From owner-freebsd-advocacy@FreeBSD.ORG Sun Oct 26 16:49:47 2003 Return-Path: Delivered-To: freebsd-advocacy@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 16EFA16A4B3 for ; Sun, 26 Oct 2003 16:49:47 -0800 (PST) Received: from digiflux.org (43.Red-80-59-151.pooles.rima-tde.net [80.59.151.43]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6A16443FB1 for ; Sun, 26 Oct 2003 16:49:45 -0800 (PST) (envelope-from olivas@digiflux.org) Received: from digiflux.org (localhost [127.0.0.1]) by digiflux.org (8.12.9p2/8.12.9) with ESMTP id h9R0nEf5045021; Mon, 27 Oct 2003 01:49:14 +0100 (CET) (envelope-from olivas@digiflux.org) Received: (from www@localhost) by digiflux.org (8.12.9p2/8.12.9/Submit) id h9R0nDEH045020; Mon, 27 Oct 2003 01:49:13 +0100 (CET) (envelope-from olivas@digiflux.org) Date: Mon, 27 Oct 2003 01:49:13 +0100 (CET) Message-Id: <200310270049.h9R0nDEH045020@digiflux.org> X-Authentication-Warning: digiflux.org: www set sender to olivas@digiflux.org using -f To: advocacy@freebsd.org Received: from 10.0.0.150 (auth. user olivas@localhost) by digiflux.org with HTTP; Mon, 27 Oct 2003 01:49:12 +0100 X-IlohaMail-Blah: olivas@localhost X-IlohaMail-Method: mail() [mem] X-IlohaMail-Dummy: moo X-Mailer: IlohaMail/0.7.11 (On: digiflux.org) From: "Stacy Olivas" Bounce-To: "Stacy Olivas" Errors-To: "Stacy Olivas" MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable cc: warbsd@digiflux.org Subject: WarBSD 0.2-p1 released!!! X-BeenThere: freebsd-advocacy@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: FreeBSD Evangelism List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 27 Oct 2003 00:49:47 -0000 I'm happy to announce the release of WarBSD 0.2-p1!! This release updates a few of the utilities/libraries used=20 to newer versions (as well as updating to FreeBSD kernel=20 to -p18). Here is a quick list of the changes in this version: BSD-AirTools updated to 0.3 NMAP updates to 3.46 libpcap updated to 0.7.2 Added: Kismet 3.0.1 Moved the larger files from the MFS to the CDROM, with=20 symlinks in the MFS tree so they can be run. This has=20 freed up a few megs of space on the MFS for file storage.. I've also changed to screen saver to the fire saver (for now-- it looks better than the blank saver.. and you know the system is running as well. :).. Right now only the .ISO is available. I need to update the build scripts before I release the source for this version. As always, you can find out the lastest information about WarBSD at http://digiflux.org/warbsd/ You can skip all this and download it from: http://warbsd.eurisko.ws (sorry, no ftp server available from me.. try a mirror instead -- check the main page for=20 info). (I apologize now if this seems like babbling. It's been a long day and I am getting ready to call it a night). Enjoy! -Stacy From owner-freebsd-advocacy@FreeBSD.ORG Tue Oct 28 06:37:28 2003 Return-Path: Delivered-To: freebsd-advocacy@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 095B516A4CE for ; Tue, 28 Oct 2003 06:37:28 -0800 (PST) Received: from lilzmailfe01.liwest.at (lilzmailfe01.liwest.at [212.33.55.13]) by mx1.FreeBSD.org (Postfix) with ESMTP id 43A1443FD7 for ; Tue, 28 Oct 2003 06:37:27 -0800 (PST) (envelope-from dgw@liwest.at) Received: from cm58-27.liwest.at ([212.33.58.27]) by lilzmailfe01.liwest.at with esmtp (Exim 4.14) id 1AEUyL-0007TX-Gd for advocacy@freebsd.org; Tue, 28 Oct 2003 15:37:25 +0100 From: Daniela To: advocacy@freebsd.org Date: Tue, 28 Oct 2003 15:33:26 +0000 User-Agent: KMail/1.5.3 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200310281533.26611.dgw@liwest.at> Subject: Friendly and Secure Desktop Operating System X-BeenThere: freebsd-advocacy@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: FreeBSD Evangelism List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Oct 2003 14:37:28 -0000 Found this link today, I thought it might be an interesting thing to discuss: http://irccrew.org/~cras/security/friendly-secure-os.html Daniela From owner-freebsd-advocacy@FreeBSD.ORG Tue Oct 28 07:08:23 2003 Return-Path: Delivered-To: freebsd-advocacy@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 730F616A4CE for ; Tue, 28 Oct 2003 07:08:23 -0800 (PST) Received: from amsfep15-int.chello.nl (amsfep15-int.chello.nl [213.46.243.28]) by mx1.FreeBSD.org (Postfix) with ESMTP id F11A643FBF for ; Tue, 28 Oct 2003 07:08:21 -0800 (PST) (envelope-from dodell@sitetronics.com) Received: from sitetronics.com ([213.46.142.207]) by amsfep15-int.chello.nl (InterMail vM.5.01.05.17 201-253-122-126-117-20021021) with ESMTP id <20031028150820.ZZQS11138.amsfep15-int.chello.nl@sitetronics.com> for ; Tue, 28 Oct 2003 16:08:20 +0100 Message-ID: <3F9E8659.9040102@sitetronics.com> Date: Tue, 28 Oct 2003 16:08:09 +0100 From: "Devon H. O'Dell" User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.4) Gecko/20030820 X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-advocacy@freebsd.org Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: Friendly and Secure Desktop Operating System X-BeenThere: freebsd-advocacy@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: FreeBSD Evangelism List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Oct 2003 15:08:23 -0000 Daniela wrote: >Found this link today, I thought it might be an interesting thing to discuss: >http://irccrew.org/~cras/security/friendly-secure-os.html > >Daniela > > While there are some good ideas presented in this, I don't think that the author has the faintest idea of what an operating system entails. It seems that the author is confusing application security with operating system security. Who's to say that some kernel module isn't going to pop up and say "I don't access any files" and then wipe the hard drive? How does the operating system know that the application is a game and not an email client? It seems more of an application design standard -- and one that will never work. For instance, many games need to be able to save files, access the net and do low-level graphics stuff that generally requires more privileges than, say a word processor. There are operating systems that do implement this in some regard, but they're by no means in any usable form. From a developer's standpoint this sounds more like a plea to application developers to "please write secure software". Another problem is that with the 'stupid user' model that's mentioned in the article, the OS has to handle things that should be decided by the user. You get into the question of where to stop trying to save the user from him/herself and where to let the user make decisions. Again, this is a problem that *application* developers need to address, not operating system developers. Finally, a lot of the stuff that's mentioned about services that the OS should provide is actually more Operating Environment specific. An OS need only provide stuff for memory management, CPU control, device detection and usage, APIs for userland applications to interface with these devices, privileges and privilege-based systems to help determine who may actually access the devices, etc. Some of these "services" sound like they belong in the OE. For instance, the argument about making each webpage load in a separate process has several flaws. When we're writing to the video card (assuming doing direct output to 0xb8000 in text mode -- just to keep it simple) how do you define where something can be drawn? The operating system provides a couple of interfaces to the video card in text mode and they all amount to sending bits to 0xb8000 - 0xb8fa0 (forgive me if the range is incorrect). How would you say "okay, this webpage only gets the 4th line of the screen (0xb81e0 - 0xb8280)"? This is stuff that the operating system itself does not and should not handle. And without the OS letting the application actually output raw bytes to this area and letting the application determine what can draw where, there's no way to tell this. Additionally, how do you define the policies of who will be able to write in what space? While the article tries to go into the right direction, it's missing a lot of points and using enough words in the wrong place that I think the author needs to do a bit more research. I'd be interested in seeing this article come further, but it needs to really answer some of these questions. --Devon P.S. Feel free to correct my ranges for outputting to the vga video buffer if I'm wrong; it's been a good year or two since I've done this stuff. I'm assuming 0xb8000 as starting (which I know is correct), plus 80 * 25 * 2. From owner-freebsd-advocacy@FreeBSD.ORG Tue Oct 28 09:12:50 2003 Return-Path: Delivered-To: freebsd-advocacy@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 37A7B16A4CE for ; Tue, 28 Oct 2003 09:12:50 -0800 (PST) Received: from lilzmailfe02.liwest.at (lilzmailfe02.liwest.at [212.33.55.14]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6409C43FB1 for ; Tue, 28 Oct 2003 09:12:47 -0800 (PST) (envelope-from dgw@liwest.at) Received: from cm58-27.liwest.at ([212.33.58.27]) by lilzmailfe02.liwest.at with esmtp (Exim 4.14) id 1AEXOf-0002Me-8K; Tue, 28 Oct 2003 18:12:45 +0100 From: Daniela To: "Devon H. O'Dell" , freebsd-advocacy@freebsd.org Date: Tue, 28 Oct 2003 18:08:47 +0000 User-Agent: KMail/1.5.3 References: <3F9E8659.9040102@sitetronics.com> In-Reply-To: <3F9E8659.9040102@sitetronics.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200310281808.47924.dgw@liwest.at> Subject: Re: Friendly and Secure Desktop Operating System X-BeenThere: freebsd-advocacy@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: FreeBSD Evangelism List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Oct 2003 17:12:50 -0000 On Tuesday 28 October 2003 15:08, Devon H. O'Dell wrote: > Another problem is that with the 'stupid user' model that's mentioned in > the article, the OS has to handle things that should be decided by the > user. You get into the question of where to stop trying to save the user > from him/herself and where to let the user make decisions. Again, this > is a problem that *application* developers need to address, not > operating system developers. Question: What makes the user stupid? Answer: An environment that hides details and doesn't force the users to know a little bit of the thing they're working with. Call me paranoid, but I think this "over-userfriendlyness" is quite dangerous. We'll end in an environment where we don't understand anything, and a few companies control our lives. This might seem farfetched, but we are slowly walking in this direction. Think about it: No knowledge - no control. And users are accepting it. They are just lazy and want everything to be done for them, even if this means they have to give up freedom. BTW, I think this user-friendly desktop should only be an optional and easily exchangeable frontend to the "real thing". Daniela From owner-freebsd-advocacy@FreeBSD.ORG Tue Oct 28 09:43:22 2003 Return-Path: Delivered-To: freebsd-advocacy@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8291516A4CE for ; Tue, 28 Oct 2003 09:43:22 -0800 (PST) Received: from web10101.mail.yahoo.com (web10101.mail.yahoo.com [216.136.130.51]) by mx1.FreeBSD.org (Postfix) with SMTP id 0056143F75 for ; Tue, 28 Oct 2003 09:43:22 -0800 (PST) (envelope-from twigles@yahoo.com) Message-ID: <20031028174321.84152.qmail@web10101.mail.yahoo.com> Received: from [68.5.49.41] by web10101.mail.yahoo.com via HTTP; Tue, 28 Oct 2003 09:43:21 PST Date: Tue, 28 Oct 2003 09:43:21 -0800 (PST) From: twig les To: Daniela , "Devon H. O'Dell" , freebsd-advocacy@freebsd.org In-Reply-To: <200310281808.47924.dgw@liwest.at> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Subject: Re: Friendly and Secure Desktop Operating System X-BeenThere: freebsd-advocacy@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: FreeBSD Evangelism List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Oct 2003 17:43:22 -0000 > Question: What makes the user stupid? > Answer: An environment that hides details and doesn't force > the users to know > a little bit of the thing they're working with. I think you are missing a crucial piece of the puzzle. Every single person I know suffers from information overload. They are supposed to know how to check their credit, know enough about their car to not get ripped off, count calories, see through stupid politician tricks, ponder whether there is a deity, pick an HMO/PPO that doesn't suck (possible?), and do their actual jobs. If they have kids then double the work. Add to all this the myriad things I'm forgetting and then start telling people about ActiveX and you can understand why they love Windows and Mac. > Call me paranoid, but I think this "over-userfriendlyness" is > quite dangerous. > We'll end in an environment where we don't understand > anything, and a few > companies control our lives. This might seem farfetched, but > we are slowly > walking in this direction. > Think about it: No knowledge - no control. And users are > accepting it. > They are just lazy and want everything to be done for them, > even if this means > they have to give up freedom. I'm reminded of The Cuckoo's Egg when Stoll says to an attacker at the end "But I don't want to secure my computer, I trust other