30 Oct 2000 mbp   » (Master)

Home with a cold. Did a bit of reading, including some of SGI's B1 for Linux patches and The Cuckoo's Egg.

It's very nice that they're releasing it, but I think there is a substantial gap between what the NSA need in a trusted computer system, and what would help the average linux sysadmin.

For example, the SGI people are suffering some angst over the requirement that all actions be traced back to a responsible person. Should actions done by the web server be charged against the user who installed it, or root, or the uid httpd, or the remote user? I think in a B1 system you'd have to make some strong and justifiable policy decision: either the user who owns the server if its primarily publishing, or the remote user if they log in and run apps through it. There are patches from law@sgi to add in a "login user id" and "session id" to try to keep track of them.

But on Unix has more fluid concepts of permissions, and I'm not sure the distinction is useful. Being able to hold accountable and court-martial the web server admin is way less useful than just being able to see what happened.

Latest blog entries     Older blog entries

New Advogato Features

New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.

Keep up with the latest Advogato features by reading the Advogato status blog.

If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!