Yes, it's ready. Secure64 has a secure operating system that was written from scratch to take advantage of the features of Itanium2 and a TPM, that is immune to rootkits and malware, that can hide the keys and sign the zone. One line in the NSD-like config, 'dnssec-automate: yes' and your zones are signed with 'best practice' key lengths and roll-over times.
But it's not open source. How could anyone trust it? Independent labs have verified the claims. Yes, we're trying to sell a product that solves a problem and we're the only company that has the secure platform to do it with.
It can act as the authoritative signer or it can plug in between your current authoritative and slaves and do a man-in-the-middle signing. No real changes to the infrastructure required.
Nothing stopping people from abusing themselves with doing it manually.
And it's DDoS resistant and does over 100,000 DNS qps, even under a DDoS attack (up to wire saturation).
But let me be fair. You can email me. I'll gladly give you my company's name. But you're so certain of your opinion that you would never buy a closed piece of software, what's the point?
It's not really an anti-piracy play. It's being able to verify and trust the image of the software you are running. You cannot trust Windows, Linux or Mac OSX from compromise, therefore you cannot trust them to do security work. If you're not concerned with security then our product isn't for you.
The software my company writes is tied to the TPM chip. What it prevents you from doing is taking a copy of our software and running it on another machine. When you register it, you then download an encrypted image for that specific TPM chip. Without systems level access to that machine and some pretty expensive hardware tools, there's no reasonable way to hack it. Of course, our entire application/OS is encrypted whereas encrypting an entire game would become a hinderence to game play. Therefore, I doubt it will take off.
But heck, it's the securiest OS on the planet be running those games. TPM is irrelevant then.
It certainly would be nice if I could use my phone as a memory stick. Engineer a USB connector on to the back and allow me to put a memory card of some sort of the memory size I choose. Better than carrying a stick and a phone and chances of separation are slimmer.
I guess answering it plugged to the back of the server in the server room would be somewhat difficult though.
I was saying that maybe it's time for a paradigm shift using the processor to do the work that it's supposed to do. I know that having generic OS's are great, but until someone does the shift, the problems of root kits and viruses are going to be there due to device drives and such running a PL0. I don't think I touted anything in this post.
Perhaps there could be an OS that wouldn't allow malware to be injected through root-trust, signed applications, memory compartmentalization with read, write, execute permissions and 4 privilege levels (instead of 2). Of course, that wouldn't be Windows or Linux or BSD or any other generic OS.
It's not like we wouldn't accept the 'official' version of the events of 9/11 if there weren't some fishy evidence. The new videos don't show anything that is conclusive. I don't see a 30 ft high fuselage, I see something a bit smaller. Yes, there is the perspective of the crappy security cameras, but there are other videos that haven't been released. If there's nothing to hide, then why not release those? Yes, the conspiracy theorist who isn't happy with the release of a video that was already released (only 10 feet back and doesn't give any different perspective).
I want to believe that people would come forth and admit something. But it's not impossible to have a small cadre of people that would be capable of doing what was done and keep it secret. My company keeps its source code secret.
The onus should be on the IP owner to get those rights, not the burden of the layperson to avoid the automatic rights given to the IP owner. What I write here shouldn't be copyrighted in anyway whatsoever. I'm giving an opinion to somebodies opinion and it's copyrighted by OSTG or ConstortiumInfo or Andy Updegrove. Since this is derivative (or is it), I don't know who owns it. Maybe I own it.
I've switched. Unfortunately, I had to purchase an old candy-colored iMac off eBay for my daughter, but my wife is througholy entrenched in the Mini. My son even wants one now too.
I'm a convicted Linux bigot, but I have seen where OSX would make my life easier if everyone I knew that ran computers would run a Mac. I will never recommend Windows to anyone ever again because of the ease with which OSX works for me.
I was at Florida Institute of Technology in Melbourne, on the fateful day in 1986. At the time, I was between classes and was writing a couldn't-take-the-hint-letter to my ex-girlfriend when I wrote, 'I have to watch the launch now.' Granted, I never sent the letter.
