Despite my annoyance in Dell's cutting Linux support off for their laptops, they still seem to have top of the line.
I'm running SuSE 7.3, vanilla kernel 2.2.17 -- later added on the premptible kernel patch.
My beef is my 3-year support contract will run out later this year. Taught me: always buy the 3 year on-site service contract. It is worth it. I had hinge problems so bad on my 7500 that they upgraded me to a 8000 for free since they were paying more to service the bad hinge design on the 7500 than I paid for it. The 'send-in' warrantee would have been worthless.
Only problems since then...um 1 disk replace (backups are good). And the "mode" keys (shift, ctl), seem to send stray mouse clicks/motions when held down). This happens in both Windows and Linux, so it may be a HW or BIOS problem.
Anyway -- right now, in their 2-3K price range their top of the line is little better than I have now, so it's a bum to think about upgrading.
Haven't found any laptops with memory >512M, nor multi CPU. Simply wanked up processors (which wouldn't even get me 2x and marginally larger HD's (40-50G I think is the range now, but I haven't checked their site in a while.
I think all their laptops are made in China and rebranded -- forget the company name though.
I perfectly agree about the double standards -- I don't know that it's particularly healthy for us all to become 'used' to seeing 20-30 murders/day (depending on your viewing habits).
To the person who said Video games don't cause violence, people do. Anthrax doesn't kill people -- people do. But if I just want to keep some anthrax on my kitchen shelf, or as a mantle place keepsake (perhaps in 2-3" thick hardened and rubberized polymers), like -- gee, why not? I know -- let's all go out and buy a nuke. No home should be without one...no? Nukes don't kill people -- people kill people.
I'm sorry for my sarcasm, but why do you think the army is using violence-based video games for training? Because their soldiers need some R&R? -- No -- because it is effective. Studies done ages ago, on children under 10 showed that children were more likely to act violently in a controlled tense situation after they watched cartoons with multiple violent solutions vs. watching more along the lines of Fantasia (I dunno, those broom sticks got awfully out of control in the wizard snip). Children learn by imitating. There is no magic age -- say puberty, or hitting 13 or 18 or 25 at which you are suddenly immune to brain washing and/or new learning.
Each individual is unique -- full-grown adults join cults -- with such faithfulness they will commit suicide for the cult, it is *hard* to make blanket judgments. But I know of someone who played a DnD game I wrote back in the 80's -- it was in ASCII graphics, said he felt it was similar to walking around the cube-mazes and after spending entire nights w/o sleeping playing this game, he commented that sometimes he felt like he was still in the game at work. Would he have committed violence -- I doubt it. Were their any violent depictions in a text-based ASCII game...? *Nep*.
Do most people suffer significant harm from violent video games? Probably not. Do some unstable types?... Can you honestly say no?
Think of the regular torture that passes for play among juvenile boys in school -- "rights of passage", does giving them training in worse horrors seem right? Girls can be equally evil but more often inflicting motional/psychological harm rather than physical.
Lest you think I'm conservative -- I'm not. I loved Matrix, for example -- or most sci-fi violence which is pretty removed from reality -- but training individuals in the 'first person' -- having them doing the killing and carnage...I'm a bit more uncomfortable.
If it were up to me, I probably would *not* ban such games, but I would *attempt* to control distribution to people who might be able to control themselves. Age is a poor determiner of maturity and mental-stability -- can you think of a better system -- I'd like to see one in many areas, since people mature in different ways in such vastly different ways.
Like the idea that you can be drafted and trained at age 18 to kill, but can't buy a drink seems ludicrous. To allow alcohol and tobacco with known attributable deaths ranging close to 500,000 per year in the US, while banning drugs like marijuana that has no such record is another sign of a brain-damaged government control structure. MJ may or may not have health risks, but compared to the documented problems with *legal* drugs like alcohol and tobacco -- there is nothing to indicate they cause even a fraction (as expressed as a percentage of those who might be using) of the harm -- ok, off topic rant.
If "we" were in charge, how could we devise a system that would be better? Note that we do not live in a perfect world where each child is loved and cherished and given attention during formative years. Heck -- even during pregnancy, a mother's consumption of choline will permanently affect a child's mental abilities for *life*. (Science News, Vol 160, p282, Nov 3, 2001). Note that taking choline in your diet now in the range of 500-1000 mg/day is very beneficial for brain function (note that higher levels can cause nasty side effects).
So we have all this data -- about affects of drugs and media and environment -- environment effects are *profound*. There was the case of the LA woman, kept locked up and never talked to for most of her childhood. Experts say she will *never* be able to learn language at the level of a normal English speaker.
I could go on and on with examples, but I've probably already lost many readers at this point.
The point is that environmental factors and training (like first person action-violence games) do affect development, mood and personality. It affects each individual uniquely and there is no great formula for determining in advance who should be trained as a "killer" (in a mostly peace time society) and who should not.
Remember the Voyager Episode where they visited the planet where violent thoughts were 'illegal', even trafficked in like illegal drugs? It was a commentary on an extreme form of social control -- but if it worked for them, and the people were happy, who are we to judge their paradise.
Pretend that crime is not a *given* in any society. Pretend for a moment that it is a controllable variable controllable by deliberate planning for children's education from near birth.
It's like we assume that 2-3 years to be potty trained are 'normal' -- but in most other countries its 1 year. Always check your biases and societally taught "common knowledge". It is suspect and it is flawed.
I had the same problems with the hinges, but was
smart enough to purchase the next business day, on site, repair service. I've gone through 3
keyboards, 3 hard disks, and about 6 hinge
replacements before they put a stop on my account,
claiming that their costs in repairing were exceeding the original cost of the unit -- so
they gave me a mid-range Inspiron 8000 (but
still quite an improvement, overall) replacement.
They gave me a month to transfer over all my
7500 stuff and ship it back. The new Insp came
w/WinME. And though I use Linux as my primary
OS, I keep Windows around for compat. The WinME
was a plague. Crashed more often, software
incompat's all over the place. Called microsoft
about Installation support for a new product. They couldn't fix it and turned it over to 2nd level support staff. 2nd level said that internally, their team tried winME but went back to win98SE because of reliability problems. He claims winXP is better than either of them in terms of reliability. I'm concerned about more
compat problems and invasion of privacy, loss of
control over my computer with a winXP upgrade --
for example WinME wouldn't let you delete various
files -- it would automatically restore them in
real time if they were deleted -- even if you
didn't want them. You couldn't kill the service
that did the restoring -- it would immediately respawn. I finally went back to win98 as a
'fresh' install -- lost my registry, and it was
a nightmare. All, of course, unsupported by
Dell or MS. In fact Dell sucks at SW support. They only support installation and only within the first 30 days of service -- even though I had a 3 year support contract (only applies to HW).
What I learned: Always buy next day on site service. Buy a new computer when the old contract
expires and sell the old one on ebay or whatever.
The hinges are better on the 8000, but they still
aren't as strong as I'd like. Have had it since
August and they've already got some 'play' in them.
