pourl...@hushmail.com wrote:
...rehashed old crap...
Anyone can say, "I want a car that flies" or "I want a non-polluting
power source". There is no skill in this, by itself.
The first bit of magic is coming up with a demonstration doing it.
The next bit of magic is actually making it practical.
PaX is a marginal little demo. How many Linux distributions include
PaX? How many PaX Linux implementations have you seen in production?
SELinux is actually in a number of Linux distributions...however,
active in how many systems you have seen in production? Very few.
Why? Because they break things. For the most part, things that are
broke already, but things that people don't bother to fix.
OpenBSD implements their solutions across the board, on by default, and
as Just Works as much as the programmers can manage. You don't chose to
use X^W, it's just there. Propolice? randomizing everything you can?
It's just there. When they were first implemented, it broke a lot of
stuff. It found bugs. The bugs got fixed. That's how it has to go.
There are very few revolutionary ideas in the world, just evolutions of
previous ideas. Belief in revolutions in the computer world generally
shows an ignorance of history. We don't stand on shoulders of giants,
we see a little further by standing on their toes... (and yes, that
statement is a blatant rip-off of a blatant ripoff of ...)
The PaX and SELinux people have not finished the job. Get it in a
mainstream Linux distribution (or convince people to use your distro,
kill off the non-adopters), on by default and no easy "off" knob. Force
people to fix things. Not so you can say "we were first", but so you
can say, "we made things better than they were". All they are doing now
is saying "things COULD be better than they are now, and we talked about
it first"
"I was thinking of flying cars before you! I even figured out we can
put the propeller on the back so it doesn't obstruct the view!"
Meanwhile, at the airport...
(totally ignored in this is the AT LEAST as important "make it as good
as you can BEFORE you rely on the cool tricks to save your ass" strategy
that I don't hear anyone else making claim to. Let's not forget that
OpenBSD had a well-deserved reputation for security BEFORE Propolice,
stackghost, W^X, etc...)
Nick.