- Is Fiasco still alive? When I visit Fiasco
http://os.inf.tu-dresden.de/fiasco/ site, last updated date is 26 Sep 2005 *Fiasco 1.2 released!* Do we have further releases or is it stopped?
Yes, although the webpage has become a little outdated. We are currently preparing a release of our new Fiasco version which will also include capabilities, kernel memory management and full virtualization support.
To me, capabilities are nothing but a buzzword that a tiny fraction of a minority of the academic computing community have latched on to, fetishized, and have turned into a cult religion. Now they are starting to mercilessly ram it down the throats of every kernel project that isn't already cast in stone such as unix.
To me, any security mechanism is nothing more than something I have to hack around to make the computer do anything useful at all. =( That's why I still love DOS, it does **ANYTHING** you ask it to.
I've tried to read articles about capabilities. They were just jibberish to me when read straight through. When I crossed out all instances of the word "capabilitiy", they document made sense but seemed hopelessly pointless, as in the concept served no conceivable >> net << benefit to anyone except the NSA.
In the real world, people tend to ignore security issues, even to the point of intentionally using stupid passwords for the sake of making sure they can still get things done and to minimize the risk of forgetting the password, which could be catastrophic to their business!!! (I work at such a company, the password to the most heavily used account on their main database is an easily memorized variation of the username. =P, the root password is equally stupid.)
At my previous place of work, a geophysical laboratory, the old guy there insisted that when I upgraded a windows 98 machine to 2000 (in 2007), that I make sure I never entered a password so that the machine would always boot to the desktop. If I failed to do this, I had to install it again. Once again, the key motivation was to bypass security to *make it possible to use the computer*.
The root and user passwords for my own home PC and the computers on my network are exceptionally weak too because I need to be able to get into them.
They know that security is not a benefit, it's a potential obstacle for them staying in business!
If I were dictator, I would banish these capabilities nutcases from academic institutions for five years and give them guaranteed employment as an IT pro or a programmer for a small company and give them an education in how hard security makes life in general.