Slashdot Mirror

Portsnap is a system for securely updating the ports tree by
distributing signed compressed snapshots. This is the client
half of that system; it downloads compressed snapshots into /usr/local/portsnap ("portsnap fetch") and uses those to extract
a ports tree into /usr/ports ("portsnap extract") or update an
existing tree ("portsnap update").

In addition to operating entirely over HTTP, portsnap can use under
a tenth of the bandwidth required by CVSup if a copy of the ports
tree is being updated every few days.

Is there going to be a point at which the 4.x series is no longer supported, and there are no security updates, etc.?

Yes: two weeks from now.

With 6.2, csup is even better...

To elaborate

CVSup is *the* way to update the software and the OS on FreeBSD. You keep your /usr/ports tree and src distribution of the OS in sync with the official repositories using it. It is very similar to rsync, but takes advantage of CVS source code repositories (FreeBSD is stored in CVS).

It is a great tool, and really the only downside to using it is that it was written in Modula-3. Building CVSup from sources required a *lot* of time and was unnecessarily complex. To remedy this, the author of CVSup released a language called ezm3, which is basically a stripped down version of the Modula-3 source base that "contains only those components which are required for building and running CVSup". So to build CVSup, you first built ezm3.

As you can imagine, getting Modula-3 compiled on your system (even if it is a stripped down version of Modula-3), just to run CVSup was seen as overkill. But what really prompted work on csup (according to the authors) was because "the Modula-3 runtime environment was not ported to all the architectures supported by the various *BSD projects, and it was becoming increasingly harder to find people for maintaining the code."

csup is a rewrite of the CVSup software in C. I It is pretty fast, but currently supports checkout mode only -- not that big a deal, since most people only us CVSup to keep their ports and OS src trees in sync with the upstream repositories. Furthermore, since it is written in C, this has allowed them to put it in the base FreeBSD distribution instead of shipping it as a separate package.

On the whole, the goal is to comply with the SUS. As with most operating systems, the difference is in the implementation and the corner cases.

The main difference I notice is 'ps'. The Unix spec wants 'ps -ef'. BSD wants 'ps auxww'.

Some information on current efforts:

• C99
• Posix utilities

On the whole, the goal is to comply with the SUS. As with most operating systems, the difference is in the implementation and the corner cases.

The main difference I notice is 'ps'. The Unix spec wants 'ps -ef'. BSD wants 'ps auxww'.

Some information on current efforts:

• C99
• Posix utilities

I downloaded the netboot version of 6.2RC2 some days back and was pleasantly surprised to find that almost all the hardware was correctly recognized. This is a 2 year old compaq laptop with an Ralink PCMCIA wireless card. Not even the latest Linux distros can detect this card but OpenBSD and FreeBSD have the excellent ral driver in the kernel. Moreover the configuration is so simple when compared to the mess in Linux (iwconfig,iwpriv,ifconfig??) not to mention the troubles I had with ndiswrapper

All the BSD's use X.org anyway nowadays, so the folks who are looking for a good GUI environment won't be disappointed. Again, the laptop display settings were correctly detected and I didn't have to touch xorg.conf at all

Give OpenBSD and FreeBSD a try - you won't regret it. Having said that, prepare to actually RTFM in case you run into problems. 99% of the time the answers are in the fine integrated documentation that comes along with your OS install.

From: Ken Smith
Date: Jan 15, 2007 12:29 AM
Subject: [FreeBSD-Announce] FreeBSD 6.2 Released
To: freebsd-announce@freebsd.org
....

So, wow, Slashdot was only an hour and eleven minutes ahead of the announcement.

If you're not on the announce mailing list, the full text should appear at this URL soon: http://www.freebsd.org/releases/6.2R/announce.html -- not yet working as I write this!

FreeBSD 6.2 has now been announced.

Luckily, FreeBSD has an excellent system for updating the operating system by source code. This guide teaches you how to update to the latest stable release of FreeBSD via source code. It's really nice and works well. Just remember to use FreeBSD-STABLE instead of FreeBSD-CURRENT, unless you are a FreeBSD developer or are interested in the absolute latest development version of FreeBSD, working or not.

With 6.2, csup is even better...

