Re: [Full-disclosure] Final Penultimate last Call for Papers for CanSecWest 2011 (deadline Jan. 17th, conf March 9-11)
On Thu, Jan 13, 2011 at 1:15 PM, Dragos d...@kyx.net wrote: On 2011-01-13, at 7:31 AM, valdis.kletni...@vt.edu wrote: It was my (apparently) lame attempt at being whimsical. Should have made it I found it amusing. In fact I intend to steal it for my own uses. But maybe postpenultimate would be more less unclear. -Gregg
Re: European orders
--Original Message-- From: Daniel Seuffert Sender: owner-m...@openbsd.org I don't care what you do for a living. B If it's not enough get a job and work like anybody else. DANGER, THEO, DANGER!! This get a job stuff - it's a dastardly trick! I've tried getting a job and working like anybody else and it made me sullen and resentful - I found myself spamming open source mailing lists telling volunteers how they should spend their time and organize their projects. It was horrible! Avoid at all costs!
Re: systrace insecure [was: Re: chroot browser]
On Thu, Mar 26, 2009 at 10:12 AM, Theo de Raadt dera...@cvs.openbsd.org wrote: real; systrace does have the ability to grant root unless you build Should that read does not? the policy specifically to do such a stupid thing (actually, I am not -g
Re: System security question
On Wed, Feb 25, 2009 at 3:08 PM, Jean-Francois jfsimon1...@gmail.comwrote: Hi All, I actually built the following system : - OpenBSD running on a standard AMD platform - This box is actually used as firewall - This box is also used as webserver - This box is finally used as local shared drives via NFS file but only open to subnetwork through PF Assuming that subnetwork computers might be hacked or infected by any threat Assuming that there is no mistake in PF rules Assuming that there is nothing of a third party installed on the box (basically it's only a tuned system) - Would you please confirm that hacking is almost impossible ? - Would you confirm any personnal datas hosted on server are safe as long as the (subnet is not compromised by false manipulation of course) Assuming that your system is secure, then yes, I can confirm that your system is secure. If your real question is, is a properly configured OpenBSD system likely to be somewhat more secure than other systems, most people on the OpenBSD list would probably say probably. But asking about almost impossible is asking to be lied to - no responsible security expert would make such a claim. Impossible for whom? The NSA? What are the stakes? If you're talking about Osama's web server, then I expect it would be hacked. The best you can hope for is a high degree of confidence relative to other possible solutions. -gregg
Re: zombies - solved
On 3/12/08, Lars NoodC)n [EMAIL PROTECTED] wrote: Looking ahead, what is the timeline for moving to Apache2? Or what are the major reasons 4.3 is going to still use 1.3x? Take a look at http://nginx.net/ BSD license, seems to work, but I don't know about its security profile. I'm sure it's not as secure as the OBSD Apache, but it might be ok compared with apache2.
Re: OT: supposed advantages of threads
On 2/18/08, Geoff Steckel [EMAIL PROTECTED] wrote: This is my last posting on this, take heart. Please enlighten me if there are any -other- http://acmqueue.com/modules.php?name=Contentpa=list_pages_issuesissue_id=26 See especially Software and the Concurrency Revolution. An articulate and very readable discussion of why it's hard to do threading /with current techniques/. But they stop short of banning the practice. -g
Re: take threads off the table
On 2/17/08, Marc Balmer [EMAIL PROTECTED] wrote: Geoff Steckel wrote: Threads or any other form of uncontrolled resource sharing are very bad ideas. that might be true for those that don't understand threads. for other it can be highly benefitial. Indeed, threads are bad strikes me as just plain silly. In fact, it's not even a technical issue; anybody who thinks it is is in for a rude surprise (like, zero market share) in a few short years. It's a purely economic issue. It won't be long before all machines are multicore, multiprocessor (can one even buy a non-multicore pc any more?) and maybe even network-distributed. You invest x dollars in a y processor machine; your IT guy says I've got this really great software that's really secure, since it's single-threaded. And it's free. To which you respond so, I just spent all this money on y processors and you want me to leave y-1 of them idle? So it's not really free after all. Security? That would be great, if I had any customers, which I don't since the other guy's stuff is z times faster than yours, and it leverages his entire hardware investment. You're fired. It won't happen overnight, but happen it will, since the business decision is so blatantly obvious (you don't buy factories in order to have them sit idle.) The thing to do is not to forbid multi-threading, but to do it right. That might involve designing new languages or any number of other things, but we're not going to do multi-threading because it's risky is the fast road to obsolescence and irrelevance. my .02 -gregg
Re: A sad thread - RMS vs. OpenBSD
