This is not the point. You basically have two permissions on Unix systems--users and root. In order to get certain things done, programs often need root privileges, which means they can do *anything*. It also means you can't have an 'audit' user who can monitor the system reliably. A bad admin who is root can cover her tracks because root can do anything. (I don't think a tripwire-type solution will work here.)
All the files for one user are the same permission-wise. That means you can't jail certain progs to protect things. Groups don't help too much with this, and don't scale well.
Bottom line--Unix has some great applications, especially with its network services. But it was *never* designed as a secure OS. Basically, some guys in a lab and some guys at universities built an OS to do things they wanted to do, working with other guys they trusted. Later some rudimentary security got added in, but this was not a basic element.
Maybe, in fact, this is *why* Unix was/is popular--OS's with massive security models tend to suck to use because all that security has a usability tradeoff. Basically, you could get stuff done on Unix, and from time to time you'd figure out how to keep people from messing with the stuff you were working on after something bad happened.
Part of my work involves immigration law. A great deal of woe befalls legal residents of the US as a result of the 1996 IIRAIRA ("Immigration Reform Act of 1996") and Anti-Terrorism and Effective Death Penalty Act (AEDPA).
Among other things, the 1996 law mandates "administrative detention" (i.e. jail) for virtually all aliens in removal proceedings (sometimes for years), without regard to flight risk, community support, or family needs. The 1996 law took away second chances for first offenders, making deportation a simple "check the box" affair, regardless of the special situation ivolved in individual cases. The 1996 law has "jurisdiction stripping" provisions meant to bar review of INS/DOJ decisions by federal judges (although lawyers have managed to have some of these provisions declared unconstitutional). The 1996 laws eliminated Section 245(i), forcing many with approved "green cards" to leave to US to pick them up, often subjecting them to the new 10 year bars to return to the US.
These things can happen to people who have lived in the US for decades, or who where brought here by their parents when they were small children.
US immigration law is a complex and difficult subject too often subjected to politicking over sound policy. The 1996 changes removed many safety valves and due process considerations that lead to truly scary situations. Labling this as a "hispanic ploy" meant to be a poison pill is disingenuous. There are real issues here.
Diane Rehm had an hour long interview with the author. I remember I was driving in the middle of nowhere listening to Paterniti explain how he got the brain and how they ended up driving across the United States in a rented Buick with it. Strange!
Apparently, today's fastest supercomputers are at about 12.3 teraflops! Still, I bet the power bill on the C90 still packs a punch! (But at least you won't need a heater in the winter!)
Looking at the history of physical defense from attack (using fortifications) one can see that there was never (nor will there ever be) the Impregnable Fortress. From the Maginot Line (cf firewalls) to other defensive military structures, we find that massive, static fortifications fail because (in part) they are inflexible and therefore brittle.
Therefore, the strategy is not to build the super-fort, the one that keeps bad guys out no matter what. That doesn't work.
Instead, modern thinking on security is all about layered defenses which raise the cost of attack to (hopefully) unacceptable levels to the attacker(s), as well as preserving flexability and resiliancy.
Although IANAMH (I am not a military historian), I have read enough to generally agree with these ideas. I don't disagree with Schneyer's main thesis, I just am not that surprised by it.
Should also be Mach microkernel, a CMU research project. There was lots of discussion re. this in this 1999/. story.
For a real nerdly analysis (what more could a true hacker want:) try Inside Mac OS X: Kernel Environment, a PDF document at Apple's web site which reveals some of the details. (This stolen from a nice article on the O'Reilly Network.
A "mock" microkernel would be an alpha release indeed!
Here's an interesting archive of early 80's TELECOM-Digest. Remeber, at the time, ARPAnet and Usenet were not connected. UUCPnet users had to use a bangpath (...!ucbvax!telecom), while ARPAnet could use the now-familiar CSVAX.telecom-link@Berkeley (note the lack of.edu).
This list later became fa.telecom on Usenet. fa. groups were newsgoups ported from ARPAnet. In 1985, the group became comp.dcom.telecom when Usenet was reorganized.
The current 4.1bsd system for VAXes includes a mechanism initially
implemented at Bell Labs (after version 7) which allows a file to
be executable and start with a line:
#! interpreter
where interpreter might be/bin/sh, e.g.
#!/bin/sh
The file is then a ``true executable'', i.e. an exec() succeeds on
it in the obvious way, and the system interprets setuid and setgid
bits on the file.
