Slashdot Mirror

Building a complex application from source is not trivial. Not only must the application be compiled, but the tools used to build it must be built. Unfortunately, OpenBSD, the tools, and the application are all evolving, and often, getting all the pieces working together is a challenge. Once everything works, a revision in any of the pieces the next day could render it broken. Every six months, as a new release of OpenBSD is made, an effort is made to test the building of every port on every platform, but during the development cycle it is likely that some ports will break.

In addition to having all the pieces work together, there is just the matter of time and resources required to compile some applications from source. A common example is CVSup, a tool commonly used to track the OpenBSD source tree. To install CVSup on a moderately fast system with a good Internet connection may take only about ten seconds -- the time required to download and unpack a single 511kB package file. In contrast, building CVSup on the same machine from source is a huge task, requiring many tools and bootstrapping a compiler, takes almost half an hour on the same machine. Other applications, such as Mozilla or KDE may take hours and huge amounts of disk space and RAM/swap to build. Why go through this much time and effort, when the programs are already compiled and sitting on your CD-ROM or FTP mirror, waiting to be used?

Of course, there are a few good reasons to use ports over packages in some cases:

• Distribution rules prohibit OpenBSD from distributing a package.
• You wish to modify or debug the application or study its source code.
• You need a FLAVOR of a port that is not built by the OpenBSD ports team.
• You wish to alter the directory layout (i.e., modifying PREFIX or SYSCONFDIR)

Building a complex application from source is not trivial. Not only must the application be compiled, but the tools used to build it must be built. Unfortunately, OpenBSD, the tools, and the application are all evolving, and often, getting all the pieces working together is a challenge. Once everything works, a revision in any of the pieces the next day could render it broken. Every six months, as a new release of OpenBSD is made, an effort is made to test the building of every port on every platform, but during the development cycle it is likely that some ports will break.

In addition to having all the pieces work together, there is just the matter of time and resources required to compile some applications from source. A common example is CVSup, a tool commonly used to track the OpenBSD source tree. To install CVSup on a moderately fast system with a good Internet connection may take only about ten seconds -- the time required to download and unpack a single 511kB package file. In contrast, building CVSup on the same machine from source is a huge task, requiring many tools and bootstrapping a compiler, takes almost half an hour on the same machine. Other applications, such as Mozilla or KDE may take hours and huge amounts of disk space and RAM/swap to build. Why go through this much time and effort, when the programs are already compiled and sitting on your CD-ROM or FTP mirror, waiting to be used?

Of course, there are a few good reasons to use ports over packages in some cases:

• Distribution rules prohibit OpenBSD from distributing a package.
• You wish to modify or debug the application or study its source code.
• You need a FLAVOR of a port that is not built by the OpenBSD ports team.
• You wish to alter the directory layout (i.e., modifying PREFIX or SYSCONFDIR)

Building a complex application from source is not trivial. Not only must the application be compiled, but the tools used to build it must be built. Unfortunately, OpenBSD, the tools, and the application are all evolving, and often, getting all the pieces working together is a challenge. Once everything works, a revision in any of the pieces the next day could render it broken. Every six months, as a new release of OpenBSD is made, an effort is made to test the building of every port on every platform, but during the development cycle it is likely that some ports will break.

In addition to having all the pieces work together, there is just the matter of time and resources required to compile some applications from source. A common example is CVSup, a tool commonly used to track the OpenBSD source tree. To install CVSup on a moderately fast system with a good Internet connection may take only about ten seconds -- the time required to download and unpack a single 511kB package file. In contrast, building CVSup on the same machine from source is a huge task, requiring many tools and bootstrapping a compiler, takes almost half an hour on the same machine. Other applications, such as Mozilla or KDE may take hours and huge amounts of disk space and RAM/swap to build. Why go through this much time and effort, when the programs are already compiled and sitting on your CD-ROM or FTP mirror, waiting to be used?

