DOCSLIB.ORG

AD Management Tool Exhaustive Reports on User, Group, Computer, Exchange & GPO

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
AD Management Tool Exhaustive Reports on User, Group, Computer, Exchange & GPO Stories Firehose All Popular Polls Video Jobs Deals Submit Search Login or Sig2n7 u7p Topics: Devices Build Entertainment Technology Open Source Science YRO Follow us: Follow Slashdot blog updates by subscribing to our blog RSS feed Nickname: Password: 6-20 characters long Public Terminal Log In Forgot your password? Sign in with Google Facebook Twitter LinkedIn Close AD Management Tool Exhaustive Reports on User, Group, Computer, Exchange & GPO GNU Hurd Begins Supporting Sound, Still Working On 64-bit & USB Support (phoronix.com) $0.32/Mbps IP Posted by timothy on Sunday January 31, 2016 @11:22AM from the pretty-soon-big-and-fancy-like-gnu dept. An anonymous reader writes: GNU developer Samuel Thibault presented at this weekend's FOSDEM conference Transit about the current state of GNU Hurd. He shared that over the past year they've started working on experimental IPv6+IPv4 and BGP For Your sound support as their big new feature. They also have x86 64-bit support to the point that the kernel can boot, but not Network in North America and much beyond that stage yet. USB and other functionality remains a work-in-progress. Those curious about this GNU kernel project can find more details via the presentation media. Europe gnu os software → Tiny Pluto Big On Frozen Water Reserves Kentucky Man Arrested After Shooting Down Drone Are We Reaching the Electric Car Tipping Point? Microsoft Is Downloading Windows 10 Without Asking Test Pilot: the F-35 Can't Dogfight Oregon Testing Pay-Per-Mile Driving Fee To Replace Gas Tax Submission: GNU Hurd Begins Supporting Sound, Still Working On 64-bit & USB Support FTDI Driver Breaks Hardware Again GNU Hurd Begins Supporting Sound, Still Working On 64-bit & USB Support 177 More | Reply Login GNU Hurd Begins Supporting Sound, Still Working On 64-bit & USB Support Post Load All Comments S1e5a Fruchll 8257 7A Cbobmremvieantetsd L0o Hg iIdnd/Cenreate an Account C/Soema ments Filter: AScllore: I5nsightful I4nformative I3nteresting F2unny 1The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way. ›0 I-1n future news (Score:4, Funny) b17y 7c +M+o r(e2 5| 4R2e7p) loy nL oSguinnday January 31, 2016 @11:27AM (#51408957) W e're proud to announce that GNU Hurd can now save and load files. NRicekplny atom Teh:is Share tPwaisttsewro fradce: b6o-2o0k clihnakreadcitne rs long F laPgu balsi cIn Taeprpmroinparila te Re:L oIng Ifnutu reF onrgeowt yso u(Sr pcaosrsew:o2rd)? by orlanz (882574) Close A billion trillion years from now, Hurd will be the only sentient being left. As the rest moved onto a higher plane of existence. Close Re:In future news (Score:4, Informative) by jfdavis668 (1414919) on Sunday January 31, 2016 @02:54PM (#51409955) Obligatory XKCD: http://xkcd.com/1508/ [xkcd.com] Reply to This Parent Share twitter facebook linkedin Flag as Inappropriate Re: (Score:2) by jfdavis668 (1414919) HURD AC," said Man, "How may entropy be reversed? The HURD AC said, "/hurd/ext2fs.static: hd1s1: Gratuitous error." Re: (Score:2) by BarbaraHudson (3785311) That anybody is still following the HURD is what's news. The herd has moved elsewhere. Re: (Score:2) by unixisc (2429386) Last I had read, they were still agonizing over which microkernel to use. Did they come to a decision? Re: (Score:2) by roc97007 (608802) They're skipping over 8 inch disks? What's the point (Score:5, Interesting) by mwvdlee (775178) on Sunday January 31, 2016 @11:27AM (#51408961) Homepage What's the point of continuing with Hurd? I mean, apart from making make laugh whenever they have "news". Reply to This Share twitter facebook linkedin Flag as Inappropriate Re: (Score:2) by HouseOfMisterE (659953) Hurd probably does make make laugh! Re:What's the point (Score:4, Interesting) by thegarbz (1787294) on Sunday January 31, 2016 @11:33AM (#51408989) This is an interesting question. It's one thing if the HURD was making progress but based on this kind of news it would seem that technology is actually being developed faster than the kernel. Reply to This Parent Share twitter facebook linkedin Flag as Inappropriate Hurd is the kernel component of GNU Emacs (Score:2) by dmoen (88623) Seriously, if you google "GNU Guix", you'll see that system startup scripts will be written in Lisp, the package manager will use Lisp to describe packages. Also, I note that the microkernel architecture will allow code that is traditionally part of the kernel to run in user mode and be written in Lisp. It looks to me