According to the latest release notes, not all IA32 processors are supported as the 80386 is not specifically listed. Support for the 80386 was dropped starting with 6.0: http://www.freebsd.org/platforms/i386.html

The release announcement will not be available for a couple of hours. Slashdot jumped the gun as usual.

Torrents are available.

A script for upgrading FreeBSD 6.1 systems is available.

1. Here are the iPhone components according to FRB Research via arstechnica:

- Samsung Electronics for the CPU/Video processing
- Marvell for the 802.11 chipset
- Infineon Technologies for baseband communications
- Broadcomm Corp. for the touch screen controllers
- Cambridge Silicon Radio for the Bluetooth chipset

2. Darwin is an open source core based on FreeBSD according to Apple, Inc..

3. Here is freebsd on ARM processors (intel-based). ARM FreeBSD.

4. Why is it tough to believe that Apple would simply recompile necessary components of Darwin on the ARM processors and then include and compile the necessary (and only the necessary!) mid level libraries? Many existing apps would work with only minor modifications (to take into account the new control scheme) and a recompile.

GNU BSD ???? Would that be the Gnu's Not Unix Berkely Software Distribution of Unix? Because BSD IS Unix.http://www.freebsd.org/

Cheers

JE

They're fixing even more than just libkvm.

http://lists.freebsd.org/pipermail/cvs-src/2007-Ja nuary/date.html#73415

http://lists.freebsd.org/pipermail/cvs-src/2007-Ja nuary/073415.html

All this painful discussion over what is probably a non-issue? Don't you just love this brave new world of 30 blogs linking to each other creating an artificial buzz/panic? Is this a case of premature eblogulation?

People talk about "open ports." To me, that's right up there with "oh no! My IP address is visible!" paranoia. It's just not how computers work! Worms don't somehow jump into your computer through magic holes called "ports:" They exploit bugs in services.

A firewall is a safety net, and it makes perfect sense in, say, a production IT department to have as many safety nets and backups as you can. But a properly-configured machine, without exploitable crap running, shouldn't strictly need it, and I really think that a competent personal user can easily stay safe.

...To quote the film Brewster's Millions, "None of the above."

I heartily recommend evaluating FreeBSD. For people seeking something a little less prickly than the vanilla tree, PC-BSD is also available, which adds a graphical user interface by default and a more graphically oriented form of package management, among other things.

Stallman raises some valid points with regards to how Vista users are likely to get the shaft...but what Stallman isn't likely to want you to know is that there is a third option, which means you don't have to climb aboard the FSF/Linux bandwagon either.

FreeBSD is a very solid system. The Linux binary support means you can get such things as Adobe's binary browser plugins working with it, and FreeBSD also has native binary nVidia video card drivers available, meaning that you can play World of Warcraft and all of the usual 3D games with Wine. Ports, the package management system, has makefiles for over 16,000 applications, and it's also pretty much the only package management system I've used that I consider genuinely reliable and decent.

You will possibly see some people aligned with the FSF shouting me down for writing this...Stallman doesn't want anyone using FreeBSD or the BSD license, and the reason why is because if people do, that's less people who end up seeing him as an authority figure, or who he has to use as extra bodies for his activism.

It's got to the point where to a large degree, using an operating system associated with any particular group means you're vulnerable to control by that particular group. With Microsoft, sure, you end up with DRM. With Linux, you end up with *only* the license/s Stallman wants you to use, and no other...as well as possibly getting conscripted for his activism if you become sufficiently close with the FSF.

The only solution I've been able to find is to seek an operating system which isn't affiliated with any particular group...or at least controlling agenda. FreeBSD is one, and is probably the most mature that I've been able to find...but there are a few others, for people who want to investigate those. That however is what we need...an operating system, without economic, political, or technological control. Microsoft want economic and technological control of people...Richard Stallman wants political control of people. The reason why I don't find the offerings of either of those two camps appealing is because I value self-determination...the ability to make my own choices.

Why would a penguin wield a pitchfork?

I'd like to find your rational for that statement. OS X is based off of the Mach Microkernel. The FreeBSD people, to my knowledge, never bought into the idiotic "Microkernel on a multipurpose OS" hype.

Additionally, I'm pretty sure MacOS came out before January 2003 When FreeBSD 5.0 was released

Actually, according to Wikipedia, though not the best source available, it was based on OPENSTEP/NEXTSTEP. This also reports the release as 1999/2001 depending on version.

