Slashdot Mirror
Learn From Robert Watson Of FreeBSD And TrustedBSD
Robert Watson is a core developer for FreeBSD, and a member of the TrustedBSD project. He is one of the best people in the world to ask about FreeBSD security, and about FreeBSD development in general. Please post your questions below. We'll send 10 of the highest-moderated ones to Watson by email, and post his responses verbatim as soon as we get them back.
What similarities and differences do you see between the TrustedBSD project and the type of security work undertaken by the OpenBSD team? How do their goals and philosophies differ?
It's not that fucking difficult.
--
--
You are a fucking moron.
I was reading some documentation on VMS the other day (don't ask), and found out something really interesting. VMS has per-thread security. Thus, a multi-threaded database application could still have ridged security even though it is one process.
I'm a UNIX admin, and don't wish to admin VMS, but this blew me away. Are there any other VMS you are or are considering adding to make TrustedBSD a more solid and extendable OS?
OS X's Darwin is based on FreeBSD. How good a member of the Open Source movement has Apple been? Have they contributed anything back to the FreeBSD project (code/money/t-shirts/etc...)?
I think you meant here - http://www.freebsd.org
Being a newbie, I've set up FreeBSD on a different box than my everyday box. Someday I hope to have it on my everyday box, but I have a lot of USB products on my machine. What does the future hold in terms of USB support in FreeBSD, and what are 3 of the biggest ideas / projects / etc. that the FreeBSD crew are looking at for the next release?
-=-=-=-=-=-=-
The COBOL Warrior
-=-=-=-=-=-=-
The COBOL Warrior
"COBOL's Not dead, it's just underground"
With so many implementations around of the various *nix/*bsd flavors why another one?
;) ) with the work you have done.
Is there enough distinction between OpenBSD and TrustedBSD to justify it?
And most importantly How do you get some much time to devote it *two* projects?
Nevertheless I congratulate you (and am kind of jealous
Bolke.
- In Memoriam: Jeroen de Bruin (1972-2004), bye bro
Quick questions:
Isn't FreeBSD now part fo BSDi?
And if so, how is this affecting your development, support, etc. ad nausem?
WHONEEDSSLEEPWHENWEHAVECAFFINE?!
what happened to the bsd color scheme?
FreeBSD development is obviously a big part of your life. I have noticed that peoples reasons for using a free OS are often not simply because its better, but because of some view or stance on freedom that they have.
I am a Windows guy, only because my job says so.
What I want to know is, how would you go about convincing me, a Win2k user, to consider using a *BSD. I am interested in learning a new OS... always. But, what makes it stand out from Linux/Win2k/MacOS?
Without the hair, maybe.
If they can't operate it (or administrate it), they simply won't. New users won't even try a system if they can't understand how to install it. A good solution to this is something like Max OS X -- you know, the BSD system that actually looks good.
Sure, anyone can install WindowMaker on BSD, but they can't control the entire system seamlessly, like you can with Mac OS X, NT, or for that matter, the Red Hat control panel.
Yes, I'm going to get flamed for this, but the fact is, FreeBSD needs to think about its future a little more competitively. Ever wonder how Linux, a much younger operating system, got so far so fast? You should see the graphical installation programs, which help you partition your drive, and then easily install the stuff you want.
So, what do you think can be done to keep FreeBSD alive?
--
--
You are a fucking moron.
From what I can tell, I don't know about FreeBSD (it seems that many people just see it as a Linux with less hardware support), but OpenBSD seems to be doing well because of its repuptation for security, and NetBSD is the only option for people who want to be running a *nix (or a Free OS) on many machines that are simply ignored by most every other software project.
Do you think FreeBSD is hurting in its distribution in comparison with Linux and commercial OSes? Not only are they available from numerous online stores, one can usually find them at simple retail outlets like Best Buy. On the contrary, FreeBSD distribution seems much more limited, with less retail and shrink-wrap options.
I have noticed, however, that linuxmall.com sells FreeBSD CDs, has the FreeBSD community recieved much support from the Linux community over distribution (such as mirrored FTP from mostly Linux servers)?
