Linux-Advocacy Digest #657, Volume #25 Thu, 16 Mar 00 17:13:04 EST
Contents:
Re: C2 question (abraxas)
Re: Symbolic Links for WinBlows 2000 ("Mr. Rupert")
Re: Absolute failure of Linux dead ahead? (Craig Kelley)
Re: which OS is best? (Craig Kelley)
Re: An Illuminating Anecdote (Mark Hamstra)
Re: Giving up on NT ("Chad Myers")
Re: Why not Darwin AND Linux rather than Darwin OR Linux? (was Re:Darwin or Linux
(Koan Kid)
Re: C2 question ("Chad Myers")
Re: An Illuminating Anecdote (Darren Winsper)
Re: Disproving the lies. (Darren Winsper)
Re: Giving up on NT (Stephen Rifkin)
Re: Feature set: Kerberos, IPSec (Emilio Gonzalez)
Re: Open Software Reliability (Steve Mading)
Re: Giving up on NT ("Nik Simpson")
Re: Enemies of Linux are MS Lovers (Norman D. Megill)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (abraxas)
Crossposted-To: comp.os.ms-windows.nt.advocacy
Subject: Re: C2 question
Date: 16 Mar 2000 20:41:25 GMT
In comp.os.linux.advocacy Chad Myers <[EMAIL PROTECTED]> wrote:
> "abraxas" <[EMAIL PROTECTED]> wrote in message
> news:8arbg9$1d47$[EMAIL PROTECTED]...
>> > How can you specify a list of groups that have access to a specific file,
>> > for example?
>>
>> Give group read/write/excecute access to that file, chgrp the file to the
>> group in question.
> So that would allow you to have more than one group have permissions to a
> file? What if you wanted 3 groups?
I think that groups work slightly differently than youre thinking....Theres
no reason to have three groups have access to a file at the exclusion of
the rest, you simply add the individual logins that you want to have access
to the file to the group to which you are granting access.
It may seem like this is a round-about way to do things, but it becomes
very handy when youre scripting large chunks of functionality.
>> Youd do it with Sudo. But its a dumb thing to do, and it doesnt have much
>> to do with discretionary access as defined in the above mentioned document.
> Are you kidding? ACLs are at the heart of DAC. Being able to EASILY add
> users, groups, and other types of authenticated resources to a permissions
> list for a given resource are necessary for fine grained access control.
I'm approaching this from a different perspective I think. All of the things
that you would like to be able to do are possible, and yes, some of them are
a big kludgey as they approach fine-grained access control.
But it *is* possible. Sudo isnt doing anything that UNIX cant do on its own,
its simply collecting functions and redistributing them.
> Using a bunch of backhanded techniques is not only difficult and obtrusive,
> but it's plain silly for something that seems so natural.
The backhanded techniques are nessesary when youre talking about an operating
system like unix. You should have seen it BEFORE sudo. It was an enormous
pain in the ass to do everything that Sudo does by hand.
And there are utilities beyond Sudo that give you naturally even finer grained
access (with easier to understand conf files too).
When youre talking about unix and unix-like operating systems, this kind of
functionality is *always* lent by reorganizing existing functions. A safe
mode of thinking is that under unix, you can pretty much do anything you can
imagine, its just a matter of figuring out how to organize existing functions.
> "I have a file, I want this guy, that guy, this group, and that group to have
> access to this file, but this guy should only have read, and this group should
> have modify"
Yes, but the point is that what you were asking is indeed possible.
>> > What about Auditing? Can you audit a specific user's actions on a specific
>> > file when excercised through a group?
>>
>> Yes, you can do this with Sudo.
> What, exactly does sudo do? And how come, on an average RH 6.0 install, I can't
> seem to find the sudo command anywhere?
You have to go get it. Its part of the latest Suse and Debian distribs.
And beyond that, now youre talking about distributions, not the operating system.
The operating system of linux is little more than a kernel, a filesystem and
a few functions. Everything else is built atop by whoever is doing the
distributing.
I daresay that if you are going to define linux by distribution, it wouldnt
be too terribly difficult to come up with a distribution that would earn a C2
readily. All youd need is a few good programmers---again because its all a
matter of reorganizing existing functions. (which are more often than not
themselves a reorganization of existing functions).
>> > Can you do explicit Deny? And when I mean Deny, I don't mean to NOT give
>> > someone permissions, I mean, explicitly disallow them from accessing a
>> > resource? This is a requirement of C2.
>>
>> Yes. You can do this with both file permissions and Sudo.