Linux (if you need a URL for Linux, you are probably at this site by mistake) does not seem to fare much better.

Vendors of commercial software would have you believe, free is supposed to be much worse: "Free and worth every penny"...

That it is even on par is great. If it is better, even if by "not much" — that's terrific!..

Personally, I'd rather the world used FreeBSD, of course, instead of imitations like "MacOS"/"Darwin", or "Linux" :-)

Yes, Mike. Not rocket science *for us*, but we seem to continue making the same mistakes most IT pros make when dealing with technology: That because it's simple for us, it's simple for everyone. It's not. Firewalls aren't understood by everyone. Heck, a lot of post-September users think fairies [1] deliver web pages.

The reason I suggest a VM is to jail the security update network stack from the main kernel. If you have, for example, a buffer overflow that allows arbitrary code execution in kernel space TCP/IP, you really don't want that running in your main kernel with a public connection; you want it jailed and only when the data is verified and checked against its hash do you want to apply the update image. If the jailed or virtual kernel becomes corrupt, it can be killed without harming the host OS. Detecting the jail doing something nasty should be simple; it should simply talk to one IP and download an image and hash file. If it starts opening other ports, kill it immediately. In fact, simply make the jailed process capable of only talking to the one host on one port. Useless for users and crackers, but just enough to update the OS safely.

I know it's heretic of me in the extreme to suggest the OS takes away a choice, that of diving into the big electronic blue without care or conscience, but a lot of Windows users (and maybe a few others) need these safety nets, if for no other reason than to keep the rest of us safe and our mail servers from fending off spam floods from botnets.

Doing this retroactively isn't an option; users of Windows up to and including Vista gold are now SOL for this idea, which is sad, especially given that Vista has a working out-of-the-box IPv6 stack. You think it's bad now? Just wait until every new machine has it's own publicly routable IP.

The idea, or any such protection mechanism, *must* be implemented in the first RTM version of the OS to work effectively, or at the very least a service pack or point release that OEMs will pre-install. That means in the future, but it is imperative now that IT pros start thinking long-term rather than trying to tidy up their mistakes of the past. These problems cannot be solved by dwelling on mistakes made, just mitigated by exploiting obsolescence and helping time heal.

[1] http://www1.uk.freebsd.org/doc/en_US.ISO8859-1/boo ks/faq/funnies.html with apologies to Paul from the UK mailing list for quoting him out of context.

Look into any one-time password system, like OPIE or S/Key. FreeBSD has it built into the operating system, Handbook entry at http://www.freebsd.org/doc/en_US.ISO8859-1/books/h andbook/one-time-passwords.html.

That's exactly why "Hyper-Threading Technology" is disabled by default on FreeBSD, and probably other systems.

It's a know issue:
http://security.freebsd.org/advisories/FreeBSD-SA- 05:09.htt.asc
http://kerneltrap.org/node/5103

Cheers.

Ballmer added later in the speech "You'll notice that BSD also infringes on our Intellectual Property. You'll notice that the BSD network stack is identical to the one Microsoft created. Anyone who thinks otherwise has been brainwashed by the Great Satan"

Not showing changes to the source code? That only happens if a company like say Microsoft uses BSD licensed code in their system. I think GPL zealots forget companies misuse GPL licensed code in their products. Some have been caught.

If you think all BSD licensed code is hidden, please visit http://cvsweb.freebsd.org/ or http://www.midnightbsd.org/cgi-bin/cvsweb.cgi or any other BSD project and look for "web" or "cvsweb" on their websites. You can look at the code right now. This doesn't just apply to operating systems. My blogging website code is under BSD license (although the windows client is GPL), http://justjournal.cvs.sourceforge.net/justjournal /src/

If you were referring to the idea that the GPL is better as companies can't use the code in private products, consider that they can break the license and do that anyway. They might get caught, but not always. The code has protections under the law, but it is not safe or FREE by any means. Its merely free.

"while it does not have the sheer number of applications that Linux has"

What the fuck are you talking about? The Linux binary compatibility of both NetBSD and FreeBSD is superb. If you have a Linux binary, there's a very good chance it'll work just fine on either system. With some effort, people have even been able to get Linux versions of VMware, which extensively uses kernel modules, to work under FreeBSD. In some cases it has even been found that some Linux binaries run faster on FreeBSD than they do on Linux!

