the new version is called Longhorn. Does this mean it has "mad cow disease" when it's totally infested with virii like klez? I've never seen a version of Windows that could refrain from infesting itself in various ways, lending a whole new meaning to the word "promiscuity" LOL
Point well taken re: trusted computing. I agree completely.
That's why, in my home-based, non-commercial environ I do not alllow binariies which I do not at least trust halfway (by purely subjective standards) in addition to the practices and procedures recommended by DoD 5200-28 STD
re: ("The user still decides what software is trusted or not.".) to which I can only say, "Bummer I still own the fsckin' machine that software might be installed on huh? Like I don't already have a few identical ones besides, and could toss this current machine out the window anytime. And could someone please prove that my actual handwritten signature carries less weight than a digital signature?
IMHO, the philosophy (and the reason for it) is the scariest part. In that regard, I strongly agree with you. It's just sad for me that a business this large seems to be required (by the people) to tell people what they should think. Not that this says anything great about American consumerism either; it simply says a lot about the mores of American consumerism. MS is not stupid; they are in business to make $$$ and those (economic) values will eventually clash with the moral values of their public as a whole. Other than that, what distinguishes this effort from earlier infosec security projects?
(insert instant slashdot classic here)
(think Honeywell/Orange Book) in the light of "security projects", even though the respective documents are long out of date they possibly speak volumes about the current expectations regarding information security per se.
The part about MS that truly scares me is that they seem to be willing *and able* to twist things for mass-market consumption in the name of "security".... [1] [2]
[1] and still sleep at night, regardless of the seeming fact that their motives could be driven more by internal American business needs than anything else.
[2] Not that many ppl will take the trouble to d/l and read/understand copy of www.radium.ncsc.mil/pep/library/rainbow/5200.28-ST D.html
Thank you very much, I actually did that once with slackware linux (version 3, IIRC) on a 486. Kept it going on the same login for 187 days. The only reason that ended was because I felt like doing some kernel tweaking.
This sounds similar to the "class action" suits, except the PanIP case involves multiple defendants, it seems. Conversely, the typical USA class action suit involves multiple plaintiffs (with a single representation) and a single defendant.
I am not a lawyer; I'm just trying to draw valid general conclusions from observation.
Yes, I agree that it is possible and even routine to express reliability mathematically and to build the notion of trust into a machine. However, isn't a human (or many humans) ultimately responsible for codifying these values into a machine in the first place? Who determines that these values are desireable (or not, as the case may be)? Why do they do so? My whole point about "motives" in my previous post was that machines seem to have everything but the answer to "Why?"
On a somewhat related note, your post indicates a strong reliance on on a machine (or virtual machine) that you evidently trust, expressed in the form of a quote from dictionary.com. Where did this trust come from, and why should I trust it instead of my Oxford Unabridged, hardbound 1956 edition?
I also note with interest the link you give regarding "exploring what it means to automatically extend trust..." "... to people you do not know"
Note that I do not automatically extend trust to machines I do not know. I don't extend trust to people I do not know, either.
Depends how you define "trusted computing". In the context of the article, yes I am opposed. In the classic sense of the DoD ("orange book"), etc. I support that.
Before we all get too carried away, let's try to remember a few basics ok?
1: Trust is a human phenomenon, not a
machine state.
2: Trust implies motives. Last time I checked,
machines don't have motives. People do.
What are RMS's motives? Microsofts?
Trusted computing's motives are ???
Personally, I think the whole thing stinks of pot, kettle, black on the above mentioned bases. Regardless of all that, I fully intend to look out for myself online using Free Software/OSS to the extent I am able. (currently 100%) I believe I know what's best for me, and don't need much help from M$, RMS, or any "Initiatives".
Ignoring all the other follow-up comments, I do believe this to be insightful. My main observation drawn from experience contradicts the concept of "common sense OS security", unfortunately.The reason is simple: in the day-to-day personal and business world (U.S.) there is almost zero technical literacy among the rank-and-file. This is in sharp contrast to IT workers, if your employer is large enough to require them.
The problem seems to be as much cultural as it is technical. It seems that the business demands are "Get it done now! We'll sweat the details later!" Indeed, most of the consumer market seems to be driven by the idea that "convenience sells". How many times have you heard "I just want it to work"?
