On Thu, 2007-01-18 at 23:55 +0800, Ed Greshko wrote: > If you guys really want to continue this silly ass thread I can create a > mailing list for your enjoyment. > > Let me know, and I can create a list for all of you and subscribe all of you > and you can continue this endless exchange. > Hi, Ed, This is indeed an endless exchange, but a valuable one at that. For example a quote from the NSA paper that Dr. Smalley was a part of: By arguing that secure operating systems are indispensable to system security, the authors hope to spawn a renewed interest in operating system security. If security practitioners were to more openly acknowledge their security solution’s operating system dependencies and state these dependencies as requirements for future operating systems, then the increased demand for secure operating systems would lead to new research and development in the area and ultimately to commercially viable secure systems. In turn, the availability of secure operating systems would enable security practitioners to concentrate on security services that belong in their particular components rather than dooming them to try to address the total security problem with no hope of success. (http://www.nsa.gov/selinux/papers/inevitability/) Gives us a view that this topic must continue to be given air time. It is vital to users and customers of users of computing architectures, not just Linux, but all operating systems. I hope that our discussion, while sometimes vitrolic and often arcane, brings all of you to thinking about the issues of data and system protection. It is vital to the network that "no system" not a server, nor a user workstation, be unprotected from malicious use. Moreover, it is important that mechanisms exist to report violations of that security to parties that will endeavor to close the holes that permitted that violation to occur, and to parties that will seek out and punish those that violated that security world wide. Regards, Les H
