Slashdot Mirror
NetBSD Announces Four New Security Advisories
Dan writes "The NetBSD project has announced four new security advisories. NetBSD ships with the racoon(8) IKE (Internet Key Exchange) daemon, a vulnerability was found in the code for packet validation of "informational exchange" messages. Inconsistent IPv6 path MTU discovery handling vulnerability states that a malicious party can cause a remote kernel panic by using ICMPv6 "too big" messages. The OpenSSL 0.9.6 ASN.1 parser vulnerability could lead to a possible denial-of-service. Finally, shmat reference counting bug - programming error in the shmat(2) system call can result in a shared memory segment's reference count being erroneously incremented."
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/ FreeBSD-SA-04:02.shmat.asc
CERT SecAD NBSD4536A746
Advisory: Olfactory disturbance during *BSD use
Affected: NetBSD all versions
FreeBSD all versions
OpenBSD all versions
Description: The dead corpse of a *BSD operating system emits a foul, disgusting smell which reduces the productivity of the users.
Recommended activities: - use nose plugs
- removal of *BSD operating system, replace with Linux or Windows XP
The patches were issued a rather long time ago...
"Finally, shmat reference counting bug - programming error in the shmat(2) system call can result in a shared memory segment's reference count being erroneously incremented."
AFAIK, *BSD has also had other problems with reference counts. People have been decrementing their reference counts on the whole project, pushing it into negative numbers. If only the cleanup() function were called, we can do away with *BSD and let it remove itself properly in peace.
What, did someone root the coffin?
1. You can not play games on it.
2. It cannot be used by my grandma.
3. It lacks a GUI of any note.
4. There is no support available for it.
5. It is an assortment of fragmented OSes.
6. It cannot be run on the x86 platform.
7. You have to compile everything and know C.
8. Support for the latest hardware is always poor.
9. It is incompatiable with GNU/Linux.
10.It is dying.
It's sad to see that BSD has been affected by these security issues. Of course, something like this is of grave concern to all BSD sysadmins, as confidential information could pass away from the user's control. If you notice unauthorized users on your system, kill their processes. I'd hate to see something like this lead to the death of this wonderful operating system.
Ct: Its over Johnny, its over
Jr: nothing is over nothing you just don't turn it off, it wasn't my war you asked me I didn't ask you and I did what I had to do to win but somebody wouldn't let us win and I come back to the world and I see all those maggots at the airport protesting me spittin' callin' me baby killer and all kinds of vile crap who are they to protest me huh? Who are they? Unless theve been me and been there and know what the hell theyre yellin' about.
Ct: it's a bad time for everyone Rambo, its all in the past now
Jr: for you, for me civilian life is nothing in the field we had a code of honor you watch my back ill watch yours back here that's nothing
Ct: you're the last of an elite group don't end it like this
Jr: back there I can fly a gunship, I can drive a tank, I was in charge of million dollar equipment, back here I cant even hold a job parking cars!!! Huh icant jees oh god I had a firend he was in airforce I had all these guys who were my friends back here there was nuthin'man back than this fucking car this red 58 Chevy convertible, he was talikn about his car, and he said we were going to cruise til the tires fall off we were in this bar in Saigon and this kid comes up and this kid carring this shoe shine box shine pleases shine and I said no and he kept askin and joey he said yeah and I went to get couple of beers and the box is wired and he opened up the box and fuckin blew his body all over the place and hes laying there and hes fuckin screaming and theres pieces of him all over me and I can t pull him off you know , my friend its all over me , its got blood and everything and im trying to hold him together and im put him together and he keeps coming out and nobody will help nobody helped me saying I wanna go home I wanna go home, I wanna go home and hes just calling my name Johnny I wanna drive my chevy . but why I cant find your fuckin legs I cant find the legs I cant find his legs
If your running an i386 just run this baby and it will get rid of any packages that have been flagged as insecure ftp://ftp.netbsd.org/pub/NetBSD/packages/1.6.2/i38 6/All/audit-packages-1.27.tgz
Make sure that you don't need any of the packages it get's rid of before you run it. Too see which vulnerabilities it get's rid of check out this list. Also make sure you don't need anything on this list .ftp://ftp.netbsd.org/pub/NetBSD/packages/distfile s/vulnerabilities
Creative Demolition
The BSD developers have to protect against coffin robbers, too.
