|
|
Log in / Subscribe / Register

OS Reviews launches

[Posted April 5, 2006 by corbet]

OS Reviews, a site dedicated to reviews of free software, has announced its existence. Currently posted are reviews of AppArmor, OpenVPN, Battle For Wesnoth, Octave, Bacula, and more; the reviewer appears to be doing a fairly thorough job. See the OS Reviews mission statement for more on what the site is trying to do.
to post comments

OS Reviews launches

Posted Apr 5, 2006 15:33 UTC (Wed) by nix (subscriber, #2304) [Link]

A shame it doesn't have a comments feature so I can't point out the conceptual flaw in the AppArmor review. He doesn't understand the threat model it defends against: it's not intended to let you run explicitly malicious code safely, but rather to let you constrain non-malicious code such that attackers can't make it do malicious things even if, say, they buffer-overrun it.

The reviewer complains that constraining processes by capability is useless because capabilities are for increasing rights, not taking them away: well, obviously he's failed to notice the utility of constraining processes running as root. You can remove all but a few capabilities from root-running processes, and ban them from writing to or reading from pretty much all files, and although they're still technically running as root there's not much they can do to harm anyone anymore. (Just about the only remaining dangerous thing they could do would be to signal other root-owned processes, and while this is still nasty it's not something that malicious code generally tries to do and there's not much chance of an attacker managing more than a DoS that way.)

AppArmor isn't so useful for non-root-owned processes with no capabilities, but you can still constrain FS access. (Constraining what network ports a process is allowed to open or listen on is an interesting idea which should be fairly easy to fit into the AppArmor; at least conceptually it's not hard.)

OS Reviews launches

Posted Apr 5, 2006 20:32 UTC (Wed) by skx (subscriber, #14652) [Link]

It is unfortunate that, like this site, the code behind the scenes is "going to be open after a code cleanup". I imagine that cleaning up could have happened before the launch.

It looks like a useful resource, although the lack of comments (discussed in the FAQ) is a shame. The FAQ also claims the editing pre-written articles to fit into the site is a big job which I find hard to swallow given the length of some of the existing comments.

Still more documentation and exposure for applications can't hurt anybody so I wish them every success.

OS Reviews launches

Posted Apr 5, 2006 21:50 UTC (Wed) by josh_stern (guest, #4868) [Link]

In case anyone from OS Reviews is reading this...your mission statement has a typo where you use the word "four" instead of "for". Your homepages says that "Suggestions for improvements, corrections or proposals for new reviews should be sent to proposals@osreviews.net" but an email I sent to that address bounced.

I'm avoiding this site

Posted Apr 7, 2006 1:49 UTC (Fri) by pr1268 (guest, #24648) [Link]

Based on the three user comments above, I'm avoiding this site like The Plague.

Sadly, the issues of this site (typos, bouncing e-mails, lack of ability to post user comments, or even the technically inaccurate information presented) are an all-to-common symptom. Several sites exist to enumerate, survey, analyze, critique, and review free and open-source software, but my experiences on other sites (and the users who posted the above comments regarding OS Reviews) seem to indicate that there is a general lack of talent, resources, time, or financial compensation to build good Web pages with high-quality content devoted to educating and informing the FLOSS community.

Just my $0.02.


Copyright © 2006, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds