Slashdot Mirror

CVS is your friend. See also the updating mini-faq, conveniently located here

The notes to the Pond-erosa Puff lyrics complain about XFree86, ipf and Apache being non-free and state "Make your stuff non-free, and something else will replace it."

According to the release notes, it seems like ipf is the only thing that actually did get replaced. XFree86 has been "replaced" by XFree86 4.4.0 "unencumbered." And Apache has been replaced by... Apache v1.3.29. Does this mean they consider Apache v1.x to be a "replacement" to Apache v2.x? Are they going to continue with Apache v1.x or is there some point that they will actually *replace* it?

Actually, the fish has been around since 2.6.

You mean like OpenBSD and DragonFlyBSD?

--
HawkinsOS, kicking Smorgreff in the ass since 2004.

How? Is there a sure fire way of tracking each and every binary that changes after applying a patch? Lets take this patch for example. How can I archive the resulting updated binaries?

I'm assuming you're referring to the release(8) procedure which will generate base35.tgz, etc35.tgz, comp35.tgz, misc35.tgz, man35.tgz etc.

Now how large is base35.tgz? Approximately 30 megs? It doesn't make sense to transfer 30 meg updates to numerous machines to apply an update for just a couple of files that could have been 1 or 2 megs if smaller binary updates were available. Well atleast it doesn't to me anyway. I guess beggars can't be choosers. Although right now I primarily use FreeBSD so it doesn't have the simple .tgz archives.

DISCLAIMER: I'm not a developer

I read this comment in a mailing list. Wouldn't it be awesome if /usr/src tree would be structured in a way that /usr/ports is right now? So you could apply that radius source patch to your /usr/src tree and then

# cd /usr/src/net/radius
# make package clean

Resulting in radius_version.tgz which could easily be installed using existing pkg_* tools.

IMPORTANT UPDATE: Please show your support for Ceren in this poll of Geek Babes!

Is it any wonder people think Linux users are a bunch of flaming homosexuals when its fronted by obviously gay losers like these?! BSD has a mascot who leaves us in no doubt that this is the OS for real men! If Linux had more hot chicks and gorgeous babes then maybe it would be able to compete with BSD! Hell this girl should be a model!

Linux is a joke as long as it continues to lack sexy girls like her! I mean just look at this girl! Doesn't she excite you? I know this little hottie puts me in need of a cold shower! This guy looks like he is about to cream his pants standing next to such a fox. As you can see, no man can resist this sexy little minx. Don't you wish the guy in this pic was you? Are you telling me you wouldn't like to get your hands on this ass?! Wouldn't this just make your Christmas?! Yes doctor, this uber babe definitely gets my pulse racing! Oh how I envy the lucky girl in this shot! Linux has nothing that can possibly compete. Come on, you must admit she is better than an overweight penguin or a gay looking goat! Wouldn't this be more liklely to influence your choice of OS?

With sexy chicks like the lovely Ceren you could have people queuing up to buy open source products. Could you really refuse to buy a copy of BSD if she told you to? Personally I know I would give my right arm to get this close to such a divine beauty!

Don't be a fag! Join the campaign for more cute open source babes today!

$Id: ceren.html,v 9.0 2004/08/01 16:01:34 ceren_rocks Exp $

The official release has just happened. Here are the official announcement, the undeadly.org thread and a torrent for the i386 binaries (149MB, matching MD5 which might beat some of the mirrors). Cheers ;)

Well if you have enough to spare one, I'm sure a developer could use a multiproc sun box, check their wanted hardware list about donating one to further smp for sun.

Don't use IP Tables. Better yet, Don't expose a Linux box to the Internet.

"Yeah, but that's beyond most companies concern since they don't upgrade that way"

My college just switched from Digital Unix to Windows Server.

I sent them a letter very politely asking what the fuck they were smoking, but never got a response. I wondered about it until I found out that I hadn't received some very important emails. Yup, they'd managed to break redirects during the upgrade.

It's now been three months and things still aren't working properly. Morons. Sooner or later they'll find this attached to their door with a knife.

Actually, no, I'm talking about recommended partition sizes. You know, like they say in the (latest) 3.5 release. For example, those mentioned here.

A ~2GB filesystem limit isn't unusable for a development OS (or even a development one) is all I'm saying.

Not charging per core, whew, thus reducing our enterprise's total cost of operation!

1. Dig an old PC outta the closet

2. Install two NICs

3. Install OpenBSD

4. Setup a bridge.

5. Create a pf rule to block all outgoing connections to the Ad servers IP block.


It's transparent to all ethernet devices and you can tweak the ruleset as needed.