> You can explicitly deny one person, and explicitly allow another?
Yes.
=====yttrx
------------------------------
From: "Mr. Rupert" <[EMAIL PROTECTED]>
Crossposted-To: comp.unix.advocacy
Subject: Re: Symbolic Links for WinBlows 2000
Date: Thu, 16 Mar 2000 14:39:13 -0600
Steve Mading wrote:
>
> In comp.os.linux.advocacy Graham Murray <[EMAIL PROTECTED]> wrote:
> : "Erik Funkenbusch" <[EMAIL PROTECTED]> writes:
>
> :> What the press release doesn't quite adequately say is that this is a
> :> transparent process that happens in the background. Links are not created
> :> manually, the OS finds identical duplicate files and coalesces them into a
> :> single file with links without any user interaction.
>
> : What happens if you then modify one of these files and want to keep
> : the other unchanged? Will the system automatically split them for you
> : when you start changeing one "copy"?
>
> The idea sounds very similar to copy-on-write for forked processes'
> memory space. As long as both links are used in a read-only fashion,
> only one copy of the file will physically exist. Once one of the
> 'files' is altered or written to, then the link is broken and a copy
> is made instead, with the change is applied to the copy.
>
> Even though this is coming from Microsoft, I'll still admit that it's
> a clever idea. However, its goal is not to do symbolic links ala
> Unix - it's goal is to merely save some disk space by collecting
> duplicates in a fashion that is invisible to the user. It has some
> problems to worry about, but they are mostly user-education problems
> rather than technical ones.
Stop right there! You say it's 'invisible' to the user and then say
any problems can be solved by user-education.
The mere fact that you have to educate the user about something that
is designed to be invisible to the user classifies it a failure.
--
Mr Rupert
------------------------------
Subject: Re: Absolute failure of Linux dead ahead?
From: Craig Kelley <[EMAIL PROTECTED]>
Date: 16 Mar 2000 13:49:04 -0700
Navindra Umanee <[EMAIL PROTECTED]> writes:
> > Considering that the next version of the 'top tier' Redhat
> > is going to be optimized for Oracle 8i, it's a fair bet
> > that Oracle works with glibc2.1.
>
> But how do you know the version that I have *now* works with glibc2.1?
> Unless you're saying that Oracle will offer a free upgrade path
> because I broke the OS by upgrading to the new "drop-in" glibc...
> maybe they do, I haven't checked.
To be fair, Oracle allows you to re-link against whatever library you
are running. If you find that glibc-5.3.1 in 2012 doesn't work well
with Oracle 8i from 1999, you could probably still link against
glibc-2.1 (or whatever) by relinking it.
FWIW, I'm running 8i right now on a 2.1 system.
--
The wheel is turning but the hamster is dead.
Craig Kelley -- [EMAIL PROTECTED]
http://www.isu.edu/~kellcrai finger [EMAIL PROTECTED] for PGP block
------------------------------
Crossposted-To:
comp.sys.mac.advocacy,comp.os.ms-windows.advocacy,comp.os.ms-windows.nt.advocacy
Subject: Re: which OS is best?
From: Craig Kelley <[EMAIL PROTECTED]>
Date: 16 Mar 2000 13:52:52 -0700
Peter Ammon <[EMAIL PROTECTED]> writes:
> Christopher Smith wrote:
> >
> > Uh huh.
> > Please explain which superior products they killed (and how).
>
> Go. They displayed an interest in developing software for Go's
> handheld, then had their engineers get all the information they could
> and never called Go again. Microsoft then announced their own handheld,
> based on Palm Windows, and strong-armed Compaq and some other OEMs who
> were interested in working with Go to drop the relationship. When it
> became apparent that Go was no longer viable, Microsoft dropped
> development of Palm Windows...if they ever developed it at all.
We actually have one of those touch-screen versions of Windows 3.11.
Windows for Pen Computing
It's awful.
--
The wheel is turning but the hamster is dead.
Craig Kelley -- [EMAIL PROTECTED]
http://www.isu.edu/~kellcrai finger [EMAIL PROTECTED] for PGP block
------------------------------
From: Mark Hamstra <[EMAIL PROTECTED]>
Subject: Re: An Illuminating Anecdote
Date: 16 Mar 2000 15:37:32 -0500
[EMAIL PROTECTED] writes:
> "mr_organic" <[EMAIL PROTECTED]> writes:
>
> > He said: "What's Emacs?"
> >
> > I said: "Out of my office, infidel."
>
> Glad you weren't around when I was learning. Or would it have helped
> that I didn't know Windows?
>
> I did read a lot of man pages, etc. But I also asked a lot of
> questions. Looking down on your coworkers won't better your situation
> at all. Teach whoever will learn.
Saying, effectively, "This is a good, worthwhile, and important thing
to know... but I'm not going to spoon-feed it to you, you must
learn it for yourself" is a valid and time-tested mentoring technique.
Often times the Learning How to Learn is as important as the Knowing,
and beyond a certain point there's very little one can or should do
to teach another How to Learn beyond pre-selecting promising targets.
--
Mark Hamstra
Bentley Systems, Inc.
------------------------------
From: "Chad Myers" <[EMAIL PROTECTED]>
Crossposted-To:
comp.sys.mac.advocacy,comp.os.ms-windows.nt.advocacy,comp.os.os2.advocacy
Subject: Re: Giving up on NT
Date: Thu, 16 Mar 2000 15:19:47 -0600
"Bob Hauck" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> >I can fire up TextPad for Windows, which is one of the best text editors
> >around (IMHO, syntax highlighting, and much, much more) and I am up and
> >running in a matter of SECONDS and doing all that Emacs does and more.
>
> Except for the part about running on Solaris, AIX, VMS, Linux, Amiga, and
> just about every other OS ever made.
> Hey there are good editors on Windows, some of them are even free (as in
> beer...I like PFE). But all the world is _not_ Windows Chad.
You know, it seems like you guys dwell more on this than anyone else does.
We're simply comparing functionality in text editors. Emacs is definately
feature rich, don't get me wrong, but it takes a PhD to get them to work,
let alone master them.
So, simply because it runs on a bunch of platforms it's a good program?
I could write a "Hello World!" app that runs on just about every platform,
so is my program more functional than another application?
No. I'm simply stating that Vi, Emacs, et al are incredibly overcomplicated
for a not-that-complicated task. For some reason, it seems to be a schtick
for Un*x and un*x-like OSen that they must take a relatively simple task
and complicate the hell out of it so as to discourage anyone but the most
die-hard person from using it.
No, Bob, text editing DOESN'T have to be this difficult. Cutting and pasting
DOESN'T have to involve 20 key strokes!.
-Chad
------------------------------
From: Koan Kid <[EMAIL PROTECTED]>
Crossposted-To: comp.sys.next.advocacy,comp.sys.mac.advocacy
Subject: Re: Why not Darwin AND Linux rather than Darwin OR Linux? (was Re:Darwin or
Linux
Date: 16 Mar 2000 21:25:36 GMT
In comp.sys.mac.advocacy Michael Paquette <[EMAIL PROTECTED]> spake thusly:
[snip]
> The information is all out there. You don't need squat from Apple.
> If you really want a QuickTime clone either copylefted or open
> sourced, knock off the whining, get off your butt, and do it. Show
> us what a totally kewl coder you are.
> The world doesn't owe you a living. Others who own things (even if
> you don't agree with the idea of ownership) can do with them what
> they want. You can do what you want with what you create.
> It's up to you.
And just when I was beginning to think that I was the only person in the
world who couldn't understand what the self-proclaimed "Free-Software
Advocates" (not to be confused with the *real* free-sofware advocates--you
know, the ones who actually contribute to the movement) were bitching about
when someone refused to personally hand over a copy of their source to
every script-kiddie and 3L3373 d00d just so they could burn it on to a CD-R
for their "archives".
*sigh*
Pardon my rant.
KK
------------------------------
From: "Chad Myers" <[EMAIL PROTECTED]>
Crossposted-To: comp.os.ms-windows.nt.advocacy
Subject: Re: C2 question
Date: Thu, 16 Mar 2000 15:25:20 -0600
"abraxas" <[EMAIL PROTECTED]> wrote in message
news:8argtl$1d47$[EMAIL PROTECTED]...
> > So that would allow you to have more than one group have permissions to a
> > file? What if you wanted 3 groups?
>
> I think that groups work slightly differently than youre thinking....Theres
> no reason to have three groups have access to a file at the exclusion of
> the rest, you simply add the individual logins that you want to have access
> to the file to the group to which you are granting access.
So I'd have to create a different group for each set of permissions I wanted
to create? That's rediculous.
> It may seem like this is a round-about way to do things, but it becomes
> very handy when youre scripting large chunks of functionality.
I believe this is the overly complicated way of doing things the
means-to-an-end that the TSEC said was not acceptable.
