Even if a quantum supercomputer can decipher a trillion bit key in one second, then a 500 trillion bit key should take it 500 seconds

I may have misunderstood quantum computing, but I believe that if it can crack a key at all, it can do it in one cycle. Is this not right? If it is, then the object is to have more bits in the key than any quantum computer has been built to handle, and you're safe until they catch up.

From the point of view of evolving systems, the constant of no security being perfect will be a powerful engine for innovation. I never saw hacking or hackers as a detriment. Instead they keep systems from stagnating. They force improvements and creative solutions in programming of security. Intern an improved security system will only inspire innovative ways in cracking it. This will only benefit us in helping technology as a whole improve. I feel that the best security system will be one that is completely dynamic. One that continually changes and reprograms itself. One that plans on being cracked and acts accordingly. Most likely some sort of AI will sooner or later be created for this purpose. An intern an AI will be created to defeat it. Thus an evolving system born from a simple conflict.

I don't run a browser on BSD, I use BSD for a firewall and NAT router.

Open BSD is almost entirely free of buffer overflows, and even the swap space is heavily encrypted….

OK, but that's not nearly everything. If you run a Web browser on it, you're not going to be safe from buffer overflows. It may be tough to get root, but that's small comfort if they can still do anything they want to all your user-level data.

Once again, it's not that I don't think OpenBSD is a good thing. If I were setting up a Web server I really cared about (as opposed to the toy one I actually run), then I'd probably use OpenBSD on it.

Even so, the fundamental security model of OpenBSD is still a UNIX model, in which it's harder to do things securely, and easier to blow the security of the whole system by installing one ill-advised program, than in some other models. OpenBSD still has the concept of "root", for example, and it still grants access to resources at the very coarse-grained level of user IDs.

Of course, as I've been saying, it's pretty easy to screw up in any model. Even a pure capability system will eventually fall apart if you drop it into the environment in which most of today's software is written.

Actually, OpenBSD is an interesting case. Here we have people who really are paying attention to security, and really have thought about the issues, but they're still forced, by installed-base realities, to keep fixing bugs in the fundamentally flawed Unix model, rather than starting fresh.

Perhaps I should have said FREE OS , for all the pedant-heads here…

EROS is GPLed, and has been for a long time. How much more free do you want it to be? Of course, no apps run on it… and porting them in such a way as to preserve any fine-grained security would be a real pain.

This is actually relevant… it's an example of how hard it is for a computer to figure out whether something is legitimate or not.

Every time people try to overreach with simplistic software, writing things like firewalls or this lameness filter, they get screwed. Nobody every seems to get a clue, though.

He did not use caps? Is that the best you can do? Who CARES??

I can't use any caps at all, even digits are read as caps and abort my posts. Probably because I have -5 karma due to the gang-banging my posts got last week.

Go on IRC. #Legions. Make an ass of yourself. Wait to get r00ted. Open BSD is almost entirely free of buffer overflows, and even the swap space is heavily encrypted…. Perhaps I should have said FREE OS , for all the pedant-heads here…

Open bsd is the most secure OS around, flat out.

More secure than EROS? Than KeyKOS? Against what threat model?

I have a lot of respect for OpenBSD, and you're probably right in terms of OSs that are both generally available and generally useful. But come on. Perspective.

I don't seem to be having any trouble capitalizing "BSD".

turn down the lame filter!