> > No chance firefox 0.9 for 3.5 patch branch?
Yes. And it must be. Or I will mark it as broken
due to numerous security issues.
I am pretty sure this means "if FireFox 0.9 doesn't get into OpenBSD 3.5 then I will have to mark FireFox as broken because earlier versions have numerous security issues."
From my reading Nintendo was in fact impressed but didn't want to promote the project for the reason you stated.
From the article:
As an added note, I did send something similar to this to Nintendo of America and got a response back which said that it was very neat that I could develop something like this, but they could not host it in their magazine for the following reason: Namely that the Nintendo GameCube has a Class I laser housed inside a Class I case and if the mechanism is bypassed that prevents operation of the laser while the lid is open, then potential eye damage is probable. They didn't want to give anyone the idea to take apart a GameCube and damage their vision.
More likely is that the references are cliched at this point and that referencing a book that everyone has read, even if that book was funny, does not make you funny.
It's hard to follow your argument. Grsecurity is not an abstract "right" but impractical approach.
LSM/SEL is available, works now and is cost-effective to actually use on production servers. Grsecurity is available, works now, and is cost-effective to use on production servers. It's also better for all the reasons mentioned in the argument against LSM. In the field of security being "right" is of much more value than being popular, and I fail to see any valid argument in your post beyond the fact that SELinux is more popular than grsecurity.
Besides, LIDS has a clever ACL schema for file protection and a master password, that if an attacker gets root privileges, it could not exploit the machine completly.
You claim to have used GRSecurity for some time and yet you claim this as a feature unique to LIDS? The basic protections afforded by a default setup of grsecurity are neat, but the real accomplishment is in RBAC, which is as you say, "a clever ACL schema for file protection..." I'd dare to say it's more clever than what LIDS has actually, with the learning mode which is not at all a trivial thing to write.
For those who don't know, grsecurity is a security oriented patch for the Linux kernel. It provides mandatory access controls, strengthens the chroot system call, adds/proc and filesystem protections, allows for kernel level auditing of almost everything, and includes the PaX patch to provide non-executable memory pages and address space layout randomization.
The MAC part, called RBAC for Role Based Access Controls, is very well done and the best I've seen. Configuration is very easy through a flat file interface. The system enforces that you have certain intelligent configurations set so you can't make simple mistakes destroying your security. It has a learning mode which will automatically give a least access ruleset for the whole system. Amazingly it actually works quite well. Also the learning mode can be turned on for individual roles or subjects making it easy to add a new program to a system with RBAC already running.
In my opinion grsecurity was the best hope for real security on linux for most people as it provides a comprehensive solution, is easy to set up, and it well engineered.
Openbsd does not have mandatory access controls grsecurity's RBAC. Also, other systems which do provide them don't have the ease of configuration of RBAC or the excellent learning mode.
Well, yes, those distros are available like that, but I can also install Debian off a few floppy disks and have to download maybe 50-100mb to have a complete system the way I need. I think the same is true of the other distributions, but I don't use them.
I always get them typing a www before a subdomain, i.e. http://www.abcd.anything.xyz. Then I always have to explain why it isn't working. Of course it does work occasionally.
There is actually a kernel patch out to do something like that, which I remember seeing on Slashdot a while back, but I don't remember what it was called or where to get it. I think it really just displayed a graphic with a status bar.
Transformed into couch potatoes, when the locusts were shown footage of a Empire fighter or Millennium Falcon hurtling towards the camera they sent out brain signals via their detectors to swoop away from the danger.
With scientists at the Institute of Neuroinformatics in Zurich, the research team has designed an electronic circuit to mimic the locust's behaviour. It has already been fitted to a small robot and made to avoid collisions.
The result of this is that when your car detects a locust on a collision course with itself, it will suddenly swerve off the road, or even better, into the 18 wheeler in the next lane.
If you were to actually follow the links, you'd see that the new system really is simple and easier. This front end is to demonstrate how easy it is to make a different front end.
The CML2 system even makes sure you're making a valid configuration, unlike the current system.
In response to the other reply to this, the system has significantly less code.
Blizzard has a reputation of making incredible games, and this was a sequel to one of the most popular games ever. There really isn't any reason the WWII people should have made a link there, since they meet none of those conditions.
Since it's stored magnetically, there's still a trace of what was previously there. So if you have some advanced equipment you can see what used to be there. Some people say you need to write over something quite a few times and even then you're not totally safe if someone with the time and money and equipment, like a government agency, wants to read it.
I don't know about everyone else, but when I SSH into a server, the copy of SSH is running on my own system. How does cracking an ISP let this guy monitor SSH? You shouldn't be able to sniff it from the ISP (that being the whole point of using SSH instead of telnet) so do people log on from systems owned by their ISP?
Someone else already mentioned that rounding errors accumulate in the color depth.
To really see this though, look in dark shadowed areas in games. In some 16 bit games they'll seem almost like they're in 8 bit color and the 32 bit games are only a bit (actually 16) better.
Slashdot Mirror
The whole site is about switching to Firefox. Why would they block IE users? The message is already there.
Interestingly, there is a ruby framework based on seaside. It's called Borges, and can be found here.
> > No chance firefox 0.9 for 3.5 patch branch? Yes. And it must be. Or I will mark it as broken due to numerous security issues.
I am pretty sure this means "if FireFox 0.9 doesn't get into OpenBSD 3.5 then I will have to mark FireFox as broken because earlier versions have numerous security issues."