1. Dig an old PC outta the closet

2. Install two NICs

3. Install OpenBSD

4. Setup a bridge.

5. Create a pf rule to block all outgoing connections to the Ad servers IP block.


It's transparent to all ethernet devices and you can tweak the ruleset as needed.

FreeBSD is worth advocating, but I bet the avergage BSD connoisseur can come up with better arguments. The article is full of stereotypes and garbage. I really wonder if the author really took an hour to visit the WEBSITES, let alone experimenting with the systems by himself:

The new FreeBSD 5 branch offers some exciting technology, generally regarded as comparable with or superior to what is offered in Linux...while plans for FreeBSD 4.12 are on the backburner should FreeBSD 5 not achieve -STABLE status by the fourth quarter of 2005.

What a fair comparison, let's benchmark STABLE technology available in Linux by the end of 2004 with technology that might be stable in FreeBSD by the end of 2005!

[NetBSD] it's currently at version 2.6.1, with aggressive testing on the new NetBSD 2.0 promising fruition by the first half of 2005...Those familiar with NetBSD swear by it, though its use in serious environments is limited.

OK, first of all, NetBSD is at version 1.6.2, not 2.6.1, and if you are looking for "serious environments", what if I tell you that the world's fastest computer is running NetBSD? Maybe NASA's Lewis Research Center, NEC Europe and Sony Japan do not count as "serious environments". http://www.netbsd.org/gallery/research.html.

Forking from NetBSD in 1995 after a very heated -- and embarrassing -- personal argument, OpenBSD's one and only focus is to offer security. Every line of code is hand-audited and, as the site claims, there hasn't been a hole in the default install in over seven years. Striking a balance in hardware support somewhere between FreeBSD and NetBSD, OpenBSD runs on very few platforms and even then only in single-processor mode.

I don't know who got embarrassed w/ that argument, but certainly not Theo since he keeps a record of it in his own personal website for visitors to see:http://zeus.theos.com/deraadt/coremail.html. There hasn't been a hole in the default install in over EIGHT years, not seven.

OpenBSD runs on very few platforms and even then only in single-processor mode

OpenBSD runs in more platforms than FreeBSD!!! http://www.openbsd.org/plat.html

OpenBSD isn't acceptable as a desktop system or 3D workstation, however...One factor that mars OpenBSD's fair weather is its primary developer, Theo de Raadt...developers may wish to remain wary of this platform and its creator.

What a bunch of nonsense! I've been using OpenBSD in my desktop for years, and had developers listened to you, OpenSSH wouldn't exist, nor have over 88 percent of the SSH server market!http://www.openssh.com/press.html

I could go on and on, but I got tired already. I wonder why you guys promote these articles.

OpenBSD is updated every three or four months...

Wrong : OpenBSD has sticked to its schedule of a release every 6 months (November 1 and May 1) since years, and the OpenBSD 3.6 release won't be any different (CD already started to ship to those who pre-ordered by the way).

he advises Microsoft to purchase "Research in Motion"

That would be a real shame. As a Canadian, I love to see strong products coming from the great white north. MS already took care of Corel (which used to be a publicly traded company based near Ottawa, Ontario) by having a (privately owned) subsidiary buy them and move them to a more controllable home in the US. (I'm not trying to be anti-US here, moderators!)

For those of you who don't know, RIM is based in Waterloo, Ontario. It would really suck if MS bought them out, too. Then all we'd have is OpenBSD!

The multitude of active and passive security measures in OpenBSD is very impressive.

Warning - OpenBSD-specific info =)

As for fine-grained access controls, systrace does just that. There's even a gui that asks whether each system call a piece of software makes should be allowed or not, building up the rules as you go (sort of like the way browser's can ask if you want it to "remember" your decision for a given site). This works out well regarding the problem with the chroot's, where many pieces of software want to read ld.so or various stuff in /usr/share, there's no need to populate a directory structure for each application.

As for hash checks on executables, there's additional software that adds that to OpenBSD. It's called Stephanie and does a few other things as well.

A simpler approach to mitigate some risk can be used on a dedicated desktop. For each network app run it as a different user (KDE has an option to do just this when creating an icon/link for example). Make each of those user's home directories 770 with a group that you belong to. Then your browser, email client, irc client, etc cannot read each other's directories (and config files) nor your own, but you can drop files in to send as an attachment, or copy files out after downloading. Not useful on a multi-user system, nor will it help with a worm... but it's a lot simpler to setup, and can be done on every BSD or Linux I imagine.