astronomers." Most people simply have better things to do with their time. And the "stupid" part is a logic trap. I can't stand reading poetry. Hate it. So some well-versed people could call me stupid too because I always miss the subtleties, and in a particular scope they would be right I guess. But I simply don't care about poetry. Open-source is a great way to combat the dangers of user-friendlyness since if BSD ever decided to put DRM in the OS, someone would see it fast and yell. I agree that we as a society are specializing too much, but I don't have a patch for that :). ===== ----------------------------------------------------------- Get a taste of Religion ... eat a priest! ----------------------------------------------------------- __________________________________ Do you Yahoo!? Exclusive Video Premiere - Britney Spears http://launch.yahoo.com/promos/britneyspears/ From owner-freebsd-advocacy@FreeBSD.ORG Tue Oct 28 10:51:28 2003 Return-Path: Delivered-To: freebsd-advocacy@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A5BA616A4CE for ; Tue, 28 Oct 2003 10:51:28 -0800 (PST) Received: from oma.irssi.org (ip213-185-36-189.laajakaista.mtv3.fi [213.185.36.189]) by mx1.FreeBSD.org (Postfix) with ESMTP id 893CB43F85 for ; Tue, 28 Oct 2003 10:51:27 -0800 (PST) (envelope-from tss@iki.fi) Received: from localhost.kpnqwest.fi (localhost [127.0.0.1]) by oma.irssi.org (Postfix) with ESMTP id 41E9D5C616E3 for ; Tue, 28 Oct 2003 20:51:26 +0200 (EET) From: Timo Sirainen To: freebsd-advocacy@freebsd.org Content-Type: text/plain Message-Id: <1067367085.15026.38.camel@hurina> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.4.4 Date: Tue, 28 Oct 2003 20:51:26 +0200 Content-Transfer-Encoding: 7bit Subject: Re: Friendly and Secure Desktop Operating System X-BeenThere: freebsd-advocacy@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: FreeBSD Evangelism List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Oct 2003 18:51:28 -0000 > While there are some good ideas presented in this, I don't think that > the author has the faintest idea of what an operating system entails. It > seems that the author is confusing application security with operating > system security. I think you didn't really understand what I was trying to say there. I guess the web page isn't written well enough. I did begin writing a bit better structured one with better explanations but got tired with it. By operating system I mean the whole thing, not just the kernel. You seemed to assume that all these security checks would be done by the kernel. > Who's to say that some kernel module isn't going to pop > up and say "I don't access any files" and then wipe the hard drive? Normal user most likely can't install kernel modules. I was talking about applications. But since you asked, it would be possible with microkernels since kernel modules are running in user space. Kernel would give access to hard disk only if the module says it needs it. The same goes with userspace processes. > For instance, many games need to be able to save > files, access the net and do low-level graphics stuff that generally > requires more privileges than, say a word processor. .. > For instance, the argument about making each webpage load in a separate > process has several flaws. When we're writing to the video card > (assuming doing direct output to 0xb8000 in text mode -- just to keep it > simple) how do you define where something can be drawn? The operating Games could be a bit problematic, but they still don't access the hardware directly. They use X11, OpenGL, DirectX or similiar APIs which then do the actual drawing through some display system/driver. AFAIK OpenGL and X11 SHM extension moves all the data through X server, so it's only X server process that has any direct access to video hardware. So here the security checks would be placed in the X server - a given X session would be allowed to draw only inside a specific window. So processes created by eg. clicking some executable in desktop would be allowed to change video mode and take control of the full screen to be able to run games and such. Web page processes on the other hand wouldn't have been given such privilege, they'd be restricted to only specific X window. Saving files isn't a problem - all processes would be able to save and read files they already created (but nothing else). Launcher process would decide if the files are permanent or temporary and the actual location of the files (inside the launcher process's possibly restricted view of filesystem). > Another problem is that with the 'stupid user' model that's mentioned in > the article, the OS has to handle things that should be decided by the > user. You get into the question of where to stop trying to save the user > from him/herself and where to let the user make decisions. I don't believe I said anything like that. User still has full control of the system, it's just that applications don't anymore have full control of the system without explicitly requesting such permission from user. > Finally, a lot of the stuff that's mentioned about services that the OS > should provide is actually more Operating Environment specific. An OS > need only provide stuff for memory management, CPU control, device > detection and usage, APIs for userland applications to interface with > these devices, privileges and privilege-based systems to help determine > who may actually access the devices, etc. Some of these "services" sound > like they belong in the OE. "dict 'operating system'" says to me that operating system is more than just the kernel. But if you disagree, feel free to do s/Operating System/Operating Environment/g before reading the web page :) .. It wouldn'ta actually be all that difficult to implement it. If I'd base it on top of existing UNIX kernel and X11, they'd mostly just need: - Mandatory access control in kernel (eg. systrace). Possibility for processes to give their existing privileges to other existing processes. Possibility for processes to drop privileges from itself or child processes. - X11 access control extension which would let processes to define what specified X connections are allowed to do. X server changes to enforce these restrictions. Might require changes to the X protocol itself. - Userspace applications to tie these into simple to use environment. From owner-freebsd-advocacy@FreeBSD.ORG Tue Oct 28 11:07:52 2003 Return-Path: Delivered-To: freebsd-advocacy@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D6C3B16A4DC for ; Tue, 28 Oct 2003 11:07:52 -0800 (PST) Received: from lilzmailfe02.liwest.at (lilzmailfe02.liwest.at [212.33.55.14]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9E73C43FE0 for ; Tue, 28 Oct 2003 11:07:49 -0800 (PST) (envelope-from dgw@liwest.at) Received: from cm58-27.liwest.at ([212.33.58.27]) by lilzmailfe02.liwest.at with esmtp (Exim 4.14) id 1AEZBN-0004Je-Np; Tue, 28 Oct 2003 20:07:09 +0100 From: Daniela To: twig les , "Devon H. O'Dell" , freebsd-advocacy@freebsd.org Date: Tue, 28 Oct 2003 20:03:12 +0000 User-Agent: KMail/1.5.3 References: <20031028174321.84152.qmail@web10101.mail.yahoo.com> In-Reply-To: <20031028174321.84152.qmail@web10101.mail.yahoo.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200310282003.12931.dgw@liwest.at> Subject: Re: Friendly and Secure Desktop Operating System X-BeenThere: freebsd-advocacy@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: FreeBSD Evangelism List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Oct 2003 19:07:53 -0000 On Tuesday 28 October 2003 17:43, twig les wrote: > > Question: What makes the user stupid? > > Answer: An environment that hides details and doesn't force > > the users to know > > a little bit of the thing they're working with. > > I think you are missing a crucial piece of the puzzle. Every > single person I know suffers from information overload. They > are supposed to know how to check their credit, know enough > about their car to not get ripped off, count calories, see > through stupid politician tricks, ponder whether there is a > deity, pick an HMO/PPO that doesn't suck (possible?), and do > their actual jobs. If they have kids then double the work. Add > to all this the myriad things I'm forgetting and then start > telling people about ActiveX and you can understand why they > love Windows and Mac. As I suggested, the ideal solution would be a user-friendly frontend to all the stuff, but nothing should depend on this particular frontend. Everyone should be free to replace it with something else and still get the same system services. > > Call me paranoid, but I think this "over-userfriendlyness" is > > quite dangerous. > > We'll end in an environment where we don't understand > > anything, and a few > > companies control our lives. This might seem farfetched, but > > we are slowly > > walking in this direction. > > Think about it: No knowledge - no control. And users are > > accepting it. > > They are just lazy and want everything to be done for them, > > even if this means > > they have to give up freedom. > > I'm reminded of The Cuckoo's Egg when Stoll says to an attacker > at the end "But I don't want to secure my computer, I trust > other astronomers." Most people simply have better things to do > with their time. And the "stupid" part is a logic trap. I > can't stand reading poetry. Hate it. So some well-versed > people could call me stupid too because I always miss the > subtleties, and in a particular scope they would be right I > guess. But I simply don't care about poetry. > > Open-source is a great way to combat the dangers of > user-friendlyness since if BSD ever decided to put DRM in the > OS, someone would see it fast and yell. I agree that we as a > society are specializing too much, but I don't have a patch for > that :). As a first step in the right direction, all file formats used for exchange with other people should be open source and not bound to a single company. Nobody should be forced to use a particular product (even when it doesn't have anything to do with computers). Daniela From owner-freebsd-advocacy@FreeBSD.ORG Tue Oct 28 11:13:33 2003 Return-Path: Delivered-To: freebsd-advocacy@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 16F7416A4CE for ; Tue, 28 Oct 2003 11:13:33 -0800 (PST) Received: from amsfep12-int.chello.nl (amsfep12-int.chello.nl [213.46.243.18]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5C71443FF2 for ; Tue, 28 Oct 2003 11:13:31 -0800 (PST) (envelope-from dodell@sitetronics.com) Received: from sitetronics.com ([213.46.142.207]) by amsfep12-int.chello.nl ESMTP <20031028191304.ODYM13066.amsfep12-int.chello.nl@sitetronics.com>; Tue, 28 Oct 2003 20:13:04 +0100 Message-ID: <3F9EBFB4.7040904@sitetronics.com> Date: Tue, 28 Oct 2003 20:12:52 +0100 From: "Devon H. O'Dell" User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.4) Gecko/20030820 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Timo Sirainen References: <1067367085.15026.38.camel@hurina> In-Reply-To: <1067367085.15026.38.camel@hurina> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit cc: freebsd-advocacy@freebsd.org Subject: Re: Friendly and Secure Desktop Operating System X-BeenThere: freebsd-advocacy@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: FreeBSD Evangelism List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Oct 2003 19:13:33 -0000 Hey, Timo Thanks for checking this thread. Couple of comments here :).. First I want to say that I didn't mean to come across too harshly; it's a great idea, but I think there needs to be a good bit of clarification. >I think you didn't really understand what I was trying to say there. I >guess the web page isn't written well enough. I did begin writing a bit >better structured one with better explanations but got tired with it. > >By operating system I mean the whole thing, not just the kernel. You seemed >to assume that all these security checks would be done by the kernel. > > Yeah, I did. I'm used to 'operating system checks' referring to the kernel. I'm not entirely sure where you are proposing these take place. I'd like to see this clarified. >>Who's to say that some kernel module isn't going to pop >>up and say "I don't access any files" and then wipe the hard drive? >> >> > >Normal user most likely can't install kernel modules. I was talking about >applications. > >But since you asked, it would be possible with microkernels since kernel >modules are running in user space. Kernel would give access to hard disk >only if the module says it needs it. The same goes with userspace processes. > > What happens when a module or application (virus) comes across and says "I need access to this, this, this and this". Do these get granted or not? Does a window pop up and say "hey, this is trying to access x part of the system, is this okay with you?" If so, initial configuration would be a pain in the ass; you'd get popups for every app that ran. >>For instance, many games need to be able to save >>files, access the net and do low-level graphics stuff that generally >>requires more privileges than, say a word processor. >> >> >.. > > >>For instance, the argument about making each webpage load in a