that they are building a new system that combines the best aspects of Unix and the legendary Lisp Machine. Which would be kind of cool. Re: (Score:3) by unixisc (2429386) Can't they rewrite systemd in lisp, put it under emacs and then have their entire OS? Speaking of which, why are they bothering w/ 64-bit support at all? Since the only app that would run in HURD would be emacs, they might as well just make emacs the front end of the OS, instead of bothering about bash/csh/ksh/ et al Re: (Score:3, Insightful) by Anonymous Coward The microkernel architecture makes it quite cool. Re: (Score:2) by unixisc (2429386) The microkernel architecture makes it quite cool. For that, why not go to Minix, which is FOSS under a BSD license, and is well documented, since AST's book is the documentation of the OS. It's a good learning platform, and has some neat features, like a 'reincarnation server' that lowers the priority of hung drivers until they are effectively killed, and restart them again. Last I hurd, HURD is still based on Mach 3, which was a first generation microkernel, but a lot of developments have happened in microkernel concepts that have not made it to Ma Re: (Score:2) by rochrist (844809) You think that will happen before the heat death of the universe? Re: (Score:2) by unixisc (2429386) GP wants a microkernel OS Re: (Score:3) by Guy Harris (3803) If you want a microkernel architecture, then why not OS X or at least Darwin? Because neither Darwin nor OS X have a microkernel architecture. Re: (Score:3) by serviscope_minor (664417) You mean Mach. That's the microkernel underlying both OSX and Hurd. OSX basically sticks one massive process on top of that for unix services. Hurd actually goes the full microkernel style. It's a research system which means unlike OSX its hardware support is poor but it can do interesting things from an OS perspective. Re: (Score:3) by unixisc (2429386) OS X does use Mach, but not in the way that any microkernel platform would. As for HURD, did they finally conclude which microkernel they wanted to use? They tried out a few, and then it's unclear which one they settled for. While Mach 3.x was a first generation microkernel, there have been a lot of developments in microkernel theory that are not there in Mach 3. In fact, a major downside of Mach 3 is that it is resource intensive, and that reputation has spread to microkernels in general, even Re: (Score:3) by ArchieBunker (132337) Its like trying to talk someone out of a cult they are following. Re:What's the point (Score:5, Informative) by short (66530) on Sunday January 31, 2016 @11:38AM (#51409013) Homepage Thanks to the microkernel architecture you will no longer have to reboot system just to get rid of that stale lock on an accidentally removed USB disk or unmountable --bind mount in /proc/mounts due to non-existing user/usecount or due to some crashed driver locking up your PCI device etc. I could transparently restart crashed ntfs.sys emulated under Linux in 2003 while Linux kernel still can't do that with its native filesystems. Reply to This Parent Share twitter facebook linkedin Flag as Inappropriate Re: (Score:2) by rssrss (686344) "you will no longer have to reboot system just to get rid of that stale lock on an accidentally removed USB disk or unmountable --bind mount in /proc/mounts due to non-existing user/usecount or due to some crashed driver locking up your PCI device etc." Before or after my 115th birthday? Re: (Score:2) by short (66530) You have to reboot that box about each two weeks: Fedora kernel Bug 1183791 [redhat.com] (it is probably not specific to Fedora) Re: (Score:2) by BarbaraHudson (3785311) No, you won't. This is one user, who admits doing weird things in his scripts. He fixed his problem. Re: (Score:2) by Marginal Coward (3557951) Before or after my 115th birthday? I'm not sure when they'll succeed in getting USB going in GNU HURD, but I predict it will eventually become a killer feature of Windows 95. Re: (Score:3) by Lunix Nutcase (1092239) Ok. So by which century will Hurd be usable enough that I can take advantage of the features? And don't say "now" because not having sound support or full workinf x86_64 support does not make a usable kernel. Re: (Score:2, Interesting) by short (66530) The sooner you will write that the sooner you will get it. That's all what Free software guarantees you and I find it superior to anything else. Re: (Score:2, Insightful) by jones_supa (887896) FOSS is not a garden party or cake sale where anyone can volunteer just like that. Features that seem relatively simple to the end user can hide tens or hundreds of thousands of lines of code behind them.