Of course, there are a few good reasons to use ports over packages in some cases:

• Distribution rules prohibit OpenBSD from distributing a package.
• You wish to modify or debug the application or study its source code.
• You need a FLAVOR of a port that is not built by the OpenBSD ports team.
• You wish to alter the directory layout (i.e., modifying PREFIX or SYSCONFDIR)

Building a complex application from source is not trivial. Not only must the application be compiled, but the tools used to build it must be built. Unfortunately, OpenBSD, the tools, and the application are all evolving, and often, getting all the pieces working together is a challenge. Once everything works, a revision in any of the pieces the next day could render it broken. Every six months, as a new release of OpenBSD is made, an effort is made to test the building of every port on every platform, but during the development cycle it is likely that some ports will break.

In addition to having all the pieces work together, there is just the matter of time and resources required to compile some applications from source. A common example is CVSup, a tool commonly used to track the OpenBSD source tree. To install CVSup on a moderately fast system with a good Internet connection may take only about ten seconds -- the time required to download and unpack a single 511kB package file. In contrast, building CVSup on the same machine from source is a huge task, requiring many tools and bootstrapping a compiler, takes almost half an hour on the same machine. Other applications, such as Mozilla or KDE may take hours and huge amounts of disk space and RAM/swap to build. Why go through this much time and effort, when the programs are already compiled and sitting on your CD-ROM or FTP mirror, waiting to be used?

Of course, there are a few good reasons to use ports over packages in some cases:

• Distribution rules prohibit OpenBSD from distributing a package.
• You wish to modify or debug the application or study its source code.
• You need a FLAVOR of a port that is not built by the OpenBSD ports team.
• You wish to alter the directory layout (i.e., modifying PREFIX or SYSCONFDIR)

Building a complex application from source is not trivial. Not only must the application be compiled, but the tools used to build it must be built. Unfortunately, OpenBSD, the tools, and the application are all evolving, and often, getting all the pieces working together is a challenge. Once everything works, a revision in any of the pieces the next day could render it broken. Every six months, as a new release of OpenBSD is made, an effort is made to test the building of every port on every platform, but during the development cycle it is likely that some ports will break.

In addition to having all the pieces work together, there is just the matter of time and resources required to compile some applications from source. A common example is CVSup, a tool commonly used to track the OpenBSD source tree. To install CVSup on a moderately fast system with a good Internet connection may take only about ten seconds -- the time required to download and unpack a single 511kB package file. In contrast, building CVSup on the same machine from source is a huge task, requiring many tools and bootstrapping a compiler, takes almost half an hour on the same machine. Other applications, such as Mozilla or KDE may take hours and huge amounts of disk space and RAM/swap to build. Why go through this much time and effort, when the programs are already compiled and sitting on your CD-ROM or FTP mirror, waiting to be used?

Of course, there are a few good reasons to use ports over packages in some cases:

• Distribution rules prohibit OpenBSD from distributing a package.
• You wish to modify or debug the application or study its source code.
• You need a FLAVOR of a port that is not built by the OpenBSD ports team.
• You wish to alter the directory layout (i.e., modifying PREFIX or SYSCONFDIR)

Building a complex application from source is not trivial. Not only must the application be compiled, but the tools used to build it must be built. Unfortunately, OpenBSD, the tools, and the application are all evolving, and often, getting all the pieces working together is a challenge. Once everything works, a revision in any of the pieces the next day could render it broken. Every six months, as a new release of OpenBSD is made, an effort is made to test the building of every port on every platform, but during the development cycle it is likely that some ports will break.

In addition to having all the pieces work together, there is just the matter of time and resources required to compile some applications from source. A common example is CVSup, a tool commonly used to track the OpenBSD source tree. To install CVSup on a moderately fast system with a good Internet connection may take only about ten seconds -- the time required to download and unpack a single 511kB package file. In contrast, building CVSup on the same machine from source is a huge task, requiring many tools and bootstrapping a compiler, takes almost half an hour on the same machine. Other applications, such as Mozilla or KDE may take hours and huge amounts of disk space and RAM/swap to build. Why go through this much time and effort, when the programs are already compiled and sitting on your CD-ROM or FTP mirror, waiting to be used?