separate >>process has several flaws. When we're writing to the video card >>(assuming doing direct output to 0xb8000 in text mode -- just to keep it >>simple) how do you define where something can be drawn? The operating >> >> > >Games could be a bit problematic, but they still don't access the hardware >directly. They use X11, OpenGL, DirectX or similiar APIs which then do the >actual drawing through some display system/driver. > >AFAIK OpenGL and X11 SHM extension moves all the data through X server, so >it's only X server process that has any direct access to video hardware. So >here the security checks would be placed in the X server - a given X >session would be allowed to draw only inside a specific window. > > Right, so a lot of what you're suggesting is actual application security and a set of protocols that applications could conform to. But what's to say that an application won't conform to these standards? >So processes created by eg. clicking some executable in desktop would be >allowed to change video mode and take control of the full screen to be able >to run games and such. Web page processes on the other hand wouldn't have >been given such privilege, they'd be restricted to only specific X window. > > Ah, ok, that clarifies my question a bit better :). >Saving files isn't a problem - all processes would be able to save and read >files they already created (but nothing else). Launcher process would >decide if the files are permanent or temporary and the actual location of >the files (inside the launcher process's possibly restricted view of >filesystem). > > What if I'm starting abiword and I want to do some shit with a file I made in openoffice? Do user ownerships then kick into effect? >>Another problem is that with the 'stupid user' model that's mentioned in >>the article, the OS has to handle things that should be decided by the >>user. You get into the question of where to stop trying to save the user >>from him/herself and where to let the user make decisions. >> >> > >I don't believe I said anything like that. User still has full control of >the system, it's just that applications don't anymore have full control >of the system without explicitly requesting such permission from user. > > Applications *don't* have full control of the system unless you allow them to do so. Running a process as a regular user will never allow you to access /dev/kmem for instance. And who's going to do all this work making the applications conform to this 'standard'? >>Finally, a lot of the stuff that's mentioned about services that the OS >>should provide is actually more Operating Environment specific. An OS >>need only provide stuff for memory management, CPU control, device >>detection and usage, APIs for userland applications to interface with >>these devices, privileges and privilege-based systems to help determine >>who may actually access the devices, etc. Some of these "services" sound >>like they belong in the OE. >> >> > >"dict 'operating system'" says to me that operating system is more than >just the kernel. But if you disagree, feel free to do >s/Operating System/Operating Environment/g before reading the web page :) > > Yeah sorry, I was being a bit pedantic. >.. > >It wouldn'ta actually be all that difficult to implement it. If I'd base >it on top of existing UNIX kernel and X11, they'd mostly just need: > >- Mandatory access control in kernel (eg. systrace). Possibility for >processes to give their existing privileges to other existing processes. >Possibility for processes to drop privileges from itself or child >processes. > >- X11 access control extension which would let processes to define what >specified X connections are allowed to do. X server changes to enforce >these restrictions. Might require changes to the X protocol itself. > >- Userspace applications to tie these into simple to use environment. > > It's a lot of work and it needs to be clarified on a couple of points still, but I think it's a neat idea. Except I don't think that it should try too hard to save said user from him/herself. Being TOO verbose is also not good. Neat discussion; perhaps we can continue it on a more appropriate list? --Devon From owner-freebsd-advocacy@FreeBSD.ORG Tue Oct 28 11:15:26 2003 Return-Path: Delivered-To: freebsd-advocacy@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0A61A16A4CF for ; Tue, 28 Oct 2003 11:15:26 -0800 (PST) Received: from amsfep14-int.chello.nl (amsfep14-int.chello.nl [213.46.243.22]) by mx1.FreeBSD.org (Postfix) with ESMTP id 605A143FE9 for ; Tue, 28 Oct 2003 11:15:24 -0800 (PST) (envelope-from dodell@sitetronics.com) Received: from sitetronics.com ([213.46.142.207]) by amsfep14-int.chello.nl (InterMail vM.5.01.05.17 201-253-122-126-117-20021021) with ESMTP id <20031028191511.DKBH5266.amsfep14-int.chello.nl@sitetronics.com>; Tue, 28 Oct 2003 20:15:11 +0100 Message-ID: <3F9EC030.9080102@sitetronics.com> Date: Tue, 28 Oct 2003 20:14:56 +0100 From: "Devon H. O'Dell" User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.4) Gecko/20030820 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Daniela References: <20031028174321.84152.qmail@web10101.mail.yahoo.com> <200310282003.12931.dgw@liwest.at> In-Reply-To: <200310282003.12931.dgw@liwest.at> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit cc: freebsd-advocacy@freebsd.org Subject: Re: Friendly and Secure Desktop Operating System X-BeenThere: freebsd-advocacy@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: FreeBSD Evangelism List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Oct 2003 19:15:26 -0000 >As a first step in the right direction, all file formats used for exchange >with other people should be open source and not bound to a single company. >Nobody should be forced to use a particular product (even when it doesn't >have anything to do with computers). > >Daniela > > On the converse side, without some element of monopoly somewhere, some innovations and security/safety standards can difficult to enforce. --Devon From owner-freebsd-advocacy@FreeBSD.ORG Tue Oct 28 11:30:49 2003 Return-Path: Delivered-To: freebsd-advocacy@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 94A8D16A4CF for ; Tue, 28 Oct 2003 11:30:49 -0800 (PST) Received: from zeus.acuson.com (ac17860.acuson.com [157.226.71.80]) by mx1.FreeBSD.org (Postfix) with ESMTP id 117FE43FE0 for ; Tue, 28 Oct 2003 11:30:48 -0800 (PST) (envelope-from DavidJohnson@Siemens.com) Received: from mvaexch02 ([157.226.230.209]:1484 helo=mvaexch02.acuson.com) by zeus.acuson.com with esmtp (Exim 4.14) id 1AEZYD-0005z7-3J for advocacy@freebsd.org; Tue, 28 Oct 2003 11:30:45 -0800 Received: by mvaexch02.acuson.com with Internet Mail Service (5.5.2657.72) id ; Tue, 28 Oct 2003 11:26:52 -0800 Received: from dhcp-46-145.acuson.com ([157.226.46.145]) by mvaexch01.acuson.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2657.72) id VDNM6VNK; Tue, 28 Oct 2003 11:25:59 -0800 From: Johnson David To: advocacy@freebsd.org Organization: Siemens Medical Systems Date: Tue, 28 Oct 2003 11:29:10 -0800 User-Agent: KMail/1.5.4 References: <200310281533.26611.dgw@liwest.at> In-Reply-To: <200310281533.26611.dgw@liwest.at> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200310281129.10669.DavidJohnson@Siemens.com> X-Scanner: exiscan for exim4 (http://duncanthrax.net/exiscan/) *1AEZYD-0005z7-3J*euiWBaPHYZw* Subject: Re: Friendly and Secure Desktop Operating System X-BeenThere: freebsd-advocacy@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: FreeBSD Evangelism List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Oct 2003 19:30:49 -0000 On Tuesday 28 October 2003 07:33 am, Daniela wrote: > Found this link today, I thought it might be an interesting thing to > discuss: http://irccrew.org/~cras/security/friendly-secure-os.html "Disclaimer: I haven't done any research on this area." Oh wonderful! This guy doesn't even know the problem domain, yet he's throwing out solutions. I'm currently reading "Secure Coding", because at least I know enough to know that I don't know very much. This book should be required reading for anyone working with software, from requirements analysis to QA, and everyone in between. One of the points I've gotten out of the book is that some of the worst security problems arise not from coding, but from architecture and design. What he's talking about in his article is design. Just like bugs, the earlier they're introduced in the development process, the worse they are. The reason that security problems introduced during design are so bad, is that they're based on erroneous or incomplete assumptions, around which everything else is organized. Most of these assumptions seem quite sensible to most people. Here's one from the book, "When a TCP packet has the SYN bit set, it means that the sender wants to establish a connection". This assumption was at the heart of the SYN-ACK DoS attacks of a few years ago. Here's a classic mis-assumption of his: "What you'd need to be able to run any software securely is to run it in a complete sandbox." Although this isn't a bad idea, is completely ignores a whole class of security issues, namely, denial of service. Here's another: "Word Processors... No privileges needed." Those who ignore the lessons of history are doomed to repeat them. And a really bad one from his discussion: "Also note that I believe it would be possible to implement this in relatively short time on top of some existing UNIX system and maybe KDE or GNOME as the user interface." Security is not something that gets slapped on as an afterthought. To sum this up, I think this author needs to stop pontificating, and start educating himself in the problem domain. No operating system was ever designed to be explicitly insecure. Not even Windows. He needs to learn from the mistakes of others, before he starts advocating mistakes of his own. p.s. Not all of his proposals are bad. Heck, most of them are good. But I would very like to see how he would rewrite his article after doing some research in this area. David From owner-freebsd-advocacy@FreeBSD.ORG Tue Oct 28 11:52:36 2003 Return-Path: Delivered-To: freebsd-advocacy@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 138CE16A4D7 for ; Tue, 28 Oct 2003 11:52:36 -0800 (PST) Received: from lilzmailfe02.liwest.at (lilzmailfe02.liwest.at [212.33.55.14]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0993C43FE9 for ; Tue, 28 Oct 2003 11:52:35 -0800 (PST) (envelope-from dgw@liwest.at) Received: from cm58-27.liwest.at ([212.33.58.27]) by lilzmailfe02.liwest.at with esmtp (Exim 4.14) id 1AEZtD-0007Kq-Nx; Tue, 28 Oct 2003 20:52:27 +0100 From: Daniela To: "Devon H. O'Dell" Date: Tue, 28 Oct 2003 20:48:31 +0000 User-Agent: KMail/1.5.3 References: <20031028174321.84152.qmail@web10101.mail.yahoo.com> <200310282003.12931.dgw@liwest.at> <3F9EC030.9080102@sitetronics.com> In-Reply-To: <3F9EC030.9080102@sitetronics.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200310282048.31613.dgw@liwest.at> cc: freebsd-advocacy@freebsd.org Subject: Re: Friendly and Secure Desktop Operating System X-BeenThere: freebsd-advocacy@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: FreeBSD Evangelism List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Oct 2003 19:52:36 -0000 On Tuesday 28 October 2003 19:14, Devon H. O'Dell wrote: > >As a first step in the right direction, all file formats used for exchange > >with other people should be open source and not bound to a single company. > >Nobody should be forced to use a particular product (even when it doesn't > >have anything to do with computers). > > > >Daniela > > On the converse side, without some element of monopoly somewhere, some > innovations and security/safety standards can difficult to enforce. For [security] standards we have the numerous open organizations out there, and they're doing a great job. Just think of W3C. If Micro$oft would stop putting lots of nonstandard "features" into their Internet Exploiter, I'd say the HTML, XML, ... file formats will last forever (in terms of computer technology), and everyone would be happy with it. Monopoly has very small benefits compared to the danger it brings. Daniela From owner-freebsd-advocacy@FreeBSD.ORG Tue Oct 28 12:20:48 2003 Return-Path: Delivered-To: freebsd-advocacy@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9C5D416A4CE for ; Tue, 28 Oct 2003 12:20:48 -0800 (PST) Received: from oma.irssi.org (ip213-185-36-189.laajakaista.mtv3.fi [213.185.36.189]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4DAD443FF9 for ; Tue, 28 Oct 2003 12:20:47 -0800 (PST) (envelope-from tss@iki.fi) Received: from localhost.kpnqwest.fi (localhost [127.0.0.1]) by oma.irssi.org (Postfix) with ESMTP id 4A1C45C616E3; Tue, 28 Oct 2003 22:20:46 +0200 (EET) From: Timo Sirainen To: "Devon H. O'Dell" In-Reply-To: <3F9EBFB4.7040904@sitetronics.com> References: <1067367085.15026.38.camel@hurina> <3F9EBFB4.7040904@sitetronics.com> Content-Type: text/plain Message-Id: <1067372446.15029.97.camel@hurina> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.4.4 Date: Tue, 28 Oct 2003 22:20:46 +0200 Content-Transfer-Encoding: 7bit cc: freebsd-advocacy@freebsd.org Subject: Re: Friendly and Secure Desktop