His main problem (besides his tendancy to overreact to things) is that he's coming from developing for NetWare and Win2k to Linux and he doesn't yet understand the Unix philosophy.
He sometimes posts comments to linux-kernel which are completely foreign in idea (let's put fsck in the kernel, etc.) and than promptly gets attacked by a bunch of random tactless people.
Whatever his background is, he appears to be very competent, if a bit misguided and misunderstood.
Hahaha, yeah right, like there are any lawyers smart enough to grok C!
Actually, Jeff Merkey (ex-developer at Novell and author of the NWFS driver for Linux and Win2k) apparently is also a lawyer. So yes, some lawyers grok C. Whether or not lawyers grok Unix is another matter...
---
The Hotmail addres is my decoy account. I read it approximately once per year.
Highly important feature: September of 1752 must be correctly displayed! ---
The Hotmail addres is my decoy account. I read it approximately once per year.
Quoting from RFC1737: Functional Requirements for Uniform Resource Names
Global scope: A URN is a name with global scope which does not imply a location. It has the same meaning everywhere.
Global uniqueness: The same URN will never be assigned to two different resources.
Persistence: It is intended that the lifetime of a URN be permanent. That is, the URN will be globally unique forever, and may well be used as a reference to a resource well beyond the
lifetime of the resource it identifies or of any
naming authority involved in the assignment of its name.
Scalability: URNs can be assigned to any resource that might conceivably be available on the network, for hundreds of years.
Legacy support: The scheme must permit the support of existing legacy naming systems, insofar as they satisfy the other requirements described here. For example, ISBN numbers, ISO public identifiers, and UPC product codes seem to satisfy the functional requirements, and allow an embedding that satisfies the syntactic requirements described here.
Extensibility: Any scheme for URNs must permit future extensions to the scheme.
Independence: It is solely the responsibility of a name issuing authority to determine the conditions under which it will issue a name.
Resolution: A URN will not impede resolution(translation into a URL, q.v.). To be more specific, for URNs that have corresponding URLs, there must be some feasible mechanism to translate a URN to a URL.
URNs are actually specified in RFC2141: URN Syntax, which gives identifiers in the form "urn:NAMESPACE:NAME", where NAMESPACE could be something like "dns" and NAME could be "slashdot.org".
The actual method used to retrieve the object that a URN refers to is left as an exercise to the reader.
---
The Hotmail addres is my decoy account. I read it approximately once per year.
Adding support to Linux for extended attributes would make it much easier to add all of these security features to the kernel. (And lots of other stuff as well.)
I'm all for it, but the last time this was brought up on the linux-kernel mailing list (along with named streams) lots of people objected to it because it would break lots of programs, like tar, cp and friends. (Oh no! A new feature makes my programs not work correctly! Instead of not using it or perhaps upgrading my programs, I'll whine about it until everyone loses interest and pat myself on the back for my stunning accomplishment!)
---
The Hotmail addres is my decoy account. I read it approximately once per year.
Do any of the existing filesystems have support for ACLs and capabilities?
I think there is a modified version of ext2 floating around that supports ACLs, but I don't remember where its located or if work is still being done on the project.
One of the main problems in adding ACLs and Capabilities to filesystems (along with MAC labels and the other more exotic forms of security) is that the Linux Kernel VFS does not currently have any interfaces that would allow developers to add these new features. If they design their own VFS interface, Alexander Viro and the rest of the kernel FS crowd are likely to alter it extensively before adding it to the kernel, which would require a rewrite of all of these newly created filesystems.
There's also the fact that adding these features requires changes to the on-disk filesystem data structures, which will be hard to do in various filesystems because they don't have much free space left in their inodes. IIRC, the design of Reiserfs allows for easy changes to the filesystem structure. This won't help the other filesystems (like ext2/ext3), so there will be major breakage when people upgrade and they might not be able to go back to previous versions of the FS because the format changed too radically for the older drivers to cope.
---
The Hotmail addres is my decoy account. I read it approximately once per year.
Everything that uid 0 has traditionally been allowed to do has been factored into different capabilities (CAP_SYS_TIME allows you to set the time, CAP_DAC_READ_SEARCH allows you to read any file or see the contents of any directory, etc.).
Each process has three sets of capabilities: effective, permitted and inheritable.
The permitted set is the maximum capability set that the process can have. The process can only turn off capabilities in this set. A process can limit itself to the capabilities that it specifically needs.
The effective set is used when security checks are performed by the kernel. The process can turn off any capability in this set, or turn on any capability in this set as long as that capability is also on in the permitted set. The effective set allows a process to temporarily enable capabilites to perform some task, and then turn it off later when it is no longer needed.
The inheritable set contains the capabilities that are given to child processes when the process forks, allowing a process to restrict what its children can do.
