Slashdot Mirror

Fortunately, in the traditional Unix world outside of Linux there really is such thing as sensible default options, even for a thing as "low-level" as the kernel.

Actually, I knew I was going to fall in love with OpenBSD the moment I read this entry in the FAQ:

5.6 - Why do I need a custom kernel? Actually, you probably don't.

the correct openbsd link

Tiny 300-gram Qtopia Linux-based PDAs with 4GB HDD, 416MHz CPU, 65K-colour 640x480 screen, mini QWERTY keyboard, CF/SD/USB/IrDA and what-else are commonplace in Japan but you can buy them for 800 Euro in North America and Europe if you click here or here or here, and their interface is even translated in English. If you feel like installing your own Linux distribution on this PDA, click here. But you can also install OpenBSD on it, as you can see if you click here.

• Get an extra PC on the backbone of the network, so it can monitor all the traffic. Anything bigger than a x486 is good enough, say with 128MB or more of RAM.
• Install OpenBSD ( http://www.openbsd.org/ ) on it (most hardened free OS around, so the hackers can't take you down so easily).
• Install SNORT ( http://www.snort.org/ ) on it. Configure to work as a network IDS and keep it up to date with the latest vulnerability/virus plugins.
• Once SNORT gets wind of an infected machine, set it to do one of three things:
• • If you have the tech skills to set it up, have SNORT block out the switch port where the offending PC is plugged in AND send you a message. When the owner cleans up their act, reactivate the port and restore connectivity.
  • Else, have SNORT send you a message with all the details and YOU do the port blocking, if you can. The rest proceeds as above.
  • Else, have SNORT send you a message so you can bitch whomever has the capability to block the port. The rest proceeds as above.
• If your authority is so puny that you cannot do any of these things, you could resort to sending out a mail to all the rest of the users of the network, and letting them know who the miscreant screwing up their connectivity is, and let peer pressure do its thing...

mcsaba@mcsaba$ pkg_info | grep openoff
openoffice-2.0.20050422 Integrated wordprocessor/dbase/spreadheet/drawing/chart/...

http://cvs.openbsd.org/papers/auug04/

Theo talks about how OpenBSD uses various available processor features to increase system attack resilience, w/minimal performance impact. The design choices made for architectures with differing degrees of per-page protection are presented. The concepts are not at all OpenBSD-specific, although the implementation discussed is, of course, OpenBSD.

Most spam engines don't use a mail queue, which is why greylisting works so well.

As for spamd's greylisting, yes, it is another way to implement it. It has an inconvenience, IMHO, requiring a database, whereas my skem keeps the state in a way, that's easy to monitor and alter without special utilities -- relying on the filesystem for efficiency.

You did not really look into it before rushing to "plug" your favorite operating system here, did you?

Try my milter -- it should build on OpenBSD without a problem...

Most spam engines don't use a mail queue, which is why greylisting works so well.

As for spamd's greylisting, yes, it is another way to implement it. It has an inconvenience, IMHO, requiring a database, whereas my skem keeps the state in a way, that's easy to monitor and alter without special utilities -- relying on the filesystem for efficiency.

You did not really look into it before rushing to "plug" your favorite operating system here, did you?

Try my milter -- it should build on OpenBSD without a problem...

This way the accidentally blacklisted server has several days to straighten things out while the really spammy server gets overloaded with huge mail queue.

Most spam engines don't use a mail queue, which is why greylisting works so well.

How many open-source graphics packages are there? One (Gimp).

Actually there are two others that turned up in a simple google:

http://www.inkscape.org/
http://www.sodipodi.com/

Without OSX and Windows, there is only one operating system left.

There are in fact several open source OS's besides linux, some based on unix some not:

http://www.reactos.com/
http://www.freedos.org/
http://www.netbsd.org/
http://www.openbsd.org/
http://www.freebsd.org/

It is true that certain packages tend to dominate if they are clearly better than the others (such as Gimp or Apache) However in some areas their is still no clear 'winner' such as the battle between KDE/Gnome. This is just natural evolution in progress.

I can tell ya that their aren't many issues that will get the collective hippy minds a buz and focused but security and data loss will. We started few stoned hippies and a small operating system and that lead to security to the and a realy parandoid one and aparently even have a www.420.org and what we do alot>

As to quote "Unix is simple. It just takes a genius to understand its simplicity. -- Dennis Ritchie"

Now let's say you, the user, spent as much time as you have in the Windows or Mac OS, to learn something like OpenBSD, Linux or HP-UX - a "Unix" of some sort, you would have no problem grasping the simplicity of Unix and Unix-like Opertaing Systems. Also, OpenBSD is user-friendly, it is just that your perspective of user-friendly-ness has been distorted by the view of Windows or Mac OS.