Operating System X-BeenThere: freebsd-advocacy@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: FreeBSD Evangelism List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Oct 2003 20:20:48 -0000 On Tue, 2003-10-28 at 21:12, Devon H. O'Dell wrote: > What happens when a module or application (virus) comes across and says > "I need access to this, this, this and this". Do these get granted or > not? Does a window pop up and say "hey, this is trying to access x part > of the system, is this okay with you?" If so, initial configuration > would be a pain in the ass; you'd get popups for every app that ran. That is the potentially difficult part to get secure while still being user friendly. It would need a popup on installation which would have a list of what potentially dangerous privileges application needs. But like you said, it would be painful if it was asked all the time. So the system should be designed in a way that 99% of software doesn't require any special privileges. I believe it's possible - most software don't really require anything all that special (see the examples section at the bottom of the web page). > >AFAIK OpenGL and X11 SHM extension moves all the data through X server, so > >it's only X server process that has any direct access to video hardware. So > >here the security checks would be placed in the X server - a given X > >session would be allowed to draw only inside a specific window. > > > Right, so a lot of what you're suggesting is actual application security > and a set of protocols that applications could conform to. But what's to > say that an application won't conform to these standards? Kernel and all server processes. Application simply isn't allowed to do anything bad. For example if application is restricted to only one X window and it tries to create new one, the call will simply fail. If application tries to open/create files outside it's sandbox, the syscall returns with EACCES. etc. > >Saving files isn't a problem - all processes would be able to save and read > >files they already created (but nothing else). Launcher process would > >decide if the files are permanent or temporary and the actual location of > >the files (inside the launcher process's possibly restricted view of > >filesystem). > > > > > What if I'm starting abiword and I want to do some shit with a file I > made in openoffice? Do user ownerships then kick into effect? That's the problem I intended to solve using "Operating system services" and the "open/save file service". Applications by default can't access any files that it didn't create itself. When you want to access other files, you'd ask the open/save file service to pop up a window requesting user to specify which files the application is given access to. So the open file dialog wouldn't be displayed by openoffice but the open/save file service. Once you select the files, the service gives openoffice access to the selected files. I think this is the most important thing in the whole OS idea. Pretty much the only application needing access to all files is the file manager (or /bin/sh). Viruses aren't possible simply because no software you run can modify any existing files without explicitly requesting it. And you don't get any annoying popup requests about giving access to file /foo/bar because you already granted that permission in the open file dialog. This is how I hope most of the commonly needed security checks could be done, but I'm not sure if it applies much elsewhere. It might be possible to create "connect to network service" which would display a dialog where you could enter host name and port and after clicking OK the application could connect to only that host/port, but that doesn't probably work very nicely with user interfaces. Another similiar idea I thought of was with links in HTML email message: To prevent any email worms from working you'd create a separate highly restricted process to display the email. The process would have access to limited area in mail client's window to render the message. It wouldn't have access to network so spammers can't create emails that call home. For the same reason it shouldn't have ability to invoke other programs (like "mozilla http://www.evilspammer.com/email=foo@bar.org"). Now with HTML mails, how exactly would you allow user to click on an URL? Only the renderer process knows where the links are, but it can't launch applications to process them. One kind of workable solution would be to allow the renderer process to launch applications but only when user has clicked mouse button inside the window. That at least prevents email from doing anything automatically. Better solution would be to let the renderer process specify screen regions which contain URLs and what the URLs are. Then the parent process would do the actual launching. The URL would be displayed in application's status bar so user could look at it before actually launching it. Again no need for extra popup window which requests permission to launch web browser. > >I don't believe I said anything like that. User still has full control of > >the system, it's just that applications don't anymore have full control > >of the system without explicitly requesting such permission from user. > > > Applications *don't* have full control of the system unless you allow > them to do so. Running a process as a regular user will never allow you > to access /dev/kmem for instance. Even running as non-root applications still have way too much control over your system. They can do anything with files you own. > And who's going to do all this work > making the applications conform to this 'standard'? Most applications wouldn't need hardly any changes. If you change GNOME/GTK and KDE/Qt libraries' open and save file dialogs to use the open/save file service, you could probably run most of the GNOME/KDE applications without any changes. You could give each of the applications a virtual filesystem where they could create their files but the actual files would always be created inside eg. ~/.application-name/ directory. That'd need a bit of thinking though since you can of course have two identically named binaries in different directories. Anyway, the point is that most of this could be done by changing a few widely used libraries. Existing web browsers and email clients could work just the same, but to get per-web page and per-email protection they would need larger changes. > It's a lot of work and it needs to be clarified on a couple of points > still, but I think it's a neat idea. Except I don't think that it should > try too hard to save said user from him/herself. Being TOO verbose is > also not good. Exactly. It should do as much as possible quietly without getting on the way. > Neat discussion; perhaps we can continue it on a more appropriate list? Any suggestions? From owner-freebsd-advocacy@FreeBSD.ORG Tue Oct 28 12:52:42 2003 Return-Path: Delivered-To: freebsd-advocacy@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 50FE016A4D0 for ; Tue, 28 Oct 2003 12:52:42 -0800 (PST) Received: from oma.irssi.org (ip213-185-36-189.laajakaista.mtv3.fi [213.185.36.189]) by mx1.FreeBSD.org (Postfix) with ESMTP id 11C9B43FE3 for ; Tue, 28 Oct 2003 12:52:41 -0800 (PST) (envelope-from tss@iki.fi) Received: from localhost.kpnqwest.fi (localhost [127.0.0.1]) by oma.irssi.org (Postfix) with ESMTP id 009055C616E3; Tue, 28 Oct 2003 22:52:39 +0200 (EET) From: Timo Sirainen To: Johnson David In-Reply-To: <200310281129.10669.DavidJohnson@Siemens.com> References: <200310281533.26611.dgw@liwest.at> <200310281129.10669.DavidJohnson@Siemens.com> Content-Type: text/plain Message-Id: <1067374359.15026.126.camel@hurina> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.4.4 Date: Tue, 28 Oct 2003 22:52:39 +0200 Content-Transfer-Encoding: 7bit cc: advocacy@freebsd.org Subject: Re: Friendly and Secure Desktop Operating System X-BeenThere: freebsd-advocacy@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: FreeBSD Evangelism List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Oct 2003 20:52:42 -0000 On Tue, 2003-10-28 at 21:29, Johnson David wrote: > On Tuesday 28 October 2003 07:33 am, Daniela wrote: > > Found this link today, I thought it might be an interesting thing to > > discuss: http://irccrew.org/~cras/security/friendly-secure-os.html > > "Disclaimer: I haven't done any research on this area." > > Oh wonderful! This guy doesn't even know the problem domain, yet he's > throwing out solutions. That mostly means that I haven't tried to find existing similiar papers or designs. It doesn't mean I don't know anything about it. That page is mostly just a few thoughts on the subject, enough to get other people understand the idea (which seems to have failed) and get interested enough about implementing it. I believe I would be capable of fully designing and implementing it myself, but I just don't have time. > Here's a classic mis-assumption of his: "What you'd need to be able to > run any software securely is to run it in a complete sandbox." Although > this isn't a bad idea, is completely ignores a whole class of security > issues, namely, denial of service. Well .. I don't actually believe DoS to be much of a security problem in desktop systems. If everything else fails, you reboot the computer. So what? While you're doing something important, don't go running random untrusted software. Of course it's better to try to prevent them, but I don't think it's really possible without getting on the way of user. Sure, you could say that processes by default shouldn't eat more than 100MB of memory, but what happens when you're modifying a huge document and want to save it and process goes over the 100MB limit? You'll kill the word processor and lose your changes? fork() limit would be somewhat more reasonable, but that could be problematic too. Anyway, in my started rewrite of the document I did include a bit better description: Threats ------- Operating system MUST prevent malicious software from: - Modifying or erasing sensitive data - Transferring sensitive data out of your system - Affecting other software in any way Operating system SHOULD TRY to prevent malicious software from: - Using your system as a proxy to send attacks - Using your processing power or other resources for unintended purposes I don't believe there's any simple universal solution for the last two. Solution -------- Basically: - Sandboxing - Privilege separation - Using minimal required privileges - Making it difficult for user to shoot himself in foot by making it clear when he's doing potentially harmful things - Designing the system in a way that security warnings are a rarely occuring exception and user is actually required to pay some attention to them. - Make it clear when software is running to detect software that tries to leave itself running in background and consume your system resources after the visible part of it is gone. > Here's another: "Word Processors... No privileges needed." Those who > ignore the lessons of history are doomed to repeat them. Oh? What privileges does it need then? My idea of a word processor is that it should be able to read and write document files with it, nothing else. I already described the open/save file service for that. > And a really bad one from his discussion: "Also note that I believe it > would be possible to implement this in relatively short time on top of > some existing UNIX system and maybe KDE or GNOME as the user > interface." Security is not something that gets slapped on as an > afterthought. If you design the base secure, you should be able to run anything on top of it securely. Kernel and windowing system changes are critical. The base user interface is also critical to get working right. The actual applications that are run can be the same old ones since it's the kernel and windowing system that forces them to behave nicely. > I would very like to see how he would rewrite his article after doing > some research in this area. Like I said, I don't have time. I just wanted to give a few ideas to other people and hope they'd implement it. Of course, if I got actually paid to do that, I would suddenly have enough time :) From owner-freebsd-advocacy@FreeBSD.ORG Tue Oct 28 13:00:55 2003 Return-Path: Delivered-To: freebsd-advocacy@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 45DDC16A4CE for ; Tue, 28 Oct 2003 13:00:55 -0800 (PST) Received: from lilzmailfe01.liwest.at (lilzmailfe01.liwest.at [212.33.55.13]) by mx1.FreeBSD.org (Postfix) with ESMTP id 68C4D43FDF for ; Tue, 28 Oct 2003 13:00:54 -0800 (PST) (envelope-from dgw@liwest.at) Received: from cm58-27.liwest.at ([212.33.58.27]) by lilzmailfe01.liwest.at with esmtp (Exim 4.14) id 1AEZvq-0000i0-Fm; Tue, 28 Oct 2003 20:55:10 +0100 From: Daniela To: "Devon H. O'Dell" , Timo Sirainen Date: Tue, 28 Oct 2003 20:51:10 +0000 User-Agent: KMail/1.5.3 References: <1067367085.15026.38.camel@hurina> <3F9EBFB4.7040904@sitetronics.com> In-Reply-To: <3F9EBFB4.7040904@sitetronics.