Slashdot Mirror
Captain Crunch's New Boxes, Part II
micsaund writes: "It looks like the infamous Captain Crunch has been toiling away for 3 years on a firewall now known as the Crunchbox. It runs OpenBSD and is administered via a web-based interface. Steve Wozniak is quoted as saying it's 'next to un-crackable.' Check it out at ShopIP. The Register also has an article on it. As an aside, since the Linux Router Project (LRP) appears to have been sold-out and GnatBox is a tad expensive, is anyone aware of some kind of 'packaged' firewall with a slick interface available for free?" We mentioned Draper's venture into firewalls last year, but there's been some progress since then.
that you don't have a modem in your crunchbox
:)
Can you get into it?
"For a successful technology, honesty must take precedence over public relations for nature cannot be fooled." -Feynman
How many backdoors are there in it?
Check Out www.bbiagent.com cool, free, easy to use...
L053R
me too.
Installs in a snap, free download, stupendous interface, good support. I've used it for months now without a hickup. Just my $0.02
:-)
Smoothwall
Cheers
Have a Happy.
The mailing list is active, there are any number of distributions though few on the latest kernels, all appears kosher if not frantically active.
Was there any reason for this possibly very damaging statement?
I don't read ACs: If a post isn't worth so much as a nom de plume to its author then I wont bother either.
That's what I use on my little NAT/Gateway thing at home. Works like a champ. Web-based config + many other add-ons for this floppy distro. More put together than LRP IMHO. Check it out at: freeSCO.org. The dicumentation is pretty good, although it may not be as secure as other distros.
MMORPG fan-boy? Prove your worth
Sorry, he's done some great things in the past, but what the hell does Steve Wozniak know about computer security?
Single Network Firewall... runs off of a 2.2 kernel, easy to set up, and runs off a "slick web based interface". You can download the ISOs for free off their website.
Some linkage:
next to un-crackable
What does Steve Wozniak have against Captain Crunch? we all know what happened to Oracle when they made similar claims.
Follow me
Looks like it's /.'d already, so use the power of the google.
Note sure if this qualifies, but it is a neat little floppy disk distribution that does nat. Check it out at http://www.coyotelinux.com/.
"I have a porkchop, you have a porkchop. I have a veal, you have a veal".
Or how about we surgically transform Timothy some kind of a lobster-like creature?
Why do you say the LRP has been sold out?
I use clark connect for my firewall. Its linux based wit a web admin, it displays usage reports, bandwidth graphs. Does nslookups and whois on people who try to hack you. Even displays "12.12.12.12 tried to use Code Red 2.0"
Also includes CUPS for printing.Samba for file sharing. OpenSSH and the web based admin uses ModSSL so its all encrypted.
Its frickin awesome! Is built from Redhat 7.2 and accepts all Redhat 7.2 RPMS.
Smoothwall has been doing the job for me for ages... Only a 20 meg download for the ISO and you install the system off that... It's pretty cool!
these machines will be given away in packets of cereal within the year ;) and you'll be able to access a trunk line with them!
free (as in mp3s) electronic music
Its Grrrrrreat!
... ohh sorry... wrong cereal.
I was just at the lrp site and could find no indication of corporate money mongering or otherwise. What makes you say that they "sold out"?
works great, easy to set up, floppy only, works on >= 486 machines. I've never seen it go below 98% idle on a 100MHz P5 with 5 hard-working machines filling a 768Kbps DSL line. You can pay $50 and get a DMZ added on to the free version, same price for a VPN license.
Download it from here. This is a BSD based firewall, but no shell, nothing for a cracker to get onto it. Uses SSL web access (new in later versions) or a Winblows client for configuration.
Oh and one point that is heavily stressed in their marketing material - it's ICSA certified.
There is a small version for ~$750 street price that gives 25-user version with DMZ, no moving parts, runs off 12VDC.
Got Wisdom?
This firewall is free for non-commercial use and has a web interface to boot. I've used this for sometime now. It supports VPN, incoming/outgoing email virus scan, IP accounting and routing. It will even update itself on the fly if you want. Here is the link: Astaro Security Linux
P.S. - I don not work for these guys, I am just impressed by what they offer.
Get the Google mirror here: http://www.google.com/search?q=cache:9eTg0-gz5L8C: www.shopip.com/+&hl=en.
"I'd dare to say, next to uncrackable, is crackable."
Dr. Nonsense, cofounder of the Nonsense School of Journalism and PR.
Not quite GPL'ed, but a nifty single-disk solution. I liked it better than LRP since it has built in support for PPPoE, important to us Verizon lusers.
-- Is "Sig" copyrighted by www.sig.com?
Uncrackable, perhaps...
UnSlashdotable, hell no!
Burn, baby burn!
On another note, I wonder if a good slashdotting could be considered ddos in court?
"A terrorist is someone who has a bomb but doesn't have an air force." -William Blum
Quaker Oats Co. announced it has filed a cease-and-desist order against Captain Crunch for trademark violation. The suit also says that the project also violates the DMCA, somehow.
A firewall isn't a "black-box" that you drop into your network. It's fully customized to your needs. Buying a "boxed" solution is total crap. If your admin thinks he can secure your network by buying a firewall and plugging it in, get a new admin. The guy securing your network should know how to build a custom firewall anyway (which is cheaper).
He spoke at UIUC's Reflections/Projections conference last year, and he showed us a bit of the Crunchbox. As far as we could tell, it was essentially a box with snort running to drop packets from anyone who tried an attack. Secure, yes, but also overly paranoid for most systems. Also, it pulls the CVS snort rules daily, so that's a potential weakness. It looked like it allowed you to view changes to the rules, but you didn't have to approve them in any way. I wasn't impressed.
No matter what the advertisers say, doesn't Captain Crunch go soggy in milk really quickly? :D
I blew real hard and couldn't get a tone out of
the damn thing.
-Kevin
*linux as a router? ha ha ha ha ha ha
is anyone aware of some kind of 'packaged' firewall with a slick interface available for free?
Yeah. It's called "stealing a copy of Firewall 1 from work". Sometimes you have to spend money for things.
- A.P.
"Remember when the U.S. had a drug problem, and then we declared a War On Drugs, and now you can't buy drugs anymore?"
When friends want to share a cable modem I usually go over to the local computer surplus sale and get 2 PCs that have NICs in them and a HDD and intall freesco.
It is based on an old kernel, and doesn't have socks so not everything will work, but it's easy to set up and even an idiot can use the web-based panel.
For a super low hassle setup I'd recommend it. It goes right onto an ex DOS PC, no re-formatting or anything.
+++ ATH0 +++
Give IPCop a go. Very similar to Smoothwall without the "attitude" that some people suffer from.
Steve Wozniak used to be a phone phreak...
that's how he and Steve Jobs got their initial capital for the Apple startup.
When one thinks of Arthur C. Clarke's rule that "when an elderly scientist says that something is possible, he is almost certainly correct: when an elderly scientist says that something is impossible, he is almost certainly wrong", I just get a little twitchy when Steve Wozniak claims that something is nearly uncrackable....
Fast, reliable, application level proxies - with the ability to log at different levels (and run on linux).
