Slashdot Mirror

FreeBSD 6.0-RELEASE (GENERIC) #0: Thu Nov 3 09:36:13 UTC 2005

Welcome to FreeBSD!

Before seeking technical support, please use the following resources:

o Security advisories and updated errata information for all releases are
      at http://www.freebsd.org/releases/ - always consult the ERRATA section
      for your release first as it's updated frequently.

o The Handbook and FAQ documents are at http://www.freebsd.org/ and,
      along with the mailing lists, can be searched by going to
      http://www.freebsd.org/search/. If the doc distribution has
      been installed, they're also available formatted in /usr/share/doc.

If you still have a question or problem, please take the output of
`uname -a', along with any relevant error messages, and email it
as a question to the questions@FreeBSD.org mailing list. If you are
unfamiliar with FreeBSD's directory layout, please refer to the hier(7)
manual page. If you are not familiar with manual pages, type `man man'.

You may also use sysinstall(8) to re-enter the installation and
configuration utility. Edit /etc/motd to change this login announcement.

joe@gateway$

hth.

FreeBSD 6.0-RELEASE (GENERIC) #0: Thu Nov 3 09:36:13 UTC 2005

Welcome to FreeBSD!

Before seeking technical support, please use the following resources:

o Security advisories and updated errata information for all releases are
      at http://www.freebsd.org/releases/ - always consult the ERRATA section
      for your release first as it's updated frequently.

o The Handbook and FAQ documents are at http://www.freebsd.org/ and,
      along with the mailing lists, can be searched by going to
      http://www.freebsd.org/search/. If the doc distribution has
      been installed, they're also available formatted in /usr/share/doc.

If you still have a question or problem, please take the output of
`uname -a', along with any relevant error messages, and email it
as a question to the questions@FreeBSD.org mailing list. If you are
unfamiliar with FreeBSD's directory layout, please refer to the hier(7)
manual page. If you are not familiar with manual pages, type `man man'.

You may also use sysinstall(8) to re-enter the installation and
configuration utility. Edit /etc/motd to change this login announcement.

joe@gateway$

hth.

• Copy on Write saves you real memory, cache memory, and CPU time by pretending that each forked process has a true copy of a memory segment when it in fact is looking at the original. That is, right up until a fork tries to write to that memory location, in which case an exception is handled by making an actual copy to a new location and allowing the write.
• Linus believes that the exception will occur enough in real world usage that it will be slower than just doing the copy in the first place.
• Linus wants to push the manual use of zero-copy memory sharing through the vmsplice() routine. He believes that the programmer will always know better than the system when to share memory.
• Linus doesn't like "VM Games" despite the fact that Virtual Memory, Memory Mapped Files, Disk I/O, Write Caching, etc, etc, etc, are all already "Memory Games" and "VM Games"

Actually StarForce is a pretty interesting copy protection. As someone who spent quite a lot of time studying Fravia's reverse engineering essays I've always thought a good programmer must know his reverse engineering, and StarForce is obviously made by talented people. I stopped using Windows in 1994 so I couldn't care less about proprietary software, but don't ditch StarForce's technical merits just because the company behind it has questionable ethics.

Funny, people who use free software don't have any problem with copy protection systems :)

1. Download a bittorrent client like utorrent.
2. Using utorrent, download the recent security update.
3. burn the image to CD.
4. restart computer to install the update.

But I dont give a fuck. Microsoft Windows fucking sucks. The box I am on right now is Windows. If you want to stand for this shit then fine do whatever you please. But until you decide to use FreeBSD or one of the many other alternatives like one of my favorites Gentoo Linux or Debian Lunix or one of the many others... Stop bitching about rights erosion. Excuses about market share and running easily managed homogenous networks are tired. If you cannot use a computer... Don't use one. Nothing is private. Especially now. If it wasn't a computer giant watching us it would be a media company or something else. Everyone has an axe to grind, this is just another example of that. People are paranoid now because of the massive FUD that has been disseminated by hollywood in movies like Swordfish, the many claims of "spying" unbiased liberal and conservative media has been bashing the public with lately and over the years. Not to mention that we all already have a bar code implanted in us... It's called a social security number. If you believe you aren't being watched well. You are mistaken. Nothing is private. The first reason to switch from Windows should be because it fucking sucks. Then you should worry about your (already) non private data.