On 1/7/08, Floor Terra [EMAIL PROTECTED] wrote: =Offtopic== Can you recommend a book about Godel and his works? I have read A World Without Time from Palle Yourgrau and would like to learn more about his work. I'm afraid I cannot; I'm a rank amateur who couldn't possibly understand his proof without another, oh, 5 years of study. I haven't encountered Yourgrau's book; I'll look for it. I can, however, strongly decommend one book: http://www.amazon.com/Incompleteness-Proof-Paradox-Godel-Discoveries/dp/0393327604/ref=sr_1_2?ie=UTF8s=booksqid=1199761634sr=1-2 Considering the pedigree of the author, you'd expect a good read, but it's bad writing. -gregg
Re: Real men don't attack straw men
On 1/7/08, Richard Stallman [EMAIL PROTECTED] wrote: If OpenBSD does not need my endorsement, then OpenBSD developers should not need to argue with me that I owe them an endorsement. Quite right. As far as I can tell, they're not interested in your endorsement; I'm not sure what gave you the idea they are. However, they are very interested in FUD prevention, and FUD is what you get when one party tries to co-opt ordinary language for private ends. So we can hardly be surprised when they object to your characterization of their work as non-free. Such a slanderous characterization is a far cry from merely declining to endorse. Old joke: Doctor, nobody likes me! You gotta help me, you big fat slob! -gregg
Re: A sad thread - RMS vs. OpenBSD
On 1/7/08, Jona Joachim [EMAIL PROTECTED] wrote: On Mon, 07 Jan 2008 00:02:19 -0800, Reid Nichol wrote: --- Duncan Patton a Campbell [EMAIL PROTECTED] wrote: On Sun, 6 Jan 2008 22:21:14 -0500 Eliah Kagan [EMAIL PROTECTED] wrote: (There are also multiple useful, mutually-inconsistent formal systems in both fields.) Provably so? +1 I'd love an example of Math being inconsistent. Quite frankly, I'd be surprised if this is true. The following sentence is true. The previous sentence is false. Et ceci: http://en.wikipedia.org/wiki/Image:Kurt_G%C3%B6del.jpg n'est pas Kurt Godel.
Re: Richard Stallman...
On 1/7/08, Steve Shockley [EMAIL PROTECTED] wrote: nicodache wrote: I cannot anything but to appreciate and look how you are able to stay calm and polite when I read some people on this ML talking about crap, fucking duck with tape, shutting up things. I have never seen anyone on this list fuck a duck with a tape. Ever. No no, it's an idiom: fucking duck, not fuck a duck. Kinda like fuckin' A, man, only not. As in Holy fucking duck, man, did you see that!? or You're fucking duck right, I'm pissed! or I'm about ready to kick the fuckin' duck out of this goddam computer with a tape, man! Then again, maybe it was just meant as a plain epithet, as in Donald? I hate that fucking duck. I admit I'm a bit flummoxed by the tape part, though. Maybe the poster meant fucking /duct/ tape?
It's Official: NYT on open source hw
(Sorry, I deleted the original thread so here's a new one) Open Source Hardware has now been officially recognized as a phenom by the Establishment: http://www.nytimes.com/2008/01/06/business/06novel.html?ex=1357275600en=592b78a8b11af008ei=5088partner=rssnytemc=rss -g
Re: Real men don't attack straw men
On 1/5/08, Richard Stallman [EMAIL PROTECTED] wrote: Does ReactOS recommend non-free software? If so. please show me what it says, and the URL. I have a better idea. Why don't you do your own fucking homework.
Re: Real men don't attack straw men
Re: Real men don't attack straw men
On 1/5/08, Karthik Kumar [EMAIL PROTECTED] wrote: When I said everybody, I meant Everybody. Not one person. Applying the same to OpenBSD, all that the people here do is bitch about and nothing more. Yeah, I noticed that too. Why, they haven't provided me with a free upgrade for, what 2, 3 months? It's a disgrace.
Re: Real men don't attack straw men
On 1/5/08, Marco Peereboom [EMAIL PROTECTED] wrote: There is no such thing as free as in beer. This is one of the dumbest analogies I have ever heard. Who came up with it anyway? Was it the Thank you. But, like all good political slogans, it is stupid like a fox: the hucksters who push it know that most people are too stupid to stop and ask themselves whether it really means anything. Kinda like Mission Accomplished, Compassionate Conservativsm, Guns don't kill people, lead poisoning kills people, etc.
Re: Real men don't attack straw men
On 1/3/08, Richard Stallman [EMAIL PROTECTED] wrote: I'm following the same principles that I apply to others. I've explained both these principles and my actions; the readers can judge all aspects for themselves. I guess I missed the part where you explained how it makes sense to apply a label like not recommended because it supports non-free software to OpenBSD but not to FSF (emacs, etc.). You've been asked repeatedly to address the apparent inconsistencies but I haven't noticed any candid response from you. Maybe you can clarify that logic for us? Thank you, gregg
Re: Rui Miguel Silva Seabra
On 1/4/08, Rui Miguel Silva Seabra [EMAIL PROTECTED] wrote: Firstly, your accusation that I only participate in flame-wars is blatantly false. Secondly, most of my posts on the flame-wars where trying to clear-up false statements from some people. Thirdly, some of my posts on the flame-wars where trying to show how FSF's Free Software definition is the same as BSD's. Finally, the rudeness of some people who only resort to insults and false accusations is appalling. I expected better from people who develop such an awesome OS. I thought the comedy writers were on strike. Does the union know you're peddling jokes on [EMAIL PROTECTED] I find your writing enormously entertaining, in general, but I don't want you to get in trouble on your day job.