Perhaps there are some applications that could possibly benefit from the Itanium's better security model.
Itanium isn't x86, so comparing it to x86 is pointless. Itanium isn't going to replace x86. I work for a company that writes for the Itanium and we know that. But we can certainly do things on Itanium that x86 can't do.
Gee, to sink 10 billion in to a 'dead' chip makes me think that maybe it's not as dead as people with x86 on the brain think.
Things that people don't realize is that it's not an x86 chip. A BIOS-like OS that takes advantage of what the Itanium can do will inherently be more secure than Linux or BSD or Windows.
Just because it's a new means of distibution doesn't mean it should cost, ala the ATM.
With music, for example, a reasonable cost would be $0.10/minute of unencumbered music. That way us classical lovers and you 3-minute music lovers get charged the same amount, i.e. $8.00 for 80 minutes worth of music with should then be copyable to a CD. Or it could even be bumped up to $0.12/minute.
A movie should be treated the same way. I get to download it and watch it at my convenience, not theirs. A time-bombed file could be charged much less.
If the media companies would pull their heads out and stop thinking instant profit, I think in the long run they would make much more profit if they treated us as customers, not as criminals.
If I could download for reasonable costs, I would be more apt to be legal. But when I'm charged an arm and a leg so they can make huge profits, I look for my entertainment elsewhere.
Fortunately, you are wrong. You don't believe that closed software can be secure. Why? Sometimes bigger brains than yours or mine attempt to do something simple, like writing a secure OS that truly is secure, and they succeed. Because you don't get to see the inner workings doesn't mean that it doesn't do what it says.
The 'hood welded shut' analogy is a bit old. I agree that open source is more like a car without locks, but I still need another piece of equipment to tell me why my check engine light is on (attempt to weld the hood shut by the manufacturers). The second piece of equipment is closed and I have no idea how that works (alright, I don't know how it was programmed). How can I trust the OBD device? I trust it because it told me what was wrong with my car and I could then fix it. The package said it would tell me what's wrong and I believe it. If I told you my company has written an OS (not based on Linux, OpenBSD, Windows or other; a fundamental shift in technology) that is secure and all mathematical tests and in which other reviewers come to the conclusion that it is secure, why wouldn't you believe it is secure. Just because you can't see the code? Perhaps that chocolate bar you're eating is only chocolate flavored.
What if we could put Linux (or any OS) on top of our OS and solve the problem inherent with all general purpose OS's. And what is that problem? Execution priviledge (not the *nix or Windows file priviledge)? The ability to scan any part of memory? Invalid I/O?
I can't wait to be able to announce that our OS is truly secure to let the black/white hats at it. Should be by the end of the year (I know I keep saying this and, really, it should be by the end of the year).
It will be released to beta within the month. The actual announcement should be by Dec. 1 or Jan. 1. The entire code won't be released because we're not going to release it. What we are going to release for review (not open source) will be PL0's code. If PL0 is what we say it is, it can it be assumed that PL1,2,3 are also secure. Your last point will be addressed at the appropriate time. Our current Alpha is courting people to do just that.
As per targeting Itanium, I am impressed that you were able to glean that.
I truly believe that we will make a fundamental change in the security of computing.
I don't have the answer to how many internet facing Itanium's there are because I'm just a lowly sys admin. I know of 1 today.
How is the Itanium 'security through obscurity?' Because of compartmentalization?
Again, it's not secure no matter what you do. If you can scan memory at anytime, you can find keys and such and get what you want. Running at PL0 and PL3 and leaving out the other 2 PLs can allow any code to run in-between PL0 and PL3 and then where will you be. A 4-layer OS is the answer.
Fortunately, my company is going to announce soon with an OS that truly is secure.
