9fans - fans of the OS Plan 9 from Bell Labs
 help / color / mirror / Atom feed
* Re: [9fans] Plan 9 versus CORBA?
@ 2001-09-25 13:42 presotto
  0 siblings, 0 replies; 55+ messages in thread
From: presotto @ 2001-09-25 13:42 UTC (permalink / raw)
  To: 9fans

802.11's WEP was partially Lucent's fault, partially a bunch of other companies
that were also on the committee.  WEP stands for wired equivalent privacy.
The intention was to guard against casual snooping.  It was known at its
inception that it was not a wonderful solution.  Unfortunately, it
was sold as much more than that.  And even that fails after the Shamir
and Stubblefield work.  IEEE has a committee trying to address the situation
with better encryption.  After leaving Lucent, I'm no longer in the loop.
The early proposals were flawed and shot down, which means that this
time they're getting better review.

Putting encryption in the network is like firewalls.  You reject stuff
before routing it around.  It also provides some minimal protection
for all the uncontrolled/unprotected systems on the network.  However,
its not a substitute for end-to-end encryption.  It's also painfully
hard to change when flaws are found.  If they upgraded the current
standard to include key distribution (there's already a Lucent product
that does that over WaveLAN) then I'ld be happy to continue using it.
However, I'ld also continue doing my own encryption.  I don't trust
the systems authorized to use our network any more than I trust the
ones that aren't authorized.

The upcoming Plan 9 version, tries to solve some data privacy/integrity
problems by

(1) taking all authentication out of the kernel and the applications
   and centralizing it in an authentication server on every cpu.  The
   intent is to be able to switch algorithms with ease and to allow
   the simultaneous use of multiple algs and protocols.  Also, you can
   export the server to machines you CPU to so that you don't have to
   depend on the current 'speaks for' relation if you don't want to.
(2) encrypt all connections.  At the moment the encryption keys are
   part of the authentication process.  However, we'll probably move
   to just using TLS to encrypt all connections before authentication
   occurs.
(3) secure servers using PAK or SRP to store a user's secrets.  The
   server can be centralized or it could be personalized like a bitsy
   that you keep in your pocket.  It's the user's choice where to
   keep the info; you could type it in every time if you want.

We've got most of it working.  All of our CPU connections have been enrypted
for a while.  Soon the file server ones will also.  We've got to see what
that does to throughput.  We've already noticed that it really slows
down modems that currently get some of their speed by compressing.  That
means we'll probably have to compress also.  Luckily processors keep
getting faster.  All the extra cycles that Windows requires to have drop
alpha blended menus can serve our encryption needs.

Rob and jmk are just now converting our machines to run the new system.
There's a lot of change between 9P2000 and the new security infrastructure
so it'll be a while before we release it.

We (ynl & ehg) have also added IPv6 to the stack.  That hasn't been
merged in yet but we'll do it before the release.

We're currently considering what to do about IPsec.  I really don't like
it as a solution, partially for the same reason I don't like WEP:
its done too low.  However, we'll probably have to do it to
be compatible.  Security associations just bother me because they
represent such a violation of layering.  The advantage is the same
as that of WEP, programs don't have to take part in the security, it
can be done around them.  Also, headers are also encrypted and mac'd
so that a number of attacks, like the SYN one, become much harder.

Anyways, that's the current plan.  Rsc is doing a lot of it from
MIT, I'm doing some from Avaya, and the usual suspects are working
on it from Lucent.

Sorry for the long message.


^ permalink raw reply	[flat|nested] 55+ messages in thread
* Re: [9fans] Plan 9 versus CORBA?
@ 2001-09-26 13:24 jmk
  2001-09-26 13:33 ` Boyd Roberts
  0 siblings, 1 reply; 55+ messages in thread
From: jmk @ 2001-09-26 13:24 UTC (permalink / raw)
  To: 9fans

On Wed Sep 26 05:05:30 EDT 2001, boyd@fr.inter.net wrote:
> > I've been doing a fair amount of thinking about capabilities,
> > mandatory access control (MAC), and security labels, lately.
>
> i recall that jim reeds and ? put some simple, but powerful
> scheme into unix, back in the late 80s.
>

? would be Doug McIlroy and 'The IX Multilevel Secure Operating System'
CSTR #163 is available in pieces at http://cm.bell-labs.com/cm/cs/cstr.html.


