Slashdot Mirror
OpenBSD's PF Developers Interview
An anonymous reader writes "ONLamp.com has published a very long interview with 6 OpenBSD's PF developers: Cedric Berger (cedric@), Can Erkin Acar (canacar@), Daniel Hartmeier (dharmei@), Henning Brauer (henning@), Mike Frantzen (frantzen@) and Ryan McBride (mcbride@).
Start reading from the first half and continue with the second part."
Aside from the fact that netcraft said that all these people are dead, there is one thing that bugs me about this interview.
Just like BSD, its all done in parallel!
Post First ?
Didn't it die years ago?
Halfway through I was expecting the interviewer to ask them what their favorite colors and favorite musicians were.
Maybe he did ask. Did anyone make it through the second half?
I have been pwned because my
why pf.conf has to be so fucking cryptic?
or why pfctl is such a poorly documented steaming pile?
-Hector
How quick can be get them into the Iraqi prison system?
Let me know ASAP
Ryan McBride (mcbride@)
Two McBrides involved in two different dead or dying OSes, surely it can't be a coincidence...
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash
Start reading from the first half and continue with the second part.
:P
You must be new here, slashbots actually READING the article?! Having it in two parts just cements the fact that it wont get read
dickcream.com might sound innocent enough, but believe me, it ain't.
/. editors do something about these stomach churning links?
Can't the
Federico: How did you join OpenBSD?
CB: BRAINS!!! I want to EAT YOUR BRAINS!!!
What does PF mean?
PF = Pink Floyd, naw.
PF = Pirst fost, nope.
So what gives?
It is official; Netcraft confirms: *BSD is dying
One more crippling bombshell hit the already beleaguered *BSD community when IDC confirmed that *BSD market share has dropped yet again, now down to less than a fraction of 1 percent of all servers. Coming on the heels of a recent Netcraft survey which plainly states that *BSD has lost more market share, this news serves to reinforce what we've known all along. *BSD is collapsing in complete disarray, as fittingly exemplified by failing dead last [samag.com] in the recent Sys Admin comprehensive networking test.
You don't need to be a Kreskin [amdest.com] to predict *BSD's future. The hand writing is on the wall: *BSD faces a bleak future. In fact there won't be any future at all for *BSD because *BSD is dying. Things are looking very bad for *BSD. As many of us are already aware, *BSD continues to lose market share. Red ink flows like a river of blood.
FreeBSD is the most endangered of them all, having lost 93% of its core developers. The sudden and unpleasant departures of long time FreeBSD developers Jordan Hubbard and Mike Smith only serve to underscore the point more clearly. There can no longer be any doubt: FreeBSD is dying.
Let's keep to the facts and look at the numbers.
OpenBSD leader Theo states that there are 7000 users of OpenBSD. How many users of NetBSD are there? Let's see. The number of OpenBSD versus NetBSD posts on Usenet is roughly in ratio of 5 to 1. Therefore there are about 7000/5 = 1400 NetBSD users. BSD/OS posts on Usenet are about half of the volume of NetBSD posts. Therefore there are about 700 users of BSD/OS. A recent article put FreeBSD at about 80 percent of the *BSD market. Therefore there are (7000+1400+700)*4 = 36400 FreeBSD users. This is consistent with the number of FreeBSD Usenet posts.
Due to the troubles of Walnut Creek, abysmal sales and so on, FreeBSD went out of business and was taken over by BSDI who sell another troubled OS. Now BSDI is also dead, its corpse turned over to yet another charnel house.
All major surveys show that *BSD has steadily declined in market share. *BSD is very sick and its long term survival prospects are very dim. If *BSD is to survive at all it will be among OS dilettante dbblers. *BSD continues to decay. Nothing short of a miracle could save it at this point in time. For all practical purposes, *BSD is dead.
Fact: *BSD is dying
All major surveys show that *BSD has steadily declined in market share. *BSD is very sick and its long term survival prospects are very dim. If *BSD is to survive at all it will be among OS hobbyists, dabblers, and dilettantes. *BSD continues to decay, and nothing short of a miracle could save it at this point in time; for all practical purposes, *BSD is dead.