Re: Rui Miguel Silva Seabra
On 1/4/08, Rui Miguel Silva Seabra [EMAIL PROTECTED] wrote: Yet, I'm the asshole ? Will wonders never cease? You got it right for once. Congrats! Now quit while you're ahead.
Re: Real men don't attack straw men
On 1/3/08, Siju George [EMAIL PROTECTED] wrote: The wget he uses is worse. You can download any non-free software with it and it does not warn the user at all!!! And electricity! I'm pretty sure (unless I'm misinformed) he uses electricity provided by plants and distribution systems that are controlled by non-free software! And it can be used to run non-free software! I don't see how that can be considered anything but a plot to steal our freedom! Sorry. I can't help myself. I blame my non-free software for allowing me to read sorry-ass threads like this.
CERT Secure Coding Standards
https://www.securecoding.cert.org/confluence/display/seccode/CERT+Secure+Coding+Standards Looks pretty good to me, but it's beyond my competence to judge. I'd be very interested in what experienced OBSD developers make of it. I've always kinda wished they would put together a guide to secure/quality coding (yes, I'm lazy); maybe the CERT stuff is close enough? Thanks, gregg
Re: Straw men (Straw women too thx Hannah)
On 12/17/07, Fergus Wilde [EMAIL PROTECTED] wrote: To: Santa, The North Pole (next to Superman's house) Dear Santa, I am a poor kid from England and what I really, really want for Christmas is for this thread to end. Love to Rudolph and the elves, Fergus (age 45) Dearest little Fergie Consider it done! This and all related threads will end Dec 25, 2011. -Santa
Re: rhetorical strategies
On 12/17/07, Rui Miguel Silva Seabra [EMAIL PROTECTED] wrote: Free Software as Richard Stallman uses the term is BSD. http://www.gnu.org/philosophy/free-sw.html Uh-huh. Sure. Whatever. Z. From the above-mentioned url: In the GNU project, we use copyleft to protect these freedoms legally for everyone. That's all that matters - lose the GPL (a legal instrument) and the rest is hot air and hand-waving. The point of my original post was to suggest language that cuts out the hot air. The GPL is only one example of covenanted software; there are many similar legal instruments, and we are all free to write and offer our own covenants. There's nothing wrong with covenanted software. The problem is the claim that freedom is /only/ possible via covenant licenses. That's hot air based on a philosophy that wouldn't last 10 seconds in a graduate-level seminar at a third-rate university. To put another way, Stallman's pitch is something like Freedom freedom blah blah, therefore GPL. I prefer something more straightforward like use a convenant license if you want others to give you something in return for your code; use a laissez-faire license if you don't want anything in return; if you want instruction on freedom, try Plato, Augustine, Hobbes, Hume, Rousseau, Jefferson, Bentham, Austin, Hart, etc. Stallman, if you really think he belongs in that company. Pretty simple. The nice thing about OBSD is that in general it makes no grandiose claims about the nature of freedom or the community or protecting our freedoms from various boogey-men. The nice thing about the term laissez-faire is that it derives directly from a long tradition of political and economic thought that has made a major contribution to the construction of societies whose citizens enjoy a great deal of practical freedom. You know, rule of law, private property, the right to enter into contracts, personal privacy, little stuff like that. That's where freedoms, rights, justice, etc. come from. Neither the GPL nor any other legal instrument has the power to affect those things in any way. The government is another story; had RMS spent more time trying to bring sanity to the US laws governing IP instead of pushing amateur philosophy he probably would have made a lot more progress in expanding the free software space. FWIW, I'm profoundly uninterested in debating the merits of your/rms' notion of freedom. I'm only posting to try to clarify my goal. You can educate yourself, I don't have time to do it for you. Start with the Stanford Encyclopedia of Philosophy (online). You might not like it though. You may find it necessary to think Real Hard to understand such stuff.
Re: Real men don't attack straw men
On 12/16/07, David H. Lynch Jr. [EMAIL PROTECTED] wrote: ... Distribute: 4) To pass out or deliver. By providing URL's in its ports system, OpenBSD distrubutes - passes out/delivers, the items pointed to by the URL's. Some of them are non-free. Dude, you're a comic genius! Absolutely brilliant, I tell ya! You touring any time soon? I'd love to catch your live act. All the other messages on this thread - they're so serious! Ugh - no-funners! But your posts are another story altogether - I'm always eager for another dose of your astonishlngly subtle and witty satire. I'm sure I speak for just about everybody - even people who are not subscribed to @misc - when I say: Thanks for brighten upping my day! Gratefully, -gregg
Re: Play Nice - Real men don't attack straw men (Theo)
On 12/15/07, David H. Lynch Jr. [EMAIL PROTECTED] wrote: If I wrote a a BSD Licensed program to mailbomb jews. Would that be acceptable within ports ? Well now, this brings up an interesting point of jurisprudence. To wit: does Godwin's Law apply here? One might argue that it only kicks in at explicit mention of Hitler or the Nazis, but I'm inclined to think that tasteless references to antisemitic pogroms are also covered. I mean, mailbombing Jews - Hitler would've loved that! If I'm right, we can all now safely disregard further contributions from Herr Lynch.