The above could be said if a user is switching from Windows to Mac OS or vice-versa, purely because you have got used to Microsoft's/Apple's idea of what user-friendly-ness is.

Are you expecting a GUI or Curses front-end? - neither of which can make any program/operating system more useable by adding a point and click interface.

And on another note: OpenBSD is for the Developers, it says so on http://www.openbsd.org/ - it just so happns other people use it.

those "stupid geek songs no one cares about" had all bee explained in plain english, ie the currents lyrics are about:

What is up with some free software providers?! They say "Here's something free! Oh wait, I changed my mind." While not exactly bait-and-switch, this is something which has been causing the community continual grief, and therefore we decided to honour a few of the projects that have decided to go non-free. After all.. having gone non-free, no one is going to remember them in the end. This song is dedicated to a few worthy groups who have made this Free-to-Non-Free transition with their offerings in the last few years: * David Dawes worked for years with a team of developers to make a free X11 distribution for us to use, called XFree86, 98% of which was based on entirely free code from MIT. Suddenly, one day, he decided that we must give him more credit (ie. advertise his name) or stop using it. Within about 4 months every project had told him to get stuffed, and the community has created a replacement effort. Now his team cannot even keep their web pages up to date... * OpenBSD was the first operating system to integrate a packet filter, and it was the ipf codebase from Darren Reed that we chose. But a few years later he told us that we were not free to make changes to the code. So we deleted ipf, and our new packet filter far exceeds the capabilities of the one he wrote. And other projects are switching too... * The Apache group started from the humble beginnings of just being 'a patchy' set of changes to a completely free web server of dubious quality. But the years have changed them, and what they supply is now quite non-free... released under a license so entangled in legalese that we have absolutely no doubt that there are encumbrances hidden within. Legal terms protect. Who are they protecting? Not your freedom. So here's a goodbye to those three groups, and a warning to any others who will follow them: Make your stuff non-free, and something else will replace it.

Don't forget OpenBSD, NetBSD, or DragonFly BSD.

What stops all this? A real, heretofore unknown high-level security model, that actually says "The email program can access stored email data, preferences, and can talk to the network on this port, to these hosts" and "the word processor cannot talk IRC" and so forth. This requires a rich resource model, rethinking data storage metaphors, the whole nine yards. Unix does not have this.

Unknown? Not really. OpenBSD has had this for years. Systrace will do exactly what you want. You define exactly what network access, what devices, what sockets, what directories an application can have access to.

Actually, smartass, I DID test it thoroughly, and (in 2.6.11, and continuing to 2.6.12-rc2 - no other kernels tried) it consistently fails to connect the MSN protocol (any client) and POP3, and some HTTP seems to behave badly but mostly okay. It IS a bug in Linux because none of the BSDs exhibit this, and it is also a bug that isn't fixed in 2.6.12-rc2 despite numerous changes to IPSec (and related) components.

Well I use POP3 and HTTP over ipsec and it is fine. So it is likely that you are doing something wrong.

Where is your bug report?

When you show me a BSD exposing a significant security hole (like the Linux signal exploit) or breaking long-standing network functionality (IPSec, packet filtering, etc.), then I might consider them somewhere close to buggy, but flawed hardware support is nothing compared to the breakages Linux experiences.

You really have no idea about software development, do you? You honestly think BSDs have no bugs? You are a sad, stupid idiot.

I've looked up your posting history and you are a stupid trolling idiot who wouldn't know a kernel if it kicked him up the anus. You consistently say stupid and incorrect things and try to pass them off as fact. I'm having nothing more to do with the likes of you.

A Linux advocate I know said, and I quote directly, "I've had some corker problems on GNU/Linux-based systems that can only be attributed to poor development and testing, and implementing the same thing on OpenBSD had no issues at all. First thing that comes to mind as indicative of the difference in quality between the GNU/Linux and BSD's, is PAM vs BSDAuth.."

A BSD advocate I know recently said (quote) "First thing that comes to mind for me is that Linux happens to beat all the BSDs at their own game. It is faster and far more scalable than FreeBSD, it is more portable than NetBSD, and it has advanced security infrastructure that OpenBSD can't match."

Honestly, it's no mystery and nothing new at all. Linux does not get tested. Shit, are you even listening to kernel devs? They've decided NOT to do any quality assurance, leaving vendors up to the task of testing and bug fixing (hint: they don't do a good job either). Find THAT kind of philosophy in any BSD...