Exactly what piece of open source sofware have you found that has really well writen documention?

If Prof. Negroponte wants a small light weight operating system that is very stable, he should consider switching to PicoBSD. It fits on a 1.44 Megabyte floppy. http://people.freebsd.org/~picobsd/picobsd.html

Poul-Henning Kamp using Linux?
You did notice that the open letter was posted at http://people.freebsd.org/~phk/dlink/, right?

For some reason it did not occur to me until now that D-Link would
be stupid enough to harvest the stratum-1 server list for their
devices, but it seems that is exactly what they did :-(

http://people.freebsd.org/~phk/dlink/letter2.html

Poul-Henning

Thats it, i'm going back to FreeBSD 2.2.9 and aout binaries!

I sent the following:

Date: Fri, 7 Apr 2006 10:09:27 -0700 (PDT)
From: Todd Knarr <xxxx@xxxxxx.xxx>
To: sale@dlink.com, customerservice@dlink.com
Subject: DLink router use of Danish NTP server

This is in reference to the open letter to DLink from Danish sysadmin Poul-Henning Kamp (http://people.freebsd.org/~phk/dlink/). Abuse of an NTP server in express violation of the service agreement in the Stratum-1 server list is, in my opinion, inexcusable. Willful refusal to correct the abuse when requested is, if anything worse. Hard-coding the server name into the firmware, so that changes are difficult or infeasible, as opposed to DLink maintaining their own DNS records so that changes are simple, is also inexcusable in any technically-competent organization.

I have been comtemplating purchase of a DLink DI-784 router/AP, a DWL-7100AP access point and a DWL-AG660 CardBus adapter. If DLink doesn't correct their error as Mr. Kamp asks, I will be taking my purchases to NetGear instead. They, at least, have demonstrated a willingness to fix their mistakes when asked. I will also be recommending to my friends that they avoid DLink products in the future.

One customer, voting with his dollars.

We'll see what kind of response I get.

I opened a problem ticket with my ISP (who, incidentally, has been VERY responsive in the past) to try to get them to block or redirect the DNS entry for this dude's NTP server:

Subject: D-Link Abuse of NTP: Action Requested

I'm certain that most of the technical staff at speakeasy reads slashdot, so you may have seen this before, but please take a peek at:
http://people.freebsd.org/~phk/dlink/

It would make me very proud to be a $ISP customer if $ISP were to redirect *all* ntp traffic pointed to GPS.dix.dk were redirected to pool.ntp.org (or some other round-robin ntp alias). Although D-Link really needs to step up to the plate and do the right thing, I think that this would be an excellent way to lend a hand to somebody providing core internet services for free.

I'm certain that a good portion of your customer base uses D-Link equipment and any load that can be taken off of this poor guys host will be appreciated. Additionally, if a press announcement is made by $ISP about provding some relief for this guy, it will draw attention to the problem, and possibly other ISP's will follow suit.

I thank you in advance for your consideration of this issue and am very glad to be a customer of $ISP. I know if I were writing this support request to a Bell company or some other type corporation, it would fall on deaf ears at best.

-$ISP Customer

I sent something like this to MicorCenter. Other places should be altered as well. If their buyers mention it, it will have more impact that our direct emails to D-Link.

---------------

Please forward this email to your manager.

You sell D-Link equipment. D-Link is currently destroying a computing resource in Denmark, and has made no real restitution or attempt to fix the problem. They are bad Internet citizens.

And they make ROUTERS.

Please tell D-Link that they have an opportunity to get some free press by simply solving this problem and apologizing for the issue.

Your current stock of D-Link products will sell less well in the coming weeks and months, because many of us will refuse to buy them, and will tell your other customers of D-Link's incompetence.