Warning - OpenBSD-specific info =)

As for fine-grained access controls, systrace does just that. There's even a gui that asks whether each system call a piece of software makes should be allowed or not, building up the rules as you go (sort of like the way browser's can ask if you want it to "remember" your decision for a given site). This works out well regarding the problem with the chroot's, where many pieces of software want to read ld.so or various stuff in /usr/share, there's no need to populate a directory structure for each application.

As for hash checks on executables, there's additional software that adds that to OpenBSD. It's called Stephanie and does a few other things as well.

A simpler approach to mitigate some risk can be used on a dedicated desktop. For each network app run it as a different user (KDE has an option to do just this when creating an icon/link for example). Make each of those user's home directories 770 with a group that you belong to. Then your browser, email client, irc client, etc cannot read each other's directories (and config files) nor your own, but you can drop files in to send as an attachment, or copy files out after downloading. Not useful on a multi-user system, nor will it help with a worm... but it's a lot simpler to setup, and can be done on every BSD or Linux I imagine.

Warning - OpenBSD-specific info =)

As for fine-grained access controls, systrace does just that. There's even a gui that asks whether each system call a piece of software makes should be allowed or not, building up the rules as you go (sort of like the way browser's can ask if you want it to "remember" your decision for a given site). This works out well regarding the problem with the chroot's, where many pieces of software want to read ld.so or various stuff in /usr/share, there's no need to populate a directory structure for each application.

As for hash checks on executables, there's additional software that adds that to OpenBSD. It's called Stephanie and does a few other things as well.

A simpler approach to mitigate some risk can be used on a dedicated desktop. For each network app run it as a different user (KDE has an option to do just this when creating an icon/link for example). Make each of those user's home directories 770 with a group that you belong to. Then your browser, email client, irc client, etc cannot read each other's directories (and config files) nor your own, but you can drop files in to send as an attachment, or copy files out after downloading. Not useful on a multi-user system, nor will it help with a worm... but it's a lot simpler to setup, and can be done on every BSD or Linux I imagine.

Also, if you can't figure out an ftp install, you might be barking up the wrong tree.

the song has been out. Download it here

use OpenBSD?

From their main page:
Only one remote hole in the default install, in more than 8 years!

Linux isn't the only desktop alternative
FreeBSD
OpenBSD
NetBSD
DragonFlyBSD

TV Licensing's website warns, "the fact that our enquiry officers are now so well equipped with the latest technology means that there is virtually no way to avoid detection...

Sounds like the The Redundancy Detector Van (or the Cat Detector Van, if you're a Monty Python fan).

Frankly, this is why I'm glad I don't live in Europe. The government certainly tries to take away our rights here in America, but they aren't very good at it. Eventually the courts make a sane decision, and we don't lose our rights.

Don't cite things like PATRIOT, because everytime the PATRIOT act is used on someone, it generates so much controversy that charges aren't pressed. Kerry cited some examples in the Debate last Friday.

I agree. I don't even bother to read FAQ's anymore since they rarely don't answer anybody questions and serve only as a self promotion tool.

It seems that the FAQ has gone the route of the scripted press conference where the only questions that get answered are the ones that show the product/candidate in a good light.

There are still several very good FAQ on the Internet. Some project does not understand that documentation and FAQ are actually import part of it. For myself, I appreciate the quality and usefullness of the OpenBSD FAQ, as well as the excellent manual pages. Actually, all of the *BSD put alot of hard good work into an uptodate and correct documentation.

Now, that said, I've came across several very bad FAQ and documentation. It's not that the documentatoin/FAQ is scarce, but that it's obviously lagging far behind and buggy.

I used to feel that Debian was that, but they can't manage to get Atheros and Prism2 wireless support in their mainstream releases that will install in 32mb of ram (yea, I want to turn old machines into access points. Yeah, I know I can use pebble. But there are reasons I don't want to).

Then install OpenBSD. If the card is Prism2 based, you can easily turn your shiny new OpenBSD gateway to an access point. No support for Atheros based card due to the propertiary and binary HAL component needed to make them work. OpenBSD does not accept unfree drivers.

For wireless security the authpf - authenticating gateway user shell is quite handy. Or you can just use VPN that is part of base install.

I used to feel that Debian was that, but they can't manage to get Atheros and Prism2 wireless support in their mainstream releases that will install in 32mb of ram (yea, I want to turn old machines into access points. Yeah, I know I can use pebble. But there are reasons I don't want to).