Where can these be found?
Both generic tcp/udp proxies and application aware "smart" proxies (i.e. H.323, NetMeeting, RealAudio, etc.). I know a lot of this funationality exists in the kernel, but I'd love to have proxies for those pesky protocols that decide on random high ports. If it could see and understand the "conversation", it could then, on the fly, proxy the appropriate (randomly selected) ports.
If I am completely missing something here (i.e. I'm a moron?!), let me know. I can take it. I think??
3cx.org - A truly bad website.
http://www.bodaction.com
comments?
2wire connection share/firewall behind a linksys router behind a Raptor firewall behind a Configure-1 firewall behind a linux-based IPTABLES firewall.... I think I'll be okay.. how about you?
FloppyFW, a linux distribution has been featured on slashdot several times, and works very well. It fits on a 1.44 floppy and has many ad-in modules including a DHCP and web server, as well as syslog. Versions on the 2.2 and 2.4 kernel, and active newsgroup support. Check it out.
From the page at iShop.com:
The latest attack signature libraries can be automatically updated from a centralized source of the computer security community.
I am certainly not a security expert, but this seems like a potential weak point. If they can automatically change the rules the firewall uses, then in theory someone else could as well, if they cracked the update protocol.
Does anyone know how they protect these updates so that they can't be intercepted and broken?
Sailing over the event horizon
Steve Wozniak is quoted as saying it's 'next to un-crackable.'
...and as soon as the story was posted, the screen read "j00've b33n h4x0r3d" and nature once again revealed its irony.
the server is lagged as hell, if it cannot protect against the slashdot effect, the single greatest denial of service attack known to the internet... is it really worth all the money on the page I cant even access to buy it?
a bit more about me http://www.advogato.org/person/trelane/ or my private page http://trelane.net
I do believe that everyone who usually writes "just my $0.02" on slashdot should change their comment to something a bit more universally understood. Perhaps: "just my 4 pages" ?
Just my 4 pages.
Do you even know anything about perl? -- AC Replying to Tom Christiansen post.
It's a great way to make that ole' Packard Bell 486 come back to life!
I have no problem with your religion until you decide it's reason to deprive others of the truth.
I hate to be a prat, but what's the point on adding a web-based interface to OpenBSD. The whole OS is damn easy to setup - the man pages are idiot proof and the documentation on installation are wonderfull. There are some rough spots that look a bit difficult if you don't have OpenBSD's documentation on hand - so keep another computer nearby to browse the web and man pages.
Hints:
Buy the OpenBSD CD - they are bootable and support the project.
Learn a bit of VI beforehand for editing those text files - of course other editors are available but VI comes built in.
Other hints:
Trust Theo and his friends to get the operating system secure - not a has-been cracker cashing in on name recognition.
Moneyed corporations, non-working 'poor' and criminal prisoners are turning productive citizens into tax-slaves.
I've tried several different types of Firewall distros. Coyote, Smoothwall, that Mandrake one, etc. I finally settled on Freesco, because it runs off the fat32 filesystem. All of the other ones are basesed on non-journaling Filesystems (Ext2). And my electric goes out quite frequently.
Please check out ClarkConnect... it's a great little firewall based on RedHat 7.2. It gets regular updates, and has an active user community.
linux e-smith
Got a Free masquerade/firewall solution (SME Server V5)
Download and burn a autoboot CD and you turn in 15 minutes a old pentium into a fully featured home server/firewall box.
Can't tell about the security, but it's free and apparently well done
OK. The interface isn't slick.
...but a solid firewall.
http://www.fwtk.org/main.html
There's still a lot of support and I believe an active mailing list.
I put one together 5 years ago, and the company I work for still uses it for their mailing host.
Interface? There is none. But it works pretty damned good if you're willing to spend 1 day understanding how it works.
Not a bad deal.
You were mistaken. Which is odd, since memory shouldn't be a problem for you
My bad.
Here is the correct link.
My own pointless vanity vintage computing page
http://www.ipcop.org/
It started as a fork of SmoothWall (without the
attitude) and has grown steadily since.
I encourage everyone to check it and the mailing lists out!
SIGLOST && SIGUNUSED && SIGQUIT
Who you callin' troll?
Read. Fifth paragraph down.
"News for nerds..."
Check the byline on the article at the Reg®:
Woz blesses Captain Crunch's new box
By Andrew Orlowski in San Francisco
Posted: 27/02/2002 at 21:31 GMT
This f*cking article was up on the Reg® on the f*cking 27th of February!
In the world *I* live in, that was last Wedesday!
How the f*ck does this qualify as "news"?
Answer: it doesn't!
And this is the level of quality that we are now being asked to pay for!
Forget it!
This topic is *olds* -- and it's *real* typical of what passes for *news* here at /.
t_t_b
I'm on PJ's "enemies" list! Are you?
Now I have to go find every BBS archive that has my G-Phile with box lists and update them.
DOS reserves five special file handles for use by itself and applications programs. They are:
0000h STDIN Standard Input Device
0001h STDOUT Standard Output Device
0002h STDERR Standard Error Output Device
0003h STDAUX Standard Auxiliary Device
0004h STDPRN Standard Printer Device
These handles are predefined by DOS and can be used by an application program. They do not need to be opened by a program, although a program can close these handles. STDIN should be treated as a read-only file, and STDOUT and STDERR should be treated as write-only files. STDIN and STDOUT can be redirected. All handles inherited by a process can be redirected, but not at the command line.
These handles are very useful for doing I/O to and from the console device. For example, you could read input from the keyboard using the read (3Fh) function call and file handle 0000h STDIN), and write output to the console screen with the write function call (40h) and file handle 0001h (STDOUT). If you wanted an output that could not be redirected, you could output it using file handle 0002h (STDERR). This is very useful for error messages that must be seen by a user.
"Any connection between your reality and mine is purely coincidental." -Slashdot
LRP hasn't sold out. Check out http://lrp.steinkuehler.net. The latest version is only 3 months old, and comes in CD form.
I was grocery shopping today. I noticed that the elephant is no longer on the peanut butter cap'n crunch. And that 'thing' is no longer on the crunch berry box. I figured the first link in this story would go here. Nope. Just some boring hacker crap.
(and for those keeping score, I am in fact blocking timothy's articles from the front page. I came here after seeing the headline on another site.)
Jesus was all right but his disciples were thick and ordinary. -John Lennon
LRP has been superceded by the LEAF project at http://leaf.sourceforge.net. I'm running a current LEAF distro (Oxygen) and it's rock solid. There are quite a few different flavors, depending on your needs and experience level.
From the LEAF site:
Last Oxygen release was about 2 weeks ago.Karma: Marginal (mostly due to the border around the website)
I bet some enterprising 15 year-old nicknamed "Captain Furby" will find that the 8156khz sound of a Furby's voice produces the perfect pitch to crack the "Crunch Box".
Ergonomica Auctorita Illico!
IPCop now is using Ext3. See features of V0.1.1. 2.4 Kernel and IPTables in V0.2
It is a full linux distribution, based on redhat 7.2, and is your typical linux firewall/router, but also comes with Snort, SSH, Junkbuster, Apache, proftpd, samba, cups, webmin, MRTG, etc.
