Re: [OpenIndiana-discuss] Anybody using Trusted JDS/Gnome?
On Sat, 5 Jan 2013, Jim Klimov wrote: However, the TX do have a certain marketing baggage as a "proven" solution that might have once been certified to do the job and provide the "paper-protection" against audits for act-compliance. For certain customers the paper compliance does matter and cost more than actual (and perhaps better) protection which is not yet certified, and among similar solutions the certified and/or proven ones have a few bonus points. Such "paper-protection" would not apply to OpenIndiana and the paper would be worth less than toilet paper. Certifications require a documented paper trail and a company behind them. Bob -- Bob Friesenhahn bfrie...@simple.dallas.tx.us, http://www.simplesystems.org/users/bfriesen/ GraphicsMagick Maintainer,http://www.GraphicsMagick.org/ ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] Anybody using Trusted JDS/Gnome?
On 2013-01-05 17:01, Michael Stapleton wrote: The Organizations which use TX do not discuss the fact that they use TX. That being said, those same organizations will not be using OI... Well, my point was, rather, that while illumos-based distros are trying to get a foothold in enterprises, presence of TX "Like in real Solaris, only cheaper and with source available for audit" might be a benefit. Then again, an entity which would promote this solution (like, really - by selling it for money) should not have a hard time recovering it by reversing a changeset (which would carve out TX today), and might have actual work to do to maintain it. It is likely IMHO that in this area a single paying customer might be enough to pay for the work needed ;) Bottom line, as much as I like TX I would not spend anytime maintaining it on OI. Alas, +1 ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] Anybody using Trusted JDS/Gnome?
The Organizations which use TX do not discuss the fact that they use TX. That being said, those same organizations will not be using OI... I personally really like TX. If you want actual security, it is the way to go, but the problem with real security is that it really gets in the way if you want to do anything, TX is only practical if your computer is part of a larger network which is also running some type of multi-level security scheme. Bottom line, as much as I like TX I would not spend anytime maintaining it on OI. Mike On Sat, 2013-01-05 at 14:48 +0100, Jim Klimov wrote: > On 2013-01-05 12:29, lucadepan...@gmail.com wrote: > > I never used Trusted Extensions in all my desktop OI installations. > > > > I think the lack of consumers reflects how much their are low important in a > > desktop environment. > > > > IMHO they could be useful in a server environment, but in a desktop context > > i > > think they are very useless and an additional work that could be deleted. > > > I believe the TX may be needed to weigh in on an enterprise market > for those possible customers who are required to comply to legal > acts and/or who themselves wish to seperate access to different > resources and networks while providing a single desktop without > means to copy-paste data from windows belonging to different > security labels. This is likely more relevant to terminal server > environments (SunRays, XDMCP) than to single desktops, although > in a corporate setting with centrally-controlled desktops this > mileage may vary. > > That said, I think that the equivalent solution can be more simply > be made today with VDI farms dedicated to each ex-label (subnet, > etc.) and without allowing copy-paste and/or screenshots within > the desktop environment. > > However, the TX do have a certain marketing baggage as a "proven" > solution that might have once been certified to do the job and > provide the "paper-protection" against audits for act-compliance. > For certain customers the paper compliance does matter and cost > more than actual (and perhaps better) protection which is not yet > certified, and among similar solutions the certified and/or proven > ones have a few bonus points. > > All that said, I don't really know anyone that uses TX today or > in the past; I know of similar solutions made with SunRays by a > company that ours is friends with. If the support is too hard to > bear into the future (and lack of lab and real-life testing does > make it harder), I think the code can be either left to wither > until someone comes to bring it up to date, or carved out with > some documented way to carve it back in should someone desire. > > My 2c, > //Jim Klimov > > > ___ > OpenIndiana-discuss mailing list > OpenIndiana-discuss@openindiana.org > http://openindiana.org/mailman/listinfo/openindiana-discuss ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] Anybody using Trusted JDS/Gnome?
