Slashdot Mirror

Vista is far more secure than Lunix.

CMU CLis a Common Lisp compiler/interpreter (written in cl). Its code is just beautiful - after about 1-2 months since my first contact with lisp I understand nearly everything at first glance. (SBCL also have very nice code). OpenBSD's code (written in C) is also very clear and pretty.

The Open BSD web site says 2 in 10 years.

Apparently ALL anti-virus software gives false positives. Most of the users have little technical knowledge, and the software makers want to give the impression their software is more useful than it really is. I've seen numerous false positives on systems I use. One "virus" was a text file, with a .TXT extension, and nothing in it but documentation!

But why is anti-virus software so important? Apparently only because Microsoft profits more when its software is full of bugs and malware, and Microsoft is very adversarial toward its customers.

The true cost of a Microsoft operating system is perhaps 10 times its retail cost, because of the heavy maintenance expenses.

Microsoft's anti-customer behavior: Here are some paragraphs I wrote to someone having problems with temp files taking gigabytes of drive space.

On one computer I checked, temp files were stored in 49 different places, and that includes only temp file folders made by the Windows operating system and not temp file folders made by application software.

Why doesn't Microsoft provide a utility to find all the temporary file folders and delete the files when starting or shutting down the computer? Apparently because the company is heavily engaged in adversarial behavior. Most people don't know that temporary files are a problem, and they certainly don't know where to find them; that was a challenge even for me. The temp files sometimes take so much space that there is not enough free space, and the file system begins running much slower.

The file defragmentation program won't run when there is limited free space. A fragmented file system is much slower. And most people don't even know that the defragmentation program exists, or why they should run it. So, their computers become imperceptibly slower and slower until they buy a new computer.

That's apparently why Microsoft software has so much malware, also. At present, there are 30 known vulnerabilities in Windows XP alone that haven't been fixed. There are 7 known vulnerabilities in the latest version of Microsoft Internet Explorer browser the the company has not fixed.

Some people say Microsoft software is targeted more often because there are so many copies in use. However, it is well known how to write secure software. Apparently Microsoft managers don't let their programmers finish their work.

Many people who don't know how to keep Microsoft products running buy new computers. Every time someone buys a new PC, they buy a new copy of the Microsoft operating system, even if they already owned a copy. So Microsoft makes more money if the company has defective products.

Microsoft gives each new version of Windows a new name, and many people think the new version is a new product. Somehow it has been arranged that people pay the full amount for new versions, instead of an upgrade price.

The New York Times article Corrupted PC's Find New Home also makes that point.

Note that the Apple operating system, OS X, and the Open BSD operating system have very few vulnerabilities. (The Open BSD web site says 2 in 10 years.) So it is possible to make a secure operating system. The volunteers that make the Open BSD system do security reviews of software to make sure vulnerabilities are not released to customers.

We use Microsoft operating systems because of historical reasons, and because it is expensive to change. In actuality, the business very seldom uses software that runs only under Microsoft Windows, and that is only in specific departments, where it would be easy to provide a second computer.

Because just slapping their OS on a machine somewhere means nothing, because you'll have to 'open up' features on it in order to get much value from it.

Alas, this is true of any O/S. If you want to run it securely, you need to understand the issues in some depth. That's why I used the word serious. I don't think ease-of-use really enters into the equation here.

I mean, take a quick look at the OpenBSD website. What's the first thing you see? "Only two remote holes in the default install, in more than 10 years!" What would the equivalent statement be for Microsoft? The number would be three or four orders of magnitude higher.

Thinking about it, that is probably why you're so keen to sideline the discussion into ease-of-use issues: there's no way you can win this one on technical merits.

This outburst just comes from watching too many people with 'slap OpenBSD on it' attitudes who don't seem to get it.

