[ Home | Articles | Account | People | Projects | FAQ ] There will be a lot of resistance -- in fact, the idea does not advance, someone has to implement it first (perhaps one of the many "security enhanced" Linux versions out there, such as the NSA's, implements this or a suitable framework for implementing SIDs at the kernel level).
Of course, filesystems too need to support SIDs.
And the old flat UID/GID system has to remain available for backwards compatibility.
In other words, processes need to have multi-component, extensible credentials. And I say they need to have an array of creds, with each thread (or clone()ed process) having an "effective" cred array index.
14 Sep 2001 (updated 14 Sep 2001 at 18:30 UTC) »
Several people, here, on the radio, on TV, in print, have been saying things like "yeah it's horrible, but the U.S. begat it -- the U.S. should change its policies," or "the U.S. has propped up despots who've killed so many and blah blah blah, maybe now they'll change."
These people are walking a fine line, rationalizing a horrible act.
They're also ignoring a lot of history.
The U.S. has done the following good deeds during the last 60 or so years:
The evils,the ones that can so be labeled anyways, so often imputed to America are nothing compared to the above. And some of the evils America has in fact committed are often ignored (e.g., the destruction of Dresden, during 1945, a city with no military value, cost: 200,000+ lives).
Don't get me wrong, I'm no moral relativist, but the good America has done far, far, far surpases the bad, and, crucially, America usually, consistently surpasses its moral problems.
The U.S. has, from time to time, done some horrible things, often in the context of war (e.g., Dresden's destruction back in 1945) or in the context of the Cold War (e.g., propping up brutal dictatorships in South America).
The crucial difference between the U.S. (or the West) and the rest of the world is not that the U.S. is morally superior, but that the U.S. surpasses ALL difficulties and challenges in its way, even and especially ones involving moral issues.
Think:
The complaints that incense me the most are about how the U.S. has supported Israel [to the presumed detriment of the Arab world], how it maintains troops in Saudi Arabia, and so on. On the first score I must say that, though Woodrow Wilson's "[ethnic/religious/racial] right to self-determination" is a morally bankrupt and horrible concept noone would today re-integrate Hungary, Austria, the Czech Republic, Slovakia, etc... into a new Austrio-Hungrarian nation and noone in their right mind would now allow hostile Palestinians and Arabs to push Israel into the sea; also, the U.S. proved in 1978 that it is ready to support all Arab world nations that make peace with Israel and has said so many times since. On the second score: American troops are guests in Saudi Arabia -- they are there to defend it and its way of life! How can anyone use this to justify or rationalize Tuesday's massacre or any terrorist act against the U.S.?????
So those of you saying the sorts of things I quoted above: SHUT THE **** UP and think some more.
And those of you who cry over the demise of the Kyoto treaty, you probably have no idea how much dirtier America's rivers were 40 years ago, or just how bad the environment then was -- America has cleaned up more than any other significant part of the world, save, possibly, Japan, which had even bigger environmental problems then. So you too SHUT THE **** UP and think some more before expressing anger over that treaty.
The IRA do not attack U.S. targets -- but they train terrorists who do. Even if they didn't train other terrorists, the IRA, like ETA, Hamas, Osama bin Laden, etc, is evil.
The IRA is the easiest target: search every house in Northern Ireland and the vicinity; take every ounce of cemtex, every gun. And let the British and Irish governments do this together. And get the unionist terrorists while we're at it.
As for the Taliban: use Russia's help and invade, or invade via Pakistan (give Pakistan no choice). Hunt down these fuckers.
The ETA, Hamas, Hezbollah, ... -- all of them must be destroyed.
And warn the Colombian guerrillas and paramilitaries that their next if they don't cool it.
Thanks a lot for your help!
Nico
In reality:
What a bunch of reckless, dangerous, young moral relativists.
Twenty years from now they'll be like the baby boomers of today who used to be the protesters of the 60s and who they emulate; they'll be the greedy make-our-granchildren-pay-for-our-retirement types.
Sigh.
So now you can use RPCSEC_GSS for NFS authentication, which means you can use any GSS mechanism for which you have a plug-in (Sun supports the old Diffie-Hellman based NIS+ system, new variations of that with longer keys and Kerberos V). Specifications for other GSS mechanisms exist; see the IETF RFC Search and the RFC draft repository (search for GSS and Generic Security Service).
Because RPCSEC_GSS does not change existing ONC RPC protocols it can be used to secure NFSv2 and NFSv3. But software changes are needed.
Solaris 2.6, 7 and 8 all support RPCSEC_GSS and secure NFS.
NFSv4 also uses RPCSEC_GSS and, as part of the NFSv4 for Linux initiative a Linux implementation of RPCSEC_GSS is already available for Linux. I haven't followed the Linux NFS situation very closely, but it might be possible to do secure NFS with Linux now or, if not now, soon.
NFSv4 probably shouldn't be called NFS anymore. It fixes all/most of the NFSv[23] problems. For example, NFSv4 is stateful (i.e., it has open/close calls), using a variation on the BSD NQNFS file leasing approach; it supports NFS proxies; NT-style ACLs; NT-style open modes; compound RPCs (one packet, multiple calls); the mount protocol goes away; etc...
One more thing, all of Sun's ONC RPC framework is available under the SISSL, IIRC a very liberal license which essentially says you can do whatever you want with the code, even modify and improve it while keeping your mods private, as long as you publish any extensions to the interfaces and reference code also under the SISSL.
Another very good book is AMOP.
I'll look into the delcare bit. Thanks!
BTW, I'm one of the few proud owners of a copy of "On Lisp", one of the best computer science books ever. The fascinating thing is that Paul Graham wrote Yahoo Shopper in Common Lisp and made millions doing it. In LISP!
I've been thinking about Lisp a lot recently.
I think Lisp could use a few small extensions. One would be to make CONS sub-classable. This would help, for example, with XML, kinda like Perl 6's [vapourware] per-scalar, per-symbol property values, but I also see much value in writing a compiler: code analysis information could be stored in new fields in the conses of an s-expression without modifying the form of the expression. Such an extension would also require an extension to dot notation so extended conses could be printed and read.
Another extension that would be nice is what I think of as "forward closures", much like Pascal or GCC local functions, which are closures that are defined only as long as the parent function instance does not exit. There is a safety issue with such forward values, of course, but the value of forward closures is that it can make continuation passing style code more efficient by not requiring heap storage for captured variables. And this (CPS) is needed to implement logic programming languages like Prolog or Icon. And I would really like to be able to program in Lisp with Icon semantics.
But this is all kinda academic... I'm not working on that sort of stuff...
lkcl: dunno who nigel is :), but why would you port Python code to C (speed?)? or think that porting python to C would be easy?
Porting python to Lisp might be easy.
See Python v(or rather i)s Lisp.
Once you're porgramming at a high-level, to go back to the low-level is hard -- a straight port would require list/hash table libraries, maybe ffcall and the like, all of which makes it pointless to go to the low-level. It would be better to just have a decently fast high level language.
Mind you, I'm not trying to evangelize. You do what you want :)
Besides, there's no ideal computer language, though Lisp gets pretty close (IMNSHO).
Cheers,
Nico
FOAF updates: Trust rankings are now exported, making the data available to other users and websites. An external FOAF URI has been added, allowing users to link to an additional FOAF file.
Keep up with the latest Advogato features by reading the Advogato status blog.
If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!