Err, actually if you had any idea you would know that they do plenty of quality assurance and follow a good release process. Just because it doesn't exactly match what you small minded BSD zealots are used to, doesn't mean it is wrong. The various BSDs are far more comparable to Linux distributions than the Linux kernel itself.

Why in the world is that after 3 revisions the Linux firewalling solutions can't take a ruleset file like everybody else does? Take a look at this and start drooling my Linux friend. Nothing in the free software world matches PF's power and flexibility. And it comes with the added bonus of not being encumbered by a restrictive license.

PF: Packet Queueing and Prioritization

works great, easy to use

Learn more about queueing at the pf FAQ.

See my previous post here for a pf.conf recipe to implement traffic shaping based on packet type. You could also prioritize via IP, require a ssh session to gain higher priorities for a specific IP (authpf), based on time of day, or any other number of factors.

THE guide to pf (packet filter) can be found here. pf will run on FreeBSD as well as, I believe, a few other open OSs. I think it's really the best. Almost any reader here could surely benefit from at least a partial working knowledge of packet filters ("firewalls") in general.

=======
EXTRA CREDIT
=======
Got a few connections you'd like to tie together into one? Read more about Address Pools and Load Balancing with pf.

Another Bandwidth management HOWTO for Linux systems (last revised in '03 - may be better for concepts than router config recipes)

bittorrent traffic shaping

A nice K5 article about packet filtering with OpenBSD firewalls

Prioritizing empty TCP ACKs with pf and ALTQ

Making the most out of a busy connection

Turn that old P5 and two network cards into an OpenBSD firewall and learn to setup your own router. You will learn a TON about TCP/IP, how to protect your internal network, and BSDs in general (they're pretty neat in the way that they don't have as much "cruft" as usually found in your typical - yeah, that works :) - Linux distro. The simplicity, if you've never experienced it before, can feel both constraining and liberating at the same time. Give it a try if you've got a spare box. It's hard to experiment without learning SOMETHING - and if you're here I'm sure you're into learning, right? So give it a whirl. If you're not sure what BSD to try, give this a read. If you just want to buy a router, learn from the recent Ask Slashdot - Home Routers w/ Decent QoS Performance?. Best of luck!

If you're going to use OpenBSD (which I'd recommend for a firewall/NAT box), be sure to support the OS which strives for portability, standardization, correctness, proactive security and integrated cryptography by ordering a CD, T-shirt, book, or hacker bunker enhancing poster. OpenBSD supports binary emulation of most programs from SVR4 (Solaris), FreeBSD, Linux, BSD/OS, SunOS and HP-UX. Development is active and it won't let you down as a gatekeeper or internal server.

Puffy says "Stay off my computer!" and means it. I sleep well at night knowing "puffy" (the name of my box) is standing guard just behind my cable modem and in front of the 5+ computers my roommates and I are running inside. Has never let me down and doesn't get in my way. Keeps Freenet and torrents from introducing lag into my ssh sessions as well..... Good luck finding a solution to keeping your pipes clean :)

Learn more about queueing at the pf FAQ.

See my previous post here for a pf.conf recipe to implement traffic shaping based on packet type. You could also prioritize via IP, require a ssh session to gain higher priorities for a specific IP (authpf), based on time of day, or any other number of factors.

THE guide to pf (packet filter) can be found here. pf will run on FreeBSD as well as, I believe, a few other open OSs. I think it's really the best. Almost any reader here could surely benefit from at least a partial working knowledge of packet filters ("firewalls") in general.

=======
EXTRA CREDIT
=======
Got a few connections you'd like to tie together into one? Read more about Address Pools and Load Balancing with pf.

Another Bandwidth management HOWTO for Linux systems (last revised in '03 - may be better for concepts than router config recipes)

bittorrent traffic shaping

A nice K5 article about packet filtering with OpenBSD firewalls

Prioritizing empty TCP ACKs with pf and ALTQ

Making the most out of a busy connection

Turn that old P5 and two network cards into an OpenBSD firewall and learn to setup your own router. You will learn a TON about TCP/IP, how to protect your internal network, and BSDs in general (they're pretty neat in the way that they don't have as much "cruft" as usually found in your typical - yeah, that works :) - Linux distro. The simplicity, if you've never experienced it before, can feel both constraining and liberating at the same time. Give it a try if you've got a spare box. It's hard to experiment without learning SOMETHING - and if you're here I'm sure you're into learning, right? So give it a whirl. If you're not sure what BSD to try, give this a read. If you just want to buy a router, learn from the recent Ask Slashdot - Home Routers w/ Decent QoS Performance?. Best of luck!