Right now, the kernel automatically gives uid 0 process all capabilities and removes them when a process changes its uid. However, in the future it will be possible to associate capabilities with executables at the filesystem level (similar to the setuid and setgid bits now) and (along with access control lists) restrict the execution of the process to specific users. This allows the construction of systems where uid 0 isn't special and each user is specifically limited to certain privileged operations.
The goal is to eventually add Auditing, Mandatory Access Control and Information Labeling to Linux, allowing for a possible B2 (or whatever Common Criteria calls it...) certification for Linux. (Which is something Microsoft will never have.)
---
The Hotmail addres is my decoy account. I read it approximately once per year.
Not only is Wired Magazine advertising the:CueCat, they're shipping them to subscribers in September. The October issue of the magazine will feature the barcodes.
I think that the:CueCat is doomed to be a failure, like DigiMarc MediaBridge, but anything that gets me free hardware is good in my book. ---
The Hotmail addres is my decoy account. I read it approximately once per year.
Are they embellshing for effect, or are they just morons?
Probably both. Why they are issuing new logins is beyond my understanding (wouldn't new passwords be all that is necessary?). Besides, forcing the use of new passwords is easy: mark every user as having their password expired. (Since the criminals used L0phtCrack, the company must be using NT and NT has all of those whizz-bang GUI administrative tools to make the life of the clueless admin easier...) --- The Hotmail addres is my decoy account. I read it approximately once per year.
But the DVD is not what was reverse engineered. The player software was reverse engineered to produce a compatible player - the DVD simply contains the encrypted data file.
Exactly my point. According to Title 17, Chapter 12 it is perfectly legal to break copy protection in programs for interoperability reasons.
Therefore, breaking CSS is legal because DVDs are nothing more than specialized programs and they must be decrypted to be useful. --- The Hotmail addres is my decoy account. I read it approximately once per year.
Regarding DVD movies as anything other that software is absurd.
The movie that is watched by the audience is in fact a complicated script describing when and how things happen.
Pressing the menu button on your remote causes the player to start playing the menu associated with the DVD being watched. Selecting items on that menu causes things to happen - the player could display another menu, jump to a particular chapter of a particular title, select the subtitle language to be displayed or pick the audio track be played along with the video sequence that defines the feature film.
Lost in Space has a built-in trivia game. When you watch The Matrix, you can choose to jump to special effects documentaries when you first come to the special effect sequence in the movie. These features are both possible because DVDs are sotware instead of something other that software.
DVDs are nothing more than highly specialized programs and denying that fact is pure idiocy. --- The Hotmail addres is my decoy account. I read it approximately once per year.
Of course, if that were done, someone would have to throw Bill Gates out of an airlock in typical Alien fashion.
Also not advocating violence towards anyone. (Hey, I live near Redmond -- the fallout would be irritating) --- The Hotmail addres is my decoy account. I read it approximately once per year.
Most articles are posted by CmdrTaco or some other slashdot demigod, and they already have special powers over the stories.
Also, if the person that submitted the story was given extra moderation rights, they could easily abuse the system by marking down the comments they didn't agree with.
I suppose moderators could also abuse slashdot's moderation system as well, but since they are not the person that submitted the story, they are not as likely to be biased.
Slashdot Mirror
His main problem (besides his tendancy to overreact to things) is that he's coming from developing for NetWare and Win2k to Linux and he doesn't yet understand the Unix philosophy.
He sometimes posts comments to linux-kernel which are completely foreign in idea (let's put fsck in the kernel, etc.) and than promptly gets attacked by a bunch of random tactless people.
Whatever his background is, he appears to be very competent, if a bit misguided and misunderstood.
And his comment about his brain being more electrically active then everybody else didn't help either...
---
The Hotmail addres is my decoy account. I read it approximately once per year.
(Don't get it? Try foo.really.fuckingsucks.net or baz.really.fuckingsucks.net or anything-else-you-can-imagine.really.fuckingsucks. net)
---
The Hotmail addres is my decoy account. I read it approximately once per year.
Hahaha, yeah right, like there are any lawyers smart enough to grok C!
Actually, Jeff Merkey (ex-developer at Novell and author of the NWFS driver for Linux and Win2k) apparently is also a lawyer. So yes, some lawyers grok C. Whether or not lawyers grok Unix is another matter...
---
The Hotmail addres is my decoy account. I read it approximately once per year.
Highly important feature: September of 1752 must be correctly displayed!
---
The Hotmail addres is my decoy account. I read it approximately once per year.
Quoting from RFC1737: Functional Requirements for Uniform Resource Names
URNs are actually specified in RFC2141: URN Syntax, which gives identifiers in the form "urn:NAMESPACE:NAME", where NAMESPACE could be something like "dns" and NAME could be "slashdot.org".
The actual method used to retrieve the object that a URN refers to is left as an exercise to the reader.
---
The Hotmail addres is my decoy account. I read it approximately once per year.
Adding support to Linux for extended attributes would make it much easier to add all of these security features to the kernel. (And lots of other stuff as well.)