Load more

Recommended publications
  • Administering Unidata on UNIX Platforms
    C:\Program Files\Adobe\FrameMaker8\UniData 7.2\7.2rebranded\ADMINUNIX\ADMINUNIXTITLE.fm March 5, 2010 1:34 pm Beta Beta Beta Beta Beta Beta Beta Beta Beta Beta Beta Beta Beta Beta Beta Beta UniData Administering UniData on UNIX Platforms UDT-720-ADMU-1 C:\Program Files\Adobe\FrameMaker8\UniData 7.2\7.2rebranded\ADMINUNIX\ADMINUNIXTITLE.fm March 5, 2010 1:34 pm Beta Beta Beta Beta Beta Beta Beta Beta Beta Beta Beta Beta Beta Notices Edition Publication date: July, 2008 Book number: UDT-720-ADMU-1 Product version: UniData 7.2 Copyright © Rocket Software, Inc. 1988-2010. All Rights Reserved. Trademarks The following trademarks appear in this publication: Trademark Trademark Owner Rocket Software™ Rocket Software, Inc. Dynamic Connect® Rocket Software, Inc. RedBack® Rocket Software, Inc. SystemBuilder™ Rocket Software, Inc. UniData® Rocket Software, Inc. UniVerse™ Rocket Software, Inc. U2™ Rocket Software, Inc. U2.NET™ Rocket Software, Inc. U2 Web Development Environment™ Rocket Software, Inc. wIntegrate® Rocket Software, Inc. Microsoft® .NET Microsoft Corporation Microsoft® Office Excel®, Outlook®, Word Microsoft Corporation Windows® Microsoft Corporation Windows® 7 Microsoft Corporation Windows Vista® Microsoft Corporation Java™ and all Java-based trademarks and logos Sun Microsystems, Inc. UNIX® X/Open Company Limited ii SB/XA Getting Started The above trademarks are property of the specified companies in the United States, other countries, or both. All other products or services mentioned in this document may be covered by the trademarks, service marks, or product names as designated by the companies who own or market them. License agreement This software and the associated documentation are proprietary and confidential to Rocket Software, Inc., are furnished under license, and may be used and copied only in accordance with the terms of such license and with the inclusion of the copyright notice.
    [Show full text]
  • 802.11N Support in Freebsd (For the Run(4) Driver)
    802.11n support in FreeBSD (for the run(4) driver) 15412 F’19 1 / 15 Motivation ● “Do something with operating systems” – OS Junkie: Ubuntu → Fedora → Arch Linux → Gentoo → FreeBSD ● Do something for the community – So much free (not free as in free beer) software out there for use – Time to give something back! ● Faster WiFi doesn’t hurt – Makes FreeBSD more usable ● Less angry users: “But this works on Lunix!” 2 / 15 FreeBSD ● Open source, UNIX ● Official webpage: freebsd.org ● Large, helpful community – IRC Channels on Freenode (#freebsd) – Forums (forums.freebsd.org) – Mailing lists (lists.freebsd.org) ● Latest Release: FreeBSD 12 (2018) 3 / 15 802.11 ● IEEE 802.11: Standard for WiFi – 802.11b: 2.4GHz, Max rate 11 Mbps, range 150 ft., Year 1999 – 802.11g: 2.4 GHz, Max rate 54 Mbps, range 150 ft., Year 2003 – 802.11n: 2.4GHz or 5 GHz, Max rate 300 Mbps (single antenna), 450 Mbps (MIMO), range 175 ft., Year 2009 4 / 15 Ralink ● Produces WiFi chips – See https://wikidevi.com/wiki/Ralink for list of chips ● Linux driver: rt2800usb (USB Ralink 802.11n devices) ( https://wiki.debian.org/rt2800usb). ● FreeBSD driver: run (see https://www.freebsd.org/cgi/man.cgi?run(4) ) – Caveats : “The run driver does not support any of the 802.11n capabilities offered by the RT2800, RT3000 and RT3900 chipsets.“ 5 / 15 Existing code base ● The run driver supports several chipsets and adapters (such as ASUS USB N-66) but without support for 802.11n – This means reduced speeds – This means it will misbehave when you turn on your microwave ● run(4) also has annoying ‘device timeout’ errors where the card stops responding.