Of course, there are a few good reasons to use ports over packages in some cases:

• Distribution rules prohibit OpenBSD from distributing a package.
• You wish to modify or debug the application or study its source code.
• You need a FLAVOR of a port that is not built by the OpenBSD ports team.
• You wish to alter the directory layout (i.e., modifying PREFIX or SYSCONFDIR)

A real man's operating system?
Linux is for bitches, real men use *BSD.

But I'm not making use of it. It's my understanding (correct me if I'm wrong) that the Operating System is what makes use of it, when needed. So far I haven't seen it used (as reported by swapctl). Wolfrider reports similar findings (in thread above).

http://www.openbsd.org/faq/pf/pools.html#outgoing

• OpenBSD
• pf
• altq

• OpenBSD
• pf
• altq

• OpenBSD
• pf
• altq

pf w/integrated altq. setup authpf for those users that need to bend your rules a little

it's magical. it "just works"

lots of good examples in the man pages too

throw it on a soekris and toss the linksys =)

...they're running the new system on OpenBSD

2. READ THIS.

2. Buy and install this.

3. Read this, this and this.

Trolling aside, Linux has got its places but if you want to do things right in a scenario such as the one you describe, OpenBSD is the only smart choice.

2. READ THIS.

2. Buy and install this.

3. Read this, this and this.

Trolling aside, Linux has got its places but if you want to do things right in a scenario such as the one you describe, OpenBSD is the only smart choice.

2. READ THIS.

2. Buy and install this.

3. Read this, this and this.

Trolling aside, Linux has got its places but if you want to do things right in a scenario such as the one you describe, OpenBSD is the only smart choice.

2. READ THIS.

2. Buy and install this.

3. Read this, this and this.

Trolling aside, Linux has got its places but if you want to do things right in a scenario such as the one you describe, OpenBSD is the only smart choice.

2. READ THIS.

2. Buy and install this.

3. Read this, this and this.

Trolling aside, Linux has got its places but if you want to do things right in a scenario such as the one you describe, OpenBSD is the only smart choice.

OpenBSD has support for limiting classes of bandwidth for quality of service as a part of the pf(4) firewall. See the part of the pf user's guide that covers how to do it.

FreeBSD also has built-in support via the altq facility that is a part of the ipfw firewall.

My druthers would be to use OpenBSD for this as it's not a CPU-bound problem and security on your router should be very high on your list of priorities.

--Paul

THIS IS NOT A TROLL but why not run their webservers on OpenBSD and stick to writing a cool GUI rather than trying to harden an internet-facing Linux box?

Is it any wonder people think Linux users are a bunch of flaming homosexuals when its fronted by obviously gay losers like these?! BSD has a mascot who leaves us in no doubt that this is the OS for real men! If Linux had more hot chicks and gorgeous babes then maybe it would be able to compete with BSD! Hell this girl should be a model!

Linux is a joke as long as it continues to lack sexy girls like her! I mean just look at this girl! Doesn't she excite you? I know this little hottie puts me in need of a cold shower! This guy looks like he is about to cream his pants standing next to such a fox. As you can see, no man can resist this sexy little minx. I mean are you telling me you wouldn't like to get your hands on this ass?! Wouldn't this just make your Christmas?! Yes doctor, this uber babe definitely gets my pulse racing! Oh how I envy the lucky girl in this shot! Linux has nothing that can possibly compete. Come on, you must admit she is better than an overweight penguin or a gay looking goat! Wouldn't this be more liklely to influence your choice of OS?

With sexy chicks like the lovely Ceren you could have people queuing up to buy open source products. Could you really refuse to buy a copy of BSD if she told you to? Don't you wish you could get one of these? Personally I know I would give my right arm to get this close to such a divine beauty!