The record is clear on one thing: no operating system has ever come back from the grave. Efforts to resuscitate *BSD are one step away from spiritualists wishing to communicate with the dead. As the situation grows more desperate for the adherents of this doomed OS, the sorrow takes hold. An unremitting gloom hangs like a death shroud over a once hopeful *BSD community. The hope is gone; a mournful nostalgia has settled in. Now is the end time for *BSD.
I read that T.Deraadt email thread when I first looked at OpenBSD, and my initial impression was that Theo had a real baaaaadddd attitude. I do know for a fact that a lot of the NetBSD folks were upset to see him leave and fork off his own version of the OS, and to lose him as a developer. But in reading his email he obviously has a problem with taking any criticism, and had no problem with jumping down someone's throat with a flamethrower and foul language. Denial, its not just a river in Egypt...
Not that I wouldn't use OpenBSD, or any other operating system that met my technical needs, whatever the personality of the people involved. I've dealt with enough bad attitudes from commercial OS vendors in my years in the industry to be able to deal with it if I have to. It just seems that *BSD has an extra heaping helping of bad attitudes that make commercial vendors look like pikers.
If you *really* read that email thread, you would see the attitude loud and clear. "We don't think that it helps anything for you to tell someone he's a f**khead when he's posting a message trying to help with the OS development." "F**K YOU, *I* want control of the source and if you don't like it I'll fork my own off!"
That's my impression of it... He sounded like an immature little upset kid to me. The development of any of the O.S. OS's is a group effort, and having one person think they have all the answers and have to be the one in control is dead wrong. So, now he *has* control of his own fork of BSD, and lost the ability to maintain many of the various platform ports because he has no developers. Thus, the OpenBSD page says that for a VAX port, for instance, "support can be easily ported over from NetBSD". Why these problems are so prevalent under FreeBSD/OpenBSD/NetBSD remains something of a mystery. These systems seem to be self selective in their attraction to weirdos and big egos.
The split had nothing to do with the quality of his coding work, and everything to do with his nasty attitude towards people... and NOT just the people of NetBSD Core, but other people who were just civilians trying to help out, or looking for help. No wonder BSD has lost.
Posts. Due 7o the
the prisons in Iraq are really being managed by private contractors, who are all GOP campaign contributors.
American servicemen and women are being blamed in order to protect GOP politicos.
Impeach and then convict Bush, Cheney, Rumsfeld.
I see dead people...
One of the coolers things 'bout PF, is that you can add another layer of security to your systems - if you know that you'll never use a Windows box to SSH into your OpenBSD server - you can specifically deny Windows from connecting with a simple PF rule.
It's great of VPN stuff - all of my VPN equipment is OpenBSD - so I just don't allow any packets from any other OS. This mitigates any attack - now my attacker has to have and OpenBSD computer (or at least spoof one)
Moneyed corporations, non-working 'poor' and criminal prisoners are turning productive citizens into tax-slaves.
Look, I'm no queer but that troll link was damn funny. Complete with video and sound. Compared to the lemonparty and its kind, this was art.
[ed. note: in the following text, former FreeBSD developer Mike Smith gives his reasons for abandoning FreeBSD]
When I stood for election to the FreeBSD core team nearly two years ago, many of you will recall that it was after a long series of debates during which I maintained that too much organisation, too many rules and too much formality would be a bad thing for the project.
Today, as I read the latest discussions on the future of the FreeBSD project, I see the same problem; a few new faces and many of the old going over the same tired arguments and suggesting variations on the same worthless schemes. Frankly I'm sick of it.
FreeBSD used to be fun. It used to be about doing things the right way. It used to be something that you could sink your teeth into when the mundane chores of programming for a living got you down. It was something cool and exciting; a way to spend your spare time on an endeavour you loved that was at the same time wholesome and worthwhile.
It's not anymore. It's about bylaws and committees and reports and milestones, telling others what to do and doing what you're told. It's about who can rant the longest or shout the loudest or mislead the most people into a bloc in order to legitimise doing what they think is best. Individuals notwithstanding, the project as a whole has lost track of where it's going, and has instead become obsessed with process and mechanics.