Instead of using hinges tubes that go all the way
across, they use stubs that only connect at
the outside edges. Another big quality issue
(the whole thing is OEM'ed from a 3rd party in
China -- Dell just label's them) is the use of
cast-iron (soft) metal for the bases in the
computer that the screws screw into. Also
a problem is that the screws are *tiny*. Maybe
3/32 - 1/16th thick. The heads were often
breaking off leaving the screws in the base --
which meant the whole base had to be replaced.
I suggested quality improvements *many* times over
the life of my 7500.
I think your problem is that you aren't costing them enough -- since you have to send it in, it
doesn't require them near as much money per/repair.
Of course, I was told by different people different stories -- like I was special in having
so many 7500 problems, but some told the truth
that it was just bad construction.
Good luck -- and maybe verbal persistence along with letters to the BBB might get you some
response. If that doesn't work, try to upgrade
your service contract. And if they won't, use
the problems you have had as leverage to buy
a new one -- with an onsite service contract.
I've talked to the designer on several occasions and he seems like he'd be open to designing the split keboard into a regular laptop, but the problem he runs into is getting the laptop manufacturers to pay attention. Even in marketing -- do you see Dell offering this as an alternative? Nep.
The keyboard has been out for over 6 years. The keyboard is fully configurable as well -- key remapping, sticky-keys for handicapped, also has an optional foot pedal that you can configure for a common key. A friend of mine configured hers for the ESC key since it was the longest reach key. Repeat rate...all that stuff configurable.
Now imagine two have build directly into the laptop. The locking devices could be a notched
wheel protruding slightly from the sides of the computer.
One obvious draw back: if tilted too high they'd block part of the screen.
The hard part is not getting ergo folks to produce the keyboard -- its getting the big companies like Dell, who buy their laptops fully assembled from China, to incorporate it.
The only way -- I hate to say it, it seems to effect change is for an affected person to sue the laptop manufacturer for contributing to or causing an RSI injury. OR for an already partially affected (disabled) person suing for equal access. Large companies in our system don't really listen until large sums of money and/or bad publicity are involved.
Out of college I hired into a large chip vendor. I was asked to list my 'works' and any thing I developed while I was there was theirs (there was no 'own time'.
I listed a 3-D ascii realtime role playing game I'd developed in college as my only work. (it was the early 80's, pre-PC.
Two years later -- my game had become fairly popular in the company. Word reach a speech recognition group who asked me to add speech recognition to the game. They thought it would make a great demo of their voice technology. I complied -- was fun to issue voice commands to fight, throw spells, walk,
The group was going to license my game from me for their demos -- no prob, but it hit legal and my management. They didn't want me being paid out-of-band for extra work. They tried to push the issue saying it belonged to the company, but they had to check the HR forms (which I still had a copy of as well).
There was my proof. My management forbade the other group having any more dealings with me and the project was cancelled.
Later on, I spent alot of side time developing a screen editor -- added alot of useful features for programmers (went around in my peer groups asking for things they wanted it to do). I got called on the carpet because customers started asking for it -- SE's got it from our internal sneaker net and gave it under the sly to customers. It was about 900% faster than the previous generation as well. Of course I had nothing to do with the distribution, but I was blamed. When I asked for the project officially to productize it, I was told I wasn't senior enough. After that I left the company.
The company later released the editor (on the PC as well) as the "Programmer's Editor" feature unchanged.
Real braindead management though a very profitable CPU company now...:-/
The comfort keyboard is fully adjustable from standard keyboard position/flat to full upright vertical. The individual sections also rotate along the Z-axis to allow for people of different widths. (Think of it -- a *w - i - d - e* person's hands will angle in to a keyboard from a different angle than a |thn| person's.
The adjustability helps you adjust from 'normal' to whatever degree of vertical you want. They are *great* keyboards.
They truely allow a "zero" wrist bend / torque for typing. Think of the ergonomics. Stand with hands at your side. Bend your elbows and bring your hands up. Your palms will be facing *in. Now bring your hands in till they arout a foot apart. If a keyboard was "vertical", you still have to bend your hands outward to be parallel, but if the keyboard is fully adjustable, you can adjust the keyboard on the 'Z' axis to match the natural angle of your inward bend -- a unique angle depending on your body frame size.
If you have wrist strain and work at a desk top -- this is GREAT. I wish laptop manufacturers would come up with something like this built-in (yes you can attach the keyboard as an external keyboard, but that doesn't help when you are using your laptop on your lap). Sigh.
Aeron chairs seem to be fairly state of the art in a standard office chair. It does, as someone mentioned create problems for me when I want to sit cross legged, both feet on chair. I also always seem to adjust the armrests just so that they hit my keyboard tray, so when I want to move into the monitor closely, I can't. However. All that aside, by far the most comfortable is a non-standard chair -- a 90 degree/zero-G recliner.
It won't work with a standard monitor with you sitting nose to monitor, but it can work create with a laptop. I could also see it with a keyboard/touchpad combination and a supported LCD. I'm missing a few discs in my lower back, so it's just not stable in a sitting or standing position. But in the recliner, I can get into a fully supported position that is heaven on my back. The only draw back I've run into is the heat of a laptop, but with correct equipment support, like a supported LCD and keyboard/touch pad combo, that would be history. Oh -- another problem: you don't want to get up.
As far as cost -- think of your chair as part of your professional equipment. If you are a software professional who spends a good portion of their life in a chair -- something that supports and is good for your body is essential to your long term health.
The Palm Pilot is not a computer. It wasn't
designed to be. It's a PDA. WinCE was designed
to be a computer in your palm (thus the original
name, palm PC). You can get ipaqs with 32Meg
memory, I'm told, 64K color, MP3 and video
playback and add on one of IBM's 300MB HD's that
fit in the card slot. Palm's weren't designed
with those type of resources in mind. Even my old WinCE device has more functionality -- I can type in any address in my town or in the silicon valley and it will show me a map of the area. It's limited by the 56M size that was available at the time. The thing that is a big drawback is the proprietary communications standards. If MS were to open those up, they could greatly increase their desirability...
I want to state my agreement with France's laws against hate speech. Personally, I think speech to incite violence or hatred against another group should be on par with speech to assasinate the president and planning to overthrow the government. All of those are threats to US national security -- it's a threat to Americans, it's a threat to America.
This is one area that should fall under the list of exceptions to the 'free speech'. Don't give me this "well if we do that, then we might as well censor everything else", and "who decides". The answer is simple. Speech to incite violence, hatred or intolerance of any other group of people should be *wrong*.
People often use the catch phrase "your right to swing your fist ends at my face". The problem with that view is you can't swing your fist at someone's face and not expect them to react. Once they react the chain of violence begins. Weapons are drawn and used.
Just like it's no longer considered 'free speech' to draw up a 'hit list' of people to target, hit lists or hate lists against groups of people should also be considered real threats.
