Mettler's attack is a modification of your system by a trusted user, via source. It's slightly different from the TCP-Wrapers crack in that you presumably don't have extensive peer review over your own system.
Researching a different topic I came across an interesting CERT advisory regarding loadable kernel modules. One common response to Mettler was that any kernel hack would require recompiling the kernel, and restarting the system. With loadable modules, system restart isn't necessary -- the kernel can be modified in place, as it runs.
In all three instances, confirming source, object, or image against a trusted verion would help in detection. Kernel compromise is a frightening prospect as it undermines the trustworthyness of the entire system. Booting a fresh kernel, however, removes the damage (you then have to keep the rogue modules out).
This line of reasoning leads naturally to the conclusion that some forking is good. It would be a Good Thing (TM) to have at least two compilers, with a significantly different code base and provonance, to allow cross-compiling of sources, particularly compilers.
I agree with the conclusions you stated, though I don't know what your reasons are as you don't say much. There are several posts which provide detailed criticism of the essay, most of which I feel are largely on target.
Painting broadly, this essay is grounded much more in emotional than rational appeal. While I tend to agree with a couple of points (Microsoft is generally irrelevant), the homoginization and "owning" of Linux are, IMO, a very slim possibility, as Linux and OSS are born of GNU, early and frequent release cycles, and a high level of transitivity among vendors. No one vendor "owns" its customer base -- I can switch at low cost between Red Hat, SuSE, Caldera, Debian, or direct ftp downloads. This is a feature, not a bug.
I tend to agree with those who find the original content at Slashdot lacking. There are the occaisional highlights from Alan Cox and other core developers. Jon Katz can be a good read. I'm finding myself less drawn to Commander Taco's "Stuff that matters", and far less to the discussions, than nine months ago.
Slashdot hasn't sunk so much as it's failed to push itself to the next level - whatever that might be -- while its competition continues to evolve. This is being reflected in the news feeds of choice at sites such as particularly following some questionable editorializing by a/. editor. I don't know what Rob's plans are for this corner of the Web. It's been real and it's been fun. The question is: what will it be?
I can't tell you how well it worked, but I was watching VA set up at least one 100 GB+ FS for a customer who insisted on SW striping several nonsymetrical disks together to form a 100 GB partition. It's doable, but not recommended (VA was recommending several saner alternatives but the customer wouldn't buy it). This is pretty much the best way to guarantee yourself problems down the road -- HW RAID 5 or RAID 1/0 is a much better alternative for a reliability standpoint. If anyone at VA is interested in commenting on successes/failures with very large filesystems....
There are a number of well-known websites which utilize Linux, including Deja News. Not sure what kind of partition sizes they're using, but it would be fun to know.
FWIW, you can modify the reserved % parameter using tune2fs rather than mke2fs and save scads of time. You can also force an fsck (man fsck) to time the operation if you want.
Fuzz is really just one form of black-box testing. It's pretty primative, surprisingly informative, and would be well adapted to a standard set of GNU or OSS test utilities. In the same way projects run continuous builds of submitted software, a fuzz server (or multiple servers) could hammer away at the resulting binaries.
There's a good bit somewhere -- off the EFF pages -- by one of the founders of the WELL, about the lessons learned from anonymous posting. It didn't work then.
Slashdot Mirror
Researching a different topic I came across an interesting CERT advisory regarding loadable kernel modules. One common response to Mettler was that any kernel hack would require recompiling the kernel, and restarting the system. With loadable modules, system restart isn't necessary -- the kernel can be modified in place, as it runs.
In all three instances, confirming source, object, or image against a trusted verion would help in detection. Kernel compromise is a frightening prospect as it undermines the trustworthyness of the entire system. Booting a fresh kernel, however, removes the damage (you then have to keep the rogue modules out).
To a limited extent, at least, forking is good.
Painting broadly, this essay is grounded much more in emotional than rational appeal. While I tend to agree with a couple of points (Microsoft is generally irrelevant), the homoginization and "owning" of Linux are, IMO, a very slim possibility, as Linux and OSS are born of GNU, early and frequent release cycles, and a high level of transitivity among vendors. No one vendor "owns" its customer base -- I can switch at low cost between Red Hat, SuSE, Caldera, Debian, or direct ftp downloads. This is a feature, not a bug.
I tend to agree with those who find the original content at Slashdot lacking. There are the occaisional highlights from Alan Cox and other core developers. Jon Katz can be a good read. I'm finding myself less drawn to Commander Taco's "Stuff that matters", and far less to the discussions, than nine months ago.
Slashdot hasn't sunk so much as it's failed to push itself to the next level - whatever that might be -- while its competition continues to evolve. This is being reflected in the news feeds of choice at sites such as particularly following some questionable editorializing by a /. editor. I don't know what Rob's plans are for this corner of the Web. It's been real and it's been fun. The question is: what will it be?
There are a number of well-known websites which utilize Linux, including Deja News. Not sure what kind of partition sizes they're using, but it would be fun to know.
FWIW, you can modify the reserved % parameter using tune2fs rather than mke2fs and save scads of time. You can also force an fsck (man fsck) to time the operation if you want.
Are there other tests in the GNU arsenal?
...which was the point alluded to before.
Funny. Quality is impossible in business, but unstoppable as a non-business activity.
There's a good bit somewhere -- off the EFF pages -- by one of the founders of the WELL, about the lessons learned from anonymous posting. It didn't work then.