Slashdot Mirror

It should also be mentioned that buying a CD set helps fund the project. The price is low and the value high. You can get it here (many local resellers too).
---
AC using OpenBSD 4.2/i386 and GNOME 2.18 (*hides*) ;-)

One thing I never really figured out with OpenBSD is why errata patches are handled the way they are. Why doesn't OpenBSD offer binary updates? For example, here are the instructions to fix errata entry 009 ("Fix possible heap overflow in file(1), aka CVE-2007-1536."):

Apply by doing:
cd /usr/src
patch -p0 < 009_file.patch

And then rebuild and install file:
cd usr.bin/file
make obj
make cleandir
make depend
make
make install

Given that I installed from binary packages as do most users, and I might not even have a compiler installed, the startup cost of following those steps is fairly substantial. It seems like it would be easier for someone at OpenBSD to run those commands, see which files changed, wrap them up into a tarball, and distribute those - at least for the most popular architecture or two.

Now, I'm not saying they should do this or that they owe it to us end users to do it. I just mean that it'd be amazingly convenient with a seemingly minimal amount of extra work. Am I wrong about what would be involved?

Since the submitter didn't bother linking to their site (!!?), if you want to try out some of these amazing new features and improvements instead of just reading about them, you should head over to the OpenBSD 4.2 page and snag a copy!

Flawed? So what's the nature of this flaw? Well, it doesn't really, well, work. Not as such. Not as such. Yeah, we've heard there's some BSD firewalls already out there, and apparently some of them are supposed to be pretty secure, but... hell, we don't need firewalls, this is a Mac! And, as the strip "Osama Bin Laden's Computer Nightmare" in the latest issue of Viz so perspicaciously pointed out, Macs can't get viruses.

Flawed? So what's the nature of this flaw? Well, it doesn't really, well, work. Not as such. Not as such. Yeah, we've heard there's some BSD firewalls already out there, and apparently some of them are supposed to be pretty secure, but... hell, we don't need firewalls, this is a Mac! And, as the strip "Osama Bin Laden's Computer Nightmare" in the latest issue of Viz so perspicaciously pointed out, Macs can't get viruses.

For fuck's sake, OpenBSD can't even offer a modern version of WINE in their ports (the one they offer is from 1999, and is broken to boot)

The ports tree is 3rd party stuff, not OpenBSD. Why don't YOU contribute instead of whining.

When a Port Is Lagging Behind the Mainstream Version

"The ports collection is a volunteer project. Sometimes the project simply doesn't have the developer resources to keep everything up-to-date. Developers pretty much pick up what they consider interesting and can test in their environment."

"If you really need a new version of a port, you should ask the MAINTAINER of the port to update the port....if you can send patches for this, all the better. To create proper patches, you should refer to the documentation on building ports."

That "vulnerability" was even mentioned as implementation bug on the manual page since 2002! That was an overrated piece of FUD. http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1#BUGS Niels couldn't defend his tool because he was chair of Woot 07. Very unfair. He did ask OS developers for modifications in parameter checks for system calls, as to make that safe it should be kernel side. No matter what similar tool you use, arguments can be abused. Only kernel space checks can be 100% safe.

An interesting "read" (slide show) on issues related to the article -- http://www.openbsd.org/papers/ven05-deraadt/index.html

From your Wikipedia link:

ASLR is enabled by default in Linux since 2.6.20

Since that release was made on 2007-02-05, you could more accurately say that "Linux, of course, has been doing it for months". OpenBSD didn't even really get a strong version of it until 3.8, and that wasn't quite 2 years ago. It sounds like Windows had problems with it as recently as February 2007, but maybe that's fixed now.

This is still fairly cutting-edge stuff. It's not like they just now implemented memory protection for the first time.

This comes about as GPL zealots decided that freedom isn't free enough. BSD freedom consists of Freedom: retain this license and this copyright. Follow those rules and you can do what ever you want.

Whatever. You. Want. Baby mulching machines included. http://www.openbsd.org/cgi-bin/cvsweb/src/sbin/ipf/Attic/ipf.c

The GPL is not free. Free+conditions is not free++, but free-- or, more accurately, (symbol: less than) free.

I appreciate the work done, but I don't care for the zealotry. You can't dictate freedom.

It may seem that the licenses let one _distribute_ it under either
license, but this interpretation of the license is false -- it is
still illegal to break up, cut up, or modify someone else's legal
document, and, it cannot be replaced by another license because it may
not be removed. Hence, a dual licensed file always remains dual
licensed, every time it is distributed.

"Take a look at the CVS logs from the first year of the OpenBSD project"

"Only two remote holes in the default install, in more than 10 years!"

Theo, in fact, tries to take credit for OpenSSH, which remains a pretty funny joke if you know the timeline and the history.

Did you actually read the license? I don't think so. "# Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
# Neither the name of the nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission." http://www.opensource.org/licenses/bsd-license.php So you can use it freely, but you cannot strip the license. Why is this so hard to understand for Linux people? Isn't it enough just to use it? No they want the GPL mark on top of it too. And furthermore: http://openbsd.org/policy.html So just leaving the license intact isn't freedom anymore? According to this reasoning, the GPL is pure slavery :-)

Since previous iterations of this discussion have been dominated by wildly inaccurate characterizations of the BSD license, it seems only proper to actually include it:

http://ftp.bg.openbsd.org/OpenBSD/src/share/misc/license.template

/*
* Copyright (c) CCYY YOUR NAME HERE
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/

To break it down even further:

• You must keep the text of the license intact in any copies you make.
• So long as you keep the text of the license intact, you may do pretty much anything else you like with it.

Now, obviously, slapping a copy of the GPL in the file is within your rights to “use, copy modify, and distribute” the software. However, it is entirely pointless to do so: the GPL places additional restrictions on what you may or may not do with the code, yet those restrictions are voided by the fact that the BSD license — and, let’s not forget, removing the BSD license is the one thing that the license forbids — grants you those very rights that the GPL takes away. In order for the restrictions of the GPL to be effective, you must remove the BSD license, which you cannot legally do.

Now, can we please stop this nonsense about the BSD license giving you the right to re-license code under the GPL?

Cheers,

b&

blablabla

It is not like the code in http://www.openbsd.org/cgi-bin/cvsweb/src/sys/dev/ic is free from several non-trivial contributions from madwifi and other linux process (read the changelogs). In disrespect for this, Reyk also unilaterally removed the dual license of several of these files a few months ago.

You are not seeing the whole picture here, there has been mud throwing between both camps on several occasions in the past year. In the beginning Theo and Reyk saw no problems with the relicensing, but several things happened (personal problems between some guys egos being the main issue). What you are seeing now is the result of that.

Furthermore, you an Theo are talking about "linux guys" as if the whole group of linux kernel developers is somehow at fault. Nothing could be further from the truth. The issue centers around very few people who are working on this. On both the linux and bsd side. In the past, some of them worked together,and are even co-authors on some files.

I think Theo should thread a little more careful with his fud, because there are several other issues that could be stirred up in return. Perhaps we see it it happening in a few weeks.

Obviously not, because you cannot just take something and slap a lable that says, "I made this, it's mine," on any random thing you see. You really need to read up on how copyright works, you must have made what a judge declares a significant addition before you have the right to claim ownership over an item, and even then, it doesn't remove the other person's ownership of the original work.

No, Theo is arguing that there is no derived work at all in this case. Copyright law in the US (which Theo cites) and abroad requires that changes to the original be substantial for the result to qualify as a derived work.

* Copyright (c) 1982, 1986, 1990, 1991, 1993
  * The Regents of the University of California. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
  * notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
  * notice, this list of conditions and the following disclaimer in the
  * documentation and/or other materials provided with the distribution.
  * 4. Neither the name of the University nor the names of its contributors
  * may be used to endorse or promote products derived from this software
  * without specific prior written permission.
  *
  * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *

I am also confused about the BSD bitching.

Yes. You are confused. Very. That's because you haven't really taken the time to read the BSD license (or the ISC license). I also suggest that you read the nice links Theo provided on Copyright laws.

Let me break it down for you: msft can take the code and use it. It cannot take the code and rip the Copyright license off.

  http://www.openbsd.org/cgi-bin/cvsweb/~checkout~/src/share/misc/license.template

/*
  * Copyright (c) CCYY YOUR NAME HERE
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
  * copyright notice and this permission notice appear in all copies.

Second sentence on the page is: This driver is based on the source code from OpenBSD, and is provided under the same BSD-type License.

I understand the desire to see your code under the license of your preference but realistically if you're getting a huge leg up (as is the case with Reyk's code for this wireless driver) why would you release your minor modifications under an incompatible license? If you believe in share and share alike give back to the original author the same way you received. It's just common courtesy when dealing with open source.