But beyond that, most open source software has been ported to both. Between NetBSD pkgsrc and FreeBSD ports, you get access to basically every piece of open source software that runs on Linux.

It's naive and foolish to suggest that FreeBSD and NetBSD suffer from a lack of software. Please refrain from making that mistake again in the future, even if just for the sake of your own reputation.

"while it does not have the sheer number of applications that Linux has"

What the fuck are you talking about? The Linux binary compatibility of both NetBSD and FreeBSD is superb. If you have a Linux binary, there's a very good chance it'll work just fine on either system. With some effort, people have even been able to get Linux versions of VMware, which extensively uses kernel modules, to work under FreeBSD. In some cases it has even been found that some Linux binaries run faster on FreeBSD than they do on Linux!

But beyond that, most open source software has been ported to both. Between NetBSD pkgsrc and FreeBSD ports, you get access to basically every piece of open source software that runs on Linux.

It's naive and foolish to suggest that FreeBSD and NetBSD suffer from a lack of software. Please refrain from making that mistake again in the future, even if just for the sake of your own reputation.

• Games
  
• Multimedia/Graphics/Audiovisual content in general
  
• Diverse hardware support
  
• Superficial user friendliness. You can be competent in Windows more or less straight away, but if you want to go beyond the basics, you'll have to invest as much time with it as anything else.
  

• Anything related to software development/automation/programming (It was originally intended as a programmer's system)
  
• Security. (It makes sense that an OS developed within a phone company would also be based around networking more or less from the ground up)
  
• Robustness. (There has traditionally been a tradeoff between robustness and user friendliness, at least in Windows' sense of the term...when one goes up, the other tends to go down. RPM is the abomination that it is primarily due to its' degree of complexity; this I suspect is also why I've been hearing about Ubuntu having more problems recently)
  
• Portability. (Per The UNIX Hater's Handbook, there were other early operating systems around at the time that were considered more desirable in other respects. However, UNIX was originally developed on a machine not much more powerful than a Commodore 64. Linux's ability to run on older hardware is due to it having inherited this necessary conservatism of design)
  
• Transparency. As intimidating as you might find a command line interface initially, once you learn your way around, you'll find it incomparably faster and more accessible, especially for operations involving large numbers of files/actions. GNOME's abominable GConf is also the only equivalent I know of to Windows' registry.
  
• Versatility. Given that UNIX was originally designed to be Windows' polar opposite in a number of ways, the fact that Linux has been able to mimic Windows as closely as it has is a testament to this characteristic. True, the hardware and multimedia support in particular aren't there yet...but give it time.
  
  d) Get Slackware, and ignore the trolls who respond to this and say that I'm wrong for recommending Slack. If you want package management, get FreeBSD...ports is the only sane form of package management that I can recommend in good conscience. Ignore the Debian trolls who will potentially object to that as well.
  
  e) For dialup ppp, you can use WvDial.
  
  Insane software installs.
  
  Ports will go a long way towards solving this problem, although admittedly you can still have sticky situations. As far as an IM client goes, you also could have got Gaim, which doesn't need Qt AFAIK...although it does have its' own deps.
  
  In terms of documents which use fonts...which application are we talking about?

Theo being childishly abrasive and arrogant? You're kidding! Check out this masterpiece of social graces.

Linux binary emulation doesn't slow anything down. FreeBSD itself goes through the very same syscall translation layer; the Linux layer simply uses a different syscall map. It sucks up resources though, since it does of course have to load a different set of userland libraries, another libc, all the X client libs for gui apps, etc.

And FreeBSD has had a native java port for a while: http://www.freebsd.org/java/

I'd say he hasn't seen the "dump" command on FreeBSD:
http://www.freebsd.org/cgi/man.cgi?query=dump&apro pos=0&sektion=0&manpath=FreeBSD+6.1-RELEASE&format =html

I still use tar, but ideally I'd like to use dump. As it is now, each server makes its own backups, copies them to a central server, which then dumps them all to tape. The backup server also holds one previous copy in addition to what got dumped to tape. It has come in handy on many occasions.

It does take some planning, though.

