Persistency: Data's "survival" throughout time, power breaks, etc. Persistent memory is non-volatile memory (disk, for example).
Persistency in operating system is usually achieved by writing things to disk, in order to persist them.
... could you explain what you mean when you say objects in a filesystem are forced to be serialized?
Not all data in a file system can be stored as it is in memory, because pointers, and other information must be converted to persistent form. Often objects are stored in very difficult ways to write to disk (by being spread on many small linked objects, for example). This means you must serialize the data into the disk, by converting it to a stream of 1's and 0's, that allows reconstructing the objects' structure. This requires a lot of work for every application and object implementor, as they have to create methods to serialize, and de-serialize the objects, from their normal repserentation to a persistent streamed representation.
And what orthogonal persistency is. It sure sounds good, but I would really like to know what it means.
Orthogonal persistency is persistency implemented by the underlying operating system, rather than every application writer.
The entire system state is saved to disk every once in a while, in a checkpoint.
Mechanisms are used to ensure there's always a stable/reliable checkpoint to go back to. Some schemes even let you roll back to any checkpoint in the past. Typically, checkpoints are done every 5 minutes.
Orthogonal persistency is totally transparent to applications. They seem to 'live forever', and do not need to explicitly persist or serialize their information. They can keep it represented as objects, or whatever representation they choose for their own simplicity.
Orthogonal persistency treats RAM as a cache to the disk, and thus achieves two purposes.
Simplicity: There is only non-volatile memory, rather than volatile, and non-volatile memory, that are allocated and managed separately
Performance: It is much easier to optimize this system, as there are no file caches, and memory swap areas on disk. Instead, you treat the entire RAM as a cache to the disk, allowing simpler and more powerful page caching algorithms, that do not have to guarantee things such as quick disk writes for files, as file systems do.
An amazing advantage for orthogonally persistent systems, is that due to the entire chunk of dirty pages from memory being copied to disk at once, it can sequentially move the disk heads across the disk to update all necessary areas. This process is called migration, and is a far more efficient method of updating the disk from the volatile state, than the explicit update used by current file systems.
Yet another advantage, is that due to the entire system state being preserved as a whole, more powerful security schemes can be used. The whole load-from-file process can be avoided, and with it, the security problems of identifying who has access to what file, and why.
It seems to me, the more I think about it, that file systems should be buried in the past, as the idea of mapping a hierarchy of string identifiers to serialized objects is not quite the way to do it.
Firstly, a much better user interface to objects would be a relational database the user can query anything on.
As for a system interface to objects, why force the objects to be serialized? Use orthogonal persistency. This method is more efficient, and easier for the applications. It actually makes persistency transparent, except for critical applications, that need to persist something now in which case, they can use a journalling interface.
In summary:
- Replace file system persistency with orthogonal persistency.
- Replace the hierarchic-string uesr interface with a relational database.
Actually, yeah: Even Starcraft, an RTS, *IS* a strategy game. Yes, you sure can rush, but I want to see you win a game against a Starcraft master with a rush (Hint, those people never rush, as that is quite dangerous, against many counter-rushes).
The real Starcraft masters use tactics overwhelmingly, doing dozens of frequent attacks from all directions, by dropping in strategic points, sending small attacks that expose weaknesses, surprising you with scourages on your overlords, etc. All this while developing their long-term attack, while you are busy trying to prevent them from the next attack.
They key here, that masters use, or at least I think it is, attacks that are cheap for them and expensive for the defense. I'd say this definitely is a tactic, and it beats the hell out of rushes.
Starcraft is the best RTg ames I've seen so far.
As for turn-based strategy, I hvae to admit I have a lot less experience, but FreeCIV and the original Civ games were quite featured in terms of morale, 'supply lines', etc.
Re:NOT Debian unstable!
on
Debian On DVD
·
· Score: 2
What makes IDE suck so bad?
Its an OK interface, aside for its small number of bits used to represents disk block offsets..:)
Would opensource programmers thrive, if they use a language, that requires them to provide a logical step-by-step proof of their code, side by side with the code?
Example of a function declaration, and the mathematical specification it MUST abide, with the logical proof it abides it (In plain English, as the syntax is not thought out yet):
- Define function sort.