If you're going to use OpenBSD (which I'd recommend for a firewall/NAT box), be sure to support the OS which strives for portability, standardization, correctness, proactive security and integrated cryptography by ordering a CD, T-shirt, book, or hacker bunker enhancing poster. OpenBSD supports binary emulation of most programs from SVR4 (Solaris), FreeBSD, Linux, BSD/OS, SunOS and HP-UX. Development is active and it won't let you down as a gatekeeper or internal server.

Puffy says "Stay off my computer!" and means it. I sleep well at night knowing "puffy" (the name of my box) is standing guard just behind my cable modem and in front of the 5+ computers my roommates and I are running inside. Has never let me down and doesn't get in my way. Keeps Freenet and torrents from introducing lag into my ssh sessions as well..... Good luck finding a solution to keeping your pipes clean :)

Learn more about queueing at the pf FAQ.

See my previous post here for a pf.conf recipe to implement traffic shaping based on packet type. You could also prioritize via IP, require a ssh session to gain higher priorities for a specific IP (authpf), based on time of day, or any other number of factors.

THE guide to pf (packet filter) can be found here. pf will run on FreeBSD as well as, I believe, a few other open OSs. I think it's really the best. Almost any reader here could surely benefit from at least a partial working knowledge of packet filters ("firewalls") in general.

=======
EXTRA CREDIT
=======
Got a few connections you'd like to tie together into one? Read more about Address Pools and Load Balancing with pf.

Another Bandwidth management HOWTO for Linux systems (last revised in '03 - may be better for concepts than router config recipes)

bittorrent traffic shaping

A nice K5 article about packet filtering with OpenBSD firewalls

Prioritizing empty TCP ACKs with pf and ALTQ

Making the most out of a busy connection

Turn that old P5 and two network cards into an OpenBSD firewall and learn to setup your own router. You will learn a TON about TCP/IP, how to protect your internal network, and BSDs in general (they're pretty neat in the way that they don't have as much "cruft" as usually found in your typical - yeah, that works :) - Linux distro. The simplicity, if you've never experienced it before, can feel both constraining and liberating at the same time. Give it a try if you've got a spare box. It's hard to experiment without learning SOMETHING - and if you're here I'm sure you're into learning, right? So give it a whirl. If you're not sure what BSD to try, give this a read. If you just want to buy a router, learn from the recent Ask Slashdot - Home Routers w/ Decent QoS Performance?. Best of luck!

If you're going to use OpenBSD (which I'd recommend for a firewall/NAT box), be sure to support the OS which strives for portability, standardization, correctness, proactive security and integrated cryptography by ordering a CD, T-shirt, book, or hacker bunker enhancing poster. OpenBSD supports binary emulation of most programs from SVR4 (Solaris), FreeBSD, Linux, BSD/OS, SunOS and HP-UX. Development is active and it won't let you down as a gatekeeper or internal server.

Puffy says "Stay off my computer!" and means it. I sleep well at night knowing "puffy" (the name of my box) is standing guard just behind my cable modem and in front of the 5+ computers my roommates and I are running inside. Has never let me down and doesn't get in my way. Keeps Freenet and torrents from introducing lag into my ssh sessions as well..... Good luck finding a solution to keeping your pipes clean :)

Learn more about queueing at the pf FAQ.

See my previous post here for a pf.conf recipe to implement traffic shaping based on packet type. You could also prioritize via IP, require a ssh session to gain higher priorities for a specific IP (authpf), based on time of day, or any other number of factors.

THE guide to pf (packet filter) can be found here. pf will run on FreeBSD as well as, I believe, a few other open OSs. I think it's really the best. Almost any reader here could surely benefit from at least a partial working knowledge of packet filters ("firewalls") in general.

=======
EXTRA CREDIT
=======
Got a few connections you'd like to tie together into one? Read more about Address Pools and Load Balancing with pf.

Another Bandwidth management HOWTO for Linux systems (last revised in '03 - may be better for concepts than router config recipes)

bittorrent traffic shaping

A nice K5 article about packet filtering with OpenBSD firewalls

Prioritizing empty TCP ACKs with pf and ALTQ

Making the most out of a busy connection

Turn that old P5 and two network cards into an OpenBSD firewall and learn to setup your own router. You will learn a TON about TCP/IP, how to protect your internal network, and BSDs in general (they're pretty neat in the way that they don't have as much "cruft" as usually found in your typical - yeah, that works :) - Linux distro. The simplicity, if you've never experienced it before, can feel both constraining and liberating at the same time. Give it a try if you've got a spare box. It's hard to experiment without learning SOMETHING - and if you're here I'm sure you're into learning, right? So give it a whirl. If you're not sure what BSD to try, give this a read. If you just want to buy a router, learn from the recent Ask Slashdot - Home Routers w/ Decent QoS Performance?. Best of luck!

