I don't really have time to answer your other points, but systrace is in the base system, and to my knowledge it has never been in ports. So yes if you do a fresh install of OpenBSD 3.2 or later you will get systrace.
The problem is not a lack of an implementation, but not any implementation will do. It has to be suitable, and meet the OpenBSD project goals.
AppArmour and RSBAC are GPL. Trusted BSD is rather large, relies on some FreeBSDisms, and IMO is overengineered, I think it would be quite a hard sell, but there may be useful ideas. The fact is that even if something useful can be pulled out of Trusted BSD, someone is going to have to put in the time and do it. The reason they might do this, thankless or not, is because they want some sort of MAC in OpenBSD:-).
I think there is a fair amount of FUD on both sides. A few people do try to make out that MAC is a critical security component, when in fact it is merely a useful tool, and as all discussions so far show, it is far from being universally loved or adopted.
systrace is a good example of my point, despite being attacked by some developers, it was added to the kernel and base system, and recent discussions on removing it have decided to leave it alone despite its problems because it is useful as a ports debugging tool.
With due respect, I think both you and the author of the "insecure" article have some fundamental misunderstandings about OpenBSD and the way the project works.
Just to note I don't speak for the project here, this is just my impressions from being involved for a short time.
Firstly, jokes about theocracy aside, OpenBSD is not a dictatorship. There are a lot of developers, and they don't all agree about everything.
So, even if some OpenBSD developers say they are skeptical about MAC, it doesn't mean all are, or that there is no way to salvage it, or that any code involving the term MAC would be dismissed out of hand. It just means that as it is now, well, they are skeptical. And nobody has appeared with suitable code to change minds. And perhaps that developers are tired of hearing about it from people who manifestly aren't going to contribute.
Secondly, in OpenBSD, contribution drives everything. People who write articles or feature requests or posts on Slashdot are taken much less seriously (if they are taken seriously at all) than people who contribute to the project. Many other OSS projects are the same, but in OpenBSD it is very plain.
Thirdly - and this is something most people seem to miss - any MAC implementation must meet the projects' goals (which are something that no current implementation I have seen does, and certainly not one which anyone has submitted code to implement in OpenBSD). At least it must: be good code; be appropriately licensed; be simple and understandable; be documented; and (important!) be secure by default.
So, if you sit down, design and write a MAC framework that meets those criteria, it will be properly considered. You will have to fight your corner, of course, and make a case that persuades others why it is useful, and accept review and make changes if necessary, but if you are prepared to do the work it will be taken seriously - it may not be accepted, but it will be given a lot more weight than writing an article about it.
The fact is that until someone is prepared to stop talking and hack on MAC support, this whole thing is really a nonissue inside the project. All developers have their own interests (sometimes many of them) and at the moment it is clear none of them care enough about MAC (whether it has benefits or not) strongly enough to get involved.
It is a volunteer project - there is only one full time developer - and like all such it is a compromise between support and new features, and it happens that at the moment most people prefer doing development rather than maintenance. If everyone was interested in maintenance, OpenBSD releases might have a longer lifetime, but development pace would be considerably slower.
The fact is that as OpenBSD, unlike Linux, does not have large commercial backers, so unless people donate their time and money to work on the things they consider important, it becomes unlikely to happen. Perhaps you would like to donate some of your time to supporting older releases? I can say with some confidence that if you prefer just to complain, most OpenBSD users and developers will care very little for your opinions.
Note that there are commercial organizations providing OpenBSD support if you require it.
I don't know where you get your ideas about poor hardware support, OpenBSD hardware support is not hugely worse than, for example, FreeBSD, and better in some areas.
> I wonder what Theo will say about all this? 9 times out of 10 he tends to scorn things, > so I wonder if he'll embrace this with open arms, or just shun it like he does most things.
This is an official OpenBSD effort, all of the directors are OpenBSD developers. I'm sure Theo was pretty central to setting it up, he is unlikely to shun it.
This kind of belligerent, vague question is probably the reason this person doesn't get answers. Very few people with actual, genuine clue are going to get involved when the person asking hasn't even tried to make their initial question complete or useful. It not only looks like this person has an attitude but that they are also going to make anyone who answers do a lot of work to get enough clear information out of them, such as their set up and what they've tried already, so they can give an answer. Many people help others on IRC (without being paid, in their own, personal free time) because they enjoy it, and if it looks like someone is going to be unnecessarily hard to help, many will just go do something else.