- Function sort takes a sequence, and returns a sequence of the same type.
- The returned sequence is of the same size as the given sequence.
- For-any-element in the given sequence, there exists an identical element in the returned sequence.
- For-any-element in the returned sequence, but the first, the element before it is smaller-than or equal-to it (polymoprhic smaller-than or equal-to)
With this mathematical specification, and code that sits next to the logical steps required to prove it abides this specification, we can know for sure that sort() works correctly. Whether or not it leaks memory, is another issue, but disallowing allocation of "global" memory (side-effect allocation), and mathematically specifying memory requirements, you can ensure 0-bugs there too.
Bugs in mathematical specifications will remain the only source of problems, but those would be rare, because the mathematical code is much more trivial.
As for performance, there is nothing that the semantics of the actual code must abide to, as long as it is proven to provide the mathematical requirements. Therefore, the performance of the code should be at least as high as any other language, and depending on implementation, and the chosen semantics.
Yes, you Israelis are probably the worst terrorists on the face of earth right now. Of course you should be searched.
You are quite an ignorant fool (or maybe a troll?). The searches are particularly aimed against Palestinian and arab terror.
It's just a pity US & GB are bombing Afghanistan and not Israel. Seriously.
Huh? Bomb Israel? For what purpose exactly?
Go learn some history, and some facts about the Israeli-Palestinian conflict, and about fundamentalism, its relation to terror, and its foundation in arab countries. Then come back.
It seems like everybody is knee-jerking on this one. Do you have a reference that shows statistics on how well the tight security in Israel has caught/discouraged terrorists?
Yes, in the last year, I personally know of 3 cases, where bag-searching FOUND terrorist attempts, and minimized casualities.
In one case, the terrorist freaked out and bombed himself in the enterance, killing a few people, rather than the many inside.
In another case, a terrorist woman's bag was identified suspect and she left it and ran away, it was a bomb.
And ofcourse there are MANY many cases you don't hear about, where the bag searching counters the attempts themselves, as terrorists are in much bigger danger of being caught with no success.
Bags may contain bombs. There is nothing wrong with taking a look to verify they are not a bomb, unless you value your bag content privacy above the life of you and others.
Plus there's the esoteric Unix filetree Hmm?
The Unix file tree makes a lot of sense to me.. a lot more than the silly meaningless Windows file hierarchy.
Anyhow, what do you need to read from the tree directly for anyhow?
All your stuff use your own organization under $HOME in *nix, whereas its Windows where you have to browse and navigate throught its large, meaningless file hierarchy.
All ahead of their time technologically. All killed by stupid managment decisions. All still have freaks that refuse to acknowledge their death.
Any OS based on the desktops-dont-need-security idea, with a 0-security setting, must be forgotten and I don't see how people seriously consider using them seriously.
Living in Israel, we always had these searches, and its not that bad.
People here are totally ignoring the fact that this truly does protect against bombing attempts.
This is not so prevasive, and you'll survive a guy looking into your bag, to make sure its not a bomb.
I understand the feelings people have about the indefinite arrests, secret searches, etc. But a guy looking through your bag to make sure its not a bomb?
C++ is a lot more powerful at writing safe code, granted.
But most modern C++ code does not do bounds checking, and still uses a lot of char*'s.
In theory, a C++ library that does bounds checking and a lot of other safety-measures can be written, but it can never garbage collect (in a real way, not conservative), and manage memory automatically, meaning that dangling/illegal pointers will always exist in C++.
And Java is not immune to these issues. Consider for a moment what languages Java's VM is implemented in. How many bugs are lurking in the Java VM (or the Lisp interpreters, or Perl interpreters, or PHP/Pythn/Tcl/Tk)?
A lot less. The number of bugs in a N systems written in C, is at least a function of N.
The number of bugs of N systems written on top of a LISP, Java, or other interpreter is a function of 1 (Constant). This means that eliminating dangerous bugs is constrainted, and is a finite process.
Blaming the language is a cop-out. It's akin to blaming the failure of legislation on the English language
Blaming the language for allowing expressability of illegal things is not a cop-out, its legitimate criticism. The best/cleanest/most-powerful way, is often to not allow the mere expression of illegal/unauthorized things. As safe languages don't even let you express illegal (crashing) code, and pure capability systems don't let you even express unauthorized requests.
