1) I never said anything about access-matrix Access matrix system do not have anything related to DAC or MAC, as you already said in your "4." 2) I didn't use 1976 Harrison, Ruzzo and Ullman result.
3) Main security problem with DAC system is that they can introduce troyans, because they generally allow changing rights between users without restrictions MAC systems are not allowing troyans since changing rights between users is prohibited by rule system (role based etc...)
Almost no overhead. It runs the same processes, having added and checked only one structure. Programs in vserver runs the same speed as in main server. In UML it's huge overhead of call translation.
Probably it's the reason that system that implement only DAC cannot be given more than class C in Orange Book. For class B and A you have to have Mandatory Access control.
For RAW you need NET_CAP_RAW, this can be blocked by main server, not by you, by not giving you that CAP... You cannot change your address to anything but the list of allowed for your vserver...
Vserver use special system call to isolate all its structures from other servers. All vservers' structures have security context which limits its rights. Vserver uses also linux capability system to further restrict operations. Yes, it's possible that somebody hack into vserver but unless he will not done anything that stop main kernel (like FOOF bug), he cannot get anywhere else
Firewall on child vserver is created by main vserver which is not under control from child vserver... So if hacker hack vserver - he'll get only that vserver and only that rights (including network access) that have been given to that vserver.
Moreover, main vserver can spy on child vserver if enabled to do so.
I tried that - that solution gives more isolation between your virtual machine and main machine, but it's much slower than vserver patch. I tried to use vserver patch for Mandrake 8.2 on P1-200MMX with Apache, DNS, Mozilla, X and it worked perfectly.
BTW,it's theoretically proven that security provided by Discretory Access Control systems (in which ACL's and unix protection schemes belong to) is algoritmically unprovable - you cannot deduct that system is secure based on system and DAC rules. That proof is possible if are using mandatory access control or may be other security means. So DAC are not only pain in the... - it's also a nonreliable means of security.
http://www.solucorp.qc.ca You can create virtual servers on your machine, tailored for specific tasks. For example, you can create virtual server where you'll work on your project, virtual server which will run apache, virtual server in which you'll browse web and read mail. You then can put them on different IP addresses (or no addresses at all) and make them indepedent, changing information only by means YOU approve (shared directory, TCP sockets under firewall, etc). It's a kernel patch and some user-mode programs. Virtual servers can share binaries for saving disk space.
Ingredients: 4 hard-boiled eggs 1 cup of mayonaisse 1 can pink salmon 1 tblspoon butter 1/2 cup shredded cheese 1 small onion --- Separate egg whites from egg yolks, To salad bowl add layering: Grated whites, mayonaisse, cheese Put grated butter, add fine-chopped onions, mashed salmon, mayonaisse, yolks. Garnish with parsley Put in fridge for at least 1 hour.
BTW, all GRANTED patents are in patent library that were under http://www.patents.ibm.com with free access to them and now at www.delphion.com AFAIK, you can have free access to that database too. So how come this patent was unnoticed?
Moreover it's Java problem, not Mandrake problem. If Sun would like to push Java to Mandrake users, it should give source to Mandrake builders... which Sun doesn't want to do...
There is also some moon regolite taken from Moon by Soviet station Luna-12. It was on display in Politech museum in Moscow, Russia... But it's not rocks, it's like sand or dirt.
Why are you people do think I am comparing Java with C++? I know it could be better than C++. I am trying to compare Java with a) TCL/TK b) PHP c) Mozart/Oz d) Prolog e) Python where it belongs as a non-native compiling language (I am not saying anything about gcj).
Ok... let's continue the rant: 1) How much is the proportion of ix86 based computers related to Sun and other RISCs? About 90%... ok... next is to 2) the JVM is huge and you cannot install just a part of it. 3) you cannot easily stop garbage collection, which is by itself a very controversal thing 4) control structures are outdated, for example you even cannot use string argument for a switch! you cannot write switch (myinput) {
"here we go" : lalala
"my dog skip: go home } etc... 5) java encourages creation a lot of files, which decrease project manageability. Remember, the best number of objects to catch up and observe - is 7+-2.......
Slashdot Mirror
It's a tree, not a graph...
Package can have cyclic dependencies...
Robots that will attend the AAA
(American Automobile Association)...
If robots will really do that - they'll be really social robots!
Meetup was cool (we have +102 F outside) and cozy.
7 people showed up and it was warm talk about everything.
Thanks for meetup idea!
Technically, if you apply for green card later, and then for citizenship you'll be able to collect social security...
1) I never said anything about access-matrix
Access matrix system do not have anything related to DAC or MAC, as you already said in your "4."
2) I didn't use 1976 Harrison, Ruzzo and Ullman result.