...how about a Google section so only a few Google stories make it to the front page? Hardcore Google-watchers can go read it and the rest of us can be spared seeing so many uninteresting Google stories. I can't be the only one getting sick of seeing so many.
> Left was Select, right was Menu, and middle was Adjust.
Actually, middle is Menu and right is Adjust.
Otherwise you're spot on.
RISC OS was (and still is) far behind the times in many areas, but this UI feature was not one of them. It was extremely fast and easy to use, especially on the early Archimedes which had three really distinct mouse buttons.
Yes, you're right. It is slightly more sane if I'd looked at the ex-VAT price:-).
It almost numbers them among the few companies who aren't persistently trying to shaft everyone in.uk on price while pretending it is justified.
Guess I judged it a little too fast;-). There are just far too many cases where someone has obviously gone "hmm, 1 ukp == 1.9 usd, let's price them at X in both countries and pretend it's just natural extra costs!".
> This is a political campaign site with > political campaign propaganda. And since there > are still an extremely wide variety of ways to > get at its content and information from outside > the US, it's obviously not some kind > of "international censorship".
That isn't the point. It is extremely insulting, even if it is hardly surprising, to see that George W Bush cares so little about the rest of the world that he is not even prepared to allow them to follow his campaign on his _official_ site. If he thinks it is unimportant that we see his _propaganda_, he plainly doesn't care what we think. Sure, there are plenty of other sites - and mirrors - but this is the only site that represents him personally.
Bandwidth is a very poor reason for further damaging what little goodwill many of those outside America still have towards G W Bush.
You can take the Mao quotes but I have to object to the Marx one.
> Of course, and socialist or communist aims have never had stupid or evil intent: > > "...the theory of the Communists may be summed up in the single sentence: Abolition of private property" > Marx
Yes, and? I fail to see either stupid or evil intent:-).
More Marx: "Communism deprives no man of the power to appropriate the products of society; all that it does is to deprive him of the power to subjugate the labor of others by means of such appropriation"
> Agnostics are intellectual cowards. Reason tells you that there is no god.
> Take evolution for example....
You are assuming that agnostics refuse to rule out a specifically Christian God. Reason may tell you that evolution happens and that the Bible is illogical and inconsistent but it does _not_ prove that there is no supreme being (or God, for want of a better term). Atheism is nothing more than a different kind of faith. Whether it is better to have faith in reason or faith in God is another argument altogether.
Agnosticism does not give equal credence to religion over scientific proof. Evolution happens and those who say otherwise are misguided, but this is proof against a literal Christian Bible God, not proof against any God.
Agnosticism is the sole logical position. It is simply _not possible_ to prove or disprove the existence of God through anything other than philisophical tricks and faith. Sure, you can show that the Bible is not literal, but try proving that there is no god of any kind. Agnosticism, for me, is simply the acceptance that this is impossible, at the moment.
Personally, as an agnostic, I see that the balance of evidence is against the existence of God and live according to the theory that there is no God, but I do not have enough faith to say that this is so without doubt. Really, I don't understand what the issue is, I don't believe in a specific God but I don't see any need to refuse to accept one might exist. When there is a lack of proof on both sides, there is no reason that one or the other must be chosen. Whatever I do, or anyone else does, it can't prove that God exists or doesn't, and allegations of intellectual cowardice are not going to change that fact.
A lot of PCBs are washed after production (not with water though afaik). There are some components that don't like it but generally so long as they aren't powered up when wet, it isn't done too often or for too long and the water is pretty clean (and not salt), most electronics can handle it. I have no idea what water would do to the insides of a hard disc though.
Some are alright even when wet with power:-). I've had several friends who have had mobile phones completely soaked through. Always take the battery out, leave for a couple of days to dry and they usually work fine...:-)
Where I work we've done similar bodges to some of the stuff already mentioned, soldering pins onto CPUs, replacing dodgy power connectors on laptop mboards (most are >2 layers so can make it touch and go), etc. Since we've got the kit we usually try to bodge anything broken... if it still doesn't work we haven't lost anything:-).