This is why: http://people.freebsd.org/~phk/dlink/

Hello, I currently purchase D-Link products for my networking needs but recently I have seen this posted on the internet. http://people.freebsd.org/~phk/dlink/ I have the D-Link products mentioned in this and am now concerned that my products will become "defective" once they are blocked from this NTP server. If such "defects" occur because of bad design, where can I get a refund. I believe that under EU Consumer law that a product must be fit for the purpose it is purchased for. Please clarify the status of the "functionality" of my products and whether I should purchase a different brand that will not become defective when such services are blocked. Regards.

To whom it may concern,

I just learned of you companies notably persistent inability and unwillingness to deal with a serious design flaw in a growing range of your products. This flaw is severly disrupting internet services for a large amount of internet users and though you have been informed in detail of these effects your products are having, you have done nothing of substance to resolve the issue and compensate for the damage done.

Until I learn that the issue described in the open letter to D-Link, available under http://people.freebsd.org/~phk/dlink/ [freebsd.org], was resolved in a professional and mutually satisfying manner, I will not purchase any D-Link products, and will strongly discourage anybody (asking for my expertise as a professional in the IT field - You might want to remove this. It makes the sentence a bit "wordy.") from buying D-Link products or from engaging in any sort of business relationship with D-Link.

Sincerely,
An Internet User

There you go. I changed a few things grammatically and a few things that were spelled wrong.

Dear Sir or Madam,

I have learned of your company's persistent unwillingness to deal with a serious design flaw in a growing range of your products. This flaw is disrupting internet services for a large number of users. You have been informed in detail of the problems you are causing, and you have done nothing of substance to resolve the issue and compensate those involved.

The issue I refer to is described in the "open letter to D-Link", available at http://people.freebsd.org/~phk/dlink/.

Until this problem has been resolved in a professional and universally satisfactory manner, I will not purchase any D-Link products and will act in my capacity as an I.T. professional to discourage others from doing so.

Sincerely,

Writing Style Nazi

(I'm not a spelling nazi, so please check this again)

To whomever it may concern:

Hello.
I just learned of your company's notably persistent inability and unwillingness to deal with a serious design flaw in a growing range of your products. This flaw is severely disrupting internet services for a large number of internet participants and even though you have been informed in detail of these effects that your products are having, you have done nothing of substance to resolve the issue and compensate for the damage done.

Until I learn that the issue described in the open letter to D-Link, available under http://people.freebsd.org/~phk/dlink/, was resolved in a professional and mutually satisfying manner, I will not purchase any D-Link products and will strongly discourage anybody who asks for my expertise as a professional in the IT field from buying D-Link products, or from engaging in any sort of business relationship with D-Link.

Sincerely
An Internet User

Ok, let's do some good. Are we slashdot, or what?

D-Link Business Development and Strategic Partnerships, E-mail: bdm@dlink.com

>>>
To whom ever it may concern:

Hello.
I just learned of you companies notably persistent inability and unwillingness to deal with a serious design flaw in a growing range of your products. This flaw is severly disrupting internet services for a large amount of internet participants and even though you have been informed in detail of these effects your products are having, you have done nothing of substance to resolve the issue and compensate for the damage done.

Until I learn that the issue described in the open letter do D-Link, available under http://people.freebsd.org/~phk/dlink/, was resolved in a professional and mutualy satisfying manner I will not purchase any D-Link products and will strongly discourage anybody asking for my expertise as a professional in the IT field from buying D-Link products or from engageing in any sort of business relationship with D-Link.

Sincerely
An Internet User

Mistakes in this one? Please post corrected version below and then add a 'mailto' link to the address.
Grammar Nazis, it's your turn!

ATTN: President & CEO
17595 Mt. Herrmann St
Fountain Valley, CA 92708

I have recently read an open letter to D-Link available at the following URL:
http://people.freebsd.org/~phk/dlink/

I must say that I am disgusted with D-Link's poor choice of action. D-Link may
think that abuse such as this will go un-noticed, but that is not the case.

While I don't expect my actions to bring your corporation to its knees, I am the
"geek" of my family, and I have taken a personal stand by ordering Linksys
products to replace any and all of the D-Link networking gear that my parents,
siblings, cousins, and roomates are using. I hope that my sacrifice puts a dent
in the damage your corporate negligence has caused Mr. Kamp.

I'd like to comment on two other ways (besides OpenSSH) that I am going to benefit from OpenBSD - even though I do not directly use OpenBSD.

I have two computers - each running FreeBSD. One has an nVidia ethernet device that runs klunk-ily. It times out a lot and generally lags in its response time. The other has a cheap Realtek card that behaves the same way - although when it times out it never recovers - even if I unload and reload the driver module.

FreeBSD beat OpenBSD to the development of these drivers; but when OpenBSD had them ready for release (i.e., they were sufficiently proud of the result) they produced better code and (probably) tighter performance.

I fully expect the superior code for these devices to find its way into FreeBSD very shortly.

The OpenBSD nVidia code is here:
http://www.openbsd.org/cgi-bin/cvsweb/~checkout~/s rc/sys/dev/pci/if_nfe.c?rev=1.53&content-type=text /plain
and the FreeBSD version is here:
http://www.freebsd.org/cgi/cvsweb.cgi/~checkout~/s rc/sys/dev/nve/if_nve.c?rev=1.7.2.8&content-type=t ext/plain

Notice the comment in the FreeBSD version that the driver is linked to the nVidia proprietary driver: ...
  * In accordance with the NVIDIA distribution license it is necessary to
  * link this module against the nvlibnet.o binary object included in the
  * Linux driver source distribution. The binary component is not modified in
  * any way and is simply linked against a FreeBSD equivalent of the nvnet.c
  * linux kernel module "wrapper". ...
The OpenBSD version is self-contained and open... obviously a far more desireable approach.

The comments in the FreeBSD version of the RealTek driver:
http://www.freebsd.org/cgi/cvsweb.cgi/~checkout~/s rc/sys/pci/if_rl.c?rev=1.145.2.4&content-type=text /plain ...betray obvious programmer frustration:
  * The RealTek 8139 PCI NIC redefines the meaning of 'low end.' This is
  * probably the worst PCI ethernet controller ever made,... ... and ...
  * You know there's something wrong with a PCI bus-master chip design
  * when you have to use m_devget().

It's still nice looking code.

The OpenBSD device driver:
http://www.openbsd.org/cgi-bin/cvsweb/~checkout~/s rc/sys/dev/pci/if_rl_pci.c?rev=1.12&content-type=t ext/plain
is real tight. The programmer agrees with the FreeBSD device programmer but he makes no excuses.

  * Default to using PIO access for this driver. On SMP systems,
  * there appear to be problems with memory mapped mode: it looks like
  * doing too many memory mapped access back to back in rapid succession
  * can hang the bus. I'm inclined to blame this on crummy design/construction
  * on the part of RealTek.

I'd like to comment on two other ways (besides OpenSSH) that I am going to benefit from OpenBSD - even though I do not directly use OpenBSD.

I have two computers - each running FreeBSD. One has an nVidia ethernet device that runs klunk-ily. It times out a lot and generally lags in its response time. The other has a cheap Realtek card that behaves the same way - although when it times out it never recovers - even if I unload and reload the driver module.

FreeBSD beat OpenBSD to the development of these drivers; but when OpenBSD had them ready for release (i.e., they were sufficiently proud of the result) they produced better code and (probably) tighter performance.

I fully expect the superior code for these devices to find its way into FreeBSD very shortly.

The OpenBSD nVidia code is here:
http://www.openbsd.org/cgi-bin/cvsweb/~checkout~/s rc/sys/dev/pci/if_nfe.c?rev=1.53&content-type=text /plain
and the FreeBSD version is here:
http://www.freebsd.org/cgi/cvsweb.cgi/~checkout~/s rc/sys/dev/nve/if_nve.c?rev=1.7.2.8&content-type=t ext/plain

Notice the comment in the FreeBSD version that the driver is linked to the nVidia proprietary driver: ...
  * In accordance with the NVIDIA distribution license it is necessary to
  * link this module against the nvlibnet.o binary object included in the
  * Linux driver source distribution. The binary component is not modified in
  * any way and is simply linked against a FreeBSD equivalent of the nvnet.c
  * linux kernel module "wrapper". ...
The OpenBSD version is self-contained and open... obviously a far more desireable approach.

The comments in the FreeBSD version of the RealTek driver:
http://www.freebsd.org/cgi/cvsweb.cgi/~checkout~/s rc/sys/pci/if_rl.c?rev=1.145.2.4&content-type=text /plain ...betray obvious programmer frustration:
  * The RealTek 8139 PCI NIC redefines the meaning of 'low end.' This is
  * probably the worst PCI ethernet controller ever made,... ... and ...
  * You know there's something wrong with a PCI bus-master chip design
  * when you have to use m_devget().

It's still nice looking code.

The OpenBSD device driver:
http://www.openbsd.org/cgi-bin/cvsweb/~checkout~/s rc/sys/dev/pci/if_rl_pci.c?rev=1.12&content-type=t ext/plain
is real tight. The programmer agrees with the FreeBSD device programmer but he makes no excuses.

  * Default to using PIO access for this driver. On SMP systems,
  * there appear to be problems with memory mapped mode: it looks like
  * doing too many memory mapped access back to back in rapid succession
  * can hang the bus. I'm inclined to blame this on crummy design/construction
  * on the part of RealTek.

I've already begun doing that for myself. I've completely replaced GNU coreutils, for example, with versions from FreeBSD, NetBSD, OpenBSD, and Heirloom Toolchest, with one or two things written by myself. I've got NetBSD's gzip, FreeBSD's pax/cpio. Porting these tools is pretty easy, most require few changes. You have to bring over some compatibility stuff from the BSDs' C libraries, but a lot of that can be copied whole, and the rest is easily written.

In addition, I use bsdtar instead of GNU tar. That's already nice and portable; thanks Tim!

The reason I do this is twofold:
o My system is less able to be considered GNU/Linux.
o GNU hates man pages, BSD doesn't.

Info needs to die, and when I bring over BSD utilities, it slowly is (on my system).

http://www.freebsd.org/ports/
Currently 14271 ports available, although my own system reports that it has 14285.

Just finished the advanced task of updating my ports tree using the tediously long and unintuitive command of "portsnap fetch update", and now upgrading my installed ports with the equally unintuitive "portupgrade -a".

But honestly, why the hell would you need the system with "Most software available"? You only need the software that you need. No more, no less. No way anybody is going to install the 14271 ports and then say "omg FreeBSD sux linux has more software". The thing is, all the popular software is already ported. It's highly unlikely that you will find an application that you need which is not ported to FreeBSD. And even if you do, installing it's dependencies is easy with the ports system :)

oh if only there were a way!

Knowing a bit about what you're doing is fairly important with ports, especially when dealing with complex upgrades like Gnome; dependency tracking's a lot less anal than apt/dpkg. This is good when you've got something installed from outside ports, and works nicely when you just want to pick and choose a few things to update (say, after running portaudit or tracking an interesting update on FreshPorts/commit logs).

Geeky FreeBSD users need a desktop too, and now we have three variants to choose from; FreeBSD, PC BSD and DesktopBSD. YMMV; just because it's aimed at desktops doesn't mean it's aimed at yours or your mother's.

Knowing a bit about what you're doing is fairly important with ports, especially when dealing with complex upgrades like Gnome; dependency tracking's a lot less anal than apt/dpkg. This is good when you've got something installed from outside ports, and works nicely when you just want to pick and choose a few things to update (say, after running portaudit or tracking an interesting update on FreshPorts/commit logs).

Geeky FreeBSD users need a desktop too, and now we have three variants to choose from; FreeBSD, PC BSD and DesktopBSD. YMMV; just because it's aimed at desktops doesn't mean it's aimed at yours or your mother's.

Knowing a bit about what you're doing is fairly important with ports, especially when dealing with complex upgrades like Gnome; dependency tracking's a lot less anal than apt/dpkg. This is good when you've got something installed from outside ports, and works nicely when you just want to pick and choose a few things to update (say, after running portaudit or tracking an interesting update on FreshPorts/commit logs).

Geeky FreeBSD users need a desktop too, and now we have three variants to choose from; FreeBSD, PC BSD and DesktopBSD. YMMV; just because it's aimed at desktops doesn't mean it's aimed at yours or your mother's.

You obviously don't understand the BSD world. The BSD projects aren't different because they are better at different things; they're different (and better at different things) because they have different priorities and goals that are largely incompatible. FreeBSD targets high-stress server environments where performance and reliability are paramount, so FreeBSD can do some bizarre stuff to improve performance--a while back someone did a benchmark between Linux and the three main BSDs, and the socket() graph shows you the kind of hacks FreeBSD does to improve performance.

NetBSD makes a clean, clear codebase a top priority, and its portability is kind of a feedback loop that both results from that decision and motivates it. NetBSD also tries to be very research friendly, and its high-performance networking stack is frequently used to set Internet2 records. They are also the least vociferous about software Freedom, as they were the last of the major BSDs to adopt X.org, and the only one to still use the "four-clause" version of the CSRG license.

OpenBSD also strives for clear code, but places much greater emphasis than the others on security and strong cryptography. OpenBSD periodically audits code, checks for bugs proactively, and the same kinds of bizarre hacks FreeBSD uses to improve performance are used in OpenBSD to improve security (such as making structuring vm pages out of order to prevent malicious buffer overflows. OpenBSD is also the most strongly advocating Free Software, as they spearheaded (along with Debian) the campaign to dump Xfree86, maintain a version of Apache 1.3 because the 2.x license was less free, and include no binary drivers or otherwise unfree in the base distribution. They're kind of like a BSD version of the FSF.

DragonFly[BSD] is the newcomer of the bunch, a fork of FreeBSD. So far the over-arching goals are to improve modularity and to replace bulky structures and processes with lighter, quicker versions. The plan to replace the usual syscall table with a messaging api (apparently like a lightweight Mach-type thing, but evidently not microkernel design) make it very different from its cousins.

It's important to note that these are not just the result of a few random patches to the system approved by a czar, as in Linux, but explicit decisions by the core developers to follow a particular blueprint, to make a particular improvement, or to support (or not) an obsolete API/ABI. If you want to submit a patch out of the blue, you certainly can, and if it's competently coded it will probably be accepted, but the overwhelming majority of code contributions come from the core developers following architectural guidelines. If you tried to combine all 3-4 codebases, the incompatibility of several design decisions would end up combining a stable OS, a lightweight OS, a portable OS, and a secure OS into something that managed to preserve none of these features.

That said, however, because of the similar licensing requirements, the BSD projects all share code extensively, and are frequently source (if not binary) compatible with each other. So it's not like Linux, where packaging systems are completely different but the OS features are all the same (because they use the exact same codebase). In an odd way, the members of BSD family are both more closely related and more different from one another than the various Linux distros are.

This was done somewhat in FreeBSD in Project Evil.

Quote from the linked page:

> What in the world is Project Evil?

Project Evil (aka the NDISulator) is a special binary compatibility layer for the FreeBSD kernel that lets you use Windows NDIS drivers for network adapters with FreeBSD/ia32.

The announcement is the previous article in the thread.

Here you see what happens when only binary blobs are available. At some stage even your old hardware will stop working because the manufacturer will not provide updated binary blobs drivers.

NVIDIA is anti-open source. They will happily peddle some binary blobs for some archs (i386) and some OS, but refuse to give any hardware documentation or even tell the name of their various chipsets.

As long as the Linux/FreeBSD crowd accepts binary blobs in order to get their hardware to work, then NVIDIA will happily continue to only handout binary blobs.

Have a look at the FreeBSD nve (NVIDIA nForce MCP Networking Adapter device driver) driver:

This driver is a reimplementation of the NVIDIA supported Linux nvnet
driver and uses the same closed source API library to access the underly-
ing hardware. There is currently no programming documentation available
for this device, and therefore little is known about the internal archi-
tecture of the MAC engine itself.