You seem to be sugesting that a lot of people are installing OpenBSD out of a "ricer" mentality. Like putting racing stripes on your car, and expecting an increase in performance. I can't say I've noticed this personally, but I expect it does happen. The thing is that this still doesn't make XP a better choice. Just as putting stripes on a milk float isn't going make it go any faster, taking the stripes off a Ferrari isn't going to slow it down any, either.

It's also worth noting that the "2 exploits in over ten years" blurb talks about the default install, which suggests that even a naive out-of-the-box installation is still likely to have better security than XP.

It's like I said at the outset: if you're serious about security, you're probably running OpenBSD. You're almost certainly not running a Microsoft OS.

He always produces some pretty good songs to accompany the releases as well http://www.openbsd.org/lyrics.html

The negative reaction is very simple to understand. Most people here do not want to see the OSI being relevant or authoritative in any way, but simply wish for the FSF to be the sole arbiter of the definition of FOSS, and/or the ability to enforce said definition.

All the comments focus on the fact that OSI != "open source". Please provide any supporting evidence that concerns the FSF in this (especially funny since the FSF dislikes the term "open source" and never uses it).

Personally, I think that sucks.

Well, then don't worry any longer since the reason for your sulking only exists - as usual, unfortunately - in your head. Let it go and be happy.

The OSI allow for a far more inclusive definition, with a broad plurality of licenses.

Any specifics? All the generally used licences are considered free software by both. Others aren't simply present in the FSF site. Curiously the Apache Licence 2.0 is in both sites as free software, but OpenBSD doesn't think so. Perfectly within their right, but I'm hoping that you'll take this opportunity to warn all slashdoters about the "zealotry" of the OpenBSD "fanboys", that lack your beloved "inclusive definition" of "open source".

Of course, in the minds of FSF fanboys,

Oh my, wasn't expecting that one.

that's exactly the problem; they think the GPL is the only license with the right to exist.

Provide any reference to support this. Do visit the FSF Licences site, where they say, amongst other things, that "...If you want a simple, permissive non-copyleft free software license, the modified BSD license is a reasonable choice...". Also, for extra points, provide a similar statement from any BSD site, just to see their "inclusive definition" of licences (again, doesn't bother me and completely within their right).

They're going to seek the outright destruction of any organisation which tries to promote an idea contrary to that.

Now your delusions assume an epic scale, with total destruction. I would repeat the "provide supporting evidence" mantra, but when one reaches this point all bets are off.

What does my opinion matter, though? I'm just a troll;

Can't disagree with you there.

someone else opposed to the FSF juggernaut who therefore, in the minds of its' cultists, also needs to be erradicated, or at least silenced.

Ahh... now I see. By "silenced" you mean "made to actually support the completely ridiculous statements he makes". In your bubble world you shouldn't be called up on you complete BS, because it's an attempt to "silence" you, made by the "cultists" of the "FSF juggernaut". Well, just to make you wake up screaming at night I've updated my /. email to the FSF member one. I just hope you don't start seeing me stalking you or something.

Hooray for freedom.

Indeed. Freedom to say your, er, opinions, and freedom to actually give them any supporting substance. You seem to love the first, but fall short on the latter.

Good question. I haven't spent much time with any BSD system, but I've spent enough with SELinux (personal pet peeve: it's not `SE Linux', though `SElinux' or 'selinux' are acceptable) to know a bit about the difference. Pardon me if I wax loquacious...

In the computing world, the vast majority of security flaws come from bugs: improper handling of untrusted data leads to buffer overflows time and time again. Fix the bugs, and those security flaws go away. However, what about the ones you didn't catch? Someone is perfectly capable of discovering them, and exploiting them, until you discover the same problem and fix it. It's a vicious cycle, and you can never win: there's always another security hole, because there's always another bug. The security holes from bugs you haven't found yet are known as zero-day attacks, since any patches to the bugs have existed for zero days (or something like that).

