fiasco - related

Alan Grimes agrimes at speakeasy.net
Fri Jan 29 16:00:41 CET 2010


>> - Is Fiasco still alive? When I visit Fiasco
>> http://os.inf.tu-dresden.de/fiasco/ site, last updated date is 26 Sep
>> 2005 *Fiasco 1.2 released!* Do we have further releases or is it stopped?
> Yes, although the webpage has become a little outdated. We are currently
> preparing a release of our new Fiasco version which will also include
> capabilities, kernel memory management and full virtualization support.

To me, capabilities are nothing but a buzzword that a tiny fraction of a
minority of the academic computing community have latched on to,
fetishized, and have turned into a cult religion. Now they are starting
to mercilessly ram it down the throats of every kernel project that
isn't already cast in stone such as unix.

To me, any security mechanism is nothing more than something I have to
hack around to make the computer do anything useful at all. =( That's
why I still love DOS, it does **ANYTHING** you ask it to.

I've tried to read articles about capabilities. They were just jibberish
 to me when read straight through. When I crossed out all instances of
the word "capabilitiy", they document made sense but seemed hopelessly
pointless, as in the concept served no conceivable >> net << benefit to
anyone except the NSA.

In the real world, people tend to ignore security issues, even to the
point of intentionally using stupid passwords for the sake of making
sure they can still get things done and to minimize the risk of
forgetting the password, which could be catastrophic to their
business!!! (I work at such a company, the password to the most heavily
used account on their main database is an easily memorized variation of
the username. =P, the root password is equally stupid.)

At my previous place of work, a geophysical laboratory, the old guy
there insisted that when I upgraded a windows 98 machine to 2000 (in
2007), that I make sure I never entered a password so that the machine
would always boot to the desktop. If I failed to do this, I had to
install it again. Once again, the key motivation was to bypass security
to *make it possible to use the computer*.

The root and user passwords for my own home PC and the computers on my
network are exceptionally weak too because I need to be able to get into
them.

They know that security is not a benefit, it's a potential obstacle for
them staying in business!

If I were dictator, I would banish these capabilities nutcases from
academic institutions for five years and give them guaranteed employment
as an IT pro or a programmer for a small company and give them an
education in how hard security makes life in general.

-- 
DO NOT USE OBAMACARE.
DO NOT BUY OBAMACARE.
Powers are not rights.





More information about the l4-hackers mailing list