Re:Mac OS has never been exploited over a network
on
Linux Kernel Bugs
·
· Score: 2
The MacOS according to bugtraq has never had a single exploit over a network.
Yes it has, according to some different posts here. In any case, a server with 0 market share will probably not attract many exploit-writers.
Running Webstar on MAc OS 9.2 or older, any versions, is the safest most secure platform.
It may be safe and secure exploit-wise, if there really are no exploits, but is the false sense of security worth moving to a distant OS with few advantages and a large amount of disadvantages? I say false sense of security, because different less-used code is just as exploitable, the only difference is the motive.
Instead of a backdoor every month or two like competing OS's, it has never had a discoverred exploit, or been hacked. Actually, OpenBSD doesn't have a backdoor every month or two.
It is because the mac has no command line, no paths, no concept of root (all code is root, except micro kernel)
That's quite a contradiction.
all code is root is probably the worst security set up one could conceive, and as far from the principle of least privelege as possible.
no way to exec code from data files based on file name or file suffix
As if this is the problem with Windows security:P
no way to corrupt stack easily (call chain different than intel)
That's a system platform issue, not an OS issue. Linux can run on the same stack.
no way to creat buffer overruns from strings because most ac people and the ROMS, and OS, use length delimited pascal style strings instead of null terminated.
That doesn't resolve the problem at all. In fact, probably most buffer-overruns do NOT result from null-terminated string usage.
There are many more secure things dealing with CGI, alias paths, etc.
You're confusing different with secure. Different software will have different types of exploits, unless it is truly secure. Last time I checked, Macs were not an orthogonal persistent pure capability system, so they're not really secure.
But in summary, the US ARmy uses MAc web servers and most experts agree, that the most secure server, if price is not an issue, is a mac from a local store and Webstar.
Just like a lot of people use Slackware with their own compilations and compilation flags, so their software is different. Its not security, its a difference. It means exploting it takes some specific work, rather than exploits for the masses, that's all.
That's odd... I've grown used to any Slashdot posting about privilege elevation exploits being condescending and insulting.
Perhaps people complained about dozens of them a month being such, but their existence in ACL systems is recognized as inevitable.
Where are the accusations of carelessness on the part of the programmers?
Again, nobody would bash Microsoft programmers for an occasional bug. But that's simply not the case at Microsoft.
How about the shots at the intelligence of the administrators?
Now that's utter bull. Shots at the intelligence of admins? How is it relevant here?
People refer to the stupidity of Windows admins after a second worm using the same exploit successfully spreads itself, even though a patch has existed long before the first one.
When a successful worm uses this exploit successfully, then it would be relevant to call Linux admins idiots.
Oh, this is a Linux bug? How convenient....
How rare, too:)
I'd continue to rant, but I have a worm to write.
Yeah, and how will it spread, exactly?
Anyhow, if you could, it would be a nice test of Admin stupidity, and my guess is that Linux admins would pass the test - thus your worm would Fail.
Re:It's been an off week for open source.
on
Linux Kernel Bugs
·
· Score: 2
This is so typical to ACL systems.
It is explained well in "The Confused Deputy" article.
Mac/Win/*nix security systems are truly a failure.
No! Good security is fail-closed security: Thus good security is a pure capability system.
In *nix (and Windows, ofcourse), there are millions of requests one can request, and a bug in any of each will open security holes.
In pure capability systems, the only requests you can express, are the ones you are authorized to perform.
This means that security is a lot more fail-closed, because bugs do not escalate your authorization, except for specific capability-handing logic bugs.
This narrows down the amount of code that can damage security by orders of magnitude, and simplifies the system a lot. No longer will race conditions, ACL test failures, buffer overflows, or other cryptic bugs grant authorization escalation. Now it would have to be high-level capability-granting logic bugs. In a much smaller, well-debugged system, of a fixed-code-size (rather than the ever-larging *nix trusted codebase).
But I've always wondered exactly who's looking through all this code? Apparently not enough people if a bug this big has lasted this long.