The OpenBSD solution to the threat of zero-day attacks is to spend lots of time looking at its code, and reviewing its code, and testing its code, before vetting it to be `secure' enough to use. They do an excellent job: I don't know particulars, but I'd guess that an OpenBSD system out of the box is more secure than even a no-frills Linux distribution. They lock everything down, and generally don't run software that hasn't been tested thoroughly. Note, however, that you can poke holes in your shiny OpenBSD system by downloading and installing buggy code: Try any poorly-written FTP server, for instance, and watch your box get 0wnd.

The OpenBSD approach shouldn't really be seen as a choice, because every operating system that wants any hope at security needs to go through this process, of reviewing code time and again, and squashing those bugs dead. The deviation from other operating systems is the point where the code is declared to be `good enough', and put into production. OpenBSD developers are just really careful about declaring software to have reached that point. But they aren't perfect. Go to OpenBSD's website, and notice the text that says "Only two remote holes in the default install, in more than ten years!" Pretty good, right? Yup. However, as recently as three months ago, that read "Only one remote hole [...]". What gives? OpenBSD didn't handle some obscure IPv6 stuff right, and it was found that someone could run arbitrary code through this bug.

Does this mean that OpenBSD is a failure? No, though it does mean that they failed in their (rather lofty) goals at least twice (that we know about; I maintain they should change the banner to read 'Only X remote holes in the default install, in the last Y years, that we've discovered so far!'; but, that's just me). This doesn't (shouldn't) besmirch their reputation, and the OS is still one of the best, I'm sure. But ultimately, things like this will happen again; and inevitably, some cracker one day will write an OpenBSD exploit, and steal millions of credit card records because of an OpenBSD system which had a security hole, while the owner of the system believed it to be secure. In short, it's like most any other publicly available operating system: it tries really hard to be secure; and it is probably more secure than any of them, according to their accepted definition of having no security holes. It is an excellent goal, but it's ultimately impossible.

SELinux, which is the core of what was required of Red Hat Enterprise Linux 5 to pass this certification, is a very different approach to security. There're tons of things that go in to making SELinux, but I'll try to keep things as succinct as possible, at the risk of leaving (hopefully unimportant) things out. SELinux operates on the principle of `domains', which are made far more abstruse than they need to be. A domain is a

MAN pages do not cut it.

Try OpenBSD's man pages they are actually informative and up-to-date.

This

You are essentially greylisting manually and you may still be pissing off innoncent bystander. Why do all the work when you can the server do the work?

As an added bonus, you can slow down spammers. (spamd(8) - see fourth paragraph of description)

The BSD projects still use gcc and GNU C library

The BSDs most certainly do not use the GNU libc. While it is true that you cannot compile the system without gcc, you can definitely have a running BSD system with no GNU tools installed. It would be fairly bare bones (back to csh), but it's possible.

Here's a link to the OpenBSD libc for your browsing pleasure.

Far too many people are stuck on lines that have 128Kbps up and far too easily saturate the uplink and bog the whole connection down.

That's why it's handy to have a decent gateway which can prioritize TCP ACKs. If they get lost in the muddle your download speeds get hurt. It's covered here. (I link to the OpenBSD pages as that's what I use)

I don't hate Google like I do Microsoft. I staunchly disagree with Google's censorship of information in China, but, Yahoo does it too so that is not reason alone to hate either of them. I hear people grousing about Google's "monopoly." No, you have a number of choices: Yahoo, Altavista, Lycos, and Webcrawler (note: I am not endorsing any of these.) This is quite unlike the Microsoft of the 1990s. Linux was still quite immature and you really needed a stronger compsci and UNIX background. BSD was and still is a viable choice but it really took more advanced users. As much as I hate to admit, Microsoft was unfortunately, the only real choice for the non technically savvy until recently.

So, why do I hate Microsoft? They stifle innovation under a pretext of encouraging it. As other Slashdotters have noted, Microsoft takes the embrace, extend, and patent attitude towards open source. This is what happened with Kerberos and the infamous PAC. They extended the olive branch to MIT then effectively changed Kerberos enough to make it their own. If that wasn't IP theft, it damn well should have been. Beware of any project sponsored by Microsoft as, "the appearance differs from reality." My eye is presently on the XORP Extensible Open Source Router Project as Microsoft has taken a keen interest. Fortunately, there exists an implementation of BGP and OSPF that has been around longer than XORP and already outperforms it. See the OpenBSD project. Google, thus far, hasn't behaved quite like Microsoft; the coming years remain to be seen.