Re: rhetorical strategies
On 12/15/07, Gregg Reynolds [EMAIL PROTECTED] wrote: An advantage of the term covenanted software is that it is not likely to be construed as necessarily a negative term, and hence might be acceptable to RMS et al. A related but less charitable term: cultic. Others: the GPL Compact; communitarian. Etc. Anything would be preferable to free. Something a little more fun and vivid just occurred to me for GPL, which contrasts more cleanly with laissez-faire: l'itat, c'est moi software Louis XIV (quatorze) software (or: Gnuouis XIV, gnoowee quatorze?) Since, like the Sun King, the FSF, absolute monarch, thinks everything should revolve around it, like planets around the sun. ;) -g
rhetorical strategies
It all boils down to language and rhetorical strategy. rms claims that OBSD encourages the use of non-free software. The OBSD folks consider that incorrect and slanderous. Instead of tis so - tis not argumentation, I propose a search, not for agreement, but for clear, simple, and pragmatic language. I propose the following terms, gory details and rationale following: laissez-faire software - for bsd-style licensing covenanted software - for gpl stuff exclusivist licensing - proprietary, but paying customers get access to source usufruct licensing - for standard, no-source proprietary sw; usufruct is the legal right to use and derive profit or benefit from property that belongs to another person, as long as the property is not damaged. By now it's painfully obvious that the terms free and non-free are (ab)used so often because they are semantically hollow and can be hammered into any shape you please. So you end up with lots of when I say free, I mean ...; a dissertation ensues, no two people agree on the meanings, and everybody gets all excited when in fact they're not even talking about the same thing. Once open-source enters the picture language becomes even less reliable. Try explaining the difference between free and open-source to the average non-geek and be rewarded with an indulgent chuckle and the equivalent of that's nice. you kids have fun, now. Then you get the hucksters selling libre, as if that comes with some special semantic sauce that will keep your goulash bug-free. Enough already. Rhetorically, the language of free software is rms' home turf. For better or for worse, many people look to him for the definition of free. So if you engage in the mine's freer than yours debate, you're fighting him where he is most comfortable and powerful, and you're probably going to lose and get very pissed off in the process. He's a very, very clever rhetorician, after all. The trick is to reframe the debate away from the mystical goo-goo to simple and pragmatic interests and language. The core issue is licensing and its attendant legal obligations and dispensations. Not freedom and certainly not Freedom; without the licenses and legal systems, all the talk about freedom is just hot air. The nature of freedom has been debated for thousands of years and we still can't agree, but everybody understands compulsion and the law. Law, not sermonizing, is what makes freedom, and nobody needs to be told what freedom is; we're all capable of judging whether a legal instrument leaves us free or bound. So what's needed is simple but expressive language that clarifies the fundamental pragmatic differences between the GPL and BSD worlds. Then rms could decline to recommend OBSD, but could explain his reasons without slandering OBSD. My best shot: For GPL-licensed software I recommend the term covenant(ed) software. So-called free software, as rms uses the term, is totally dependent on the GPL, which leverages the State's monopoly on violence to compel modifiers of the software to offer their mods to the public. However, nobody can be compelled to use or modify GPL software; hence the term covenanted, which is intended to convey the essential nature of the GPL as a kind of voluntary contractual agreement, as it were. If somebody asks What is the GPL? the simple answer a kind of covenant; you can enter into it but you have to agree to its rules just about says it all. Nothing wrong with the GPL; what's wrong is the claim that it - and only it - is some kind of cornerstone of f(F)reedom. Look carefully and you see that the freedom rms talks about seems to be some kind of magical humour that circulates only amongst those who agree to enter into the GPL covenant. But whether GPL acolytes feel a little thrill of freedom juice coursing through their souls as they work on their software or not is utterly irrelevant; what matters is the law. An advantage of the term covenanted software is that it is not likely to be construed as necessarily a negative term, and hence might be acceptable to RMS et al. A related but less charitable term: cultic. Others: the GPL Compact; communitarian. Etc. Anything would be preferable to free. For BSD-style licensing I recommend the term laissez-faire software. I reckon I needn't go into the rationale for this terminology on this list. One might argue that any licensed product involves a covenant of some kind, but I'm not sure I would agree. To me a covenant involves some kind of positive obligations and a formally/legally defined community, but I see OBSD licensing as essentially negative, like any good law - you don't have to enter into any covenant or formal community, you can do what ever you want with my software, but don't claim you wrote it, etc. (I think that's good.) Laissez-faire strikes me as a near perfect fit for OBSD, but I'm undecided as to whether non-covenanted fits. I recommend avoiding the term non-free software like the
Re: Real men don't attack straw men
On 12/14/07, Richard Stallman [EMAIL PROTECTED] wrote: ... People already know about non-free systems such as Windows, so it is unlikely that the mention of them in a free package will tell them about a system and they will then switch to it. Also, switching operating systems is a big deal. People are unlikely to switch to a non-free operating system merely because a free program runs on it. Quite right; they're more likely to stay with the non-free system, since the kind people at the FSF have helped make such useful free packages run on it. Thus, the risk of leading people to use a non-free system by making a free program run on it is small. However, it is our practice when That's one risk; the flip side is the risk of preventing people from exploring free systems by making the non-free systems so cozy. Is this hard? From where I sit, few people do more than the FSF to minimize the cost of staying with non-free systems. If all free software developers were to follow the lead of emacs, nobody would have any reason to switch from proprietary systems - everything useful would just run on windows, or osx, so why bother switching? doing this to remind people that the non-free system is unethical and bad for your freedom. If the pages about the Emacs binaries for Windows don't say this, I'll make sure to add it. Maybe you should consider doing this sort of thing (including, say, checking the license on SSH before declaring it GPL-incompatible - the as far as I know prophylactic is weak at best and disingenuous at worst) before lecturing the world on ethics. You know, physician, heal thyself? One might argue that is extremely unethical to declare that System X encourages non-free software while presiding over an organization that goes to such lengths to make non-free software useful. Sort of like campaigning for women's rights while beating one's wife. FWIW, I not fanatical about either side, and the ad hominem attacks appall me; I'm just very surprised (and discouraged) by what I see as the fundamental inconsistencies in your position, to the point where I have to wonder what your real purpose is. Sincerely, gregg
Re: Real men don't attack straw men
On 12/14/07, Richard Stallman [EMAIL PROTECTED] wrote: whether that involves changes to the code. When I say relicensing I mean distributing the code with another license applied. That doesn't mean deleting the old license. That's a useful distinction, but I suggest you find a different term, since, as I'm sure you are aware, this is not how the prefix re works in English, so you readers will almost certainly not understand your intended meaning. Maybe surlicensing, or epilicensing or something even more impressively latinate, like licentia auxillia (pun intended).
