I use the TFM

Quote:

---

How hard is it to just type out abbrieviations at least ocne in your post.

It's like a noob trying to sound smart, while you're not smart. When you need weird abbrieviations or weird words in general to get your message accros, you're just pretending to be smart. Smart people don't need them.

---

While I agree this is best practice and a must for stand alone papers... I think it can get tiresome or even forgetful to spell something out in each new thread, especially if you make a new thread based on a tangent of another thread.

Anyhow... that is no excuse for you to be insulting. Lastly, before you go acting like you know how smart people act... is Einstein known for "Energy is equal to matter multiplied by the speed of light squared" or "E=mc^2"?

Thanks for the well wishes nihil.

cheers,

catch

catch,
You're right, it's no excuse to be insulting. Being insulting gets my point accros better though. I was just annoyed with the first post in this thread, since noone was sure what exactly imationrust ment.

On Einsteins thing, he wrote an entire article about that. E=mc^2 is just one word from that article. Most people don't know what it means either, so if you want to ask the "general public" a question about it, it's only normall to explain at least where it comes from. You can't expect people to spend several minutes figuring out your question first.

1)If you don't know an abbreviation just ask.

2)If you are going to use lots of abbreviation in a post be prepared to expand when asked.

I was going to put a post in site suggestions for an abbreviation bank but if everyone is prepaired to do 1,2 there isn't a lot of point.

Not worth getting hot and bothered about :)

TFM is a wonderful thing but it's got too much of a backbiting edge, being that the authors of said TFM believe their creation to be the 'be all end all bible' of their package/equipment. Since we, as seasoned IT types, know vastly different, we're prepared for such fallacy, but I worry about the 'common user'. I use TFM to get basic operating terms and procedures, then take whatever and do my whorish best to break it and tinker.

IMHO writing TFM is a pain in the arse due to required standards - it's like trying to fit a description of the mona lisa into a tight military stencil. Such standards restrict the author into tight boundaries which cause the 'not enough info' problem - perhaps they need to be loosened a bit or trashed entirely and a new set of guidelines written (GAGS remembering ISO9000)...

Let us please not let this most interesting discussion degenerate into sparring - Some of us stand to learn a lot from this (me especially!)...

[edit]*cough* Catch, it's Energy = MASS times speed of light squared... as taught to me back in 5th grade physics but hey, you've made a point there, which is why there's 'definitions of terms' required in all legal documents and should be in all TFM's - boring reading but necessary. [/edit]

For the umpteenth time, you add no value to these threads. People, this is just how neel reacts to things he doesn't comprehend. If you don't believe me, do a search for CC EAL-7 level COTS OS in google.

Seriously kid, if you don't understand something just ask. Or consult the RFC2828 or something. Read a book or two as well. ;)

But this whiny ****? Take it elsewhere.

!mitationRust,
Oh, I guess you misunderstood. What I was saying was: I think you are trying to hide your lack of knowledge and your non-lack of insecurity by using fancy words and abrievations. You use them to cause confusion, so you sound smart yourself.
I don't have a problem with the content of your threads, I have a problem with you. "Go read a book"? Now who was asking the questions again?

Having trouble keeping up again, neel?;) It seems to me that you've never watched the news, been through college, or drafted a proposal. You're sensitive, you feel condemned by common terminology because you're untutored, perhaps even incoherent.

But this whiny ****? Take it elsewhere. ;)

"TFM is a wonderful thing but it's got too much of a backbiting edge, being that the authors of said TFM believe their creation to be the 'be all end all bible' of their package/equipment."
This is odd... I am not familiar with such TFMs. Typically they do cover the following points:

What functions and privileges that should be controlled when running a secure facility.
The procedures for examining and maintaining the audit files.
Detailed audit record structure for each type of audit event shall be given.
Describe the operator and administrator functions related to security.
Changing the security characteristics of a user.
Guidelines on the consistent and effective use of the protection features of the system.
How these features interact.
How to securely generate a new trusted computing base.
Facility procedures, warnings, and privileges that need to be controlled in order to operate the facility in a secure manner.
Modules that contain the reference validation mechanism are identified.
Procedures for secure generation of a new TCB after modification of any modules.
Procedures to ensure that the system is initially started in a secure manner.
Procedures to resume secure system operation after any lapse in system operation.

I think the majority of these points must come from the vendor or they simply cannot be trusted... think about it how many terrible guides to XP or Linux security have you seen floating around the internet?

Quote:

---

Since we, as seasoned IT types, know vastly different, we're prepared for such fallacy, but I worry about the 'common user'. I use TFM to get basic operating terms and procedures, then take whatever and do my whorish best to break it and tinker.

---

Common users are most in need of this kind of documentation... would really nip the spread of worms and viruses right from the start.

Quote:

---

IMHO writing TFM is a pain in the arse due to required standards - it's like trying to fit a description of the mona lisa into a tight military stencil. Such standards restrict the author into tight boundaries which cause the 'not enough info' problem - perhaps they need to be loosened a bit or trashed entirely and a new set of guidelines written (GAGS remembering ISO9000)...

---

Military standards for TFM authoring? You mean the Yellow-Green Book (NCSC-TG-016)? Let's have a look at this harsh requirements:

"Audit
The TFM should describe the TCB commands and interfaces available to the auditor that enable him or her to monitor the accumulation of auditable events and to respond effectively to such event signals."
http://www.radium.ncsc.mil/tpep/libr...SC-TG-016.html

Holy cow, that sure is brutal. ;) You prolly think I picked an easy requirement? That is from the B3 section and completely covers B3 related auditing. (There are no additional requirements in the TFM for A1 systems)
The guideline is very loose, it merely addresses areas that ought to be covered and then areas that must be covered for specific evaluations. The idea is that at higher evaluations you should have high assurances because you know exactly how to configure the system to operate in a secure manner.

Quote:

---

Let us please not let this most interesting discussion degenerate into sparring - Some of us stand to learn a lot from this (me especially!)...

---

I couldn't agree more.

Quote:

---

*cough* Catch, it's Energy = MASS times speed of light squared... as taught to me back in 5th grade physics but hey, you've made a point there, which is why there's 'definitions of terms' required in all legal documents and should be in all TFM's - boring reading but necessary.

---

Yeah yeah... cut me some slack it was like 7am when I made that post and I was on my way to bed. I agree about defining the terms... however like I said, these threads can become conversational and it is very easy to forget that something defined in one thread may not carry over to a lateral thread.

cheers,

catch

Hey guys 'n gals........................one of our own, Catch has gone out there?..............where are the congrats and good wishes? am I the only one who cares?

And which one of you shall I pick on next?

:D

Catch, best wishes mate, and I shall have a Mass said for you................that will be three off this site this week..............at least yours is a happy one!

God bless

:)

Quote:

---

Having trouble keeping up again, neel? It seems to me that you've never watched the news, been through college, or drafted a proposal. You're sensitive, you feel condemned by common terminology because you're untutored, perhaps even incoherent.

But this whiny ****? Take it elsewhere.

---

Ooh, that's a though one. So if I understand you correctly you're saying I'm right?