Why is it not ok to target 1 person with hate speech or incentives towards violence against that person, but it is ok to target a group of people with hate speech and/or incentives towards violence? It just isn't logical.
I'm getting real tired of the "buy buy buy" culture when taken to this extreme. The encourage me to buy *useless* lower quality drivel and then later on allow me to by stuff they should have released in the first place.
Other examples -- Herc/Xena released on VHS then DVD. Now they are releasing whole Xena series in VHS only. What a waste of shelf space.
Another waist -- "Eyes Wide Shut". They release censored version first, then later they'll probably release a "Director's Cut" -- true to Kubrik's original vision (including full screen).
I just waited until the Eurpoean version came out and bought that. It's still small-screen format but at least it doesn't have the censoring.
Of course that requires you have regionless player, and a PAL-DVD converter, but what videophile doesn't have one of those these days? Some intelligent countried *ban* DVD-player sales that restrict play-by-region. It's censorship, plain and simple.
Besides censorship, owning a code-free DVD player and signal converter will allow you play European movies that never make it to the US. I'm interested the French language and culture, with code-free I can purchase DVD's that are only released in France. Of course it makes it challenging to follow the story line when your French is as poor as mine, but I get to practice and often get the overall story line!
If only all of us would show *mass* intelligence and not buy the inferior products they convince us to grovel for but send a "we won't buy it" message back to the producers of this tripe -- we want the high quality stuff the first time!
-l
p.s. -- finding converters and "code-free" or "regionless" DVD players is easy via netsearch.
CAPP and LSPP are where it's at! CAPP = Controlled Access Protection Profile LSPP = Labelled Security Protection Profile Both of those are defined under the "Common Criteria". Those 2 protection profiles supercede C2 and B1 (and are supposed to be equivalent). To see the 1999 version of DoD requirements, check out http://www.rad ium.ncsc.mil/tpep/library/protection_profiles/inde x.html
This is just simply untrue. B1 requirements above the C2 auditing requirement are Mandatory Access (don't even need ACL's or CAPabilities).
MAC labels can easily added to the task struct and file system checks added at the VFS level. Kernel done. Then add MAC to a file system like ext2 or use SGI's xfs when its done being ported. Instant B1 support.
Darn nay-sayers!
If we build it, they will come...:-)
Actually...it is true: a B1 certification is only good for the exact configuration it is done on. However, getting that cert. does mean that Linux can claim to 'have' B1 security, just not cert'ed. Of course anyone can claim C2 or B1 security features (i.e. Solaris) and never have been certified.
"Some day, if ever: Meet B1 security requirements. Now that MAC categories and secure delete are implemented the way has shortened, but it is not really urgent though, since Orange Book is far out of date. "
Media can be of 2 types -- multi-level or single-level. A Multi-level media supports inclusion of MAC labels. Single:not. You simply define the Sensitivity and Integrity level of the mounted tape drive (or FAT, FAT32, normal NFS, etc).
Modeling under the Bell-LaPadula Sensitivity and Biba Integrity models (one type of MAC often used), we have a couple of rules and two groups of items: "Subjects" - things that access or do things and "Objects" things that are accessed or done to. Some things in a system can fall into both contexts depending on the situation. For example, a Subject "Process" (they do things to objects like files) could also access another process -- the accessed process would be an 'object' as far as security checks are concerned.
So Rule 1) Subjects (S) can only write to an Object (O) if the Object is at the same sensitivity level or above (O is said to "dominate" the level of S and dominate implies >-).
Rule 2) says that Subjects can only read Objects that they dominate (their sensitivity level is >= to the object's).
Biba Integrity works the same but opposite:
Rule 3) Subject can only write to Objects if Subject's Integrity >= (dominates) the Object's.
and Rule 4) Subject can only read Objects that have equivalent or greater Integrity (integ(O)>=integ(S)).
This can be *way* useful for "normal users".
Think of this: Root is allowed Integrity levels 0-2, default=1. All system files at integrity level 2 (both executables and data). Users and their files are set at integrity level 0. Implications:
1) Any file root creates has I=1 so normal users can't write to it unless the file is specifically downgraded. A subject can write to or create "downgraded" Integrity files, so root is permitted to write lower level integrity files, but this wouldn't be the default creation value. Even if root downgrades the file's Int., Discretionary Access Control (DAC) (i.e. permission bits) still apply.
2) Root can't write to/etc/passwd unless they specifically log in with S=2 or su to S=2 (requires password again).
3) Users could read these 'public' files but couldn't write to them even if the file DAC was 0777.
3) Root couldn't execute any files not in the 'system file list'. No trojans! Only if root overrides security policy and changes the state of a file to 'trusted' (@ int=1 or 2) can it be executed as root.
Now for Sensitivity, let's imagine/etc/shadow was set to 2. Say users run at S=0. Root is permitted to run at S=2 (say highest) and S=0 (lowest). Implications:
In order to modify/etc/shadow, root must relogin or su to get S=2. 'Su' to a different integrity or sensitivity level must recheck password and if the user is allowed to run at the requested levels. After root has S=2 can then read/etc/shadow in order to 'modify' it (they have to also have raised their Integrity to '2' to write to it).
So normal users can't see/etc/shadow because of MAC policy regardless if someone get's sloppy with DAC bits.
Just these "simple" applications of MAC would not greatly inconvenience any user, but an attacker gaining root (unless they do so via the password) has limited power. This means most attacks that gain 'root-shell' via a 'bug' are still pretty limited in what they can do.
Now if you add file based capabilities, root can have even less priviledge and/or ability to do damage.
Also, remember, as I've mentioned before -- if you set MAC,S=0,I=0 for everything in the system, you get traditional Unix DAC behavior.
You said "In truth, I'd be surprised if FreeBSD wanted this in the core OS. A B1 level of security can get quite annoying in situations where security is not your paramount goal. There is a lot of extra overhead to do MAC checks and MAC intentionally sort of puts people in a prison. "
All of MAC stuff is in the core of the IRIX OS. It's just that it is only turned on when booting from specially labeled (has MAC) disk.
It doesn't get in the way but should be in the core OS so people aren't as likely to break it.
MAC also doesn't have to even be turned off for a Unix system to operate 'normally' -- not even that expensive. You set all Sensitivity labels on all users and objects at 0 and Integrity at 0, and have no divisions or categories. That's a 32+32+16 bit compare which is negligible compared to file access times. In that instance, only discretionary access would actually be checked. Of course then you *could* decide to protect system files from tampering by making root run at an Integrity level of 1 and all system files also having Integrity level 1. Then MAC would prohibit lower level processes writing anything in the "System File Group" (Trusted Computing Base or TCB) and root couldn't execute anything that wasn't in the system group (no trojans). Add file based capabilities for executables and have root having no special privs (or few), and getting root access does you no good. But if you wanted to run as 'normal', just have Sens=0 for everything.
