struct security_checks_struct {
int (*execve)(struct task_struct *tsk,struct binprm *new);
int (*file_open)(struct file *);
int (*raise_capability)(... ... ... selinux had about 140 points they wanted to hook into.. ... others probably have a few more. ...
};
Linus, first of all, for this kind of stuff, they invented C++: easy encapsulation of data and methods on that data in simple objects, no functionpointers in structs anymore, and last but not least: polymorphism!
Second, since the mailinglist is about design aspects, why is code popping up? functionality is designed without looking at CODE. It's designed by defining WHAT functionality should be implemented. THEN you dive into a technical designphase and perhaps you come up with pseudocode. Not in THIS phase.
This new security model can be a big part of the kernel, perhaps a lot has to be changed to adapt the security model in every part of the kernel (like it's done in WIn2k f.e.) to have true ACL driven security inside the OS. You can't design that with codesnippets.
Everyone with a creditcard is in the big database of the creditcard company that is datamined every damn day. Do you worry? I don't think so.
Ever worried if a waiter in a restaurant would use your creditcard number, exp date etc for fraud? I don't think so.
Then again, why are you so paranoid when a (not 'the') service is provided by a company? you don't HAVE TO use that service. And if you do, would it be any more risky than using a creditcard and give a lot of your financial information to a creditcardcompany? --
The US government has disagreed to sign the privacy agreement with the EU, because it could 'hurt' big companies, therefor the privacy laws and policies are in the US less strict than in the EU, so if you want a stricter privacy law in the US, direct your arrows to the government of the US, since they could have put a law in place that forces every website in the US to obey strict privacy policies, but they refused to do that.
So if a company uses less strict privacy policies they are legally able to do that (if it's morally right is another thing). --
I have the english version of 5.5 sp1. I'll check if I got the wrong patch (still stupid to release 2 files though:(, why not 1 patch) The files are no problem, but upgrading or re-installing IE on a machine that already has 5.5 sp1 is not possible.
Yeah I got the same remark that I didn't need the patch. Perhaps this comes from the fact that my Outlook and Outlook express are both using 'Restricted Zone' as default zone for all mail and news, thus all mail and news are threatened as if it comes from a site in that restricted zone, and all security settings are set to 'max' for that zone, i.e.: no script nor activeX component will be started.
I also dunno how to 'upgrade' my IE, since I already run 5.5 sp1, the latest released version. --
Don't change the name. Just because the name sounds familiar, you don't supply a product thats confusing with their products. Here we have Dove soap and Dove chocolate. Different companies, different products, same (trademarked!) name. Since your lib is not a graphics api for primitives like OpenGL, why bother. It's not your fault in the English Language Library and Language start both with the same letter.
Keep up the good work, m8, and don't let them scare you.
FB, author of DemoGL, which is named that way because it makes OpenGL development easier and it seemed logical to me to use 'GL' in the name to point out that OpenGL is the API supported and has to be used by the developer to write the effects in. --
SGI is not doing well financially, OpenGL support among developers is still huge but getting smaller, especially with Dx8 now out in the fields. They seriously should consider these kind of actions 'irresponsible' since it will hurt the developer-SGI relation: projects that have the 'GL' in their name are mostly projects that build ONTOP of OpenGL or add functionality to it so it's easier for developers to use..... OpenGL and thus make it easier to attrackt developers towards OpenGL.
As much as some people seem to hate MS, I never had these kind of experiences with them, so if SGI knocks at my door to change DemoGL into something else and to change the logo, I'll hop ship. It will take time to adapt d3d into DemoGL but I don't wish to support an API which owner bullies users of that API and bullies developers that make that API more succesful. OpenGL development is already a pain with all the extensions and no good central, general documentation for all these extensions with examples and tutorials, unlike D3D. These SGI actions will only make it worse. --
Here in the netherlands, a TV station changed their name into 'ME'. (don't ask). The fashion company 'WE' complained and filed a lawsuit which they won. 'ME' has now changed their name again which costed millions.