Don't be a fag! Join the campaign for more cute open source babes today!

Nice, same old shit PFB's have been spouting since the begining. Your type used to be in the majority. We call that the bad old days. But your take-it or shove-it attitude just doesn't fly. I apologise for you because like every Windows moron and every Mac snob your espousing nothing be zeal. As if everyone who doesn't know/think/do exactly what you think they should is somehow less then you. But if you truely weren't trying to put your foot in your own ass you be using OpenBSD or applying the NSA patches, I mean you'd look like a total idiot if *your* OS ever got comprimised, right?

Windows has it faults, sure, but so does Linux and if you can't see that then your simply a bigger asshole then I thought. I use it every day *and* I love it, but if Linux is going to continue to grow beyond a hobbiests OS we are going to have to see its imperfections, not yell at other people for not using it.

Because if any free Unix (sue me SCO!) will do OpenBSD already supports that (since 3.4, and way faster support coming in 3.5).

IIRC, Theo said it was quite possible to quickly kludge together SMP support for OpenBSD, but doing it according to thier rigorous philosophic standards requires an extensive bottom up rewrite. It's been in the works since 2000.

You'd think, but you'd be wrong. From Cryptography in OpenBSD, a PRNG is used for:

• Dynamic sin_port allocation in bind(2).
• PIDs of processes.
• IP datagram IDs.
• RPC transaction IDs (XID).
• NFS RPC transaction IDs (XID).
• DNS Query-IDs.
• Inode generation numbers, see getfh(2) and fsirand(8).
• Timing perturbance in traceroute(8).
• Stronger temporary names for mktemp(3) and mkstemp(3)
• Randomness added to the TCP ISS value for protection against spoofing attacks.
• random padding in IPsec esp_old packets.
• To generate salts for the various password algorithms.
• For generating fake S/Key challenges.
• In isakmpd(8) to provide liveness proof of key exchanges.

Oh yeah, i forgot that one of OpenBSD's goals is to reach the desktop user.

If you don't like the ports system and prefer binaries you should explore the OpenBSD package system.

There is no need to manually go through your old configuration files. You should take a look at mergemaster. It makes the whole process much easier than you can imagine, giving you full control over all changes.

If you don't like the ports system and prefer binaries you should explore the OpenBSD package system.

There is no need to manually go through your old configuration files. You should take a look at mergemaster. It makes the whole process much easier than you can imagine, giving you full control over all changes.

You assume that it is ego that's responsible for Theo to run the OpenBSD project (which as I said really does have a number of security features that Linux hasn't got--compare http://openbsd.org/errata.html to the track record of the Linux kernel alone). You seem to forget that the BSD's are distinct projects; Theo runs Open, but not Free or Net (or Darwin, or the number of commercial OSes that borrowed BSD code--OSX and Solaris, if I remember right, among likely others).

Judging by that little misconception alone, I'm guessing you aren't a BSD user. I'm going to go out on a limb here and ask if you've ever even used a BSD (me, I'm both a Linux and a BSD person; posting from a Linux desktop, run Linux and Free and Open on servers, and my laptop is a nice new OSX powerbook). You might assume from the hype that Linux is technologically superior, but that is often not the case. The BSD's have their strengths and weeknesses, just as Linux does. Linux has momentum and publicity as a principle strength. But that doesn't mean it's always better (and truly, even if I've got PAX and SELinux or GRSec or similar on my Linux install, I still have to worry about reasonably frequent kernel vulnerabilities a bit more than I do with OpenBSD or even FreeBSD).

I'm a long-time OpenBSDer (I'm even way up near the beginning on their donations page, which is as close as I'll get to being cool -- it's far more important than a low Slashdot UID, which I also have, as you can see), and I remember Theo mentioning a couple years ago that he was thinking (at the time, anyway) about having the second processor do nothing but crypto.

What's his plan now? Just typical SMP, I'd guess -- but I thought his other idea was cooler. On-the-fly encoding and decoding and hiding of jpegs from wives and whatnot. Very useful to... ahem... some of us. Not me of course.