Re:I'm confused -- isn't this just Capabilities +
on
TrustedBSD Announced
·
· Score: 1
You also have to have the concept of each user being placed at a "Sensitivity" level. What the NSA director writes may be TOP Secret. What their Secretary writes may be "Confidential", that joe public visitor writes would be "Unclassified". These are hierarchical levels. Someone at 'Top Secret' can automatically read anything at a lower level that is permitted by discretionary access (ACL's and unix mode bits, for example). The person logged in at 'Top Secret' can't write material, by default, at any level below their level. Persons at lower levels cannot read anything above their level even if it's mode bits were set 0777.
Say we have los alamos lab doing "Secret" government work. All the scientists using the computer there would do all of their work at the 'secret' level. This way, 'secret chinese operative' can't leak the information to a lower level. Even printouts are to be labeled, so theoretically they couldn't walk out of the secret facility w/a secret document (in practice physical security may be harder to enforce). Things like the camera in your watch might escape detection.
I'm not sure how you would implement such a scheme in any straightforward way using ACLS and CAP lists.
For purposes of writing compatible programs, reverse engineering of a player program is specifically allowed assuming the user lawfully obtained the program. That DeCSS removes encryption is a necessary step for a player to perform its function. The fact that someone else now provides a player for Linux isn't relevant unless the player is distributed in a form compatible with all current Linux releases and remains so in the future.
Relevent sections of the DCMA:
`(f) REVERSE ENGINEERING- (1) Notwithstanding the provisions of subsection (a)(1)(A), a person who has lawfully obtained the right to use a copy of a computer program may circumvent a technological measure that effectively controls access to a particular portion of that program for the sole purpose of identifying and analyzing those elements of the program that are necessary to achieve interoperability of an independently created computer program with other programs, and that have not previously been readily available to the person engaging in the circumvention, to the extent any such acts of identification and analysis do not constitute infringement under this title.
`(2) Notwithstanding the provisions of subsections (a)(2) and (b), a person may develop and employ technological means to circumvent a technological measure, or to circumvent protection afforded by a technological measure, in order to enable the identification and analysis under paragraph (1), or for the purpose of enabling interoperability of an independently created computer program with other programs, if such means are necessary to achieve such interoperability, to the extent that doing so does not constitute infringement under this title.
`(3) The information acquired through the acts permitted under paragraph (1), and the means permitted under paragraph (2), may be made available to others if the person referred to in paragraph (1) or (2), as the case may be, provides such information or means solely for the purpose of enabling interoperability of an independently created computer program with other programs, and to the extent that doing so does not constitute infringement under this title or violate applicable law other than this section.
`(4) For purposes of this subsection, the term `interoperability' means the ability of computer programs to exchange information, and of such programs mutually to use the information which has been exchanged.
Re:The Govt wants =MORE= security in Linux?
on
Auditing for Linux?
·
· Score: 1
As someone says later -- you don't exactly have the right idea on Mandatory Access Controls. Also, encryption is not considered security -- since anything that is encrypted can *eventually* be unencrypted. That's not considered secure. They may not want to declassify a given datum for an indefinite (infinte) amount of time.
In IRIX B1, there are ACL's, sensitivity and Integrity labels (following the Bell-LaPadula and Biba models) and capabilities. BLP basically states that information can't flow downward So all user's run with a Label with S/I components. A user with S=Top Secret can't write into an object (file or dir) that has a rating less than "Top Secret". Lower levels are to have append-only access to higher-sensitivity data (like an audit trail). In addition you still have the "discretionary" access of standard unix to further control info. But an owner of a file can't downgrade the file unless they are authorized (have CAP_DOWNGRADE (or something similar)). The Integrity part means user's requiring high integrity can't read lower integrity files -- so "root", let's say, only has access to pre-approved files at some minimal level of integrity. If a user writes to a file, the resulting integrity is the lower of the two(user,file). If a user reads a file (assuming permitted), then if you allow floating user integrity, the user's integrity becomes the lower of (user's, file's). Files like/etc/passwd, are defined to be of "high integrity" and "low sensitivity" (anyone can read them). I think IRIX has a total of about 47 capabilities to manage it's B1 system. In addition to the mandatory controls, there are also ACL's.
The B2 level also requires covert channel analysis and higher levels of proof of correctness. B1 requires only 'features' that support the B1 security model and there is documentation to show how the given feature set implements B1. There's also a B3 level -- I forget what's in that, but at the A1 level, formal mathematical proofs are required from the hardware level on up.
Each system certified at a security level C2, B1 is also tied to the particular harware configuration that it is certified on. For example, it wouldn't help to cert B1, then have the user add floppy hardware they could boot from and still expect mandatory access control (B1 cert). You can still claim B1 features in the OS, but the cert is tied to 1 exact box -- no part number changes.
For a system to be B1 certified, it would likely have to only be certed standalone or on a private network that supports the Sens/Int labels on each TCP session and each udp packet.
When C2 says 'auditing', they are talking about auditing "events". Some of the auditing has to be in the kernel. For example you could choose to audit all failed open attempts, any suid/sgid, any login, any passwd change, etc. The last two are not in the kernel, the former would be. Generally you'd want to write the events to an audit device buffer. On the outside of the kernel, you have an 'auditd' that simply reads data out of the audit device (deviced owned by auditor, auditd runs as auditor) and writes it to some storage (disk, cdrom, tape, NFS filesystem, etc). You have audit records that talk about "what" (subject) to "what" (object).
Each login, cronjob, atjob, remote-login (anything that is a user or runs on behalf of a user) has a unique *auditid* (conventionally = userid at login). An "su" during the session doesn't change the audit id. Audit id's are inherited across forks, execs, threads...etc. The can only be changed by a program with "CAP_AUDIT_CONTROL".
The audit device is only writable by programs running with "CAP_AUDIT_WRITE". In Linux those CAP's would currently equate to 'root' or something similar. In a file-based capability system, you could have those capabilities on certain programs that needed it (maybe on a pam module?).
Note that on a C2 compliant system, if auditing should "stop", the desired action is to halt the system or bring it down to a maintenance mode.
Under some circumstances, you are allowed to lose events that are in memory but not yet written to disk (say in the event of a power failure). But this can also happen if something kills the audit deamon. Then the kernel just continues to fill up internal (non-ring) buffers with audit data until memory is exhausted. At which point the system is effectively halted (it hangs).
Obviously it would be real good for the auditd to not die or run out of space to write to.:-)
The DMCA prohibits working around copy protection. What the Encryption is is *play* protection -- so you can only play it in authorized players in authorized locations. This is not covered by the DMCA. Furthermore, reverse engineering for the purpose of providing compatibility is specifically allowed under the DMCA, so either way, the judge is ignorant of Federal law.
Slashdot Mirror
Despite my annoyance in Dell's cutting Linux support off for their laptops, they still seem to have top of the line.
I'm running SuSE 7.3, vanilla kernel 2.2.17 -- later added on the premptible kernel patch.