In one of the previous discussions a helpful poster quoted Theo saying that he thought the relicensing was a moral issue - ie that Linux devs had taken code and made it 'less free''. This is a view I can appreciate, as FLOSS developers should be pooling efforts as much as possible. but the spirit I understand. I think it was more of a "Hey guys, you're meant to be on our side! We can't use this code anymore!". Of course, I find it hard to reconcile with the BSD license saying 'do what you want, just credit us'. I can understand his frustration though.

I thought the legality was clear cut - the code in question said [roughly] license under either BSD or GPL, and in any case saying 'follow BSD and GPL' is the same as saying 'follow the GPL' (was it Moglen that said that?).

I like OpenBSD, I've even donated, and I think Theo is a clever guy who does occasionally make some very good points. Problem is, I think he tends to assume the worst intentions in people - I don't think defusing situations is high on his agenda. Maybe if a more conciliatory tone was taken, we could find a solution that satisfies both the Linux and BSD devs.

What you're saying is wrong, wrong, wrong!

http://www.openbsd.org/faq/faq1.html#ReallyFree

arrgh! This.

If you want to look for a well supported wifi chipset just look at this list: http://www.openbsd.org/i386.html. If you pick something off that list then run OpenBSD you get a fully functional and supported open source driver and as an added benefit you get to use OpenBSD. :)

... I don't understand why anyone would connect any machine directly to the Internet without some type of hardware firewall.

That is what the Internet is for. You're projecting Windows' problems onto real computers. There is no reason why a router or hardware firewall should be necessary to add security -- they're both computers with instructions and flaws. Increasing the number of hardware pieces increases the number of failure points at the cost of also increasing latency and reducing actual bandwidth.

There are only three reason why a computer needs to be isolated from the Internet:

• There are not enough addresses in the IPV4 space to expand forever. IPV6 fixes that.
• The network administrator's convenience.
• Experience has shown the software provider doesn't know how to write or fix network code. These links can help with that.

The fact that code released under the GPL can not be closed is a lack of freedom which BSD doesn't have.

Communistic in this case refers to the "community" and the high value that the GPL places upon keeping code available to the community as a whole - this is the principle of communism that I refer to: a higher value is placed on the rights of the community than the individual. GPL simply places higher values upon the rights of the community. BSD places high value on freedom to choose by the individual and the community.

The GPL's sad devotion to it's community (aka communistic) principle creates a lack of freedom and a number of serious adoption problems for many considering using, extending and modifying GPL'd software.

For example, lets say you take a BSD copyrighted program such as Apache, OpenBSD, FreeBSD, or any other large program and make some minor changes.

As someone who has published software licensed the same software under the GPL and the BSD it's clear that BSD trumps GPL rules at anytime - allowing software published in this manner to override any GPL'd rule, phrase, sentence, paragraph or concept

List: openbsd-misc
Subject: Re: Linux Driver Violates BSD License
From: "Constantine A. Murenin" [...]
BTW, since this is misc@openbsd.org, people might be interested to
know about the history of the licensing terms of ath(4) in OpenBSD.

OpenBSD's ath(4) consists of two parts:
1. a driver, copyrighted by Sam Leffler of FreeBSD
2. a HAL, copyrighted by Reyk Floeter of OpenBSD

What Theo explained above concerns the OpenHAL code. OpenHAL is the
Linux name for madwifi driver connected with reyk's entirely free and
open source ath(4) HAL code.

Sam originally put a dual BSD/GPL licence onto his driver code.
Reyk always put a BSD-style licence onto his HAL code.

At the time OpenHAL was forked from OpenBSD, OpenBSD's ath(4)
_driver_, but _not the HAL_, was dual licensed.

As already mentioned, OpenBSD's ath(4) HAL, written by Reyk, was
_never_ dual licensed. See the history on /sys/dev/ic/{ar52{10,11,12}{.c,{reg,var}.h},ar5xxx .{c,h}}.
http://www.openbsd.org/cgi-bin/cvsweb/src/sys/dev/ ic/#ar5210.c

Few months ago, Sam changed the licence of _his_ code to a 2-clause
BSD licence. Sam had every right to do so, because he was and is the
only copyright holder of that code, as the licence header of the
driver file indicates, in FreeBSD, OpenBSD etc.

http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/dev/ ath/if_ath.c#rev1.170
http://www.freshbsd.org/2007/06/06?project=freebsd &committer=sam

Reyk committed Sam's changes to OpenBSD the same day, so now,
OpenBSD's ath(4) is _entirely_ BSD-licensed, with no alternative
licensing available.

http://www.openbsd.org/cgi-bin/cvsweb/src/sys/dev/ ic/ath.c#rev1.64
http://www.freshbsd.org/2007/06/06?project=openbsd &committer=reyk

However, what Jiri Slaby does in his diff is simply outrageous. He
changes the licensing terms of the code _he does not own_ _at his own
will_. A clear copyright violation.

As I can see from that diff on LKML, Jiri Slaby doesn't even have his
name as the copyright holder in many of the ath5k files that he tries
to change the licensing terms of. In other files, he is not the only
author, so he can't change the terms unless _all_ other copyright
holders agree to the new terms.
I'm very upset that certain people think they can get away with such a
blatant disrespect of the copyright law. I trust that this violation
won't be left unnoticed.

What I personally don't understand, however, is that if Jiri Slaby
thinks that he can simply change the licence of someone's code without
explicit agreement of that someone, then why on earth does he think
that changing the licence to a more restrictive one will offer him any
protections, as, presumably following his logic, other people could
later change the licence to whatever they feel like, in the very same
illegal manner as he did in the first place. IMHO, that is the real
question that he has to answer.

Constantine.

List: openbsd-misc
Subject: Re: Linux Driver Violates BSD License
From: "Constantine A. Murenin" [...]
BTW, since this is misc@openbsd.org, people might be interested to
know about the history of the licensing terms of ath(4) in OpenBSD.

OpenBSD's ath(4) consists of two parts:
1. a driver, copyrighted by Sam Leffler of FreeBSD
2. a HAL, copyrighted by Reyk Floeter of OpenBSD

What Theo explained above concerns the OpenHAL code. OpenHAL is the
Linux name for madwifi driver connected with reyk's entirely free and
open source ath(4) HAL code.

Sam originally put a dual BSD/GPL licence onto his driver code.
Reyk always put a BSD-style licence onto his HAL code.

At the time OpenHAL was forked from OpenBSD, OpenBSD's ath(4)
_driver_, but _not the HAL_, was dual licensed.

As already mentioned, OpenBSD's ath(4) HAL, written by Reyk, was
_never_ dual licensed. See the history on /sys/dev/ic/{ar52{10,11,12}{.c,{reg,var}.h},ar5xxx .{c,h}}.
http://www.openbsd.org/cgi-bin/cvsweb/src/sys/dev/ ic/#ar5210.c

Few months ago, Sam changed the licence of _his_ code to a 2-clause
BSD licence. Sam had every right to do so, because he was and is the
only copyright holder of that code, as the licence header of the
driver file indicates, in FreeBSD, OpenBSD etc.

http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/dev/ ath/if_ath.c#rev1.170
http://www.freshbsd.org/2007/06/06?project=freebsd &committer=sam

Reyk committed Sam's changes to OpenBSD the same day, so now,
OpenBSD's ath(4) is _entirely_ BSD-licensed, with no alternative
licensing available.

http://www.openbsd.org/cgi-bin/cvsweb/src/sys/dev/ ic/ath.c#rev1.64
http://www.freshbsd.org/2007/06/06?project=openbsd &committer=reyk

However, what Jiri Slaby does in his diff is simply outrageous. He
changes the licensing terms of the code _he does not own_ _at his own
will_. A clear copyright violation.

As I can see from that diff on LKML, Jiri Slaby doesn't even have his
name as the copyright holder in many of the ath5k files that he tries
to change the licensing terms of. In other files, he is not the only
author, so he can't change the terms unless _all_ other copyright
holders agree to the new terms.
I'm very upset that certain people think they can get away with such a
blatant disrespect of the copyright law. I trust that this violation
won't be left unnoticed.

What I personally don't understand, however, is that if Jiri Slaby
thinks that he can simply change the licence of someone's code without
explicit agreement of that someone, then why on earth does he think
that changing the licence to a more restrictive one will offer him any
protections, as, presumably following his logic, other people could
later change the licence to whatever they feel like, in the very same
illegal manner as he did in the first place. IMHO, that is the real
question that he has to answer.

Constantine.

BSD users believe in no graven images

What about the FreeBSD daemon (as shown on their site? Or the strange thing looking like a furball riding a seahorse on the OpenBSD site? :)

I am not directly involved with the OpenBSD project. However I am an OpenBSD user and (small) donor, and I do appreciate their attitude towards software freedom.

Asking strictly for myself, and without any knowledge about who you are or what your projects are, would you please relicense them to add the ISC license?

Thanks!

(No Funny mods, please... I'm quite serious.)

I am not directly involved with the OpenBSD project. However I am an OpenBSD user and (small) donor, and I do appreciate their attitude towards software freedom.

Asking strictly for myself, and without any knowledge about who you are or what your projects are, would you please relicense them to add the ISC license?

Thanks!

(No Funny mods, please... I'm quite serious.)

Some points...

a) ath5k_hw.c /ah5k_hw.h / ath5kreg.h and ath5k.h do not come from openbsd tree, they have code from bsd (that's why Reyk's copyright is there) but are written from scratch. They first appeared on madwifi svn (http://madwifi.org/changeset/2232) and are part of madwifi-old-openhal project. They have a different layout (eg. code is not split per-chip as in openbsd cvs but it's common for all chips, lot more documentation on registers etc) and you can see that changes have been done since http://madwifi.org/log/branches/madwifi-old-openha l/openhal (initial register writes for example are done in a different way than original openbsd code). So it's a derivative work or a "fork", not a "copy" as the license says ("copyright notice and this permission notice appear in all copies."). So if those files had from start a GPLv2 license it wouldn't be a problem (since they are not "copies" of the original code and author's copyright -Reyk's- is still there so there is no copyright violation either).

b) Original author of those files (mickflemm) later uploaded them on madwifi svn repository again but now with a different license (http://madwifi.org/changeset/2670), GPLv2 as you see (Reyk's copyright is still there of course)...

So where is the problem ???

I see no violation, only people calling other people thieves (http://www.osnews.com/story.php/18528/Linux-Devel opers-Steal-OpenBSD-Code-for-Wireless-Driver) and this is really anoying !!!

Also have in mind that Madwifi team have provided patches on openbsd (you can see that on openbsd cvs http://www.openbsd.org/cgi-bin/cvsweb/src/sys/dev/ ic/), so "bad linux developers against openbsd" scenario doesn't apply here...

To summarize the whole thing IMHO is nonsense, Theo just wanted to make a point against linux developers after a serious (even copyright was removed) violation commited on openbsd's cvs (http://lists.berlios.de/pipermail/bcm43xx-dev/200 7-April/004370.html), not a test branch like -mm, the core cvs. Also have in mind that Theo back then criticized Mike for doing this on a public mailing list etc and now he didn't say a thing about publicity.

http://www.openbsd.org/cgi-bin/man.cgi
http://openbsd.org/faq/index.html
http://www.freebsd.org/doc/en_US.ISO8859-1/books/h andbook/

http://www.openbsd.org/cgi-bin/man.cgi
http://openbsd.org/faq/index.html
http://www.freebsd.org/doc/en_US.ISO8859-1/books/h andbook/

Take a look at a more recent versions for comparison. The C is a lot longer, but I'm not convinced it's more readable.

For those who are interested, a C version of the game is part of OpenBSD:
ftp://ftp.openbsd.org/pub/OpenBSD/src/games/advent ure

I first played Adventure in 1979 via a TI Silent 700 thermal paper terminal (with built in 300 baud acoustic modem) connected to a PDP-11/83 running Seventh Edition UNIX at Bell Labs. Yep, I'm that old.

OpenBSD's systrace manpage appears to mention this problem in the BUGS section:

Applications that use clone()-like system calls to share the complete address space between processes may be able to replace system call arguments after they have been evaluated by systrace and escape policy enforcement.

Or see http://www.openbsd.org/cgi-bin/man.cgi?query=systr ace&apropos=0&sektion=0&manpath=OpenBSD+Current&ar ch=i386&format=html

If you haven't looked at it already, you should glance through the OpenBSD source code. It's truly remarkable how well-written it is. But I wouldn't consider it "beautiful". I think studly is a better word. It's rugged, strong, and built to handle the toughest of the tough.

If you haven't looked at it already, you should glance through the OpenBSD source code. It's truly remarkable how well-written it is. But I wouldn't consider it "beautiful". I think studly is a better word. It's rugged, strong, and built to handle the toughest of the tough.

