Re: [openbsd] fwd: [deraadt@cvs.openbsd.org: http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability/]

classic Classic list List threaded Threaded
11 messages Options
Reply | Threaded
Open this post in threaded view
|

Re: [openbsd] fwd: [deraadt@cvs.openbsd.org: http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability/]

pourlori
Hello misc,

I was wondering if these accusations against OpenBSD were true,
I doubt he is lying, maybe he is just not telling the whole truth.

http://www.uaoug.org.ua/archive/msg01088.html

The first part is irrelevant, Linux may have implemented the sysctl
switch before OpenBSD.
However, their min_map_addr was set to 0 by default for a long
time. Which did lead to vulnerabilities in Linux.

"hey keep coming up with the same exact "innovations" others came up
with years before them.  Their official explanation for where they
got the W^X/ASLR ideas was a drunk guy came into their tent at one
of
their hack-a-thons and started talking about the idea.  They had
never heard of PaX when we asked them in 2003."

I do not wish to begin a troll-like thread, I just want the truth.

Regards.

Michel Antoine
User

Reply | Threaded
Open this post in threaded view
|

Re: [openbsd] fwd: [deraadt@cvs.openbsd.org: http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability/]

E.T-3
Quote from theo :

- " our kernels have no bugs "


On Tue, 22 Jun 2010 21:26:18 +0200, [hidden email] wrote:

> Hello misc,
>
> I was wondering if these accusations against OpenBSD were true,
> I doubt he is lying, maybe he is just not telling the whole truth.
>
> http://www.uaoug.org.ua/archive/msg01088.html
>
> The first part is irrelevant, Linux may have implemented the sysctl
> switch before OpenBSD.
> However, their min_map_addr was set to 0 by default for a long
> time. Which did lead to vulnerabilities in Linux.
>
> "hey keep coming up with the same exact "innovations" others came up
> with years before them.  Their official explanation for where they
> got the W^X/ASLR ideas was a drunk guy came into their tent at one
> of
> their hack-a-thons and started talking about the idea.  They had
> never heard of PaX when we asked them in 2003."
>
> I do not wish to begin a troll-like thread, I just want the truth.
>
> Regards.
>
> Michel Antoine
> User

--
@plus

Reply | Threaded
Open this post in threaded view
|

Re: [openbsd] fwd: [deraadt@cvs.openbsd.org: http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability/]

Aaron Glenn
In reply to this post by pourlori
On Tue, Jun 22, 2010 at 7:26 PM,  <[hidden email]> wrote:
>
> I do not wish to begin a troll-like thread, I just want the truth.

yes you do; no you don't.
no one cares; please go away.

Reply | Threaded
Open this post in threaded view
|

Re: [openbsd] fwd: [deraadt@cvs.openbsd.org: http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability/]

Nick Holland
In reply to this post by pourlori
[hidden email] wrote:
...rehashed old crap...

Anyone can say, "I want a car that flies" or "I want a non-polluting
power source".  There is no skill in this, by itself.

The first bit of magic is coming up with a demonstration doing it.

The next bit of magic is actually making it practical.

PaX is a marginal little demo.  How many Linux distributions include
PaX? How many PaX Linux implementations have you seen in production?

SELinux is actually in a number of Linux distributions...however,
active in how many systems you have seen in production?  Very few.

Why? Because they break things.  For the most part, things that are
broke already, but things that people don't bother to fix.

OpenBSD implements their solutions across the board, on by default, and
as Just Works as much as the programmers can manage.  You don't chose to
use X^W, it's just there.  Propolice?  randomizing everything you can?
It's just there.  When they were first implemented, it broke a lot of
stuff.  It found bugs.  The bugs got fixed.  That's how it has to go.

There are very few revolutionary ideas in the world, just evolutions of
previous ideas.  Belief in revolutions in the computer world generally
shows an ignorance of history.  We don't stand on shoulders of giants,
we see a little further by standing on their toes...  (and yes, that
statement is a blatant rip-off of a blatant ripoff of ...)