Excellence seems to be left by the wayside as the lemmings jump over the cliff of expediency. Too bad there's big rocks at the bottom of that cliff...
I can't count how many days I've wasted my breath trying to convey the difference between an app and an OS, let alone a secure one. After all, "That's just details, I just want it to work, we can fine-tune it later..."
True, true. I did my didks by reading the bootdisk-HOWTO, essentially doing it all by hand. It took a week of trial and error, but I wouldn't trade the experience and education for anything.
Too bad that line was already crossed a zillion times over by such businesses as USsearch.com. (Look at the Yahoo! people search...). Even my state (NY) sells information as a sideline business. If I could get iptables to filter on inline content also, it would make my day - and the rest of the year after that too. As you said, I delete spam out of course. However, both my bandwidth and my ISP's bandwidth have already been consumed by that point -- you need to receive it in order to delete it. And no, I'm _NOT_ going to continue changing _MY_ addy or using drop-boxes. The reason why? Because I pay for my access and my accounts for _MY_ convenience and pleasure, no one else's. 'Nuff said.
Excellent commentary, I saved it permanently. I'm not so much interested in doing a sub myself, but I have owned horn enclosures powered by tube amps (aka "valves") in the past... and I wouldn't mind building another set of them. I can seriously recommend such a setup, perhaps with an "active" sub for truly crisp and clean audio. I've got to go find some links for that stuff... Klipsch or Altec come to mind, but I don't have that kind of spare cash anymore, bummer. I do have enough time and know-how to design and build though...
True, there doesn't seem to be any smooth way for glibc to deal with this... I must have missed your point then. Please don't misunderstand about "fair" criticism; constructive criticism is always useful, and I certainly didn't think your comment was "unfair" -- just realistic. I truly hope that there are clues in this "mini-conversation" that everyone can use. It's great that this sort of thing is being dealt with, though I'll probably never use it on my desktop to it's fullest extent. I've applied the relevant patches to my plain-vanilla 2.4.19 kernel and rebuilt; on my main workstation (dual P3/1gB ram) the difference becomes noticeable (in a good way) under heavy loads but not on the day-to-day basis. I need to find some way to measure things regarding that, if you have any ideas...
Heh, thank you for your commentary re: "legitimizing". I already work no problems, and my US taxes and loans pay my own way thru school for the 2nd or 3rd time... I'm not worried about getting work, I'm just worried about paying for an education that may be worth only bragging rights to my employers, even if they themselves won't acknowledge those bragging rights unless it's to their advantage. Never mind that I earned and pay for those out of my back pocket entirely...
And for what it's worth: I love reading, especially Western Philosophy and the history thereof.
Nobody ever said that linux-specific behavior is POSIX-compliant. Last I heard, POSIX is not about the specifics of any given UNIX-compatible or class of system. Rather, it attempts to be the abstraction and distillation of those class of systems, as codified by The Open Group. Please correct me if I am wrong in this idea. Linux simply simply "aims to be..." POSIX-compliant, as promulgated by the LSB, the FHS, et al. --
That all said, I totally agree with you -- especially regarding cancellation points, fork(), and documentation.
Please bear in mind that much of this behavior will be inherited from whatever libc it it compiled against. IMO, this simply shows the power of C, nothing else.
The above scenario simply points out the differences between OpenGroup/POSIX and GNU/FSF... if things like that "bug" you (no pun intended, seriously), then perhaps you should recompile with whatever "-- posixly-correct" options you have available.
And yes, I have a copy of the SUSV3 spec right here, in fact.
This ought to make RedHat, Dell, IBM, and Oracle very happy, given a few of the newer contracts with large retailers using Oracle's back-end... if you read the article closely you notice that RH takes the claim for sponsoring a bunch of the work involved in developing this.
Slashdot Mirror
the new version is called Longhorn. Does this mean it has "mad cow disease" when it's totally infested with virii like klez? I've never seen a version of Windows that could refrain from infesting itself in various ways, lending a whole new meaning to the word "promiscuity"
LOL
Ha! Ha! Someone please mod this up, I'm gonna be laughing for a few days....
(apologies to CCR, but it was just too easy)
Damn! That is just plain Coolness! For sure I saved that and plan to do it into a jpeg. Thanks for the link, man!