From my reading Nintendo was in fact impressed but didn't want to promote the project for the reason you stated.
From the article:
As an added note, I did send something similar to this to Nintendo of America and got a response back which said that it was very neat that I could develop something like this, but they could not host it in their magazine for the following reason: Namely that the Nintendo GameCube has a Class I laser housed inside a Class I case and if the mechanism is bypassed that prevents operation of the laser while the lid is open, then potential eye damage is probable. They didn't want to give anyone the idea to take apart a GameCube and damage their vision.
The field just about goes away. There was a Slashdot article on this at some point in the last few weeks, search for it. It was pretty interesting.
More likely is that the references are cliched at this point and that referencing a book that everyone has read, even if that book was funny, does not make you funny.
It's hard to follow your argument. Grsecurity is not an abstract "right" but impractical approach.
LSM/SEL is available, works now and is cost-effective to actually use on production servers.
Grsecurity is available, works now, and is cost-effective to use on production servers. It's also better for all the reasons mentioned in the argument against LSM. In the field of security being "right" is of much more value than being popular, and I fail to see any valid argument in your post beyond the fact that SELinux is more popular than grsecurity.
Besides, LIDS has a clever ACL schema for file protection and a master password, that if an attacker gets root privileges, it could not exploit the machine completly.
You claim to have used GRSecurity for some time and yet you claim this as a feature unique to LIDS? The basic protections afforded by a default setup of grsecurity are neat, but the real accomplishment is in RBAC, which is as you say, "a clever ACL schema for file protection..." I'd dare to say it's more clever than what LIDS has actually, with the learning mode which is not at all a trivial thing to write.
For those who don't know, grsecurity is a security oriented patch for the Linux kernel. It provides mandatory access controls, strengthens the chroot system call, adds /proc and filesystem protections, allows for kernel level auditing of almost everything, and includes the PaX patch to provide non-executable memory pages and address space layout randomization.
The MAC part, called RBAC for Role Based Access Controls, is very well done and the best I've seen. Configuration is very easy through a flat file interface. The system enforces that you have certain intelligent configurations set so you can't make simple mistakes destroying your security. It has a learning mode which will automatically give a least access ruleset for the whole system. Amazingly it actually works quite well. Also the learning mode can be turned on for individual roles or subjects making it easy to add a new program to a system with RBAC already running.
In my opinion grsecurity was the best hope for real security on linux for most people as it provides a comprehensive solution, is easy to set up, and it well engineered.
Openbsd does not have mandatory access controls grsecurity's RBAC. Also, other systems which do provide them don't have the ease of configuration of RBAC or the excellent learning mode.
Why not just remove all the invalid modes from your XF86Config file?
Well, yes, those distros are available like that, but I can also install Debian off a few floppy disks and have to download maybe 50-100mb to have a complete system the way I need. I think the same is true of the other distributions, but I don't use them.
"After all, I must be a complete idiot since it's not like I have made my own website or anything, oh wait, I did!"
This is classic.
I always get them typing a www before a subdomain, i.e. http://www.abcd.anything.xyz. Then I always have to explain why it isn't working. Of course it does work occasionally.
There is actually a kernel patch out to do something like that, which I remember seeing on Slashdot a while back, but I don't remember what it was called or where to get it. I think it really just displayed a graphic with a status bar.
I notice it says in the changelog that X 4.0x is no longer supported and you need 4.1.x.
People should take note of this...I suspect most people are still running 4.0.x. I know that's what's in debian woody as of earlier today.
It's possible I'm mistaken about how this works, but it seemed pretty self explanatory.
Transformed into couch potatoes, when the locusts were shown footage of a Empire fighter or Millennium Falcon hurtling towards the camera they sent out brain signals via their detectors to swoop away from the danger.
With scientists at the Institute of Neuroinformatics in Zurich, the research team has designed an electronic circuit to mimic the locust's behaviour. It has already been fitted to a small robot and made to avoid collisions.
The result of this is that when your car detects a locust on a collision course with itself, it will suddenly swerve off the road, or even better, into the 18 wheeler in the next lane.
If you were to actually follow the links, you'd see that the new system really is simple and easier. This front end is to demonstrate how easy it is to make a different front end.
The CML2 system even makes sure you're making a valid configuration, unlike the current system.
In response to the other reply to this, the system has significantly less code.
Or better yet, do a custom install and don't even install the assistant.
Blizzard has a reputation of making incredible games, and this was a sequel to one of the most popular games ever. There really isn't any reason the WWII people should have made a link there, since they meet none of those conditions.
Especially when it was posted under the topic of "movies."
Since it's stored magnetically, there's still a trace of what was previously there. So if you have some advanced equipment you can see what used to be there. Some people say you need to write over something quite a few times and even then you're not totally safe if someone with the time and money and equipment, like a government agency, wants to read it.
Ah thanks. I figured it was probably just me not thinking about it very hard.
I don't know about everyone else, but when I SSH into a server, the copy of SSH is running on my own system. How does cracking an ISP let this guy monitor SSH? You shouldn't be able to sniff it from the ISP (that being the whole point of using SSH instead of telnet) so do people log on from systems owned by their ISP?
Someone else already mentioned that rounding errors accumulate in the color depth.
To really see this though, look in dark shadowed areas in games. In some 16 bit games they'll seem almost like they're in 8 bit color and the 32 bit games are only a bit (actually 16) better.