For those that have a problem with this, is it the cost or the principle of the matter? If it cost $50 instead of $500, would that change your mind?

Soytainly. A price of $50 per year for small businesses, including sole proprietorships, would be much more palatable. That's less than the price of a Windows OS license for two developer workstations over the three- to five-year life span of a Windows major release. It would be much easier for low-volume hardware makers to recover such a reduced fee from their customers.

If you care deeply about principles, you know where to find them.

i wish i had mod points to help the grandparent out, but he was a little off the mark

fix #1 here
fix #2 here
fix #3 here

I'm sorry you don't see a difference between "hole free" with "riddled with holes", there is one. I'm sad to inform the zealot in you that OpenBSD has, and will continue to have holes in the OS. And that is ignoring the fact that the only reason OpenBSD has such a track record for not very many exploitable holes, is because they don't consider any useful tools or applications as part of the base OS. Here's my challenge to you, install OpenBSD, and nothing else on it, and see how fun your computer experience is. If you want some entertainment as your computer experience is now severely limited, it might be a good time to research the social skills of the leader. Let me find an example from the last couple weeks: http://lists.freebsd.org/pipermail/freebsd-securit y/2006-October/004050.html and the reply: http://lists.freebsd.org/pipermail/freebsd-securit y/2006-October/004051.html
It is my suggestion that instead of working on their security track record, perhaps the OpenBSD team should see the value in public relations/marketing. At least that is one thing I'm sure we can agree Microsoft has learned the value of.

I'm sorry you don't see a difference between "hole free" with "riddled with holes", there is one. I'm sad to inform the zealot in you that OpenBSD has, and will continue to have holes in the OS. And that is ignoring the fact that the only reason OpenBSD has such a track record for not very many exploitable holes, is because they don't consider any useful tools or applications as part of the base OS. Here's my challenge to you, install OpenBSD, and nothing else on it, and see how fun your computer experience is. If you want some entertainment as your computer experience is now severely limited, it might be a good time to research the social skills of the leader. Let me find an example from the last couple weeks: http://lists.freebsd.org/pipermail/freebsd-securit y/2006-October/004050.html and the reply: http://lists.freebsd.org/pipermail/freebsd-securit y/2006-October/004051.html
It is my suggestion that instead of working on their security track record, perhaps the OpenBSD team should see the value in public relations/marketing. At least that is one thing I'm sure we can agree Microsoft has learned the value of.

I have (and still have) seril #11 of the A1000.

Some feller called Matt Dillon ported bash to the Amiga very early on.

I would completely agree with that. My point (typos aside) is that the GNU license is about as close to being 'free' as Microsoft's Shared Source is; both place undue restrictions upon the user, in stark contrast to genuinely free licenses. This is fine -as long as you're honest about it. But to turn around and say that "our software is free unless you do X, Y or Z with it" is hypocritical and -imho- objectionable in the extreme; particularly when you're going to patronisingly tell me that those reasons are there 'to preserve my freedom'. It's misleading (at best!) wether it's Bush doing it, or wether it's RMS.

I watched him struggle building up his system from scratch, even though he began with stage 3. Than I had a good chance to compare portage with ports, and I was amazed at the primitive way it handles dependencies during package removal, and the miriad options you have to set to have a sane system (midnight-commander pulling in xorg by default??). A month later, he had everything up and running, by following the FAQs, wikies, howtos, etc. And he had still no idea what filesystem permissions are.

You don't learn anything by using gentoo. You basically follow - badly written - documentation, and you might think that oh, I'm sooo cool, I built something from scratch, I must be learning something, but in reality, you were blindly typing in commands without learning the basics behind those commands. My friend was clever enough to realize that despite "doing everything by hand" he didn't learn much about unix in general. Because the documentation sucks, and the whole concept of gentoo sucks, because it is misleading. It misleads people to think that the point of building from source is "optimization". On modern hardware, there is absolutely no reason to spend hours, days, weeks for "optimizing". There are very few packages that benefit from optimizations, and I expect a modern package/ports management system to take care of those packages, ie. I don't want to spend hours setting compiler flags, I want ports maintainers doing that for me. That's how it works in FreeBSD. You set -O (or -O2) in make.conf, and those packages that might benefit from further optimizations, automatically override these defaults, because the good folks at freebsd-ports tested them, and deemed them safe (example: mplayer/mencoder will be built with -O3 -ffast-math, etc... without you having to muck around config files).