    [Show full text]
  • Microkernels in a Bit More Depth • Early Operating Systems Had Very Little Structure • a Strictly Layered Approach Was Promoted by Dijkstra
    Motivation Microkernels In a Bit More Depth Early operating systems had very little structure A strictly layered approach was promoted by Dijkstra THE Operating System [Dij68] COMP9242 2007/S2 Week 4 Later OS (more or less) followed that approach (e.g., Unix). UNSW Such systems are known as monolithic kernels COMP9242 07S2 W04 1 Microkernels COMP9242 07S2 W04 2 Microkernels Issues of Monolithic Kernels Evolution of the Linux Kernel E Advantages: Kernel has access to everything: all optimisations possible all techniques/mechanisms/concepts implementable Kernel can be extended by adding more code, e.g. for: new services support for new harwdare Problems: Widening range of services and applications OS bigger, more complex, slower, more error prone. Need to support same OS on different hardware. Like to support various OS environments. Distribution impossible to provide all services from same (local) kernel. COMP9242 07S2 W04 3 Microkernels COMP9242 07S2 W04 4 Microkernels Approaches to Tackling Complexity Evolution of the Linux Kernel Part 2 A Classical software-engineering approach: modularity Software-engineering study of Linux kernel [SJW+02]: (relatively) small, mostly self-contained components well-defined interfaces between them Looked at size and interdependencies of kernel "modules" enforcement of interfaces "common coupling": interdependency via global variables containment of faults to few modules Analysed development over time (linearised version number) Doesn't work with monolithic kernels: Result 1:
    [Show full text]
  • Building Performance Measurement Tools for the MINIX 3 Operating System
    Building Performance Measurement Tools for the MINIX 3 Operating System Rogier Meurs August 2006 Contents 1 INTRODUCTION 1 1.1 Measuring Performance 1 1.2 MINIX 3 2 2 STATISTICAL PROFILING 3 2.1 Introduction 3 2.2 In Search of a Timer 3 2.2.1 i8259 Timers 3 2.2.2 CMOS Real-Time Clock 3 2.3 High-level Description 4 2.4 Work Done in User-Space 5 2.4.1 The SPROFILE System Call 5 2.5 Work Done in Kernel-Space 5 2.5.1 The SPROF Kernel Call 5 2.5.2 Profiling using the CMOS Timer Interrupt 6 2.6 Work Done at the Application Level 7 2.6.1 Control Tool: profile 7 2.6.2 Analyzing Tool: sprofalyze.pl 7 2.7 What Can and What Cannot be Profiled 8 2.8 Profiling Results 8 2.8.1 High Scoring IPC Functions 8 2.8.2 Interrupt Delay 9 2.8.3 Profiling Runs on Simulator and Other CPU Models 12 2.9 Side-effect of Using the CMOS Clock 12 3 CALL PROFILING 13 3.1 Introduction 13 3.1.1 Compiler-supported Call Profiling 13 3.1.2 Call Paths, Call and Cycle Attribution 13 3.2 High-level Description 14 3.3 Work Done in User-Space 15 3.3.1 The CPROFILE System Call 15 3.4 Work Done in Kernel-Space 16 3.4.1 The PROFBUF and CPROF Kernel Calls 16 3.5 Work Done in Libraries 17 3.5.1 Profiling Using Library Functions 17 3.5.2 The Procentry Library Function 17 3.5.3 The Procexit Library Function 20 3.5.4 The Call Path String 22 3.5.5 Testing Overhead Elimination 23 3.6 Profiling Kernel-Space/User-Space Processes 24 3.6.1 Differences in Announcing and Table Sizes 24 3.6.2 Kernel-Space Issue: Reentrancy 26 3.6.3 Kernel-Space Issue: The Call Path 26 3.7 Work Done at the Application
    [Show full text]
  • Research Purpose Operating Systems – a Wide Survey
    GESJ: Computer Science and Telecommunications 2010|No.3(26) ISSN 1512-1232 RESEARCH PURPOSE OPERATING SYSTEMS – A WIDE SURVEY Pinaki Chakraborty School of Computer and Systems Sciences, Jawaharlal Nehru University, New Delhi – 110067, India. E-mail: [email protected] Abstract Operating systems constitute a class of vital software. A plethora of operating systems, of different types and developed by different manufacturers over the years, are available now. This paper concentrates on research purpose operating systems because many of them have high technological significance and they have been vividly documented in the research literature. Thirty-four academic and research purpose operating systems have been briefly reviewed in this paper. It was observed that the microkernel based architecture is being used widely to design research purpose operating systems. It was