Even if most mathematician accept Real number this doesn't mean they exist.
There are plenty of deep thoughts about the "reality" of the reals. Even some fun ones like Borel's all-knowing number but your argument is essentially is claiming that cunicula is making an ad populum fallacy. All that aside, what few mathematicians would deny is the
necessity of the reals. Which is, incidentally all that's required to talk about - you know - your approach and metrics with regard to security.
What if my statistic is a composition of measurable and non-measurable functions?
Why not give us a concrete example from a field of our choice of this kind of statistic?
I don't have a good answer for this. Again I see people making wrong affirmations
How do you know they're wrong? Perhaps you're drawing wrong conclusions based on your poor language skills? Like you did with the exchanges about SELinux. Hmm...a concrete example of you being wrong but...no examples of these other people making "wrong affirmations". Strange!
and insulting others,
Where "insult" can mean just about anything I guess. Given again that to you "betraying your skillset" can be an insult. Rather than simply an example of you not understanding the term. Also considering that you have laid out as many or more (real) insults - in some case to people who had not insulted you. (
Oh and you continue to send them to me privately - very classy!)
Do you really think you've got any moral high ground left here?
Here's a real gem:
Please respect my objective opinion. I will respect your personal belief.
....and somehow you think you thought this would go over well.
still I'm the one to calm down?
Are you admitting you're not calm here? Anyway, I'd say that you need to simply be open to explaining yourself. You know like you haven't been doing this entire time. Your arguments should stand on your own. Not turn into some nonsense expression of your arrogance. That somehow everyone must bow to your opinion - with little or no explanation. Yeah, real humble.
Just like you're doing now: you don't know my background, still you accuse me of being over my head.
...and by the same token. You don't know his so how do you know he is wrong?
If I were in the university I would take out my papers and my citations, and I would ask you to do the same.
Who cares. As someone who works in academia there are plenty of profs who talk through their asses. Especially if, for example they are talking outside of their field. i.e. While engineers, medical researchers, and even some lowly security personnel are bright people and use statistics daily - sometimes even correctly ;-). They are still 'out-of-field' when talking *about* statistics. In the same way that people who drive a car to work every day doesn't make them a mechanic.
On the internet is different, so please refrain to speak about people's ability, if you are not sure.
Shall I quote all the places you've done this about other people in this thread without having objective evidence? Hmmm? All the insults you laid out to people like kokjo?
At one time OpenBSD would have been the top of the heap for security but as I've said times have changed.
But -in your opinion- it's still a good security-wise, right?
If not, do you care to explain more?
Sorry if this is a broader answer than you were wanting but...
I don't have an opinion on the security of say OpenBSD in a broad sense because I don't have a useful general definition of "security".
What I do see is that OpenBSD has similar *mechanisms* to secure itself when compared against say Linux. There is also a group of people concerned with the security of the OS and there exists a body of knowledge on securing the system. These are all positive things. There may be various advantages and disadvantages to individual elements but it's not always easy to judge this kind of thing.
For example: lets focus on one talking point I've mentioned a number of times (or perhaps 'harped on' ;-) ). ASLR - PaX (which is available through a series of patches to the Linux kernel or pre-patched sources from the Gentoo hardened branch or from pre-compiled kernels) does the most complete job of address randomization. Better than execshield (which is what RH and other Linux's use OOTB), and W^X (in OpenBSD). For example the bit size for stack randomization in PaX is double that of W^X. There are also fewer guarantees as to what will or won't be protected using W^X. Especially with regard to the Kernel - as of the last release I looked at. A problem with the kernel stack will not be prevented by W^X.
That said PaX needs to be enabled whereas W^X is available out of the box (so is execshield btw). This is a double-edged sword. In one case W^X protects everything in userspace because it's patched not the Kernel calls but malloc. The downside is that this breaks compatibility. So W^X becomes a kind of all-or-nothing game. If you had a piece of code for which there was no source and was incompatible with W^X then your whole system would have to not use W^X. In a lot of cases this doesn't matter because OpenBSD doesn't allow things that Linux does like binary-only drivers. However often enough you as the security professional don't get to make that choice. For example I can set and enforce (sometimes ;-) ) standards but I rarely can dictate their implementation details to them vis-a-vis "Never use binary drivers".
Non-trivial isn't it?...and that's comparing
just. one. mechanism. While I think ASLR is a great idea because it is one of the few *proactive* mechanisms that have come out in the last ten years. I'd be an idiot if I were to treat it as the only thing that matters.
So as I've said before comparison of operating system "security" is subtle and nuanced and anyone who suggests it's cut-and-dried is probably telling you out of some combination of ignorance and/or deceit. OpenBSD is good (Especially if you're writing code, I love having a rich crypto API guaranteed to be on any install), FreeBSD is good (but lacks some mechanisms that other OS's or even BSD's have), Linux is good (When patched with PaX and some kind of RBAC). All of them can be secured by someone with the right knowledge. Whether they can be secured to the needs of a particular project obviously depends on a myriad of other factors.
Hope that helps.