The patch was released on April 27. Now that's quick!

The OpenBSD project does a great job with security; other development teams could learn a lot from them.

The patch was released on April 27. Now that's quick!

The OpenBSD project does a great job with security; other development teams could learn a lot from them.

That's because, by default, there aren't any open ports.

Of course, if you really want secure by default, you know whom to call.

give it a break with this crap.

this is how you can build your own OpenBSD iso:

$ wget -r ftp://ftp.usa.openbsd.org/pub/OpenBSD/4.1/i386
$ wget -r ftp://ftp.usa.openbsd.org/pub/OpenBSD/4.1/{src,sys ,ports}.tar.gz
$ wget -r ftp://ftp.usa.openbsd.org/pub/OpenBSD/4.1/packages /i386/{what,ever,packages,you,want}.tgz
$ wget -r ftp://ftp.usa.openbsd.org/pub/OpenBSD/{what ever else}

$ mkisofs -o obsd41.iso -J -R -b 4.1/i386/cdemu41.iso ftp.usa.openbsd.org/pub/OpenBSD

you're either a fucking whiner or a troll.
go run your own project if you're so smart instead of telling other
people how to manage THEIR project.

give it a break with this crap.

this is how you can build your own OpenBSD iso:

$ wget -r ftp://ftp.usa.openbsd.org/pub/OpenBSD/4.1/i386
$ wget -r ftp://ftp.usa.openbsd.org/pub/OpenBSD/4.1/{src,sys ,ports}.tar.gz
$ wget -r ftp://ftp.usa.openbsd.org/pub/OpenBSD/4.1/packages /i386/{what,ever,packages,you,want}.tgz
$ wget -r ftp://ftp.usa.openbsd.org/pub/OpenBSD/{what ever else}

$ mkisofs -o obsd41.iso -J -R -b 4.1/i386/cdemu41.iso ftp.usa.openbsd.org/pub/OpenBSD

you're either a fucking whiner or a troll.
go run your own project if you're so smart instead of telling other
people how to manage THEIR project.

give it a break with this crap.

this is how you can build your own OpenBSD iso:

$ wget -r ftp://ftp.usa.openbsd.org/pub/OpenBSD/4.1/i386
$ wget -r ftp://ftp.usa.openbsd.org/pub/OpenBSD/4.1/{src,sys ,ports}.tar.gz
$ wget -r ftp://ftp.usa.openbsd.org/pub/OpenBSD/4.1/packages /i386/{what,ever,packages,you,want}.tgz
$ wget -r ftp://ftp.usa.openbsd.org/pub/OpenBSD/{what ever else}

$ mkisofs -o obsd41.iso -J -R -b 4.1/i386/cdemu41.iso ftp.usa.openbsd.org/pub/OpenBSD

you're either a fucking whiner or a troll.
go run your own project if you're so smart instead of telling other
people how to manage THEIR project.

give it a break with this crap.

this is how you can build your own OpenBSD iso:

$ wget -r ftp://ftp.usa.openbsd.org/pub/OpenBSD/4.1/i386
$ wget -r ftp://ftp.usa.openbsd.org/pub/OpenBSD/4.1/{src,sys ,ports}.tar.gz
$ wget -r ftp://ftp.usa.openbsd.org/pub/OpenBSD/4.1/packages /i386/{what,ever,packages,you,want}.tgz
$ wget -r ftp://ftp.usa.openbsd.org/pub/OpenBSD/{what ever else}

$ mkisofs -o obsd41.iso -J -R -b 4.1/i386/cdemu41.iso ftp.usa.openbsd.org/pub/OpenBSD

you're either a fucking whiner or a troll.
go run your own project if you're so smart instead of telling other
people how to manage THEIR project.