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200310282051.10919.dgw@liwest.at> cc: freebsd-advocacy@freebsd.org Subject: Re: Friendly and Secure Desktop Operating System X-BeenThere: freebsd-advocacy@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: FreeBSD Evangelism List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Oct 2003 21:00:55 -0000 On Tuesday 28 October 2003 19:12, Devon H. O'Dell wrote: > Neat discussion; perhaps we can continue it on a more appropriate list? What would be the most appropriate list for this? From owner-freebsd-advocacy@FreeBSD.ORG Tue Oct 28 13:58:23 2003 Return-Path: Delivered-To: freebsd-advocacy@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 14A6316A4CF for ; Tue, 28 Oct 2003 13:58:23 -0800 (PST) Received: from zeus.acuson.com (ac17860.acuson.com [157.226.71.80]) by mx1.FreeBSD.org (Postfix) with ESMTP id C2B3643FD7 for ; Tue, 28 Oct 2003 13:58:21 -0800 (PST) (envelope-from DavidJohnson@Siemens.com) Received: from mvaexch02 ([157.226.230.209]:2495 helo=mvaexch02.acuson.com) by zeus.acuson.com with esmtp (Exim 4.14) id 1AEbqy-0000dz-4G; Tue, 28 Oct 2003 13:58:16 -0800 Received: by mvaexch02.acuson.com with Internet Mail Service (5.5.2657.72) id ; Tue, 28 Oct 2003 13:54:23 -0800 Received: from dhcp-46-145.acuson.com ([157.226.46.145]) by mvaexch01.acuson.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2657.72) id VDNM6X6L; Tue, 28 Oct 2003 13:53:25 -0800 From: Johnson David To: Timo Sirainen Organization: Siemens Medical Systems Date: Tue, 28 Oct 2003 13:56:37 -0800 User-Agent: KMail/1.5.4 References: <200310281533.26611.dgw@liwest.at> <200310281129.10669.DavidJohnson@Siemens.com> <1067374359.15026.126.camel@hurina> In-Reply-To: <1067374359.15026.126.camel@hurina> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200310281356.37268.DavidJohnson@Siemens.com> X-Scanner: exiscan for exim4 (http://duncanthrax.net/exiscan/) *1AEbqy-0000dz-4G*UIXVxeMYzNg* cc: advocacy@freebsd.org Subject: Re: Friendly and Secure Desktop Operating System X-BeenThere: freebsd-advocacy@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: FreeBSD Evangelism List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Oct 2003 21:58:23 -0000 On Tuesday 28 October 2003 12:52 pm, Timo Sirainen wrote: > Well .. I don't actually believe DoS to be much of a security problem > in desktop systems. This does happen to be a FreeBSD list. I'm using it on my workstation and home desktop. I've installed it as a server in a lab. My coworker runs his website off of it. I know other people who run their websites off the the same system they use for a desktop. The problem with modern operating systems is that they are general purpose, and can be used in a variety of situations. > Of course it's better to try to prevent them, but I don't think it's > really possible without getting on the way of user. All security gets in the way of the user. A friend of mine tried Linux then went back to Windows because he found the concept of having to log in very inconvenient. The trick is to balance the inconvenience of the user with the security of the system. That means you can't have a perfectly secure system which will usable. You have to make some tradeoffs. It's hard deciding what to give up. > Operating system MUST prevent malicious software from: > > - Modifying or erasing sensitive data > - Transferring sensitive data out of your system > - Affecting other software in any way How do you know it's "malicious" software? Crack that problem and the Nobel Prize for Computing is yours! Is the software writing to the first sector of a drive malicious, or merely a utility being run by the administrator to prepare a partition for dual boot? > > Here's another: "Word Processors... No privileges needed." Those > > who ignore the lessons of history are doomed to repeat them. > > Oh? What privileges does it need then? My idea of a word processor is > that it should be able to read and write document files with it, > nothing else. I already described the open/save file service for > that. I was thinking of two things. First, a whole slew of MSWord exploits. Second, an observation made by JZW (I think) that says all software expands until it eventually becomes a mail client. Implicitly trusting a class of applications just because they are word processors is dangerous. The problem is that your idea of a word processor might not be universal. Have to run now. But go grab the book "Secure Coding", published by OReilly. It's a new one. Well worth it. David From owner-freebsd-advocacy@FreeBSD.ORG Tue Oct 28 15:06:22 2003 Return-Path: Delivered-To: freebsd-advocacy@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6034116A4CE for ; Tue, 28 Oct 2003 15:06:22 -0800 (PST) Received: from oma.irssi.org (ip213-185-36-189.laajakaista.mtv3.fi [213.185.36.189]) by mx1.FreeBSD.org (Postfix) with ESMTP id 24C2B43FAF for ; Tue, 28 Oct 2003 15:06:21 -0800 (PST) (envelope-from tss@iki.fi) Received: from localhost.kpnqwest.fi (localhost [127.0.0.1]) by oma.irssi.org (Postfix) with ESMTP id 0CAC25C616E3; Wed, 29 Oct 2003 01:06:20 +0200 (EET) From: Timo Sirainen To: Johnson David In-Reply-To: <200310281356.37268.DavidJohnson@Siemens.com> References: <200310281533.26611.dgw@liwest.at> <200310281129.10669.DavidJohnson@Siemens.com> <1067374359.15026.126.camel@hurina> <200310281356.37268.DavidJohnson@Siemens.com> Content-Type: text/plain Message-Id: <1067382379.15032.192.camel@hurina> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.4.4 Date: Wed, 29 Oct 2003 01:06:19 +0200 Content-Transfer-Encoding: 7bit cc: advocacy@freebsd.org Subject: Re: Friendly and Secure Desktop Operating System X-BeenThere: freebsd-advocacy@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: FreeBSD Evangelism List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Oct 2003 23:06:22 -0000 On Tue, 2003-10-28 at 23:56, Johnson David wrote: > > Of course it's better to try to prevent them, but I don't think it's > > really possible without getting on the way of user. > > All security gets in the way of the user. No it doesn't. I've given a few examples already (open/save service especially) and there's a few more examples below. If you accept that it doesn't need to, my ideas would make more sense to you. > The trick is to balance the inconvenience of the user with the security > of the system. That means you can't have a perfectly secure system > which will usable. You have to make some tradeoffs. It's hard deciding > what to give up. Sure, there has to be some tradeoffs, but I think it's possible to make a desktop system which works securely _for most people_ without any user inconvenience 99% (or more) of the time. That's what I'd like to get people to believe in. The web page gives some ideas and examples why I believe it's possible, but if they're not enough to convince you, the purpose of the page has failed and none of the few ideas really matter. Once you believe that such system would be possible, it's just a matter of thinking all the details. Do you have any specific reasons to believe why it would not be possible? > > Operating system MUST prevent malicious software from: > > > > - Modifying or erasing sensitive data > > - Transferring sensitive data out of your system > > - Affecting other software in any way > > How do you know it's "malicious" software? All software by default is potentially malicious and OS should treat it as such. > Is the software writing to the > first sector of a drive malicious, or merely a utility being run by the > administrator to prepare a partition for dual boot? When installing the software, it would request access for the raw hard disk device. Yes, that's an inconvenience to user who wants to do it. Does such user belong to "most of the users" category? No. How often would you install such software and be required to answer to the privilege request? Few times at most. I'm sure you can think of several peculiar software requiring extra privileges, but can you think of a single such software that's actually used by considerable percentage of people? Networking is the only problematic area I can think of. > > > Here's another: "Word Processors... No privileges needed." Those > > > who ignore the lessons of history are doomed to repeat them. > > > > Oh? What privileges does it need then? My idea of a word processor is > > that it should be able to read and write document files with it, > > nothing else. I already described the open/save file service for > > that. > > I was thinking of two things. First, a whole slew of MSWord exploits. Word processor could run each document in separate protected process. Macro worms and such wouldn't be possible since the worm could affect only the document itself. Anyway, that's not an extra privilege. Even given a word processor not capable of that, exploits couldn't touch more than the files that are already opened. That's considerably better security than currently, available to you with no tradeoffs between security and ease of use. > Second, an observation made by JZW (I think) that says all software > expands until it eventually becomes a mail client. Well, mail client was the only one in my list that actually required some privileges. Anyway, I don't think this is a very good point. One piece of software doesn't have to do everything. It can ask other software to do things if it really wants to and still be secure. For example if word processor wants to have "send this document as email" functionality, it can just as well prepare the mail and ask primary e-mail client to send it (which would pop up the mail compose window asking for destination address - again security without user inconvenience). I'm not saying that it would be possible to run all existing software securely with such OS, just that it would be possible to design such OS and create quite easily software which would run securely without bothering user with security stuff, and such software could quite easily be created by modifying existing software. > Implicitly trusting > a class of applications just because they are word processors is > dangerous. Right, that's what I've been saying all along. Don't trust any application - make it possible to run them securely without bothering user about it unless absolutely needed. From owner-freebsd-advocacy@FreeBSD.ORG Tue Oct 28 22:02:41 2003 Return-Path: Delivered-To: freebsd-advocacy@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AF41616A4CE for ; Tue, 28 Oct 2003 22:02:41 -0800 (PST) Received: from firecrest.mail.pas.earthlink.net (firecrest.mail.pas.earthlink.net [207.217.121.247]) by mx1.FreeBSD.org (Postfix) with ESMTP id D7C9543FB1 for ; Tue, 28 Oct 2003 22:02:36 -0800 (PST) (envelope-from tlambert2@mindspring.com) Received: from user-38ldvac.dialup.mindspring.com ([209.86.253.76] helo=mindspring.com) by firecrest.mail.pas.earthlink.net with asmtp (SSLv3:RC4-MD5:128) (Exim 3.33 #1) id 1AEjPc-0000a9-00; Tue, 28 Oct 2003 22:02:32 -0800 Message-ID: <3F9F57CC.C172DCCF@mindspring.com> Date: Tue, 28 Oct 2003 22:01:48 -0800 From: Terry Lambert X-Mailer: Mozilla 4.79 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: Timo Sirainen References: <1067367085.15026.38.camel@hurina> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-ELNK-Trace: b1a02af9316fbb217a47c185c03b154d40683398e744b8a448f0723a019bc184b47ce02c2485fe94350badd9bab72f9c350badd9bab72f9c350badd9bab72f9c cc: freebsd-advocacy@freebsd.org Subject: Re: Friendly and Secure Desktop Operating System X-BeenThere: freebsd-advocacy@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: FreeBSD Evangelism List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 Oct 2003 06:02:41 -0000 Timo Sirainen wrote: [ ... ] http://zesty.ca/capmyths/usenix.pdf http://www.cap-lore.com/CapTheory/. http://discuss.foresight.org/~foresight/CSFactForum.html http://www.eros-os.org/ -- Terry From owner-freebsd-advocacy@FreeBSD.ORG Tue Oct 28 22:16:19 2003 Return-Path: Delivered-To: freebsd-advocacy@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2719C16A4CE for ; Tue, 28 Oct 2003 22:16:19 -0800 (PST) Received: from firecrest.mail.pas.earthlink.net (firecrest.mail.pas.earthlink.net [207.217.121.247]) by mx1.FreeBSD.org (Postfix) with ESMTP id 641F843F75 for ; Tue, 28 Oct 2003 22:16:18 -0800 (PST) (envelope-from tlambert2@mindspring.com) Received: from user-38ldvac.dialup.mindspring.com ([209.86.253.76] helo=mindspring.com) by firecrest.mail.pas.earthlink.net with asmtp (SSLv3:RC4-MD5:128) (Exim 3.33 #1) id 1AEjcG-0002SM-00; Tue, 28 Oct 2003 22:15:36 -0800 Message-ID: <3F9F5ADB.AE6E245A@mindspring.com> Date: Tue, 28 Oct 2003 22:14:51 -0800 From: Terry Lambert X-Mailer: Mozilla 4.79 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: Timo Sirainen References: <1067367085.15026.38.camel@hurina> <1067372446.15029.97.camel@hurina> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-ELNK-Trace: b1a02af9316fbb217a47c185c03b154d40683398e744b8a42088f1393a4e6ba7e571e084503de266350badd9bab72f9c350badd9bab72f9c350badd9bab72f9c cc: freebsd-advocacy@freebsd.org Subject: Re: Friendly and Secure Desktop Operating System X-BeenThere: freebsd-advocacy@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: FreeBSD Evangelism List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 Oct 2003 06:16:19 -0000 Timo Sirainen wrote: > That is the potentially difficult part to get secure while still being > user friendly. Actually, the potentially difficult part is booting. In order to boot, you have to have an initial delegation of all authority to something that is allowed to redelegate it to other parts of the system, applications, etc.. It also has to be the intermediary to delegating the authority to the user who you are trusting to tell you whether or not you are allowed to delegate authority to arbitrary programs. Short of building a serial number into each processor, and making it an unpriviledged, untrappable machine instruction to obtain the serial number from the processor and then use it to be able to cryptographically implement (without having to actually trust the kernel you are running on, authentication, authorization, and non-repudiation (this last one is the stumbling block for privacy advocates and the love-child of the RIAA and MPAA), there's really no way to accomplish any of this reliably. -- Terry From owner-freebsd-advocacy@FreeBSD.ORG Wed Oct 29 17:01:10 2003 Return-Path: Delivered-To: freebsd-advocacy@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 015AB16A4CE for ; Wed, 29 Oct 2003 17:01:10 -0800 (PST) Received: from vsmtp4.tin.it (vsmtp4.tin.it [212.216.176.224]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2212D43FD7 for ; Wed, 29 Oct 2003 17:01:09 -0800 (PST) (envelope-from victorvittorivonwiktow@interfree.it) Received: from workstation (212.171.174.253) by vsmtp4.tin.it (7.0.019) id 3F8C844B008991CB for freebsd-advocacy@freebsd.org; Thu, 30 Oct 2003 02:01:07 +0100 Message-ID: <003301c39e81$4d0f8b60$fdaeabd4@workstation> From: ".VWV." To: Date: Thu, 30 Oct 2003 02:01:06 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Subject: stop the desktops' upgrades X-BeenThere: freebsd-advocacy@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: FreeBSD Evangelism List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 30 Oct 2003 01:01:10 -0000 Hello to all. I'm happy for the new release. Otherwise, in my opinion it is necessary to stop this unuseful adoption of the endless upgrades of KDE and GNOME monsters. They still are much better than WIN. There is no stable standard for applications' developers, under such environments. After the failure of Motif, I always suggest the adoption of the stable Tcl/Tk for the most important projects. It is necessary a bit of 'peace'. ¡Stop upgrading, keep a working desktop - stop the fashion system! With my best regards VITTORI From owner-freebsd-advocacy@FreeBSD.ORG Wed Oct 29 17:12:07 2003 Return-Path: Delivered-To: freebsd-advocacy@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2B69316A4CE for ; Wed, 29 Oct 2003 17:12:07 -0800 (PST) Received: from fubar.adept.org (fubar.adept.org [63.147.172.249]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9706243FDD for ; Wed, 29 Oct 2003 17:12:04 -0800 (PST) (envelope-from mike@adept.org) Received: by fubar.adept.org (Postfix, from userid 1001) id 3F80615227; Wed, 29 Oct 2003 17:12:04 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by fubar.adept.org (Postfix) with ESMTP id 3A5FD15226 for ; Wed, 29 Oct 2003 17:12:04 -0800 (PST) Date: Wed, 29 Oct 2003 17:12:04 -0800 (PST) From: Mike Hoskins To: advocacy@freebsd.org In-Reply-To: <003301c39e81$4d0f8b60$fdaeabd4@workstation> Message-ID: <20031029170708.T6952@fubar.adept.org> References: <003301c39e81$4d0f8b60$fdaeabd4@workstation> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=Windows-1252 Content-Transfer-Encoding: QUOTED-PRINTABLE Subject: Re: stop the desktops' upgrades X-BeenThere: freebsd-advocacy@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: FreeBSD Evangelism List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 30 Oct 2003 01:12:07 -0000 On Thu, 30 Oct 2003, .VWV. wrote: > I'm happy for the new release. me too. :) i've done a few 5.1 installs now. (working on turning the last one into a "howto", not that it's difficult, but for any leary of making the jump...) > Otherwise, in my opinion it is necessary to stop this unuseful adoption o= f > the endless upgrades of KDE and GNOME monsters. i feel your pain, and i follow the same mindset, especially: > They still are much better than WIN. > There is no stable standard for applications' developers, under such > environments. > =A1Stop upgrading, keep a working desktop - stop the fashion system! i agree with what you say, but unfortuneately it is a necessary evil when trying to win the "desktop" crowd. :) that's precisely why many have argued so strongly against focussing too much on "desktop" support (things that are good for the desktop often annoy/hinder admins or developers), but it's inevitable in any project of our scope. we can be thankful it's at least relatively easy to use ports/packages and strip down your system to as minimal a config possible... a luxary not really afforded to the m$ world. -mrh -- From: "Spam Catcher" To: spam-catcher@adept.org Do NOT send email to the address listed above or you will be added to a blacklist! From owner-freebsd-advocacy@FreeBSD.ORG Wed Oct 29 17:20:22 2003 Return-Path: Delivered-To: freebsd-advocacy@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DDDA716A4CE for ; Wed, 29 Oct 2003 17:20:22 -0800 (PST) Received: from zeus.acuson.com (ac17860.acuson.com [157.226.71.80]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7592A43FE5 for ; Wed, 29 Oct 2003 17:20:21 -0800 (PST) (envelope-from DavidJohnson@Siemens.com) Received: from mvaexch02 ([157.226.230.209]:2276 helo=mvaexch02.acuson.com) by zeus.acuson.com with esmtp (Exim 4.14) id 1AF1U0-0004tM-4E; Wed, 29 Oct 2003 17:20:16 -0800 Received: by mvaexch02.acuson.com with Internet Mail Service (5.5.2657.72) id ; Wed, 29 Oct 2003 17:16:22 -0800 Received: from dhcp-46-145.acuson.com ([157.226.46.145]) by mvaexch01.acuson.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2657.72) id VDNM7NVS; Wed, 29 Oct 2003 17:15:30 -0800 From: Johnson David To: ".VWV." , freebsd-advocacy@freebsd.org Organization: Siemens Medical Systems Date: Wed, 29 Oct 2003 17:18:42 -0800 User-Agent: KMail/1.5.4 References: <003301c39e81$4d0f8b60$fdaeabd4@workstation> In-Reply-To: <003301c39e81$4d0f8b60$fdaeabd4@workstation> MIME-Version: 1.0 Content-Type: text/plain; charset="windows-1252" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200310291718.42829.DavidJohnson@Siemens.com> X-Scanner: exiscan for exim4 (http://duncanthrax.net/exiscan/) *1AF1U0-0004tM-4E*U9QcUNZTTmU* Subject: Re: stop the desktops' upgrades X-BeenThere: freebsd-advocacy@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: FreeBSD Evangelism List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 30 Oct 2003 01:20:23 -0000 On Wednesday 29 October 2003 05:01 pm, .VWV. wrote: > Otherwise, in my opinion it is necessary to stop this unuseful > adoption of the endless upgrades of KDE and GNOME monsters. The adoption of KDE or GNOME is purely voluntary. You do not need to use either one. They are not standard in FreeBSD as they are in some other free systems. The choice is yours. > They still are much better than WIN. > There is no stable standard for applications' developers, under such > environments. As you say, they are still much better than Windows. I haven't done any GTK development, but the Qt interface has been very stable since 2.0. When 3.0 came out, a few trivial changes to my code were necessary, taking me about a half hour to make. Since then I haven't had to make any changes at all. In the meantime, I have been given ample notice of the deprecated functions. In some cases these notices have been around since 2.0. David From owner-freebsd-advocacy@FreeBSD.ORG Wed Oct 29 17:36:16 2003 Return-Path: Delivered-To: freebsd-advocacy@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3498816A4CE for ; Wed, 29 Oct 2003 17:36:16 -0800 (PST) Received: from pilchuck.reedmedia.net (pilchuck.reedmedia.net [209.166.74.74]) by mx1.FreeBSD.org (Postfix) with ESMTP id 44C9C43FB1 for ; Wed, 29 Oct 2003 17:36:15 -0800 (PST) (envelope-from reed@reedmedia.net) Received: from reed by pilchuck.reedmedia.net with local-esmtp (Exim 3.12 #1 (Debian)) id 1AF1jN-0001Pe-00; Wed, 29 Oct 2003 17:36:09 -0800 Date: Wed, 29 Oct 2003 17:36:09 -0800 (PST) From: "Jeremy C. Reed" To: ".VWV." In-Reply-To: <003301c39e81$4d0f8b60$fdaeabd4@workstation> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-advocacy@freebsd.org Subject: Re: stop the desktops' upgrades X-BeenThere: freebsd-advocacy@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: FreeBSD Evangelism List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 30 Oct 2003 01:36:16 -0000 On Thu, 30 Oct 2003, .VWV. wrote: > Otherwise, in my opinion it is necessary to stop this unuseful adoption of > the endless upgrades of KDE and GNOME monsters. What features do use need that only KDE or GNOME offer? What features do you like that you use with KDE and/or GNOME? Maybe you can use another window manager (or desktop environment) that is smaller. I have used blackbox for around five years. I also use icewm on some systems (because it is easier to use for the end-users). They work fine for me (and I do use KDE, QT, and Gnome apps using blackbox). (Anyways, do use both KDE and GNOME at same time?) Jeremy C. Reed http://bsd.reedmedia.net/ p.s. this sounds like a -chat thread and not advocacy. From owner-freebsd-advocacy@FreeBSD.ORG Wed Oct 29 17:53:01 2003 Return-Path: Delivered-To: freebsd-advocacy@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9D28F16A4CE for ; Wed, 29 Oct 2003 17:53:01 -0800 (PST) Received: from xeon.unixathome.org (bast.unixathome.org [66.11.174.150]) by mx1.FreeBSD.org (Postfix) with ESMTP id C653243FB1 for ; Wed, 29 Oct 2003 17:53:00 -0800 (PST) (envelope-from dan@langille.org) Received: by xeon.unixathome.org (Postfix, from userid 1000) id 0FBFA3E50; Wed, 29 Oct 2003 20:53:00 -0500 (EST) Received: from localhost (localhost [127.0.0.1]) by xeon.unixathome.org (Postfix) with ESMTP id 0405D3E4B; Wed, 29 Oct 2003 20:52:59 -0500 (EST) Date: Wed, 29 Oct 2003 20:52:59 -0500 (EST) From: Dan Langille X-X-Sender: dan@xeon.unixathome.org To: "Jeremy C. Reed" In-Reply-To: Message-ID: <20031029205206.B47899@xeon.unixathome.org> References: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-advocacy@freebsd.org cc: ".VWV." Subject: Re: stop the desktops' upgrades X-BeenThere: freebsd-advocacy@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: FreeBSD Evangelism List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 30 Oct 2003 01:53:01 -0000 On Wed, 29 Oct 2003, Jeremy C. Reed wrote: > I have used blackbox for around five years. That's what I use on my laptop. KDE is what I use on my workstation. Different boxes, different needs. From owner-freebsd-advocacy@FreeBSD.ORG Wed Oct 29 17:53:32 2003 Return-Path: Delivered-To: freebsd-advocacy@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 96B4516A4CF; Wed, 29 Oct 2003 17:53:32 -0800 (PST) Received: from vsmtp12.tin.it (vsmtp12.tin.it [212.216.176.206]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7016443F75; Wed, 29 Oct 2003 17:53:31 -0800 (PST) (envelope-from victorvittorivonwiktow@interfree.it) Received: from workstation (213.45.252.133) by vsmtp12.tin.it (7.0.019) id 3F8C84920063D854; Thu, 30 Oct 2003 02:53:30 +0100 Message-ID: <000f01c39e88$9e3f8650$85fc2dd5@workstation> From: ".VWV." To: , Date: Thu, 30 Oct 2003 02:53:29 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Subject: stop upgrade - keep your mind safe X-BeenThere: freebsd-advocacy@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: FreeBSD Evangelism List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 30 Oct 2003 01:53:32 -0000 Hello to all. Are you sure you really need continuous upgrading your operating system, until the end of your life? I'm happy running an 'obsolete' 4.6.2, nobody will move me from it. Upgrading makes happy only the hardware vendors. ¡Enjoy the life - fight the upgrade system -! With my best regards VITTORI From owner-freebsd-advocacy@FreeBSD.ORG Wed Oct 29 17:55:44 2003 Return-Path: Delivered-To: freebsd-advocacy@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BC42816A4CE for ; Wed, 29 Oct 2003 17:55:44 -0800 (PST) Received: from web60405.mail.yahoo.com (web60405.mail.yahoo.com [216.109.118.188]) by mx1.FreeBSD.org (Postfix) with SMTP id BF1B143F3F for ; Wed, 29 Oct 2003 17:55:43 -0800 (PST) (envelope-from twigles@yahoo.com) Message-ID: <20031030015210.79275.qmail@web60405.mail.yahoo.com> Received: from [68.5.49.41] by web60405.mail.yahoo.com via HTTP; Wed, 29 Oct 2003 17:52:10 PST Date: Wed, 29 Oct 2003 17:52:10 -0800 (PST) From: twig les To: freebsd-advocacy@freebsd.org In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Subject: Re: stop the desktops' upgrades X-BeenThere: freebsd-advocacy@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: FreeBSD Evangelism List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 30 Oct 2003 01:55:44 -0000 > Maybe you can use another window manager (or desktop > environment) that is > smaller. I've yet to see a reason to move from Windowmaker. But I wouldn't expect everyone to agree. > p.s. this sounds like a -chat thread and not advocacy. Yes, I agree, but letting off a little steam is good for the soul. --- "Jeremy C. Reed" wrote: > On Thu, 30 Oct 2003, .VWV. wrote: > > > Otherwise, in my opinion it is necessary to stop this > unuseful adoption of > > the endless upgrades of KDE and GNOME monsters. > > What features do use need that only KDE or GNOME offer? > > What features do you like that you use with KDE and/or GNOME? > > Maybe you can use another window manager (or desktop > environment) that is > smaller. > > I have used blackbox for around five years. > > I also use icewm on some systems (because it is easier to use > for the > end-users). > > They work fine for me (and I do use KDE, QT, and Gnome apps > using > blackbox). > > (Anyways, do use both KDE and GNOME at same time?) > > Jeremy C. Reed > http://bsd.reedmedia.net/ > > p.s. this sounds like a -chat thread and not advocacy. > > _______________________________________________ > freebsd-advocacy@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-advocacy > To unsubscribe, send any mail to "freebsd-advocacy-unsubscribe@freebsd.org" ===== ----------------------------------------------------------- Get a taste of Religion ... eat a priest! ----------------------------------------------------------- __________________________________ Do you Yahoo!? The New Yahoo! Shopping - with improved product search http://shopping.yahoo.com From owner-freebsd-advocacy@FreeBSD.ORG Wed Oct 29 18:02:04 2003 Return-Path: Delivered-To: freebsd-advocacy@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8188716A4CE; Wed, 29 Oct 2003 18:02:04 -0800 (PST) Received: from makeworld.com (makeworld.com [12.15.124.245]) by mx1.FreeBSD.org (Postfix) with ESMTP id BBC9143FE0; Wed, 29 Oct 2003 18:02:03 -0800 (PST) (envelope-from racerx@makeworld.com) Received: from evrtwa1-ar12-4-46-162-188.evrtwa1.dsl-verizon.net (evrtwa1-ar12-4-46-162-188.evrtwa1.dsl-verizon.net [4.46.162.188]) by makeworld.com (Postfix) with ESMTP id 54CC0C4; Wed, 29 Oct 2003 20:01:54 -0600 (CST) From: Chris To: ".VWV." , , Date: Wed, 29 Oct 2003 20:01:46 -0600 User-Agent: KMail/1.5.4 References: <000f01c39e88$9e3f8650$85fc2dd5@workstation> In-Reply-To: <000f01c39e88$9e3f8650$85fc2dd5@workstation> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Message-Id: <200310292001.46943.racerx@makeworld.com> Subject: Re: stop upgrade - keep your mind safe X-BeenThere: freebsd-advocacy@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: FreeBSD Evangelism List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 30 Oct 2003 02:02:04 -0000 On Wednesday 29 October 2003 07:53 pm, .VWV. wrote: > Hello to all. > > Are you sure you really need continuous upgrading your operating system, > until the end of your life? > > I'm happy running an 'obsolete' 4.6.2, nobody will move me from it. > Upgrading makes happy only the hardware vendors. > > =A1Enjoy the life - fight the upgrade system -! > With my best regards Interesting... In my mind, the above comment has merit in the Windows World= =2E=20 NOT *nix - That being said, upgrade Windows to *BSD THEN, be happy. > > VITTORI > > > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" =2D-=20 Best regards, Chris ______________________________________________________________________ PGP Fingerprint =3D D976 2575 D0B4 E4B0 45CC AA09 0F93 FF80 C01B C363 PGP Mail encouraged / preferred - keys available on common key servers ______________________________________________________________________ 01010010011000010110001101100101011100100101100000000000 From owner-freebsd-advocacy@FreeBSD.ORG Thu Oct 30 05:59:08 2003 Return-Path: Delivered-To: freebsd-advocacy@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 46F2416A4E5 for ; Thu, 30 Oct 2003 05:59:08 -0800 (PST) Received: from smtp08.wxs.nl (smtp08.wxs.nl [195.121.6.40]) by mx1.FreeBSD.org (Postfix) with ESMTP id E56E343FAF for ; Thu, 30 Oct 2003 05:59:06 -0800 (PST) (envelope-from akruijff@www.kruijff.org) Received: from kruij557.speed.planet.nl (ipd50a97ba.speed.planet.nl [213.10.151.186]) by smtp08.wxs.nl (iPlanet Messaging Server 5.2 HotFix 1.14 (built Mar 18 2003)) with ESMTP id <0HNK00M2SPE1K8@smtp08.wxs.nl> for advocacy@freebsd.org; Thu, 30 Oct 2003 14:56:26 +0100 (MET) Received: from Alex.lan (localhost [127.0.0.1]) by kruij557.speed.planet.nl (8.12.8p2/8.12.8) with ESMTP id h9UDvhRo001154; Thu, 30 Oct 2003 14:57:43 +0100 (CET envelope-from akruijff@Alex.lan) Received: (from akruijff@localhost) by Alex.lan (8.12.8p2/8.12.8/Submit) id h9UDvfFk001152; Thu, 30 Oct 2003 14:57:41 +0100 (CET) Date: Thu, 30 Oct 2003 14:57:39 +0100 From: Alex de Kruijff In-reply-to: <20031025204839.39160.qmail@web14609.mail.yahoo.com> To: peter lageotakes Message-id: <20031030135738.GA487@dds.nl> MIME-version: 1.0 Content-type: text/plain; charset=us-ascii Content-transfer-encoding: 7BIT Content-disposition: inline User-Agent: Mutt/1.4.1i References: <20031025183803.GD4914@dds.nl> <20031025204839.39160.qmail@web14609.mail.yahoo.com> cc: Giorgos Keramidas cc: advocacy@freebsd.org Subject: Re: Learning to Walk: A Linux User Migrates to FreeBSD X-BeenThere: freebsd-advocacy@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: FreeBSD Evangelism List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 30 Oct 2003 13:59:08 -0000 On Sat, Oct 25, 2003 at 01:48:39PM -0700, peter lageotakes wrote: > > --- Alex de Kruijff wrote: > > On Sat, Oct 25, 2003 at 08:49:25AM +0300, Giorgos > > Keramidas wrote: > > > On 2003-10-24 14:47, Alex de Kruijff > > wrote: > > > >On Thu, Oct 23, 2003 at 07:17:20PM -0700, peter > > lageotakes wrote: > > > >> This is the follow up (part 2) to Babe in the > > Woods: A > > > >> Linux User Migrates to FreeBSD. > > > >> > > > >> Interesting article. However I disagree with > > the views > > > >> about handbook being written at the admin. > > level (and > > > >> more). The article could be more positive. > > > >> > > > >> > > > http://www.ofb.biz/modules.php?name=News&file=article&sid=269 > > > > > > > > I say this is prity positive considering his > > previous article about > > > > 5.0. I feel that he gives _his_ fair point of > > view on FreeBSD. > > > > Strainge that top didn' run, i didn't had this > > happening to me. > > > > > > This is very likely a result of more serious > > problems with the /dev > > > directory of the installation (like the missing > > /dev/null described in > > > the article). > > > > > > I'll agree that it is a rather fair article, > > despite my reservations > > > regarding the problems described. I've installed > > 4.8-REL a lot of times > > > but didn't have any of the same problems. The > > fact that someone else > > > did, which is probably unsurprising for newcomers > > to FreeBSD, doesn't > > > mean that I'm super smart or that the authors of > > the article are silly > > > either. The installation process depends on very > > scrutinous attention > > > to details whose significance isn't yet very > > apparent when one is a > > > FreeBSD newbie. This is what the documentation > > team is trying to help > > > about by writing the Handbook and the rest of the > > docs. > > > > > > Let's hope that the quality of the existing > > documentation and the future > > > efforts of the doc team make problematic cases > > like the one described in > > > the article less and less frequent :-) > > > > Its not just the doc team who arre responcible for > > the succes of > > FreeBSD. Its the whole team, including amoung > > others, the doc-team, > > developers, core and the users on the lists > > (esecialy those on > > questions, newbie, stable and current). > > The install process in the handbook is very detailed. > I dont believe that is an issue (imho). One aspect I > think might need a small amount of clairification is > release, stable and new technology relase (etc). That > seems to be a small stumbling block for new users to > FreeBSD. I would also think the handbook is good the way it is. I think the mail problem with the handbook is that people don't read it. I feel this is essecialy true for newcommers. The freebsd fourtune might help with this. Like showing messages that adverstise the handbook. (i.e. "Do you wan't to have a NFS server? Read -url to nfs chapter-" and follow with if it still doesn't work send a mail to questions@) This obviously won't point someone who has trouble installing FreeBSD to the handbook. But it might show a large number of other newbies that the handbook has a large number of issues solved. -- Alex Articles based on solutions that I use: http://www.kruijff.org/alex/index.php?dir=docs/FreeBSD/ From owner-freebsd-advocacy@FreeBSD.ORG Thu Oct 30 09:57:04 2003 Return-Path: Delivered-To: freebsd-advocacy@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A026E16A4CE for ; Thu, 30 Oct 2003 09:57:04 -0800 (PST) Received: from bast.unixathome.org (bast.unixathome.org [66.11.174.150]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0250943FBF for ; Thu, 30 Oct 2003 09:57:02 -0800 (PST) (envelope-from dan@langille.org) Received: from wocker (wocker.unixathome.org [192.168.0.99]) by bast.unixathome.org (Postfix) with ESMTP id 562A83D28 for ; Thu, 30 Oct 2003 12:57:01 -0500 (EST) From: "Dan Langille" To: freebsd-advocacy@freebsd.org Date: Thu, 30 Oct 2003 12:57:01 -0500 MIME-Version: 1.0 Message-ID: <3FA10A9D.6149.1AB4D4F6@localhost> Priority: normal In-reply-to: <20031030173157.GA8122@heceta.db.net> X-mailer: Pegasus Mail for Windows (v4.02a) Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Content-description: Mail message body Subject: Re: Ottawa (and area) BSD pizza meet X-BeenThere: freebsd-advocacy@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: FreeBSD Evangelism List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 30 Oct 2003 17:57:04 -0000 I think advocacy should also know: On 30 Oct 2003 at 12:31, Diane Bruce wrote: > Hi, > > For Ottawa and area bsd folk (freebsd/netbsd/openbsd etc.) > > BSD meeting Colonade, Somerset St, pizza+beer, 6pm > Thursday November 6th. > > Cya there.. > > - Diane -- Dan Langille : http://www.langille.org/ From owner-freebsd-advocacy@FreeBSD.ORG Thu Oct 30 11:41:08 2003 Return-Path: Delivered-To: freebsd-advocacy@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4305516A4CE for ; Thu, 30 Oct 2003 11:41:08 -0800 (PST) Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by mx1.FreeBSD.org (Postfix) with ESMTP id E91AE43FB1 for ; Thu, 30 Oct 2003 11:41:04 -0800 (PST) (envelope-from robert@fledge.watson.org) Received: from fledge.watson.org (localhost [127.0.0.1]) by fledge.watson.org (8.12.9p2/8.12.9) with ESMTP id h9UJdoMg066529 for ; Thu, 30 Oct 2003 14:39:50 -0500 (EST) (envelope-from robert@fledge.watson.org) Received: from localhost (robert@localhost)h9UJdolL066526 for ; Thu, 30 Oct 2003 14:39:50 -0500 (EST) (envelope-from robert@fledge.watson.org) Date: Thu, 30 Oct 2003 14:39:50 -0500 (EST) From: Robert Watson X-Sender: robert@fledge.watson.org To: advocacy@FreeBSD.org Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Subject: fxr.watson.org news blurbs X-BeenThere: freebsd-advocacy@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: FreeBSD Evangelism List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 30 Oct 2003 19:41:08 -0000 Looks like www.kerneltrap.org and www.slashdot.org both picked up on my post to hackers@ about setting up fxr.watson.org. I'm not sure if they're worth putting on the FreeBSD front page (it's not really "about" FreeBSD), but they do count as news of some sort relating to FreeBSD, I suppose... :-) Robert N M Watson FreeBSD Core Team, TrustedBSD Projects robert@fledge.watson.org Network Associates Laboratories From owner-freebsd-advocacy@FreeBSD.ORG Thu Oct 30 12:09:28 2003 Return-Path: Delivered-To: freebsd-advocacy@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 21CBB16A4CF; Thu, 30 Oct 2003 12:09:28 -0800 (PST) Received: from essence.sdodson.com (67-50-80-104.br1.tbr.ga.frontiernet.net [67.50.80.104]) by mx1.FreeBSD.org (Postfix) with ESMTP id 81C5E43FA3; Thu, 30 Oct 2003 12:09:26 -0800 (PST) (envelope-from samy@kerneled.com) Received: from beastie.freebsd.local (dial37-123.sbm.net.sa [212.46.37.123]) by essence.sdodson.com (8.12.10/8.12.10) with ESMTP id h9UBpMX1033748; Thu, 30 Oct 2003 11:51:31 GMT (envelope-from samy@kerneled.com) Date: Thu, 30 Oct 2003 14:51:15 +0300 (AST) From: Samy Al Bahra X-X-Sender: samy@beastie.freebsd.local To: ".VWV." In-Reply-To: <000f01c39e88$9e3f8650$85fc2dd5@workstation> Message-ID: <20031030144435.L5527-100000@beastie.freebsd.local> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-advocacy@FreeBSD.ORG cc: freebsd-questions@FreeBSD.ORG Subject: Re: stop upgrade - keep your mind safe X-BeenThere: freebsd-advocacy@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: FreeBSD Evangelism List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 30 Oct 2003 20:09:28 -0000 On Thu, 30 Oct 2003, .VWV. wrote: > Are you sure you really need continuous upgrading your operating system, > until the end of your life? Yes. New releases means new features and bug fixes (trivial as they may be sometimes) VWV. From a highly productive feature to a simple visual effect, I personally want them. If you're fine with what you have (ex: you don't mind lack of AA or lack of sticky windows, things you don't use, etc...) then don't upgrade. > I'm happy running an 'obsolete' 4.6.2, nobody will move me from it. > Upgrading makes happy only the hardware vendors. This is a natural cycle. I want Xft support, I want Xinerama support, I want that CD writer functionality, I want those nicer icons, I want those neat transparent title bars, etc... It makes a lot of us happy too. I'm still waiting on some features for PekWM (http://www.PekWM.org) that are only in CVS, I am itching to upgrade next release. In other words, this is a bikeshed :) -- +-----------------------------------+ | Samy Al Bahra | samy@kerneled.com | |-----------------------------------| | B3A7 F5BE B2AE 67B1 AC4B | | 0983 956D 1F4A AA54 47CB | |-----------------------------------| | http://www.kerneled.com | +-----------------------------------+ From owner-freebsd-advocacy@FreeBSD.ORG Thu Oct 30 12:41:32 2003 Return-Path: Delivered-To: freebsd-advocacy@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F0F9816A4CE for ; Thu, 30 Oct 2003 12:41:32 -0800 (PST) Received: from amsfep16-int.chello.nl (amsfep16-int.chello.nl [213.46.243.26]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7F3C143FEC for ; Thu, 30 Oct 2003 12:41:29 -0800 (PST) (envelope-from dodell@sitetronics.com) Received: from sitetronics.com ([213.46.142.207]) by amsfep16-int.chello.nl ESMTP <20031030204104.OUUT15354.amsfep16-int.chello.nl@sitetronics.com>; Thu, 30 Oct 2003 21:41:04 +0100 Message-ID: <3FA1775A.9060102@sitetronics.com> Date: Thu, 30 Oct 2003 21:40:58 +0100 From: "Devon H. O'Dell" User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.4) Gecko/20030820 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Dan Langille References: <3FA10A9D.6149.1AB4D4F6@localhost> In-Reply-To: <3FA10A9D.6149.1AB4D4F6@localhost> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit cc: freebsd-advocacy@freebsd.org Subject: Re: Ottawa (and area) BSD pizza meet X-BeenThere: freebsd-advocacy@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: FreeBSD Evangelism List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 30 Oct 2003 20:41:33 -0000 Anybody in the .nl want to chip in some euros and do the same here? I'm game! --Devon Dan Langille wrote: >I think advocacy should also know: > >On 30 Oct 2003 at 12:31, Diane Bruce wrote: > > > >>Hi, >> >> For Ottawa and area bsd folk (freebsd/netbsd/openbsd etc.) >> >> BSD meeting Colonade, Somerset St, pizza+beer, 6pm >>Thursday November 6th. >> >> Cya there.. >> >>- Diane >> >> > > > From owner-freebsd-advocacy@FreeBSD.ORG Thu Oct 30 12:43:40 2003 Return-Path: Delivered-To: freebsd-advocacy@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CB21716A4D1 for ; Thu, 30 Oct 2003 12:43:40 -0800 (PST) Received: from bast.unixathome.org (bast.unixathome.org [66.11.174.150]) by mx1.FreeBSD.org (Postfix) with ESMTP id B2A4343FFD for ; Thu, 30 Oct 2003 12:43:33 -0800 (PST) (envelope-from dan@langille.org) Received: from wocker (wocker.unixathome.org [192.168.0.99]) by bast.unixathome.org (Postfix) with ESMTP id DCB903D28; Thu, 30 Oct 2003 15:43:32 -0500 (EST) From: "Dan Langille" To: "Devon H. O'Dell" Date: Thu, 30 Oct 2003 15:43:32 -0500 MIME-Version: 1.0 Message-ID: <3FA131A4.13509.1B4D4CF2@localhost> Priority: normal X-mailer: Pegasus Mail for Windows (v4.02a) Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Content-description: Mail message body cc: freebsd-advocacy@freebsd.org Subject: .nl BSD pizza meet X-BeenThere: freebsd-advocacy@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: FreeBSD Evangelism List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 30 Oct 2003 20:43:40 -0000 On 30 Oct 2003 at 21:40, Devon H. O'Dell wrote: > Anybody in the .nl want to chip in some euros and do the same here? I'm > game! Good idea! But start your own thread! ;) -- Dan Langille : http://www.langille.org/ From owner-freebsd-advocacy@FreeBSD.ORG Thu Oct 30 13:10:10 2003 Return-Path: Delivered-To: freebsd-advocacy@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CC03C16A4CF for ; Thu, 30 Oct 2003 13:10:10 -0800 (PST) Received: from amsfep13-int.chello.nl (amsfep13-int.chello.nl [213.46.243.24]) by mx1.FreeBSD.org (Postfix) with ESMTP id 683D543FAF for ; Thu, 30 Oct 2003 13:10:09 -0800 (PST) (envelope-from dodell@sitetronics.com) Received: from sitetronics.com ([213.46.142.207]) by amsfep13-int.chello.nl (InterMail vM.5.01.05.17 201-253-122-126-117-20021021) with ESMTP id <20031030211008.EZON4557.amsfep13-int.chello.nl@sitetronics.com>; Thu, 30 Oct 2003 22:10:08 +0100 Message-ID: <3FA17E2B.3080704@sitetronics.com> Date: Thu, 30 Oct 2003 22:10:03 +0100 From: "Devon H. O'Dell" User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.4) Gecko/20030820 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Dan Langille References: <3FA131A4.13509.1B4D4CF2@localhost> In-Reply-To: <3FA131A4.13509.1B4D4CF2@localhost> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit cc: freebsd-advocacy@freebsd.org Subject: Re: .nl BSD pizza meet X-BeenThere: freebsd-advocacy@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: FreeBSD Evangelism List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 30 Oct 2003 21:10:11 -0000 >>Anybody in the .nl want to chip in some euros and do the same here? I'm >>game! >> >> > >Good idea! But start your own thread! ;) > Yeah, sorry. Qualification: it has to be in the Gelderland area (and preferably near Zutphen/Deventer/Arnhem) because I don't have a car :P --Devon From owner-freebsd-advocacy@FreeBSD.ORG Thu Oct 30 21:13:34 2003 Return-Path: Delivered-To: freebsd-advocacy@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 26A2416A4CE; Thu, 30 Oct 2003 21:13:34 -0800 (PST) Received: from lakemtao06.cox.net (lakemtao06.cox.net [68.1.17.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id A7DC143FDD; Thu, 30 Oct 2003 21:13:32 -0800 (PST) (envelope-from kitsune@gmx.co.uk) Received: from fortytwo ([68.109.49.234]) by lakemtao06.cox.net (InterMail vM.5.01.06.05 201-253-122-130-105-20030824) with SMTP id <20031031051330.PKIG10862.lakemtao06.cox.net@fortytwo>; Fri, 31 Oct 2003 00:13:30 -0500 Date: Thu, 30 Oct 2003 23:12:18 -0600 From: kitsune To: ".VWV." Message-Id: <20031030231218.37dc9c55.kitsune@gmx.co.uk> In-Reply-To: <000f01c39e88$9e3f8650$85fc2dd5@workstation> References: <000f01c39e88$9e3f8650$85fc2dd5@workstation> X-Mailer: Sylpheed version 0.9.6claws (GTK+ 1.2.10; i386-portbld-freebsd4.9) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit cc: freebsd-advocacy@freebsd.org cc: freebsd-questions@FreeBSD.ORG Subject: Re: stop upgrade - keep your mind safe X-BeenThere: freebsd-advocacy@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: FreeBSD Evangelism List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 31 Oct 2003 05:13:34 -0000 On Thu, 30 Oct 2003 02:53:29 +0100 ".VWV." wrote: > > Hello to all. > > Are you sure you really need continuous upgrading your operating system, > until the end of your life? More features and the occasional speed boost :) I noticed a nice bit of a performance dif between 4.4 and 4.7. I found the extra features, stability, and ect to be nice. A little after that I upgraded hardware, older hardware started having very limited expandability, and started tracking stable and have absolutly loved it. I have really noticed a big dif with some of the changes that have been made since 4.7. > I'm happy running an 'obsolete' 4.6.2, nobody will move me from it. > Upgrading makes happy only the hardware vendors. I have found upgrade hardware makes me happy too :) I personally would love to have a box with a few gigs of ram to use as a cache. More HDD space is all ways useful to me. Yeah, cd/dvd works for back up, but it is annoying for easy to access archival purposes. Better networking is nice to. I personally want move parts of my system to a mesh topology using firewire400. From owner-freebsd-advocacy@FreeBSD.ORG Sat Nov 1 04:22:38 2003 Return-Path: Delivered-To: freebsd-advocacy@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BF40416A4CE; Sat, 1 Nov 2003 04:22:38 -0800 (PST) Received: from digiflux.org (43.Red-80-59-151.pooles.rima-tde.net [80.59.151.43]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3634E43F85; Sat, 1 Nov 2003 04:22:37 -0800 (PST) (envelope-from olivas@digiflux.org) Received: from digiflux.org (localhost [127.0.0.1]) by digiflux.org (8.12.9p2/8.12.9) with SMTP id hA1CLIf5016614; Sat, 1 Nov 2003 13:21:18 +0100 (CET) (envelope-from olivas@digiflux.org) Received: from 10.0.0.150 (SquirrelMail authenticated user olivas) by digiflux.org with HTTP; Sat, 1 Nov 2003 13:21:19 +0100 (CET) Message-ID: <1405.10.0.0.150.1067689279.squirrel@digiflux.org> Date: Sat, 1 Nov 2003 13:21:19 +0100 (CET) From: olivas@digiflux.org To: warbsd@digiflux.org User-Agent: SquirrelMail/1.4.1 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 Importance: Normal cc: advocacy@freebsd.org cc: chat@freebsd.org Subject: WarBSD 0.2.1 just released X-BeenThere: freebsd-advocacy@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: FreeBSD Evangelism List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 01 Nov 2003 12:22:38 -0000 I've just uploaded another update of WarBSD (0.2.1) to the warbsd.eurisko.ws site. This release adds the AP-Config 1.3.1 port and miniperl (Perl 5.8.0). I also decided to add the "top" utility from the FreeBSD source tree. Other than that, nothing else has changed. I hope people find this release useful. :) I think now is a good time to go thru and update the build scripts before releasing another version. :) -Stacy From owner-freebsd-advocacy@FreeBSD.ORG Sat Nov 1 11:21:31 2003 Return-Path: Delivered-To: freebsd-advocacy@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 09B3A16A4CE for ; Sat, 1 Nov 2003 11:21:31 -0800 (PST) Received: from digiflux.org (43.Red-80-59-151.pooles.rima-tde.net [80.59.151.43]) by mx1.FreeBSD.org (Postfix) with ESMTP id 625DB43FA3 for ; Sat, 1 Nov 2003 11:21:29 -0800 (PST) (envelope-from olivas@digiflux.org) Received: from digiflux.org (localhost [127.0.0.1]) by digiflux.org (8.12.9p2/8.12.9) with ESMTP id hA1JK5f5019925; Sat, 1 Nov 2003 20:20:06 +0100 (CET) (envelope-from olivas@digiflux.org) Received: (from www@localhost) by digiflux.org (8.12.9p2/8.12.9/Submit) id hA1JK3TH019921; Sat, 1 Nov 2003 20:20:03 +0100 (CET) (envelope-from olivas@digiflux.org) Date: Sat, 1 Nov 2003 20:20:03 +0100 (CET) Message-Id: <200311011920.hA1JK3TH019921@digiflux.org> X-Authentication-Warning: digiflux.org: www set sender to olivas@digiflux.org using -f To: advocacy@bsdadvocacy.org Received: from 10.0.0.150 (auth. user olivas@localhost) by digiflux.org with HTTP; Sat, 01 Nov 2003 20:20:03 +0100 X-IlohaMail-Blah: olivas@localhost X-IlohaMail-Method: mail() [mem] X-IlohaMail-Dummy: moo X-Mailer: IlohaMail/0.7.11 (On: digiflux.org) From: "Stacy Olivas" Bounce-To: "Stacy Olivas" Errors-To: "Stacy Olivas" MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable cc: advocacy@freebsd.org Subject: Fwd: [WarBSD]WarBSD 0.2.1 just released X-BeenThere: freebsd-advocacy@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: FreeBSD Evangelism List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 01 Nov 2003 19:21:31 -0000 --- Original Message --- Date: 11/1/2003 From: "olivas@digiflux.org" Subject: [WarBSD]WarBSD 0.2.1 just released I've just uploaded another update of WarBSD (0.2.1) to the warbsd.eurisko.ws site. This release adds the AP-Config 1.3.1 port and miniperl (Perl 5.8.0). I also decided to add the "top" utility from the FreeBSD source tree. Other than that, nothing else has changed. I hope people find this release useful. :) I think now is a good time to go thru and update the build scripts before releasing another version. :) -Stacy From owner-freebsd-advocacy@FreeBSD.ORG Sat Nov 1 14:17:57 2003 Return-Path: Delivered-To: freebsd-advocacy@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0308D16A4CE for ; Sat, 1 Nov 2003 14:17:57 -0800 (PST) Received: from thor.65535.net (thor.65535.net [216.17.104.19]) by mx1.FreeBSD.org (Postfix) with ESMTP id 51E6F43FAF for ; Sat, 1 Nov 2003 14:17:56 -0800 (PST) (envelope-from rghf@fsck.me.uk) Received: from jvds.demon.co.uk ([212.228.151.253] helo=bitch.localdomain) by thor.65535.net with esmtp (Exim 4.20) id 1AG41Q-000Az4-DM for freebsd-advocacy@freebsd.org; Sat, 01 Nov 2003 14:15:05 -0800 Date: Sat, 1 Nov 2003 22:20:29 +0000 (GMT) From: Rus Foster X-X-Sender: rghf@bitch.localdomain To: freebsd-advocacy@freebsd.org In-Reply-To: <200311011920.hA1JK3TH019921@digiflux.org> Message-ID: References: <200311011920.hA1JK3TH019921@digiflux.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Subject: Interview with Pawel Jakub Dawide (jail programmer) X-BeenThere: freebsd-advocacy@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: FreeBSD Evangelism List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 01 Nov 2003 22:17:57 -0000 Hi, I thought some people might be intrested in an interview I did with Pawel about where FreeBSD jails are from and where they are going http://tech.jvds.com/modules.php?name=News&file=article&sid=6&mode=&order=0&thold=0 Rgds Rus -- w: http://www.jvds.com | JVDS Virtual Servers e: rghf@jvds.com | Daily Specials t: +44 7919 373537 | http://www.jvds.com/specials.php t: 1-888-327-6330 | email: sales@jvds.com