> You may be saying something, but no one is listening.
Just as a minor point of interest: Here in the UK, not voting is much the best way of signalling unhappiness with the process. Nobody takes any notice of spoilt ballets, votes for the minor parties (unless thay are the BNP), etc, but if there is a low turnout it is a big issue.
Sure, one of the big parties still wins, but hey, what is the difference now?
You make some great points. One addition though: when you consider that for Europeans 9/11 was not the largest hate crime of all time, it may at least partially explaining why European hate speech laws are as they are.
Perhaps the reporter just wanted to point out Mac and Unix-variants aren't affected? Mentioning them in a positive light can hardly be too bad, can it?
IMO "the average person" is far more likely to know they _don't_ have a Mac, and therefore assume their computer is affected then to believe that because it doesn't say Windows, they're fine.
I think mainly because they learned from Vietnam that there is nothing more likely to bring the war into disfavour at home that the loss of American lives.
Thus has war become a TV drama.
Kudos to the US forces for saving the lives of their servicemen with technology. I just can't help but question their motives, and whether it the lack of casualties that makes war so acceptable to (as someone mentioned above) 76% of the US public, not to mention the US government.
Yes, I know. I'm a cynic. And for anyone looking for ammunition, also a communist:-).
Re:but will it be as good as VGAP?
on
The Long-Awaited MOO!
·
· Score: 2, Informative
VGAP is still alive and well... There are many hosts still out there. Among the best:
Yeah, damn right... why not a little 'links related to this post' section _below_ the message? That might actually be useful... occasionally something interesting could be thrown up.
Slashdot Mirror
I don't really have time to answer your other points, but systrace is in the base system, and to my knowledge it has never been in ports. So yes if you do a fresh install of OpenBSD 3.2 or later you will get systrace.
See eg http://www.openbsd.org/cgi-bin/cvsweb/src/sys/dev/systrace.c
The problem is not a lack of an implementation, but not any implementation will do. It has to be suitable, and meet the OpenBSD project goals.
AppArmour and RSBAC are GPL. Trusted BSD is rather large, relies on some FreeBSDisms, and IMO is overengineered, I think it would be quite a hard sell, but there may be useful ideas. The fact is that even if something useful can be pulled out of Trusted BSD, someone is going to have to put in the time and do it. The reason they might do this, thankless or not, is because they want some sort of MAC in OpenBSD :-).
I think there is a fair amount of FUD on both sides. A few people do try to make out that MAC is a critical security component, when in fact it is merely a useful tool, and as all discussions so far show, it is far from being universally loved or adopted.
systrace is a good example of my point, despite being attacked by some developers, it was added to the kernel and base system, and recent discussions on removing it have decided to leave it alone despite its problems because it is useful as a ports debugging tool.
With due respect, I think both you and the author of the "insecure" article have some fundamental misunderstandings about OpenBSD and the way the project works.
Just to note I don't speak for the project here, this is just my impressions from being involved for a short time.
Firstly, jokes about theocracy aside, OpenBSD is not a dictatorship. There are a lot of developers, and they don't all agree about everything.
So, even if some OpenBSD developers say they are skeptical about MAC, it doesn't mean all are, or that there is no way to salvage it, or that any code involving the term MAC would be dismissed out of hand. It just means that as it is now, well, they are skeptical. And nobody has appeared with suitable code to change minds. And perhaps that developers are tired of hearing about it from people who manifestly aren't going to contribute.
Secondly, in OpenBSD, contribution drives everything. People who write articles or feature requests or posts on Slashdot are taken much less seriously (if they are taken seriously at all) than people who contribute to the project. Many other OSS projects are the same, but in OpenBSD it is very plain.
Thirdly - and this is something most people seem to miss - any MAC implementation must meet the projects' goals (which are something that no current implementation I have seen does, and certainly not one which anyone has submitted code to implement in OpenBSD). At least it must: be good code; be appropriately licensed; be simple and understandable; be documented; and (important!) be secure by default.
So, if you sit down, design and write a MAC framework that meets those criteria, it will be properly considered. You will have to fight your corner, of course, and make a case that persuades others why it is useful, and accept review and make changes if necessary, but if you are prepared to do the work it will be taken seriously - it may not be accepted, but it will be given a lot more weight than writing an article about it.
The fact is that until someone is prepared to stop talking and hack on MAC support, this whole thing is really a nonissue inside the project. All developers have their own interests (sometimes many of them) and at the moment it is clear none of them care enough about MAC (whether it has benefits or not) strongly enough to get involved.
Of course you can order a CD and then download. Buying a CD is a way of supporting the project, not just an installation mechanism.
It is a volunteer project - there is only one full time developer - and like all such it is a compromise between support and new features, and it happens that at the moment most people prefer doing development rather than maintenance. If everyone was interested in maintenance, OpenBSD releases might have a longer lifetime, but development pace would be considerably slower.
The fact is that as OpenBSD, unlike Linux, does not have large commercial backers, so unless people donate their time and money to work on the things they consider important, it becomes unlikely to happen. Perhaps you would like to donate some of your time to supporting older releases? I can say with some confidence that if you prefer just to complain, most OpenBSD users and developers will care very little for your opinions.
Note that there are commercial organizations providing OpenBSD support if you require it.
I don't know where you get your ideas about poor hardware support, OpenBSD hardware support is not hugely worse than, for example, FreeBSD, and better in some areas.
> I wonder what Theo will say about all this? 9 times out of 10 he tends to scorn things,
> so I wonder if he'll embrace this with open arms, or just shun it like he does most things.
This is an official OpenBSD effort, all of the directors are OpenBSD developers. I'm sure
Theo was pretty central to setting it up, he is unlikely to shun it.
> Why won't my fucking Linux computer print?
This kind of belligerent, vague question is probably the reason this person doesn't get answers. Very few people with actual, genuine clue are going to get involved when the person asking hasn't even tried to make their initial question complete or useful. It not only looks like this person has an attitude but that they are also going to make anyone who answers do a lot of work to get enough clear information out of them, such as their set up and what they've tried already, so they can give an answer. Many people help others on IRC (without being paid, in their own, personal free time) because they enjoy it, and if it looks like someone is going to be unnecessarily hard to help, many will just go do something else.
...how about a Google section so only a few Google stories make it to the front page? Hardcore Google-watchers can go read it and the rest of us can be spared seeing so many uninteresting Google stories. I can't be the only one getting sick of seeing so many.
And, while we're dreaming, occasionally let their readership actually know what is going on with the site...
Haven't seen any stories from michael lately.
> Left was Select, right was Menu, and middle was Adjust.
Actually, middle is Menu and right is Adjust.
Otherwise you're spot on.
RISC OS was (and still is) far behind the times in many areas, but this UI feature was not one of them. It was extremely fast and easy to use, especially on the early Archimedes which had three really distinct mouse buttons.
Yes, you're right. It is slightly more sane if I'd looked at the ex-VAT price :-).
.uk on price while pretending it is justified.
;-). There are just far too many cases where someone has obviously gone "hmm, 1 ukp == 1.9 usd, let's price them at X in both countries and pretend it's just natural extra costs!".
It almost numbers them among the few companies who aren't persistently trying to shaft everyone in
Guess I judged it a little too fast
Oops. It's £75. Duh.
Still a a ripoff.
> This $500 Apple is still insanely overpriced.
The BBC says it's £339 in the UK. That's $639.
$499 or $265 in the US.
£130 extra? Fuck you, Apple.
> This is a political campaign site with
> political campaign propaganda. And since there
> are still an extremely wide variety of ways to
> get at its content and information from outside
> the US, it's obviously not some kind
> of "international censorship".
That isn't the point. It is extremely insulting, even if it is hardly surprising, to see that George W Bush cares so little about the rest of the world that he is not even prepared to allow them to follow his campaign on his _official_ site. If he thinks it is unimportant that we see his _propaganda_, he plainly doesn't care what we think. Sure, there are plenty of other sites - and mirrors - but this is the only site that represents him personally.
Bandwidth is a very poor reason for further damaging what little goodwill many of those outside America still have towards G W Bush.
You can take the Mao quotes but I have to object to the Marx one.
:-).