Then install OpenBSD. If the card is Prism2 based, you can easily turn your shiny new OpenBSD gateway to an access point. No support for Atheros based card due to the propertiary and binary HAL component needed to make them work. OpenBSD does not accept unfree drivers.

For wireless security the authpf - authenticating gateway user shell is quite handy. Or you can just use VPN that is part of base install.

I used to feel that Debian was that, but they can't manage to get Atheros and Prism2 wireless support in their mainstream releases that will install in 32mb of ram (yea, I want to turn old machines into access points. Yeah, I know I can use pebble. But there are reasons I don't want to).

Then install OpenBSD. If the card is Prism2 based, you can easily turn your shiny new OpenBSD gateway to an access point. No support for Atheros based card due to the propertiary and binary HAL component needed to make them work. OpenBSD does not accept unfree drivers.

For wireless security the authpf - authenticating gateway user shell is quite handy. Or you can just use VPN that is part of base install.

I used to feel that Debian was that, but they can't manage to get Atheros and Prism2 wireless support in their mainstream releases that will install in 32mb of ram (yea, I want to turn old machines into access points. Yeah, I know I can use pebble. But there are reasons I don't want to).

Then install OpenBSD. If the card is Prism2 based, you can easily turn your shiny new OpenBSD gateway to an access point. No support for Atheros based card due to the propertiary and binary HAL component needed to make them work. OpenBSD does not accept unfree drivers.

For wireless security the authpf - authenticating gateway user shell is quite handy. Or you can just use VPN that is part of base install.

Sir, you are absolutely out of line. BSD is a thriving operating system. Have you never heard of FreeBSD, OpenBSD, and NetBSD? These operating systems are maintained by at least 7 different people. Why even here on Slashdot you'll see there is a seperate section dedicate entirely to BSD. This forum and these operating systems are used by at least 107 people.

Not only is BSD the world's most secure and open operating system in the world, it is extremely easy to use. Before I started using BSD I was using Linux for about 6 years, and Solaris and HP-UX before that. Once I switched to BSD, unencumbered by GUI interfaces, web servers, TCP/IP, and all the other "inventions" so frequently touted as progess I was able to easily produce text files in almost six weeks. I had to port vim from the source, edit it for my Amiga OS, and strip out most of the featurs so it would run in the free memory I have, but man it was awesome. I felt so free. Security and portability are integrated into BSD. You can configure a firewall, router, security, and a VpN in less than 3 days using the very friendly command line interfaces, man files, and well... you don't need any gui help interfaces. It even has lynx.

Anyways. BSD is definitely not dead. Me and 106 other people prove you wrong. If you're looking for a dead or dying OS try these on for size: option #1 and option #2.

Oh yeah, one of the best thing about BSD is that it's not encumbered by the viral GNU license or misappropriated intellectual property. Ditch Linux, ditch Windows, ditch VMS, get yourself BSD.

I have to respond. The parent was correct. It's amazing seeing what people do to run windows, and what I've had to do in the past.

You say you seriously doubt anyone has done a fresh install of distro-of-choice and not spent time tweaking things to get the system fully usable. Then you go on to say you're hoping to build your first linux box.

I think you'll be pleasantly surprised, depending on what distro you choose. Someone below mentioned OpenBSD, and that's a good recommendation. I think you'll find that a fair amount of the unix-y environments start you off at a solid base, and allow you to build up. This is in contrast to whenever I have the (in my opinion, of course) displeasure of dealing with a windows install, where I have to tear down and build up.

No, not all distro's are the same. Sometimes they have annoying services listening on all interfaces, like cups or lprd. That's one of the reasons why OpenBSD is nice. It starts you off with a good base from which to build up. I have recently switched to the excellent ubuntu distrobution from debian sarge. I am pleasantly surprised by the fact that very few services are listening by default, so there's really not all that much to do to "secure" the box (at least from a basic point of view). In fact, when I installed ubuntu over debian, I kept my old home directory, so there was no tweaking to get my desktop how I want it. I guess you could do the same with windows, but it's a pain to mess around with the registry to point to a different location/drive for user's home folders. All I have to do is mount the old volume as /home and it works fine.

Not only that, but the installation of new software is tremendously easier for the unix-y domain, at least debian, where apt-get is very good at solving your problems. No cds to look for, no keys to look for, makes it all very easy. So I think you're making a kind of incorrect blanket statement based on your experience with windows (it seems).