> > Using a bunch of backhanded techniques is not only difficult and obtrusive,
> > but it's plain silly for something that seems so natural.
>
> The backhanded techniques are nessesary when youre talking about an operating
> system like unix. You should have seen it BEFORE sudo. It was an enormous
> pain in the ass to do everything that Sudo does by hand.
So why don't they just get out of the 1970's and catch up to what everyone
else is doing and has proven to be the best way of doing things? The TSEC
isn't stupid, and they're not fly-by-night. They know what they're talking
about.
Isn't it about time Un*x got out of the stone ages?
> And there are utilities beyond Sudo that give you naturally even finer grained
> access (with easier to understand conf files too).
But it's still a hack upon a hack. Two wrongs don't make a right.
> I daresay that if you are going to define linux by distribution, it wouldnt
> be too terribly difficult to come up with a distribution that would earn a C2
> readily. All youd need is a few good programmers---again because its all a
> matter of reorganizing existing functions. (which are more often than not
> themselves a reorganization of existing functions).
But, you'd have to incorporate DAC and several other things, which would result
in the creation of a "Trusted Linux" which would be a branch from the main
kernel path.
There was a discussion about this on Slashdot awhile back. Search for Trusted
Linux and you might find it.
-Chad
------------------------------
From: [EMAIL PROTECTED] (Darren Winsper)
Subject: Re: An Illuminating Anecdote
Date: 17 Mar 2000 05:31:25 GMT
On Thu, 16 Mar 2000 07:36:27 GMT, Truckasaurus <[EMAIL PROTECTED]> wrote:
> In schools in DK, pupils are taught the basic concepts of math
> (+,-,*,/) before they are given calculators, in order to make them
> understand what is going on inside such a machine before using it.
In primary school, nobody was allowed to use a calculator at all.
Everything was done by hand, teacher and rather young pupil alike.
When I reached high school I was told to use a calculator for things I
had learnt to do in my head (Evidently something like 9*4 is too
difficult for 11 year olds to master). It was rather disturbing when I
was handed investigation sheets people in my primary school class had
done *2 years ago*.
Ironically, the primary school failed its Ofsted (The school
inspecter/watchdog program) report around the time I was 14.
--
Darren Winsper (El Capitano) - ICQ #8899775
Stellar Legacy project member - http://www.stellarlegacy.tsx.org
DVD boycotts. Are you doing your part?
------------------------------
From: [EMAIL PROTECTED] (Darren Winsper)
Crossposted-To: comp.os.ms-windows.nt.advocacy
Subject: Re: Disproving the lies.
Date: 17 Mar 2000 05:31:26 GMT
On Thu, 16 Mar 2000 06:57:39 GMT, Terry Murphy <[EMAIL PROTECTED]> wrote:
> How do I configure slrn to print my real e-mail address?
In ~/.slrnrc:
hostname "<What comes after the @"
set username "what comes before the @"
--
Darren Winsper (El Capitano) - ICQ #8899775
Stellar Legacy project member - http://www.stellarlegacy.tsx.org
DVD boycotts. Are you doing your part?
------------------------------
From: [EMAIL PROTECTED] (Stephen Rifkin)
Crossposted-To:
comp.sys.mac.advocacy,comp.os.ms-windows.nt.advocacy,comp.os.os2.advocacy
Subject: Re: Giving up on NT
Date: 16 Mar 2000 21:29:20 GMT
OMG !! Blasphemer !! What, vi complex ?? emacs way complex ?? There are
pork-eaters in the santuary !! Kill them all.
As a long time sysadm I too find the holy editors to be overkill and
cumbersome. For basic shell stuff, perl, python there are lots of editors
that can do the trick. I used to like Crisp before they made it very
expensive. I'm sure there are others. On the other hand there are lots of
reasons to use a complicated editor for straight up code development. Heck,
the one true test I suppose would be to see if you could create your own
editor in itself.
Everybody lighten up. It's just a fsckin tool.
------------------------------
Date: Thu, 16 Mar 2000 16:34:46 -0500
From: Emilio Gonzalez <[EMAIL PROTECTED]>
Subject: Re: Feature set: Kerberos, IPSec
Jeff Hall wrote:
>
> Here are a couple quick questions. A Federal government contractor has
> mentioned that he has specified Windows 2000 because of its "free"
> support for Kerberos security and an secure ip protocol called IPSec
> (?). Two questions: Is there an open-source alternative
> that I should recommend, perhaps involving Linux? Also, are these
> truly part of the feature set of W2K that make it a compelling purchase?