If you're going to use OpenBSD (which I'd recommend for a firewall/NAT box), be sure to support the OS which strives for portability, standardization, correctness, proactive security and integrated cryptography by ordering a CD, T-shirt, book, or hacker bunker enhancing poster. OpenBSD supports binary emulation of most programs from SVR4 (Solaris), FreeBSD, Linux, BSD/OS, SunOS and HP-UX. Development is active and it won't let you down as a gatekeeper or internal server.

Puffy says "Stay off my computer!" and means it. I sleep well at night knowing "puffy" (the name of my box) is standing guard just behind my cable modem and in front of the 5+ computers my roommates and I are running inside. Has never let me down and doesn't get in my way. Keeps Freenet and torrents from introducing lag into my ssh sessions as well..... Good luck finding a solution to keeping your pipes clean :)

Learn more about queueing at the pf FAQ.

See my previous post here for a pf.conf recipe to implement traffic shaping based on packet type. You could also prioritize via IP, require a ssh session to gain higher priorities for a specific IP (authpf), based on time of day, or any other number of factors.

THE guide to pf (packet filter) can be found here. pf will run on FreeBSD as well as, I believe, a few other open OSs. I think it's really the best. Almost any reader here could surely benefit from at least a partial working knowledge of packet filters ("firewalls") in general.

=======
EXTRA CREDIT
=======
Got a few connections you'd like to tie together into one? Read more about Address Pools and Load Balancing with pf.

Another Bandwidth management HOWTO for Linux systems (last revised in '03 - may be better for concepts than router config recipes)

bittorrent traffic shaping

A nice K5 article about packet filtering with OpenBSD firewalls

Prioritizing empty TCP ACKs with pf and ALTQ

Making the most out of a busy connection

Turn that old P5 and two network cards into an OpenBSD firewall and learn to setup your own router. You will learn a TON about TCP/IP, how to protect your internal network, and BSDs in general (they're pretty neat in the way that they don't have as much "cruft" as usually found in your typical - yeah, that works :) - Linux distro. The simplicity, if you've never experienced it before, can feel both constraining and liberating at the same time. Give it a try if you've got a spare box. It's hard to experiment without learning SOMETHING - and if you're here I'm sure you're into learning, right? So give it a whirl. If you're not sure what BSD to try, give this a read. If you just want to buy a router, learn from the recent Ask Slashdot - Home Routers w/ Decent QoS Performance?. Best of luck!

If you're going to use OpenBSD (which I'd recommend for a firewall/NAT box), be sure to support the OS which strives for portability, standardization, correctness, proactive security and integrated cryptography by ordering a CD, T-shirt, book, or hacker bunker enhancing poster. OpenBSD supports binary emulation of most programs from SVR4 (Solaris), FreeBSD, Linux, BSD/OS, SunOS and HP-UX. Development is active and it won't let you down as a gatekeeper or internal server.

Puffy says "Stay off my computer!" and means it. I sleep well at night knowing "puffy" (the name of my box) is standing guard just behind my cable modem and in front of the 5+ computers my roommates and I are running inside. Has never let me down and doesn't get in my way. Keeps Freenet and torrents from introducing lag into my ssh sessions as well..... Good luck finding a solution to keeping your pipes clean :)

Learn more about queueing at the pf FAQ.

See my previous post here for a pf.conf recipe to implement traffic shaping based on packet type. You could also prioritize via IP, require a ssh session to gain higher priorities for a specific IP (authpf), based on time of day, or any other number of factors.

THE guide to pf (packet filter) can be found here. pf will run on FreeBSD as well as, I believe, a few other open OSs. I think it's really the best. Almost any reader here could surely benefit from at least a partial working knowledge of packet filters ("firewalls") in general.

=======
EXTRA CREDIT
=======
Got a few connections you'd like to tie together into one? Read more about Address Pools and Load Balancing with pf.

Another Bandwidth management HOWTO for Linux systems (last revised in '03 - may be better for concepts than router config recipes)

bittorrent traffic shaping

A nice K5 article about packet filtering with OpenBSD firewalls

Prioritizing empty TCP ACKs with pf and ALTQ

Making the most out of a busy connection

Turn that old P5 and two network cards into an OpenBSD firewall and learn to setup your own router. You will learn a TON about TCP/IP, how to protect your internal network, and BSDs in general (they're pretty neat in the way that they don't have as much "cruft" as usually found in your typical - yeah, that works :) - Linux distro. The simplicity, if you've never experienced it before, can feel both constraining and liberating at the same time. Give it a try if you've got a spare box. It's hard to experiment without learning SOMETHING - and if you're here I'm sure you're into learning, right? So give it a whirl. If you're not sure what BSD to try, give this a read. If you just want to buy a router, learn from the recent Ask Slashdot - Home Routers w/ Decent QoS Performance?. Best of luck!