It IS possible. I simply dont understand WHY sgi is doing this. HP OpenView, will that have to change its name too? hehe HP will buy sgi instead I think:) --
I'm the author of DemoGL, the free open source execution platform for opengl effects, and I haven't received any letter nor mail from SGI yet.
It's hard to understand why SGI is doing this. OpenGL is really suffering these days from the more maturing D3D api, and this will not do any good to the reputation of OpenGL. Projects like DemoGL, GLUT, DelphiGL and others are started because it's necessary to have a platform that makes it easy to develop OpenGL based effects, thus HELPS in supporting the development of OpenGL. If SGI is pushing these projects to change their names, it's very likely that they will abandon OpenGL at all.
For me, if SGI wants me to change the name of DemoGL I will first think of fighting it (I'm in the Netherlands, Europe, dunno if SGI has the trademark here to plus my parents in law are both a judge so free legal advice is at hand;)) and if I don't have a change then I'll port DemoGL to D3D and will abandon OpenGL at all.
SGI has to understand it's the developers at the moment which keep OpenGL alive. Scaring away these developers will scare away the lifesource OpenGL needs so much these days.
PS: the email address in the header is fake, in case you didn't know that;) --
I don't get it... this article is about seeds, patents, stupid judges and a fucked farmer. Not about software, microsoft, linux, Internet Explorer nor Bill Gates' mother. Why do you have to twist it to get Microsoft bashing into this discussion? Can we for once just leave the subject, please? --
Percy Schmeiser claims that the seeds blew onto his farm from passing seed trucks and from neighboring farms. The court held that regardless of whether he planted them deliberately or if he merely found them growing on his farm, it was his responsibility to destroy the seeds and seedlings or pay royalties
How can poor Percy know if a seed is mutated or not? Ok, when it's obvious from the outside, then it's a no-brainer, but most modifications in plants are not visible from the outside. So a farmer has to DNA test all weedplants on his acres if there is SOMEHWERE a plant grown from a foreign seed? Yeah, that will be good for the world food economy! Can I borrow $100? I'd like to buy some bread. --
There is a bug, MS released a patch, thanks to the generous Juan Carlos Cuartango and everyone can go on with their lives.
/., you will have a busy time, reporting all KB articles about security of all MS products, as you also report all security related documents about all Linux related software of course. I think bugtraq can file for chapter 11. --
You know what's really stupid about this? That this is about 'freedom' of speech, while it's not about freedom at all. You know what real freedom is? A 13 year old girl who can get birthcontrol for free, any woman who can have a SAFE and HUMAN abortion when she wants, gay people who want to get married.
That's right. Today in the Netherlands, 2 gay people official marry. Because here, real freedom is implemented. We have abortion clinics, the lowest amount of childbirths among teenagers in the world, and the lowest amount of anti-abortion fanatics.
Also, to the people who think abortion doctors kill babies: they don't. They remove cells from a body, like when you give blood at the hospital, or when your butt gets a liposuction. Think about the 30 million CHILDREN you kill every time you're wanking at night and the semen hits the sheets, or when your wife gets her period.
Abortion is only called abortion when the cells developed from the conception are not forming all basic human characteristics, thus before the 26th week.
Oh... and 'pro'-life, means 'in favor of' life. Doctors have also lifes. Think about that for a change. --
Everyone can setup a certificate server and give out certificates. Do you check the contents of the certificates? most people don't. They just see "ah! A certificate! so it's ok!", while there is a possibility it's not ok.
Verisign gave out the wrong certificates. If browsers now already have stored these certificates as 'safe', users should remove them, but it's VERISIGN's fault. They should have been more careful when they gave out the certificates. the person who now got the certificates could also have used 'Sun' or 'Red Hat' or any other company. Would that company then be 'the faulty'? NO. --
GNUstep doesn't get the attention that some of the window managers' get, but I think the diversity of the desktop interface is one of the more fun aspects of open source.
Hemos, where's the 'fun' part? Ok, perhaps at the 'user's side, but definitely not on the developer side. Developing an application that needs a GUI is a pain when you have to support more than 1 GUI-toolkit so it will work on all windowmanagers. So I clearly don't understand why a diversity of GUI's is a cool thing. The more windowmanagers/gui toolkits there are created, the more the application developers have to use OR a windowing library that lays on TOP of all these toolkits and is most of the time slower, OR create more than 1 version for all toolkits OR just pick one and develop for that toolkit/windowmanager and leave the rest.
