Link to Original Source
Link to Original Source
Whatever gave you that idea? Opera was build from the ground up to handle real sites with non-standard code. It support all kinds of non-standard crap. If Opera had really refused to render sites that are not 100% standards compliant, no sites would be working at all.
So there is no "nazi like adherence to standards", nor are they trying to force changes. They are being pragmatic and building the browser to work with real sites.
Yet, they often dont display pages correctly that work fine in firefox, i.e., chrome and even safari. If this isnt because opera is being too strict by enforcing standards(as they have often stated), what is it? I also find it funny that you completely ignored my second point, regarding their shitty implementation of features, and jumping to a political defence. Is this b ecause the technical defence is nigh impossible?
Once again you seem to fail miserably at reflecting reality in your comment. The problem wasn't that Microsoft shipped a browser with Windows. It was that Microsoft abused its OS dominance to destroy the browser market.
Of course, your comment also ignores the fact that Google, Mozilla and several other companies backed the complaint, but for some reason, you are only whining about Opera...
Opera started the complaint. Opera was the main party. The others took advantage after the fact, and did not list the same reasons as opera.
Also, Microsoft including IE did absolutely nothing to destroy the browser market. Back when netscape existed, yes. For the last 5 years, no, not a chance. People have always been free to use whatever browser they like, the fact that IE is included with windows is not forcing you to use it.
And now you have broken up my paragraph to take things out of context. Why? Make your points as a cohesive whole, and they will give you your argument that much more credibility.
Why? As long as it doesn't affect the browsing it's irrelevant for you. You won't even notice that it's there unless you actually activate it.
Imagine if they worked on fixing their rendering engine instead.
Most of the world is still on shitty connections. In fact, huge parts of the US is still on shitty connections. This is especially true if you use public wifi, for example. Most of the world will definitely benefit from Opera Turbo, so now you are just being narrow-minded.
Oh, bullshit. If web accelorators were such a godsend, then we would be using them. No, Opera took a feature from the days of dialup and reintroduced it, and it really isnt necessary, at all.
Faster than what? It's noticeably faster than Firefox.
Well, why ask a question when I already answered it in my original sentence? See, another reason not to try and be smart and take things out of context.
And no, its not faster than firefox.
Opera's tab handling has always been superior to that of other browsers. Opera had proper tabbed browsing back in 2000 or so.
1. Your definition of better is subjective. 2. Youre wrong. 3. Opera did not have tabbed browsing in 2000 or so. They had an MDI. Firefox was the first MTI browser.
Opera did invent or pioneer most of the things you see in modern browsers. Popup blocking, tabbed browsing, address bar searches, sessions, full page zoom, speed dial/top sites, memory cache, private data management, etc.
Fucking revisionist bullshit.
1. Addons for internet explorer had popup blockers before opera ever did. 2. They did not pioneer tabbed browsing, they had an MDI. Firefox pioneered tabbed browsing as we know it today. 3. I'll give you address bar searching, depening on how you mean it. Firefox has had keyword support for a mighty long time AFAIK. 4. Not so for sessions, that again goes to addons for existing browsers or firefox with its very basic session restore functionality. 5. Maybe, but a minor improvement is not an innovation. 6. I guess you can call speeddial an innovation. Graphical bookmarks....yay. 7. opera did not innovate the memory cache. Are you serious? 8. Nor did they innovate private data management. Again, that would be various addons.
Who implements it better is a matter of taste. Who implemented it first or pioneered it is not.
On that we agree. Opera has pioneered maybe two things which are not directly related to the browsing experience. well done guys.
2. They dont do features well. Ad blocking, addons, firebug equivalent etc....everything is better on firefox. Even the user interface is a bit awkward...I get that it is subjective, but honestly the toolkit is just a bit ugly....and the whole thing feels a bit....retarded? When there is a torbutton extension, decent adblocker, decent firebug equivilant and when it is anywhere near as customizable as FF, maybe it can be considered.
3. This is more of an ideological reason than technical....but them tattling to the EU because microsoft ships a b rowser with their OS. In this day and age every OS should have a browser, and MS was not preventing anyone from using any other browser. It was a bitch move by Opera to try and get more market share because they have an inferior product.
4. They try to do too much. Webserver in a browser? Overkill. I like my webbrowsers for browsing, thanks. A torrent client kind of makes sense, but as with many things like that when they are integrated, you lose the control a proper torrent client provides, so not a useful feature really. Opera Turbo? Cant see it being that much faster with the prevalance of broadband these days. Maybe if everyone was still on dialup.
That about sums it up. Oh, and one more thing. Opera did not invent most of the features first. It did not have tabbed browsing, it had a shitty albeit innovative MDI, as opposed to a tabbed MTI. Thing office 97 versus current versions of IE and firefox. It did have mouse gestures, which no one uses. Pretty much everything else fanbois like to claim opera invented were either not invented by opera at all, or were implemented far better by the competition.
