| Deutsch English Français Italiano |
|
<1026ke1$hh9a$1@dont-email.me> View for Bookmarking (what is this?) Look up another Usenet article |
Path: news.eternal-september.org!eternal-september.org!.POSTED!not-for-mail From: Simon Clubley <clubley@remove_me.eisner.decus.org-Earth.UFP> Newsgroups: comp.os.vms Subject: Re: Upcoming time boundary events Date: Mon, 9 Jun 2025 12:35:13 -0000 (UTC) Organization: A noiseless patient Spider Lines: 33 Message-ID: <1026ke1$hh9a$1@dont-email.me> References: <100fp4v$1nmtf$1@dont-email.me> <100omli$3t023$1@dont-email.me> <100qdop$6q13$1@dont-email.me> <100qg5t$3jb0$1@dont-email.me> <1014ad8$2jurh$1@dont-email.me> <101dnbj$omrq$1@dont-email.me> <mn.fae77e95a3bdb69b.104627@invalid.skynet.be> <101f0ei$1568p$1@dont-email.me> <mn.127a7e96667d7f35.104627@invalid.skynet.be> <mn.12887e9614a7408b.104627@invalid.skynet.be> <101k68r$39d9f$3@dont-email.me> <mn.1a747e96f898112d.104627@invalid.skynet.be> <101n4rj$34un$3@dont-email.me> <mn.226b7e96be736c6b.104627@invalid.skynet.be> <101qiik$13glj$4@dont-email.me> <mn.2a847e968448ca5d.104627@invalid.skynet.be> <101tau9$1qu8n$9@dont-email.me> Injection-Date: Mon, 09 Jun 2025 14:35:14 +0200 (CEST) Injection-Info: dont-email.me; posting-host="a76611de1834b59071e43341ddd7e55b"; logging-data="574762"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX18JjHbdbU9Crx032+h/WgnOYvUgLbnf2d4=" User-Agent: slrn/0.9.8.1 (VMS/Multinet) Cancel-Lock: sha1:gCSDPpldUI+qZBFrBAhPySn+LCs= On 2025-06-05, Lawrence D'Oliveiro <ldo@nz.invalid> wrote: > On Thu, 05 Jun 2025 10:44:51 +0200, Marc Van Dyck wrote: > >> Lawrence D'Oliveiro laid this down on his screen : >>> >>> Basic security should be built into the core OS installation, not added >>> as an afterthought -- and an extra-cost one at that. >> >> There are already many security features available in OpenVMS. More than >> what many people need. There must be a trade-off. Building more stuff >> into the OS means that more customers pay for features they don't need. > > Look at what comes standard in the Linux kernel: cgroups, namespaces, > containers, virtualization, SELinux, AppArmor, the whole pluggable LSM > mechanism, seccomp, netfilter, EBPF ... and that?s just off the top of my > head. > It also has ASLR, KASLR, shells that don't have access to privileges outside of the privileges the user has, and encrypted filesystems. It also has secure password hashing algorithms and a central source of entropy, both of which have only recently been added to x86-64 VMS (but not added to the other VMS architectures). On a non-security level, it also has support for filesystems in user space, and pluggable kernel mode filesystems (which can be unloaded again without needing a reboot). Simon. -- Simon Clubley, clubley@remove_me.eisner.decus.org-Earth.UFP Walking destinations on a map are further away than they appear.