also noticed that object oriented operating systems are emerging as a promising option. Hence, the paper concludes by suggesting a study of the scope of microkernel based object oriented operating systems. Keywords: Operating system, research purpose operating system, object oriented operating system, microkernel 1. Introduction An operating system is a software that manages all the resources of a computer, both hardware and software, and provides an environment in which a user can execute programs in a convenient and efficient manner [1]. However, the principles and concepts used in the operating systems were not standardized in a day. In fact, operating systems have been evolving through the years [2]. There were no operating systems in the early computers. In those systems, every program required full hardware specification to execute correctly and perform each trivial task, and its own drivers for peripheral devices like card readers and line printers.
    [Show full text]
  • Sealing OS Processes to Improve Dependability and Security
    Sealing OS Processes to Improve Dependability and Safety Galen Hunt, Mark Aiken, Manuel Fähndrich, Chris Hawblitzel, Orion Hodson, James Larus, Steven Levi, Bjarne Steensgaard, David Tarditi, and Ted Wobber Microsoft Research One Microsoft Way Redmond, WA 98052 USA [email protected] ABSTRACT General Terms In most modern operating systems, a process is a Design, Reliability, Experimentation. hardware-protected abstraction for isolating code and data. This protection, however, is selective. Many common Keywords mechanisms—dynamic code loading, run-time code Open process architecture, sealed process architecture, sealed generation, shared memory, and intrusive system APIs— kernel, software isolated process (SIP). make the barrier between processes very permeable. This paper argues that this traditional open process architecture 1. INTRODUCTION exacerbates the dependability and security weaknesses of Processes debuted, circa 1965, as a recognized operating modern systems. system abstraction in Multics [48]. Multics pioneered As a remedy, this paper proposes a sealed process many attributes of modern processes: OS-supported architecture, which prohibits dynamic code loading, self- dynamic code loading, run-time code generation, cross- modifying code, shared memory, and limits the scope of process shared memory, and an intrusive kernel API that the process API. This paper describes the implementation permitted one process to modify directly the state of of the sealed process architecture in the Singularity another process. operating system,
    [Show full text]
  • Cgatools Install Guide
    cgatools Installation Guide Version 1.2.0 Complete Genomics data is for Research Use Only and not for use in the treatment or diagnosis of any human subject. Information, descriptions and specifications in this publication are subject to change without notice. Copyright © 2010 Complete Genomics Incorporated. All rights reserved. cgatools Installation Guide Table Of Contents Table Of Contents Preface ........................................................................................................................................................................... 3 Conventions ................................................................................................................................................................................ 3 cgatools Documents ................................................................................................................................................................ 3 References ................................................................................................................................................................................... 3 Overview and Requirements ................................................................................................................................. 5 Install Process in a Nutshell ................................................................................................................................................. 5 User Requirements .................................................................................................................................................................