The interface is web-based or commandline-based.
I am currently running it on a 486-66, 20M ram system, and the routing is very quick (I don't notice any slowdowns at all), but administration is a bit slow with this old box.
I'd highly recommend it.
If you can read Japanese (and if you can't just look at the pictures), how about OpenBlockS?
It's tiny (look at the picture about halfway down the page to get an idea of how small it really is - those are RJ-45 ports), runs Linux, and you can fit it with a HD if you really want to (although I don't see why you would).
The Trinix distribution seems like a powerful way to do this also. The homepage is hear ...). I've havn't tried it yet myself as I am currently running the LRP distro without a problem.
Trinix
It is intended as a network analysis tool, but it is has all the cool features (OpenSource, runs entirely in RAM, floopy boot, etc
This is an amazing thriving project with multiple branches. The coordinating web site is http://leaf.sourceforge.net/. The original poster couldn't be more wrong about its demise.
check out astaro firewall at www.astaro.com.
it is a linux based firewall solution with vpn & virus scanning support. it's the most comprehensive firewall package that i have seen (and that is freely downloadable).
astaro includes implementations of other security related products (swan, etc) all in one package. definately worth a try.
IPCop works just like Smoothwall for now. The next version has some incredible features that will take you to places you can only go with Smoothwall if you're willing to pay, if you can go there at all. Plus, the support is quick and friendly.
I use IPCop at home, at work and set it up for freinds and couldn't be happier.
It has IDS, VPN, a web proxy...eh, I could go on and on. Go check out the page!
Long live IPCop!
SFNative
~~~~~~~~~~~~~~~~~~~~~~~~~~~
Nothing exceeds like excess
~~~~~~~~~~~~~~~~~~~~~~~~~~~
are STABLE. finally. Thats why.
Sheesh! :)
Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
(this post isn't worth modding so don't)
I called the number on the site to find out the price because it wasn't listed.
/. he freaked and said "Oh no! Our site is getting /.ed guys!!".
/.ers!
One of the developers picked up the phone and told me all sorts of stuff about the firewall including the price and then, when I told him that his product was on
Way to go
I have been running Freesco for better than a year and think it is great. One thing that I wish it had was VPN support (not the passthru VPN kernel) but real VPN PPTP or IPSec better yet both. Does anyone have any knowledge of when 0.3.0 will come out?
The FAQ devotes 32 of 88 pages to how to correctly interact with the community, with such topics as "On Not Reacting Like a Loser" and "RTFM and STFW: How to tell you've seriously screwed up."
Furthermore, the remaining 56 pages are liberally sprinkled with the same: "Asking this question on the mailing list or IRC will inevitably result in the verbal equivalent of being hit round the head with a baseball bat. The answer is NO."
While I appreciate the sentiment of these statements, devoting nearly half of the document to this topic might be a little overboard.
Firewalls using iptables with 2.4.x kernel:
Firewalls using ipchains with 2.2.x kernel:
Firewalls using ipfwadm with 2.0.x kernel:
My question is, isn't it best to use an iptables-based firewall on a 2.4.x kernel instead of an ipchains- or ipfwadm-based firewall on a 2.2.x or 2.0.x kernel? I definetely want the connection tracking capabilities in the 2.4.x kernel, especially for screwy things like FTP, IRC, etc. (Yes, I know there is an IRC connection tracking patch out now for 2.4 kernels...) Is a kernel that doesn't support connection tracking for firewalls a reasonable option these days?
This kinda seems like PicoBSD a free, small BSD dist for this purpose... along with others.
God save our Queen, and Heaven bless The Maple Leaf Forever!
My own firewall at home runs smoothwall and has been up for over 150 days. I have installed it for clients and have never had any problems. As for needing tech support - I have never found any problem with Smoothwall that needs tech support. It's kool, it works, it's free.
Thank you.
Don't pay.. Look at ads.. Is there a problem? You could just go away and not pay. Personally, I'm not sure, I might like the ads.
Zoid.com
The emBSD Firewall seems to be right on track, and you can download it right now. I've not tried it, but it runs off a 32MB Compact Flash.
What were the skies like when you were young?
Coyote Linux has one of the easiest installers. It even installs from windows.
http://www.coyotelinux.com/
But if you run it through GRC's Shields Up at: http://grc.com/default.htm
You will see closed ports on the default firewall ruleset.
Might I suggest FrazierWall Linux. It is a fork of Coyote and LRP, but with better default firewall rules, and a built in web server for local firewall status information. And it will even e-mail the firewall logs to you.
http://www.frazierwall.com/
Plus it passes both the Shields Up and Sygate Scans : http://scan.sygatetech.com/
with stealth mode almost everywhere.
I did have some problems with in initial install. I looked in the config files from Coyote to get things straight with FrazierWall. Other than that, FrazierWall is a well done firewall.
dp
I like Coyote Linux. I used it for some time. It has one of the easiest installers. It even installs from windows. But if you run it through GRC's Shields Up at: http://grc.com/default.htm you will see closed ports on the default firewall ruleset.
Might I suggest FrazierWall Linux. It is a fork of Coyote and LRP, but with better default firewall rules, and a built in web server for local firewall status information. And it will even e-mail the firewall logs to you.
http://www.frazierwall.com/
Plus it passes both the Shields Up and Sygate Scans : http://scan.sygatetech.com/
with stealth mode almost everywhere.
I did have some problems with in initial install. I looked in the config files from Coyote to get things straight with FrazierWall. Other than that, FrazierWall is a well done firewall.
The modified RedHat distribtion peviously known as e-smith (now SMEserver) is available for free download at http://www.e-smith.org (follow the download link). It includes pretty good ipchains based firewalling, even when configured to run as a server and internet gateway on the same machine. If you haven't seen e-smith, it is basically an office-in-a-box providing internet NAT routing and all the usual server functions with administration through a web interface simple enough that you can let someone else do it all. They have been purchased by Mitel who sells service related to the software - if you vist the http://www.e-smith.com site (instead of .org) you won't even see the free download mentioned.
Overall, this looks interesting
I might as well blow my own horn...
http://www.frazierwall.com
It is an LRP floppy distro that is customized, runs a 2.2.18 kernel, supports most NICs, and has a thttp web interface with tons O'info about your hardware, network, and connections.
It also mails firewall blocking logs daily, provides a network time service for your LAN and has a user oriented interface.
Their webpage says:
"Evaluate our demo at:
https://demo.shopip.com"
But I don't get a connect, has it been cracked already?
ttyl
Farrell
CAN-CON 2019 - Ottawa's only book oriented Science Fiction Convention! October 18-20, Sheraton Hotel, Ottawa, Canada h
ESR Writes on "Surprised By Wealth"
:-).
.45 semi for tactical shooting. But really, I don't want or need a lot of stuff. I'm kind of Buddhist that way; I like to minimize my material attachments. (My family gripes that this makes me hell to buy Christmas presents for.)
[ The Almighty Buck ]
Posted by Hemos on Friday December 10, @08:00AM
from the jaw-dropping-to-floor-for-worth dept.