I have always found it extremely annoying that Windows allows you to set a flag that makes your process invisible to the process table. Gee, I can't see what's running so I have no clue as to what's running. What SFB thought that up? (I know, it was the guy that likes to spy on what you are doing while you are working.)
Of you course you cannot make a secure OS based on the 40 year old model of dual-priviledge. This is part of the reason why OS's like Linux or Windows can never be secure.
In order to make your car to never break down would require significant engineering advances in both the drive train and electrical systems. If you stick with current OS theory, you are going to have the same problem of the dual-priviledge model.
We can compare notes this time next year and we can see if we actually do have a secure OS or you have a car that never breaks down.
Well, aren't you lucky. The company I work for has a secure OS. And not only is it secure, it can secure other OS's (at least that's what we expect). We have just gone out the door for Alpha and we should be out the door in the next few weeks for Beta and should announce by the beginning of the year.
Wouldn't it be nice to have an OS that can verify the code before you execute it?
Of course, it's not open source and so people are going to bleat about that, but we have some big brains behind it, so I'm not too worried. We may release a portion for review, but not the complete OS.
Low and behold, it's not Linux, *BSD, Solaris or even Windows. It's new.
We will release PL0 out for review. I doubt it will be open source by any means, but it will get reviewed. If PL0 is not what we say it is, i.e. secure, than we'll be eating crow. If it is secure, well then, you'll be hearing about us.
Fortunately, it's not encryption.
Built in to the chip are 16 million compartments (or priviledged memory locations limited by the 64bit address space) per PL where permissions can be set for read, write and/or execute. Imagine, for example, reading in win.exe, running a verification that win.exe is the win.exe you want to run, then setting the execute bit and running it, knowing that your win.exe is the one you wanted to run and not one that has been corrupted through other means.
Slashdot Mirror
Yes, it's ready. Secure64 has a secure operating system that was written from scratch to take advantage of the features of Itanium2 and a TPM, that is immune to rootkits and malware, that can hide the keys and sign the zone. One line in the NSD-like config, 'dnssec-automate: yes' and your zones are signed with 'best practice' key lengths and roll-over times.
But it's not open source. How could anyone trust it? Independent labs have verified the claims. Yes, we're trying to sell a product that solves a problem and we're the only company that has the secure platform to do it with.
It can act as the authoritative signer or it can plug in between your current authoritative and slaves and do a man-in-the-middle signing. No real changes to the infrastructure required.
Nothing stopping people from abusing themselves with doing it manually.
And it's DDoS resistant and does over 100,000 DNS qps, even under a DDoS attack (up to wire saturation).
We're number 22. Let's get drunk. Why don't we try to be number 1 in something? Anything that isn't a negative.
"Well, we suck, but we don't suck too much." Go vote for McCain if that's how you feel.
But let me be fair. You can email me. I'll gladly give you my company's name. But you're so certain of your opinion that you would never buy a closed piece of software, what's the point?
If your ensuring me you won't take anything from or buy anything, why should I tell you?
It's not really an anti-piracy play. It's being able to verify and trust the image of the software you are running. You cannot trust Windows, Linux or Mac OSX from compromise, therefore you cannot trust them to do security work. If you're not concerned with security then our product isn't for you.
The software my company writes is tied to the TPM chip. What it prevents you from doing is taking a copy of our software and running it on another machine. When you register it, you then download an encrypted image for that specific TPM chip. Without systems level access to that machine and some pretty expensive hardware tools, there's no reasonable way to hack it. Of course, our entire application/OS is encrypted whereas encrypting an entire game would become a hinderence to game play. Therefore, I doubt it will take off.
But heck, it's the securiest OS on the planet be running those games. TPM is irrelevant then.
It certainly would be nice if I could use my phone as a memory stick. Engineer a USB connector on to the back and allow me to put a memory card of some sort of the memory size I choose. Better than carrying a stick and a phone and chances of separation are slimmer.
I guess answering it plugged to the back of the server in the server room would be somewhat difficult though.
like white on rice.
The Internets tubes need to be tied.