On 2013-01-05 12:29, lucadepan...@gmail.com wrote: I never used Trusted Extensions in all my desktop OI installations. I think the lack of consumers reflects how much their are low important in a desktop environment. IMHO they could be useful in a server environment, but in a desktop context i think they are very useless and an additional work that could be deleted. I believe the TX may be needed to weigh in on an enterprise market for those possible customers who are required to comply to legal acts and/or who themselves wish to seperate access to different resources and networks while providing a single desktop without means to copy-paste data from windows belonging to different security labels. This is likely more relevant to terminal server environments (SunRays, XDMCP) than to single desktops, although in a corporate setting with centrally-controlled desktops this mileage may vary. That said, I think that the equivalent solution can be more simply be made today with VDI farms dedicated to each ex-label (subnet, etc.) and without allowing copy-paste and/or screenshots within the desktop environment. However, the TX do have a certain marketing baggage as a "proven" solution that might have once been certified to do the job and provide the "paper-protection" against audits for act-compliance. For certain customers the paper compliance does matter and cost more than actual (and perhaps better) protection which is not yet certified, and among similar solutions the certified and/or proven ones have a few bonus points. All that said, I don't really know anyone that uses TX today or in the past; I know of similar solutions made with SunRays by a company that ours is friends with. If the support is too hard to bear into the future (and lack of lab and real-life testing does make it harder), I think the code can be either left to wither until someone comes to bring it up to date, or carved out with some documented way to carve it back in should someone desire. My 2c, //Jim Klimov ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
[OpenIndiana-discuss] 151a7 smnpd core dump
Every once in a while the snmpd daemon core dumps. When I run dbx on it it tells me that the checksum doesn't match the executable. (dbx) proc -map Loadobject mappings for current core file: 0x0040 /usr/sbin/amd64/snmpd Warning: checksum in file(845c) doesn't match image(dd35) It's not clear what I should do to get a good traceback. Right now, this is what I get: (dbx) where =>[1] memcpy(0x0, 0x6b3a40, 0x6b3a40, 0x0, 0x118, 0x0), at 0xfd7fff165f8b [2] netsnmp_access_systemstats_entry_update_stats(0x0, 0x0, 0x0, 0x0, 0x0, 0x0), at 0xfd7ffeb9b4b9 [3] netsnmp_access_systemstats_entry_update(0x0, 0x0, 0x0, 0x0, 0x0, 0x0), at 0xfd7ffeb9b5e6 [4] _check_for_updates(0x0, 0x0, 0x0, 0x0, 0x0, 0x0), at 0xfd7ffeb8e93b [5] netsnmp_binary_array_for_each(0x0, 0x0, 0x0, 0x0, 0x0, 0x0), at 0xfd7ffe990b12 [6] _ba_for_each(0x0, 0x0, 0x0, 0x0, 0x0, 0x0), at 0xfd7ffe99140f [7] ipSystemStatsTable_container_load(0x0, 0x0, 0x0, 0x0, 0x0, 0x0), at 0xfd7ffeb8ee5e [8] _cache_load(0x0, 0x0, 0x0, 0x0, 0x0, 0x0), at 0xfd7ffeb8ddd5 [9] _cache_load(0x0, 0x0, 0x0, 0x0, 0x0, 0x0), at 0xfd7ffec8a7c8 [10] _timer_reload(0x0, 0x0, 0x0, 0x0, 0x0, 0x0), at 0xfd7ffec89675 [11] run_alarms(0x0, 0x0, 0x0, 0x0, 0x0, 0x0), at 0xfd7ffe9658de [12] 0x4061a2(0x0, 0x0, 0x0, 0x0, 0x0, 0x0), at 0x4061a2 [13] 0x4061a2(0x0, 0x0, 0x0, 0x0, 0x0, 0x0), at 0x4061a2 [14] 0x4056b1(0x0, 0x0, 0x0, 0x0, 0x0, 0x0), at 0x4056b1 [15] 0x402f7c(0x0, 0x0, 0x0, 0x0, 0x0, 0x0), at 0x402f7c Gary ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] Anybody using Trusted JDS/Gnome?
I never used Trusted Extensions in all my desktop OI installations. I think the lack of consumers reflects how much their are low important in a desktop environment. IMHO they could be useful in a server environment, but in a desktop context i think they are very useless and an additional work that could be deleted. Best regards, Luca De Pandis ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
[OpenIndiana-discuss] Anybody using Trusted JDS/Gnome?
Hi, is anybody interested in Trusted JDS in OpenIndiana? It represents set of packages and patches I would prefer to remove from OI JDS in future because of lack of consumers. Is somebody interested in maintaing this part of system? Best regards, Milan P.S.: If you do not know what Trusted JDS is then you do not need it. ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss