freebsd.org · Domains · Slashdot Mirror

There's a lot of them by gruntvald · 2000-11-27 21:33 · Score: 1 · on Geek Charities?

You can donate to many worthy projects:

Re:So many BSD's... by afinlay · 2000-11-26 00:20 · Score: 1 · on NetBSD 1.4.3 Released

Personally I don't think *BSD can be compared to a distrubution of Linux. I think of Linux as a police force and *BSD as the FBI. *BSD is more stable, more professional, more rock hard kick ass. I picture Linux to be more slick, stable, personal and cool. There are three main BSDs, FreeBSD, NetBSD, and OpenBSD. As far as I know, FreeBSD seems to be focused on stability, and being robust. OpenBSD is focused on security. NetBSD seems to be focused on being a server and running on many platforms.

Re:Poor article & microkernels arch. are dead by natenate · 2000-11-23 10:21 · Score: 1 · on JKH on OS X

The design issue is only fascinating the tech people, but does not offer a profit for a real use-case.

Take QNX RTP/4 for example. It can stay up and functional regardless of the situation, even through hardware installations. This is an assett for many uses; Nuclear Fuel monitoring, etc... Try that with a monolithic kernel.

OK, FreeBSD is also very portable, but it is also a monolythic kernel design, like LINUX. (is FreeBSD also available on Mainframes ??) But do not assume, that Mach3 gains the protability of FreeBSD !! At last, please only count real distributions not possible hacks !!

It's NetBSD! Not FreeBSD!

On the MainFrame issue... Show me any corporation that uses Linux on a mainframe (for actual work), and I'll show you one poorly managed corporation. Anyway, to answer your question, NetBSD isn't available on a mainframe, but is Linux available (functionaly) on a VAX?

---------------------------
I may not agree with what you say, but I will defend to the death your right to say it.
--Voltaire

minor mishap with the ISO image by step · 2000-11-22 02:38 · Score: 2 · on FreeBSD 4.2 Is Out

fresh from the freebsd-announce mailing list:

Due to a last-minute problem (a build error, not a bug with KDE or FreeBSD itself) which was discovered with the KDE packages on the Intel architecture ISO image for 4.2-RELEASE, I've updated the image at:
ftp:/ /ft p.freebsd.org/pub/FreeBSD/releases/i386/ISO-IMAGES /4.2-install.iso
I also took the opportunity to include the windowmaker package, which was mistakenly left off (and referenced by one of FreeBSD's canned Desktop profiles).
The new MD5 checksum for this image is:
MD5 (4.2-install.iso) = 7eec8a2e4bc2211fccf18b5a6fd5b55e
If you do not have any interest in installing the KDE desktop or windowmaker and you have already grabbed the previous installation ISO then you can safely ignore this announcement; nothing else was changed.
Apologies to everyone who downloaded the first ISO image and had an unsatisfactory KDE experience. Excrement occurs.
- Jordan

Re:Why not use Solaris instead? by mosch · 2000-11-20 22:53 · Score: 2 · on FreeBSD 4.2 Is Out

Actually, there are patches for zero copy sockets and NFS for FreeBSD-current. It's bleeding edge, but if you want zero-copy, it might be worth exploring, at least for future development.

-- "Don't trolls get tired?"

fucking troll by mosch · 2000-11-20 22:50 · Score: 2 · on FreeBSD 4.2 Is Out

Maybe because ummm... we want/need to use free software.

I'd respond further, but honestly, it's really evident you're:

Trolling (poorly)
Really damned stupid
Uneducated

Anyway, if I'm wrong, then go do some real computing, and come back when you've answered your own question.

-- "Don't trolls get tired?"

Re:Beware by ozzmosis · 2000-11-20 22:25 · Score: 1 · on FreeBSD 4.2 Is Out

first off , freebsd releases a daily snapshot which is tested by 100's of people DAILY!

Sure there is a few bugs to work out. But if you would please tell me 1 o/s that doesnt have bugs to work out.But I gurantee you this , there is not a boot bug. there is too much testing done to release something of that poor quility.

heres the links to the daily snapshots. ftp://releng4.freebsd.org (for -STABLE) and for ftp://current.freebsd.org

Re:Beware by ozzmosis · 2000-11-20 22:25 · Score: 1 · on FreeBSD 4.2 Is Out

first off , freebsd releases a daily snapshot which is tested by 100's of people DAILY!

