Free governed software for linux

KeyNote is a simple and flexible trust-management system designed to work well for applications.

Trust management, introduced in the PolicyMaker system [BFL96], is a unified approach to specifying and interpreting security policies, credentials, and relationships; it allows direct authorization of security-critical actions. A trust-management system provides standard, general-purpose mechanisms for specifying application security policies and credentials. Trust-management credentials describe a specific delegation of trust and subsume the role of public key certificates; unlike traditional certificates, which bind keys to names, credentials can bind keys directly to the authorization to perform specific tasks.

A language for describing `actions, which are operations with security consequences that are to be controlled by the system.
A mechanism for identifying `principals, which are entities that can be authorized to perform actions.
A language for specifying application `policies, which govern the actions that principals are authorized to perform.
A language for specifying `credentials, which allow principals to delegate authorization to other principals.
A `compliance checker, which provides a service to applications for determining how an action requested by principals should be handled, given a policy and a set of credentials.

The trust-management approach has a number of advantages over other mechanisms for specifying and controlling authorization, especially when security policy is distributed over a network or is otherwise decentralized.

Trust management unifies the notions of security policy, credentials, access control, and authorization. An application that uses a trust- management system can simply ask the compliance checker whether a requested action should be allowed. Furthermore, policies and credentials are written in standard languages that are shared by all trust-managed applications; the security configuration mechanism for one application carries exactly the same syntactic and semantic structure as that of another, even when the semantics of the applications themselves are quite different.

Trust-management policies are easy to distribute across networks, helping to avoid the need for application-specific distributed policy configuration mechanisms, access control lists, and certificate parsers and interpreters.

For a general discussion of the use of trust management in distributed system security, see [Bla99].

KeyNote is a simple and flexible trust-management system designed to work well for a variety of large- and small- scale Internet-based applications. It provides a single, unified language for both local policies and credentials. KeyNote policies and credentials, called `assertions, contain predicates that describe the trusted actions permitted by the holders of specific public keys. KeyNote assertions are essentially small, highly-structured programs. A signed assertion, which can be sent over an untrusted network, is also called a `credential assertion. Credential assertions, which also serve the role of certificates, have the same syntax as policy assertions but are also signed by the principal delegating the trust.

In KeyNote:

Actions are specified as a collection of name-value pairs.
Principal names can be any convenient string and can directly represent cryptographic public keys.
The same language is used for both policies and credentials.
The policy and credential language is concise, highly expressive, human readable and writable, and compatible with a variety of storage and transmission media, including electronic mail.
The compliance checker returns an application-configured `policy compliance value that describes how a request should be handled by the application. Policy compliance values are always positively derived from policy and credentials, facilitating analysis of KeyNote-based systems.
Compliance checking is efficient enough for high-performance and real-time applications.

This document describes the KeyNote policy and credential assertion language, the structure of KeyNote action descriptions, and the KeyNote model of computation.

Glarf is the working title of a video game. It is a platformer like Mario or MegaMan or Contra, but thats not the Big Idea.

The Big Idea is user created content, radical trust, randomness, and play. Weapon crafting is a key example.

Glarf can shoot things - fireballs, bouncy globs, liquids. When Glarf consumes a powerup, the things he shoots inherit some of that powerups properties, by being selective in what you eat or throw away, you can create weapons with powerful and interesting effects.

Eventually, players will be able to modify the code that governs the behaviour of object in the game world. And theyll be able to share it safely with other players. But for now were just working on getting a first level done that serves as a tutorial and is still fun.

VULCAN project provides computational fluid dynamics analysis.
VULCAN (Viscous Upwind aLgorithm for Complex flow ANalysis) offers computational fluid dynamics for subsonic speed through hypersonic turbulent reacting and non-reacting flows on a variety of serial and parallel computational platforms.
The computational cost of propulsion flow analysis is reduced through the use of special turbulent wall treatments, multi-grid methods for elliptic and space marching schemes, and conditioning of the governing equations to reduce numerical stiffness.
Physical modeling capabilities are improved through the inclusion of models for compressibility, Reynolds stress anisotropies, turbulent diffusivity, finite rate chemistry, and turbulence/chemistry interaction effects.
VULCAN can simulate two-dimensional, three-dimensional, or axi-symmetric multi-block problems.
Enhancements:
- This release adds logic to force the correct asymptotic behavior of the turbulence kinetic energy and the turbulence frequency (omega) for surface cell y+ values that are below the log layer portion of the boundary layer.
- It adds the output of reference stagnation conditions and dynamic pressure.
- There are numerous bugfixes, code cleanups, and fixes for setting initial conditions.
- There are minor GUI enhancements.

