You once said, "secure software only happens when all the pieces have 100% correct behavior." I was wondering if you could elaborate on this in the sense of shipping a product every 6 months and dealing with all the mess that upstream code may send your way. How much work is it integrating various "components from outside compliers" and how crucial is this process in creating a secure system?
What are some fallacies of security? What are things that people and organizations do which make them feel secure but really have no, or, limited impact? How might they go about things more effectively?
As software becomes more and more a part of our lives--from your experience with OS development and knowledge of security--what can we do to make the world a safer and more secure place?
Do you see UNIX and the open web, such as ftp and email, being deprecated by proprietary services and protocols like dropbox and twitter, as the masses increasingly buy into these new technologies?
This is utter bullshit. Do you know how easy it is to connect to a WPA2 network with # ifconfig ? Do you know how easy it is to activate a proven secure httpd, named and other unix services including deployments such as access points and firewalls. Do you really believe iptables is easier than pf? Do you really think selinux is easy? Do you jump on every bandwagon like everyone else and now have all your tweets stored on the library of congress and all your information in the hands of facebook mark "they trust me, dumbfucks" zuckerberg? As Theo says, if you want something new and shiny off the shelf, go get it, but don't come crying later from this mentality of not knowing when to say, "wait maybe this isn't the best idea." What is so "new" that OpenBSD desperately needs? And why do you think they owe it to you? Since when has embracing the most recent release made your life easier or more secure? Would you believe a recent OpenSSH makes you more secure, because OpenBSD is the first to have it, always. Would a new pf make you more secure, because OpenBSD has it, always. What about ipsec, which OpenBSD was first to implement? I can't believe you were upvoted to 5.
Everyone who knows anything about security and follows linux distros, of which mint is popular enough for it not to slip under the radar; these people should know mint doesn't have security advisories nor mailing lists nor a security "team" such as it's grandparent distro.
What is canonical thinking? They must like stirring the shit up. What do they have to gain from doing this? They're already on everyone's shitlist.
This is so dangerous. Shutting down the INTERNET worldwide would have more drastic affects than a small nuclear explosion would have. Even if you don't think the top echelons would use this for nefarious purposes, I doubt the US government is competent enough to manage these abilities. I back this up with a bankrupt economy; we're stretched so thin and the government isn't even capable of keeping a website operational, and the NSA isn't strong enough to protect from people literally just walking away with classified information. No one should have this power.
As much as I don't like to reference pop culture, South Park is an exception. Their recent NSA episode sums this up well. People who knowingly purchase their products have no reason to complain. This especially includes the Chinese, of whom none of contract-signing age should have any doubt the nefarious uses of technology.
I'm not against the existence of the NSA. That said, I think we can all agree that the bureaucracy and oversight have failed us in several ways. Gen. Alexander spoke at Blackhat about the internal oversight which we must "trust"; media has exposed the repeated failings of said oversight, which apparently filled with individuals who are too embedded to care about rocking the boat for the common good. Then we are told the NSA is going to downsize. Then we are told Snowden went rouge and bypassed all billions of dollars worth of defense.
I think it's time we reevaluate how this whole thing works. The official solution thus seems to be to get rid of everyone except for a select few of trusted individuals who will most likely receive more frequent and thorough polygraphs etc... just to keep their job.
Since this is the solution, why not just let us the people more access to things. What I mean by this is, if I live in a city, and there are publicly bought surveillance cameras, why should I not have full access to the feed? If I see something on the street I call the police anyway.
There is a lot to this but I just thought I would share. We're going to spend more money for an continuously law-dodging centralized bureaucratic unregulated group of people who know better than we do about everything that is around us. Why not lighten the load NSA? You take care of the important stuff and let me have reasonable access to things which my tax dollars have paid for.
Re:what is the point of forking a distro ?
on
Mageia 3 Released
·
· Score: 1
OpenBSD as a complete OS includes highly modified and integrated services including DNS, Web, SSH, SMTP, NTPD; activating these components is trivial and there are no special compromises or unique approaches to doing so. OpenBSD is simple like any UNIX should be, and that simplicity means running services is quite easy and these services are secure by default. Lots of other OS may not include these patched, and in many cases, original services. If you think it's all about a service-less default install being the goal, you're being shortsighted.
All good news, but ZFS is soon going to hit a ceiling. Oracle has tightened up the license for their ZFS, and who knows if the open source version is ever going to have those features.
I couldn't have said it better. I've been running Wheezy for the past two months without issue, and when Debian 7 is released, all I need to do is aptitude update && aptitude upgrade and I will be at 7.
Slashdot Mirror
I guess he is the only person they weren't listening to.
Should say "suppliers" not "compliers"
You once said, "secure software only happens when all the pieces have 100% correct behavior." I was wondering if you could elaborate on this in the sense of shipping a product every 6 months and dealing with all the mess that upstream code may send your way. How much work is it integrating various "components from outside compliers" and how crucial is this process in creating a secure system?
If you were to pass down the role of Release Engineer and project lead, what managerial/leadership advice would you give to your successor(s)?