Re: Real men don't attack straw men
On 12/13/07, Richard Stallman [EMAIL PROTECTED] wrote: ... Even giving the URLs has the effect of referring people to those non-free programs. It gives those non-free programs legitimacy, and thus contradicts the idea that software should be free. Dadgummit! Now we're going to have to tell everybody to stop using emacs! I hate that, since I love using emacs! But I had no idea that the FSF was leading me into software slavery! Look! http://ftp.gnu.org/pub/gnu/emacs/windows/! And can you believe the README? This directory contains source and precompiled distributions for GNU Emacs on Windows NT/2000/XP and Windows 95/98/Me. This port is a part of the standard GNU Emacs distribution from the Free Software Foundation; the precompiled distributions are provided here for convenience since the majority of Windows users are not accustomed to compiling programs themselves. I just can't believe it. I'm crushed - crushed, I tell you! - to discover that the great Richard M. Stallman and his FSF have been actively encouraging me all these years to imperil the very foundations of a free society - not to mention the moral purity of my immortal soul! - by using non-free software. It would be bad enough if they had only provided a url, but - a precompiled binary? O misery! O shame! O, betrayal!
Re: Real men don't attack straw men
On 12/13/07, Theo de Raadt [EMAIL PROTECTED] wrote: Please see http://www.gnu.org/software/emacs/windows/faq2.html And ftp://ftp.gnu.org/gnu/emacs/windows/ Not to mention: http://directory.fsf.org/project/reactOS/ - ReactOS is a project to create a free operating system that is compatible with Windows NT so users can have access to a free operating system but still run their favorite Windows PC programs and drivers. http://directory.fsf.org/project/Windows32API/ - It is a set of header files and import libraries that can be used by GNU tools for compiling and linking programs to be run under operating systems supporting the Win32 Application Programming Interface. http://directory.fsf.org/project/gtmess/ - gtmess is a console MSN Messenger client for GNU/Linux and other systems that conform to the POSIX standard. It supports the MSNP9 protocol version. http://directory.fsf.org/project/macssh/ ...This is a Macintosh version for SSH. http://directory.fsf.org/project/djgpp/ Complete 32-bit C/C++ development system for Intel 80386 (and higher) PCs running DOS. Etc. etc. etc. - it's all over the place. If the cygwin stuff (dunno if it is or not) is merged into the main source repository, then we can assume that virtually every piece of GNU code has been designed to work with windows, so it can't be recommended. Thus does the revolution devour its children. Given the plain weirdness of the arguments Richard Stallman has been making, maybe we should consider the possibility that we've been had by an impostor trying to get a rise out of the OBSD crowd. ;) If not, then the interesting question is, why is he doing this, really? All the pronouncements about freedom, and the Important Life Lessons about how mentioning a thing is tantamount to endorsing it - it just doesn't add up, it's too silly. I wonder what the real agenda is. -gregg
Re: Could Hiawatha replace Apache as in base HTTP server if it's license changed?