So enough people is defined as the minimum amount of people required to eliminate bugs between two kernel releases, aka, a few weeks?
Mathematically speaking, the less time you allow for bug discovery, the more, a lot more, people looking at the code you need. As you limit to 0 time for every bug discovery, you limit to infinity of people required, its asymptotic
Ofcourse there'll be undiscovered bugs, until all code is mathmetically proven correct.
Ofcourse undiscovered bugs will remain dangerous, for as long as we use dangerous languages (C, C++, etc.)
MS had it too easy for too long regarding security issues, especially with the news media reporting Outlook vulnerabilitys not as they really are, as a design flaw in Outlook, but as "e-mail viruses."
They are a flaw in Windows itself, mainly.
This flaw is a flaw of *nix systems as well, and the flaw is using ACL's, rather than Capability systems.
Read the Confused Deputy paper for more information.
Understand this, that "refugees" from the original israel would be long dead since it had not existed for a very very long time.
How is it relevant? At the time of the creation, many refugees existed, and there was not a single country in the world where Jews were free of all prosecution.
Jews could not trust countries to protect them from the holocaust reoccuring. The only real solution is to create their own country, and the only people they can trust to do this - are themselves.
The Americans and the British, and other countries, did not bomb concentration camps when they could, and could not be trusted with the fight of Jewish prosecution.
Displacing the native people of the region with new settlers that are adverse to them is what brillant?
The native people were not forcably 'displaced'.
The Jewish who came to Israel, before the holocaust, bought lands with money.
After the Jewish people were brutally murdered in the events of 1921, and 1929, the Jews of Israel set up some defensive organizations to protect themselves.
The UN's division plan of 1947 was accepted by the Jews of Israel, and rejected by the Arabs of the region.
They chose to violently attack the new state, instead. Arab leaders around Israel called the native people to leave Israel for reasons of ethnic purification, and because they will surely get rid of Israel soon. The native people left of their own free will, and as part of wars that were initiated by the arab side.
Refugees from eastern europe, russia, and elsewhere would of been welcomed in numerous countries after the war.
Israel was being set up long before the war. It started back in the 19th century. Back in 1927, America officially closed its doors to Jewish immigration, leaving Jews with nowhere to go. In the 30's, the only place Jews could run from the Nazis to, was Israel.
After the holocaust, refugees had other countries to go to, but that is far too late, and Israel was already set up in the region.
Again, the Jews cannot trust their fate to another nation again. Prosecution cannot be stopped by any other, but themselves, and their own state. You must understand that there were times it was the only answer to prosecution, and even now, there is Jewish prosecution all over the world.
Isreal was created out of pity and ignorance and now exists as a state that indiscriminately enforces a policy of revenge and proactive killings.
Israel was created out of the holocaust, as a trusty home for Jews, where they are safe from prosecution, which was unprecedented for thousands of years.
Israel enforces a policy of striking terrorists, under the principle of self-defense, killing people who are known to be involved in acts of killing innocent people.
I wouldn't call that revenge or proactive killing.
It sickens me to see people refer to listening to stolen music or watching pirated movies as their civil liberties.
Being terrorized and attacked due to their determination of me holding "copyrighted meterial" is violating my civil liberties.
A) They cannot determine with certainty that I actually performed any illegal action, due to the uncertainty that the song/whatever is actually copyrighted, and also due to the fact it is not necessarily illegal to export copyrighted meterial, by accident/etc.
B) If whenever you illegally throw a piece of paper in the street, or whatever, I break into your house and mess it up, I'm breaking your civil liberties. The broken civil liberties are NOT of throwing papers in the street.
If the RIAA take the law into their own hands, and cannot be stopped legally, maybe citizens should take the law into their own hands, and fight back too.
RIAA is trying to terrorize civilians, by first trying to legalize cracking into computers, and now with DoS attacks.
How about putting back a fight?
If they have too much money, and the legal system is too corrupt to handle it, there are plenty of other means available to American citizens, and not all of them are legal, but perhaps it is worth it?
Its often not great code, but its not THAT bad.
Some of it is pretty damn good.
Note that as it is arguably good or bad in terms of style and methodologies, its definitely good in terms of running correctly and efficiently, which also counts for a lot.