My beef is my 3-year support contract will run out later this year. Taught me: always buy the 3 year on-site service contract. It is worth it. I had hinge problems so bad on my 7500 that they upgraded me to a 8000 for free since they were paying more to service the bad hinge design on the 7500 than I paid for it. The 'send-in' warrantee would have been worthless.
Only problems since then...um 1 disk replace (backups are good). And the "mode" keys (shift, ctl), seem to send stray mouse clicks/motions when held down). This happens in both Windows and Linux, so it may be a HW or BIOS problem.
Anyway -- right now, in their 2-3K price range their top of the line is little better than I have now, so it's a bum to think about upgrading.
Haven't found any laptops with memory >512M, nor multi CPU. Simply wanked up processors (which wouldn't even get me 2x and marginally larger HD's (40-50G I think is the range now, but I haven't checked their site in a while.
I think all their laptops are made in China and rebranded -- forget the company name though.
Linda
I perfectly agree about the double standards -- I don't know that it's particularly healthy for us all to become 'used' to seeing 20-30 murders/day (depending on your viewing habits).
... Can you honestly say no?
To the person who said Video games don't cause violence, people do. Anthrax doesn't kill people -- people do. But if I just want to keep some anthrax on my kitchen shelf, or as a mantle place keepsake (perhaps in 2-3" thick hardened and rubberized polymers), like -- gee, why not? I know -- let's all go out and buy a nuke. No home should be without one...no? Nukes don't kill people -- people kill people.
I'm sorry for my sarcasm, but why do you think the army is using violence-based video games for training? Because their soldiers need some R&R? -- No -- because it is effective. Studies done ages ago, on children under 10 showed that children were more likely to act violently in a controlled tense situation after they watched cartoons with multiple violent solutions vs. watching more along the lines of Fantasia (I dunno, those broom sticks got awfully out of control in the wizard snip). Children learn by imitating. There is no magic age -- say puberty, or hitting 13 or 18 or 25 at which you are suddenly immune to brain washing and/or new learning.
Each individual is unique -- full-grown adults join cults -- with such faithfulness they will commit suicide for the cult, it is *hard* to make blanket judgments. But I know of someone who played a DnD game I wrote back in the 80's -- it was in ASCII graphics, said he felt it was similar to walking around the cube-mazes and after spending entire nights w/o sleeping playing this game, he commented that sometimes he felt like he was still in the game at work. Would he have committed violence -- I doubt it. Were their any violent depictions in a text-based ASCII game...? *Nep*.
Do most people suffer significant harm from violent video games? Probably not. Do some unstable types?
Think of the regular torture that passes for play among juvenile boys in school -- "rights of passage", does giving them training in worse horrors seem right? Girls can be equally evil but more often inflicting motional/psychological harm rather than physical.
Lest you think I'm conservative -- I'm not. I loved Matrix, for example -- or most sci-fi violence which is pretty removed from reality -- but training individuals in the 'first person' -- having them doing the killing and carnage...I'm a bit more uncomfortable.
If it were up to me, I probably would *not* ban such games, but I would *attempt* to control distribution to people who might be able to control themselves. Age is a poor determiner of maturity and mental-stability -- can you think of a better system -- I'd like to see one in many areas, since people mature in different ways in such vastly different ways.
Like the idea that you can be drafted and trained at age 18 to kill, but can't buy a drink seems ludicrous. To allow alcohol and tobacco with known attributable deaths ranging close to 500,000 per year in the US, while banning drugs like marijuana that has no such record is another sign of a brain-damaged government control structure. MJ may or may not have health risks, but compared to the documented problems with *legal* drugs like alcohol and tobacco -- there is nothing to indicate they cause even a fraction (as expressed as a percentage of those who might be using) of the harm -- ok, off topic rant.
If "we" were in charge, how could we devise a system that would be better? Note that we do not live in a perfect world where each child is loved and cherished and given attention during formative years. Heck -- even during pregnancy, a mother's consumption of choline will permanently affect a child's mental abilities for *life*. (Science News, Vol 160, p282, Nov 3, 2001). Note that taking choline in your diet now in the range of 500-1000 mg/day is very beneficial for brain function (note that higher levels can cause nasty side effects).
So we have all this data -- about affects of drugs and media and environment -- environment effects are *profound*. There was the case of the LA woman, kept locked up and never talked to for most of her childhood. Experts say she will *never* be able to learn language at the level of a normal English speaker.
I could go on and on with examples, but I've probably already lost many readers at this point.
The point is that environmental factors and training (like first person action-violence games) do affect development, mood and personality. It affects each individual uniquely and there is no great formula for determining in advance who should be trained as a "killer" (in a mostly peace time society) and who should not.
Remember the Voyager Episode where they visited the planet where violent thoughts were 'illegal', even trafficked in like illegal drugs? It was a commentary on an extreme form of social control -- but if it worked for them, and the people were happy, who are we to judge their paradise.
Pretend that crime is not a *given* in any society. Pretend for a moment that it is a controllable variable controllable by deliberate planning for children's education from near birth.
It's like we assume that 2-3 years to be potty trained are 'normal' -- but in most other countries its 1 year. Always check your biases and societally taught "common knowledge". It is suspect and it is flawed.
-l
I had the same problems with the hinges, but was
smart enough to purchase the next business day, on site, repair service. I've gone through 3
keyboards, 3 hard disks, and about 6 hinge
replacements before they put a stop on my account,
claiming that their costs in repairing were exceeding the original cost of the unit -- so
they gave me a mid-range Inspiron 8000 (but
still quite an improvement, overall) replacement.
They gave me a month to transfer over all my
7500 stuff and ship it back. The new Insp came
w/WinME. And though I use Linux as my primary
OS, I keep Windows around for compat. The WinME
was a plague. Crashed more often, software
incompat's all over the place. Called microsoft
about Installation support for a new product. They couldn't fix it and turned it over to 2nd level support staff. 2nd level said that internally, their team tried winME but went back to win98SE because of reliability problems. He claims winXP is better than either of them in terms of reliability. I'm concerned about more
compat problems and invasion of privacy, loss of
control over my computer with a winXP upgrade --
for example WinME wouldn't let you delete various
files -- it would automatically restore them in
real time if they were deleted -- even if you
didn't want them. You couldn't kill the service
that did the restoring -- it would immediately respawn. I finally went back to win98 as a
'fresh' install -- lost my registry, and it was
a nightmare. All, of course, unsupported by
Dell or MS. In fact Dell sucks at SW support. They only support installation and only within the first 30 days of service -- even though I had a 3 year support contract (only applies to HW).
What I learned: Always buy next day on site service. Buy a new computer when the old contract
expires and sell the old one on ebay or whatever.
The hinges are better on the 8000, but they still
aren't as strong as I'd like. Have had it since
August and they've already got some 'play' in them.