Just added that to my gnutella shares if anyone can't get the original... pity my poor dialup, but the song's available anyway.
Point well taken re: trusted computing. I agree completely.
That's why, in my home-based, non-commercial environ
I do not alllow binariies which I do not at least trust halfway (by purely subjective standards) in addition to the practices and procedures recommended by DoD 5200-28 STD
re: ("The user still decides what software is trusted or not.".) to which I can only say, "Bummer I still own the fsckin' machine that software might be installed on huh? Like I don't already have a few identical ones besides, and could toss this current machine out the window anytime. And could someone please prove that my actual handwritten signature carries less weight than a digital signature?
IMHO, the philosophy (and the reason for it) is the scariest part. In that regard, I strongly agree with you. It's just sad for me that a business this large seems to be required (by the people) to tell people what they should think.
T D.html
Not that this says anything great about American consumerism either; it simply says a lot about the mores of American consumerism. MS is not stupid; they are in business to make $$$ and those (economic) values will eventually clash with the moral values of their public as a whole. Other than that, what distinguishes this effort from earlier infosec security projects?
(insert instant slashdot classic here)
(think Honeywell/Orange Book) in the light of "security projects", even though the respective documents are long out of date they possibly speak volumes about the current expectations regarding information security per se.
The part about MS that truly scares me is that they seem to be willing *and able* to twist things for mass-market consumption in the name of "security".... [1] [2]
[1] and still sleep at night, regardless of the seeming fact that their motives could be driven more by internal American business needs than anything else.
[2] Not that many ppl will take the trouble to d/l and read/understand copy of www.radium.ncsc.mil/pep/library/rainbow/5200.28-S
Couldn't have said it better myself, could someone please mod this up somehow? I especially liked the part about "Consider that in a ratio"...
Makes sense to me anyway.
Thank you very much, I actually did that once with slackware linux (version 3, IIRC) on a 486. Kept it going on the same login for 187 days. The only reason that ended was because I felt like doing some kernel tweaking.
This sounds similar to the "class action" suits, except the PanIP case involves multiple defendants, it seems. Conversely, the typical USA class action suit involves multiple plaintiffs (with a single representation) and a single defendant.
I am not a lawyer; I'm just trying to draw valid general conclusions from observation.
Yes, I agree that it is possible and even routine to express reliability mathematically and to build the notion of trust into a machine. However, isn't a human (or many humans) ultimately responsible for codifying these values into a machine in the first place? Who determines that these values are desireable (or not, as the case may be)? Why do they do so? My whole point about "motives" in my previous post was that machines seem to have everything but the answer to "Why?"
On a somewhat related note, your post indicates a strong reliance on on a machine (or virtual machine) that you evidently trust, expressed in the form of a quote from dictionary.com. Where did this trust come from, and why should I trust it instead of my Oxford Unabridged, hardbound 1956 edition?
I also note with interest the link you give regarding "exploring what it means to automatically extend trust..." "... to people you do not know"
Note that I do not automatically extend trust to machines I do not know. I don't extend trust to people I do not know, either.
Depends how you define "trusted computing". In the context of the article, yes I am opposed. In the classic sense of the DoD ("orange book"), etc. I support that.
Before we all get too carried away, let's try to remember a few basics ok?
1: Trust is a human phenomenon, not a
machine state.
2: Trust implies motives. Last time I checked,
machines don't have motives. People do.
What are RMS's motives? Microsofts?
Trusted computing's motives are ???
Personally, I think the whole thing stinks of pot, kettle, black on the above mentioned bases. Regardless of all that, I fully intend to look out for myself online using Free Software/OSS to the extent I am able. (currently 100%) I believe I know what's best for me, and don't need much help from M$, RMS, or any "Initiatives".
Ignoring all the other follow-up comments, I do believe this to be insightful. My main observation drawn from experience contradicts the concept of "common sense OS security", unfortunately.The reason is simple: in the day-to-day personal and business world (U.S.) there is almost zero technical literacy among the rank-and-file. This is in sharp contrast to IT workers, if your employer is large enough to require them.
The problem seems to be as much cultural as it is technical. It seems that the business demands are "Get it done now! We'll sweat the details later!" Indeed, most of the consumer market seems to be driven by the idea that "convenience sells". How many times have you heard "I just want it to work"?