"The universe seems neither benign nor hostile, merely indifferent." --Carl Sagan
What do you see in the future for *BSD, with the huge amount of popularity that linux keeps on receiving, not to mention attention, esp. from our buddy Bill Gate$...
Do you think it will remain the strong, viable but simply less popular free OS it is now, hiding behind the limelight of linux, or will it come up in popularity, esp with the codebase for Apple's Darwin, which is all BSD based?
Stop over-analyzing your analizations
i am trying to cut the signal/noise ratio out of understanding bsd. specifically, what security documentation have you found useful day-in/out?
signatures are for fools with hands
Can you explain, in some detail, the overall goals of the BSDs you particpate in?
Please try and direct your answer to people who continue to proclaim that *BSD is dying, and point at some made up marketing numbers.
Do you have any opinions about the CheckPoint IPSO implementation of FreeBSD?
BTW, nice troll. Is that from some sort of Web-based marketing-speak script? It's so devoid of content. It's hilarious. :-)
Stating on Slashdot that I like cheese since 1997.
Do you prefer to be called Bob or Robert?
(never underestimate the importance of someone's name preference)
-p4
(c) All Rights Released.
Everybody knows there's no such thing as a perfect system. As such, what do you think is the most, and least perfect points regarding security in FreeBSD.
Also, in terms of security, what do you think the most common dangerous behaviours are by FreeBSD users and admins? What would you change about the FreeBSD userbase if you could?
--
"Don't trolls get tired?"
Are there plans in the future to add an automated security update system? I see this as a database your system would check against to see if you are running any installation level security problems.
Justen Stepka
I was installing portsentry from Psionic Software and somewhere in one of the files about using the software the author discusses the inevitability of being cracked. He believes that system admins can't keep up with constant updates and that eventually some hacker will find an exploit using their server. That is, the exploit will first be found on their box.
Do you, as a member of a widely trusted BSD distribution, think that eventually all computers will be hacked in some way?
Second question, do you think FreeBSD (and Linux) should ship with the tightest security possible at all times? Some reasons not to would be, usability by the "average" desktop user and being a hassle to set up for admins who want, say, ftp enabled.
Check out Althea for a stable IMAP email client for X. Now with SSL!
There seem to be a proliferating number of proposed extensions to
*NIXes with ruleset-based mandatory access controls. Is
standardisation important? What influence do you see of NSA's
recently released `security enhanced linux' having on other systems
(like that in TrustedBSD)?
While perusing the mailing lists for -hackers, -stable, -current, etc. etc., I often wonder what people like yourself, Mike Smith, Greg Lehey, and the other core members do to pay the bills. Unless something has changed recently with the BSDi takeover, I can't imagine that the FreeBSD project keeps the food on the table. So how about a little insight into your and the other core members "real" jobs. (As if there is such a thing as a "real" job). But anyways, thanks for all the hard work for little pay!
How does TrustedBSD compare with NSA secured linux (http://www.nsa.gov/selinux) in terms of new and or improved security features? And are there any plans to eventually integrate the rest of the TrustedBSD features back into the shared BSD source tree (the extended attributes already have been committed)? How would using TrustedBSD instead of FreeBSD impact clustering applications?
And just for my information, where did all the packages for clustering BSD go? All I can seem to find anymore is the linux stuff. And personally I don't like redhat and their rpm distribution method, all anyone wants to distribute anymore is rpms which is not near enough to standard and compatable accross the board as tar-gzip for my purposes. (One primary difference being that I can open a tar-gzip on a windows box at work during break to browse through source, and to my knowledge no one has bothered to create a "winrpm")
What's your opinion on the Open Packages project? Even though I'm not currently a *BSD user, it sounds great on the surface--there's even been interest expressed in patches for Linux!--but I've got to wonder what sort of complexities need to be worked out to maintain a set of packages for FreeBSD, NetBSD, OpenBSD, Darwin...
Stating on Slashdot that I like cheese since 1997.
What is the exact relationship between the Darwin Kernel and the FreeBSD kernel? How much FreeBSD code is in Darwin and how much Darwin code is in FreeBSD?
Burn Hollywood Burn
A while ago there was some hubbub in our community regarding the concept unifying the ports trees of the the different BSD flavors. It seems to me that this would be a mostly good thing, reducing duplication of work and making the ports both more plentiful and of a generally higher quality. Has there been any discussion of this in core? If so, does it look like this will ever happen?
--
SecretAsianMan (54.5% Slashdot pure)
Washington, DC: It's like Hollywood for ugly people.
Is there a need for something like Bastille for FreeBSD? There shouldn't be a need for it with TrustedBSD, should there?
Have you looked at what the NSA did to Linux and attempted to extract from it? Are there modifications they made that apply to TrustedBSD, either in source code or in spirit?
I love vegetarians - some of my favorite foods are vegetarians.
Were either of the BSD distributions affected by the interbase backdoor?
Only if the *BSD box was running Interbase.
Kent
I've got a FreeBSD box that i want to bolt down and harden. It's a Dual PIII 800, and i want to use it for development and testing of a server program i'm writing. The server runs as nobody, so i'm not worried about that.
I've closed stuff off such that an nmap from localhost, tcp, syn, and udp shows only sshd, dhcpc, and syslog. I'm currently running the verson of openssh that comes with FreeBSD 4.2.
I'm planning on installing tripwire on the machine at some point as well. I also plan to write something that will mail me a diff of the setuid log between the current day and the previous day, as well as a similar thing for the password file. Any other suggestions?
---
Play Six Pack Man. I
Do christians (or, other religions, too) have a problem with using any of the BSDs you've worked on due to the daemon mascot?
-- Gordon Worley
Why should an NT user switch to BSD as opposed to Linux? Sure, BSD can run most Linux binaries, but what does BSD offer in the way of applications that Linux doesn't?
They stuck me in an institution, said it was the only solution, to...protect me from the enemy, myself
What do you think of Stallman's distinction between "Free" software and "Open Source" and his appearant refusal to deal with anyone who wants to discuss Open Sourcing their application until they speak in his language on these issues?
Burn Hollywood Burn
Each Section of /. has a color scheme. This article is in the interviews Section; therefore it has the interviews colors (which happen to be identical to front_page colors), not the bsd Section colors.
Like Tetris? Like drugs? Ever try combining them?
Will I retire or break 10K?
Hi,
I'd like to thank you for all the work and effort you and your fellow developers are putting into this project. I currently use FreeBSD and have plans to try out your work on my next server configuration.
Could you give us a short overview of the process you're taking to make FreeBSD more secure? In particular, how does the TrustedBSD project compare with OpenBSD, which has been undergoing a line-by-line security audit for years? Most importantly, what are the advantages of choosing TrustedBSD over OpenBSD (besides the obvious project-loyalty factors)?
Kindest regards,
NGH
No, it's not just him, or No, it doesn't look like Bart?
-atrowe: Card-carrying Mensa member. I have no toleranse for stupidity.
Man .. I used to hang with Watson. He used to run a BBS called Starlight. I was a fellow sysop that used to run a BBS called Celestial Happenings. Props to Perry and the Ritual de lo Habitual creww, and Props to 'gazer and the rest of the DC WWiV crew.
Anyway, here's my question:
Security has traditionally been viewed as more of an architecture of denial than anything else -- stop people from getting where they are not supposed to get. However, these days security has more impetus because of the sheer amount of intellectual property that's being housed on publically accessable computers. Do you think's it's theoretically possible to ever build a 'crack proof' system? I'm famaliar with FreeBSD's track record, and use it for my firewall at home. But should the onus of security be placed on the sysadmins of the server, or on the people that make the operating system the server runs?