It helps there if the account for daily use has no sudo or admin privileges.

The next step would be keep things in order by applying the Write XOR Execute principle to disk partitions: put the user home directories on their own partition, mounted noexec, put everything else on another mount it read-only. /var can be symlinked to a directory in /home.

Knowing the partition sizes is the only tricky part.

Security-oriented systems are even applying the Write XOR Execute principle to memory

I mean, it was a given that, given increasing market share, Apple becomes interesting for malware. No system is 100% secure.

The sources are in src/usr.bin/rcs in the CVS repository. Just check it out and run make (might need to be a BSD make, not a GNU make). Or install a recent version of OpenBSD.

Subversion isn't a better cvs. It doesn't use the same formats as cvs.

Migrating the cvs repos and users over to subversion would be a pain.

Check out the slides from a presentation Ray Lai gave on OpenCVS:
http://www.openbsd.org/papers/bsdcan07-cvs/

Just read up a little bit about OpenBSD, and you'll notice they are not afraid of complexity. Examples that come to mind are pf, OpenBGPD, W^X, etc.

Besides, choosing a stable and secure algorithm is not a bad idea. See this post for a valid example.

Finally, I can't help but notice that Subversion is available as an OpenBSD package, so quit your yakking already.

Sheesh, anti-OpenBSD trolls these days.

I've killed some time on this since it's a pretty interesting idea. It turns out there are plenty outside the D and F range. It does seem to like pages with a single Flash object and not much else, so that's bad. It also makes some pretty arbitrary decisions which don't mean squat to many sites. There are some sites that get enough traffic that speed is a factor but not so much that a content delivery network is really necessary, for example.

I skipped the actual link and score on sites that are pretty much just representative of the sites around them. I wanted to include them by name, though, to show where they fall. I've stuck mostly to main index pages, and I've noted where I've gone deeper.

A: Google (99%), Altavista main page (98%), Altavista Babelfish (90%) (including upon doing a translation from English to French), Craigslist (96%), Pricewatch (93%), Slackware Linux, OpenBSD, Led Zeppelin site at Atlantic (100%), supremecommander.com, w3m web browser site (96%)

B: Apache.org (87%), the lighttpd web server (84%), Google Maps, which also got a C once (84% in most cases), Perlmonks (84%), Dragonfly BSD (85%), Butthole Surfers band page (81%), 37 Signals

C: One Laptop Per Child,, ESR's homepage, the Open Source Initiative (78%), Google News (73%), Lucid CMS (74%), Perl.org (75%), lucasfilm.com, Charred Dirt game

D: gnu.org, The Register, A9 (66%), kernel.org, Akamai (64%), kuro5hin.org, freshmeat.net, linuxcd.org, Movable Type (61%), Postnuke, blogster.com, Joel on Software (67%), Fog Creek Software, metallica.com, gaspowered.com, Scorched 3D (68%), id software (64%), ISBN.nu book search

F: MS IIS (49%), microsoft.com, msn.com, linux.com, fsf.org, discovery.com, newegg.com, rackspace.com, the Simtel archive (26%), CNet Download (29%), Adobe (58%), savvis.com, mtv.com, sun.com, pclinuxos.com, freebsd.org, phpnuke.org, use.perl.org, ruby-lang.org, python.org, java.com, Rolling Stones band page (56%), powellsbooks.com, amazon.com, barnesandnoble.com, getfirefox.com

My site for my company (96%) gets an A (no, I'm not going to get it slashdotted) which is pretty simple but has a pic and some Javascript on it. Several sites I have done or have helped design with someone else get C or D ratings.

OpenBSD patched this back in 1997 Search for "OpenBSD" in that page.

http://www.openbsd.org/advisories/res_random.txt http://cr.yp.to/djbdns/forgery-cost.txt

I have to say the best way that i've run across so far to stop drive by spamming (a bot comes online and blows out a couple thousand messages then shuts down)

Is http://www.openbsd.org/spamd/ with greylisting. It's an email deferral daemon. Effectively it will stop any email from a non RFC spec email server. Which of course is pretty much every botnet out there. Now it won't by itself stop real email servers from spewing spam at you, but it stops all of the bots, and even soaks up valuable time from those said spammers.

Add to the fact that you can just inline it infront of your email servers with no configuration changes to your email server or mx records, and it's beatiful.

Just an easy way to remove botnet spammers.

AC