"package reaper" since its dead anyway
you fell for a obvious troll
The Year of Our Lord 2003 has been a particularly bad year for the "B"s,
- Bob Hope
- Buddy Ebsen
- Buddy Hackett
- Barry White
- BSD
This honored list of dead is but a small token of adieu from the many fans of the deceased.These dead were truly some American Icons. They will be missed.
No text.
Does anyone know if this also affects Panther (OSX 10.3) which also ships with racoon?
What a coincedence, one for each BSD user.
Somewhere, in a lonely hospital room,
*BSD is dying
All our times have come
Here but now they're gone
Mac OS don't fear the reaper
Nor do the windows, SUN or the rain..we can be like they are
Come on baby...don't fear the reaper
Baby take my hand...don't fear the reaper
We'll be able to fly...don't fear the reaper
BSD's bought the farm....
Distro is done
Here but now they're gone
Romeo and Juliet
Are together in eternity...Romeo and Juliet
40,000 server crashes every day...Like Romeo and Juliet
40,000 workstations reformatted everyday...Redefine happiness
Another 40,000 coming everyday...We can be like they are
Come on baby...don't fear the reaper
Baby take my hand...don't fear the reaper
We'll be able to fly...don't fear the reaper
BSD's bought the farm...
Love of two is one
Here but now they're gone
Came the last night of sadness
And it was clear she couldn't log on
Then the file was opened the wind appeared
The mobo blew then disappeared
The curtains flew then Jordan Hubbard and Michael Smith appeared...saying don't be afraid
Come on baby...and she had no fear
And she ran to them...then they started to fly
They looked backward and said goodbye...she had become like they are
She had taken their hand...she had become like they are
Come on baby...don't fear the reaper "
Yet another cunting bombshell hit the "community" of *BSD asswipes when IDC recently confirmed that *BSD accounts for less than a fraction of one single puny fucking percent of all servers. Coming hot on the heels of the latest Netcraft survey which plainly states that *BSD has lost more fucking market share, this news serves to reinforce what we've known all along. *BSD is ingesting itself backwards, disappearing up its very own shitter, as fittingly exemplified by coming a piss poor dead last in the recent Sys Admin comprehensive networking test.
You don't need to be a cock-sucking Kreskin to predict *BSD's future. The hand writing is on the wall: *BSD faces a bleak future. In fact there won't be any fucking future at all for *BSD because that sorded, shit-filled, mutated testicle of an operating system is dying. Things are looking very bad for *BSD. As many of us are already aware, *BSD continues to lose market share. Red ink splashes across the accounting documents like a series of exploding bloodfarts. FreeBSD munches the most ass of them all, having lost 93% of its core developers. The sudden and unpleasant departures of long time FreeBSD cuntwipes Jordan Hubbard and Mike Smith only serve to underscore the point more clearly. There can no longer be any doubt: FreeBSD is dying and its rotting corpse smells worse than a maggot, vomit, shit and piss cocktail.
Let's keep to the facts and look at the fucking numbers, shall we? OK!
OpenBSD wanker Theo states that there are a pathetic 7000 users of OpenBSD. How many users of NetBSD are there? Oh, God, let's fucking see... The number of OpenBSD versus NetBSD posts on Usenet is roughly in ratio of 5 to 1. Therefore it's turd-suckingly obvious that there are about 7000/5 = 1400 NetBSD users. BSD/OS posts on Usenet are about half of the volume of NetBSD posts. Therefore there are about 700 users of BSD/OS. A recent article put FreeBSD at about 80 percent of the *BSD market. Therefore, by simple fucking arithmetic, there are (7000+1400+700)*4 = 36400 FreeBSD users. Surprise fucking surprise, this is consistent with the number of FreeBSD Usenet posts.