On 12/7/07, Andris [EMAIL PROTECTED] wrote: Here is two messages from Hugo Leisink (Hiawatha developer). You'll First of all, you have to take a look at the webserver market. You use Apache, IIS, Lighttpd or you don't use anything at all. If you want Ok, I'll take the bait: http://wiki.codemongers.com/Main Dunno how secure it is, though. (I liked the part about how it's important to lie in order to get market share. You have to give him credit for honesty!) -g
Re: Formal verification as another tool for ensuring OpenBSD quality
On 11/20/07, Andris [EMAIL PROTECTED] wrote: Hi, I have read about formal verification, and it sounds like a perfect tool to outreach the project goals. I'm pretty sure developers know about it, so I'd like to read comments or opinions. You'll want to check out the Z specification language. It's a work of art. The ISO standard is available online, but it would probably be heavy sledding for a newcomer, so you should start with an intro. There are a number of open source tools (dunno about the licensing.) My guess is knowledge of formal methods is quite rare even among the development cognoscenti. It's hard enough to find time to learn functional languages like haskell or ml; formal methods is a whole 'nother area. UML is widely known, but as a formal language, well, let's just say Z makes it look like an amateur hack. Ditto for xml schema. Even without formal (automated) verificiation, proof etc. formal notations are absolutely terrific for documenting specifications. Usually that means system specs, but once upon a time I did quite a bit of work trying to specify a typesetting language in Z - syntax and formal semantics. Never got around to writing it out (too lazy, er, busy), but I could see how it could be done, and Z provided a clarity that allowed me to think about the problems far more rigorously and with far more nuance than would otherwise have been possible. Recently I discovered the W3C tried to use Z to specify one of their languages, but I forget which. -Gregg
Re: Formal verification as another tool for ensuring OpenBSD quality
On 11/20/07, Andris [EMAIL PROTECTED] wrote: Hi, I have read about formal verification, and it sounds like a perfect tool to outreach the project goals. I'm pretty sure developers know about it, so I'd like to read comments or opinions. Some Z links: The original de facto manual, outdated but still very useful and readable: http://spivey.oriel.ox.ac.uk/mike/zrm/index.html Jacky's book is excellent, but not free. ISO Spec (note the small print, which contains a link to the free download): http://www.iso.org/iso/iso_catalogue/catalogue_tc/catalogue_detail.htm?csnumb er=21573 Actually the easy way to do this is: http://www.bibsonomy.org/user/mobileink/Z I'm digging around at http://vl.zuser.org/#tools and I find many of the free tools are a) written in Java, and b) GPL licensed. So there's a good OBSD project, implement some Z tools. ;) However, HOL, which is used by some Z tools, is BSD licensed: http://hol.sourceforge.net/ As is the Glasgow Haskell Compiler. Anyway, the main practical benefit of Z for OBSD would probably be e.g. for documenting NICs or the like. Formal specification, validation, etc. for e.g. cryptographic stuff would be great, but also a huge amount of work. Even then, if the implementation language is C, then the code will be beyond formal analysis; you'd have to use an implementation language that supports formal reasoning, like haskell. Not to mention, you'd have to prove that your compiler works correctly. -gregg
Re: cp(1) bug ?
On 10/19/07, Ted Unangst [EMAIL PROTECTED] wrote: On 10/19/07, Aaron W. Hsu [EMAIL PROTECTED] wrote: From: Tom Van Looy [EMAIL PROTECTED] Date: Fri, 19 Oct 2007 20:21:56 + Subject: Re: cp(1) bug ? it shall do nothing more with source_file and shall go on to any remaining files. Doesn't this mean that cp should not do anything when, for example, the following command is run? $ cp -R foo foo/ no, because that section is talking about files, not directories. A directory is a kind of file: file An object that can be written to, or read from, or both. A file has certain attributes, including access permissions and type. File types include regular file, character special file, block special file, FIFO special file and directory. Other types of files may be supported by the implementation. -g
Re: Tackilng multiple versions of autoconf
On 10/16/07, Douglas A. Tutty [EMAIL PROTECTED] wrote: This isn't a problem. The OP seems to think it is or he (she?) wouldn't waste his time emailing the list or making an offer to a considerable amount of work to fix it. Rather than just dissing him, why not enlighten us as to why That wasn't a diss, it was a statement of fact. A diss would be This isn't a problem, you big fat slob. It's not a problem because the autotools tools are designed that way. You can't control what versions of what a particular autoconfiscated package will use. So an autotools upgrade doesn't affect previously installed versions. If you try ./configuring something that needs an older version it will tell you, so you can install the older version, set an env var (I think, it's been a while), and do the build. -g
Re: OpenBSD sticker considered cool by a layman
On 9/29/07, Otto Moerbeek [EMAIL PROTECTED] wrote: On Sat, 29 Sep 2007, Karel Kulhavy wrote: Personally, the feeling or message I am getting from these stickers is we're not sloppy, we want to do everything well, including graphics design. In marketing terms, it makes an impression that OpenBSD has a good corporate identity (http://en.wikipedia.org/wiki/Corporate_identity). Speaking as an OpenBSD developer, I can assure you that OpenBSD would become much less attractive to spend time on if it was run like a company. I think what we produce (software and and other stuff) is high quality because we like what we do. good corporate identity != run like a corporation The corporate in corporate identity should be taken literally. Or rather, the metaphor should be divested of any associations with private, profit-seeking organizations. A good corporate identity is about clarity of message; there's no reason that message can't be what OpenBSD is really about. In my view OpenBSD has an excellent identity and message - clear, narrow focus on a small and easily understandable set of concepts (security by default, unencumbered, quality, etc.) and a variety of well-designed and executed graphic images unified by a well-chosen icon. In fact the great virtue of that is that it obviates the need for top-down discipline in getting the message out. Anybody who wants to evangelize the unwashed will have no problem figuring out what message to convey. No reason to fear that. -g
Re: Does OpenBSD support Hebrew?