Everyone at this point has heard and seen about VA Linux Systems succesful IPO. Lesser known is the fact that ESR[?] is on the Board of VA. Yesterday seems to have been a time of personal reflection on the his new situation. Click below to read ERSR's musings on sudden wealth.
A few hours ago, I learned that I am now (at least in theory) absurdly rich.
I was at my machine, hacking, when I got email congratulating me on the success of the VA Linux Systems IPO. I was working on my latest small project -- a compiler for a special-purpose language I've designed called Scriptable Network Graphics, or SNG. SNG is an editable representation of the chunk data in a PNG. What I'm writing is a compiler/decompiler pair, so you can dump PNGs in SNG, edit the SNG, then recompile to a PNG image.
"Congratulations? That's interesting," said I to myself. "I didn't think we were going out till tomorrow." And I oughtta know; I'm on VA's Board of Directors, recruited by Larry Augustin himself to be VA's official corporate conscience, and it's a matter of public record that I hold a substantial share in the company. I tooled on over to Linux Today, chased a link -- and discovered that Larry Augustin had taken the fast option we discussed during the last Board conference call. VA had indeed gone out on NASDAQ -- and I had become worth approximately forty-one million dollars while I wasn't looking.
Well, that didn't last long. In the next two hours, VA dropped from $274 a share to close at $239, leaving me with a stake of only thirty-six million dollars. Which is still a preposterously large amount of money.
You may wonder why I am talking about this in public. The first piece of advice your friends and family will give you, if it looks like you're about to become really wealthy, is: keep it quiet. It's nobody else's business -- you don't want to look like you're gloating, and you don't want to be deluged with an endless succession of charity appeals, business propositions, long-lost best friends, and plain bald-faced mooching.
Trouble with the "keep it quiet" theory is that I've made my bucks in a very public way. When you're already a media figure, and your name is on the S-1 of a hot IPO, and email from friends and journalists starts coming in like crazy as the stock breaks first-day-gainplaying it coy swiftly ceases to look like a viable option.
Besides, it wouldn't be fair to dissemble. I serve a community. I'm wealthy today because my efforts to spread the idea of open source on behalf of that community helped galvanize the business world, and earned the respect and the trust of a lot of hackers. Larry thought that respect was an asset worth shelling out 150,000 shares of VA for. Fairness to the hackers who made me bankable demands that I publicly acknowledge this result -- and publicly face the question of how it's going to affect my life and what I'll do with the money.
This is a question that a lot of us will be facing as open source sweeps the technology landscape. Money follows where value leads, and the mainstream business and finance world is seeing increasing value in our tribe of scruffy hackers. Red Hat and VA have created a precedent now, with their directed-shares programs designed to reward as many individual contributors as they can identify; future players aiming for community backing and a seat at the high table will have to follow suit. In this and other ways (including, for example, task markets) the wealth is going to be shared.
So while there aren't likely to be a lot more multimillion-dollar bonanzas like mine, lots of hackers are going to have to evolve answers to this question for smaller amounts that will nevertheless make a big difference to individuals; tens or hundreds of thousands of dollars, enough to change your life -- or wreck it.
(Gee. Remember when the big question was "How do we make money at this?")
The first part of my answer is "I'll do nothing, until next June". Because I'm a VA board member, under SEC regulations there's a six-month lockout on the shares (a regulation designed to keep people from floating bogus offerings, cashing out, and skipping to Argentina before the share price crashes). So it's not strictly true that I'm wealthy right now. I will be wealthy in six months, unless VA or the U.S. economy craters before then. I'll bet on VA; I'm not so sure about the U.S. economy
Assuming the economy does not in fact crater, how is wealth going to affect my life in six months? Honestly, I think the answer is "not much". I haven't spent the last fifteen years doing the open-sourcefor the money. I'm already living pretty much exactly the way I want to, doing the work that matters to me. The biggest difference the money will make to me personally is that now I should be able to keep doing what I love for the rest of my life without worrying about money ever again.
So I expect I'll just keep on as I've been doing. Hacking code. Thinking and spreading subversive thoughts. Traveling and giving talks. Writing papers. Poking various evil empires a good one in the eye whenever I get a chance. Working for freedom.
I expect most other hackers confronted with sudden wealth will make similar choices. Reporters often ask me these days if I think the open-source community will be corrupted by the influx of big money. I tell them what I believe, which is this: commercial demand for programmers has been so intense for so long that anyone who can be seriously distracted by money is already gone. Our community has been self-selected for caring about other things -- accomplishment, pride, artistic passion, and each other.
OK, so maybe I'll break down and finally get a cell phone. And cable broadband so I can surf at smokin' speed. And a new flute. And maybe a nice hotrodded match-grade
I'm not going to minimize my attachments by giving it all away, though, so you evangelists for a zillion worthy causes can just calm down out there and forget about hitting me up for megabucks. I am *not* going to be a soft touch, and will rudely refuse all importunities.
I'm not copping this harsh attitude to protect my money, but rather to protect the far more precious asset of my time. Because I don't want to have to become a full-time specialist in deciding whose urgent pitch to buy, I'm going to turn everybody down flat in advance. Anyone who bugs me for a handout, no matter how noble the cause and how much I agree with it, will go on my permanent shit list. If I want to give or lend or invest money, *I'll* call *you*. (Sigh...)And yes, there are causes I'll give money to. Worthy hacker projects. Free-speech activism. Firearms-rights campaigns. Tibet, maybe. I might buy a hunk of rainforest for conservation somewhere. Megabucks are power, and with power comes an obligation to use it wisely. I'll give carefully, and in my own time, and only after doing my homework -- too much charity often kills what it means to nurture. And enough about that.
Ironically enough, one result of my getting rich is that I will probably start charging for speaking appearances, now that nobody can plausibly accuse me of doing it for the money. I won't charge open-source user groups or schools, but I will cheerfully extract a per diem from all the business conferences that keep wanting me to to boost their box office. Charging a price for my time will separate the expensive conferences that attract powerful people from the marginal events where the hacker community would get less leverage from my presence.
For the same reason, I'm still going to insist that anybody who wants me to give a talk has to cover my expenses and eliminate hassles. But I also expect I'll still carry my own luggage. And I'll never get too proud to crash on somebody's daybed when the local user group is too broke to cover a hotel.
But enough trivialities; I'm going to get back to work. I've got the SNG compiler stage almost done. Next up, I need to refactor the pngcheck code so I can give it a report-format option that generates SNG syntax. Then, I need to think about supporting MNG...
--
Eric S. Raymond
Are there any packages for Debian or RedHat that provide firewall functionality easily?
For a real FREE firewall go to http://www.ipcop.org and download a firewall that's easy to set up, has a great Administration manual and a FREINDLY user list for those special problems. I used to use that other firewall but got tired of reading how I wasn't supposed to ask for support because I didn't freaking buy his corporate product, thing is I was GOING to buy the Home Server when it came out but now I've moved on to a better producy with freindly support. Michael T
Dont blame me, I didn't vote for him! Then again, neither did a lot of other people. Linux User #228869 on Machine #1475
but I wonder if it stuff cuts the roof of your mouth :D
and yes I know friendly is spelled wrong twice and I meant product not producy. SmoothWall support still sucks. Michael T
Dont blame me, I didn't vote for him! Then again, neither did a lot of other people. Linux User #228869 on Machine #1475
Well dude, I guess you got the publicity you were looking for ;-)
-jcr
The only title of honor that a tyrant can grant is "Enemy of the State."