You don't know me well enought to call me that.
I was saying that maybe it's time for a paradigm shift using the processor to do the work that it's supposed to do. I know that having generic OS's are great, but until someone does the shift, the problems of root kits and viruses are going to be there due to device drives and such running a PL0. I don't think I touted anything in this post.
Besides, I don't work for that company anymore.
Perhaps there could be an OS that wouldn't allow malware to be injected through root-trust, signed applications, memory compartmentalization with read, write, execute permissions and 4 privilege levels (instead of 2). Of course, that wouldn't be Windows or Linux or BSD or any other generic OS.
It's not like we wouldn't accept the 'official' version of the events of 9/11 if there weren't some fishy evidence. The new videos don't show anything that is conclusive. I don't see a 30 ft high fuselage, I see something a bit smaller. Yes, there is the perspective of the crappy security cameras, but there are other videos that haven't been released. If there's nothing to hide, then why not release those? Yes, the conspiracy theorist who isn't happy with the release of a video that was already released (only 10 feet back and doesn't give any different perspective).
I want to believe that people would come forth and admit something. But it's not impossible to have a small cadre of people that would be capable of doing what was done and keep it secret. My company keeps its source code secret.
The onus should be on the IP owner to get those rights, not the burden of the layperson to avoid the automatic rights given to the IP owner. What I write here shouldn't be copyrighted in anyway whatsoever. I'm giving an opinion to somebodies opinion and it's copyrighted by OSTG or ConstortiumInfo or Andy Updegrove. Since this is derivative (or is it), I don't know who owns it. Maybe I own it.
I've switched. Unfortunately, I had to purchase an old candy-colored iMac off eBay for my daughter, but my wife is througholy entrenched in the Mini. My son even wants one now too.
I'm a convicted Linux bigot, but I have seen where OSX would make my life easier if everyone I knew that ran computers would run a Mac. I will never recommend Windows to anyone ever again because of the ease with which OSX works for me.
I was at Florida Institute of Technology in Melbourne, on the fateful day in 1986. At the time, I was between classes and was writing a couldn't-take-the-hint-letter to my ex-girlfriend when I wrote, 'I have to watch the launch now.' Granted, I never sent the letter.
4-8-15-16-23-42
Perhaps there are some applications that could possibly benefit from the Itanium's better security model.
Itanium isn't x86, so comparing it to x86 is pointless. Itanium isn't going to replace x86. I work for a company that writes for the Itanium and we know that. But we can certainly do things on Itanium that x86 can't do.
Gee, to sink 10 billion in to a 'dead' chip makes me think that maybe it's not as dead as people with x86 on the brain think.
Though I can't wait to get an Intel Apple.
Things that people don't realize is that it's not an x86 chip. A BIOS-like OS that takes advantage of what the Itanium can do will inherently be more secure than Linux or BSD or Windows.
Just because it's a new means of distibution doesn't mean it should cost, ala the ATM.
With music, for example, a reasonable cost would be $0.10/minute of unencumbered music. That way us classical lovers and you 3-minute music lovers get charged the same amount, i.e. $8.00 for 80 minutes worth of music with should then be copyable to a CD. Or it could even be bumped up to $0.12/minute.
A movie should be treated the same way. I get to download it and watch it at my convenience, not theirs. A time-bombed file could be charged much less.
If the media companies would pull their heads out and stop thinking instant profit, I think in the long run they would make much more profit if they treated us as customers, not as criminals.
If I could download for reasonable costs, I would be more apt to be legal. But when I'm charged an arm and a leg so they can make huge profits, I look for my entertainment elsewhere.
Fortunately, you are wrong. You don't believe that closed software can be secure. Why? Sometimes bigger brains than yours or mine attempt to do something simple, like writing a secure OS that truly is secure, and they succeed. Because you don't get to see the inner workings doesn't mean that it doesn't do what it says.