Bill Joy
Of course, I wish I could time-travel-reply to Bill and say,
Say what you will about Microsoft, but their Windows Update is a really nice mechanism for distributing patches and updates - none of the Linux vendors (even Mandrake) come close to that level of functionality. Most Slashdot readers will be fairly proactive about their boxes, but that doesn't mean all Linux users are like that. They need an easier way to patch and update their boxes when holes are found.
I switched from RH Linux to FreeBSD on my *nix boxen, and I really enjoy the cvsup && make world (not the literal commands I use) method of updating versus rpm hell (the Linux universe's.dll hell?).
Maybe this is only possible with the relatively centrally controlled *BSD's, but it is nice to have practically a fresh install whenever you need it, and you know that at least the core of the OS has been tested to work together.
NB: This is not meant to engage in religous warring--just a feature I like from the *BSD side.
I don't know about FreeBSD (that page was last updated in 1995!). However, there is a NetBSD ARM page here.
According to that page:
NetBSD/arm32 is a port of the OS to a variety of ARM- and StrongARM-powered computing platforms. The port has been a work in progress for the past four years, and is maintained by
Mark Brinicombe.
That link is the most disgusting thing I have ever seen, read, or heard. I'm all for free speach, but... I think I need to puke, take a shower, go to mass, and then drink heavily. Wrong, wrong, wrong.
Society does have a tendency to fear -- and thus discriminate against -- "hackers" or anyone with a reasonable amount of technical knowledge. Why? People fear what they don't understand -- and even mor, they fear people who do understand what they cannot.
There's some truth in what you say, but I think more to the point (and especially in this case), government and entrenched powers fear those who do not conform. They fear the "other," those who buck the system.
Look at who we're talking about: 2600 & Goldstein? Techno-anarchists who reveal the nifty secrets about the technologies employed by big business? 2600 was, after all, the control tone on the old telephone switches. (Remember the Cap'n Crunch whistle!)
I may be dating myself here, but I remember 2600 back when the phone company was the #1 technology monolith. So at that time, phone phreaking was the thing. Not to make a profit, but to get on that damned network and explore the hell out of it, see what you could do,put together conference calls with other phreakers and call Australia to talk to random people. Man, you felt like you could take that inhuman monolith and harness it for your own whims. Cool. (Remember Tron? Wargames?) These were times when the concept of technical knowledge as power really came home to a certain youth group. Jumping into Telco dumpsters at 2am looking for switching manuals or software documentation!
But the phone company, of course, didn't see it that way, and they certainly didn't talk to the media about such things. It was "theft of service," and "dollar losses" were arbitarily attached in case anyone wasn't sure it was serious. And they aimed to crush anyone who continued to stand in their waw. A decent, freely available account of this period is Sterling's
The Hacker Crackdown.
Now, with that in mind, it is no surprise to hear media reports of the case as involving: "Industry fights against hackers who cracked the security of digital movies in order to make free copies."
It's not the technology, its hackers who are outside the system, hacking around, being a pain, and generally not doing what they're told. This is what scares Sony--not that they know a header file from a hole in the ground.
(BTW. Using Mozilla M17 for the first time today and it's great! What an improvement over the last version I tried. Go Moz!)
Power generation is dirty however you slice it (unless you use solar or hydro or some other "free" energy).
Even with those methods, I've heard arguments that with today's efficiencies, the environmental impact of huge solar array fields and massive wind generation sites would be very bad as well.
Seems like we either need to greatly improve solar panel technology, or come up with a new energy generation method.
Plus it's very nice to be able to synchronize the source tree with cvsup (very good util) and make world. This method of updating the core system beats Linux hands down. RPM's can get very askew after a long time, and if you mix in some source-compiled installs it can get confusing.
Not a flame, just pointing out a nice FreeBSD feature.
of course its going to be GNUPGed with the highest key length my version can generate. In the absence of back doors in the algorithm (which is why I prefer open source - better coders than I have already looked at it in detail and if there were holes I'd have read about it on BUGTRAQ) then the data I'm protecting is not invulnerable but by the time anyone has managed to crack it I'd hope it would be obsolete
The problem with this is that you forget the weak link. It's not the algorithm. It's your computer. Here's what the FBI (or pick any 3 letters you like) will do:
* go to the secret national security court to get approval (or not;) to plant a small keysniffer/program/recording device/pinhole camera;
* record your password (or just the keystrokes to your message, or just the image from your monitor);
* care less about RSA/IDEA/3DES/Blowfish.
Remember, security is harder than it looks, and only as strong as the weakest link.
The same would apply in a criminal investigation. If I were an FBI agent, and I was targeting a money launderer (e.g.) who was using PGPdisk (or whatever), the last thing I would do is try to decrypt the hard way (or give away the secret that I could decrypt by using the information in court). Rather, I would use conventional (video, telephoto) or computer-based methods (sniffers, trojans) to get your password.
I looked at the OmniSky web site; too bad they only support the V (and I have a IIIx). From their service map, Southern Arizona (where I live) seems well covered. Maybe I could hack a patch cord together:/
Also, the website seems to imply that the wireless modems are not shipping yet; are they currently available?
For those, like me, who didn't know about OmniSky, one review I google'd is at The Gadgeteer.
You make some useful observations but then wander off. Linux works well as a server, and also works well as a workstation. OpenBSD (and perhaps the whole *BSD family, to a degree) are more focused on networking and server roles ("The Power to Serve," remember?).
I use FreeBSD as a workstation and server at home, but would look at OpenBSD as a gateway or firewall box if I connect my office to the internet. I wouldn't care a whit about video cards, sound cards, and running the most current programs "natively." Nor would I want fast-paced change (probably introducting new security issues or "interesting" interactions. I would want a simple, robust, and well tested setup.
So, if I've said it once, I've said it once: TRTFTRJ (or, The Right Tool for the Right Job).
This is not to say you can't do this with Linux, but that's not an argument against OpenBSD! Also, what keeps you from compiling sshd on your "old boxes" if you administrate them??
By default, any other Unix out there cannot even connect to an OpenBSD box, b/c ssh isn't standard.
This simply isn't true. SSH is a widely used and well known service which is a far better choice for remote access for most systems than telnetd or (gasp) rshd and friends.
There are even free Java clients avaible (google for MindTerm), so any system with a VM can log into a box running sshd.
My own system at home is FreeBSD, and the only service I run for remote access in OpenSSH. Nevertheless, I manage to connect just fine.
Slashdot Mirror
This is not the point. You basically have two permissions on Unix systems--users and root. In order to get certain things done, programs often need root privileges, which means they can do *anything*. It also means you can't have an 'audit' user who can monitor the system reliably. A bad admin who is root can cover her tracks because root can do anything. (I don't think a tripwire-type solution will work here.)
All the files for one user are the same permission-wise. That means you can't jail certain progs to protect things. Groups don't help too much with this, and don't scale well.
Bottom line--Unix has some great applications, especially with its network services. But it was *never* designed as a secure OS. Basically, some guys in a lab and some guys at universities built an OS to do things they wanted to do, working with other guys they trusted. Later some rudimentary security got added in, but this was not a basic element.
Maybe, in fact, this is *why* Unix was/is popular--OS's with massive security models tend to suck to use because all that security has a usability tradeoff. Basically, you could get stuff done on Unix, and from time to time you'd figure out how to keep people from messing with the stuff you were working on after something bad happened.
---
In a hundred-mile march,
Part of my work involves immigration law. A great deal of woe befalls legal residents of the US as a result of the 1996 IIRAIRA ("Immigration Reform Act of 1996") and Anti-Terrorism and Effective Death Penalty Act (AEDPA).
Among other things, the 1996 law mandates "administrative detention" (i.e. jail) for virtually all aliens in removal proceedings (sometimes for years), without regard to flight risk, community support, or family needs. The 1996 law took away second chances for first offenders, making deportation a simple "check the box" affair, regardless of the special situation ivolved in individual cases. The 1996 law has "jurisdiction stripping" provisions meant to bar review of INS/DOJ decisions by federal judges (although lawyers have managed to have some of these provisions declared unconstitutional). The 1996 laws eliminated Section 245(i), forcing many with approved "green cards" to leave to US to pick them up, often subjecting them to the new 10 year bars to return to the US.
These things can happen to people who have lived in the US for decades, or who where brought here by their parents when they were small children.
US immigration law is a complex and difficult subject too often subjected to politicking over sound policy. The 1996 changes removed many safety valves and due process considerations that lead to truly scary situations. Labling this as a "hispanic ploy" meant to be a poison pill is disingenuous. There are real issues here.