anacron (aka Surface)
Given that X is an inherently insecure system (though great strides have been made to rectify this), how do you see the relationship between X and FreeBSD going forward? xfree86 v3.x is nice, v4.x is nicer (though it hasn't made it to the "default" windowing system for FreeBSD, presumably because of some gaping security holes). Surely, for the mindless masses, X (or some derivative) is a necessary part of the complete OS distribution. What does the core feel is a reasonable tradeoff between security and functionality, WRT this issue, and to what extent will the core move to "correct" any serious problems (non-platform specific) with future releases of X?
main(){char I,l,O[]={'-',1-1,0,(1<<5)-1,0+'-',-10-1,-10,11-0,
Eros, unfortunately, doesn't look like it's actually going to arrive (at least not in a timely manner), but I've read several of the papers on capability-based security and they were all very interesting.
What do you think about Eros? What's your opinion (and your perception of the security community's opinion) about capability based security?
Thanks, Jeremy
Looking for a Python IRC bot?
I run FreeBSD on 3 machines here. I felt in love with it.
/usr/src ?
One thing I was wondering about is how decision are taken about what goes in the real system (/usr/src) and what does not. For instance, rcp is in the base system, while rsync is in the port tree. When I started, less was not in the distribution, but now is. Why ? Will FreeBSD grow and accumulate more and more tools in
Something somewhat related that bother me is that as soon as I get away of the base system, things are much less clean. Even if the port tree is wonderfull, there is no simple command that will enable me to stay in sync with non-standard stuff. I would love beeing able to do something analogous to cvsup + make world to keep an up-to-date X / gnome / mozilla installation, with a defaut window manager and configuration that make sense. Is there any work in that direction ?
Cheers,
--fred
1 reply beneath your current threshold.
1) Do you ever plan on moving away from the slow and resource intensive method of VMS style paging for memory address resolution
2) Are there plans to rewrite the TCP/IP stack to be multi threaded
3) Will BSD ever migrate away from UFS to a more modern file system?
4) With serious POSIX compatablity issues are there plans to use code from POSIX compliant OS's to become more commercially attractive to major corporations
All the best,
--Bob
Oh sorry, this isn't the Andre's Hedrick interview.
A journey of a thousand miles starts with a brutal anal raping at airport security
I've heard a lot about BSD being inheirently more secure than Linux, but have yet to see some concrete reasons why. So far, it comes down to code review from what I understand. What difference, then, is there between "secure" BSD distributions and, say, Immunix?
--
Do you think there is ever a time when you can declare a system "secure"? Assuming you dont, do you think it is even possible to objectively rate the security of a system?
How we know is more important than what we know.
I've heard it said numerous times that "Linux is more successful than BSD because of the license". The argument is that hackers prefer the GPL because their code can't be "stolen", whereas nothing stops Microsoft from using the BSD licensed code. I've even seen some Linux advocates point to Darwin as the ultimate example of exploitation.
What are your views on this from a perspective as a BSD hacker? Can free software really be stolen? Is BSD open for exploitation (in the negative sense)?
A Government Is a Body of People, Usually Notably Ungoverned
I would like to learn more about secure programming under *nix. I have decent knowledge of c, cpp and java.
Where should I start?
What book/doc/faq do you recommand me reading?
-- http://electronicintifada.net --
apple states that mac os x/darwin is based on freebsd 3.2. how complete an implementation is this? has darwin contributed any new ideas/code/features to bsd?
the animal doesnt even have opposable thumbs, focker!
From what I understand (And please correct me if I am wrong), FreeBSD has a completely different kernel than Linux (which Mandrake is just a distribution of).
On top of that kernel, you can run X-Windows, and then a common window-manager (like GNOME, KDE etc.)
In theory, you could have a system that looks identical to Mandrake(linux) that runs on top of the FreeBSD kernel. Some argue that the BSD kernel is more stable and "industrial strength".
You might not be the best person to ask, but what are the difficulties in porting FreeBSD to other operating systems?
The alpha port seems to have been struggling somewhat recently with all the different motherboard configurations (alphapc for one) that make the alpha an almost completely different CPU in some critical points.
Theres also the sparc port, which doesnt appear to have made lots of progress at all.