That said, I prefer the old tiny personal firewall, but only the old version (2 or 3?) as the new one doesn't have as nice an interface. It seems to barf a fair amount when installed on XP, so I'm actually shying away from that these days. You didn't say which version of windows you're using. I've been using the virus scanner from etrust, free to valid microsoft users: ezarmor. It seems to work okay, and it's free. It also includes a firewall of sorts, but I don't recall being very impressed, so I installed tpf again. AV gets rather expensive, rather quickly. I purchased the symantec AV/Firewall suite for something like $50. As always, there's a linux NAT box protecting it all, allowing easy port forwarding. I've also used the linksys wrt54g and it seems to work okay. It's available pretty cheaply now, and allowed me to reduce the number of crud that clutters up the gf's apartment.

Anyway, I wish you luck with your new linux box, and I think (once you get used to it) you'll find it pleasantly surprising.

While no OS is good enough to ignore security issues on, OpenBSD comes damn close. You couple it with a good firewall policy and the chance of someone getting inside the default install is virtualy nil.

• SMP support on OpenBSD/i386 and OpenBSD/amd64 platforms.
• tcpdrop(8), a command to drop TCP connections.
• A generic IEEE 802.11 framework has been added.
• Improved support for USB 2.0 (ehci(4)) controllers.
• ... and more.

Although it's just one of many changes, it receives an inordinate amount of attention.

I'm tempted to make my next machine a dual-processor AMD64 system just to play with all of the new features in 3.6

One shiny feature that might not be obvious the first time you see a BSD box is ease of administration. Which is a consequence of a clean and integrated system. OpenBSD specially has a proactive approach to security, which is an important "feature".

Maybe this doesn't seem like fancy features to a teenager geek, but they are so important if you want to take *nix administration seriously.

They removed ipf over 3 years ago, and they're still raving about it? Damn, Theo, stop living in the past and give it a rest already. They also conveniently ignore the fact that ipf did not undergo any sort of "Free-to-Non-Free transition" as they claim. The ipf license terms that OpenBSD had an issue with were the same terms it had when they integrated it: "Redistribution and use in source and binary forms are permitted provided that this notice is preserved and due credit is given to the original author and the contributors."

They removed ipf over 3 years ago, and they're still raving about it? Damn, Theo, stop living in the past and give it a rest already. They also conveniently ignore the fact that ipf did not undergo any sort of "Free-to-Non-Free transition" as they claim. The ipf license terms that OpenBSD had an issue with were the same terms it had when they integrated it: "Redistribution and use in source and binary forms are permitted provided that this notice is preserved and due credit is given to the original author and the contributors."

Check the OpenBSD 3.6 page for other new things in the 3.6 release.

We do.

"What I'd really like to see is Nokia (and other manufacturers) taking their responsibility and offering online (or SMS based) free updates to their OS."

Good idea, but the ideal would really be that the phones would boot off anything provided by the user. Who'd worry about viruses if we could run an OS with only one remote hole in the default install, in more than 8 years?

MRT and Zebra are now fast-decaying abandoned project, as far as I can tell. The only Open Source software router I can find is Click, and whilst it's good, it doesn't have the developer- or user-base to be confident that it can really do more than be a nice experimental project.

MRT and Zebra are now fast-decaying abandoned project, as far as I can tell. The only Open Source software router I can find is Click, and whilst it's good, it doesn't have the developer- or user-base to be confident that it can really do more than be a nice experimental project.

Why is it that great? In a free software world you're no longer tied to any specific architecture. Give me an Opteron cpu without the ia-32 legacy crap for less money and I'm sold. Oh wait, we already have the IBM PPC 970 which needs 1/5th of the electricity needed for an Opteron.

Why?

Nobody cares about stack smashing protection anymore these days.

OpenBSD

Hardened Gentoo

GCC 4.0 has libmudflap and -fmudflap for C and C++. While this isn't exactly the same as stack smashing protection, it is still very effective and much more efficient.

Last time I checked GCC 4.0 wasn't stable.

It's not entirely without reason that IBM still hasn't posted ProPolice for inclusion in the FSF GCC mainline. The patch against SUSE's hammer branch has been floating around literally for years, but they know really only very few people truely believe it makes a difference.

That's crap. Propolice does exaclty what it is supposed to do. It doesn't protect against all stack smashing attacks but no one ever claimed that it did.

• Who breaks CDROM drives
• What is the most insecure operating system
• What web browser has had major security holes
• Who breaks firewire hard drives

Solution: Take your business (and your balls) away from Microsoft.

Frustrations with setting up a Linux based (SuSE, actually) home gateway a couple of years ago made me try out OpenBSD, and I've stuck with OpenBSD since.

PF gateway example shows how easy it is to configure a gateway on OpenBSD.