Sure there is a few bugs to work out. But if you would please tell me 1 o/s that doesnt have bugs to work out.But I gurantee you this , there is not a boot bug. there is too much testing done to release something of that poor quility.

heres the links to the daily snapshots. ftp://releng4.freebsd.org (for -STABLE) and for ftp://current.freebsd.org

Re:Dammit... by ps · 2000-11-20 21:31 · Score: 2 · on FreeBSD 4.2 Is Out

The Java 2 is availible in /usr/ports/java/jdk12-beta as well as ;Ta r file We've been running it with no problems for some time now

Quick link to the release notes / changelog by StandardDeviant · 2000-11-20 20:29 · Score: 4 · on FreeBSD 4.2 Is Out

For those of you who might be curious and lazy, here's a quick link to the RELNOTE S.T XT for this release (i.e. the changelog/release notes).

--

Incorporate kqueue/kevent from FreeBSD by yusufg · 2000-11-18 21:17 · Score: 1 · on What Does The Future Hold For Linux?

It would be nice to have in 2.5 a kqueue/kevent interface similar to FreeBSD 4.x Maybe something like Schedular Activations

CTM by elbuddha · 2000-11-17 07:39 · Score: 2 · on CVS Via E-Mail?

CTM does this.

Server side, the CTM server runs a script which identifies changes, compresses them, puts a sequence number on them, and emails them out. Client side, ctm.rmail decodes and applies the changes.

CTM was developed for use with FreeBSD, but could be used for any source repository.

Re:Security hole in *BSD TCP stack by scott4000 · 2000-11-03 09:47 · Score: 1 · on BSDi Is Livin' On The Edge!

If your web browser does not parse that address correctly, just grab release #23 from ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/

Re:Security hole in *BSD TCP stack by scott4000 · 2000-11-03 09:41 · Score: 1 · on BSDi Is Livin' On The Edge!

Ahem, ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/ FreeBSD-SA-00%3A23.ip-options.a sc. v1.1

I am *THE KING* by Carlos+Laviola · 2000-11-02 10:35 · Score: 1 · on Quickie Twister

If you don't believe, check this picture. Yes, my score is now 0.001. Yes, call me king.
BTW, no hardware/software cheat used, I just had a lot of luck to release the button so fast. The kind of thing that happens once in a billion times. Yet, I am the king.
If anyone gets a higher score (if there is one) and has a screenshot, send me the link!

--
Q: How does a Unix guru have sex?
A: unzip;strip;touch;finger;mount;fsck;more;yes;umoun t;sleep

Re:Security hole in *BSD TCP stack by topos · 2000-11-02 09:59 · Score: 1 · on BSDi Is Livin' On The Edge!

Please compare this to the original advisory.

Re:DIY by envisionary · 2000-10-24 20:41 · Score: 1 · on Desperately Seeking Secure and Reliable Email?

Gahhhh, what are you thinking..... I can easily get FreeBSD 3.5-Stable loaded and setup to do NAT & Firewall with about 200mb of diskspace on a 486/25.

But what's really interesting is the picoBSD project which can do all this AND fit on a single floppy. So you can keep your MFM disk to pull apart and make frisbees/rearview mirror decorations/ or whatever else fancies your imagination. And it will run on a 386...

Expansion on the DIY approach by Tiny+Ego · 2000-10-24 04:49 · Score: 4 · on Desperately Seeking Secure and Reliable Email?

If you're going to take the DIY approach, you should either be an experienced UNIX admin, or get yourself up to speed as fast as you can. The Aileen Frisch book Essential UNIX Administration (or Esential System Administration) is a good place to start. For running a mail server, also check out sendmail.org and Claus Assman's useful site on configuring sendmail.

I had similar paranoid security concerns, so I set up OpenBSD. It was a fairly painless install, provided you read the directions. I set up sendmail, UW-IMAP, IMP, and access it via secure http. UW-IMAP has some serious security concerns, but it's much easier to compile than Cyrus, my preferred IMAP server.

If you're new to UNIX admin though, try looking at FreeBSD. This is hands down the simplest UNIX installation I have ever done. It was almost as simple as starting the installation, walking away, and coming back when it was done. It also doesn't hurt that FreeBSD has excellent network performance.

TinyEgo

Re:What bothers me... by bugg · 2000-10-23 03:47 · Score: 1 · on A Devil Of A BSDCon

How do you manage to mention the linux compatiblity layer, which provides support for 97% of the closed source Linux OSes, but then turn around and say there aren't any applications?

Have you looked through the FreeBSD Ports Tree lately?

Re:A remark from Don Knuth on the subject.. by Ed+Avis · 2000-10-22 21:51 · Score: 2 · on "e-mail" vs "email"

Also note Tom Christiansen's list Userspeak vs Hackerspeak. In particular:

C:\ -> root# ==== email -> mail emails -> messages

Not that I'd consider tchrist's opinion definitive :-)

Re:Run BSD instead. by Ded+Bob · 2000-10-17 23:16 · Score: 1 · on HURD For 'Big Iron'?

It might still be a hardware issue. I will always suspect the hardware first before the software. Having replaced the following all on one machine:

Video card.
Monitor (Got the shakes after about 30 minutes of being on)
Hard drive (bad firmware)
Mouse (Netrek damaged the left button :))
CD-ROM twice (Power died and loud operation)
Motherboard and memory (DOD - fried)
Memory again (thank you ECC)

Here is a link concerning PCI cards showing up twice: i386/10935. Is this the problem you are referring to?

Re:He should play up the comparisons to Microsoft by dwyn · 2000-10-12 02:31 · Score: 1 · on An Open Letter From Bob Young

First: RedHat's target market is made of the non-geek users who don't know how to recompile a kernel or install a different version of GCC. These are the users that need to be lured away fro Microsoft; <troll> All geeks use Debian, FreeBSD or OpenBSD anyway. </troll>

Given this, let's compare:

Microsoft asserts its market share by bundling products that users have no (easy) way to remove, and by using proprietary technology to give their own products an edge. (hidden APIs, for example)

RedHat asserts its market share by bundling products that users have no (easy) way to remove (much easier than Microsoft, but see the first paragraph above), and by using complicated open-source technology to give their own distribution an edge. (C++ binaries that are not compiled with GCC 2.96 won't link against the C++ library supplied with RedHat due to C++ name mangling; the user must either get a statically linked version (which isn't usually provided), compile from source (which they don't know how), or stick with RedHat's products).

There's a big difference between "it can be done" and "it will be done"; it's called barrier to entry.

For the last time, Darwin is not BSD! by yerricde · 2000-10-11 02:06 · Score: 2 · on RH7 Crashes In Three Weeks (But Fixed)

Mac OS X's kernel (Darwin) is not your typical monolithic BSD kernel. It's a Mach kernel with a layer of BSD-like services around that. Darwin is Nearly-Free Software under the Apple Public Source License.

<O ( \ XPlay Tetris On Drugs!

Security compaired to FreeBSD's jail? by Spoing · 2000-10-08 19:25 · Score: 2 · on User Mode Linux

While User Mode Linux and FreeBSD's jail have different designs, what are the security differences between the two when used as sandboxes?

From what (little) I know of UML, I'd have to give jail the nod since it's focused on security, uses less overhead per-process (?), as well as having a focused and simple design.

Consider FreeBSD by mi · 2000-10-05 03:29 · Score: 2 · on Apache vs IIS in Performance?

Besides just being a nice OS, it had just made itself even better suited as an Internet server (for most services). The recent (end of July -- part of the 4.1.1 release) addition of the socket filtering, coupled with the dataready and httpready sample filters should help ANY web-server -- they ensure, the server is not bothered (from accept(2)) until the data-packet has arrived (for dataready) or until http-headers have arrived (more specialized httpready).

The next Apache release will have the FreeBSD code to use this filters (already committed in CVS-tree, AFAIK) or you can patch any other server to use them -- including an earlier release of Apache. Here is an example -- a patch for Apache (and Apache's documentation).

Look for the SO_ACCEPTFILTER option in setsockopt(2) and the accept_filter(9) ).

According to my source, using this on busy sites (where keep-alives are already disabled) may bring down the number of Apaches needed 5-10 fold...

-mi

Consider FreeBSD by mi · 2000-10-05 03:29 · Score: 2 · on Apache vs IIS in Performance?

Besides just being a nice OS, it had just made itself even better suited as an Internet server (for most services). The recent (end of July -- part of the 4.1.1 release) addition of the socket filtering, coupled with the dataready and httpready sample filters should help ANY web-server -- they ensure, the server is not bothered (from accept(2)) until the data-packet has arrived (for dataready) or until http-headers have arrived (more specialized httpready).

The next Apache release will have the FreeBSD code to use this filters (already committed in CVS-tree, AFAIK) or you can patch any other server to use them -- including an earlier release of Apache. Here is an example -- a patch for Apache (and Apache's documentation).

Look for the SO_ACCEPTFILTER option in setsockopt(2) and the accept_filter(9) ).

According to my source, using this on busy sites (where keep-alives are already disabled) may bring down the number of Apaches needed 5-10 fold...

-mi

Consider FreeBSD by mi · 2000-10-05 03:29 · Score: 2 · on Apache vs IIS in Performance?

Besides just being a nice OS, it had just made itself even better suited as an Internet server (for most services). The recent (end of July -- part of the 4.1.1 release) addition of the socket filtering, coupled with the dataready and httpready sample filters should help ANY web-server -- they ensure, the server is not bothered (from accept(2)) until the data-packet has arrived (for dataready) or until http-headers have arrived (more specialized httpready).

The next Apache release will have the FreeBSD code to use this filters (already committed in CVS-tree, AFAIK) or you can patch any other server to use them -- including an earlier release of Apache. Here is an example -- a patch for Apache (and Apache's documentation).

Look for the SO_ACCEPTFILTER option in setsockopt(2) and the accept_filter(9) ).

According to my source, using this on busy sites (where keep-alives are already disabled) may bring down the number of Apaches needed 5-10 fold...

-mi

Consider FreeBSD by mi · 2000-10-05 03:29 · Score: 2 · on Apache vs IIS in Performance?

Besides just being a nice OS, it had just made itself even better suited as an Internet server (for most services). The recent (end of July -- part of the 4.1.1 release) addition of the socket filtering, coupled with the dataready and httpready sample filters should help ANY web-server -- they ensure, the server is not bothered (from accept(2)) until the data-packet has arrived (for dataready) or until http-headers have arrived (more specialized httpready).

The next Apache release will have the FreeBSD code to use this filters (already committed in CVS-tree, AFAIK) or you can patch any other server to use them -- including an earlier release of Apache. Here is an example -- a patch for Apache (and Apache's documentation).

Look for the SO_ACCEPTFILTER option in setsockopt(2) and the accept_filter(9) ).

According to my source, using this on busy sites (where keep-alives are already disabled) may bring down the number of Apaches needed 5-10 fold...

-mi

Re:Sprinkles bits? by Prolog-X · 2000-09-25 06:08 · Score: 1 · on Is Napster Too Invasive?

you could run any untrusted app in a chroot jail.

If you're running FreeBSD 4.0 or 4.1, the jail(2) (Slashdot story) system call is available. jail(2) is much more powerful than chroot(2). The author of jail(2), Poul-Henning Kamp, described jail as:

UNIX has always been designed around two levels of users: root and everybody else. While this is a simple and strong security model, it has disadvantages when it comes to delegating administrative tasks to more or less trusted persons. The FreeBSD ``Jail'' facility provides a way to compartmentalize a server in such a way that the root-privilege for one compartment can be handed over to non-trusted persons without compromising the security of the entire machine. Creating "virtual machines" this way has many uses.

FreeBSD's Installer? Funny. by Eladio+McCormick · 2000-09-22 11:22 · Score: 1 · on Debian Plans New Installer For Woody

John K. Hubbard himself has described FreeBSD's installer as "Evil Incarnate" (section 3.2 of the link given).

What Debian's installer should be like: by pschmied · 2000-09-22 07:28 · Score: 3 · on Debian Plans New Installer For Woody

FreeBSD.org.

Seriously though. FreeBSD really has a great way to install. It's not as colorful, or graphical as some others, but it really is the epitome of easy--if you know what packages you want.

I usually start with the standard install, select the X-Developer package, the ports and then any stray packages.

Then for those truely wonderful programs that they can't fit on one CD (yummm.... LyX is good.) I cd /usr/ports/category/portname, then make install.

FreeBSD is really a great system for novices, or expert people who like things to Just Work(tm).

I think that FreeBSD really represents the best of the Ncurses based installers.

Whatever they do, I hope they stick with the ncurses install. It is just as easy as the graphical system and a whole lot less more reliable.

-Peter

Not just for college... by lactose99 · 2000-09-19 12:22 · Score: 1 · on Constructing A Geek House

I live in Atlanta (Virginia Highlands area), I'm not in college, and I live in what could be considered a geek house. I work for an ISP in the area, and I decided to move out of my ultra-cramped apartment. I managed to find a steal of a house... well, half a house. Its been subletted into two seperate dwellings, one upstairs, and one in the basement. The basement dwelling was available. I quickly moved into this place, put an add out on Yahoo, and found a like-minded techie working in the same field as myself. Both of us being geeks (him, an NT administrator, and myself a security engineer using Linux and BSD), we had half an army of computers between us, so we signed-up for DSL through Speakeasy, I setup FreeBSD on a spare PPro200 for a NAT-firewall, and we now have 7 PCs running various operating systems (Linux, FreeBSD, OpenBSD, WinNT, Win2k, and Win98) with all the bandwidth we really need for around $60 a month.

Just goes to show that a) you don't need to be in college to have a geekhouse, b) FreeBSD can make a damn good firewall, and c) its all possible in Atlanta. Good luck with your searching!

Re:FreeBSD MFS by Arker · 2000-09-19 05:28 · Score: 1 · on Other Uses For The Linux RAM Disk?

Well I was not able to confirm this, although there is a lot of excellent humour and information, there are only three very brief mentions of MFS in the FreeBSD FAQ and none of them say anything about it resizing itself (although it might be inferrable from the fact that there is no mention of a flag to set it's size.)

I am curious as to what purpose this serves, however. If, as was my impression, FreeBSD has the same sort of dynamic caching that Linux uses, this would only add an extra layer of overhead - and hurt, not help, performance. Any FreeBSD folks want to enlighten me? Is there actually any situation where this is useful, or is it an artifact from a time when the caching algorithm really sucked, or what? ;^)

Re:Problems with ports by Metrol · 2000-09-17 08:22 · Score: 3 · on Is It Time To Change RPM?

Firstly, it's not easy to update the ports tree itself

You're going about it the wrong way there. Have a look see at the FreeBSD Handbook for CVSup for more details on this. Also, if you don't already have a copy, go pick up "The Complete FreeBSD" from Walnut Creek. It's an outstanding book, and one that I found to be a much easier read than many of the Linux specific books out there. It has a chapter covering the ports tree that I think you'd benefit from.

Mind you, ports do have their problems. All in all, I think that it's a far better approach to software distribution than anything else that I've seen. A more in depth discussion of this, which even relates to this thread, was done a few weeks back right here on Slashdot, "Unified BSD packaging system?". One of the concepts brought up in that discussion I haven't seen mentioned in this one is if there is some way to unify all the *nix world rather than just the various flavors of Linux.

It sure would be cool to see a group work out the best of the best features from the leading methods of distributing software and bring it to all the platforms. Definitely not holding my breath for anyone to actually do this, just a pleasent thought just the same.

A pet peeve and a helpful document by mosch · 2000-09-17 07:25 · Score: 2 · on Is It Time To Change RPM?

A rich XML based syntax? Just a pet peeve of mine, but why does everything have to be XML based? It's like Microsoft saying that C++ is the first language to have the ability to have XML-based comments embedded in the code. Yep, it is. But is =head1 really any better or worse than ?