>
> Thanks, Jeff
See http://www.freeswan.org for a free(GPL'd) implementation of IPSec
for linux.
Emilio
------------------------------
From: Steve Mading <[EMAIL PROTECTED]>
Subject: Re: Open Software Reliability
Date: 16 Mar 2000 21:40:45 GMT
mlw <[EMAIL PROTECTED]> wrote:
: Lastly, the idea that one can "institute and enforce" demanding quality
: standards is a joke. It can't happen. One has to be a good software
: engineer to recognize bad code, it had NOTHING to do with coding
: standards or any other non-sense that passes for management, it has to
: do with how you construct your algorithms, how you access data in a
: loop, etc. For instance:
: /* A bad function */
: void testfunction(struct yy *xx)
: {
: int t = xx->count; /* Save count */
: xx->sum = xx->value; /* Get first value */
: while(xx->count--) /* Loop until done */
: xx->sum += xx->sum;
: xx->count = t; /* Restore count */
: }
: The above functions is bad code, although no coding standard or quality
: suite can tell you why. I have seen code like that in the real world,
: really!
: int testfunction(struct yy *xx)
: {
: xx->sum = (1<<xx->count)*xx->value;
: }
: The is the equivalent functionality done "right."
Agreed. And the sad thing is, some coding standards would favor the
first example, since it looks 'simpler' to the neophyte. (Even though
the second is simpler to the experienced person because he can see at
a glance what the math formula is. He has to mentally walk through the
algorithm to see what you have in mind in the first example.)
I used to work at a place that forced me to write bad code so that
I could stay within their standards. Luckily, I escaped.
--
-- ------------------------------------------------------------------
Steven L. Mading at BioMagResBank (BMRB). UW-Madison
Programmer/Analyst/(acting SysAdmin) mailto:[EMAIL PROTECTED]
B1108C, Biochem Addition / 433 Babcock Dr / Madison, WI 53706-1544
------------------------------
From: "Nik Simpson" <[EMAIL PROTECTED]>
Crossposted-To:
comp.sys.mac.advocacy,comp.os.ms-windows.nt.advocacy,comp.os.os2.advocacy
Subject: Re: Giving up on NT
Date: Thu, 16 Mar 2000 16:59:07 -0500
"Chad Myers" <[EMAIL PROTECTED]> wrote in message
news:8arj3p$f28$[EMAIL PROTECTED]...
>
>
> No. I'm simply stating that Vi, Emacs, et al are incredibly
overcomplicated
> for a not-that-complicated task. For some reason, it seems to be a schtick
> for Un*x and un*x-like OSen that they must take a relatively simple task
> and complicate the hell out of it so as to discourage anyone but the most
> die-hard person from using it.
>
> No, Bob, text editing DOESN'T have to be this difficult. Cutting and
pasting
> DOESN'T have to involve 20 key strokes!.
>
I frequently come accross text editing situations involving pattern matching
that I can in one line in vi that either not doable in any of the GUI text
editors or force me to jump through numerous hoops. All my PERL scripting is
done using VIM in NT and I would not use anything else. I'll grant you that
vi is not that friendly to learn, but mock its power at your peril.
After this brief foray in editor advocacy, we now return you to your
regularly scheduled OS advocacy discussions :-)
--
Nik Simpson
------------------------------
From: [EMAIL PROTECTED] (Norman D. Megill)
Crossposted-To: alt.microsoft.sucks,alt.destroy.microsoft
Subject: Re: Enemies of Linux are MS Lovers
Date: 16 Mar 2000 17:02:23 -0500
In article <8ar214$[EMAIL PROTECTED]>,
Norman D. Megill <[EMAIL PROTECTED]> wrote:
>In article <[EMAIL PROTECTED]>,
>Roger <roger@.> wrote:
>>On 14 Mar 2000 23:06:05 -0500, someone claiming to be Norman D. Megill
>>wrote:
>>> (The following 2 formats change the label to uppercase to workaround an
>>> FDISK bug.)
>>
>>Why / how had they become lower case to begin with?
>
>I don't know. A Windows crash can do strange things to your disk. But
After researching my notes I now see what happened. Disks provided by
Gateway are formatted by some other software that allows lowercase, so
it could be construed as Gateway's fault for the person putting in the
lower case label not being aware of the FDISK bug. I put the
relabelling in my procedure and it is probably redundant after the first
reformat of a new disk. In fairness to MS, I have never seen a Windows
crash that corrupted the disk label.
--Norm
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.advocacy) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Advocacy Digest
******************************