Due to the troubles of those arseholes at Walnut Creek, abysmal sales and so on, FreeBSD showed themselves to be a bunch of retarded tossers, went out of business and were taken over by BSDI who sell another special needs OS. Now BSDI is also a miserable failure, its corpse turned over to yet another charnel house... pathetic.
All major surveys show that *BSD has steadily fucking declined in market share. *BSD is where it belongs, at death's door and its long term survival prospects are almost non-fucking-existant. If *BSD is to survive at all it will be among moronic, dilettante shitheads. *BSD continues to Chew Satan's Dick And Fuck The Baby Jesus Up The Pooper. Nothing short of a miracle could save it at this point in time. For all practical purposes, *BSD is dead.
Fact: *BSD IS A FUCKING USELESS WASTE OF BITS AND IS DYING LIKE THE DOG THAT IT IS. IT MAKES ME SICK JUST THINKING ABOUT IT.
The OpenSSL 0.9.6 ASN.1 parser vulnerability...
What is going on? Didn't Microsoft have the same vulnerability recently? How is it that three entirely different operating systems (Linux,Windows,BSD) have the same vulnerability?
Is this caused by human mistake or laziness?
Of course we can all agree that BSD is a failure, but why did BSD fail Once you get past the fact that BSD is fragmented between a myriad of incompatible kernels, there is the historical record of failure and of failed operating systems. BSD experienced moderate success about 15 years ago in academic circles. Since then it has been in steady decline. We all know BSD keeps losing market share but why Is it the problematic personalities of many of the key players Or is it larger than their troubled personalities
The record is clear on one thing no operating system has ever come back from the grave. Efforts to resuscitate BSD are one step away from spiritualists wishing to communicate with the dead. As the situation grows more desperate for the adherents of this doomed OS, the sorrow takes hold. An unremitting gloom hangs like a death shroud over a once hopeful BSD community. The hope is gone; a mournful nostalgia has settled in. Now is the end time for BSD.
- deal with the inevitable.
- grieve for your loss.
- move on.
Never let your emotions get mixed up with something as silly as a computer operating system. It isn't healthy. So BSD fails. Big whoop. Deal with it and move on. Hope this helps.So that's what they're calling pallbearers these days.
What's left for me to see
In my ship I sailed so far
What can the answer be
Don't know what the questions are.
And after all I've done
Still I cannot feel the sun
Tell me save me
In the end our lost souls must repent.
I must know it is for certain
Can it be the final curtain
As long as the wind will blow
I'll be searching high and low.
Who knows what's really true
They say the end is so near
Why are we all so cruel
We just fill ourselves with fear.
And heaven and hell will turn
All that we love shall burn
Hear me trust me
In the end our lost sould must repent.
I must know it is for certain
Can it be the final curtain
As long as the wind will blow
I'll be searching high and low
Final curtain
Final curtain
BSD you grow in the ghetto, living second rate
And your eyes will sing a song of deep hate.
The places you play and where you stay
Looks like one great big alley way.
You'll admire all the numberbook takers,
Thugs, BSD pimps and pushers, and the big money makers.
The End of FreeBSD
[ed. note: in the following text, former FreeBSD developer Mike Smith gives his reasons for abandoning FreeBSD]
When I stood for election to the FreeBSD core team nearly two years ago, many of you will recall that it was after a long series of debates during which I maintained that too much organisation, too many rules and too much formality would be a bad thing for the project.
Today, as I read the latest discussions on the future of the FreeBSD project, I see the same problem; a few new faces and many of the old going over the same tired arguments and suggesting variations on the same worthless schemes. Frankly I'm sick of it.
FreeBSD used to be fun. It used to be about doing things the right way. It used to be something that you could sink your teeth into when the mundane chores of programming for a living got you down. It was something cool and exciting; a way to spend your spare time on an endeavour you loved that was at the same time wholesome and worthwhile.
It's not anymore. It's about bylaws and committees and reports and milestones, telling others what to do and doing what you're told. It's about who can rant the longest or shout the loudest or mislead the most people into a bloc in order to legitimise doing what they think is best. Individuals notwithstanding, the project as a whole has lost track of where it's going, and has instead become obsessed with process and mechanics.