The article does address "PID randomization, ASLR, and extensive support for chroots" as well as secure levels. There is a whole section devoted to these technologies. The whole point is that are all aimed at preventing attacks from happening, and that there is no way to sufficient lock down a system in the event someone does get in.
An EACL at the kernel level is not any more of a bolt on solution than rewriting Apache to have privielge sepration or adding in executable space protection. OpenBSD is only useful as long as you don't stray outside the tiny base system of audited code. If you run 3rd party software which has a hole that gets exploited, then you're FUBAR
You may not agree with the article, but don't say the author did not address the protections available already within OpenBSD when he clearly did.
Until that is resolved, no one in their right mind would try and write anything MAC related for OpenBSD. I suspect the developers don't wish to resolve it however, and are happy with their stance.
I agree there may be FUD on both sides, but having too much faithe in MAC is hardly FUD, while dismissing it without understanding it certainly is. I could understand the project not wanting to implement MAC as not being useful to their target audience...but to dismiss and attack it is just stupid.
Anyway, I thought systrace was not in the base system, but in ports? Are you saying that if I do a fresh install of OpenBSD 4.7 and don't install any ports, I will have systrace available to use?
This sounds a lot like what securelevel(7) already does.
Nope. Not at all similar in terms of capabilites. Securelevels are a pale imitation of what you can do with MAC, not even close.
If you really think securelevls are at all close to MAC, then you really don't understand MAC.
There is absolutely no reason to put up walls so the sysadmin can't do anything, rather than fix the bugs that let an attacker gain root in the first place.
It's not putting up walls, it's enforcing secure policy and good practice, and sometimes the law.
Sepeartion of duty, read up on it.
I understand your point, and that OpenBSD is not a dictatorship and that there are some interested in MAC, but just skeptical, and I have to disagree.
I am quite sure without exception, on the mailing lists on the big debate in 2007 and that insecure article that without exception every lead developer stated that MAC is at best does not offer any additional security, and at worse is false security actually making things worse.
It is such a poor understanding of such an import security technology that it makes me sad for the project that is meant to be focused around security.
Not a single lead developer...Theo, Bob Beck, marc Espie etc...they were not skeptical, they outright acctacked it and dismissed it...just spreading FUD.
I understand that someone would be heard if they were to actually contribute and show something rather than whining or discussing it, but if this is the episode given by the representative developers and the user community, why would anyone even begin such a thankless task?
Let us not forget, they have the trustedbsd project at their disposal, as well as other software like apparmor and rsbac which is meant to be portable. The problem is not the lack of an implementation, but an outright fear and rejection of MAC for bringing unneccesary complexity to the table.
Just look at systrace, most of the lead developers attacked it, despite some of the users finding it useful/interesting. Given the cold reception minimac got, I would hae to see the reaction someone attempting to port TrustedBSD or so would receive.
It would be pretty funny though if someone were to fork OpenBSD as SecureOpenBSD with MAC...
Until the developers and to a lesser extent the suers bother to understand MAC and stop outright attacking and dismissing it, I can't imagine anyone even considering writing a MAC framework for OpenBSD. It truly does seem a thankless task, which is a shame as it would significantly enhance OpenBSD's capabilities and usefulness to outside of the firewall/router scenario.
Lets say a user exploits Firefox...you would think the exploit would have full access to the users files right? Nope, not so. With MAC, there could be only write access to a downloads directory, no execute access except for a whitelist of files, and only append access for the rest. If the exploit tryied to delete anything, it would fail. Can OpenBSD do anything remotely similar?
Unfortunatly for the examples you gave, neither OpenBSD nor MAC can do much to protect against something like a database, where it is a program that handles storing records outside of the filesystem, and thus scope of the OS and MAC.
I do think the issue is interesting and deserving of its own discussion though.
(I think there are about 200 comments, but only the initial comment is counted)
I also think the article is more than just pointing out the lack of access controls, it is also against the secure by default policy, strl calls, lack of ways to lock down a system, lack of auditing etc...
The reason access controls are needed for a secure system is because access controls are about more than containing external intruders....
2. An example from a commenter on the blog is that he needed to prevent root from reading users files. OpenBSD is almost the only OS left that can't meet this requirement.
3. Auditing, along the lines of what OpenBSM provides. This isn't related to MAC, yet the team still doesn't implement it...
The archaic UNIX security model is exactly that, archaic. There are needs it cannot meet, and something like MAC is needed.
It does provide increased security by enforcing proper separation of duty and privilege correctly, not adding it in later as OpenBSD has done.
I love OpenBSD, but to dismiss MAC as a waste of time just serves to discredit yourself.