    [Show full text]
  • MINIX3: a Reliable and Secure Operating System
    MINIX3: A Reliable and Secure Operating System Andrew S. Tanenbaum and a team of students and programmers who actually did all the work Vrije Universiteit Amsterdam, The Netherlands 1 GOAL OF OUR WORK: BUILD A RELIABLE OS Tanenbaum’s definition of a reliable OS: “An operating system is said to be reliable when a typical user has never experienced even a single failure in his or her lifetime and does not know anybody who has ever experienced a failure.” In engineering terms, this is probably mean time to failure > 50 years I don’t think we are there yet 2 THE TELEVISION MODEL 1. You buy the television 2. You plug it in 3. It works perfectly for the next 10 years 3 THE COMPUTER MODEL (WINDOWS EDITION) 1. You buy the computer 2. You plug it in 3. You install service packs 1 through 9f 4. You install 18 new emergency security patches 5. You find and install 7 new device drivers 6. You install antivirus software 7. You install antispyware software 8. You install antihacker software (firewall) 9. You install antispam software 10. You reboot the computer 4 THE COMPUTER MODEL (2) 11. It doesn’t work 12. You call the helpdesk 13. You wait on hold for 30 minutes 14. They tell you to reinstall Windows 5 TYPICAL USER REACTION The New York Times recently reported that 25% of computer users have gotten so angry at their computer that they physically hit it. 6 IS RELIABILITY SO IMPORTANT? • Annoying • Lost work • But also think about – Industrial control systems in factories – Power grids – Hospital operating rooms – Banking and e-commerce servers – Emergency phone centers – Control software in cars, airplanes, etc.
    [Show full text]
  • Installation Guide Version 4.2
    AIX Installation Guide Version 4.2 SC23-1924-00 AIX Installation Guide Version 4.2 First Edition (April 1996) This edition of the AIX Version 4.2 Installation Guide applies to the AIX Version 4.2 Licensed Program and to all subsequent releases of this product until otherwise indicated in new releases or technical newsletters. The following paragraph does not apply to the United Kingdom or any country where such provisions are inconsistent with local law: THIS MANUAL IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. Some states do not allow disclaimer of express or implied warranties in certain transactions; therefore, this statement may not apply to you. It is not warranted that the contents of this publication or the accompanying source code examples, whether individually or as one or more groups, will meet your requirements or that the publication or the accompanying source code examples are error-free. This publication could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein; these changes will be incorporated in new editions of the publication. It is possible that this publication may contain references to, or information about, products (machines and programs), programming, or services that are not announced in your country. Such references or information must not be construed to mean that such products, programming, or services will be offered in your country. Any reference to a licensed program in this publication is not intended to state or imply that you can use only that licensed program.
    [Show full text]
  • Implementation of Tripwire: a File System Integrity Checker
    Purdue University Purdue e-Pubs Department of Computer Science Technical Reports Department of Computer Science 1993 The Design and Implementation of Tripwire: A File System Integrity Checker Gene H. Kim Eugene H. Spafford Purdue University, [email protected] Report Number: 93-071 Kim, Gene H. and Spafford, Eugene H., "The Design and Implementation of Tripwire: A File System Integrity Checker" (1993). Department of Computer Science Technical Reports. Paper 1084. https://docs.lib.purdue.edu/cstech/1084 This document has been made available through Purdue e-Pubs, a service of the Purdue University Libraries. Please contact [email protected] for additional information. THE DESIGN AND IMPLEMENTATION OF TRIPWIRE, A FILE SYSTEM INTEGRITY CHECKER Gene H. Kim Eugene H. SpDlford CSD·TR·93'()7I November 1993 The Design and Implementation of Tripwire: A File System Integrity Checker Purdue Technical Report CSD-TR-93-071 Gene H. Kim and Eugene H. Spafford COAST Laboratory Department of Computer Sciences Purdue University West Lafayette, IN 47907-1398 November 19, 1993 Abstract At the heart of most computer systems is a file system. The file system contains user data, executable programs, configuration and authorization information, and (usually) the base exe­ cutable version of the operating system itself. The ability to monitor file systems for unautho­ rized or unexpected changes gives system administrators valuable data for protecting and main­ taining their systems. However, in environments of many networked heterogeneous platforms with different policies and software, the task of monitoring changes becomes quite daunting. Tripwire is tool that aids UNIXl system administrators and users in monitoring a designated set offiles and directories for any changes.