In all situations, not that productive, at best. For an application developer it's key that the application developed will run on as most target systems as possibel, or at least on almost all systems used by the group targeted by the application. When you target Linux users, with the more windowmanagers there are, the more time you have to spend before you reach your target group. For a hobby project perhaps not that important, but for commercial applications or applications that have to gain money in some other way, it's hell. --
Perhaps I lack some knowledge on the subject, but it appears to me that this will be the first move towards a gui subsystem in kernelspace, thus that the framebuffer as it is now will be extended with a windowing subsystem that is then controlled by a higher layer in userland.
Which will result in a world without X-Windows. allthough remote-desktop functionality of X is cool, the X structure itself is pretty overkill, so IMHO it's a good move. --
Nope, not even that. It's your super smart electoral college system that does it for you.
Or, you can put it the way Letterman did:
"You can be the vice president during one of the most prosperous time in Americas history, run for office against a dumb guy, get more votes and still lose"
Yeah Letterman rules:). I'm not an american though. --
Ok, I know what you mean about the NT admins, the MCSE stuff (I've a 9 exam MCSE diploma but that was years ago;)). I however disasgree MS solutions will cost more. The MSDN universal subscription will cost you 2500$ max. for 1 year. But indeed MS tech support is expensive as RH's is. It's however IMHO not possible for RH to put as much information online about the products they support/sell as MS does, simply because they make money selling that INFO. That's a difference.
But you're one of the first people I see here talking realistically when it comes to Linux and business. Too many times people just do instead of think first: how will it cost me if I do it myself and how much will it cost me if I let somebody else do it for me? (excluding the fun factor). I build the servers here myself but that's because I think it's fun and it's my company and my spare time so who cares;) but when you think of it: doing it during work ours will cost you loads of money: so call dell and order a few boxes instead.:)
Plus, with all the costs, it also has to fit in the knowledge people have. My university had only Unix boxes, now I'm a MS only shop, because we specialised in developing technology specific for win32. Switching to another platform will cost us a lot, staying on win32, with all the knowledge we already have, costs us way less.
Doesn't it? the TCO will then be as high as say a solaris powered machine instead of a RH powered machine. (or, to feed the greedy troll's mouth: a win2k powered machine instead of a RH machine).
or even higher.
So my question is then: why still using RH software even if you have to pay $20,000,- when you get MSDN, KB etc for free with your copy of Win2k server, costing 1200$ or less. Or get Solaris, (75$) and pay for support, from an organisation that is probably still around next year, which is not the same for RH.
I do understand what you mean by support and it makes perfect sense. However I doubt it that it will still make Linux 'cheaper' (as in costing less money) than alternatives that cost money to get a license, but are cheaper (as in: costing less money) in support. --
The system Eazel released is in fact active desktop and related tools found in windows9x/win2k, for quite some time now (since IE4.0). Remember Bill Gates when he said "Information at your fingertips"... well that's what he ment. However, are there succesful 'service' providing companies working with Active Desktop or similar services? no. (and that's with an installed base of 90% of the desktop computers in the world). Now, you expect to get a company, that targets its services on 5% or less of the desktop PC's to be succesful? Also when considering that the target groups are used to use FREE software and FREE services online?
after each hotfix. I always run then one after the other, after the SP6 and SP6a hotfix crap. So I have a screen full of 'reboot now' messageboxes. I click one and there ya go.
This works because you have to understand why you have to reboot: a) because dll's are updated ON DISK which were loaded in memory, so you have to reload them to see the fix get effective (thus reboot, or restart all services) and b) sometimes fixes take place in the system registry (HKLM etc). This is also loaded during boottime (in NT4) and you have to reboot to make several fixes take effect (esp. network related fixes).
So if you apply the fixes in this order: SP6, SP6a (SP6 upgradefix for Compaq machines and others), all Post SP6 hotfixes and THEN reboot, it's ok. You save yourself a lot of time.