Here comes the questions:
Now really, does that make any sense? It means that behind a firewall (BSD, of course) running NAT, a client must run passive FTP, since there is no way an outside box should be able to initiate into the client box at a high port. However, what about that server? Do I really want to allow high port access to that box?
Finally, my question is this: How does one properly configure FTP between two NAT'd boxes without opening up lots of high ports?
Better still: Where do I write my congressman to make FTP illegal!?
--paul
This comment is guaranteed*
*not guaranteed
That and the kernel and userland come together. In FreeBSD the userland is designed around the kernel and vice versa. Unlike a Linux distro such as Mandrake where you get a Linux kernel + a userland built out of various GNU and whatnot software.
As to your comments on X-windows, that's a seperate piece of software to the OS and would look more or less the same on any platform it runs on. (and it runs on a lot more than just Linux and FreeBSD).
On the other hand, for OpenBSD and TrustedBSD, the "fuzzyness" of sharing the code base may make it more difficult to "warrant" the security of packages.
Would it be sensible/preferable to have a "fork" whereby there might be a set of Trusted Ports that would represent a (perhaps limited) set of software that undergoes more comprehensive code auditing, as well as the Unified Ports containing software that hasn't undergone such testing?
If you're not part of the solution, you're part of the precipitate.
You can find an exceptionally detailed answer at http://people.freebsd.org/~alex/libh/ which should give you a very good idea of where the FreeBSD distribution is headed, in the manner of granular, custimizable upgrades. JKH wrote a wonderful paper that covers this.
--
"Don't trolls get tired?"
Many companies producing the popular gaming titles for Windows seem reluctant to support the Open Source, FSF and MacOS platforms with their products. However, Apple is about to join the BSD party with Darwin, offering the potential to add several million new BSD installations over the next few years. With that in mind, adding up the various *BSD communities and Darwin yields a large, growing group of users. Add GNU/Linux, and that total becomes even larger. Growth of these platforms is significant, as is the potential for game sales.
What can these communities do to allow a game developer to write one title and port it easily across platforms, while retaining performance and quality?
Can you comment on what would be required to put something like this together, in terms of software, standards and effort on the part of the developers?
Thank you, and good luck with your TrustedBSD efforts.
The ports are 3rd party software.
The OpenBSD/FreeBSD/NetBSD team has no direct control over the s/w in the ports collection.
There is no organized effort to audit everything in the ports collection.
The OpenBSD audit is only concerned with the base OS, that in itself is a huge job. They don't have the resources to audit the thousands of apps in the ports collection.
The ports team does what they can to keep up with bugfixes from the various apps, but they aren't auditing the ports.
Once you install some 3rd party software, it's up to you to keep up with bugfixes for that 3rd party s/w.
I didn't mean to touch off a holy war there with my comments, I just stated that I can't open RPM on a windblows system while at work during a break or something, whereas winzip handles tgz just fine.
I'd like to know why FreeBSD (I use 4.2-STABLE) ships with PAM but with no PAM support in OpenSSH or any of the 3 versions of Kerberos, and with only minimal PAM support in the core login, ftpd, and rshd (no support for sessions or account management). It was a nasty surprise when I installed and configured a PAM module that restricts logins using account management, and none of the login mechanisms used it!
Solaris and Linux have done a much better integration job in this area. I'm wondering why FreeBSD pretends to support PAM and ships with it when it doesn't really use it. It seems dangerous to mislead sysadmins into thinking they have secured their system when the security mechanisms are actually ignored.
I asked myself the same question.
"think of it as evolution in action"
the entire kernel is being multi-threaded for 5.0, to provide fine grained SMP support.
Where can I find more info about plans for FreeBSD 5.0? Is 5.0 include the integration of BSDI code? Freebsd.org doesn't seem to mention much.
chris
cpeterso
Microsoft has Active Directory.
Novell has NDS.
NextStep has NetInfo.
Will FreeBSD be supporting any type of directory service? I know there's always DNS but I was thinking of something a little more powerful.