^ permalink raw reply	[flat|nested] 55+ messages in thread
* Re: [9fans] Plan 9 versus CORBA?
@ 2001-09-26  6:12 okamoto
  0 siblings, 0 replies; 55+ messages in thread
From: okamoto @ 2001-09-26  6:12 UTC (permalink / raw)
  To: 9fans

Sorry, just after I posted previous mail, I noticed that I'm taking wrong way.
If someone (uninvited) intruded our system, and resources have world-wide
readable permission, s/he can read that.  :-)

Kenji



^ permalink raw reply	[flat|nested] 55+ messages in thread
* Re: [9fans] Plan 9 versus CORBA?
@ 2001-09-26  6:07 okamoto
  2001-09-26  9:48 ` Boyd Roberts
  0 siblings, 1 reply; 55+ messages in thread
From: okamoto @ 2001-09-26  6:07 UTC (permalink / raw)
  To: 9fans

I seemed to have written a not enough message.

'hidden' in my previous mail means (should be) hidden from the outside user
such as ftp user, html reader, and uninvited intruder.

For an example, if I have something should be public to the members of internal
Plan 9 users, which looks like (world-wide readable)

--rw-r--r-- M 4 okamoto okamoto     87 Apr  5 14:13 plumbing.

'none' user also can read this.  I think you mean, in that case we should have
some group permission to common to 'all' the members.   However, it's combersome
to have such group which includes all the internal members but outside ones.
This will be solved just if we don't have 'none' user.  This is the point I wanted to
write.  Of course I know Plan 9 solved much about the problem of super user by
making the file server standalone, and separated it from terminals etc.

Kenji

PS.  If we have confidence we will not be intruded, this is not a serious problem
of course.



^ permalink raw reply	[flat|nested] 55+ messages in thread
* Re: [9fans] Plan 9 versus CORBA?
@ 2001-09-26  5:41 geoff
  2001-09-26  9:47 ` Boyd Roberts
  0 siblings, 1 reply; 55+ messages in thread
From: geoff @ 2001-09-26  5:41 UTC (permalink / raw)
  To: 9fans

Kenji, I guess I don't understand your problem.  You say
``someone can enter as 'none' user and read hidden internal data
in a future...''.  If it's hidden internal data, it should be owned
by a group that "none" does not belong to, and world access should
be denied, which stops access by "none" and any other user not in
the group.  So it sounds like you've got ``hidden internal'' [sic] data
that is world-readable (thus neither hidden nor internal) and you're
trying to stop "none" from reading it, which sounds like you're trying
to solve the wrong problem.  Or I have I misunderstood your situation?


^ permalink raw reply	[flat|nested] 55+ messages in thread
* Re: [9fans] Plan 9 versus CORBA?
@ 2001-09-26  3:18 okamoto
  0 siblings, 0 replies; 55+ messages in thread
From: okamoto @ 2001-09-26  3:18 UTC (permalink / raw)
  To: 9fans

> Partticularly ion the popint
 >they have it per object, and have more variable security schem, or

s/ion the popoint/ in the point/
 sorry



^ permalink raw reply	[flat|nested] 55+ messages in thread
* Re: [9fans] Plan 9 versus CORBA?
@ 2001-09-26  3:13 okamoto
  2001-09-26  4:44 ` Christopher Nielsen
  0 siblings, 1 reply; 55+ messages in thread
From: okamoto @ 2001-09-26  3:13 UTC (permalink / raw)
  To: 9fans

Thanks David.

I might have feared too much.   However, when we are considering the
security, we assume we may be intruded by someone with bad will someday.