And this is just a NIC? What's so secret about that? And this is acceptable?

Have a look at what OpenBSD does: Reverse engineer and offer the first open source driver nfe (NVIDIA nForce MCP Ethernet driver)

[/rant]

As a FreeBSD user, all we ask is that after they borrow it, could they please submit patches?

FreeBSD also has details in their security notification. Those guys are fast - if you want to have up to date info on security vulns., FreeBSD has them (usually with patches) way before the news hits slashdot ;) For those who are asking for line numbers, just take a look at the patches included. Or better, here is a kompare screenshot.

An email I received from the FreeBSD security mailing list seems to imply to me that this might be more of a concern for multi user systems.

From: Claus Assmann <freebsd+security@esmtp.org>
To: freebsd-security@freebsd.org
Subject: Re: FreeBSD Security Advisory FreeBSD-SA-06:13.sendmail
Date: Thu, 23 Mar 2006 10:31:20 -0800

On Thu, Mar 23, 2006, Bigby Findrake wrote:
> Does an attacker need network access to the machine, or does the attacker

Yes.

> merely need to be able to get an SMTP message to the machine?

He needs to control the timeouts (AFAICT).

_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd- security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"

No. See, securelevel 1 or higher.

No kidding, some other people's source in comparision sometimes feels like a child's homework essay next to a master's printed novel.

And on that subject, what's so inherently difficult about writing CD recording software? FreeBSD comes with an IDE burning tool, burncd, that has worked perfectly every time I've used it. Is it harder to do the same under Linux, or does cdrecord include some advanced, hard-to-implement functionality that burncd skipped?

What, you don't think KDE or Gnome are as nice a GUI as OS X?
(Well, you'd be right. But they're tolerable.)

As for commercial applications, FreeBSD has at least a few. There's a list of approximately 500 FreeBSD ports which contain sufficient restrictions against redistribution that they cannot be redistributed on the ISO images that people use to burn CD's. Not all of these are "commercial applications", but things like Acrobat Reader or StarOffice or Oracle's database, Linux versions of commercial games running in FreeBSD's Linux-emulation mode, or perhaps the various virus scanners would count:

http://www.freebsd.org/cgi/cvsweb.cgi/ports/LEGAL
(click on download)

And there is no DRM in OS X except that used on the ITMS music and possibly that used to make it only run on Macs.

Well, just how much more DRM do you really want?

To me, "no DRM" means "no DRM" and not "some DRM".

This idea is really cool, but implementing it by putting hooks into each device driver seems overly complicated.

Also, there's "GEOM gate" on FreeBSD: http://garage.freebsd.pl/GEOM_Gate.pdf
For other cool stuff with GEOM see here and here. See also this discussion thread about ggate's limits.

This idea is really cool, but implementing it by putting hooks into each device driver seems overly complicated.

Also, there's "GEOM gate" on FreeBSD: http://garage.freebsd.pl/GEOM_Gate.pdf
For other cool stuff with GEOM see here and here. See also this discussion thread about ggate's limits.

The whole article seemed to culminate in the following information: some guy said if Macs were more popular they would have a worse record than "other operating systems." It seems to be comparing OS X to Linux, but it isn't entirely clear what the baseline is for their eval of Mac OS.X and it also doesn't clarify what exactly makes these OSs different. Also, the web site defacement isn't proof that the person with an unprivileged account acquired superuser privileges to do anything other than deface the web page. I don't doubt it could have happened, but maybe it did and maybe it didn't...

"The only thing which has kept Mac OS X relatively safe up until now is the fact that the market share is significantly lower than that of Microsoft Windows or the more common UNIX platforms.... If this situation was to change, in my opinion, things could be a lot worse on Mac OS X than they currently are on other operating systems," said Archibald at the time.

Also, giving people LDAP accounts on the machine is really cheating. Maybe some noobs get a boner when someone fuzzes the hell out of a box from a local account until they get some fuzz escalated **BORING**. If they really wanted to throw down the gauntlet, then we would see Mandatory Access Control implemented on OS X . The big difference is that the MAC policies would be enforceable at the Mach MK level (on Mach ports, tasks, processes...), and OS X would be the ONLY OS with a security policy interface that could come close to usable for average people.