Slashdot Mirror
Persistency in operating system is usually achieved by writing things to disk, in order to persist them.
Not all data in a file system can be stored as it is in memory, because pointers, and other information must be converted to persistent form. Often objects are stored in very difficult ways to write to disk (by being spread on many small linked objects, for example). This means you must serialize the data into the disk, by converting it to a stream of 1's and 0's, that allows reconstructing the objects' structure. This requires a lot of work for every application and object implementor, as they have to create methods to serialize, and de-serialize the objects, from their normal repserentation to a persistent streamed representation.
And what orthogonal persistency is. It sure sounds good, but I would really like to know what it means.
Orthogonal persistency is persistency implemented by the underlying operating system, rather than every application writer.
The entire system state is saved to disk every once in a while, in a checkpoint.
Mechanisms are used to ensure there's always a stable/reliable checkpoint to go back to. Some schemes even let you roll back to any checkpoint in the past. Typically, checkpoints are done every 5 minutes.
Orthogonal persistency is totally transparent to applications. They seem to 'live forever', and do not need to explicitly persist or serialize their information. They can keep it represented as objects, or whatever representation they choose for their own simplicity.
Orthogonal persistency treats RAM as a cache to the disk, and thus achieves two purposes.
Simplicity: There is only non-volatile memory, rather than volatile, and non-volatile memory, that are allocated and managed separately
Performance: It is much easier to optimize this system, as there are no file caches, and memory swap areas on disk. Instead, you treat the entire RAM as a cache to the disk, allowing simpler and more powerful page caching algorithms, that do not have to guarantee things such as quick disk writes for files, as file systems do.
An amazing advantage for orthogonally persistent systems, is that due to the entire chunk of dirty pages from memory being copied to disk at once, it can sequentially move the disk heads across the disk to update all necessary areas. This process is called migration, and is a far more efficient method of updating the disk from the volatile state, than the explicit update used by current file systems.
Yet another advantage, is that due to the entire system state being preserved as a whole, more powerful security schemes can be used. The whole load-from-file process can be avoided, and with it, the security problems of identifying who has access to what file, and why.
It seems to me, the more I think about it, that file systems should be buried in the past, as the idea of mapping a hierarchy of string identifiers to serialized objects is not quite the way to do it.
Firstly, a much better user interface to objects would be a relational database the user can query anything on.
As for a system interface to objects, why force the objects to be serialized? Use orthogonal persistency. This method is more efficient, and easier for the applications. It actually makes persistency transparent, except for critical applications, that need to persist something now in which case, they can use a journalling interface.
In summary:
- Replace file system persistency with orthogonal persistency.
- Replace the hierarchic-string uesr interface with a relational database.
Need I say more? :)
Actually, yeah: Even Starcraft, an RTS, *IS* a strategy game. Yes, you sure can rush, but I want to see you win a game against a Starcraft master with a rush (Hint, those people never rush, as that is quite dangerous, against many counter-rushes).
The real Starcraft masters use tactics overwhelmingly, doing dozens of frequent attacks from all directions, by dropping in strategic points, sending small attacks that expose weaknesses, surprising you with scourages on your overlords, etc. All this while developing their long-term attack, while you are busy trying to prevent them from the next attack.
They key here, that masters use, or at least I think it is, attacks that are cheap for them and expensive for the defense. I'd say this definitely is a tactic, and it beats the hell out of rushes.
Starcraft is the best RTg ames I've seen so far.
As for turn-based strategy, I hvae to admit I have a lot less experience, but FreeCIV and the original Civ games were quite featured in terms of morale, 'supply lines', etc.
What makes IDE suck so bad? :)
Its an OK interface, aside for its small number of bits used to represents disk block offsets..
Would opensource programmers thrive, if they use a language, that requires them to provide a logical step-by-step proof of their code, side by side with the code?
Example of a function declaration, and the mathematical specification it MUST abide, with the logical proof it abides it (In plain English, as the syntax is not thought out yet):
- Define function sort.
- Function sort takes a sequence, and returns a sequence of the same type.
- The returned sequence is of the same size as the given sequence.
- For-any-element in the given sequence, there exists an identical element in the returned sequence.
- For-any-element in the returned sequence, but the first, the element before it is smaller-than or equal-to it (polymoprhic smaller-than or equal-to)
With this mathematical specification, and code that sits next to the logical steps required to prove it abides this specification, we can know for sure that sort() works correctly. Whether or not it leaks memory, is another issue, but disallowing allocation of "global" memory (side-effect allocation), and mathematically specifying memory requirements, you can ensure 0-bugs there too.
Bugs in mathematical specifications will remain the only source of problems, but those would be rare, because the mathematical code is much more trivial.
As for performance, there is nothing that the semantics of the actual code must abide to, as long as it is proven to provide the mathematical requirements. Therefore, the performance of the code should be at least as high as any other language, and depending on implementation, and the chosen semantics.
Yes, you Israelis are probably the worst terrorists on the face of earth right now. Of course you should be searched.
You are quite an ignorant fool (or maybe a troll?). The searches are particularly aimed against Palestinian and arab terror.
It's just a pity US & GB are bombing Afghanistan and not Israel. Seriously.
Huh? Bomb Israel? For what purpose exactly?
Go learn some history, and some facts about the Israeli-Palestinian conflict, and about fundamentalism, its relation to terror, and its foundation in arab countries. Then come back.
It seems like everybody is knee-jerking on this one. Do you have a reference that shows statistics on how well the tight security in Israel has caught/discouraged terrorists?
Yes, in the last year, I personally know of 3 cases, where bag-searching FOUND terrorist attempts, and minimized casualities.
In one case, the terrorist freaked out and bombed himself in the enterance, killing a few people, rather than the many inside.
In another case, a terrorist woman's bag was identified suspect and she left it and ran away, it was a bomb.
And ofcourse there are MANY many cases you don't hear about, where the bag searching counters the attempts themselves, as terrorists are in much bigger danger of being caught with no success.
Totalitarian control freaks?
Bags may contain bombs. There is nothing wrong with taking a look to verify they are not a bomb, unless you value your bag content privacy above the life of you and others.
Plus there's the esoteric Unix filetree
Hmm?
The Unix file tree makes a lot of sense to me.. a lot more than the silly meaningless Windows file hierarchy.
Anyhow, what do you need to read from the tree directly for anyhow?
All your stuff use your own organization under $HOME in *nix, whereas its Windows where you have to browse and navigate throught its large, meaningless file hierarchy.
All ahead of their time technologically. All killed by stupid managment decisions. All still have freaks that refuse to acknowledge their death.
Any OS based on the desktops-dont-need-security idea, with a 0-security setting, must be forgotten and I don't see how people seriously consider using them seriously.
Living in Israel, we always had these searches, and its not that bad.
People here are totally ignoring the fact that this truly does protect against bombing attempts.
This is not so prevasive, and you'll survive a guy looking into your bag, to make sure its not a bomb.
I understand the feelings people have about the indefinite arrests, secret searches, etc. But a guy looking through your bag to make sure its not a bomb?
You'll live.
As an Israeli, I know that this should be moderated insightful, and not funny.
C++ is a lot more powerful at writing safe code, granted.
But most modern C++ code does not do bounds checking, and still uses a lot of char*'s.
In theory, a C++ library that does bounds checking and a lot of other safety-measures can be written, but it can never garbage collect (in a real way, not conservative), and manage memory automatically, meaning that dangling/illegal pointers will always exist in C++.
C++ is still unsafe, deal with it.
What other languages would you suggest for kernel development?
Common LISP (Vapour), Java (JavaOS), etc.
And Java is not immune to these issues. Consider for a moment what languages Java's VM is implemented in. How many bugs are lurking in the Java VM (or the Lisp interpreters, or Perl interpreters, or PHP/Pythn/Tcl/Tk)?
A lot less. The number of bugs in a N systems written in C, is at least a function of N.
The number of bugs of N systems written on top of a LISP, Java, or other interpreter is a function of 1 (Constant). This means that eliminating dangerous bugs is constrainted, and is a finite process.
Blaming the language is a cop-out. It's akin to blaming the failure of legislation on the English language
Blaming the language for allowing expressability of illegal things is not a cop-out, its legitimate criticism. The best/cleanest/most-powerful way, is often to not allow the mere expression of illegal/unauthorized things. As safe languages don't even let you express illegal (crashing) code, and pure capability systems don't let you even express unauthorized requests.