In the present Plan 9, 'none' user cannot login our system from outside,
I mean other than terminals, which may be enough to prevent accidental
reading the data by such external user.

If the above statement is correct, someone can enter as 'none' user
and read hidden internal data in a future...

I wrote that thing because I've been touched Amoeba5.3 this month,
where they have different security scheme using capability which attracted
me somewhat (as far as I can understand it).  Partticularly ion the popint
 they have it per object, and have more variable security schem, or
in other words, capability.  Then, I thought we can make some change of
security scheme other than just file permission scheme...  Of course,
I don't know this may break the integrity of our system.

That is the story why I wrote the previous message.  I think I understand
your stance, and I agree with you now.

The 'noworld' user may be attractive to open a database for external use,
thanks.

Kenji

PS.  This is not serious but some kind of kidding.  Students will like to find
something interesting which is not similar to us sometime.  S/he can
append joke mail to someone, such as supervisor :-), where s/he has no
bad will though.  ^_^



^ permalink raw reply	[flat|nested] 55+ messages in thread
* Re: [9fans] Plan 9 versus CORBA?
@ 2001-09-26  1:48 okamoto
  2001-09-26  2:44 ` david presotto
  0 siblings, 1 reply; 55+ messages in thread
From: okamoto @ 2001-09-26  1:48 UTC (permalink / raw)
  To: 9fans

>In fact, we continually reduce the power of none to make it
>less dangerous.

I don't know this is possible or not, however, I don't like to open all
the sources and data to the public from network access like now for
none user.   Can't we restrict the power of 'none' only to exec permition?

Kenji



^ permalink raw reply	[flat|nested] 55+ messages in thread
* Re: [9fans] Plan 9 versus CORBA?
@ 2001-09-26  1:34 presotto
  0 siblings, 0 replies; 55+ messages in thread
From: presotto @ 2001-09-26  1:34 UTC (permalink / raw)
  To: 9fans

[-- Attachment #1: Type: text/plain, Size: 205 bytes --]

I wouldn't get rid of none.  I still like the idea of running
the listener and services that don't need more access as none.
In fact, we continually reduce the power of none to make it
less dangerous.

[-- Attachment #2: Type: message/rfc822, Size: 1585 bytes --]

From: okamoto@granite.cias.osakafu-u.ac.jp
To: 9fans@cse.psu.edu
Subject: Re: [9fans] Plan 9 versus CORBA?
Date: Wed, 26 Sep 2001 10:26:22 +0900
Message-ID: <20010926012552.68EAE1998A@mail.cse.psu.edu>

Thanks Presotto for your elaborated message.

>   export the server to machines you CPU to so that you don't have to
>   depend on the current 'speaks for' relation if you don't want to.

Does this mean we can eliminate 'none' user from Plan 9 system?
I don't like that user, although he is not spade ace. :-)

Kenji

^ permalink raw reply	[flat|nested] 55+ messages in thread
* Re: [9fans] Plan 9 versus CORBA?
@ 2001-09-26  1:26 okamoto
  0 siblings, 0 replies; 55+ messages in thread
From: okamoto @ 2001-09-26  1:26 UTC (permalink / raw)
  To: 9fans

Thanks Presotto for your elaborated message.

>   export the server to machines you CPU to so that you don't have to
>   depend on the current 'speaks for' relation if you don't want to.

Does this mean we can eliminate 'none' user from Plan 9 system?
I don't like that user, although he is not spade ace. :-)

Kenji



^ permalink raw reply	[flat|nested] 55+ messages in thread
* Re: [9fans] Plan 9 versus CORBA?
@ 2001-09-25 14:29 forsyth
  0 siblings, 0 replies; 55+ messages in thread
From: forsyth @ 2001-09-25 14:29 UTC (permalink / raw)
  To: 9fans

>>However,
>>its not a substitute for end-to-end encryption.

especially when the bits aren't all on a single wireless network.