On 9/24/07, Christian Weisgerber [EMAIL PROTECTED] wrote: Aaron W. Hsu [EMAIL PROTECTED] wrote: I am willing to guess that with something like Hebrew, OpenBSD has all the necessary support for the system, but, most common applications do not have support for the right-to-left way of writing. Well, do you consider, say, ksh and vi as part of the system or as common applications? What about wscons? Does a Hebrew VT220 change writing direction? http://mlterm.sourceforge.net/ vim supports right to left layout and Arabic shaping, but without Unicode semantics for number strings, so you kinda have to know what you're doing if you're going to use it to edit text with number strings. emacs has had an implementation of r-t-l for years, waiting for somebody to test/debug. A good resource for this sort of thing is arabeyes.org. Their focus is Arabic but they try to accomodate any r-t-l language, including Hebrew (in general, if it supports Arabic, it supports Hebrew). They also stick to technology. -gregg
ath5k license revised
http://marc.info/?l=linux-wirelessm=118857712529898w=2
Re: That whole Linux stealing our code thing
On 9/2/07, Dave Anderson [EMAIL PROTECTED] wrote: IIRC this is true for any country which has adopted the Berne Convention, which is currently almost every country which has any copyright law in place. It includes the U.S. Yes. For the dimwits pontificating on this useless thread who can't be bothered to check facts on their own, here's the relevant text (http://www.copyright.gov/circs/circ1.html): Copyright protection subsists from the time the work is created in fixed form. The copyright in the work of authorship immediately becomes the property of the author who created the work. Only the author or those deriving their rights through the author can rightfully claim copyright... The way in which copyright protection is secured is frequently misunderstood. No publication or registration or other action in the Copyright Office is required to secure copyright. The use of a copyright notice is no longer required under U.S. law, ... Use of the notice may be important because it informs the public that the work is protected by copyright, identifies the copyright owner, and shows the year of first publication. Furthermore, in the event that a work is infringed, if a proper notice of copyright appears on the published copy or copies to which a defendant in a copyright infringement suit had access, then no weight shall be given to such a defendant's interposition of a defense based on innocent infringement in mitigation of actual or statutory damages... Copyright is a personal property right,... Any or all of the copyright owner's exclusive rights or any subdivision of those rights may be transferred, but the transfer of exclusive rights is not valid unless that transfer is in writing and signed by the owner of the rights conveyed or such owner's duly authorized agent. Transfer of a right on a nonexclusive basis does not require a written agreement. Transfers of copyright are normally made by contract... In general, copyright registration is a legal formality intended to make a public record of the basic facts of a particular copyright. However, registration is not a condition of copyright protection... I had thought that the only remedy against infringement is legal action by the injured party. Law enforcement doesn't get involved, normally, since it's a civil matter. However, it turns out that isn't quite true. Check this out (http://www.copyright.gov/title17/92chap5.html): (c) Fraudulent Copyright Notice. - Any person who, with fraudulent intent, places on any article a notice of copyright or words of the same purport that such person knows to be false, or who, with fraudulent intent, publicly distributes or imports for public distribution any article bearing such notice or words that such person knows to be false, shall be fined not more than $2,500. (d) Fraudulent Removal of Copyright Notice. - Any person who, with fraudulent intent, removes or alters any notice of copyright appearing on a copy of a copyrighted work shall be fined not more than $2,500. That's criminal infringement, folks. A federal crime. From which we can conclude, among other things: 1) appearance of the copyright _notice_ on BSD or any other code is irrelevant. The creator owns the copyright from the get-go. Removing a copyright notice has no legal effect, although it's easy to imagine a practical effect, to wit, a good lawyer could use it to show malice and win a larger settlement. Although it's possible that licensing terms affect this; this is where we should all shut up and ask Real Lawyers. 2) nonexclusive transfer of rights is normally a matter of contract law; however, my understanding is whether software licensing falls under contract law is a murky area in the law right now. 3) the original author of the code in question might well be able to seek criminal charges against the people who removed the license. This Rui is obviously a troll; can we please stop taking the bait and bring this thread to a close?