> IPCop now is using Ext3. See features of V0.1.1.
:)
As is SmoothWall Corporate Server, and as will the next release of the free version of SmoothWall.
> 2.4 Kernel and IPTables in V0.2
should be interesting to see just how much breaks when you do that Jack
neuro at well dot com (when I post, it's my opinions, no-one elses)
It may be unbreakabale but looks like it is
slashdottable.
...No more Soggies!
Donate background CPU time to fight cancer.
Mandrake Single Network Firewall - http://www.mandrakesoft.com/products/snf . Simple to install, and simple to maintain. The latest version, which is still in 'Cooker', uses shorewall - http://www.shorewall.net and can be installed from the Cooker Beta ISO simply be select the 'snf' package only.
.
-- I care not for your foolish signatures.
Seriously... I canceled the download when I noticed I was connected to a machine in the UAE... United Arab Emirates. BEWARE FOLKS!
lobstars r yummy
yes, thank you for stating what i was going to say.
i'm glad your response was modded up. I am quite satisfied with the level of activity on LEAF. We are going to move to a recent version of Oxygen in the near future. And the reason for doing that is to be able to run Seawall as a firewall on our
'embedded' boxes.
What? A free packaged firewall. This I think fits that question like a glove.
emBSD based firewalls are built on OpenBSD. Right now there is a 1.x line of emBSD which is built on OpenBSD 2.9, and there is a 2.0 emBSD beta which is built on OpenBSD 3. It is built to be a hard core firewall/router running from 32 megs of flash memory. I'm running LRP on a few systems (some floppy, some from IDE based solid state disks). I plan to migrate my LRP systems to emBSD 2.0 when it comes out of beta.
It's always interesting to see people so quick to attack an author of security-related software when they ask how to essentially "de-secure" the product!
I mean, honestly, it's probably a little "over the top" to ban your IP over the question -- but looking at it from the author's side for a minute; You're basically trying to modify the package to suit your specific needs. If you do this, you run a risk of introducing new code that's untested as to the level of security inherent in it. If the author helps you do these modifications, and then your box gets hacked later, how do you think that reflects on his original product?
Richard Morrell may have his share of attitude problems, but I don't think this is really a fair one to use against him. Firewalls are *not* supposed to run other services. People keep trying to add ftp, printing and Samba file sharing services to Smoothwall, among other things - and it's just a BAD idea.
Eh... I remember in the "good old days" of computing (when the Commodore 64 ran most of the BBS's out there, and people had fights over which platform was best: Tandy, Commie, or Atari), Woz was pretty well-regarded in the phone phreaking and system hacking communities. I don't think it was necessarily because anyone thought he was really good at it, but more because he had "celebrity status", yet still kept friends in those circles.
I even remember getting called up, late one night, and added to a huge conference call that a phone phreaker set up. Woz was in the call, along with a lot of regular attendees of the 2600 group meetings and so forth. (It's been years now, but I believe they hacked a code for a conference calling service called "Alliance", and they were trying to see how long they could keep the call going -- adding new participants as other people got off the phone.)
I don't even recall what the topic of dicussion was, but I don't think it was anything substantial. Pretty much just a lot of "Oh wow, cool - so who's all in here tonight?" and misc. chit-chat.
I looked at Clarkconnect, but I refuse to run it. Why? Because honestly, what kind of serious firewall product also leaves all those other services running? What's the point in protecting your systems and data behind a firewall, when at least some of your important files and servers *are* the firewall? There's no line of defense in front of your print server, file server, etc.
Let's say you have a good product and you want to get it endorsed. Bring it to a business guy, and he'll say: "This box is uncrackable. It's totally secure and cannot be comprimised."
Bring the same thing to a well-respected engineer and he might say: "It's darn, near impossible to crack. Hey, nothing is impossible, and there's always a risk, but this product is as good as it gets."
Too bad only the first endorsement would ever help sell the product.
Too big to fail? Does that make me to small to succeed?
Yes, smoothwall is good, and yes, Clark Connect is even better. I haven't tried this Freesco thing, but I'd have to say it may not serve you if you want to have more services than the average router. If you look in the nearly unnoticable corner of the web you'll find the "shop" with the real beauty - the Start-up server. This is a router with a lot of interesting features, including a console menu system called "smat" that lets you do everything you need, and which, I might add, is highly configurable because its written in Bash (you also get webmin). Its also based upon Slackware, so you get to download any of its packages if you need them. The one feature I particularly like about this distro is the fact that it uses the keyboard LEDs (num, caps, and scroll) as status indicators for the network, so you don't have to plug in a monitor to troubleshoot the connection at the source if anything goes wrong.
Mod me down and I will become more powerful than you can possibly imagine!
floppyfw is a sweet deal. 1 floppy. easy config. i've got mine set up to do dhcp for the internal network and everything. very nice.
----
All of whose base are belong to the what-now?
MOD THIS UP PEOPLE!!!!! for the love of Lady Liberty
Here is a google cache of the page with the specs.
If we don't make light of everything, we are just stumbling in the dark - Blank
stupid nerd. have you ever put your penis inside a girl's anus?
Why couldn't he say it like YOU did??? I wanted to upgrade a process running on the server. Just a simple question. It didn't have an ftp client, so I asked if there was a way for me to upgrade a package..he didnt even ANSWER the question. He said "*I* made this damn product, and if you don't like how it's made, go fuck yourself", and then kicked me out of the channel and banned me (this was a while ago). I could take a flame if it's deserved, but this just SHOCKED me..it was uncalled for. I still use Smoothwall however.
If you're not a Liberal in your 20's, then you have no heart.If you're still a Liberal in your 30's you have no brain.
will be Nileswall. :-)
I'm using OpenBSD 3.0 (which means pf instead of ipf for the filtering) and set it up as an ethernet bridge that does firewalling (IE - this sucker has no IP address, and can't be hacked from the outside world - in fact, it's friggin invisible. What a wonderful setup!) The disadvantage for most people, however, is that if you do it this way there's no remote administration. That's fine with me - the firewall machine has monitored physical access (in other words, it's locked in a cabnet the sets in my office :-)
There's some oddness doing it this way, but, it's really worth while if you want a machine that can't be screwed with at all. And, vi sucks, but is survivable ;-)
Oddly enough, all the docs I found on doing it this way were for previous OpenBSD versions, which used ipf for filtering. pf and ipf are close enough that the docs for doing it are still pretty close to in date - but there's just a few things that would have to change for it to be correct. A little searching through the pf man pages will show the differences.
Davis Ray Sickmon, Jr - looking for something to read? Check out my three free novels at MidnightRyder.org
>> IPCop now is using Ext3. See features of V0.1.1.
:)
>As is SmoothWall Corporate Server
>[smoothwall.co.uk], and as will the next release
>of the free version of SmoothWall.
hmmm. Ext3 under GPL and Ext3 after paying.