Oh, and I do program VB/ASP sometimes, yes I do know a lot about programming AND NT administration. Don't insult people with stupid remarks, it's of no use. --
This is not a flame/troll, I just wondered: would a Linux kernelprogrammer now be transformed into an IBM volunteer (i.e.: an employee without a paycheck)?
Think about it: GNU is about free software. Now the people who worked HARD to make it the way it is today and free are in fact working for a big bad money hungry company. Without any reward. --
Slashdot Mirror
(Linus wrote:)
struct security_checks_struct {
...
... selinux had about 140 points they wanted to hook into ..
... others probably have a few more.
...
int (*execve)(struct task_struct *tsk,struct binprm *new);
int (*file_open)(struct file *);
int (*raise_capability)(...
};
Linus, first of all, for this kind of stuff, they invented C++: easy encapsulation of data and methods on that data in simple objects, no functionpointers in structs anymore, and last but not least: polymorphism!
Second, since the mailinglist is about design aspects, why is code popping up? functionality is designed without looking at CODE. It's designed by defining WHAT functionality should be implemented. THEN you dive into a technical designphase and perhaps you come up with pseudocode. Not in THIS phase.
This new security model can be a big part of the kernel, perhaps a lot has to be changed to adapt the security model in every part of the kernel (like it's done in WIn2k f.e.) to have true ACL driven security inside the OS. You can't design that with codesnippets.
--
Ever worried if a waiter in a restaurant would use your creditcard number, exp date etc for fraud? I don't think so.
Then again, why are you so paranoid when a (not 'the') service is provided by a company? you don't HAVE TO use that service. And if you do, would it be any more risky than using a creditcard and give a lot of your financial information to a creditcardcompany?
--
So if a company uses less strict privacy policies they are legally able to do that (if it's morally right is another thing).
--
Thanks, I'll check for that other 'patch'
--
I also dunno how to 'upgrade' my IE, since I already run 5.5 sp1, the latest released version.
--
Keep up the good work, m8, and don't let them scare you.
FB, author of DemoGL, which is named that way because it makes OpenGL development easier and it seemed logical to me to use 'GL' in the name to point out that OpenGL is the API supported and has to be used by the developer to write the effects in.
--
As much as some people seem to hate MS, I never had these kind of experiences with them, so if SGI knocks at my door to change DemoGL into something else and to change the logo, I'll hop ship. It will take time to adapt d3d into DemoGL but I don't wish to support an API which owner bullies users of that API and bullies developers that make that API more succesful. OpenGL development is already a pain with all the extensions and no good central, general documentation for all these extensions with examples and tutorials, unlike D3D. These SGI actions will only make it worse.
--
It IS possible. I simply dont understand WHY sgi is doing this. HP OpenView, will that have to change its name too? hehe HP will buy sgi instead I think :)
--
It's hard to understand why SGI is doing this. OpenGL is really suffering these days from the more maturing D3D api, and this will not do any good to the reputation of OpenGL. Projects like DemoGL, GLUT, DelphiGL and others are started because it's necessary to have a platform that makes it easy to develop OpenGL based effects, thus HELPS in supporting the development of OpenGL. If SGI is pushing these projects to change their names, it's very likely that they will abandon OpenGL at all.
For me, if SGI wants me to change the name of DemoGL I will first think of fighting it (I'm in the Netherlands, Europe, dunno if SGI has the trademark here to plus my parents in law are both a judge so free legal advice is at hand ;)) and if I don't have a change then I'll port DemoGL to D3D and will abandon OpenGL at all.
SGI has to understand it's the developers at the moment which keep OpenGL alive. Scaring away these developers will scare away the lifesource OpenGL needs so much these days.
PS: the email address in the header is fake, in case you didn't know that ;)
--
So, now we have 2 april fool days? a whole week?
--
I don't get it... this article is about seeds, patents, stupid judges and a fucked farmer. Not about software, microsoft, linux, Internet Explorer nor Bill Gates' mother. Why do you have to twist it to get Microsoft bashing into this discussion? Can we for once just leave the subject, please?
