If OSS becomes mainstream, the ratio of 'ethical hacker' to 'malcontent' will dip, such that there are more malcontents involved in the process. Do you really think the 'post it on Usenet or a listserv, then cooperatively come up with patches and everybody does their update' model of security will scale well, once the people using the OSS platforms are no longer limited to ardent advocates of said platforms? You're wrong if you think so.
"Race conditions" in emacs are more the equivalent of defects in Visual Studio. And even more since people sit in emacs for often long periods of time even on 'production' machines that no development is being done on. Many admins use emacs as their 'window manager' of sorts, which means emacs is fairly critical.
Is that old salty shopworn 'Government Computer News' story available anywhere on a.gov domain? I have forever and ever only seen it cited from that same tired link over and over.
It would be really cool if there was more than once single cite on a.com link.
It's okay that you qualified the word 'OpenBSD' ahead of the word 'firewall' in your text. But the word 'OpenBSD' is irrelevant in the context you used it. It could have been a well configured firewall running on any old operating system that supports firewall functionality and is properly configured and kept up to date.
There have been updates to every Operating System in existence to close security holes. That includes the one that you're heaping praise on.
The architectural drawings and load calculations are all established and common knowledge. You do NOT have to hire an architect to build an everyday home.
Only if that particular piece of software is part of your embedded solution. And since your product only uses a small subset of the whole of a Linux OS, you can strip out stuff with potential bugs that you don't use, and very very rigorously test the parts you do use.
Plus, unless you're talking about a very, very high volume product, your firmware will probably be flashed or in a socketed OTP. Masked ROM, let alone masked code right in the embedded controller, is expensive and not commonly used. I bet there isn't a product out there with Linux masked into a chip.
Yes, and given the quality of code engineers commonly produce,
Whoops. We're right back up to the allegory again.
How about you go over there and write some specifications and fancy documentation while we finish the code. You can use all your latest 'scientific' methods to produce test cases for the QA people to use. We'll have code for you to test in a little while.
No, the functionality is not "nice"; if it were, we wouldn't have to upgrade our complete set of modules every time we install a new kernel.
You don't get it. It's 'nice' for the developers integrating the embedded Linux solution, because their 'binary driver module' can remain closed source and just drop into a stock linux kernal. It matters to them not a single bit wether it works with any other version of stock linux kernal. And for their purposes, they can recompile a new closed-source binary module if and when they switch to a new kernal build or version. From the point of view of the embedded developers the binary module interface is a complete non-problem.
As to the issue of the company 'pointing to a source' or having that stock source tarball on an FTP site somewhere... It's completely irrelevant. We're talking about the tarball that anybody can download from any website that serves out stock linux kernal source tarballs. Sure, they can put it on their web site. Nobody cares either way, except for someone who just wants to hassle embedded linux device vendors for a formality.
If it's an embedded application, it only needs to run on one version. The version specifically bundled with it on ROM/Flash/Disk storage inside the device. It will be rigorously tested against that specific version, and any and all other versions are irrelevant.
I remember with nostalgia how the old-school Apple zealots felt they were 'taking on the evile empire' whenever they went into a rant about the evils of IBM.
Then a few years later, OEM drives labeled as being from IBM started showing up inside Macintosh enclosures. A few years after that all the PowerPC hype spun up, which included Apple, IBM, and Motorola (Motorola mostly as a victim as they have better business opportunities to take advantage of than dicksize wars in the desktop processor market).
And now, the strong anything-but-Microsoft coalition, with a VERY vocal contingent of all those Apple zealots, is cheering on big old Monolithic IBM as their savior.
FreeBSD isn't as portable as NetBSD, nor is the kind of advantage in hardware support for desktop OSes needed in an embedded device application.
Plus, you're not as likely to hear about products that embed one of the BSD OSes, as there's no reason for the company to disclose they're using a BSD.
His 'job title' doesn't matter. He's been beheaded.
The engineer, meanwhile, has the code for the 4-bit microcontroller locked down, all the QA testing has been done, and the first-release mask programmed parts are due back from Hitachi next Tuesday.
It's a plastic PQFP part that manufacturing can just solder onto the board.
Don't request the source code on CD. It's 4-bit assembly language and you just wouldn't understand...
If they take a stock kernal source tarball, configure and build, and add in their code as a stand-alone application, they're under no obligation whatsoever to release any source at all. They can point to the source for the stock Linux they incorporated into their product.
And if enough people whine and holler, they can just use NetBSD instead.
Better yet, purchase one of those cable adaptors that convert the 44-pin 2-1/2" hard drive to connect to a regular 40 pin IDE cable. Pull the drive, plug it into a desktop machine. Boot off your Slackware floppies. Run FDISK and clean off the laptop HD. Put back in the laptop.
I have purchasing authority for anything I want to buy. And I influence the purchasing decisions that my wife, our six cats, and the dog make.
Further, I only buy used stuff at auction anymore, except for food and sundries I can't purchase used.
And I know I fit nicely into the Slashdot demographic. My idea of 'new' is a tube of Z80 chips that are still in a Zilog tube and don't appear to have been opened.
If it was obviously total BS, nobody would care and there would be no point in discrediting it.
No. 'Bowling' is a highly effective piece of propadanda. In many regards a vicious pack of lies. Why is it not obvious why people would work vigorously to discredit it?
How is watching a 'documentary' that has as much credibility as an Ann Coulter hardback or an hour of Rush Limbaugh going to help us understand what influences children??
Slashdot Mirror
If OSS becomes mainstream, the ratio of 'ethical hacker' to 'malcontent' will dip, such that there are more malcontents involved in the process. Do you really think the 'post it on Usenet or a listserv, then cooperatively come up with patches and everybody does their update' model of security will scale well, once the people using the OSS platforms are no longer limited to ardent advocates of said platforms? You're wrong if you think so.
Not hardly.
"Race conditions" in emacs are more the equivalent of defects in Visual Studio. And even more since people sit in emacs for often long periods of time even on 'production' machines that no development is being done on. Many admins use emacs as their 'window manager' of sorts, which means emacs is fairly critical.
You just described a lot of personell issues that would be just as present no matter what 'brand' of software was being run in the organization.
Then you turn around and try to foist the problem on a particular 'brand' of software.
Why not take a more open view and consider it to be a complex problem, with no simple solution?
Is that old salty shopworn 'Government Computer News' story available anywhere on a .gov domain? I have forever and ever only seen it cited from that same tired link over and over.
.com link.
It would be really cool if there was more than once single cite on a
It's okay that you qualified the word 'OpenBSD' ahead of the word 'firewall' in your text. But the word 'OpenBSD' is irrelevant in the context you used it. It could have been a well configured firewall running on any old operating system that supports firewall functionality and is properly configured and kept up to date.
There have been updates to every Operating System in existence to close security holes. That includes the one that you're heaping praise on.
The architectural drawings and load calculations are all established and common knowledge. You do NOT have to hire an architect to build an everyday home.
Thanks for making my point.
That sounds like an U.L. to me. At the bare minimum, an refrigerator with Windows 98 embedded in it would have the splash screen disabled.
Only if that particular piece of software is part of your embedded solution. And since your product only uses a small subset of the whole of a Linux OS, you can strip out stuff with potential bugs that you don't use, and very very rigorously test the parts you do use.
Plus, unless you're talking about a very, very high volume product, your firmware will probably be flashed or in a socketed OTP. Masked ROM, let alone masked code right in the embedded controller, is expensive and not commonly used. I bet there isn't a product out there with Linux masked into a chip.
The fact that you had to 'interpret' so much history to make your case kinda sorta lost the arguement for you.
Yes, and given the quality of code engineers commonly produce,
Whoops. We're right back up to the allegory again.
How about you go over there and write some specifications and fancy documentation while we finish the code. You can use all your latest 'scientific' methods to produce test cases for the QA people to use. We'll have code for you to test in a little while.
No, the functionality is not "nice"; if it were, we wouldn't have to upgrade our complete set of modules every time we install a new kernel.
You don't get it. It's 'nice' for the developers integrating the embedded Linux solution, because their 'binary driver module' can remain closed source and just drop into a stock linux kernal. It matters to them not a single bit wether it works with any other version of stock linux kernal. And for their purposes, they can recompile a new closed-source binary module if and when they switch to a new kernal build or version. From the point of view of the embedded developers the binary module interface is a complete non-problem.
As to the issue of the company 'pointing to a source' or having that stock source tarball on an FTP site somewhere... It's completely irrelevant. We're talking about the tarball that anybody can download from any website that serves out stock linux kernal source tarballs. Sure, they can put it on their web site. Nobody cares either way, except for someone who just wants to hassle embedded linux device vendors for a formality.
If it's an embedded application, it only needs to run on one version. The version specifically bundled with it on ROM/Flash/Disk storage inside the device. It will be rigorously tested against that specific version, and any and all other versions are irrelevant.
Did you even read what I typed? I said that they take a stock linux kernal source tarball. They run configure on it, they build.
They make no changes whatsoever to the kernal source. Unless they need to, and then they disclose the source for those changes.
And there's nice functionality built into the linux kernal these days to implement binary plugin module device drivers.
It's pretty much a design decision for the company to decide wether or not they want to disclose source.
I remember with nostalgia how the old-school Apple zealots felt they were 'taking on the evile empire' whenever they went into a rant about the evils of IBM.
Then a few years later, OEM drives labeled as being from IBM started showing up inside Macintosh enclosures. A few years after that all the PowerPC hype spun up, which included Apple, IBM, and Motorola (Motorola mostly as a victim as they have better business opportunities to take advantage of than dicksize wars in the desktop processor market).
And now, the strong anything-but-Microsoft coalition, with a VERY vocal contingent of all those Apple zealots, is cheering on big old Monolithic IBM as their savior.
It's pretty damn amusing.
FreeBSD isn't as portable as NetBSD, nor is the kind of advantage in hardware support for desktop OSes needed in an embedded device application.
Plus, you're not as likely to hear about products that embed one of the BSD OSes, as there's no reason for the company to disclose they're using a BSD.
There's lots of embedded NetBSD out there.
His 'job title' doesn't matter. He's been beheaded.
The engineer, meanwhile, has the code for the 4-bit microcontroller locked down, all the QA testing has been done, and the first-release mask programmed parts are due back from Hitachi next Tuesday.
It's a plastic PQFP part that manufacturing can just solder onto the board.
Don't request the source code on CD. It's 4-bit assembly language and you just wouldn't understand...
Only if they've made changes to the Linux code.
If they take a stock kernal source tarball, configure and build, and add in their code as a stand-alone application, they're under no obligation whatsoever to release any source at all. They can point to the source for the stock Linux they incorporated into their product.
And if enough people whine and holler, they can just use NetBSD instead.
The Nobel Committee even gave Jimmah Carter sort of a 'Neville Chamberlain' award for his work in North Korean appeasement.
Better yet, purchase one of those cable adaptors that convert the 44-pin 2-1/2" hard drive to connect to a regular 40 pin IDE cable. Pull the drive, plug it into a desktop machine. Boot off your Slackware floppies. Run FDISK and clean off the laptop HD. Put back in the laptop.
Oh, yeah.
I have purchasing authority for anything I want to buy. And I influence the purchasing decisions that my wife, our six cats, and the dog make.
Further, I only buy used stuff at auction anymore, except for food and sundries I can't purchase used.
And I know I fit nicely into the Slashdot demographic. My idea of 'new' is a tube of Z80 chips that are still in a Zilog tube and don't appear to have been opened.
Heh.
"I hope you die before you get old."
Heh.
Talkin' 'bout degeneration.
If it was obviously total BS, nobody would care and there would be no point in discrediting it.
No. 'Bowling' is a highly effective piece of propadanda. In many regards a vicious pack of lies. Why is it not obvious why people would work vigorously to discredit it?
How is watching a 'documentary' that has as much credibility as an Ann Coulter hardback or an hour of Rush Limbaugh going to help us understand what influences children??
I've blocked so many of the images sent by Slashdot in Mozilla that I hadn't noticed. They're still displaying banner ads?
I'll help flesh out your plan.
The mysterious "5. ????" that you included is:
"5. Violate NDA."
And a step 7. needs to be added.
"7. Get sued and give all profits to original vendor."