Instead of using hinges tubes that go all the way
across, they use stubs that only connect at
the outside edges. Another big quality issue
(the whole thing is OEM'ed from a 3rd party in
China -- Dell just label's them) is the use of
cast-iron (soft) metal for the bases in the
computer that the screws screw into. Also
a problem is that the screws are *tiny*. Maybe
3/32 - 1/16th thick. The heads were often
breaking off leaving the screws in the base --
which meant the whole base had to be replaced.
I suggested quality improvements *many* times over
the life of my 7500.
I think your problem is that you aren't costing them enough -- since you have to send it in, it
doesn't require them near as much money per/repair.
Of course, I was told by different people different stories -- like I was special in having
so many 7500 problems, but some told the truth
that it was just bad construction.
Good luck -- and maybe verbal persistence along with letters to the BBB might get you some
response. If that doesn't work, try to upgrade
your service contract. And if they won't, use
the problems you have had as leverage to buy
a new one -- with an onsite service contract.
-l
I miss my "Comfort Keyboard" (www.comfortkeyboard.com/).
I've talked to the designer on several occasions and he seems like he'd be open to designing the split keboard into a regular laptop, but the problem he runs into is getting the laptop manufacturers to pay attention. Even in marketing -- do you see Dell offering this as an alternative? Nep.
The keyboard has been out for over 6 years. The keyboard is fully configurable as well -- key remapping, sticky-keys for handicapped, also has an optional foot pedal that you can configure for a common key. A friend of mine configured hers for the ESC key since it was the longest reach key. Repeat rate...all that stuff configurable.
Now imagine two have build directly into the laptop. The locking devices could be a notched
wheel protruding slightly from the sides of the computer.
One obvious draw back: if tilted too high they'd block part of the screen.
The hard part is not getting ergo folks to produce the keyboard -- its getting the big companies like Dell, who buy their laptops fully assembled from China, to incorporate it.
The only way -- I hate to say it, it seems to effect change is for an affected person to sue the laptop manufacturer for contributing to or causing an RSI injury. OR for an already partially affected (disabled) person suing for equal access. Large companies in our system don't really listen until large sums of money and/or bad publicity are involved.
-l
Out of college I hired into a large chip vendor. I was asked to list my 'works' and any thing I developed while I was there was theirs (there was no 'own time'.
I listed a 3-D ascii realtime role playing game I'd developed in college as my only work. (it was the early 80's, pre-PC.
Two years later -- my game had become fairly popular in the company. Word reach a speech recognition group who asked me to add speech recognition to the game. They thought it would make a great demo of their voice technology. I complied -- was fun to issue voice commands to fight, throw spells, walk,
The group was going to license my game from me for their demos -- no prob, but it hit legal and my management. They didn't want me being paid out-of-band for extra work. They tried to push the issue saying it belonged to the company, but they had to check the HR forms (which I still had a copy of as well).
There was my proof. My management forbade the other group having any more dealings with me and the project was cancelled.
Later on, I spent alot of side time developing a screen editor -- added alot of useful features for programmers (went around in my peer groups asking for things they wanted it to do). I got called on the carpet because customers started asking for it -- SE's got it from our internal sneaker net and gave it under the sly to customers. It was about 900% faster than the previous generation as well. Of course I had nothing to do with the distribution, but I was blamed. When I asked for the project officially to productize it, I was told I wasn't senior enough. After that I left the company.
The company later released the editor (on the PC as well) as the "Programmer's Editor" feature unchanged.
Real braindead management though a very profitable CPU company now...:-/
http://www.comfortkeyboard.com/
The comfort keyboard is fully adjustable from standard keyboard position/flat to full upright vertical. The individual sections also rotate along the Z-axis to allow for people of different widths. (Think of it -- a *w - i - d - e* person's hands will angle in to a keyboard from a different angle than a |thn| person's.
The adjustability helps you adjust from 'normal' to whatever degree of vertical you want. They are *great* keyboards.
They truely allow a "zero" wrist bend / torque for typing. Think of the ergonomics. Stand with hands at your side. Bend your elbows and bring your hands up. Your palms will be facing *in. Now bring your hands in till they arout a foot apart. If a keyboard was "vertical", you still have to bend your hands outward to be parallel, but if the keyboard is fully adjustable, you can adjust the keyboard on the 'Z' axis to match the natural angle of your inward bend -- a unique angle depending on your body frame size.
If you have wrist strain and work at a desk top -- this is GREAT. I wish laptop manufacturers would come up with something like this built-in (yes you can attach the keyboard as an external keyboard, but that doesn't help when you are using your laptop on your lap). Sigh.
-l
Aeron chairs seem to be fairly state of the art in a standard office chair. It does, as someone mentioned create problems for me when I want to sit cross legged, both feet on chair. I also always seem to adjust the armrests just so that they hit my keyboard tray, so when I want to move into the monitor closely, I can't. However. All that aside, by far the most comfortable is a non-standard chair -- a 90 degree/zero-G recliner.
It won't work with a standard monitor with you sitting nose to monitor, but it can work create with a laptop. I could also see it with a keyboard/touchpad combination and a supported LCD. I'm missing a few discs in my lower back, so it's just not stable in a sitting or standing position. But in the recliner, I can get into a fully supported position that is heaven on my back. The only draw back I've run into is the heat of a laptop, but with correct equipment support, like a supported LCD and keyboard/touch pad combo, that would be history. Oh -- another problem: you don't want to get up.
As far as cost -- think of your chair as part of your professional equipment. If you are a software professional who spends a good portion of their life in a chair -- something that supports and is good for your body is essential to your long term health.
-l
The Palm Pilot is not a computer. It wasn't
designed to be. It's a PDA. WinCE was designed
to be a computer in your palm (thus the original
name, palm PC). You can get ipaqs with 32Meg
memory, I'm told, 64K color, MP3 and video
playback and add on one of IBM's 300MB HD's that
fit in the card slot. Palm's weren't designed
with those type of resources in mind. Even my old WinCE device has more functionality -- I can type in any address in my town or in the silicon valley and it will show me a map of the area. It's limited by the 56M size that was available at the time. The thing that is a big drawback is the proprietary communications standards. If MS were to open those up, they could greatly increase their desirability...
I want to state my agreement with France's laws against hate speech. Personally, I think speech to incite violence or hatred against another group should be on par with speech to assasinate the president and planning to overthrow the government. All of those are threats to US national security -- it's a threat to Americans, it's a threat to America.
This is one area that should fall under the list of exceptions to the 'free speech'. Don't give me this "well if we do that, then we might as well censor everything else", and "who decides". The answer is simple. Speech to incite violence, hatred or intolerance of any other group of people should be *wrong*.
People often use the catch phrase "your right to swing your fist ends at my face". The problem with that view is you can't swing your fist at someone's face and not expect them to react. Once they react the chain of violence begins. Weapons are drawn and used.
Just like it's no longer considered 'free speech' to draw up a 'hit list' of people to target, hit lists or hate lists against groups of people should also be considered real threats.
Why is it not ok to target 1 person with hate speech or incentives towards violence against that person, but it is ok to target a group of people with hate speech and/or incentives towards violence? It just isn't logical.