--
How can poor Percy know if a seed is mutated or not? Ok, when it's obvious from the outside, then it's a no-brainer, but most modifications in plants are not visible from the outside. So a farmer has to DNA test all weedplants on his acres if there is SOMEHWERE a plant grown from a foreign seed? Yeah, that will be good for the world food economy! Can I borrow $100? I'd like to buy some bread.
--
--
That's right. Today in the Netherlands, 2 gay people official marry. Because here, real freedom is implemented. We have abortion clinics, the lowest amount of childbirths among teenagers in the world, and the lowest amount of anti-abortion fanatics.
Also, to the people who think abortion doctors kill babies: they don't. They remove cells from a body, like when you give blood at the hospital, or when your butt gets a liposuction. Think about the 30 million CHILDREN you kill every time you're wanking at night and the semen hits the sheets, or when your wife gets her period.
Abortion is only called abortion when the cells developed from the conception are not forming all basic human characteristics, thus before the 26th week.
Oh... and 'pro'-life, means 'in favor of' life. Doctors have also lifes. Think about that for a change.
--
See title
--
Verisign gave out the wrong certificates. If browsers now already have stored these certificates as 'safe', users should remove them, but it's VERISIGN's fault. They should have been more careful when they gave out the certificates. the person who now got the certificates could also have used 'Sun' or 'Red Hat' or any other company. Would that company then be 'the faulty'? NO.
--
In all situations, not that productive, at best. For an application developer it's key that the application developed will run on as most target systems as possibel, or at least on almost all systems used by the group targeted by the application. When you target Linux users, with the more windowmanagers there are, the more time you have to spend before you reach your target group. For a hobby project perhaps not that important, but for commercial applications or applications that have to gain money in some other way, it's hell.
--
Which will result in a world without X-Windows. allthough remote-desktop functionality of X is cool, the X structure itself is pretty overkill, so IMHO it's a good move.
--
Yeah Letterman rules :). I'm not an american though.
--
Dubya missed it and decided that the greenhouse effect isn't caused by polution... :(
--
But you're one of the first people I see here talking realistically when it comes to Linux and business. Too many times people just do instead of think first: how will it cost me if I do it myself and how much will it cost me if I let somebody else do it for me? (excluding the fun factor). I build the servers here myself but that's because I think it's fun and it's my company and my spare time so who cares ;) but when you think of it: doing it during work ours will cost you loads of money: so call dell and order a few boxes instead. :)
Plus, with all the costs, it also has to fit in the knowledge people have. My university had only Unix boxes, now I'm a MS only shop, because we specialised in developing technology specific for win32. Switching to another platform will cost us a lot, staying on win32, with all the knowledge we already have, costs us way less.
Good luck with your business.:)
--
or even higher.
So my question is then: why still using RH software even if you have to pay $20,000,- when you get MSDN, KB etc for free with your copy of Win2k server, costing 1200$ or less. Or get Solaris, (75$) and pay for support, from an organisation that is probably still around next year, which is not the same for RH.
I do understand what you mean by support and it makes perfect sense. However I doubt it that it will still make Linux 'cheaper' (as in costing less money) than alternatives that cost money to get a license, but are cheaper (as in: costing less money) in support.
--
I don't think so.
--
This works because you have to understand why you have to reboot: a) because dll's are updated ON DISK which were loaded in memory, so you have to reload them to see the fix get effective (thus reboot, or restart all services) and b) sometimes fixes take place in the system registry (HKLM etc). This is also loaded during boottime (in NT4) and you have to reboot to make several fixes take effect (esp. network related fixes).
So if you apply the fixes in this order: SP6, SP6a (SP6 upgradefix for Compaq machines and others), all Post SP6 hotfixes and THEN reboot, it's ok. You save yourself a lot of time.
Oh, and I do program VB/ASP sometimes, yes I do know a lot about programming AND NT administration. Don't insult people with stupid remarks, it's of no use.
--
Think about it: GNU is about free software. Now the people who worked HARD to make it the way it is today and free are in fact working for a big bad money hungry company. Without any reward.
--