^ permalink raw reply	[flat|nested] 55+ messages in thread
* Re: [9fans] Plan 9 versus CORBA?
@ 2001-09-25 14:19 rob pike
  2001-09-26 15:44 ` Dan Cross
  0 siblings, 1 reply; 55+ messages in thread
From: rob pike @ 2001-09-25 14:19 UTC (permalink / raw)
  To: 9fans

I think you misrepresent the purpose of security.  Its role is to
prevent us getting work done.  If someone constructs a security
solution that is usable, experts will focus on it like a cat watching
a mouse hole until a fatal flaw is found.  This results in three
things: 1) The technology is disabled, making it impossible to work
again.  2) A solution is worked on, distracting people from getting
regular work done.  3) Finally, a new solution is deployed, requiring
people to spend time updating their systems and networks rather than
getting work done.  At this point, security has failed because people
are working, so the cat goes back to the hole and in a few days the
mouse emerges and is caught and life returns to normal.

So the rule of security is the following: if you are able to work on
something other than security, your system is insecure.

-rob



^ permalink raw reply	[flat|nested] 55+ messages in thread
* Re: [9fans] Plan 9 versus CORBA?
@ 2001-09-25  2:07 presotto
  0 siblings, 0 replies; 55+ messages in thread
From: presotto @ 2001-09-25  2:07 UTC (permalink / raw)
  To: 9fans

WEP works incredibly well now.  Imagine all the anguish avoided by no longer
having to arm wrestle the network password out of reluctant administrators
forced by company policy to not give it to you.  Now you can just say,
``Don't get up, I'll fetch it myself.''

Or just look at WEP as the free sample to hook people on the security drug.
Now that they're dependent and it doesn't work anymore they're all
willing to pay big bucks for the hard stuff; IPsec, pptp, TLS, ssh.
It's like a dream come true.


^ permalink raw reply	[flat|nested] 55+ messages in thread
* Re: [9fans] Plan 9 versus CORBA?
@ 2001-09-24 22:46 rob pike
  2001-09-25  8:36 ` Andrew Simmons
  0 siblings, 1 reply; 55+ messages in thread
From: rob pike @ 2001-09-24 22:46 UTC (permalink / raw)
  To: 9fans

> tree-borne reproductive organs wrapped in wrinkly wood.

Pressed flowers?

-rob



^ permalink raw reply	[flat|nested] 55+ messages in thread
* Re: [9fans] Plan 9 versus CORBA?
@ 2001-09-24  9:17 Fco.J.Ballesteros
  0 siblings, 0 replies; 55+ messages in thread
From: Fco.J.Ballesteros @ 2001-09-24  9:17 UTC (permalink / raw)
  To: 9fans

:  I'll definitely try Plan 9 out, but may not be allowed to use it
:  because it is not Object Oriented and because the compiler doesn't
:  support const, both of which are Bad Things. This is completely off

You can tell your boss that Plan 9 is object based, but
tell him/her that

	"...those weird Plan 9 guys refer to their objects as `files',
and to their object servers as `file servers'..."

good luck



^ permalink raw reply	[flat|nested] 55+ messages in thread
* Re: [9fans] Plan 9 versus CORBA?
@ 2001-09-21 16:11 Fco.J.Ballesteros
  0 siblings, 0 replies; 55+ messages in thread
From: Fco.J.Ballesteros @ 2001-09-21 16:11 UTC (permalink / raw)
  To: 9fans

:  You mean, you're actually at an _academic_ institution, not a
:  psychiatric one?!
:
Some times it looks like... most of the times, actually.

:  ++L
:
:  PS: Jokes asides, what the most recent URL for your kernel commentary,
:  it is high time I made a(nother) serious study of it?

You can find links at http://plan9.escet.urjc.es/
I have not work on it since long ago, though. So you already
may have the last one.

Hope to get some time to get back to it during fall.