If you're going to use OpenBSD (which I'd recommend for a firewall/NAT box), be sure to support the OS which strives for portability, standardization, correctness, proactive security and integrated cryptography by ordering a CD, T-shirt, book, or hacker bunker enhancing poster. OpenBSD supports binary emulation of most programs from SVR4 (Solaris), FreeBSD, Linux, BSD/OS, SunOS and HP-UX. Development is active and it won't let you down as a gatekeeper or internal server.

Puffy says "Stay off my computer!" and means it. I sleep well at night knowing "puffy" (the name of my box) is standing guard just behind my cable modem and in front of the 5+ computers my roommates and I are running inside. Has never let me down and doesn't get in my way. Keeps Freenet and torrents from introducing lag into my ssh sessions as well..... Good luck finding a solution to keeping your pipes clean :)

Learn more about queueing at the pf FAQ.

See my previous post here for a pf.conf recipe to implement traffic shaping based on packet type. You could also prioritize via IP, require a ssh session to gain higher priorities for a specific IP (authpf), based on time of day, or any other number of factors.

THE guide to pf (packet filter) can be found here. pf will run on FreeBSD as well as, I believe, a few other open OSs. I think it's really the best. Almost any reader here could surely benefit from at least a partial working knowledge of packet filters ("firewalls") in general.

=======
EXTRA CREDIT
=======
Got a few connections you'd like to tie together into one? Read more about Address Pools and Load Balancing with pf.

Another Bandwidth management HOWTO for Linux systems (last revised in '03 - may be better for concepts than router config recipes)

bittorrent traffic shaping

A nice K5 article about packet filtering with OpenBSD firewalls

Prioritizing empty TCP ACKs with pf and ALTQ

Making the most out of a busy connection

Turn that old P5 and two network cards into an OpenBSD firewall and learn to setup your own router. You will learn a TON about TCP/IP, how to protect your internal network, and BSDs in general (they're pretty neat in the way that they don't have as much "cruft" as usually found in your typical - yeah, that works :) - Linux distro. The simplicity, if you've never experienced it before, can feel both constraining and liberating at the same time. Give it a try if you've got a spare box. It's hard to experiment without learning SOMETHING - and if you're here I'm sure you're into learning, right? So give it a whirl. If you're not sure what BSD to try, give this a read. If you just want to buy a router, learn from the recent Ask Slashdot - Home Routers w/ Decent QoS Performance?. Best of luck!

If you're going to use OpenBSD (which I'd recommend for a firewall/NAT box), be sure to support the OS which strives for portability, standardization, correctness, proactive security and integrated cryptography by ordering a CD, T-shirt, book, or hacker bunker enhancing poster. OpenBSD supports binary emulation of most programs from SVR4 (Solaris), FreeBSD, Linux, BSD/OS, SunOS and HP-UX. Development is active and it won't let you down as a gatekeeper or internal server.

Puffy says "Stay off my computer!" and means it. I sleep well at night knowing "puffy" (the name of my box) is standing guard just behind my cable modem and in front of the 5+ computers my roommates and I are running inside. Has never let me down and doesn't get in my way. Keeps Freenet and torrents from introducing lag into my ssh sessions as well..... Good luck finding a solution to keeping your pipes clean :)

Take a look at pf, native to OpenBSD, but recently also ported to FreeBSD. (I use it on FreeBSD and it works like a charm.)

It's a great firewall and has traffic shaping options, too. Fairly thorough documentation, as well.

And yet they are less vague than the ones which have recently come out of OpenBSD. That's scary.

All of the OpenBSD updates on the page you linked to are in the form of source patches. If those are vague, what exactly would you consider precise?

Have a look at 014: SECURITY FIX: March 30, 2005, for example:

Due to buffer overflows in telnet(1), a malicious server or man-in-the-middle attack could allow execution of arbitrary code with the privileges of the user invoking telnet(1). Noone should use telnet anymore. Please use ssh(1).

- if ((ep = env_find(var)))
+ if ((ep = env_find(var))&&(!exported_only || ep->export))

It seems to me that this is about as detailed information as anyone could possibly ask for.

Rather than "Starter Edition," here's some suggestions, if anyone from Redmond just happens to read this. (I know they won't do it - it's more a mental exercise while I eat)

1. Go download this, and make it natively multi-user if it isn't already. Give it a strong native security model, too...you can get some ideas here, and the best part is, they won't mind you doing that if you don't try and patent said ideas. Also, modularise your GUI, and don't prevent users from accessing the CLI when they want to.