As for your requests for functionality, perhaps you should read Installation and package tools document, version 1.0 by jkh over at the FreeBSD side of the world. While I know I'll be burned at the stake for saying good things about FreeBSD on slashdot, that document has some excellent thoughts which the Linux world could also benefit from.
----------------------------

Re:No one tackles the hard problems by mosch · 2000-09-17 07:20 · Score: 5 · on Is It Time To Change RPM?

ask why a new version of a package was released?
see a list of changes between old and new versions?

Well, RPM does include a Changelog which should include why the package was released, and what changes were made. check the --changelog option.

tell the system to apply only security or high-priority fixes?

You can do this mostly by installing a distro, and then tracking a particular version of it. Redhat-6.2 has lots of updates, but all of them fall into your 'security/high-priority' category.

tell the system to automatically process all updates except those involving specified packages, which I want to approve on a case-by-case basis?

It's trivial to setup something like this where you mirror the appropriate dir on updates.redhat.com, then have a script which does an rpm -F foo.rpm on every rpm whose name isn't listed in 'no-auto-upgrade.txt'. However, given your original statement, it's not possible. You're saying that you want it to automatically everything, except it should psychically know what you want to pick and choose from. Ummm... no matter how you cut it, you'll at some point have to tell the system 'upgrade or no'.

tell the system never to upgrade packages that require upgrades of packages used by other software (eg, libraries)?

This is the default behavior of RPM. You have to use --nodeps to override it.

ask for packages that will help me convert GIF files to PNG?

You want natural language capability search built into your package manager? You've watched too much star trek. If however you did a quick search for RPMs that contained both 'GIF' and 'PNG' in their name on a site like rpmfind.net you'd find gif2png is readily available.

ask for only packages targeted at beginners?

I have no idea what use this is. Beginner is a very broad term. Is Enlightenment aimed at beginners? How about Windowmaker? The answer for both is a resounding maybe!, depending on the configuration. How about gcc, is that for beginners? After all, most computer barely-literates don't know how to use a compiler. And bind, that's definitely an advanced package right? unless of course you install a caching-nameserver rpm that helps the beginner have their own caching nameserver, then it's beginner. Or an obvious beginner package like grip, whcih isn't beginner at all, i mean, you have to know about mp3 encoders and cd rippers.

ask for only well-integrated, well-tested packages?

Use RedHat, they'll only give you these. If you stick to basics, unless you use Mandrake, you usually won't get anything that's not well-tested and integrated.

get reviews of a package?

Ah yes, all programs expand until they read mail. Or in your case, you're asking for the package manager to read newsgroups and mailing lists, so it'd be a newsreader too. Maybe we should just integrate this package manager of yours into emacs.

find out how to get started using a package?

The RPM format allows for certain files to be flagged as documentation and generally installs them in the path /usr/doc/$rpm_name. and man files in /usr/man. you can get a list of what it installed by doing rpm -qi package_name.

begin browsing the documentation for a package before approving a full installation?

again, you're asking the package manager to do things that just don't make sense. Why not read up on the software, then install it? Or just install it, and if it's no use to you, do an 'rpm -e'.

have some help in configuration updates?

These are called man pages, and documentation files. You read them and they help you. Or hell, if reading real documentation is too much work for you, then see if there's a HOWTO that you can peruse somewhere on the net.

Personally I use FreeBSD which has it's own unique set of strengths and weaknesses, and if you don't think anybody out there is thinking about this stuff, you should read this document which is a summary of the state of these things in FreeBSD, and some ideas on how to progress.

----------------------------

hemos is a newbie to bsd stories by The_Messenger · 2000-09-15 01:08 · Score: 1 · on Darwin Booting On x86

If it's a BSD story, it should have the daemon icon. If it's an Apple story, don't use the BSD color scheme. I guess Hemos doesn't realize how this works, since Nik Dickintheass usually posts the BSD stories.

Everyone already knows that Darwin works on x86. And everyone also knows that this has absolutely no impact on Apple's business plan, and does not mean that OS X will run x86. It's also irrelevant because there are several BSD-based systems which are much more worthy of x86 PC users' time.