Re: That whole Linux stealing our code thing
On 9/1/07, Theo de Raadt [EMAIL PROTECTED] wrote: In the case of the later 3 files, their copyright notice says: at your choice you may distribute under the terms of the BSD license or under the terms of the GNU GPL v2 So if they chose to distribute those 3 files under the terms of the GNU GPL v2, it is correct to change the copyright notice of those three files alone in order to remove a license that the distributor chose not to use anymore. Not exactly. I won't quote from the GPL again, but even the GPL has a paragraph about this. You must pass on the rights you received. The GPL says that passing on only a selection of rights is not fair. Don't trust my words, though, go read the GPL yourself. One of the really fascinating aspects of this whole thing, at least to someone with a classic liberal arts education, is how poorly technical people often perform when faced with natural language text. Not all of them, obviously, but it's amazing how often it happens, even with people whose high intelligence is indisputable. You see the full panoply of logical fallacy at work. They try to do things they would never try with technical specs. For example, you may choose a license for distribution. There seems to be an overpowering urge among some to read this as you may may choose a license for removal. This is an obvious non sequitur. The reasoning seems to be something like premise a: you may choose BSD or GPL premise b: you may distribute under your chosen license conclusion: therefore you may distribute without the other license Fallacy of Equivocation: use of a term with two or more meanings, as in, using distribute to mean alter, or taking choose A to mean remove B. Fallacy of Illicit Process: a term in the conclusion has a wider extension than in the predicate (i.e. going from some lawyers are cheats to all lawyers are X); this non sequitur doesn't quite fit the definition, but it does involve similar chicanery, going from choose A to choose A and remove B. I'm sure this bit of faulty reasoning commits a few other fallacies as well. In any case, it's amazing how many technical people are willing to take OR as a synonym for EXCLUSIVE OR. The only way this will get clarity in the end is in the courts. In this case, the people pulling these shenanigans - possibly including the FSF - richly deserve the RIAA treatment. Maybe the foundation should create a fund for defending the license.(And I'm not even religious about this stuff - it just really irks may that these people pontificating about freedom are willing to behave so selfishly and disingenuously. And illegally.) -gregg
Re: That whole Linux stealing our code thing
On 9/1/07, David H. Lynch Jr. [EMAIL PROTECTED] wrote: FSF/GPL licenses grant you the freedom to do almost anything EXCEPT convert GPL'd code to proprietary code. BSD/ISC Licenses claim to be Totally Free - specifically because you can convert the code to proprietary code. You could not be more wrong, I think. Seems to me the BSD license is designed precisely to prevent this. Granting of rights != transfer of ownership. You can _use_ BSD-licensed code in a proprietary product; that does not mean you have a proprietary claim on the BSD-licensed code. That's the point of requiring that the copyright/license notice be retained. There is no conversion to proprietary code here. In this respect GPL and BSD are in complete agreement. The difference is in the obligations they impose on the licensee regarding use. BSD imposes one simple negative condition - you /must not/ remove the license. GPL imposes a more complex set of positive conditions - you /must/ make alterations available under the same license. In neither case does ownership enter the picture. Copyright law goes back centuries, contract law goes back to the Romans. There's more than meets the eye there; common sense interpretations uninformed by some degree of awareness of the legal traditions - as in, I don't see anything in there that says I can't do X is almost certain to be wrong. IANAL, though. Talk to one of them if you really have a burning desire to understand all this. Even then, only the courts can settle the matter. -Gregg
code analysis tools
Hi, I wonder if the OpenBSD developers have a favored set of tools for C code analysis. E.g. the kind of stuff listed at http://www.spinroot.com/static/. Esp. stuff like http://spinroot.com/uno/. Are such tools used in OpenBSD code audits? Also, what about automatic code documentation tools (for lack of a better term)? This kind of stuff: http://en.wikipedia.org/wiki/Comparison_of_documentation_generators. I'm interested because I think OpenBSD is a terrific development platform, number one, and number two, I'd like to follow the code development practices of OpenBSD. Thanks, Gregg
Re: code analysis tools
Clarification: I'm mostly interested in source browser tools (e.g. cscope, e/t/gtags, global, etc.) or whatever can help a developer understand unfamiliar source code in the shortest possible time. Is there a preferred tool among OpenBSD developers? On 3/26/07, Gregg Reynolds [EMAIL PROTECTED] wrote: Hi, I wonder if the OpenBSD developers have a favored set of tools for C code analysis. E.g. the kind of stuff listed at http://www.spinroot.com/static/. Esp. stuff like http://spinroot.com/uno/. Are such tools used in OpenBSD code audits? Also, what about automatic code documentation tools (for lack of a better term)? This kind of stuff: http://en.wikipedia.org/wiki/Comparison_of_documentation_generators. I'm interested because I think OpenBSD is a terrific development platform, number one, and number two, I'd like to follow the code development practices of OpenBSD. Thanks, Gregg
Re: code analysis tools
On 3/26/07, Nick ! [EMAIL PROTECTED] wrote: OpenBSD... does not work like that. What made you decide it is a terrific development platform? You do not even understand it's philosophy. I understand the Standard Response to that would be RTFM. But that would be unhelpful, and even worse, rude. So please see item one (and most of the others) at http://www.openbsd.org/goals.html, and once you've mastered that, see http://www.openbsd.org/papers/asiabsdcon07-development/index.html. Thanks very much for your helpful pointers. Please do not feel obligated to respond.
Re: code analysis tools
On 3/26/07, Tobias Ulmer [EMAIL PROTECTED] wrote: lint(1), gcc-local(1) style(7) may be worth reading... Thank you; I didn't know about those man pages; I'll have to dig around and find what other similar pages are there. OpenBSD's documentation is pretty amazing. -gregg
Re: code analysis tools
On 3/26/07, Marco Peereboom [EMAIL PROTECTED] wrote: ectags ctags cscope All work fine within emacsOS and vim. http://fxr.watson.org/ is invaluable too. I see GNU Global does something similar: http://www.tamacom.com/tour.html. Ever looked at it? BTW I plan to write up a paper or guide on tools and resources for development on OpenBSD with this info. Thanks, -gregg