> Of course, and socialist or communist aims have never had stupid or evil intent:
>
> "...the theory of the Communists may be summed up in the single sentence: Abolition of private property"
> Marx
Yes, and? I fail to see either stupid or evil intent
More Marx: "Communism deprives no man of the power to appropriate the products of society; all that it does is to deprive him of the power to subjugate the labor of others by means of such appropriation"
Quite opposite to evil, and certainly not stupid.
> Agnostics are intellectual cowards. Reason tells you that there is no god.
> Take evolution for example....
You are assuming that agnostics refuse to rule out a specifically Christian God. Reason may tell you that evolution happens and that the Bible is illogical and inconsistent but it does _not_ prove that there is no supreme being (or God, for want of a better term). Atheism is nothing more than a different kind of faith. Whether it is better to have faith in reason or faith in God is another argument altogether.
Agnosticism does not give equal credence to religion over scientific proof. Evolution happens and those who say otherwise are misguided, but this is proof against a literal Christian Bible God, not proof against any God.
Agnosticism is the sole logical position. It is simply _not possible_ to prove or disprove the existence of God through anything other than philisophical tricks and faith. Sure, you can show that the Bible is not literal, but try proving that there is no god of any kind. Agnosticism, for me, is simply the acceptance that this is impossible, at the moment.
Personally, as an agnostic, I see that the balance of evidence is against the existence of God and live according to the theory that there is no God, but I do not have enough faith to say that this is so without doubt. Really, I don't understand what the issue is, I don't believe in a specific God but I don't see any need to refuse to accept one might exist. When there is a lack of proof on both sides, there is no reason that one or the other must be chosen. Whatever I do, or anyone else does, it can't prove that God exists or doesn't, and allegations of intellectual cowardice are not going to change that fact.
A lot of PCBs are washed after production (not with water though afaik). There are some components that don't like it but generally so long as they aren't powered up when wet, it isn't done too often or for too long and the water is pretty clean (and not salt), most electronics can handle it. I have no idea what water would do to the insides of a hard disc though.
:-). I've had several friends who have had mobile phones completely soaked through. Always take the battery out, leave for a couple of days to dry and they usually work fine... :-)
:-).
Some are alright even when wet with power
Where I work we've done similar bodges to some of the stuff already mentioned, soldering pins onto CPUs, replacing dodgy power connectors on laptop mboards (most are >2 layers so can make it touch and go), etc. Since we've got the kit we usually try to bodge anything broken... if it still doesn't work we haven't lost anything
> You may be saying something, but no one is listening.
Just as a minor point of interest: Here in the UK, not voting is much the best way of signalling unhappiness with the process. Nobody takes any notice of spoilt ballets, votes for the minor parties (unless thay are the BNP), etc, but if there is a low turnout it is a big issue.
Sure, one of the big parties still wins, but hey, what is the difference now?
You make some great points. One addition though: when you consider that for Europeans 9/11 was not the largest hate crime of all time, it may at least partially explaining why European hate speech laws are as they are.
> Other advantages include faster reporting of vote counts.
I don't understand how speed of reporting is even an issue.
In most cases you are voting the guy in for a few years, what does a day or so of vote-counting matter? After all, the result should be the same.
Perhaps the reporter just wanted to point out Mac and Unix-variants aren't affected? Mentioning them in a positive light can hardly be too bad, can it?
IMO "the average person" is far more likely to know they _don't_ have a Mac, and therefore assume their computer is affected then to believe that because it doesn't say Windows, they're fine.
I think mainly because they learned from Vietnam that there is nothing more likely to bring the war into disfavour at home that the loss of American lives.
:-).
Thus has war become a TV drama.
Kudos to the US forces for saving the lives of their servicemen with technology. I just can't help but question their motives, and whether it the lack of casualties that makes war so acceptable to (as someone mentioned above) 76% of the US public, not to mention the US government.
Yes, I know. I'm a cynic. And for anyone looking for ammunition, also a communist
VGAP is still alive and well... There are many hosts still out there. Among the best:
r .com
http://www.robomaster.ca
http://www.echocluste
There is an almost-complete Java client, suitable for both Windows and Linux:
http://home2.inet.tele.dk/larsdam/jvc.html
Anyone needing any VGA Planets help is always welcome on IRC, #vgaplanets on EFnet.
Yeah, damn right... why not a little 'links related to this post' section _below_ the message? That might actually be useful... occasionally something interesting could be thrown up.