2. Have the CLI composed of this and this for us CLI types.

3. Make the Add/Remove Programs panel essentially a net-aware frontend for either this or this.

4. Use this for hardware detection. Also re drivers, get rid of the suicidal policy of seeing third-party hardware vendors as the enemy, and actually support them...via tools, docs, etc. These people are your friends...they'll help you stay relevant.

5. Download this and use it as your default FS, and then get this and this, (although you already seem to know about this last one) and incorporate both of those into your stock UI. You've essentially got WinFS right there, without all the added complexity you'd no doubt throw into it if you tried to code it from scratch.

6. For the Agent angle, incorporate the last point, as well as putting help/docs in a non-binary format, making them searchable with this, converting said search results for use with this, and then use the AIML output as input for something like this. Also, instead of making the agent a tightly anthropomorphic personality, make it more generic, and more as though it's simply "the operating system" communicating with a user, rather than that dog or Clippit instead.

7. Give Outlook a major overhaul. This and this are examples of directions it IMHO should go in.

Just some random ideas, anywayz. Dreaming's fun. ;) I'll probably get modded Offtopic, but it was worth it.

And yet they are less vague than the ones which have recently come out of OpenBSD. That's scary.

If I wanted to install a BSD on my little home router/gateway, just for the sake of playing around with BSD, which BSD is the one to cut your teeth on?

I moved to OpenBSD full time years ago after I discovered the high quality documentation (the man pages mostly). Sometimes when I need to use something other than OpenBSD I am reminded of how great their doco really is. Now there are also lots of great quality dead tree books too.

OpenBSD-specific books

For learning, I think good quality texts as a guide and reference and a clean consistent platform are important. So I would recommend OpenBSD for that. You should suffer much less frustration if you are willing to read and use OpenBSD.

For a firewall/gateway, OpenBSD is the native home of pf.

If I wanted to install a BSD on my little home router/gateway, just for the sake of playing around with BSD, which BSD is the one to cut your teeth on?

I moved to OpenBSD full time years ago after I discovered the high quality documentation (the man pages mostly). Sometimes when I need to use something other than OpenBSD I am reminded of how great their doco really is. Now there are also lots of great quality dead tree books too.

OpenBSD-specific books

For learning, I think good quality texts as a guide and reference and a clean consistent platform are important. So I would recommend OpenBSD for that. You should suffer much less frustration if you are willing to read and use OpenBSD.

For a firewall/gateway, OpenBSD is the native home of pf.

If I wanted to install a BSD on my little home router/gateway, just for the sake of playing around with BSD, which BSD is the one to cut your teeth on?

I moved to OpenBSD full time years ago after I discovered the high quality documentation (the man pages mostly). Sometimes when I need to use something other than OpenBSD I am reminded of how great their doco really is. Now there are also lots of great quality dead tree books too.

OpenBSD-specific books

For learning, I think good quality texts as a guide and reference and a clean consistent platform are important. So I would recommend OpenBSD for that. You should suffer much less frustration if you are willing to read and use OpenBSD.

For a firewall/gateway, OpenBSD is the native home of pf.

It seems to me you didn't bother reading the documentation

Lots of nontrivial projects have made do with CVS, a source code control system with limitations is much better than nothing at all.

I use grey-listing on my personal domains to reduce the spam that comes through and I find this does a much better job than RBLs, as most spam is sent via one-off programs that don't interpret SMTP temporary errors properly.

If people would be responsible enough to prevent open-relays, and to not run operating systems that are so easily infected by spam engines, we'd all be a lot better off.

1) Install a OpenBSD after plugging in a wireless card that can be used in hostap mode.

2) Install OpenVPN (that has a nice Windows client), and generate server and client certificates. There are howto and scripts for this.

3) Configure the built-in OpenBSD packet filter to only accept connections to/from OpenVPN ports on the wireless NIC.

4) Show war drivers the finger.

1) Install a OpenBSD after plugging in a wireless card that can be used in hostap mode.

2) Install OpenVPN (that has a nice Windows client), and generate server and client certificates. There are howto and scripts for this.

3) Configure the built-in OpenBSD packet filter to only accept connections to/from OpenVPN ports on the wireless NIC.

4) Show war drivers the finger.

I was the original AC who asked about where the pkgsrc-2005Q1 binary packages are.