So I'm leaving core. I don't want to feel like I should be "doing something" about a project that has lost interest in having something done for it. I don't have the energy to fight what has clearly become a losing battle; I have a life to live and a job to keep, and I won't achieve any of the goals I personally consider worthwhile if I remain obligated to care for the project.
Discussion
I'm sure that I've offended some people already; I'm sure that by the time I'm done here, I'll have offended more. If you feel a need to play to the crowd in your replies rather than make a sincere effort to address the problems I'm discussing here, please do us the courtesy of playing your politics openly.
From a technical perspective, the project faces a set of challenges that significantly outstrips our ability to deliver. Some of the resources that we need to address these challenges are tied up in the fruitless metadiscussions that have raged since we made the mistake of electing officers. Others have left in disgust, or been driven out by the culture of abuse and distraction that has grown up since then. More may well remain available to recruitment, but while the project is busy infighting our chances for successful outreach are sorely diminished.
There's no simple solution to this. For the project to move forward, one or the other of the warring philosophies must win out; either the project returns to its laid-back roots and gets on with the work, or it transforms into a super-organised engineering project and executes a brilliant plan to deliver what, ultimately, we all know we want.
Whatever path is chosen, whatever balance is struck, the choosing and the striking are the important parts. The current indecision and endless conflict are incompatible with any sort of progress.
Trying to dissect the above is far beyond the scope of any parting shot, no matter how distended. All I can really ask of you all is to let go of the minutiae for a moment and take a look at the big picture. What is the ultimate goal here? How can we get there with as little overhead as possible? How would you like to be treated by your fellow travellers?
Shouts
To the Slashdot "BSD is dying" crowd - big deal. Death is part of the cycle; take a look at your soft, pallid bodies and consider that right this very moment, parts of you are dying. See? It's not so bad.
To the bulk of the FreeBSD committerbase and the developer community at large - keep your eyes on the real goals. It's when you get distracted by the politickers
Oct. 23 -- BSD resumed receiving life-sustaining care yesterday in a
Florida hospital room, but many experts said there is virtually no hope
that it will ever recover, despite it fan boy's desperate hopes.
"IF IT'S over a year, BSD's not ever going to get up," said Fred Plum, a
professor emeritus at Weill Cornell College in New York. "You'd just
don't see it. It just doesn't happen."
BSD, 39, has been in a persistent vegetative
state since its heart stopped for unknown reasons in 1990. A feeding
tube in BSD's stomach was removed this past Wednesday after its husband,
Theo De Ratt, who said his wife had told him she (BSD) would not want to
be kept alive under such circumstances, won a long series of court
battles to have life-sustaining nourishment withdrawn so she (BSD) could
die.
By Chinese Karma Whore, Version 1.0
Everyone knows about BSD's failure and imminent demise. As we pore over the history of BSD, we'll uncover a story of fatal mistakes, poor priorities, and personal rivalry, and we'll learn what mistakes to avoid so as to save Linux from a similarly grisly fate.
Let's not be overly morbid and give BSD credit for its early successes. In the 1970s, Ken Thompson and Bill Joy both made significant contributions to the computing world on the BSD platform. In the 80s, DARPA saw BSD as the premiere open platform, and, after initial successes with the 4.1BSD product, gave the BSD company a 2 year contract.
These early triumphs would soon be forgotten in a series of internal conflicts that would mar BSD's progress. In 1992, AT&T filed suit against Berkeley Software, claiming that proprietary code agreements had been haphazardly violated. In the same year, BSD filed countersuit, reciprocating bad intentions and fueling internal rivalry. While AT&T and Berkeley Software lawyers battled in court, lead developers of various BSD distributions quarreled on Usenet. In 1995, Theo de Raadt, one of the founders of the NetBSD project, formed his own rival distribution, OpenBSD, as the result of a quarrel that he documents on his website. Mr. de Raadt's stubborn arrogance was later seen in his clash with Darren Reed, which resulted in the expulsion of IPF from the OpenBSD distribution.