>> 2.4 Kernel and IPTables in V0.2
>should be interesting to see just how much
>breaks when you do that Jack
Yes. It should
Charles Williams
PM IPCop Linux
IT Admins Group: Where you decide the content
Actually WOZ had very little involvement in blue boxing, other then the novelty of how the phone system worked, and that can build a device to exploit it.
Sure, he used one when his car broke down, and he had to make a call for help. Or to call the Pope to see if he can do it.
Haha! I remember being called from Alliance conferences. This was about - 7 yrs AFTER I was "popped". Do you know Adfam Bauman?
:-)
Contact me, King_TJ, I'm sure I know you...
Crunch
Vatican security checked the call with FO though, so he (Pope) never actually answered.
:wq
The guys at Protectix offer a product called the ProWall that is on the expensive side but they offer the source code and it is flash based. It is supposedly written from scratch, not from LRP or whatever. I bought a really cool IDE-to-CF header PCB and Flash from them and installed what they call ApplianceOS on it. It took some playing with to compile the source given me but it is very cool! It has a very simple and easy to use web config tool... Doesn't look like Webmin. I would have bought the ProWall product but I am dirt poor and this is for personal use. If this was for my company, I would get them to invest. I really like it.
http://www.protectix.com/
I can see you've never dealt with end users.
There is a real nice, stripped clean and naturally free linux distro for firewalls/routers called bifrost. The latest few versions use 2.4-kernels, but they keep a nice annotated back-log of their old distros since 1997. The distro has a fairly clever system for dealing with mobile users (called nomad). It lacks a "click-and-go" wui by design, due to the risk of unneccesary security breaches - in my translation from the swedish pages - Correct filterrules are preferentially constructed "offline", and transfered by scp. For those who want clickability and colors, we recommend Xemacs for suitable coziness. Imho, thats the way to go (although I zealously use emacs instead).
The guys who maintain bifrost/nomad spend a lot of time on fairly advanced network performance testing with different hardware/driver combinations, so you maight want to consider their hardware recommendations as well. For the machines they put together for the Swedish university network, they go with flash-drives for safe (and fast) storage.
If you are curios about the name of the distro, the following helps:
The name Bifrost comes from the nordic mythology, where Bifrost is the bridge between Midgård (The Earth) and Asgård (the home of gods) and is called The Rainbow by humans. It's so strong that it will not be destroyed until Ragnarök - the end of the world. Bifrost is guarded by Heimdall and the red color one can see in it, is a flaming fire that prevents the giants to climb up to Asgård.
> >As is SmoothWall Corporate Server
:)
> >[smoothwall.co.uk], and as will the next release
> >of the free version of SmoothWall.
>
> hmmm. Ext3 under GPL and Ext3 after paying.
which part of "next release of the free version" didn't you understand?
neuro at well dot com (when I post, it's my opinions, no-one elses)
Well, I needed PPtP ADSL Support for my Alcatel Ethernet modem and Smoothwall supports this only in their commercial version, so I downloaded IPCop. I am very satisfied whis IPCop and they answered my (stupid) questions on their mailing list in minutes ...
The original document is available on ESR's site, BTW. (If you're interested.)
--
Runnin' around, robbin' banks all whacked on the Scooby Snacks...
what part of "go eat your mother ass" didn't you understand? Go back to raping cott deaths. Shit eater.
From one of the fist fellows to bring a RoadRunner clinet to Linux, Josh Jackson.
This is simply put the slickest stuff going from what Ive seen, I actually waled my mom through an install over the phone.
COYOTE LINUX
There is it appears a new embedded version, Ill have to look at that,
Ive had 2 installs up for over a year, both only ceased functioning once, when the people at their location forgot it was there and unplugged em, (both places:)
To me something you can truly forget about is the ticke, VPN clients and all....
Sig went tro...aahemmm.....fishing........
... does it comes with bells and a whistle?????
sure as hell looks a lot like mac os 9 running ie to me
I can understand Steve's misdirected trust for John "Captain Crunch" Draper, but is there any network administrators out there who would stake their reputations, and possibly their jobs on a firewall written by this guy? Having reviewed code written by this man, I beleive I am accurate in saying he should stick to hardware design, and leave the software to the pros.
I have to admit, he is rather good at "networking", but not the sort used in telecommunications. Social engineering skills do not qualify a person for the hairy task of writing an unbreakable firewall, and unless his skills in the hard sciences have dramatically improved in the last 10 years, I figure there will be plenty of opportunities for buffer over-run and DOS attacks in the near future.
Prove me wrong John, put your source in the public domain, under the same open source scrutiny as OpenBSD, and if it is a secure (and not through obfuscation either) as you say it is, I'll sing your praises instead.
Fast machines, powerfull AI, impulsive invention,... All I lack is a good espresso machine!
did anyone else notice that there are almost no comments about the box itself, just tons of comments about other Linux-based firewalls?
has anyone ever seen the box, used it, witnessed a demo, anything? or knows some more details, like pricing, which aren't immediatly apparent from the website?
if so, please share your knowledge.
Assorted stuff I do sometimes: Lemuria.org
You dumbass, those are options that you have to manually turn on during the installation.
By default it is set up simply as a firewall/router.
Any distro is only as safe as the services its running on open ports. duh.
I looked at Clarkconnect, but I refuse to run it.
You looked at what the package listing on the website?
You obviously didn't "look at" the distro enough to know what you're talking about.
Who in the fuck modded this guy up anyway?
Securepoint is a free Linux 2.4.x based firewall. You can find it at www.securepoint.de. Itlooks priety secure to me but it has one draw back, if you want to use the graphical administration software that comes with it you have to have a windows box, other than that it looks like it could rank right up there with a checkpoint-1 system. The system is administerable from the console if you do not want to use a windows box.
"Really, I'm not out to destroy Microsoft. That will just be a completely unintentional side effect." Linus Torvalds
Here's another !!
/. today is great - truly the reason /. exists.
http://www.zelow.no/floppyfw/
The info on
Wozniak is to security as Peter Norton is to DOS.
Wozniak went to school with him, so they are old college buddies. His statement just seems like a "This is a pretty good product since my friend made it...but I am not standing behind of it" sort of remark.
And another thing...
Why does Peter Norton have a book out about MS-DOS?!? Does he even exist..or is he just a fabricated icon created by Symantec? I want to know!
SOFT BET MY REED _, just so you know it is me
For those looking for instructions on building a linux floppy take a look at some documentation I made up while working on my own.
I had not found any good linux floppy firewall distributions running 2.4 the kernel so I figured out how to do it myself. This document doesn't include the instructions on how to include iptables but I will be adding that soon (it isn't too difficult).
The reason for that attitude is having 100% control, not 100% security. You cannot assume someone is security illiterate and conclude just wanting to be able to change anything is a security vulnerability.
One day, they may find this FW has a vulnerability, and ALL of this firewall will have that one. Because they are all the same.
Bottom line: i think you are plain wrong, tohugh I will agree that anyone security illiterate is better of leaving things as they are.
unfinished: (adj.)
It's not in the freeloader version.