^ permalink raw reply	[flat|nested] 55+ messages in thread
* Re: [9fans] Plan 9 versus CORBA?
@ 2001-09-21 15:29 anothy
  2001-09-21 16:03 ` Dan Cross
  0 siblings, 1 reply; 55+ messages in thread
From: anothy @ 2001-09-21 15:29 UTC (permalink / raw)
  To: 9fans

// ...I'm finding it an increasing strain just to lift the books I need
// to consult - over 1000 pages each.

Aha! somebody call OSHA! i guess whatever plan 9 costs people
through RSI from chording in Acme is offset by savings in pulled
muscles from lifting those insane reference manuals.
-α.



^ permalink raw reply	[flat|nested] 55+ messages in thread
* Re: [9fans] Plan 9 versus CORBA?
@ 2001-09-21 14:54 Fco.J.Ballesteros
  2001-09-21 13:37 ` Lucio De Re
  0 siblings, 1 reply; 55+ messages in thread
From: Fco.J.Ballesteros @ 2001-09-21 14:54 UTC (permalink / raw)
  To: 9fans

[-- Attachment #1: Type: text/plain, Size: 48 bytes --]

I think I should  resign as a professor ☺.


[-- Attachment #2: Type: message/rfc822, Size: 2114 bytes --]

From: Ronald G Minnich <rminnich@lanl.gov>
To: <9fans@cse.psu.edu>
Subject: Re: [9fans] Plan 9 versus CORBA?
Date: Fri, 21 Sep 2001 08:29:37 -0600 (MDT)
Message-ID: <Pine.LNX.4.33.0109210829240.11328-100000@snaresland.acl.lanl.gov>

On Fri, 21 Sep 2001, andrey mirtchovski wrote:

> when i did a small undergraduate presentation on plan9 (i tried to do
> distributed bioinformatics computations) one of my professors asked me the
> same question: "why not corba?"..

that's why we don't let professors write code.

ron

^ permalink raw reply	[flat|nested] 55+ messages in thread
* Re: [9fans] Plan 9 versus CORBA?
@ 2001-09-21 14:29 Sape Mullender
  0 siblings, 0 replies; 55+ messages in thread
From: Sape Mullender @ 2001-09-21 14:29 UTC (permalink / raw)
  To: 9fans

[-- Attachment #1: Type: text/plain, Size: 92 bytes --]

> Rob's heritage is Balkan, he's still getting used to vowels.

His name used to be pk


[-- Attachment #2: Type: message/rfc822, Size: 1572 bytes --]

From: jmk@plan9.bell-labs.com
To: 9fans@cse.psu.edu
Subject: Re: [9fans] Plan 9 versus CORBA?
Date: Fri, 21 Sep 2001 10:26:32 -0400
Message-ID: <20010921142640.88BF019AA5@mail.cse.psu.edu>

On Fri Sep 21 10:09:35 EDT 2001, andrew@mbmnz.co.nz wrote:
> ...
> On a totally unrelated note, I'd be interested to find out why rob
> pike spells his name in lower case. Is this a literary device, like ee
> cummings, or does Plan 9 not support upper case?

Rob's heritage is Balkan, he's still getting used to vowels.
Give hime some time and he'll get round to upper case.

^ permalink raw reply	[flat|nested] 55+ messages in thread
* Re: [9fans] Plan 9 versus CORBA?
@ 2001-09-21 14:26 jmk
  2001-09-21 16:25 ` suspect
  0 siblings, 1 reply; 55+ messages in thread
From: jmk @ 2001-09-21 14:26 UTC (permalink / raw)
  To: 9fans

On Fri Sep 21 10:09:35 EDT 2001, andrew@mbmnz.co.nz wrote:
> ...
> On a totally unrelated note, I'd be interested to find out why rob
> pike spells his name in lower case. Is this a literary device, like ee
> cummings, or does Plan 9 not support upper case?

Rob's heritage is Balkan, he's still getting used to vowels.
Give hime some time and he'll get round to upper case.