See http://www.openbsd.org/security.html.

After a while they stop issuing patches for old versions - 3.7 is old enough to be in this category.

So even if you have kept up security patches, by not upgrading, you do have possible issues.

I found this drawing particularly interesting. Notice how they show the penguin as the guy taking all the source. Rather hypocritical don't you think?

In other words, if you don't upgrade unless/until a new remote root exploit is found, you still have to worry about local users rooting your box (and don't forget that there typically are users like "www" etc. even when no actual person besides you has an account on the box; not a big problem for a firewall, most likely, but servers in general aren't automatically safe), and you still have to worry about remote priviledge escalation, remote denials of service and the like, too.

True, but you should also read about PrivSep, W^X, security levels, systrace and other important security mechanisms that mitigates those risks (while not entirely eliminating them). All of these (and more) make a well-configured OpenBSD machine a very tough nut to crack. So to speak.

To me, the best thing about OpenBSD is not that it is perfectly secure (that can't be achieved) but that security is taken seriously and all this mechanisms are activated by default. The excellent documentation, especially manual pages vs the GNU unreadable info pages mess, and reactive developper community are also big pluses in my book.

In other words, if you don't upgrade unless/until a new remote root exploit is found, you still have to worry about local users rooting your box (and don't forget that there typically are users like "www" etc. even when no actual person besides you has an account on the box; not a big problem for a firewall, most likely, but servers in general aren't automatically safe), and you still have to worry about remote priviledge escalation, remote denials of service and the like, too.

True, but you should also read about PrivSep, W^X, security levels, systrace and other important security mechanisms that mitigates those risks (while not entirely eliminating them). All of these (and more) make a well-configured OpenBSD machine a very tough nut to crack. So to speak.

To me, the best thing about OpenBSD is not that it is perfectly secure (that can't be achieved) but that security is taken seriously and all this mechanisms are activated by default. The excellent documentation, especially manual pages vs the GNU unreadable info pages mess, and reactive developper community are also big pluses in my book.

However, I'm very unlikely to upgrade to any new version; why change something that works perfectly?

nice troll. to add support for more platforms, new devices, new tools (hoststated niceness), bufixes, etc. are you the only OpenBSD user? do you expect progress to stop just because you're happy with the current state of things?

+5, Interesting my foot and other foot. good job, mods.

However, I'm very unlikely to upgrade to any new version; why change something that works perfectly?

nice troll. to add support for more platforms, new devices, new tools (hoststated niceness), bufixes, etc. are you the only OpenBSD user? do you expect progress to stop just because you're happy with the current state of things?

+5, Interesting my foot and other foot. good job, mods.

> I can't believe OpenBSD is still refusing to provide Official ISOs.

That's because you're a drooling retard. Pay attention, fuckwit:

          http://www.openbsd.org/faq/faq3.html#ISO

To which the stock answer is, yes OpenBSD does run Linux - Linunx binaries at any rate (linux_compat(8)). I don't know about OpenBSD, but on NetBSD this works very well. Before a native JDK 1.4.2 was available for NetBSD I ran the Linux binaries of it under emulation.

Why not a link to the .iso download page in the article?

I can't believe OpenBSD is still refusing to provide Official ISOs.

You mustn't exclude the OpenBSD 4.1 Release song from this article!

http://www.openbsd.org/lyrics.html
ftp://ftp.openbsd.org/pub/OpenBSD/songs/song41.mp3

You mustn't exclude the OpenBSD 4.1 Release song from this article!

http://www.openbsd.org/lyrics.html
ftp://ftp.openbsd.org/pub/OpenBSD/songs/song41.mp3

eliminates very near 100% of spam from zombie hosts, because they will never attempt to resubmit mail if the recipient mailserver is busy. All RFC-compliant mailservers will try back later if told to do so; zombies will not.

http://www.openbsd.org/cgi-bin/man.cgi?query=spamd

Speaking of OpenBSD, its firewall (pf) has an option to filter packets by originating operating system (very useful if you're adventurous and willing to add something like ' block in quick on $ext_if from any os "Windows" ' :) ).

Find out more about it here.

Linux has had documentation of dubious quality as long as I've been using it, since before TLDP. Even back in Redhat 5 days (or earlier, on old Slackware) it was a crap shoot whether you'd get a man page returned for any arbitrary command or system call. More likely than not you'd get nothing returned for third-party software, and this has not improved with the advent of package management systems. I'm not sure why Linux has had such a hard time maintaining consistent, accurate and up-to-date manual pages, but I suspect the development model is at least partly to blame. So is the lack of coherent focus on what format documentation should take (e.g. the total waste of time that are "info" pages - if it's a better format, fine - just PICK A FORMAT, ANY FORMAT and ship complete and up-to-date docs IN THAT FORMAT. Users should not have to go troll the Intarwebs to find out how to use system tools and the like.)

In contrast, take a look at OpenBSD's man pages sometime - for users who grew up on Linux and haven't used a BSD, OpenBSD in particular will blow you away with the quality, accuracy and completeness of its man pages. _Every_ system command, system call and most programming artifacts have complete and well-written manual pages that ship with the system. Software from the ports tree, with few exceptions, also includes quality man pages. For those who are used to having to spend lots of time finding accurate and updated documentation, knowing that the man pages are always reliable and current is a godsend. (Not to mention the irritation of needing documentation on e.g. one's firewall software, and having to go to the Internet to find it, when your Internet connection is down due to firewall software misconfiguration ...)

The problem with Linux and BSD has always been that developers don't like to document what they have developed.

The problem with Linux and BSD has always been that developers don't like to document what they have developed.

The problem with Linux and BSD has always been that developers don't like to document what they have developed.

Which sounds great until you realize the website is lying. Or at least misleading.

http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ ssh/LICENCE?rev=1.19&content-type=text/x-cvsweb-ma rkup is the only description of openSSH's license that counts, and it's one long enough to confuse me whether it's GPL is allowable or not. That said, I can't find anything relevant on debian-legal about it, so the GP may be mistaken.

I hate to fan the flames here, but am I the only person on the planet who's noticed that the infringing code is still in the public CVS repository? Sure, it's deleted from the most recent revision, but still fully accessible by checking out older revisions. See here for just one example; the path was trivial to figure out from Marcus' email to the list notifying us of his decision:

http://www.openbsd.org/cgi-bin/cvsweb/src/sys/dev/ ic/Attic/bcw.c

It's entirely possible to completely strip files out of a CVS repository, but that's not what has happened here. So I tend to question the sincerity of some of those involved.

Some people need to get a grip.

>They _are_. Actually, these seem to be the _only_ facts that are relevant to the discussion in the first place.

It hasn't been relevant for more than two days now
http://www.openbsd.org/cgi-bin/cvsweb/src/sys/dev/ pci/Attic/if_bcw_pci.c

>It's interresting that people seem to think _I_ have to apologize, as the OpenBSD developers

You don't owe an apology to the OpenBSD developers you owe an apology to *ONE* OpenBSD developer Marcus Glocker. You called him a thief in public smeared his name without doing him the courtesy of contacting him about the problem. I hope if you ever make a mistake in public the aggrieved party is a lot more understanding.

It's a good idea to kick such people out of the project. Why is that? Because they often go off on their own, and create their own projects that often far exceed the usefulness of the project they were booted from. The BSD world has two good examples of this: OpenBSD, and Dragonfly BSD.

In the case of OpenBSD, Theo was ejected from the NetBSD project, and has gone on to create the most secure general-purpose operating system known to mankind. Matt Dillon will be doing something similar with the Dragonfly BSD project. In short order it will be the only BSD-based system able to scale well on the 100- to 500-core CPUs we will soon be seeing in typical, low-end desktop systems. There have even been predictions that it'll scale better than Solaris and IRIX on lone systems with 1500 to 3000 cores.

So do us all a favour, and kick those people out. What they will create will trump whatever it is you are working on.

The question is whether the GPL (any version) is harder to understand than any other licence. If not, then you don't need a lawyer just for the GPL v3.No, you are wrong. All of us who agree to those contracts (EULAs) are crossing our fingers and hoping it all works out or are ignorant of the law. As individual users we do not, so far(we'll see), have much to worry about when we blindly agree to those EULAs.

But as a developer or corporate user, I have much to worry about.

No sir, I like to have my ducks in a row as much as I can and I don't like gambling too much as you suggested.

And to add, considering your comment, I can tell that you're not a lawyer and you're assertions that there isn't a problem should be ignored.

If you are serious about this sort of thing then you should consult an attorney as you suggested. I would not think you necessarily have to retain one, though it's always a good idea to have one on hand for other complexities of running a business. I've never done this myself, but I understand there are attorneys who will go over a contract for you for a few hundred dollars. It's not like there's a shortage of competition.

You could always use the BSD license instead; after all, it has been described as giving complete freedom even if you want to make a baby-mulching machine with the software. Or there's the Bugroff License, which was clearly created to answer this very problem. There used to be a "Penis Bird Troll" on slashdot who created the "Penis Bird License," which was simply "no restrictions on use." The problem with the Bugroff and Penis Bird licenses is that they seem a bit frivolous and their humour might backfire in that on the one hand, especially in the latter case, it might be difficult to market your software to some companies under such a license just because of the name, and on the other hand, it probably would agitate lawyers.

If you're distributing your own original work, you can use whatever license you want. You can even hire someone to write it for you. If you are going to use other people's work you have to learn what the license means, and a lawyer is always a good idea when it comes to these kinds of questions. You do have one additional recourse in that the FSF does employ lawyers and are more than happy to discuss and explain the GPL to you including any implications from the specific application you intend. If getting advice from the people who wrote both the software and the license, the latter with the help of their lawyers, is not enough then you are definitely right about needing a lawyer.

Personally, I would think that before I got too far in running a business I would make sure I either had money to hire one, or, failing that, that I knew one I could get hold of and pay for these sorts of things. I think most people fall into the latter category (individuals and small businesses) and as I said lawyers can be had for piecemeal jobs like that for reasonable prices specifically because they know this is a market where they can thrive. Believe me as scary as the GPL may seem to you in terms of complexity there are far more dangerous hazards to be faced in business, what with liability, contracts, etc. I'd be willing to bet that you're more likely to be sued by an angry customer than you are by the FSF.

OpenBSD and its PF.

True redundancy? Check. Just add a 1 or 2 extra machines and setup CARP.
Load balancing? Check.
Most secure OS ever made? Check.

And OpenBSD 4.1 is just around the corner. Its going to have the new 'hoststated' daemon which will be able to monitor services on remote hosts, and automatically remove or add back their IPs into loadbalancing pools.

Just don't forget to show the OpenBSD folks your appreciation by purchasing a few copies of the OS, a few t-shirts or donations. They deserve it.

I just set one up and it was easy. And best of all the PF syntax is very straight forward.

Real linux users use BSD, http://www.lemis.com/grog/

http://www.freebsd.org/
http://www.apple.com/macosx/
http://www.openbsd.org/
http://www.netbsd.org/
http://www.dragonflybsd.org/

That condition is not a whim, is the only mechanism known to work to protect Free as in Speech in software. Free code as in the BSD and MIT licenses is how software was created at the beginning, and it quickly derived into an incompatible set of compiting closed, proprietary systems.

Yeah, it was awful. All the BSDs went away, and nobody used their code anymore.

Seriously, though, the BSD license has worked out well for many projects. I don't know who said this, but "the goal of the GPL is to make all software free; the goal of the BSD license is to make all software better."