Anyhow, the point is, you only learn if you want to learn, and if there is helpful documentation. Any distribution is good enough if you are motivated, and if it is properly documented. FreeBSD beats every single linux distro on the documentation front, but if you want to stick with linux, slackware is a much better choice than gentoo. Another good choice, probably even a better one for the Ubuntu user grand-grand parent is probably Archlinux, which comes as close as any distro to the simplicity of slackware (or FreeBSD for that matter) with nice package management, good documentation, and an opportunity to learn about unix like systems in general. FreeBSD is another good choice for noobs, because it is one of the easiest to learn unix like systems. Even if you want to learn linux, I still would recommend the FreeBSD handbook, because it is not just a howto, but it explains the concepts of unix in great detail. The unix basics chapter is a good introduction to anyone who wants to actually learn something (not just blindly following howtos and spend time on useless "optimizations" in gentoo).

For years, most operating systems have been designed for 2-4 processors, with some handling more, and others doing better with less (I'm sorry, FreeBSD fans, I use it myself, but let's be honest, SMP was horrible until 5-REL, and it still isn't up there with Linux and *ugh* Microsoft).

With 4 core out this year, and 80 cores out in 5 years, it's time to rethink multiprocessor operating systems. There needs to be a significant change in the locking and threading metaphors, because 4 and 8 way will be obsolete by this time next year.

Cat. Mouse. Cat. Mouse.

So now we just counter this illegal wiretapping (yes, its still illegal, even though they've passed a law that makes it "legal") with extra strong encryption and Civil Disobedience.

Use TrueCrypt with the AES-Twofish-Serpent algorithm on your PC (Linux, Mac or Windows). If you want to use something simliar on BSD, look into GELI encryption for those partitions.

For phones, you could look into encryption handsets or telephone scramblers. There's this one too, or the Cryptophone GSM Phone Encryption solution. Google around, there's quite a few hundred solutions in this space... stack them together for even more security.

Disclaimer: I don't personally know how strong these algorithms are on these handsets, so use at your own risk.

With VoIP, you could easily layer whatever encryption you want on top of it. Bounce your call through a few foreign routers, run it through Privoxy, Tor and i2p and you should be good to go. Yes, it will incur some latency.. but I'd rather sacrifice speed for security or privacy, wouldn't you? Here is an article on securing VoIP. Worthwhile reading if you're using it or considering it.

Cat. Mouse. Cat. Mouse.

Now its OUR turn.

You take from us, we take back.

you can see how well BSD did with that.

Yeah, no kidding... I mean, there definitely aren't any successful BSD variants available and widely deployed. And there certainly aren't any other successful non-GPL projects out there. Yup, the GPL is definitely *the* only way to go if you want to make a successful open source project... assuming, that is, you're a single-minded zealot (or troll?).

1) Ever hear of Darwin? Lots/most of the non-GUI parts of the OS are re-released open source in the form of Darwin. Apple makes their money off the proprietary slick GUI, but they have been very good about releasing the 'icky-looking' real *NIX parts back to the community.

2) Patches. A good number of them. Here's just one example that went back to FreeBSD:
http://www.freebsd.org/cgi/getmsg.cgi?fetch=407983 +409098+/usr/local/www/db/text/1999/cvs-all/199907 04.cvs-all

3) They have been a sponsor of a number of small open source meetings.

All that, and they don't *have* to give anything back because it's under a BSD license. But they do because it's good for their overall product to have a strong base. The better they help FreeBSD become, the more stable/powerful the base becomes to tack their slick GUI on.

It just goes to show, you don't have to use a GPL license and arm-twist folks into giving back. Even very big corporations can be convinced to give back if they have some smart people at the top. The smart people realize that it's to their benefit to give back.

Who doesn't use bash?

It also needs to be noted that the impact of this bug is not nearly as wide as a slashdot front-page headline might suggest. The FreeBSD security advisory has some good info on why. To quote: (emphasis mine)

RSA public keys may use a variety of public exponents, of which 3, 17, and 65537 are most common. As a result of a number of known attacks, most keys generated recently use a public exponent of at least 65537.
...
OpenSSL will incorrectly report some invalid signatures as valid. When an RSA public exponent of 3 is used, or more generally when a small public exponent is used with a relatively large modulus (e.g., a public exponent of 17 with a 4096-bit modulus), an attacker can construct a signature which OpenSSL will accept as a valid PKCS#1 v1.5 signature.