Hum, finally a good comment on this. You know, you have quite a few alternatives in x86/amd64 operating systems, even from the Great Satan itself!

You were probably modded 'troll' because you started on about DRM as if it actually mattered [emphasis mine]

You're only proving plasmacutter's point about Apple zealots and DRM. DRM does matter. It matters because DRM tells us what we can and cannot do with the software/media that we bought. It matters because we, as in the user, have to give up control of our computers and files when we accept DRM. It matters because if nothing changes within the next few years, we're all going to be using locked down computers. I have lusted for Macs since OS X was released years ago, but since the Intel switch and Apple's stance with DRM, I have lost much of my enthusiasm with Macs and Apple in general. I don't want to buy a machine with TPM chips that may be used for much more evil purposes (such as locking down my media). I want to buy a machine that does what I, the customer wants, not what Apple or Microsoft or the **AA wants. Thankfully I can still buy and build some computers that aren't DRM-encumbered.

DRM matters. That's the bottom line. And I, for one, am not going to give up my freedoms, even for "ease of use" and other minor benefits. Nobody should tell me what I can do with my media, or with a certain OS (points at Apple and OS X), but that's why I don't use that stuff anyway; I prefer to be free instead.

Sally has no choice but to pay for another copy of Windows,

• freebsd
• openbsd
• netbsd
• gnu-darwin
• ReactOS
• SuSe
• Fedora
• Debian
• Gentoo

-- Your comment has too few characters per line (currently 8.2).

It's very easy to get a FreeBSD/KDE desktop up and running.

You could also give PC-BSD a try, It's an offshoot of FreeBSD designed for desktop use. It uses KDE (3.5.1), GUI installer, has auto updating stuff, self-contained program packages (Like on Mac's) and simple GUI package & system management tools, and many other cool stuff.

http://www.pcbsd.org/
http://www.freebsd.org/
-------------------
Anyways... KDE has completely won me over. My opinion is it's *better* then Windows and almost as good as Mac OS X, just wait till KDE 4 is out! The three KDE/QT apps I can't live without are Qalculate!, amaroK, and Quanta Plus. It would be nice if you could build Firefox, OOo, and Java with QT, and have KDE bindings.

"Mr. Liu said the major thrust of the Chinese effort to regulate content on the Web was aimed at preventing the spread of pornography or other content harmful to teenagers and children.

fine, sites like this: http://et.21cn.com/portray/ , this: http://tu.tom.com/list/beauty.html , this: http://www.qihoo.com/site/tietu/index.html ... are totally accessible China sites for Chinese teenagers and children of any age... (yep, they're NOT pornography and harmful content, maybe I'm just too sensitive...)

dear poor blocked http://www.freebsd.org/ you're more harmful to teenagers and children in China...

To appease them, Intel and Silicon image came up with a bolt-on encryption system

Wait, this Silicon Image?

If their encryption system works as well as their SATA controllers, I suspect either it will be cracked in a week, or will just plain not work to begin with.

man, from beijing, trying to access http://www.freebsd.org/ I got "The connection to the server was reset while the page was loading." from firefox...

Works fine for me, and I'm in Beijing too (standard China Netcom residential connection in Jinsong district).

man, from beijing, trying to access http://www.freebsd.org/ I got "The connection to the server was reset while the page was loading." from firefox...

go and have tor (http://tor.eff.org/) and privoxy (http://www.privoxy.org/) set up, that's the perfect tools combination for web surfing...

and if you have gentoo linux (http://www.gentoo.org/ just type:

# emerge tor privoxy

to install and play with them :)

why would anyone block http://freebsd.org/ ?? china does, why would anyone block sourceforge.net?? china does, why would anyone block news.bbc.co.uk and not cnn.com ?? ask china... so many sites are blocked, i speak of this from inside china.

and why doesn't slashdot.org provide https://? so we can post these comments without tor?