Let's run through more facts that everyone should know. This has nothing to do with GNU/Linux or the GPL. It does not mean that Photoshop will work on FreeBSD. It doesn't mean that the Free Unix community will see an outpouring of money, code, or other support from Apple. All it means is that Apple decided to, for once, release a real operating system. They lack the talent to do so, as should be evident from MacOS 1 through 9. They found an excellent codebase, which, do to the wonderful BSD license, is essentially free (as in both pro bono and libre) for them to plunder however they wish. So they take twenty years of the best operating systems code ever written and, um, "embrace and extend" it with the GUI that Jobs brought with him from NeXT. Very "innovative". They then release this code, which allows Mac lusers run Photoshop without crashing, and allows them to get very rich with very little work.

Years of hard work and research from many real computer professionals associated with several projects across the country and around the world go to buy Mr. Jobs another few houses (hice?) and cars. Yay.

(And this, my friends, is flamebait. I love Fridays.)

---------///----------
All generalizations are false.

A *BSD running on x86? Amazing! by Anonymous Coward · 2000-09-15 00:37 · Score: 2 · on Darwin Booting On x86

I thought I'd never see something so amazing as this.

Active defense against portscanning by rxmd · 2000-09-13 06:05 · Score: 1 · on Making Your Linux Box Secure

I'm running a small server in a bit of a jeopardized environment (it runs, among other things, an anonymous remailer). It runs a software called Port Sentry by Psionic, among other stuff. I think the software is qute qood, and I'm posting it here so that you might give it a try.

Portsentry works by attaching itself to a configurable number of ports. When it detects a port scan, it simply uses firewall rules to block IP traffic to the address the scan came from. You can easily configure your firewall to drop the respective rule after some time. It detects TCP as well as UDP scans at a configurable sensitivity. If you're evil-hearted, you can configure it to put in some retaliatory action, but I wouldn't recommend that because you don't know whom you're hurting. On systems that don't run a firewall, the IP address can be dropped by assigning it a dead route.

While the methods employed are quite basic, it's a very useful, more or less minimalistic tool that definitely adds to the security of the site. I'm using it under FreeBSD 4.1-STABLE, where it's in the ports collection, but it says it works for other BSDs as well as Linux and ipchains-based firewalls just as well.

Active defense against portscanning by rxmd · 2000-09-13 06:05 · Score: 1 · on Making Your Linux Box Secure

I'm running a small server in a bit of a jeopardized environment (it runs, among other things, an anonymous remailer). It runs a software called Port Sentry by Psionic, among other stuff. I think the software is qute qood, and I'm posting it here so that you might give it a try.

Portsentry works by attaching itself to a configurable number of ports. When it detects a port scan, it simply uses firewall rules to block IP traffic to the address the scan came from. You can easily configure your firewall to drop the respective rule after some time. It detects TCP as well as UDP scans at a configurable sensitivity. If you're evil-hearted, you can configure it to put in some retaliatory action, but I wouldn't recommend that because you don't know whom you're hurting. On systems that don't run a firewall, the IP address can be dropped by assigning it a dead route.

While the methods employed are quite basic, it's a very useful, more or less minimalistic tool that definitely adds to the security of the site. I'm using it under FreeBSD 4.1-STABLE, where it's in the ports collection, but it says it works for other BSDs as well as Linux and ipchains-based firewalls just as well.

It's the OS, stupid. by Animats · 2000-09-08 10:56 · Score: 2 · on Is Netscape's Code Falling Apart At The Seams?

It's not the browser. It's the OS. Over 95% of a web browser should be running with essentially the privileges a Java sandboxed applet is supposed to be limited to. But available OSs don't let you lock down a process that hard. That's the problem. Trusting some gonzo app is never going to work. Serious security theorists realized this twenty years ago.

This constant discovery of huge holes may finally generate a push for serious operating system security. One can hope. Although neither the Linux nor Windows worlds have done anything that really solves the problem, FreeBSD's Jail(2) call has real promise. Note that unlike chroot(2), which is for root only, user processes can call Jail(2), which makes it much more useful.

So get busy, get something like Jail(2) into Linux, and reorganize Mozilla so most of it runs in jail mode. That will kill the problem, instead of just injuring it slightly.