Recent blog entries for rwatson

Well, life has been pretty busy since my last diary entry shortly after we launched the TrustedBSD project in April! A fair amount of progress has been made -- support for capabilities in FreeBSD, extended attributes, cleanups of the authorization code, beginnings of mandatory access control, documentation, as well as several workshops and conferences, an upcoming paper at BSDCon, et al. It has been busy. :-)

Currently in Maryland, but preparing to move back up to Massachusetts again next week. Now have an apartment in South Hadley across the street from Mt Holyoke College -- all extremely pretty, and very convenient. Coffee Shop is within wireless ethernet range, which is a godsend :-). Cable modem is in and working, but the phone company was on strike, so no phone line for another week or two. Oh well, who needs phones when you have the Internet?

Back to more of the grind: committing patches to the FreeBSD tree based on TrustedBSD improvements, and preparing to commit capabilities support to 5.0-CURRENT.

After a few days of preperation and technical review by various and sundry {FreeBSD,other} peers, launched TrustedBSD, a supporting website for the trusted OS extensions I and others have been working on for a year or so. Have minimal stuff online right now, but makes a good medium for getting decent code reviews, as well as reminding the world that although OpenBSD has an incredible code auditing team, FreeBSD also does cool security stuff--jail code, trusted extensions (ACLs, capabilities, MAC, auditing), and so on.

Jenny -- feel free to quote whatever regarding the sexism issues; this topic is an important one to me, as it's hard to ignore the low proportion of women in the technology arena in the US, as well as the declining proportion of female CS college applicants. Open discussion is presumably one of the best ways to make progress in this area.

Been a long day, and it's definitely time for bed. :-)

Two ponderings for the sexism question:

    1) Relativism and Perspective

    No one can say, ``This term is not sexist,'' they can only say, ``This term does not seem sexist to me.''

    2) The advantaged and the disadvantaged

    The person who is advantaged as a result of some societal disparity doesn't get the liberty of saying, ``Everything is better now.'' That right belongs to the disadvantaged. Which doesn't mean that the oppressed shouldn't get around to feeling less so if things have changed, it just suggests that if you are a man, you don't have the right to say to a woman, ``The world is a better place now, so get over it.''

In this context, consider the US technology sector, where there is still a dramatic disparity in terms of opportunity and participation between men and women.

On political correctness: is it really wrong to stick with ``journeyer'' rather than switch to ``journeyman'' if several people in our community have expressed explicit discomfort with such a change? :-) Let's not bash political correctness at the cost of sensitivity to the concerns of a community.

Well, continued hecticness seems to be the way of things...

Continued work on Capabilities for FreeBSD, fixing an elusive bug that resulted in a panic when init tried to shut the system down. Init now picks up the extra capabilities it requires at boot time (capability to signal processes owned by other uid's, and capability to invoke reboot()). Having this code in a more workable condition puts be in a good position to push a large pile of trusted OS extensions to FreeBSD out the door, in a continuingly RSN kind of way. Received email from others involved in trusted FreeBSD extensions including a new version of the Mandatory Access Control (MAC) support.

Sadly, the Microsoft trial has resulted in the dropping of the one charge I felt really convincing: that computer vendors were leveraged into only providing Windows as the operating system of choice. Most of the other charges, while no doubt important, are relatively subjective, and may involve tangling of legal definitions and software authorship in ways that may not make sense. Query: if Microsoft is broken up, which bits get which intellectual property? Microsoft Research has been extremely busy, these last couple of years...

Picked up some great bread from the local Bread and Circus store, which is part of the Whole Foods Market chain (may be known in some areas as Fresh Fields, etc), and had a good sandwich for lunch.

Continued work on my current pool of projects (work, moonlighting, hobby) while being taken in by a variety of April Fools jokes on the web. Had dinner at a great little vegetarian restaurant, Bellas, in Northampton, MA. Went to a 1900->2000 time capsule opening at Mt Holyoke College, where it was discovered in front of a large audience that the box was soldered shut, requiring a somewhat extended wait while appropriate tools were identified to open the box without damaging the contents. Turned out that the Mt Holyoke class of 1900 had quite a sense of humor...

FreeBSD capabilities are progressing--wrote about 10 pages worth of man pages, and cleaned up supporting libraries. Should be ready to put a version online RSN.

Haven't made much progress on extended attributes, as I'm hoping for some feedback before pushing it out the door, as it's likely to be a little more on the controversial side: the often lauded but infrequently used method of choice for file system extension in FreeBSD is layering, and I am not using it for this :-). While stacked file systems offer a number of architectural advantages, there are serious problems with the supporting infrastructure currently, although efforts are underway to correct this. However, until it's fixed, I still have work to do, so extended attributes are part of my base version of FFS. I also suspect that until FFS itself is broken into layers (namespace vs. filestore) services such as extended attributes cannot reasonably be implemented as layers, due to the issues associated with hard links, garbage collection, etc.

Work continues as usual: quite hectic with many impending deadlines, both for NAI/TIS stuff, and contract work/writing. Given the choice of falling behind or canceling commitments, I always seem to choose falling behind. Not clear that this is a healthy habit.

Currently preparing FreeBSD FFS named extended attribute support for public review and possibly committing. Extended attributes are required for my work related to adding ACLs and Capabilities to FreeBSD, as they allow the arbitrary tagging of security labels to file system objects (files, directories). I hope to get the code up in a public place for more general review this weekend, once I get a few spot reviews done. I've been running this code on some of my machines for three or four months now, and it seems fairly stable--perhaps the time is right :-).

Also preparing FreeBSD capabilities code for committing--right now the framework is finished, and some kernel access control checks have been expanded to include capability checks. However, in order for capabilities to be really useful, extended attributes are required. This is probably a few weeks away, depending on the code review process.

Have outstanding review requests on a number of people's projects, including IFS, mbuf resource starvation work, fixes to the default login.conf/dot files for users and root, and a few other things. Again, hopefully all stuff to look at this weekend.

Forecast for this weekend:
Busy, with a chance of showers. Will probably fly back to Washington, DC for NAI-related foo.

New Advogato Features

New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.

Keep up with the latest Advogato features by reading the Advogato status blog.

If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!