The MacOS according to bugtraq has never had a single exploit over a network.
:P
Yes it has, according to some different posts here. In any case, a server with 0 market share will probably not attract many exploit-writers.
Running Webstar on MAc OS 9.2 or older, any versions, is the safest most secure platform.
It may be safe and secure exploit-wise, if there really are no exploits, but is the false sense of security worth moving to a distant OS with few advantages and a large amount of disadvantages? I say false sense of security, because different less-used code is just as exploitable, the only difference is the motive.
Instead of a backdoor every month or two like competing OS's, it has never had a discoverred exploit, or been hacked.
Actually, OpenBSD doesn't have a backdoor every month or two.
It is because the mac has no command line, no paths, no concept of root (all code is root, except micro kernel)
That's quite a contradiction.
all code is root is probably the worst security set up one could conceive, and as far from the principle of least privelege as possible.
no way to exec code from data files based on file name or file suffix
As if this is the problem with Windows security
no way to corrupt stack easily (call chain different than intel)
That's a system platform issue, not an OS issue. Linux can run on the same stack.
no way to creat buffer overruns from strings because most ac people and the ROMS, and OS, use length delimited pascal style strings instead of null terminated.
That doesn't resolve the problem at all. In fact, probably most buffer-overruns do NOT result from null-terminated string usage.
There are many more secure things dealing with CGI, alias paths, etc.
You're confusing different with secure. Different software will have different types of exploits, unless it is truly secure. Last time I checked, Macs were not an orthogonal persistent pure capability system, so they're not really secure.
But in summary, the US ARmy uses MAc web servers and most experts agree, that the most secure server, if price is not an issue, is a mac from a local store and Webstar.
Just like a lot of people use Slackware with their own compilations and compilation flags, so their software is different. Its not security, its a difference. It means exploting it takes some specific work, rather than exploits for the masses, that's all.
That's odd... I've grown used to any Slashdot posting about privilege elevation exploits being condescending and insulting.
:)
Perhaps people complained about dozens of them a month being such, but their existence in ACL systems is recognized as inevitable.
Where are the accusations of carelessness on the part of the programmers?
Again, nobody would bash Microsoft programmers for an occasional bug. But that's simply not the case at Microsoft.
How about the shots at the intelligence of the administrators?
Now that's utter bull. Shots at the intelligence of admins? How is it relevant here?
People refer to the stupidity of Windows admins after a second worm using the same exploit successfully spreads itself, even though a patch has existed long before the first one.
When a successful worm uses this exploit successfully, then it would be relevant to call Linux admins idiots.
Oh, this is a Linux bug? How convenient....
How rare, too
I'd continue to rant, but I have a worm to write.
Yeah, and how will it spread, exactly?
Anyhow, if you could, it would be a nice test of Admin stupidity, and my guess is that Linux admins would pass the test - thus your worm would Fail.
This is so typical to ACL systems.
It is explained well in "The Confused Deputy" article.
Mac/Win/*nix security systems are truly a failure.
No! Good security is fail-closed security: Thus good security is a pure capability system.
In *nix (and Windows, ofcourse), there are millions of requests one can request, and a bug in any of each will open security holes.
In pure capability systems, the only requests you can express, are the ones you are authorized to perform.
This means that security is a lot more fail-closed, because bugs do not escalate your authorization, except for specific capability-handing logic bugs.
This narrows down the amount of code that can damage security by orders of magnitude, and simplifies the system a lot. No longer will race conditions, ACL test failures, buffer overflows, or other cryptic bugs grant authorization escalation. Now it would have to be high-level capability-granting logic bugs. In a much smaller, well-debugged system, of a fixed-code-size (rather than the ever-larging *nix trusted codebase).
But I've always wondered exactly who's looking through all this code? Apparently not enough people if a bug this big has lasted this long.
So enough people is defined as the minimum amount of people required to eliminate bugs between two kernel releases, aka, a few weeks?