The PaX and SELinux people have not finished the job.  Get it in a
mainstream Linux distribution (or convince people to use your distro,
kill off the non-adopters), on by default and no easy "off" knob.  Force
people to fix things.  Not so you can say "we were first", but so you
can say, "we made things better than they were".  All they are doing now
is saying "things COULD be better than they are now, and we talked about
it first"

"I was thinking of flying cars before you!  I even figured out we can
put the propeller on the back so it doesn't obstruct the view!"
Meanwhile, at the airport...

(totally ignored in this is the AT LEAST as important "make it as good
as you can BEFORE you rely on the cool tricks to save your ass" strategy
that I don't hear anyone else making claim to.  Let's not forget that
OpenBSD had a well-deserved reputation for security BEFORE Propolice,
stackghost, W^X, etc...)

Nick.

Reply | Threaded
Open this post in threaded view
|

Re: [openbsd] fwd: [deraadt@cvs.openbsd.org: http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability/]

pourlori
In reply to this post by pourlori
On Tue, 22 Jun 2010 21:39:10 +0200 Aaron Glenn
<[hidden email]> wrote:
>On Tue, Jun 22, 2010 at 7:26 PM,  <[hidden email]> wrote:
>>
>> I do not wish to begin a troll-like thread, I just want the
>truth.
>
>yes you do; no you don't.
>no one cares; please go away.

You are wrong, if you are unable to reply properly to my request,
go away.
I don't know, go out, do some sports.
Didn't you just want to appear on misc@, if not you would not have
kept misc in the discussion.

There will always be OpenBSD haters, I want to be able to have a
constructive, fact based discussion with them.
Staying ignorant and saying "go away" just prove yourself ignorant
and childish.

If someone HAS valuable information, they can reply directly,
without replying to misc. Thank you.

Reply | Threaded
Open this post in threaded view
|

Re: [openbsd] fwd: [deraadt@cvs.openbsd.org: http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability/]

STeve Andre'
On Thursday 24 June 2010 12:52:35 [hidden email] wrote:

> On Tue, 22 Jun 2010 21:39:10 +0200 Aaron Glenn
>
> <[hidden email]> wrote:
> >On Tue, Jun 22, 2010 at 7:26 PM,  <[hidden email]> wrote:
> >> I do not wish to begin a troll-like thread, I just want the
> >
> >truth.
> >
> >yes you do; no you don't.
> >no one cares; please go away.
>
> You are wrong, if you are unable to reply properly to my request,
> go away.
> I don't know, go out, do some sports.
> Didn't you just want to appear on misc@, if not you would not have
> kept misc in the discussion.
>
> There will always be OpenBSD haters, I want to be able to have a
> constructive, fact based discussion with them.
> Staying ignorant and saying "go away" just prove yourself ignorant
> and childish.
>
> If someone HAS valuable information, they can reply directly,
> without replying to misc. Thank you.

The fact of the matter is that N groups of people can think of much
the same things quite independantly of one another.  This being the
case, trying to claim 'we did it first!' is much like digging a hole in
water.  It's great exercise, amsuing for others to watch, but utterly
useless.

--STeve Andre'

Reply | Threaded
Open this post in threaded view
|

Re: [openbsd] fwd: [deraadt@cvs.openbsd.org: http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability/]

bitfrost
2010/6/24 STeve Andre' <[hidden email]>

>
> On Thursday 24 June 2010 12:52:35 [hidden email] wrote:
> > On Tue, 22 Jun 2010 21:39:10 +0200 Aaron Glenn
> >
> > <[hidden email]> wrote:
> > >On Tue, Jun 22, 2010 at 7:26 PM,  <[hidden email]> wrote:
> > >> I do not wish to begin a troll-like thread, I just want the
> > >
> > >truth.
> > >
> > >yes you do; no you don't.
> > >no one cares; please go away.
> >
> > You are wrong, if you are unable to reply properly to my request,
> > go away.
> > I don't know, go out, do some sports.
> > Didn't you just want to appear on misc@, if not you would not have
> > kept misc in the discussion.
> >
> > There will always be OpenBSD haters, I want to be able to have a
> > constructive, fact based discussion with them.
> > Staying ignorant and saying "go away" just prove yourself ignorant
> > and childish.
> >
> > If someone HAS valuable information, they can reply directly,
> > without replying to misc. Thank you.
>
> The fact of the matter is that N groups of people can think of much
> the same things quite independantly of one another.  This being the
> case, trying to claim 'we did it first!' is much like digging a hole in
> water.  It's great exercise, amsuing for others to watch, but utterly
> useless.
>
> --STeve Andre'
>

"Life is pretty simple: You do some stuff. Most fails. Some works. You
do more of what works. If it works big, others quickly copy it. Then
you do something else. The trick is the doing something else."