What are some fallacies of security? What are things that people and organizations do which make them feel secure but really have no, or, limited impact? How might they go about things more effectively?
As software becomes more and more a part of our lives--from your experience with OS development and knowledge of security--what can we do to make the world a safer and more secure place?
As a Canadian: had you gone to college in a less-than-generous country, for example the United States, would you have pursued higher education?
Do you see UNIX and the open web, such as ftp and email, being deprecated by proprietary services and protocols like dropbox and twitter, as the masses increasingly buy into these new technologies?
This is utter bullshit. Do you know how easy it is to connect to a WPA2 network with # ifconfig ? Do you know how easy it is to activate a proven secure httpd, named and other unix services including deployments such as access points and firewalls. Do you really believe iptables is easier than pf? Do you really think selinux is easy? Do you jump on every bandwagon like everyone else and now have all your tweets stored on the library of congress and all your information in the hands of facebook mark "they trust me, dumbfucks" zuckerberg? As Theo says, if you want something new and shiny off the shelf, go get it, but don't come crying later from this mentality of not knowing when to say, "wait maybe this isn't the best idea." What is so "new" that OpenBSD desperately needs? And why do you think they owe it to you? Since when has embracing the most recent release made your life easier or more secure? Would you believe a recent OpenSSH makes you more secure, because OpenBSD is the first to have it, always. Would a new pf make you more secure, because OpenBSD has it, always. What about ipsec, which OpenBSD was first to implement? I can't believe you were upvoted to 5.
Yeah you shouldn't be held accountable for every cent. The US government on the other hand cannot account for trillions and that's justifiable.
https://supporters.eff.org/shop/laptop-camera-cover-set
Everyone who knows anything about security and follows linux distros, of which mint is popular enough for it not to slip under the radar; these people should know mint doesn't have security advisories nor mailing lists nor a security "team" such as it's grandparent distro. What is canonical thinking? They must like stirring the shit up. What do they have to gain from doing this? They're already on everyone's shitlist.
This is so dangerous. Shutting down the INTERNET worldwide would have more drastic affects than a small nuclear explosion would have. Even if you don't think the top echelons would use this for nefarious purposes, I doubt the US government is competent enough to manage these abilities. I back this up with a bankrupt economy; we're stretched so thin and the government isn't even capable of keeping a website operational, and the NSA isn't strong enough to protect from people literally just walking away with classified information. No one should have this power.
They could also have an extremely complex sudo setup.
As much as I don't like to reference pop culture, South Park is an exception. Their recent NSA episode sums this up well. People who knowingly purchase their products have no reason to complain. This especially includes the Chinese, of whom none of contract-signing age should have any doubt the nefarious uses of technology.
we mutually pledge to each other our Lives, our Fortunes and our sacred Honor Oh wait; NSA I didn't mean that. Let's all just be Facebook friends.
Is selling your company for billions of dollars considered failure? I'd love to cash out at 1% of that and enjoy the rest of my life.
I'm not against the existence of the NSA. That said, I think we can all agree that the bureaucracy and oversight have failed us in several ways. Gen. Alexander spoke at Blackhat about the internal oversight which we must "trust"; media has exposed the repeated failings of said oversight, which apparently filled with individuals who are too embedded to care about rocking the boat for the common good. Then we are told the NSA is going to downsize. Then we are told Snowden went rouge and bypassed all billions of dollars worth of defense. I think it's time we reevaluate how this whole thing works. The official solution thus seems to be to get rid of everyone except for a select few of trusted individuals who will most likely receive more frequent and thorough polygraphs etc... just to keep their job. Since this is the solution, why not just let us the people more access to things. What I mean by this is, if I live in a city, and there are publicly bought surveillance cameras, why should I not have full access to the feed? If I see something on the street I call the police anyway. There is a lot to this but I just thought I would share. We're going to spend more money for an continuously law-dodging centralized bureaucratic unregulated group of people who know better than we do about everything that is around us. Why not lighten the load NSA? You take care of the important stuff and let me have reasonable access to things which my tax dollars have paid for.
Well that is certainly a Grade A analysis.
OpenBSD as a complete OS includes highly modified and integrated services including DNS, Web, SSH, SMTP, NTPD; activating these components is trivial and there are no special compromises or unique approaches to doing so. OpenBSD is simple like any UNIX should be, and that simplicity means running services is quite easy and these services are secure by default. Lots of other OS may not include these patched, and in many cases, original services. If you think it's all about a service-less default install being the goal, you're being shortsighted.
All good news, but ZFS is soon going to hit a ceiling. Oracle has tightened up the license for their ZFS, and who knows if the open source version is ever going to have those features.
Well Reddit is suffering a massive DDoS, strangely.
I couldn't have said it better. I've been running Wheezy for the past two months without issue, and when Debian 7 is released, all I need to do is aptitude update && aptitude upgrade and I will be at 7.
Just change your environment variable, troll.
Can't tell if you're be sarcastic. Trolling advances in security? Why?