Also, it doesn't have DHCP ("because a firewall is not supposed to do that, and is a security vulnerability.......") so if you use a cablemmodem or anything that gets the IP from a DHCP server, you are out of luck. There are some ways to add DHCP, but from external parties. But the web interface is not very aware of the fact the IP will change (rule making nightmare).
unfinished: (adj.)
Been using this for a longtime w/out incident, Firestarter (firestarter.sourceforge.net)
I have slowly tried to dip my hand into Linux, but without me actually needing it anywhere I can justify it to my job to have one. So I ask you geeks out there is there a Linux based firewall/gateway server that will take over all of the functionality of a MS Proxy server. The biggest feature that needs to be replaces would be for the server to be able to use the users in an NT domain for authentication, so that I can disable and enable access on a per user basis. Any help out there?
I've read all the other posts and missed any mention of one of the best firewalls I've seen - SHOREWALL (www.shorewall.net). It even has a leaf variant - Bering (leaf.sourceforge.net). This firewall is based on the 2.4 kernel/IPTables. Impressive modular design and excellent support from the author (Tom Eastep) and mailing list. From my 2.2 days, I was most impressed with the work done by Trinity OS (David Ranch). just my nickels worth..... NOCORVAIR /insert witty quote here/
NOCORVAIR
Hey, at least they explain why they are acting hostile.
Informative? Funny, yes - but informative? PUT DOWN THE PIPE!
Rate Rule Packet Latency .101998
.047 or 47 milliseconds of time.
100Mbps ztest 98713
Latency:
Time in seconds, measured from the reception of
the first packet to the last acknowledgement.
That would mean it takes 1 tenth of a second.
or rather 100 milliseconds.
Even the single rule tests adds
That seems awfully high for a firewall.
Dedicated boxes (like the pix) can usually pass the traffic through in under a millisecond.
I guess whats probably missing is whats the difference for the first packet versus the subsequent packets.
Assuming the first packet does a lot of stuff, builds an entry in a state table etc. you can understand why it would take some time....
but then the next packet should be a quick check to the state table.
Unfortunately its short on details so we can only hope....
-- C
Plenty of cheap 2-4 meg single-chip non-volatile devices emulate a floppy at IC power, speed, and size. One of these and a floppy-based Linux distro makes an attractive appliance configuration.
Bad attitudes must be very prevalent among the "security elite" (in the computer industry that is).
Think about it: Darren Reed, Richard Morrell, Theo De Radt, etc. etc.
They all share common traits: bad attitudes and superiority complexes.
From what I read and understand, Richard Morrell is just a mean wanker, with no justification or provication. Darren Reed and Theo deRadt aren't so flamboyant as Morrell. They are pretty understanding, and you can atleast communicate with them, unless you are one of the other.
They seem to be stubborn more than anything; however, they have the right to do what they want with their respective projects.
I think the source for all of this is, of course, insecurity (in a personal, non computer related way).
eeeeeeeeeeeexcellent - the AC crowd show their true colours once again! "raping cott deaths"?? isn't this a family show?
neuro at well dot com (when I post, it's my opinions, no-one elses)
now if we can only work on getting crunch to bathe regularly, we'd have something.
as funny. Theo is a model of civility and diplomacy? Compared to anyone? Dick and Theo ought to get together and go bowling.
Ok, bright guy - so you think it's a good programming decision on the part of Clarkconnect and other firewall authors to give the user the option of running server services on top of the firewall??
Of course you can turn the stuff off. The point is, it's misleading to release a security product with the ability to do quite insecure things with it. At the very least, it's bad practice and teaches bad habits.
Show me a single Cisco firewall product with Samba or print services optionally running on it?
After reading the whole introduction written by ESR, my thoughts were "What an overinflated sense of self importance!"
Anyone who has the time to write a 30 page document on how to properly ask a question of a hacker has WAY too much time on his hands.
Quit trying to convert the world, and just use your "delete" key. It's there for a purpose.
How long before your DNS comes back up? I'm dying to read those stories but its still /.ed :)
I've been using GNAT Box LT for three years now. I love it. The first time I set one up I was handed the box and was told by my boss to "set it up and make it work". I took it to the client site and two hours later I was done. The Web console interface is great. The product is really easy to use. Running the light version at home behind my cable modem I have never had an intrusion, at least not that I know of. The light version does not have DMZ or VPN capability. Through the use of dynamic DNS and port forwarding I have been able to host web and mail. This is against my service agreement but I have never been shutdown by my cable provider. I admit my traffic is VERY light, I believe this is why I have never been shut down. The registered version gives me 5 outgoing IPs. It does exactly what I need for my home network. Even though there is no support for the light version, I registered at their site http://www.gnatbox.com and posted a question in a forum. The question was answered by one of GTA's programmers in less than a day. I don't work for GTA I just like the product. I would love to try the CrunchBox, only if they did what GTA did with GNAT box and offered a free limited use package for the home user. With port forwarding I really don't need a DMZ, VPN would be nice but not necessary. I'm keeping my fingers crossed.
Another essential factor in "control" is to conceal from the controlled the actual intentions of the controllers. -WSB
Recommended browser: Microsoft Internet Explorer version 6.0
running on Microsoft Windows 2000 or Windows XP.
If you lurk on the smoothwall email list for a while you'll see why Richard get a bit cranky. Threatening phone calls to his home with rude messages left with his children.. Having to exlain (for the 1,000th time) why a firewall should not be running {ftp|tftp|rsh|rexec}. Lusers asking the same old questions for the 50th time and getting all upset when the response to their badly phrased question is a quick "sod off!". I agree that Richard can be a very disagreeable fellow, but I can't fault the software or the behavior of the rest of the team from what I've seen.
I've been running smoothwall for several months and other than the nag screen and ads on the web interface, I have no issues with it - I even donated to the team before that whole subject got tense. I've found it easy to install, maintain and use. Several friends have also installed it and are quite happy with it.
I'd recommend IPCop. Its damn good and not programmed and supported by people with all the social skills of a randy ferret on Viagra. The replies I have had to my support questions are great. Not like the ones from the Smoothwall team, which read like "go get a visit from the clue fairy". Sheesh!
M = Man looking for support, R = Receptionist, Q = Mr. Morrell
M: Ah. I'd like to have some support, please.
R: Certainly sir. Have you been here before?
M: No, I haven't, this is my first time.
R: I see. Well, do you want to have just one support incident, or were you thinking of taking a course?
M: Well, what is the cost?
R: Well, It's one pound for a five minute incident, but only eight pounds for a course of ten.
M: Well, I think it would be best if I perhaps started off with just the one and then see how it goes.
R: Fine. Well, I'll see who's free at the moment.
Pause
R: Mr. DeBakey's free, but he's a little bit conciliatory.
Ahh yes, Try Mr. Barnard; room 12.
M: Thank you.
(Walks down the hall. Opens door.)
Q: WHAT DO YOU WANT?
M: Well, I was told outside that...
Q: Don't give me that, you snotty-faced heap of parrot droppings!
M: What?
Q: Shut your festering gob, you tit! Your type really makes me puke, you vacuous, coffee-nosed, malodorous, pervert!!!