Excellence seems to be left by the wayside as the lemmings jump over the cliff of expediency. Too bad there's big rocks at the bottom of that cliff...
I can't count how many days I've wasted my breath trying to convey the difference between an app and an OS, let alone a secure one. After all, "That's just details, I just want it to work, we can fine-tune it later..."
True, true. I did my didks by reading the bootdisk-HOWTO, essentially doing it all by hand. It took a week of trial and error, but I wouldn't trade the experience and education for anything.
Man, it's good to see that name again, it's been awhile like an old friend. The first linux I ever used was slack 3.1
Before all this gets too far out of hand, let's try to remember one important thing:
It belongs to Linus, and it's up to him.
'nuff said.
too bad klez has its own snmp agent...
Too bad that line was already crossed a zillion times over by such businesses as USsearch.com. (Look at the Yahoo! people search...). Even my state (NY) sells information as a sideline business. If I could get iptables to filter on inline content also, it would make my day - and the rest of the year after that too. As you said, I delete spam out of course. However, both my bandwidth and my ISP's bandwidth have already been consumed by that point -- you need to receive it in order to delete it. And no, I'm _NOT_ going to continue changing _MY_ addy or using drop-boxes. The reason why? Because I pay for my access and my accounts for _MY_ convenience and pleasure, no one else's. 'Nuff said.
Excellent commentary, I saved it permanently. I'm not so much interested in doing a sub myself, but I have owned horn enclosures powered by tube amps (aka "valves") in the past... and I wouldn't mind building another set of them. I can seriously recommend such a setup, perhaps with an "active" sub for truly crisp and clean audio. I've got to go find some links for that stuff... Klipsch or Altec come to mind, but I don't have that kind of spare cash anymore, bummer. I do have enough time and know-how to design and build though...
True, there doesn't seem to be any smooth way for glibc to deal with this... I must have missed your point then. Please don't misunderstand about "fair" criticism; constructive criticism is always useful, and I certainly didn't think your comment was "unfair" -- just realistic. I truly hope that there are clues in this "mini-conversation" that everyone can use.
It's great that this sort of thing is being dealt with, though I'll probably never use it on my desktop to it's fullest extent. I've applied the relevant patches to my plain-vanilla 2.4.19 kernel and rebuilt; on my main workstation (dual P3/1gB ram) the difference becomes noticeable (in a good way) under heavy loads but not on the day-to-day basis. I need to find some way to measure things regarding that, if you have any ideas...
Heh, thank you for your commentary re: "legitimizing". I already work no problems, and my US taxes and loans pay my own way thru school for the 2nd or 3rd time... I'm not worried about getting work, I'm just worried about paying for an education that may be worth only bragging rights to my employers, even if they themselves won't acknowledge those bragging rights unless it's to their advantage. Never mind that I earned and pay for those out of my back pocket entirely... And for what it's worth: I love reading, especially Western Philosophy and the history thereof.
Nobody ever said that linux-specific behavior is POSIX-compliant. Last I heard, POSIX is not about the specifics of any given UNIX-compatible or class of system. Rather, it attempts to be the abstraction and distillation of those class of systems, as codified by The Open Group. Please correct me if I am wrong in this idea. Linux simply simply "aims to be..." POSIX-compliant, as promulgated by the LSB, the FHS, et al. --
That all said, I totally agree with you -- especially regarding cancellation points, fork(), and documentation.
Please bear in mind that much of this behavior will be inherited from whatever libc it it compiled against. IMO, this simply shows the power of C, nothing else.
The above scenario simply points out the differences between OpenGroup/POSIX and GNU/FSF... if things like that "bug" you (no pun intended, seriously), then perhaps you should recompile with whatever "-- posixly-correct" options you have available.
And yes, I have a copy of the SUSV3 spec right here, in fact.
Fond memories of the Burroughs B6900 at my local college here... 25 years later it was replaced by a Gateway2000 with dual Xeons...
This ought to make RedHat, Dell, IBM, and Oracle very happy, given a few of the newer contracts with large retailers using Oracle's back-end... if you read the article closely you notice that RH takes the claim for sponsoring a bunch of the work involved in developing this.
the symbian orgasm machine?