Leonardo da Vinci

--
Atentamente

Andris Genovez Tobar / Sistemas
http://www.crice.org

Reply | Threaded
Open this post in threaded view
|

Re: [openbsd] fwd: [deraadt@cvs.openbsd.org: http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability/]

Marco Peereboom
In reply to this post by pourlori
The PaX guys got their panties in a knot because they wanted credit for
being first or something which they can have all day long.

The OpenBSD code was developed in oblivion to PaX.

So that guy still has an axe to grind because he wants something out of
it.  Not sure what though.

I'll declare him first and omg1337 H4Xx0r and he can use his PaX all day
long.  Hope it works out for him.  It has however no relevance to
OpenBSD.

On Tue, Jun 22, 2010 at 09:26:18PM +0200, [hidden email] wrote:

> Hello misc,
>
> I was wondering if these accusations against OpenBSD were true,
> I doubt he is lying, maybe he is just not telling the whole truth.
>
> http://www.uaoug.org.ua/archive/msg01088.html
>
> The first part is irrelevant, Linux may have implemented the sysctl
> switch before OpenBSD.
> However, their min_map_addr was set to 0 by default for a long
> time. Which did lead to vulnerabilities in Linux.
>
> "hey keep coming up with the same exact "innovations" others came up
> with years before them.  Their official explanation for where they
> got the W^X/ASLR ideas was a drunk guy came into their tent at one
> of
> their hack-a-thons and started talking about the idea.  They had
> never heard of PaX when we asked them in 2003."
>
> I do not wish to begin a troll-like thread, I just want the truth.
>
> Regards.
>
> Michel Antoine
> User

Reply | Threaded
Open this post in threaded view
|

Re: [openbsd] fwd: [deraadt@cvs.openbsd.org: http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability/]

Jacob Yocom-Piatt-2
In reply to this post by pourlori
[hidden email] wrote:
> There will always be OpenBSD haters, I want to be able to have a
> constructive, fact based discussion with them.
>  
> If someone HAS valuable information, they can reply directly,
> without replying to misc. Thank you.
>
>  



fact: you are some douchebag who is late to the argument
fact: i am an openbsd supporter and user who does not want to listen to
your whining

valuable information: reallocate your time doing something that does not
expose you to be a douchebag who is too worried about being painted a
douchebag to use a real identity. posting from anonymous hushmail
accounts is no longer such a great idea, have a look into how
untrustworthy hushmail.com is when it comes to the authorities.

Reply | Threaded
Open this post in threaded view
|

Re: [openbsd] fwd: [deraadt@cvs.openbsd.org: http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability/]

Henning Brauer
In reply to this post by pourlori
* [hidden email] <[hidden email]> [2010-06-22 21:31]:
> Their official explanation

sorry, but we have vacancies in our PR department, expect no
"official" explanations anytime soon

--
Henning Brauer, [hidden email], [hidden email]
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting

Reply | Threaded
Open this post in threaded view
|

Re: [openbsd] fwd: [deraadt &lt;at&gt; cvs.openbsd.org: http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability/]

pourlori
Haters please go off-list, identity is not relevant on a discussion list, I do
not need attention nor personal implication. I'd be delighted to speak about
privacy and stuff with my detractors, off-list.

SELinux is another debate, I don't want to waste your time with it. Thanks for
your participation, I was still able to get some clever answers.

It's frightening to see how easy it is to lie to people and make them believe
you're right and the others are wrong, god bless demagogy. But I'm relieved to
see that Internet is not only a place where liars and fools can speak but also a
place where truth can be unveiled.

Regards.