Bigtop::Docs::Cookbook is a Perl module for Bigtop syntax by example.

This document is meant to be like the Perl Cookbook with short wishes you might long for, together with syntax to type in your bigtop file and what that produces. In addition, many sections start with a simple question about what gets built by the backend in question.

This document assumes you will be editing your bigtop file with a text editor (it was written before tentmaker). You may also choose to maintain your bigtop file with tentmaker. Generally, the advice here governs what values you put in the boxes at the far right side of the Backends tab in tentmaker. Some of the other advice must be applied on the App Body tab. See Bigtop::Docs::TentTut to get started with tentmaker or Bigtop::Docs::TentRef for full details on using it.

For quick syntax reference consult Bigtop::Docs::Keywords for more complete information consult Bigtop::Docs::Syntax or Bigtop::Keywords from which tentmaker draws its on-screen information.

Mon.cgi is a CGI interface for viewing the status of a Mon service.
mon is a general-purpose scheduler and alert management tool used for monitoring service availability and triggering alerts upon failure detection. mon was designed to be open and extensible in the sense that it supports arbitrary monitoring facilities and alert methods via a common interface, all of which are easily implemented with programs in C, Perl, shell, etc., SNMP traps, and special mon traps.
mon views resource monitoring as two separate tasks: the testing of a condition, and triggering an action upon failure. mon was designed to implement the testing and action-taking tasks as separate, stand-alone programs. mon is fundamentally a scheduler which executes the monitors (each test a specific condition), and calls the appropriate alerts if the monitor fails. The decision to invoke an alert is governed by logic which offers various "squelch" features and dependencies, all of which are configurable by the user.
Monitors and alerts are not a part of the core mon server, even though the distribution comes with a handful of them to get you started. This means that if a new service needs monitoring, or if a new alert is necessary, the mon server does not need to be changed. This makes mon easily extensible.
That is from Jim Trocki who wrote mon, Im currently maintaining a web interface that works with mon which was based from Arthur K. Chans original mon.cgi.
Enhancements:
- This is the initial release of the Mon Web Interface (MWI), which is the progression of the mon.cgi Web interface.
- This interface is written entirely from scratch, with full CSS and HTML W3C complacency.
- This is an alpha release: the back end code is based on the mon.cgi tree, but the interface will have features that are currently unusable.

Finance::Quote::ASX is a Perl module that can obtain quotes from the Australian Stock Exchange.

SYNOPSIS

use Finance::Quote;

$q = Finance::Quote->new;

%stockinfo = $q->fetch("asx","BHP"); # Only query ASX.
%stockinfo = $q->fetch("australia","BHP"); # Failover to other sources OK.

This module obtains information from the Australian Stock Exchange http://www.asx.com.au/. All Australian stocks and indicies are available. Indexes start with the letter X. For example, the All Ordinaries is "XAO".

This module is loaded by default on a Finance::Quote object. Its also possible to load it explicity by placing "ASX" in the argument list to Finance::Quote->new().
This module provides both the "asx" and "australia" fetch methods. Please use the "australia" fetch method if you wish to have failover with other sources for Australian stocks (such as Yahoo). Using the "asx" method will guarantee that your information only comes from the Australian Stock Exchange.

Information returned by this module is governed by the Australian Stock Exchanges terms and conditions.

Java + information flow (Jif in short) is a security-typed programming language that extends Java with support for information flow control and access control, both at compile time and at run time.

The source code for the Jif compiler and run-time system is now available for download. Jif is written in Java and is built using the Polyglot extensible Java compiler framework.

Static information flow control can protect the confidentiality and integrity of information manipulated by computing systems. The compiler tracks the correspondence between information the policies that restrict its use, enforcing security properties end-to-end within the system. After checking information flow within Jif programs, the Jif compiler translates them to Java programs and uses an ordinary Java compiler to produce secure executable programs.

Jif extends Java by adding labels that express restrictions on how information may be used. For example, the following variable declaration declares not only that the variable x is an int, but also that the information in x is governed by a security policy:

int {Alice→Bob} x;

In this case, the security policy says that the information in x is controlled by the principal Alice, and that Alice permits this information to be seen by the principal Bob. The policy {Alice←Bob} means that information is owned by Alice, and that Alice permits it to be affected by Bob. Based on label annotations like these, the Jif compiler analyzes information flows within programs, to determines whether they enforce the confidentiality and integrity of information.