Mathematically speaking, the less time you allow for bug discovery, the more, a lot more, people looking at the code you need. As you limit to 0 time for every bug discovery, you limit to infinity of people required, its asymptotic
Ofcourse there'll be undiscovered bugs, until all code is mathmetically proven correct.
Ofcourse undiscovered bugs will remain dangerous, for as long as we use dangerous languages (C, C++, etc.)
MS had it too easy for too long regarding security issues, especially with the news media reporting Outlook vulnerabilitys not as they really are, as a design flaw in Outlook, but as "e-mail viruses."
They are a flaw in Windows itself, mainly.
This flaw is a flaw of *nix systems as well, and the flaw is using ACL's, rather than Capability systems.
Read the Confused Deputy paper for more information.
I know my Israeli history, thank you.
Understand this, that "refugees" from the original israel would be long dead since it had not existed for a very very long time.
How is it relevant? At the time of the creation, many refugees existed, and there was not a single country in the world where Jews were free of all prosecution.
Jews could not trust countries to protect them from the holocaust reoccuring. The only real solution is to create their own country, and the only people they can trust to do this - are themselves.
The Americans and the British, and other countries, did not bomb concentration camps when they could, and could not be trusted with the fight of Jewish prosecution.
Displacing the native people of the region with new settlers that are adverse to them is what brillant?
The native people were not forcably 'displaced'.
The Jewish who came to Israel, before the holocaust, bought lands with money.
After the Jewish people were brutally murdered in the events of 1921, and 1929, the Jews of Israel set up some defensive organizations to protect themselves.
The UN's division plan of 1947 was accepted by the Jews of Israel, and rejected by the Arabs of the region.
They chose to violently attack the new state, instead. Arab leaders around Israel called the native people to leave Israel for reasons of ethnic purification, and because they will surely get rid of Israel soon. The native people left of their own free will, and as part of wars that were initiated by the arab side.
Refugees from eastern europe, russia, and elsewhere would of been welcomed in numerous countries after the war.
Israel was being set up long before the war. It started back in the 19th century. Back in 1927, America officially closed its doors to Jewish immigration, leaving Jews with nowhere to go. In the 30's, the only place Jews could run from the Nazis to, was Israel.
After the holocaust, refugees had other countries to go to, but that is far too late, and Israel was already set up in the region.
Again, the Jews cannot trust their fate to another nation again. Prosecution cannot be stopped by any other, but themselves, and their own state. You must understand that there were times it was the only answer to prosecution, and even now, there is Jewish prosecution all over the world.
Isreal was created out of pity and ignorance and now exists as a state that indiscriminately enforces a policy of revenge and proactive killings.
Israel was created out of the holocaust, as a trusty home for Jews, where they are safe from prosecution, which was unprecedented for thousands of years.
Israel enforces a policy of striking terrorists, under the principle of self-defense, killing people who are known to be involved in acts of killing innocent people.
I wouldn't call that revenge or proactive killing.
It sickens me to see people refer to listening to stolen music or watching pirated movies as their civil liberties.
Being terrorized and attacked due to their determination of me holding "copyrighted meterial" is violating my civil liberties.
A) They cannot determine with certainty that I actually performed any illegal action, due to the uncertainty that the song/whatever is actually copyrighted, and also due to the fact it is not necessarily illegal to export copyrighted meterial, by accident/etc.
B) If whenever you illegally throw a piece of paper in the street, or whatever, I break into your house and mess it up, I'm breaking your civil liberties. The broken civil liberties are NOT of throwing papers in the street.
If the RIAA take the law into their own hands, and cannot be stopped legally, maybe citizens should take the law into their own hands, and fight back too.
Zionism IS a form of Racism
Yeah, giving a home to prosecuted Jewish refugees all over the world is an evil racist idea. Idiot.
RIAA is trying to terrorize civilians, by first trying to legalize cracking into computers, and now with DoS attacks.
How about putting back a fight?
If they have too much money, and the legal system is too corrupt to handle it, there are plenty of other means available to American citizens, and not all of them are legal, but perhaps it is worth it?
Its often not great code, but its not THAT bad.
Some of it is pretty damn good.
Note that as it is arguably good or bad in terms of style and methodologies, its definitely good in terms of running correctly and efficiently, which also counts for a lot.