M: Look, I CAME HERE FOR CUSTOMER SUPPORT, I'm not going to just stand...!!
Q: OH, oh I'm sorry, but this is abuse.
M: Oh, I see, well, that explains it.
Q: Ah yes, you want room 12A, Just along the corridor.
M: Oh, Thank you very much. Sorry.
Q: Not at all.
M: Thank You. (Under his breath) Stupid git!!
In other news, astrophysicists have announced that they now know what all that dark matter is: it's stupidity.
Heaven forbid that Red Hat Liux users would want to upgrade any of their software. They may destabilize the whole operating system! This would make RH look bad.
Yes, your argument IS that stupid. If I want to upgrade my Palm, Tivo, PC, Mac, Dishwasher, toilet, install Dr. Sholls insoles in my goddamn shoes, it my right. If my feet smell, it's MY problem, and Nike shouldn't care!!! It doesn't make Nike look bad...
Once I buy a product, it's mine. If I upgrade it and fuck it up, it's my fault. If the mfr. gets pissy, then it's time to find a new product.
Richard Morrell is not the god of all firewall products. Maybe I know what I need in a firewall better than he does. Maybe MY business needs exceed the artificial limitations that his product has. Maybe I want to add IDS capability - THAT certainly belongs in a firewall. Maybe transparent filtering proxy. That belongs there too. Maybe better NAT support. Whatever.
Look where Linux would be if Linus refused to incorporate patches written by others, and didn't release source. Hmm. Probably a pile of crap. It's one thing to be strong willed, and another to be an arrogant asshole.
Yes, adding some services random service like samba, etc. isn't very smart, but forewarn the user. Educate. Do NOT put artificial restrictions and limitations in the product, as that reduces the utility greatly.
[Smacks you in the nose]
"Well, you're just DAMN UGLY"
Explaination doesn't make it any more correct. Manners are what my/your mother should have taught you. Obviously, Dick either didn't have a mother, or one that didn't do her job. (Or was that a father?)
Cheers!
ROFL! That seems to explain it fully.
Dick is trapped in flashbacks of MP shows.
I KNEW there was some logical explaination!
Thanks!
Cheers!
Intelligent people usually learn what they do well, and what they don't.
Dick seems to not realize the fact that abusing people isn't correct - EVER!
If he can't handle support, please do something else. If Dick is a "friend" to OSS, we don't need enemies.
Just in case yo wondered, I do have to work with clueless users. I usually bite my tongue, grind my teeth, and then SMILE and try to be helpful. Anything else really doesn't help.
Cheers!
I've seen Captain Crunches "code". I don't think the current firewall contains any of his code, which is just as well. The man is a puppet for a few ex-convict scam artists, and Woz seems to be the only friend he's managed to keep for more than a couple years. Captain Crunch is so unreliable he has put several companies out of business by delaying and going overbudget on work they contracted him to do.
I'd have to agree.. I downloaded smoothwall 0.9.9SE a few months ago while searching for a low/no cost site-to-site VPN solution. The install was quick and easy, and although I needed to modify some of the scripts to make the Free-S/WAN VPN components interoperate with my Checkpoint FireWall-1/VPN-1 gateway at work, the end result is a secure and stable firewall with the desired full-time encrypted connection to the office. Now I've seen Mr. Morrell's postings to the "gpl" mailing list, and I don't think he's going to win any awards for open-source customer service, but his product delivers as advertised and then some. It's certainly worth the download to try it out, and most likely will be worth a nominal donation to most users. Features include statically or DHCP assigned external address, modem support with dial-on-demand, Intrusion detection (snort), web and DNS proxies, DMZ interface support, IPSec comliant VPN, traffic logging with nifty graphs, an easy-to-use SSL web interface and a few other little goodies.
chown -R us
Seems a little high - anyone have some stats on latency for the different packages available?
What does this have to do with NAT. BTW and FYI you can run Fressco off a hard drive as well. Just use the Movetohd command (somethingn like that)
...I thought you said 'Boxers' - combined with the wolf whistle, i thought we were gettin pr0n.
Regards, timf.
"poor baby, got kicked and banned on an IRC channel... boo hoo!"
Shouldn't you be browsing a disney site? I didn't think Slashdot let people under 12 here, I guess I was wrong...
"Once I buy a product, it's mine. If I upgrade it and fuck it up, it's my fault. If the mfr. gets pissy, then it's time to find a new product."
First, let me say that I agree every bit with the fiery spirit of your post. That's the way it should work. However, in most countries you have this big pile of crap called "law", which has allowed software companies to sell you permission to use the product, so as far as the law is concerned, you don't own it, you only own a right to use it. I know, it's utter bullshit and needs to change as it changes the rules of capitalism from simple free enterprise to complex legal bullshit.
However, it's also worth noting that your attitude in your post is as horrible as Morrells. He could easily say:
"Once I start a project, it's mine. If I don't want to give information to people, that's my choice. If a user gets pissy, then it's time for that user to find something else to use."
Everyone needs to drop the attitudes. It's really been f**king old for at least a decade for me, and probably alot older for others. It jacks up existance for all of us and really, I don't give two farts who the hell you think you are, your crap smells horrible and you have no right to expect to be treated or spoken to any better than you are willing to treat or speak to others. Thems the facts jack.
I don't speak for the pro-floppy legions, but while your previous post was insightful, it did not deserve a score of 5. I don't use a floppy based distro, but this debate has acutally pushed me towards the benefits of such a solution. In any event, the issue is not as cut-and-dry as you or Theo seem to think, and your being overmoderated encourages me to play the devil's advocate.
;) passe. Performance is not an issue because single function devices should run from RAM - running from a harddrive would be undesireable. It is even argueable that read-only floppies can be better than CD-ROMs because they are easier to update. CD-R defeats the whole inexpensive aspect, unless you already have the hardware and buy blank media in bulk. Even then, floppies are still cheaper. While you may now get AOL CDs in the mail, these aren't as useful as AOL floppies! If AOL ever starts mailing preformatted harddrives, then I will gleefully retract my arguments.
Unless you are a long time computer hobbyist with generations of surplus hardware laying around, a hard drive is not trivial to acquire. On the otherhand, anyone who gets junkmail more than likely has thrown away many floppies. A harddrive is only cheap compared to what harddrives used to cost. For the price of one inexpensive hard drive, you can get hundreds of floppy disks. Hard drives are not impervious to failure, and for the cost, redundant copies of your packet filter conf. file have a better chance of survival on $50 worth of floppys than one $50 hard drive.
If top security is your concern, then you don't keep log files on a rewriteable medium like a hard drive. A better answer is a read-only boot device, with logs sent to a printer. You can reboot if anything goes wrong, and still have access to the logs while offline. You can stay online while making and testing updates on another floppy, and even keep multiple floppies with multiple configs.
For a single function device, it is tough to argue that a harddrive makes a RAID (Redundant Assortment of Inexpensive Diskettes
-castlan
My boyfriend, Sean, used to be quite the phreak himself. He took me out to a payphone one night after fooling around and he showed me how to get a free call! It was so kewl!
Anyway, staying on topic, I hope this turns out for the best for Cap'n Crunch. He sure taught us a thing or two about phones!