkin'
Keep the karma whores a guessin' - Slashdot
They don`t understand us
We love when they feed us
Soon we will get that insightful +5
My karma's in the dumper
The moderator caught me trollin''
Postin' at the top of the thread
Thread `em on
Mod `em up
Thread `em on
Slashdot
Karma out
Trollin' in
Karma out
Trollin' in
Slashdaaaaght! Slashdot!
.
.
Take all good things in moderation, including moderation.
okay. granted, and I don't know if cdsa would help out mozilla, either.
but looking at the faq here it says that all the code isn't there. I guess that is only the actual encryption and not anything else?
this has two effects:
1) Make opengroup poorer. The cdsa is the midlayer that opengroup sells for gss implementation (amoung cdsa's functionality). So intel takes it away from them and gives it to us directly. Thats good, because opengroup is really closedgroup. Look, just six months into having X and they tried to close it, until they reliezed XFree86 is deployed more then all of their members combined (suckers).
2) Provide gss on linux. Look at mozilla, they needed crypto, so they're using psm from sun (available from iplanet). PSM is closed source.
cdsa is amounth other things a gss impletmentation. GSS is an API for security for applications. encryption authorization and authentication stuff. middleware for crypto is important, as you need to be able to move on to new crypto at a sota pace, and programmers shouldn't need to get all twisted/confust in lots of different API for security (it'd hardly make it more secure if coders coded wrong). GSS isn't pam, they are different spaces. PAM is for ostools vendors with control given to system admins. gss/cdsa are for application developers.
Imagine if cdsa came out under a good opensource license (btw the osd is too generous, as we have bad "opensource" licenses), and we could add openssl and friends when RSA patent expires (in 5 months). mozilla's cryoto would be completely opensource, and linux can be used more for large corporations which would use this type of stuff.
The stuff opengroup provides a checklist for what businesses want (not that we want motif).
That's it. I'm talking out my ass, but I think this is pretty correct. Anyone disagree?
80 dollars? Redhat 6.2 costs $3.50 from cheapbytes, and thats for two cds.
Jeff
stty erase ^H
This seems like the most obvious for Intel to be developing such a system, so that joe average doesn't have to remember a password, etc. Of course, switching your data to another machine would be a problem...
Just a shot in the dark, but this seems like quite an obvious use for the UID, which may concern some people. Anybody have any thoughts or information on this?
--www.mp3.com/kruhft--
Right on there. I remember about a year ago, Kipling BagPeople had a contest going that if you could "hack" their site you'd getcherself a free bag and whatnot.
The "hack" was actually a wide-open javascript algorithm that took something like a week or two to brute force crack. I believe I still have the source somewhere for reference..
-niteq
The article linked to didn't really do much to explain CDSA... I'm curious. What does it do?
The thing that really confused me was the references in the article to this software being Itanium optimized. Fair enough then, Intel's motives could be seen as carrot dangling to persuade consumers to migrate more enthusiastically to a nascent technology platform. Then I was left wondering exactly how source code would be Itanium optimized. Surely it could be optimally tweaked and recompiled for any platform, even non-intel architectures
Possibly it is just a buzz-word. The Itanium is going to have to do good things for Intel otherwise they are going to be up the proverbial creek as far as 64 bit processors goes, and this is not a playing field they have to themselves (with 64 bit POWER, Alpha and AMD Sledgehammer processors also featuring). I suspect however that the source code makes copious use of things that the Itanium is supposed to do well - lots of use of 64 bit and longer integers in math processing, and accesses of memory in 64 bit lengths. Of course, that means that the current Athlon will also do well on the same code (see Aces hardware for an article on K7 memory access). So yes, you can write C code which favours a particular processor, as long as you understand it's strengths and weaknesses and have some appreciation of what the compiler does to your code. But I strongly suspect that knowing the most optimal set of compiler flags for a particular processor is also important in getting a given set of code to run as fast as possible.
Cheers,
Toby Haynes
Anything I post is strictly my own thoughts and doesn't necessarily have anything to do with the opinions of IBM.
Actually, it might be cheaper to buy linux (eg. from cheapbytes) than to download the thing over a modem, buy a CDR, and burn it yourself.
Jeff
stty erase ^H
This just goes to prove that the software they are releasing uses good, strong algorithms that don't rely on hiding the source for their effectiveness.
XenoWolf The Original - Since 1993
The only issue seems to be whether they can keep maintaining it open-sourced, if it is really opensourced in the first place. Now that would make them continually cool. And that is the hard thing for commercial interests to do.
However, *thwack* to ZDNet for an article that says almost nothing about CDSA, and instead focuses on marketing Itanium, Trillian, and Whistler (Windoze '01, if you didn't catch that). Note: it appears from the style of linking that this was actually three different articles that were tied together because they were related
Information wants to be free
Information wants to be free
So what? Guns want to kill, but we have laws against that.
Just because it's free, don't assume you'd actually want it.
Firstly, it's heavyweight, secondly it's an interface to a cloud of other interfaces, any one of which may be sufficient, and thirdly it drags along the assumptions of the authors about "what's good for the 'net".
As Laurence Lessig points out in Code and Other Laws of Cyberspace, a perfect authentication and identification system may be something you don't want.
--dave
davecb@spamcop.net
Many companies think that just because they are open sourcing some stuff, they'll instantly become cool. Now what (i must say) i find interesting is that this is a hardware manufacturer.
Now, only if windows were GPL'd, i might actually buy a copy ;)
All of this is, of course, IMNSHO. Cheers, Elmo
I must confess to knowing vey little about this product , but I am also led to speculate if this is going to lead to any interesting crypto algorithims leaking their way out into open-source space. Security products often mean cryptography and as we all know, cryptography often means patents, so there could be some interesting issues there.
The thing that really confused me was the references in the article to this software being Itanium optimized. Fair enough then, Intel's motives could be seen as carrot dangling to persuade consumers to migrate more enthusiastically to a nascent technology platform. Then I was left wondering exactly how source code would be Itanium optimized. Surely it could be optimally tweaked and recompiled for any platform, even non-intel architectures.
Unless of course I'm missing the point as to what the product does and there is a hardware component of some kind.
Either that or its largely an assember source code release which people could already have disassembeled for themselves. But that would be ridiculous, so I'm still left pondering. Have to wait and see I guess. Anyone got any more information, or links
-- Oh Well