I'm all for it, but the last time this was brought up on the linux-kernel mailing list (along with named streams) lots of people objected to it because it would break lots of programs, like tar, cp and friends. (Oh no! A new feature makes my programs not work correctly! Instead of not using it or perhaps upgrading my programs, I'll whine about it until everyone loses interest and pat myself on the back for my stunning accomplishment!)
---
The Hotmail addres is my decoy account. I read it approximately once per year.
I think there is a modified version of ext2 floating around that supports ACLs, but I don't remember where its located or if work is still being done on the project.
One of the main problems in adding ACLs and Capabilities to filesystems (along with MAC labels and the other more exotic forms of security) is that the Linux Kernel VFS does not currently have any interfaces that would allow developers to add these new features. If they design their own VFS interface, Alexander Viro and the rest of the kernel FS crowd are likely to alter it extensively before adding it to the kernel, which would require a rewrite of all of these newly created filesystems.
There's also the fact that adding these features requires changes to the on-disk filesystem data structures, which will be hard to do in various filesystems because they don't have much free space left in their inodes. IIRC, the design of Reiserfs allows for easy changes to the filesystem structure. This won't help the other filesystems (like ext2/ext3), so there will be major breakage when people upgrade and they might not be able to go back to previous versions of the FS because the format changed too radically for the older drivers to cope.
---
The Hotmail addres is my decoy account. I read it approximately once per year.
Work is under way to fix this.
Everything that uid 0 has traditionally been allowed to do has been factored into different capabilities (CAP_SYS_TIME allows you to set the time, CAP_DAC_READ_SEARCH allows you to read any file or see the contents of any directory, etc.).
Each process has three sets of capabilities: effective, permitted and inheritable.
Right now, the kernel automatically gives uid 0 process all capabilities and removes them when a process changes its uid. However, in the future it will be possible to associate capabilities with executables at the filesystem level (similar to the setuid and setgid bits now) and (along with access control lists) restrict the execution of the process to specific users. This allows the construction of systems where uid 0 isn't special and each user is specifically limited to certain privileged operations.
The goal is to eventually add Auditing, Mandatory Access Control and Information Labeling to Linux, allowing for a possible B2 (or whatever Common Criteria calls it...) certification for Linux. (Which is something Microsoft will never have.)
---
The Hotmail addres is my decoy account. I read it approximately once per year.
The computer that IBM used to sell was the PS/2.
They seem to have a fascination with dividing there products in half...
---
The Hotmail addres is my decoy account. I read it approximately once per year.
I think that the :CueCat is doomed to be a failure, like DigiMarc MediaBridge, but anything that gets me free hardware is good in my book.
---
The Hotmail addres is my decoy account. I read it approximately once per year.
Probably both. Why they are issuing new logins is beyond my understanding (wouldn't new passwords be all that is necessary?). Besides, forcing the use of new passwords is easy: mark every user as having their password expired. (Since the criminals used L0phtCrack, the company must be using NT and NT has all of those whizz-bang GUI administrative tools to make the life of the clueless admin easier...)
---
The Hotmail addres is my decoy account. I read it approximately once per year.
The player software was reverse engineered to produce a compatible player - the DVD simply contains the encrypted data file.
Exactly my point. According to Title 17, Chapter 12 it is perfectly legal to break copy protection in programs for interoperability reasons.
Therefore, breaking CSS is legal because DVDs are nothing more than specialized programs and they must be decrypted to be useful.
---
The Hotmail addres is my decoy account. I read it approximately once per year.
Regarding DVD movies as anything other that software is absurd.
The movie that is watched by the audience is in fact a complicated script describing when and how things happen.
Pressing the menu button on your remote causes the player to start playing the menu associated with the DVD being watched. Selecting items on that menu causes things to happen - the player could display another menu, jump to a particular chapter of a particular title, select the subtitle language to be displayed or pick the audio track be played along with the video sequence that defines the feature film.
Lost in Space has a built-in trivia game. When you watch The Matrix, you can choose to jump to special effects documentaries when you first come to the special effect sequence in the movie. These features are both possible because DVDs are sotware instead of something other that software.
DVDs are nothing more than highly specialized programs and denying that fact is pure idiocy.
---
The Hotmail addres is my decoy account. I read it approximately once per year.
Also not advocating violence towards anyone.
(Hey, I live near Redmond -- the fallout would be irritating)
---
The Hotmail addres is my decoy account. I read it approximately once per year.
Does he mean something like a system call that could directly copy from file descriptor to file descriptor?
Isn't that what sendfile does?
This wouldn't work too well.
Most articles are posted by CmdrTaco or some other slashdot demigod, and they already have special powers over the stories.
Also, if the person that submitted the story was given extra moderation rights, they could easily abuse the system by marking down the comments they didn't agree with.
I suppose moderators could also abuse slashdot's moderation system as well, but since they are not the person that submitted the story, they are not as likely to be biased.