-l
??? Who made the internet accessible? I thought that was Netscape? IE was just a late comer to the party...
I'm getting real tired of the "buy buy buy" culture when taken to this extreme. The encourage me to buy *useless* lower quality drivel and then later on allow me to by stuff they should have released in the first place.
Other examples -- Herc/Xena released on VHS then DVD. Now they are releasing whole Xena series in VHS only. What a waste of shelf space.
Another waist -- "Eyes Wide Shut". They release censored version first, then later they'll probably release a "Director's Cut" -- true to Kubrik's original vision (including full screen).
I just waited until the Eurpoean version came out and bought that. It's still small-screen format but at least it doesn't have the censoring.
Of course that requires you have regionless player, and a PAL-DVD converter, but what videophile doesn't have one of those these days? Some intelligent countried *ban* DVD-player sales that restrict play-by-region. It's censorship, plain and simple.
Besides censorship, owning a code-free DVD player and signal converter will allow you play European movies that never make it to the US. I'm interested the French language and culture, with code-free I can purchase DVD's that are only released in France. Of course it makes it challenging to follow the story line when your French is as poor as mine, but I get to practice
and often get the overall story line!
If only all of us would show *mass* intelligence and not buy the inferior products they convince us to grovel for but send a "we won't buy it" message back to the producers of this tripe -- we want the high quality stuff the first time!
-l
p.s. -- finding converters and "code-free" or "regionless" DVD players is easy via netsearch.
CAPP and LSPP are where it's at! CAPP = Controlled Access Protection Profile LSPP = Labelled Security Protection Profile Both of those are defined under the "Common Criteria". Those 2 protection profiles supercede C2 and B1 (and are supposed to be equivalent). To see the 1999 version of DoD requirements, check out http://www.rad ium.ncsc.mil/tpep/library/protection_profiles/inde x.html
Um...IRIX 4.0 was certified B1. It didn't have capabilities (priviledges)-- just root. It met DoD criteria for B1.
The biggy for B1 is MAC, not capabilities or ACL's.
-l
This is just simply untrue. B1 requirements above the C2 auditing requirement are Mandatory Access (don't even need ACL's or CAPabilities).
MAC labels can easily added to the task struct and file system checks added at the VFS level. Kernel done. Then add MAC to a file system like ext2 or use SGI's xfs when its done being ported. Instant B1 support.
Darn nay-sayers!
If we build it, they will come...:-)
Actually...it is true: a B1 certification is only good for the exact configuration it is done on. However, getting that cert. does mean that Linux can claim to 'have' B1 security, just not cert'ed. Of course anyone can claim C2 or B1 security features (i.e. Solaris) and never have been certified.
Sigh...
SGI already has B1 in 4.0. They are currently in the evaluation process for the current OS, 6.5.x.
What'cha smokin' dude? :-)
From their "Future Goals" page:
"Some day, if ever: Meet B1 security requirements. Now that MAC categories and secure delete are implemented the way has shortened, but it is not really urgent though, since Orange Book is far out of date. "
Media can be of 2 types -- multi-level or single-level. A Multi-level media supports inclusion of MAC labels. Single:not. You simply define the Sensitivity and Integrity level of the mounted tape drive (or FAT, FAT32, normal NFS, etc).
/etc/passwd unless they specifically log in with S=2 or su to S=2 (requires password again).
/etc/shadow was set to 2. Say users run at S=0. Root is permitted to run at S=2 (say highest) and S=0 (lowest). Implications:
/etc/shadow, root must relogin or su to get S=2. 'Su' to a different integrity or sensitivity level must recheck password and if the user is allowed to run at the requested levels. After root has S=2 can then read /etc/shadow in order to 'modify' it (they have to also have raised their Integrity to '2' to write to it).
/etc/shadow because of MAC policy regardless if someone get's sloppy with DAC bits.
Modeling under the Bell-LaPadula Sensitivity and Biba Integrity models (one type of MAC often used), we have a couple of rules and two groups of items: "Subjects" - things that access or do things and "Objects" things that are accessed or done to. Some things in a system can fall into both contexts depending on the situation. For example, a Subject "Process" (they do things to
objects like files) could also access another process -- the accessed process would be an 'object' as far as security checks are concerned.
So Rule 1) Subjects (S) can only write to an Object (O) if the Object is at the same sensitivity level or above (O is said to "dominate" the level of S and dominate implies >-).
Rule 2) says that Subjects can only read Objects that they dominate (their sensitivity level is >= to the object's).
Biba Integrity works the same but opposite:
Rule 3) Subject can only write to Objects if Subject's Integrity >= (dominates) the Object's.
and Rule 4) Subject can only read Objects that have equivalent or greater Integrity (integ(O)>=integ(S)).
This can be *way* useful for "normal users".
Think of this:
Root is allowed Integrity levels 0-2, default=1. All system files at integrity level 2 (both executables and data). Users and their files are set at integrity level 0. Implications:
1) Any file root creates has I=1 so normal users can't write to it unless the file is specifically downgraded. A subject can write to or create "downgraded" Integrity files, so root is permitted to write lower level integrity files, but this wouldn't be the default creation value. Even if root downgrades the file's Int., Discretionary Access Control (DAC) (i.e. permission bits) still apply.
2) Root can't write to
3) Users could read these 'public' files but couldn't write to them even if the file DAC was 0777.
3) Root couldn't execute any files not in the 'system file list'. No trojans! Only if root overrides security policy and changes the state of a file to 'trusted' (@ int=1 or 2) can it be executed as root.
Now for Sensitivity, let's imagine
In order to modify
So normal users can't see
Just these "simple" applications of MAC would not greatly inconvenience any user, but an attacker gaining root (unless they do so via the password) has limited power. This means most attacks that gain 'root-shell' via a 'bug' are still pretty limited in what they can do.
Now if you add file based capabilities, root can have even less priviledge and/or ability to do damage.
Also, remember, as I've mentioned before -- if you set MAC,S=0,I=0 for everything in the system, you get traditional Unix DAC behavior.
-l
IRIX 6.5 is currently in evaluation for B1
as well.
You said "In truth, I'd be surprised if FreeBSD wanted this in the core OS. A B1 level of security can get quite annoying in situations where security is not your paramount goal. There is a lot of extra overhead to do MAC checks and MAC intentionally sort of puts people in a prison. "
All of MAC stuff is in the core of the IRIX OS. It's just that it is only turned on when booting from specially labeled (has MAC) disk.
It doesn't get in the way but should be in the core OS so people aren't as likely to break it.
MAC also doesn't have to even be turned off for a Unix system to operate 'normally' -- not even that expensive. You set all Sensitivity labels on all users and objects at 0 and Integrity at 0, and have no divisions or categories. That's a 32+32+16 bit compare which is negligible compared to file access times. In that instance,
only discretionary access would actually be checked. Of course then you *could* decide to protect system files from tampering by making root run at an Integrity level of 1 and all system files also having Integrity level 1. Then MAC would prohibit lower level processes writing anything in the "System File Group" (Trusted Computing Base or TCB) and root couldn't execute anything that wasn't in the system group (no trojans). Add file based capabilities for executables and have root having no special privs (or few), and getting root access does you no good. But if you wanted to run as 'normal',
just have Sens=0 for everything.