Just wondering about the current prospects for something to keep my uh.. important financial documents... from, uh... the government? Yeah, the government, that's it.

oops. Because OpenBSD is focused on security. This means they don't compromise by spreading development effort that could be best spent on making the OS more secure.

Because OpenBSD This means they don't compromise by spreading development effort that could be best spent on making the OS more secure.

It would probably be easier for you to find a provider that gives you ssh access. Then you can use SSH forwarding to establish an encrypted channel between your mailreader and POP3/IMAP server. SSH forwarding is a great SSH feature that you can use for a variety of other neat setups. Try ssh man page for more details.

lol what are you a man-page writer for the openbsd project or something :P

; ) No, I just love OpenBSD. I like all the big free BSD's.

regardless, it sounds like you're contradicting yourself a bit. we both seem to agree that some man pages rock (like books, some more than others). and you say yourself you've got great openbsd books.

You said, "who needs books, when you have such fantastic man pages!?" Apparently you did.

I purchase BSD related books when they come out, to encourage the publishing of further BSD books to generally help the BSD projects. Seriously. By the time I get to finish the book, a newer version is out, or more importantly, more up to date man pages are waiting for me.

Computer text books normally get used for reference, manual pages should serve this well, OpenBSD's man pages do.

I have also tried to purchase every official OpenBSD CD set since 2.5 (when I first tried it), I've bought loads of shirts and I even made a donation of brand new hardware. That donation did not make it because the drive model specifically requested was end-of-lifed and I could not find it anywhere else.

For me, purchasing books is one way I can support them.

If the manpages have all that you need, why would you consider the books that you own great, rather than just a rehash of the manpages?

I don't need books, with these. But it can be nice to flake out in bed and read a book.

Clearly you have a reason for liking the book, or buying the book in the first place.

It is not a need though, just a want.

Also, a novice openbsd user may not even know what the man pages are, sad as that may be.

After you install OpenBSD (at least), you get a message about what is expected of you as a user. Including the usage of apropos to answer your own questions. If you downloaded OpenBSD, there is a good chance you read something along these lines at the OpenBSD web site and if you purchased a CD set, the insert tells you too. That is why the developers and users get upset on the mailing lists, when someone asks a question (without enough of the required details) which was asked and answered just recently perhaps.

in my experiences i've noticed that man pages of commercial software are typically much better than free software (open source or not)

I agree with this completely, if you take OpenBSD out of the running.

lol what are you a man-page writer for the openbsd project or something :P

; ) No, I just love OpenBSD. I like all the big free BSD's.

regardless, it sounds like you're contradicting yourself a bit. we both seem to agree that some man pages rock (like books, some more than others). and you say yourself you've got great openbsd books.

You said, "who needs books, when you have such fantastic man pages!?" Apparently you did.

I purchase BSD related books when they come out, to encourage the publishing of further BSD books to generally help the BSD projects. Seriously. By the time I get to finish the book, a newer version is out, or more importantly, more up to date man pages are waiting for me.

Computer text books normally get used for reference, manual pages should serve this well, OpenBSD's man pages do.

I have also tried to purchase every official OpenBSD CD set since 2.5 (when I first tried it), I've bought loads of shirts and I even made a donation of brand new hardware. That donation did not make it because the drive model specifically requested was end-of-lifed and I could not find it anywhere else.

For me, purchasing books is one way I can support them.

If the manpages have all that you need, why would you consider the books that you own great, rather than just a rehash of the manpages?

I don't need books, with these. But it can be nice to flake out in bed and read a book.

Clearly you have a reason for liking the book, or buying the book in the first place.

It is not a need though, just a want.

Also, a novice openbsd user may not even know what the man pages are, sad as that may be.