What I (and most network admins) would like is a nice central way to manage users, computers, or any other network "object". In order for this to work well the service will probably have to be added to the distro - not just supplied as an external package (hence your envolvement.)
I was thinking that since NetInfo has been opensourced it might be a good solution. I know a Linux port already exists.
Making xxBSD easy to setup and administer would greatly increase its appeal to network administers. During the install procedure you should have the option "connect via NetInfo" where everything is done for you - you shouldn't even have to assign it a root password. All administration, and I mean everything, should be done from a central location. (I know most UNIX gurus probably want their commands like "adduser" - but some type of directory service should still be an option.)
Aah, network nirvana...
Willy
http://people.freebsd.org/~jasone/smp/
cpeterso
-- Eat your greens or I'll hit you!
-- Eat your greens or I'll hit you!
Can you port ipfw to linux? please?? :)
ipfw has to be the greatest firewall tool ever
Zip files plus (god forbid) TCL are supposed to be superior to apt+dpkg?! Don't get me wrong here, I like FreeBSD as much as the next guy, but it would merely approach dpkg/rpm, leaving apt junkies like me standing in the cold.
I like his idea of restricted installation scripts though (anyone remember SYS:Installer? =)
what are you thoughts about reports of *BSD code being worked into MS code?
The common criteria are far more than the old orange book controls (B1, B2, C1, ...). Part two of ISO 15408 has many things that I'd really like to see (and I'm prepared to help, too).
Why even bother with the old style Orange book stuff, which barely work in a networked environment, when the new style CC definitions are available for free?
Also will you be providing a framework such that deployed TrustedBSD systems are ready for CC evaluation?
Lastly, any plans for a NetBSD version? Want some help?
Andrew van der Stock
Can Trusted BSD hope attain the covet A1 rating in the DoD Orange Book with OpenSource community as the maintainer?
The Orange requirement for a corporate entity (not exactly worded) to exist before obtaining any level, can be waived for this?
What's your take?
I had the experience with newer computers and bigger hard-drives that a kernel with softupdates compiled in made acces to the disk slower (it is supposed to make it faster...). Is there a reasonable explanation for that phenomenon, or are my observations just exceptions?
What do you do when you see an endangered animal eating an endangered plant?
Why does everyone feel like they should create their own name when they add code to FreeBSD?
The monkeys at AT&T feel they need to call it Eclipse OS.
You monkeys feel like you need to call it TrustedBSD.
Why don't you give credit where is credit is due, and call it FreeBSD with Trust extensions or something?
What do you think this is, Linux?
Differentiating a product is one thing, but intentional fragmentation is something else entirely.
A biger question - to what extent are these formal, committee-design secure systems criteria relevant to securing an open source product? What is good about them? What specifically do you find flawed or totally useless? What did you have to improvise because the methodology didn't cover it?
If your children ever found out how lame you are, they'd murder you in your sleep
Some facts to support your rather stupid assertions would be good!
I just have one question. I use FreeBSD at home and one of the big reasons I fell in love with it is the ports collection. I am wondering why you don't simply make TrustedBSD one of the ports in FreeBSD? I understand that it wouldn't hit the ports collection until the next version but if I were to use TrustedBSD (which I won't on my system but my FreeBSD server/router/firewall needs it) I would look for it in the ports collection.
Kleedrac
Sure we wang, can.
no prob.
Go Kathryn Thurber!
Whenever I start to talk about BSD at school people think that I am referring to twisted pornography. What do i do???
----------------------------------
Damn, people. It's not like OpenSSH is a big secret.
I still say that backbone providers should throw all port 23 traffic on the floor just on principle. It's no different than hiding your friend's car keys until he sobers up.
At one point, I was using NT at work, Unix (AIX, HPUX, Linux) at school, and a purple iMac at home (that ran MacOS, LinuxPPC (for a while), and YellowDog (for the other part of the while)). I can even feel your pain about that whole 'not popular but better' situation. (I really liked the macintosh useablity and hardware monopoly/integration.)