As personal rivalries took precedence over a quality product, BSD's codebase became worse and worse. As we all know, incompatibilities between each BSD distribution make code sharing an arduous task. Research conducted at MIT found BSD's filesystem implementation to be "very poorly performing." Even BSD's acclaimed TCP/IP stack has lagged behind, according to this study.
Problems with BSD's codebase were compounded by fundamental flaws in the BSD design approach. As argued by Eric Raymond in his watershed essay, The Cathedral and the Bazaar, rapid, decentralized development models are inherently superior to slow, centralized ones in software development. BSD developers never heeded Mr. Raymond's lesson and insisted that centralized models lead to 'cleaner code.' Don't believe their hype - BSD's development model has significantly impaired its progress. Any achievements that BSD managed to make were nullified by the BSD license, which allows corporations and coders alike to reap profits without reciprocating the goodwill of open-source. Fortunately, Linux is not prone to this exploitation, as it is licensed under the GPL.
The failure of BSD culminated in the resignation of Jordan Hubbard and Michael Smith from the FreeBSD core team. They both believed that FreeBSD had long lost its earlier vitality. Like an empire in decline, BSD had become bureaucratic and stagnant. As Linux gains market share and as BSD sinks deeper into the mire of decay, their parting addresses will resound as fitting eulogies to BSD's demise.
"Do not stand at my hard disk and forever weep.
I am not there; I do not sleep.
I am a thousand winds that blow.
I am the diamond glints on snow.
I am the sunlight on ripened grain.
I am the gentle autumn's rain.
When you reboot in the morning's hush
I am the swift uplifting rush
Of quiet birds in circled flight.
I am the soft stars that shine at night.
Do not stand at my hard disk and forever cry.
I am not there. "
Somewhere, in a lonely hospital room,
*BSD is dying.
I don't want to start a holy war here, but what is the deal with you BSD fanatics? I've been sitting here at my freelance gig in front of a BSD box (a PIII 800 w/512 Megs of RAM) for about 20 minutes now while it attempts to copy a 17 Meg file from one folder on the hard drive to another folder. 20 minutes. At home, on my Pentium Pro 200 running NT 4, which by all standards should be a lot slower than this BSD box, the same operation would take about 2 minutes. If that.
In addition, during this file transfer, Netscape will not work. And everything else has ground to a halt. Even Emacs Lite is straining to keep up as I type this.
I won't bore you with the laundry list of other problems that I've encountered while working on various BSD machines, but suffice it to say there have been many, not the least of which is I've never seen a BSD box that has run faster than its Windows counterpart, despite the BSD machines faster chip architecture. My 486/66 with 8 megs of ram runs faster than this 800 mhz machine at times. From a productivity standpoint, I don't get how people can claim that BSD is a "superior" machine.
BSD addicts, flame me if you'd like, but I'd rather hear some intelligent reasons why anyone would choose to use a BSD over other faster, cheaper, more stable systems.
I don't want to start a holy war here, but what is the deal with you BSD fanatics? I've been sitting here at my freelance gig in front of a BSD box (a PIII 800 w/512 Megs of RAM) for about 20 minutes now while it attempts to copy a 17 Meg file from one folder on the hard drive to another folder. 20 minutes. At home, on my Pentium Pro 200 running NT 4, which by all standards should be a lot slower than this BSD box, the same operation would take about 2 minutes. If that.
In addition, during this file transfer, Netscape will not work. And everything else has ground to a halt. Even Emacs Lite is straining to keep up as I type this.
I won't bore you with the laundry list of other problems that I've encountered while working on various BSD machines, but suffice it to say there have been many, not the least of which is I've never seen a BSD box that has run faster than its Windows counterpart, despite the BSD machines faster chip architecture. My 486/66 with 8 megs of ram runs faster than this 800 mhz machine at times. From a productivity standpoint, I don't get how people can claim that BSD is a "superior" machine.
BSD addicts, flame me if you'd like, but I'd rather hear some intelligent reasons why anyone would choose to use a BSD over other faster, cheaper, more stable systems