The 'hood welded shut' analogy is a bit old. I agree that open source is more like a car without locks, but I still need another piece of equipment to tell me why my check engine light is on (attempt to weld the hood shut by the manufacturers). The second piece of equipment is closed and I have no idea how that works (alright, I don't know how it was programmed). How can I trust the OBD device? I trust it because it told me what was wrong with my car and I could then fix it. The package said it would tell me what's wrong and I believe it. If I told you my company has written an OS (not based on Linux, OpenBSD, Windows or other; a fundamental shift in technology) that is secure and all mathematical tests and in which other reviewers come to the conclusion that it is secure, why wouldn't you believe it is secure. Just because you can't see the code? Perhaps that chocolate bar you're eating is only chocolate flavored.
What if we could put Linux (or any OS) on top of our OS and solve the problem inherent with all general purpose OS's. And what is that problem? Execution priviledge (not the *nix or Windows file priviledge)? The ability to scan any part of memory? Invalid I/O?
I can't wait to be able to announce that our OS is truly secure to let the black/white hats at it. Should be by the end of the year (I know I keep saying this and, really, it should be by the end of the year).
It will be released to beta within the month. The actual announcement should be by Dec. 1 or Jan. 1. The entire code won't be released because we're not going to release it. What we are going to release for review (not open source) will be PL0's code. If PL0 is what we say it is, it can it be assumed that PL1,2,3 are also secure. Your last point will be addressed at the appropriate time. Our current Alpha is courting people to do just that.
As per targeting Itanium, I am impressed that you were able to glean that.
I truly believe that we will make a fundamental change in the security of computing.
I don't have the answer to how many internet facing Itanium's there are because I'm just a lowly sys admin. I know of 1 today.
How is the Itanium 'security through obscurity?' Because of compartmentalization?
Again, it's not secure no matter what you do. If you can scan memory at anytime, you can find keys and such and get what you want. Running at PL0 and PL3 and leaving out the other 2 PLs can allow any code to run in-between PL0 and PL3 and then where will you be. A 4-layer OS is the answer.
Fortunately, my company is going to announce soon with an OS that truly is secure.
Flame away (again).
I have always found it extremely annoying that Windows allows you to set a flag that makes your process invisible to the process table. Gee, I can't see what's running so I have no clue as to what's running. What SFB thought that up? (I know, it was the guy that likes to spy on what you are doing while you are working.)
Thanks for the intelligent discourse. I guess you don't know what you're talking about.
Of you course you cannot make a secure OS based on the 40 year old model of dual-priviledge. This is part of the reason why OS's like Linux or Windows can never be secure.
In order to make your car to never break down would require significant engineering advances in both the drive train and electrical systems. If you stick with current OS theory, you are going to have the same problem of the dual-priviledge model.
We can compare notes this time next year and we can see if we actually do have a secure OS or you have a car that never breaks down.
Well, aren't you lucky. The company I work for has a secure OS. And not only is it secure, it can secure other OS's (at least that's what we expect). We have just gone out the door for Alpha and we should be out the door in the next few weeks for Beta and should announce by the beginning of the year.
Wouldn't it be nice to have an OS that can verify the code before you execute it?
Of course, it's not open source and so people are going to bleat about that, but we have some big brains behind it, so I'm not too worried. We may release a portion for review, but not the complete OS.
Low and behold, it's not Linux, *BSD, Solaris or even Windows. It's new.
We will release PL0 out for review. I doubt it will be open source by any means, but it will get reviewed. If PL0 is not what we say it is, i.e. secure, than we'll be eating crow. If it is secure, well then, you'll be hearing about us.
Fortunately, it's not encryption.
Built in to the chip are 16 million compartments (or priviledged memory locations limited by the 64bit address space) per PL where permissions can be set for read, write and/or execute. Imagine, for example, reading in win.exe, running a verification that win.exe is the win.exe you want to run, then setting the execute bit and running it, knowing that your win.exe is the one you wanted to run and not one that has been corrupted through other means.
The NSF is already pretty certain.