After you install OpenBSD (at least), you get a message about what is expected of you as a user. Including the usage of apropos to answer your own questions. If you downloaded OpenBSD, there is a good chance you read something along these lines at the OpenBSD web site and if you purchased a CD set, the insert tells you too. That is why the developers and users get upset on the mailing lists, when someone asks a question (without enough of the required details) which was asked and answered just recently perhaps.

in my experiences i've noticed that man pages of commercial software are typically much better than free software (open source or not)

I agree with this completely, if you take OpenBSD out of the running.

Is it any wonder people think Linux users are a bunch of flaming homosexuals when its fronted by obviously gay losers like these?! BSD has a mascot who leaves us in no doubt that this is the OS for real men! If Linux had more hot chicks and gorgeous babes then maybe it would be able to compete with BSD! Hell this girl should be a model!

Linux is a joke as long as it continues to lack sexy girls like her! I mean just look at this girl! Doesn't she excite you? I know this little hottie puts me in need of a cold shower! This guy looks like he is about to cream his pants standing next to such a fox. As you can see, no man can resist this sexy little minx. I mean are you telling me you wouldn't like to get your hands on this ass?! Wouldn't this just make your Christmas?! Yes doctor, this uber babe definitely gets my pulse racing! Oh how I envy the lucky girl in this shot! Linux has nothing that can possibly compete. Come on, you must admit she is better than an overweight penguin or a gay looking goat! Wouldn't this be more liklely to influence your choice of OS?

With sexy chicks like the lovely Ceren you could have people queuing up to buy open source products. Could you really refuse to buy a copy of BSD if she told you to? Don't you wish you could get one of these? Personally I know I would give my right arm to get this close to such a divine beauty!

Don't be a fag! Join the campaign for more cute open source babes today!

But you would buy a book on a commercial Unix variant?

Third-party books are frequently better than the documentation provided by the company

I've yet to find a book, which is as good as the OpenBSD man pages.

Leave the commercial World behind, read the PF man page and discover what you've been missing out on.

Sales reps (may) try to sell you on the seemless failover crap. Bottom line: lots of hoops, and I don't know that it's any easier than PIX's failover solution.

OpenBSD, PF, pfsync and carp.

Don't know whether it is easier or not, but it's bound to be cheaper. Especially if you read the doco and understand it.

OpenBSD does not need sales reps. It gets by on merit alone. So why not go check out why this is!

How about an OpenBSD firewall guide book, eh?

Some books. The first two are appropriate, however Building Linux and OpenBSD Firewalls is really out of date.

The FAQ. Is very nice.

Or the best reference there is! Constantly up to date. Print it out, read it, use PF, never ever look back.

Especially on your fully state synced redundant PF firewalls.

How about an OpenBSD firewall guide book, eh?

Some books. The first two are appropriate, however Building Linux and OpenBSD Firewalls is really out of date.

The FAQ. Is very nice.

Or the best reference there is! Constantly up to date. Print it out, read it, use PF, never ever look back.

Especially on your fully state synced redundant PF firewalls.

How about an OpenBSD firewall guide book, eh?

Some books. The first two are appropriate, however Building Linux and OpenBSD Firewalls is really out of date.

The FAQ. Is very nice.

Or the best reference there is! Constantly up to date. Print it out, read it, use PF, never ever look back.

Especially on your fully state synced redundant PF firewalls.

How about an OpenBSD firewall guide book, eh?

Some books. The first two are appropriate, however Building Linux and OpenBSD Firewalls is really out of date.

The FAQ. Is very nice.

Or the best reference there is! Constantly up to date. Print it out, read it, use PF, never ever look back.

Especially on your fully state synced redundant PF firewalls.

How about an OpenBSD firewall guide book, eh?

Some books. The first two are appropriate, however Building Linux and OpenBSD Firewalls is really out of date.

The FAQ. Is very nice.

Or the best reference there is! Constantly up to date. Print it out, read it, use PF, never ever look back.

Especially on your fully state synced redundant PF firewalls.