3) Main security problem with DAC system is that they can introduce troyans, because they generally allow changing rights between users without restrictions
MAC systems are not allowing troyans since changing rights between users is prohibited by rule system (role based etc...)
Almost no overhead. It runs the same processes, having added and checked only one structure.
Programs in vserver runs the same speed as in main server.
In UML it's huge overhead of call translation.
Probably it's the reason that system that implement only DAC cannot be given more than class C in Orange Book.
For class B and A you have to have Mandatory Access control.
For RAW you need NET_CAP_RAW, this can be blocked by main server, not by you, by not giving you that CAP...
You cannot change your address to anything but
the list of allowed for your vserver...
Vserver use special system call to isolate all its structures from other servers. All vservers' structures have security context which limits its rights. Vserver uses also linux capability system to further restrict operations.
Yes, it's possible that somebody hack into vserver but unless he will not done anything that
stop main kernel (like FOOF bug), he cannot get anywhere else
Firewall on child vserver is created by main vserver which is not under control from child vserver... So if hacker hack vserver - he'll get only that vserver and only that rights (including network access) that have been given to that vserver.
Moreover, main vserver can spy on child vserver
if enabled to do so.
I tried that - that solution gives more isolation between your virtual machine and main machine, but it's much slower than vserver patch.
I tried to use vserver patch for Mandrake 8.2 on
P1-200MMX with Apache, DNS, Mozilla, X and it worked perfectly.
BTW,it's theoretically proven that security provided by Discretory Access Control systems (in which ACL's and unix protection schemes belong to) is algoritmically unprovable - you cannot deduct that system is secure based on system and DAC rules. ... - it's also a nonreliable means of security.
That proof is possible if are using mandatory access control or may be other security means.
So DAC are not only pain in the
http://www.solucorp.qc.ca
You can create virtual servers on your machine, tailored for specific tasks.
For example, you can create virtual server where you'll work on your project, virtual server which will run apache, virtual server in which you'll browse web and read mail.
You then can put them on different IP addresses (or no addresses at all) and make them indepedent, changing information only by means YOU approve (shared directory, TCP sockets under firewall, etc).
It's a kernel patch and some user-mode programs.
Virtual servers can share binaries for saving disk space.
What's the problem? Get free address from yahoo.com
just for meetup purposes and volia!
Ingredients:
4 hard-boiled eggs
1 cup of mayonaisse
1 can pink salmon
1 tblspoon butter
1/2 cup shredded cheese
1 small onion
---
Separate egg whites from egg yolks,
To salad bowl add layering:
Grated whites, mayonaisse, cheese
Put grated butter, add fine-chopped onions,
mashed salmon, mayonaisse,
yolks.
Garnish with parsley
Put in fridge for at least 1 hour.
It's also about food!
Don't you forget to visit
Slashdot meeting which will take place this thirsday around the world ?
BTW, all GRANTED patents are in patent library
that were under http://www.patents.ibm.com
with free access to them and now at
www.delphion.com
AFAIK, you can have free access to that database too.
So how come this patent was unnoticed?
Moreover it's Java problem, not Mandrake problem.
If Sun would like to push Java to Mandrake users, it should give source to Mandrake builders... which Sun doesn't want to do...
There is also some moon regolite taken from Moon
by Soviet station Luna-12. It was on display in
Politech museum in Moscow, Russia...
But it's not rocks, it's like sand or dirt.
Why are you people do think I am comparing Java
with C++? I know it could be better than C++.
I am trying to compare Java with
a) TCL/TK
b) PHP
c) Mozart/Oz
d) Prolog
e) Python
where it belongs as a non-native compiling language
(I am not saying anything about gcj).
Ok... let's continue the rant: ....
1) How much is the proportion of ix86 based computers related to Sun and other RISCs?
About 90%...
ok... next is to
2) the JVM is huge and you cannot install just a part of it.
3) you cannot easily stop garbage collection, which is by itself a very controversal thing
4) control structures are outdated, for example you even cannot use string argument for a switch!
you cannot write
switch (myinput) {
"here we go" : lalala
"my dog skip: go home
}
etc...
5) java encourages creation a lot of files, which
decrease project manageability. Remember, the best number of objects to catch up and observe - is 7+-2...
Java is a stupid slow language. And it's proprietary and not open source. Mandrake cometh without it. Death to Java!
hmm... Leenooks is the most closed pronounciation
I am, for example, getting sometimes good stuff from spam.
Surely I have a separate email account for spam stuff
so spam doesn't irritate me a lot...
For your information, 4 Mig-31s CAN form a cluster
of four of their computers while in flight
to better track and engage the enemy.
It reminds me of Brezhnev-style socialism, while in it managers were bonused for overachivements of plans...