---
In a hundred-mile march,
Diane Rehm had an hour long interview with the author. I remember I was driving in the middle of nowhere listening to Paterniti explain how he got the brain and how they ended up driving across the United States in a rented Buick with it. Strange!
The show was Teusday, Aug. 1, 2000. The direct link to the Real Audio archive is here.
Worth a listen!
---
In a hundred-mile march,
According to this article the original cost of a Cray Y-MP C90 was $30.5 million.
Some specs from utk.edu :
Apparently, today's fastest supercomputers are at about 12.3 teraflops! Still, I bet the power bill on the C90 still packs a punch! (But at least you won't need a heater in the winter!)
---
In a hundred-mile march,
---
In a hundred-mile march,
Therefore, the strategy is not to build the super-fort, the one that keeps bad guys out no matter what. That doesn't work.
Instead, modern thinking on security is all about layered defenses which raise the cost of attack to (hopefully) unacceptable levels to the attacker(s), as well as preserving flexability and resiliancy.
Although IANAMH (I am not a military historian), I have read enough to generally agree with these ideas. I don't disagree with Schneyer's main thesis, I just am not that surprised by it.
Here is a fairly interesting article called From Sandbags to Computers: What's New in Field Fortifications and Protective Structures. Maybe we can analogize some of modern military tactical theory to cyber-defense.
---
In a hundred-mile march,
Should also be Mach microkernel, a CMU research project. There was lots of discussion re. this in this 1999 /. story.
For a real nerdly analysis (what more could a true hacker want :) try Inside Mac OS X: Kernel Environment, a PDF document at Apple's web site which reveals some of the details. (This stolen from a nice article on the O'Reilly Network.
A "mock" microkernel would be an alpha release indeed!
---
---
In a hundred-mile march,
Here's an interesting archive of early 80's TELECOM-Digest. Remeber, at the time, ARPAnet and Usenet were not connected. UUCPnet users had to use a bangpath (...!ucbvax!telecom), while ARPAnet could use the now-familiar CSVAX.telecom-link@Berkeley (note the lack of .edu).
TELECOM Digest
This list later became fa.telecom on Usenet. fa. groups were newsgoups ported from ARPAnet. In 1985, the group became comp.dcom.telecom when Usenet was reorganized.
---
In a hundred-mile march,
I found some cool stuff in the NET.unix-wizards. For example:
Aucbarpa.120
/bin/sh, e.g. /bin/sh
NET.unix-wizards
utzoo!decvax!ucbvax!arpavax:wnj
Thu Aug 13 14:19:20 1981
Re: Setuid shell files
The current 4.1bsd system for VAXes includes a mechanism initially
implemented at Bell Labs (after version 7) which allows a file to
be executable and start with a line:
#! interpreter
where interpreter might be
#!
The file is then a ``true executable'', i.e. an exec() succeeds on
it in the obvious way, and the system interprets setuid and setgid
bits on the file.
Bill Joy
Of course, I wish I could time-travel-reply to Bill and say,
me!y2k!decvax!arpa!bezerkely:bjoy
Re: Setuid shell files
Are you nuts! Think of the script kiddies!
---
In a hundred-mile march,
I switched from RH Linux to FreeBSD on my *nix boxen, and I really enjoy the cvsup && make world (not the literal commands I use) method of updating versus rpm hell (the Linux universe's .dll hell?).
Maybe this is only possible with the relatively centrally controlled *BSD's, but it is nice to have practically a fresh install whenever you need it, and you know that at least the core of the OS has been tested to work together.
NB: This is not meant to engage in religous warring--just a feature I like from the *BSD side.
---
In a hundred-mile march,
morgus morphus opined:
I don't know about FreeBSD (that page was last updated in 1995!). However, there is a NetBSD ARM page here.
According to that page:
They have a short history of the NetBSD/arm32 project.
---
In a hundred-mile march,
---
In a hundred-mile march,
There's some truth in what you say, but I think more to the point (and especially in this case), government and entrenched powers fear those who do not conform. They fear the "other," those who buck the system.
Look at who we're talking about: 2600 & Goldstein? Techno-anarchists who reveal the nifty secrets about the technologies employed by big business? 2600 was, after all, the control tone on the old telephone switches. (Remember the Cap'n Crunch whistle!)