Is it any wonder people think Linux users are a bunch of flaming homosexuals when its fronted by obviously gay losers like these?! BSD has a mascot who leaves us in no doubt that this is the OS for real men! If Linux had more hot chicks and gorgeous babes then maybe it would be able to compete with BSD! Hell this girl should be a model!

Linux is a joke as long as it continues to lack sexy girls like her! I mean just look at this girl! Doesn't she excite you? I know this little hottie puts me in need of a cold shower! This guy looks like he is about to cream his pants standing next to such a fox. As you can see, no man can resist this sexy little minx. I mean are you telling me you wouldn't like to get your hands on this ass?! Wouldn't this just make your Christmas?! Yes doctor, this uber babe definitely gets my pulse racing! Oh how I envy the lucky girl in this shot! Linux has nothing that can possibly compete. Come on, you must admit she is better than an overweight penguin or a gay looking goat! Wouldn't this be more liklely to influence your choice of OS?

With sexy chicks like the lovely Ceren you could have people queuing up to buy open source products. Could you really refuse to buy a copy of BSD if she told you to? Don't you wish you could get one of these? Personally I know I would give my right arm to get this close to such a divine beauty!

Don't be a fag! Join the campaign for more cute open source babes today!

http://smoothwall.org/ rocks like none other

PF: The OpenBSD Packet Filter shows that it is possible to have a very powerful packet filter with easily understandable and readable filter rules. Smoothwall has a following because the IPtables firewall scripts quickly becomes unreadable and hard to understand with it's sucky syntax.

For my simple home firewall/nat i use Shorewall (use IPfilter on Solaris at work), but damn, i love a good read on other firewalls and their setups.

Then I'm sure you'll enjoy reading the PF Example : Firewall for Home or Small Office from the very good PF FAQ.

One of the reasons for using OpenBSD to replace my Linux firwall, was the very readable PF firewall rules. To be honest, IPtables rule syntax sucks, and projects like Shorewall is a testament to that.

For my simple home firewall/nat i use Shorewall (use IPfilter on Solaris at work), but damn, i love a good read on other firewalls and their setups.

Then I'm sure you'll enjoy reading the PF Example : Firewall for Home or Small Office from the very good PF FAQ.

One of the reasons for using OpenBSD to replace my Linux firwall, was the very readable PF firewall rules. To be honest, IPtables rule syntax sucks, and projects like Shorewall is a testament to that.

Same here. Most of my company firewalls are running OpenBSD with PF. There's 1 linux box that is getting replaced very soon. Typical setup is 4 or 5 nics, multiple NAT's yadda yadda. plus now that OpenBSD is giong to have CARP in 3.5, you will have an auto-failover with a maintained state to another machine. This plus transparent squid caching, allows us to have about 100 users per T-1 with no complaints.

Is it any wonder people think Linux users are a bunch of flaming homosexuals when its fronted by obviously gay losers like these?! BSD has a mascot who leaves us in no doubt that this is the OS for real men! If Linux had more hot chicks and gorgeous babes then maybe it would be able to compete with BSD! Hell this girl should be a model!

Linux is a joke as long as it continues to lack sexy girls like her! I mean just look at this girl! Doesn't she excite you? I know this little hottie puts me in need of a cold shower! This guy looks like he is about to cream his pants standing next to such a fox. As you can see, no man can resist this sexy little minx. I mean are you telling me you wouldn't like to get your hands on this ass?! Wouldn't this just make your Christmas?! Yes doctor, this uber babe definitely gets my pulse racing! Oh how I envy the lucky girl in this shot! Linux has nothing that can possibly compete. Come on, you must admit she is better than an overweight penguin or a gay looking goat! Wouldn't this be more liklely to influence your choice of OS?

With sexy chicks like the lovely Ceren you could have people queuing up to buy open source products. Could you really refuse to buy a copy of BSD if she told you to? Don't you wish you could get one of these? Personally I know I would give my right arm to get this close to such a divine beauty!

Don't be a fag! Join the campaign for more cute open source babes today!