I've heard a lot of good things about pkgsrc, and how it's ultra-portable etc. That's why I'm surprised that pkgsrc still does not have a decent way to do something as "simple" as upgrading binary packages recursively. I say "simple" since upgrading binary packages should be relatively straightforward, seeing that pkgsrc developers must have looked into a lot of complex package management issues (after all, pkgsrc is portable across a gazillion platforms).

Even OpenBSD, which reputedly has substandard package management tools, will be able to upgrade binary packages this way in the upcoming release using pkg_add -r.

I really hope someone can prove to me that pkgsrc does have a convenient way to upgrade binary packages. My faith in pkgsrc and NetBSD is waning.

Brazil is all talk with the Free Software, with the Lula government and what not, their big bruhaha forums, their highfalutin' Minister of Culture Gilberto Gil and speeches about "empowerement and technology transfer", but no action. No action, that is, except the government hiring consulting firms full of sysadmins that are making big bucks installing FOSS.*

The Brazilian government AFAIK is spending zilch, nada, on developing the code base that will save them millions. It's an exploitative mentality: you use, deploy widely, but don't give anything back. Except to the consulting $ysadmin$.**

I would like to see the Brazilian government spend money on the development of software they'll use. This would be money well spent. It's the sort of investment that actually saves money, becauses it creates better products and tools, and eases installation, deployment, and integration. FOSS depends on having a solid code base. If you're going to use that code base, you might as well pay something for it.*** This goes for individuals and governments, in particular governments who like to shout out loud their support for Free Software. The Japanese government is an example for all to follow.

---

* Many of those guys are, strangely, acquaintances of the individuals on the government. If there's a scam, I don't know, but it sure smells funny. I should know, I know some of them.

** In fact, I'm lying a bit here: there's a small bunch of government employees developing some stuff. But they're too slow, small in numbers and lacking in expertise. And also, there are small research grants. All this sums up to almost nothing. How many times have you read about a big project the Brazilian government funded on FOSS (except the usual replacement of Windows desktops?) For instance, there is a huge opportunity for KDE and GNOME usability studies, a huge oppportunity for office integration via OO.org. Where are they? Not to be found...

*** How much money have _you_ donated to a FOSS entity like GNU or OpenBSD this year, even though _you_ use their software on a daily basis?

here ya go =)

basically, it works like this. you put up a bunch of fake email addresses on the web. said addresses get crawled by spammer's web bots. the spammers try to send mail to those fake addresses. you know they're fake, so now you blacklist that remote smtp server

Rather than adding yet more traffic to the net I think it'd be far better if more places ran OpenBSD's spamd package. It tarpit's mail connections from spammer machines thus consuming the remote machine's resources rather than generating more traffic in a misguided game of "fight fire with fire".

They obviously were just looking for a scapegoat to write a new release song about. What would an OpenBSD release be without an homage to de Raadt's latest exercise in bridge-burning.

The management utility in the FreeBSD ports tree is binary-only. OpenBSD refuse to accept binary only crap, which is why they want this documentation.

Last I checked, everything that was in the base install had been through a security audit. that was one of the major reasons why OpenBSD is secure by default. That, to me, qualifies as insisting on secure code. Furthermore, OpenBSD does allow for jailing - why not jail it if you really have to use FTP?

many of the posts so far are asking, "who would buy a crippled 'starter' version when they can get the full version bootleg for less, or even free?"

well, i have an answer for that: people with a conscience. people who care about right and wrong. are there any of those left (especially in the USA), or am i the last?

8-P

(for the record, i use openbsd.)

Now maybe companies will realize that using GPL code is stupid, and start using free software instead.

OpenBSD runs just fine on older sparc hardware. NetBSD too

http://www.openbsd.org/images/newrack.gif/ Gee, it appears that Apple HAS been contributing. Or someone else contributed Apple hardware at least, I don't honestly know for sure.

So here goes, OpenBSD is making a request for money. They need hardware to replace part of cvs.openbsd.org (the most important part of the OpenBSD development infrastructure) so if you like OpenBSD [or OpenSSH or OpenNTPd] now would be the time to open your walets up.

Marco Peereboom has been assigned to lead this fundraising drive and has started it off with 250 $ out of his own pocket; with a goal of 12,500 $ USD to pay for this hardware.

You can Paypal slash at peereboom dot us or use the OpenBSD Store to donate, simply comment that the funds are to be used on the CVS server.

We would like to thank the OpenSSH community for their continued support to the project, especially those who contributed source and bought T-shirts or posters.

OpenBSD is released under the BSD license (hence the name.) See here for details.

So it's OK to use their code and not release the source. PearPC is GPL'd. Big difference.

Don't just throw something out there with no proof... that's just like people claiming MS licensed code from VMS/DEC