So yeah, there may be some vulnerable sites out there, but they were already weaker than they should have been, and most sites are likely unaffected. That, coupled with the simplicity of the fix (both as provided in source form and from the OS vendors) makes this a non-story.

noah

I hate to admit it, but I think that many people have misinterpreted what Gentoo really is and for whom it is geared. Let's be candid: it's really not about excessive CFLAGS.

Take a good read of this article; it outlines some of the fundamental differences in philosophy between BSD and Linux. In some respects, Gentoo's portage system attempts to reconcile the differences between BSD's ports tree and the absence thereof in Linux as well as the concept of perpetual updates through make buildworld. (I know a guy who's maintained the same install of Gentoo on his laptop for over four years who has kept it up-to-date by using portage without a re-install. Talk about impressive for a Linux distribution.) Yes, it is true that Gentoo does not have a native pkg_add that FreeBSD does to install ports, but what Gentoo offers is as close to that as one can get in Linux; and it is one hell of an improvement on the base concept, might I say. In many respects, if you want to criticize Gentoo over having to compile things to keep it up-to-date, then BSD ought to be brought up for discussion.

Still, it is nice that Gentoo can be updated without having to perform a complete re-installation of the operating system. I hate to say it, but performing "s/old release/new release/g" on /etc/apt/sources.list, apt-get update, and apt-get dist-upgrade is not always as clear as one might expect. When the average user who lacks strong familiarity with dpkg's options is in this situation, I have seen the results: They are very depressing. And while it is true that emerge updates can break, they will at least teach the user in time how to deal with them and learn quite a bit. The same can be said about other distributions, too, so the exclusivity of this issue to Gentoo is really a moot point.

.

What about customization? Sure, some BSD packages may have makefile-based booleans, but in no way are the centrally documented or are they centrally documented. FreeBSD KNOBS comes close, but it still is not exhaustive. There is no real comparison with USE flags. If BSD had it so well, I wonder why people are trying to port portage to BSD. (I love BSD, mind you, so I am not being unreasonably harsh on it.)

What about fundamental design? It is meant to be flexible and dynamic. Ever notice how many directories are suffixed with ".d" in /etc on Gentoo? A lot are. Yes, some other distributions do use the enumerated ".d" directory paradigm, but none seem to do it as much as Gentoo. Gentoo seems to use ".d" directories whenever it can. So if a new package wants to add something to the path, it merely adds another entry to /etc/env.d which specifies this path. I find this system so great, that I've re-implemented it in Debian/Ubuntu across 100+ computers at my work for the special in-house, non FHS-friendly applications. Talk about a compelling innovation.

And when it comes to configuration changes, Debian has debconf, which allows some packages to preserve changes across updates through configuration file regeneration. While this is nice for preseeding, this is not helpful when there are major updates or when you've made hand-made modifications. Yes, dpkg will bring about a diff of the two files, but does dpkg's integrated configuration diff mechanism really hold its own against Gentoo's dispatch-conf? If you've used dispatch-conf, the answer is no.

Yes, it is true that there are some quality assurance failings with packages in Portage, but let's put that aside for a moment. When it comes to making packages for Gentoo, it certainly beats making them for Debian. Yes, Debian has its nice policy manual, but it is not always up to date or the easiest thing to read. Gentoo's documentation let's a first-time package builder build a package in very little time; whereas Debian or Redhat's syste

Of course FreeBSD DTrace isn't "of production quality"; it's only in a special branch of -CURRENT.

Re "You need to boot bsd specially into a dtrace mode to use this", I'm under the impression that option is just to enable DTrace probes during kernel startup, so you can trace driver probes, filesystem init etc.

Speaking of ports from Solaris, FreeBSD ZFS recently had a good chunk of movement.

and maybe after it is ported to linux/*bsd and ten years have gone by [...]

Code is available for FreeBSD, and you can even download an ISO installer with all the patches applied. There's also Xcode 3.0 that will have it.