^ permalink raw reply	[flat|nested] 55+ messages in thread
* [9fans] Plan 9 versus CORBA?
@ 2001-09-21 14:04 Andrew Simmons
  2001-09-21 14:25 ` andrey mirtchovski
                   ` (2 more replies)
  0 siblings, 3 replies; 55+ messages in thread
From: Andrew Simmons @ 2001-09-21 14:04 UTC (permalink / raw)
  To: 9fans

Hi

I'm working on a distributed application using C++ and CORBA, and
apart from the sheer mind-numbing complexity of both, I'm finding it
an increasing strain just to lift the books I need to consult - over
1000 pages each. I was wondering if Plan 9 might be worth considering
as a simpler alternative, and I would be interested in the views of
the participants of this news group, especially those of anyone who
has experience of both Plan 9 and CORBA. I'd also be interested in
people's views on the suitability of Plan 9 as a platform for
commercial development - my management might be rather nervous of
using an operating system perceived as too far out of the mainstream.

On a totally unrelated note, I'd be interested to find out why rob
pike spells his name in lower case. Is this a literary device, like ee
cummings, or does Plan 9 not support upper case?

Thanks
Andrew Simmons


^ permalink raw reply	[flat|nested] 55+ messages in thread

end of thread, other threads:[~2001-10-01  9:51 UTC | newest]

Thread overview: 55+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2001-09-25 13:42 [9fans] Plan 9 versus CORBA? presotto
  -- strict thread matches above, loose matches on Subject: below --
2001-09-26 13:24 jmk
2001-09-26 13:33 ` Boyd Roberts
2001-09-26  6:12 okamoto
2001-09-26  6:07 okamoto
2001-09-26  9:48 ` Boyd Roberts
2001-09-26  5:41 geoff
2001-09-26  9:47 ` Boyd Roberts
2001-09-26  3:18 okamoto
2001-09-26  3:13 okamoto
2001-09-26  4:44 ` Christopher Nielsen
2001-09-26  4:50   ` David Arnold
2001-09-26  9:01   ` Boyd Roberts
2001-09-26  1:48 okamoto
2001-09-26  2:44 ` david presotto
2001-09-26  1:34 presotto
2001-09-26  1:26 okamoto
2001-09-25 14:29 forsyth
2001-09-25 14:19 rob pike
2001-09-26 15:44 ` Dan Cross
2001-09-25  2:07 presotto
2001-09-24 22:46 rob pike
2001-09-25  8:36 ` Andrew Simmons
2001-09-24  9:17 Fco.J.Ballesteros
2001-09-21 16:11 Fco.J.Ballesteros
2001-09-21 15:29 anothy
2001-09-21 16:03 ` Dan Cross
2001-09-21 14:54 Fco.J.Ballesteros
2001-09-21 13:37 ` Lucio De Re
2001-09-21 14:29 Sape Mullender
2001-09-21 14:26 jmk
2001-09-21 16:25 ` suspect
2001-09-21 14:04 Andrew Simmons
2001-09-21 14:25 ` andrey mirtchovski
2001-09-21 14:29   ` Ronald G Minnich
2001-09-21 15:16   ` Scott Schwartz
2001-09-21 14:28 ` Ronald G Minnich
2001-09-24  8:51   ` Andrew Simmons
2001-09-24 16:25     ` Boyd Roberts
2001-09-24 22:43       ` George Michaelson
2001-09-24 22:54         ` Boyd Roberts
2001-09-25  0:37           ` George Michaelson
2001-09-25  0:39             ` Boyd Roberts
2001-09-25  0:55               ` George Michaelson
2001-09-25  1:00                 ` Boyd Roberts
2001-09-25  0:42             ` Boyd Roberts
2001-09-25  0:56               ` George Michaelson
2001-09-25  1:00                 ` Boyd Roberts
2001-09-25  1:23                   ` Scott Schwartz
2001-09-25  2:27                     ` Dan Cross
2001-09-25  2:31                       ` Boyd Roberts
2001-09-25  2:12                   ` Dan Cross
2001-09-25  2:32                     ` William Josephson
2001-10-01  9:51     ` Mike Warner
2001-09-21 14:33 ` Alexander Viro

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).