    [Show full text]
  • Sealing OS Processes to Improve Dependability and Security
    MSR-TR-2006-51 This is a draft paper that is under submission. Please contact Galen Hunt for citation information. Sealing OS Processes to Improve Dependability and Security Galen Hunt, Mark Aiken, Paul Barham, Manuel Fähndrich, Chris Hawblitzel, Orion Hodson, James Larus, Steven Levi, Nick Murphy, Bjarne Steensgaard, David Tarditi, Ted Wobber, Brian Zill Microsoft Research Abstract On most modern operating systems, a process is a hardware-protected abstraction for executing potentially mutable code and data. Common features of processes include: dynamic code loading, dynamic code generation, access to cross-process shared memory, and a universal API. This paper argues that many of the dependability and security weaknesses of modern systems are exacerbated by this open process architecture. Moreover, this architecture impairs the ability of tools to analyze code statically, to improve its performance or dependability. By contrast, a sealed process architecture prohibits dynamic code loading, prohibits self-modifying code, prohibits shared memory, and replaces a universal API with a process-limited API. This paper describes an implementation of a sealed process architecture in the Singularity operating system, discusses its merits, and evaluates its impact. Among the benefits are: improved static program analysis, strong security guarantees, elimination of OS redundancies found in language runtimes such as the JVM and CLR, and better software engineering. 1. Introduction 1.1. Disadvantages of Open Processes The process, as a recognized operating system Although common, open processes are not “free.” abstraction, debuted in Multics [52] in the 1960s. This architecture has negative consequences for Multics processes included support for dynamic code dependability, correctness, security, and performance.
    [Show full text]
  • DNS for Rocket Scientists Section 1 Overview
    DNS for Rocket Scientists This Open Source Guide is about DNS and (mostly) BIND 9.x on Linux (REDHAT Versions 6.x and 7.x) and the BSD's (FreeBSD, OpenBSD and NetBSD). It is meant for newbies, Rocket Scientist wannabees and anyone in between. This Guide was born out of our first attempts a number of years ago at trying to install a much needed DNS service on an early Redhat Linux system. We completed the DNS 'rite of passage' and found it a pretty unedifying and pointless experience. Health Warning: This is still a work-in-progress. If you have expertise in something - contribute some text. If you find errors don't grumble - tell us. Look at our to do list and if you want to contribute something please do so. And for all that hard work we promise only a warm sense of well-being and an acknowledgment of your work in the licence. Section 1 Overview What's new in Guide version 0.1.27 1. Boilerplate and Terminology 1.1 Objectives and Scope 1.2 How to read this Guide 1.3 Terminology and Conventions used 1.4 Acknowledgements 1.5 Copyright and License 2. DNS - Overview 2.1 A brief History of Name Servers 2.2 DNS Concepts & Implementation 2.2.1 DNS Overview 2.2.2 Domains and Delegation 2.2.3 DNS Organization and Structure 2.2.4 DNS System Components 2.2.5 Zones and Zone Files 2.2.6 DNS Queries 2.2.6.1 Recursive Queries 2.2.6.2 Iterative Queries 2.2.6.3 Inverse Queries 2.2.7 Zone Updates 2.2.7.1 Full Zone Transfer (AXFR) 2.2.7.2 Incremental Zone Transfer (IXFR) 2.2.7.3 Notify (NOTIFY) 2.2.7.4 Dynamic Zone Updates 2.2.7.5 Alternative Dynamic DNS Approaches 2.3 DNS Security Overview 2.3.1 Security Threats 2.3.2 Security Types 2.3.3 Local Security 2.3.4 Server-Server (TSIG Transactions) 2.3.5 Server-Client (DNSSEC) 3.
    [Show full text]