You also have to have the concept of each user being placed at a "Sensitivity" level. What the NSA director writes may be TOP Secret. What their Secretary writes may be "Confidential", that joe public visitor writes would be "Unclassified". These are hierarchical levels. Someone at 'Top Secret' can automatically read anything at a lower level that is permitted by discretionary access (ACL's and unix mode bits, for example). The person logged in at 'Top Secret' can't write material, by default, at any level below their level. Persons at lower
levels cannot read anything above their level even if it's mode bits were set 0777.
Say we have los alamos lab doing "Secret" government work. All the scientists using the computer there would do all of their work at the 'secret' level. This way, 'secret chinese operative' can't leak the information to a
lower level. Even printouts are to be labeled, so theoretically they couldn't walk out of the secret facility w/a secret document (in practice physical security may be harder to enforce). Things like the camera in your watch might escape detection.
I'm not sure how you would implement such a scheme in any straightforward way using ACLS and CAP lists.
For purposes of writing compatible programs, reverse engineering of a player program is specifically allowed assuming the user lawfully obtained the program. That DeCSS removes encryption is a necessary step for a player to perform its function. The fact that someone else now provides a player for Linux isn't relevant unless the player is distributed in a form compatible with all current Linux releases and remains so in the future.
Relevent sections of the DCMA:
`(f) REVERSE ENGINEERING- (1) Notwithstanding the provisions of subsection (a)(1)(A), a person who has lawfully obtained the right to use a copy of a computer program may circumvent a technological measure that effectively controls access to a particular portion of that program for the sole purpose of identifying and analyzing those elements of the program that are necessary to achieve interoperability of an independently created computer program with other programs, and that have not previously been readily available to the person engaging in the circumvention, to the extent any such acts of identification and analysis do not constitute infringement under this title.
`(2) Notwithstanding the provisions of subsections (a)(2) and (b), a person may develop and employ technological means to circumvent a technological measure, or to circumvent protection afforded by a technological measure, in order to enable the identification and analysis under paragraph (1), or for the purpose of enabling interoperability of an independently created computer program with other programs, if such means are necessary to achieve such interoperability, to the extent that doing so does not constitute infringement under this title.
`(3) The information acquired through the acts permitted under paragraph (1), and the means permitted under paragraph (2), may be made available to others if the person referred to in paragraph (1) or (2), as the case may be, provides such information or means solely for the purpose of enabling interoperability of an independently created computer program with other programs, and to the extent that doing so does not constitute infringement under this title or violate applicable law other than this section.
`(4) For purposes of this subsection, the term `interoperability' means the ability of computer programs to exchange information, and of such programs mutually to use the information which has been exchanged.
As someone says later -- you don't exactly have the right idea on Mandatory Access Controls. Also, encryption is not considered security -- since anything that is encrypted can *eventually*
/etc/passwd, are
be unencrypted. That's not considered secure. They may not want to declassify a given datum for an indefinite (infinte) amount of time.
In IRIX B1, there are ACL's, sensitivity and
Integrity labels (following the Bell-LaPadula and
Biba models) and capabilities. BLP basically
states that information can't flow downward
So all user's run with a Label with S/I components. A user with S=Top Secret can't write into an object (file or dir) that has a rating less than "Top Secret". Lower levels are to
have append-only access to higher-sensitivity data (like an audit trail). In addition you still have the "discretionary" access of standard unix to further control info. But an owner of a file can't downgrade the file unless they are authorized (have CAP_DOWNGRADE (or something similar)). The Integrity part means user's requiring high integrity can't read lower integrity files -- so "root", let's say, only has
access to pre-approved files at some minimal level of integrity. If a user writes to a file, the resulting integrity is the lower of the two(user,file). If a user reads a file (assuming permitted), then if you allow floating user integrity, the user's integrity becomes the lower of (user's, file's). Files like
defined to be of "high integrity" and "low sensitivity" (anyone can read them). I think IRIX has a total of about 47 capabilities to manage it's B1 system. In addition to the mandatory
controls, there are also ACL's.
The B2 level also requires covert channel analysis and higher levels of proof of correctness. B1 requires only 'features' that support the B1 security model and there is documentation to show how the given feature set implements B1. There's also a B3 level -- I forget what's in that, but at the A1 level, formal mathematical proofs are required from the hardware level on up.
Each system certified at a security level C2, B1 is also tied to the particular harware configuration that it is certified on. For example, it wouldn't help to cert B1, then have the user add floppy hardware they could boot from and still expect mandatory access control (B1
cert). You can still claim B1 features in the OS, but the cert is tied to 1 exact box -- no part
number changes.
For a system to be B1 certified, it would likely have to only be certed standalone or on a private network that supports the Sens/Int labels on each TCP session and each udp packet.
When C2 says 'auditing', they are talking about
:-)
auditing "events". Some of the auditing has
to be in the kernel. For example you could
choose to audit all failed open attempts, any
suid/sgid, any login, any passwd change, etc. The
last two are not in the kernel, the former would be. Generally you'd want to write the events to an audit device buffer. On the outside of the
kernel, you have an 'auditd' that simply reads
data out of the audit device (deviced owned by
auditor, auditd runs as auditor) and writes it to some storage (disk, cdrom, tape, NFS filesystem, etc). You have audit records that talk about
"what" (subject) to "what" (object).
Each login, cronjob, atjob, remote-login (anything that is a user or runs on behalf of a user) has a unique *auditid* (conventionally = userid at login). An "su" during the session doesn't change the audit id. Audit id's are inherited across
forks, execs, threads...etc. The can only be
changed by a program with "CAP_AUDIT_CONTROL".
The audit device is only writable by programs
running with "CAP_AUDIT_WRITE". In Linux those
CAP's would currently equate to 'root' or something similar. In a file-based capability system, you could have those capabilities on certain programs that needed it (maybe on a
pam module?).
Note that on a C2 compliant system, if auditing
should "stop", the desired action is to halt
the system or bring it down to a maintenance mode.
Under some circumstances, you are allowed to lose events that are in memory but not yet written to disk (say in the event of a power failure). But this can also happen if something kills the audit deamon. Then the kernel just continues to fill up internal (non-ring) buffers with audit data until memory is exhausted. At which point the system is effectively halted (it hangs).
Obviously it would be real good for the auditd to not die or run out of space to write to.
The DMCA prohibits working around copy protection. What the Encryption is is *play* protection -- so you can only play it in authorized players in authorized locations. This is not covered by the DMCA. Furthermore, reverse engineering for the purpose of providing compatibility is specifically allowed under the DMCA, so either way, the judge is ignorant of Federal law.