I may be dating myself here, but I remember 2600 back when the phone company was the #1 technology monolith. So at that time, phone phreaking was the thing. Not to make a profit, but to get on that damned network and explore the hell out of it, see what you could do,put together conference calls with other phreakers and call Australia to talk to random people. Man, you felt like you could take that inhuman monolith and harness it for your own whims. Cool. (Remember Tron? Wargames?) These were times when the concept of technical knowledge as power really came home to a certain youth group. Jumping into Telco dumpsters at 2am looking for switching manuals or software documentation!
But the phone company, of course, didn't see it that way, and they certainly didn't talk to the media about such things. It was "theft of service," and "dollar losses" were arbitarily attached in case anyone wasn't sure it was serious. And they aimed to crush anyone who continued to stand in their waw. A decent, freely available account of this period is Sterling's The Hacker Crackdown.
Now, with that in mind, it is no surprise to hear media reports of the case as involving: "Industry fights against hackers who cracked the security of digital movies in order to make free copies."
It's not the technology, its hackers who are outside the system, hacking around, being a pain, and generally not doing what they're told. This is what scares Sony--not that they know a header file from a hole in the ground.
(BTW. Using Mozilla M17 for the first time today and it's great! What an improvement over the last version I tried. Go Moz!)
---
In a hundred-mile march,
Even with those methods, I've heard arguments that with today's efficiencies, the environmental impact of huge solar array fields and massive wind generation sites would be very bad as well.
Seems like we either need to greatly improve solar panel technology, or come up with a new energy generation method.
I'm for the cool stuff like a new 2007 matter/antimatter Audi TT Coupe Quattro.
---
In a hundred-mile march,
Plus it's very nice to be able to synchronize the source tree with cvsup (very good util) and make world. This method of updating the core system beats Linux hands down. RPM's can get very askew after a long time, and if you mix in some source-compiled installs it can get confusing.
Not a flame, just pointing out a nice FreeBSD feature.
DONTdave@SPAMworldserpent.MEorg wrote:
The problem with this is that you forget the weak link. It's not the algorithm. It's your computer. Here's what the FBI (or pick any 3 letters you like) will do:
* go to the secret national security court to get approval (or not ;) to plant a small keysniffer/program/recording device/pinhole camera;
* record your password (or just the keystrokes to your message, or just the image from your monitor);
* care less about RSA/IDEA/3DES/Blowfish.
Remember, security is harder than it looks, and only as strong as the weakest link.
The same would apply in a criminal investigation. If I were an FBI agent, and I was targeting a money launderer (e.g.) who was using PGPdisk (or whatever), the last thing I would do is try to decrypt the hard way (or give away the secret that I could decrypt by using the information in court). Rather, I would use conventional (video, telephoto) or computer-based methods (sniffers, trojans) to get your password.
I looked at the OmniSky web site; too bad they only support the V (and I have a IIIx). From their service map, Southern Arizona (where I live) seems well covered. Maybe I could hack a patch cord together :/
Also, the website seems to imply that the wireless modems are not shipping yet; are they currently available?
For those, like me, who didn't know about OmniSky, one review I google'd is at The Gadgeteer.
Geoff
I agree. Wouldn't it be cool to SSH into your freenix box during a hike?
Seems to me that any web page with a decent text-only version (i.e. one that renders well on lynx) should work on a Palm.
When you surf on a Palm, you're looking for content, not presentation.
Geoff
You make some useful observations but then wander off. Linux works well as a server, and also works well as a workstation. OpenBSD (and perhaps the whole *BSD family, to a degree) are more focused on networking and server roles ("The Power to Serve," remember?).
I use FreeBSD as a workstation and server at home, but would look at OpenBSD as a gateway or firewall box if I connect my office to the internet. I wouldn't care a whit about video cards, sound cards, and running the most current programs "natively." Nor would I want fast-paced change (probably introducting new security issues or "interesting" interactions. I would want a simple, robust, and well tested setup.
So, if I've said it once, I've said it once: TRTFTRJ (or, The Right Tool for the Right Job).
This is not to say you can't do this with Linux, but that's not an argument against OpenBSD! Also, what keeps you from compiling sshd on your "old boxes" if you administrate them??
Geoff
This simply isn't true. SSH is a widely used and well known service which is a far better choice for remote access for most systems than telnetd or (gasp) rshd and friends.
There are even free Java clients avaible (google for MindTerm), so any system with a VM can log into a box running sshd.
My own system at home is FreeBSD, and the only service I run for remote access in OpenSSH. Nevertheless, I manage to connect just fine.
Geoff