And I agree with your statement that Bob could say something worthwhile (with or without any intent of doing so).
But..
The whole point of trolling (baiting) a discussion forum is to get obvious and/or empassioned responses. (I liken this to peeing just to see the bubbles.) Ideally we are looking for insightful, well formed, thought out, or funny thoughts and responses.
In other words, posting goat sex repeatedly is one thing. Get someone to click the goat sex link expecting something entirely different, is a second level. Getting one of the authors (esp CmdrTaco) to post a story that has an irelevant link is a third thing.
Actual Point of my original post:Actually trolling one of the subjects of a slashdot interview may not be the holy grail of trolling, but it has got to be up there on the relic heirarcy with a sliver of the crucifix. He will probably get double word score just for the +5.
ISPs should never filter by port number. The telnet port should be reassigned to another use, perhaps a binary protocol so that script kiddies get a nice display on their terminal after running nmap....
He also refers to rpm and deb as first generation, which is quite false. If anything, tar.gz is first generation, ala Slackware. Not all that powerful, no dependancies at all, but it usually gets the job done. Version 1-3 of RPM could be considered second generation, as they addressed the lack of any kind of configuration in .tar.gz files and lack of dependancy information. RPMv4 and DEB could be considered third generation since they fill out the dependancy information with meaningful info, and provide some more advanced features to aid in installation.
Then again, reinventing the wheel is a UNIX tradition, and who am I to stop anyone from doing it. Energy could be spent in fixing the perceieved limitations in the other formats, but I guess there's too much bad blood between the camps to do anything of the sort.
I used up all my sick days, so I'm calling in dead.
Kernel vs Kernel
Gnu tools vs Gnu tools
this goes here, this goes there
All of these can become moot details to an experianced admin.
The real question for me is...
Any plans on porting to dpkg and apt?
Novel theory: Modern Man evolved from psychopath
Maybe you remember the times, when Debian GNU/Linux project wanted to do a Debian GNU/FreeBSD or something like that. The reason was, that the FreeBSD kernel is known to scale good on higher loads. The reason, it was dropped: old libs (couldn't get glibc to work there), no PAM authentification, etc. It seems to me, that FreeBSD has a nice kernel, but is quite closed from new progress (like those of new libraries and PAM). What I like on FreeBSD is the ports system and that I can recompile it fully. What's the reason of the project to be closed from these new developments?
One of the knocks on many the free operating systems was a lack of support for enterprise technologies. I work at a company working on InfiniBand hardware. We will be supporting Linux, as Intel will be releasing IB host drivers for it. It is not known how this code will be released, although Intel seems to be indicating the source will be available. We don't know how, though. For example it may require membership in the IB Trade Org. We are totally willing to release drivers for other OS's like *BSD, but are not willing to write a full OSVerbs InfiniBand driver for it. How and when do FreeBSD and TrustedBSD plan to implement IB support, if at all?
-- soldack
I recently downloaded the 5.0 patches for ACLs and will be trying it out. Do you have any plans with regards to Samba and using Access Control Lists to make Samba more compatiable with NT etc? I'm quite impressed by the size of the patches -- short and to the point.
That's a bit rich coming from an obvious linux bigot.
Let's dissect your comment!
BSD has a better-than-linux attitude with no substance to back it up.
And of course this doesn't happen with Linux does it???
That's why Linux is winning.
Winning what??? The 'what will be deadest fastest' race???
Here's yet another ego-stroking BSD distribution.....fork fork fork!
As opposed to Slackware, Red Hat, Debian, Caldera, Suse, TurboLinux, Corel, yggdrasil, stampede, Redmond, Kondara, NoMad, LuteLinux, Icepack... should I go on?
Is the fine-grained control of system services in TrustedBSD designed to supercede the use of FreeBSD jails?
And could you comment on the performance of FreeBSD vs. OS X. That is, given that OS X is based on the Mach microkernel with a BSD layer on top of that, what are the performance implications, particularly for use as a web server.
They can't spot a troll when they see one.
(8-DCS)