So I'm leaving core. I don't want to feel like I should be "doing something" about a project that has lost interest in having something done for it. I don't have the energy to fight what has clearly become a losing battle; I have a life to live and a job to keep, and I won't achieve any of the goals I personally consider worthwhile if I remain obligated to care for the project.
Discussion
I'm sure that I've offended some people already; I'm sure that by the time I'm done here, I'll have offended more. If you feel a need to play to the crowd in your replies rather than make a sincere effort to address the problems I'm discussing here, please do us the courtesy of playing your politics openly.
From a technical perspective, the project faces a set of challenges that significantly outstrips our ability to deliver. Some of the resources that we need to address these challenges are tied up in the fruitless metadiscussions that have raged since we made the mistake of electing officers. Others have left in disgust, or been driven out by the culture of abuse and distraction that has grown up since then. More may well remain available to recruitment, but while the project is busy infighting our chances for successful outreach are sorely diminished.
There's no simple solution to this. For the project to move forward, one or the other of the warring philosophies must win out; either the project returns to its laid-back roots and gets on with the work, or it transforms into a super-organised engineering project and executes a brilliant plan to deliver what, ultimately, we all know we want.
Whatever path is chosen, whatever balance is struck, the choosing and the striking are the important parts. The current indecision and endless conflict are incompatible with any sort of progress.
Trying to dissect the above is far beyond the scope of any parting shot, no matter how distended. All I can really ask of you all is to let go of the minutiae for a moment and take a look at the big picture. What is the ultimate goal here? How can we get there with as little overhead as possible? How would you like to be treated by your fellow travellers?
Shouts
To the Slashdot "BSD is dying" crowd - big deal. Death is part of the cycle; take a look at your soft, pallid bodies and consider that right this very moment, parts of you are dying. See? It's not so bad.
To the bulk of the FreeBSD committerbase and the developer community at large - keep your eyes on the real goals.
I actually read the article, and although i can't tell you too much about what it means, i can tell you that these guys sound damn smart. I mean DAMN smart.
Hello everyone!
You may know me as the "troll" that posts the "BSD IS DEAD" and all of the "FACTS" to every BSD story on Slashdot. Many people wonder why I do it. The answer is that BSD is detrimental to the open source community.
As a Linux advocate, I have taken upon myself the duty to convince Slashdot readers that BSD is dead and that Linux is the future. If BSD were to gain a bigger marketshare, corporations such as IBM, Oracle, and Sun may be distracted from their interest in Linux.
If you know any BSD users, you must convince them to convert to Linux. These people are slowing down open source developement because developers are distracted from working on Linux programs to make them work with BSD. Imagine how great Gnome/KDE, Mozilla, and Apache would be if the developers didn't have to waste precious time writing code so that it would run on BSD. We need the entire open source community to get behind a single operating system so that developers can focus on achieving our goal, OS dominance.
We can all agree that Microsoft has to go. We cannot allow any other proprietary operating system to take it's place. That narrows it down to the open source operating systems, of which the 2 major options are Linux and BSD. Since Linux already has the larger marketshare, we need to kill off BSD. Once we convert all the BSD developers to Linux, we will have a stronger army. We cannot survive when the open source community has to compete with itself.
So what can you do to help? Easy. Find BSD users and developers and convince them to switch to Linux. Do so by any means necessary. You can start out being nice, but be persistent. Don't give up. In the end, they will thank you for enlightening them.
After we destroy BSD, we will need to focus on a single Linux distribution, Fedora. The other Linux distributions are wasting time and causing confusion. We need everyone to focus on Fedora so that it can be made the best operating system ever!
There can be only one open source operating system. Divided we fall. Together we shall rule.
As a great man once said, "Let us never forget the duty, which we have taken upon ourselves."
Its happened! SCO has pwned OpenBSD!
they suck donkey-wang compared to PF & carp.
I must misunderstand. It almost sounds like you speak of sucking on sweet donkey cock as though it were a bad thing...
I tend to agree. After the first sentence I was lost, so they are either damn smart, or a great job of (que: jon lovitz) acttt-tinggg in the interview.
I did like that os filtering idea.
yes, bsd is died. but rose again from the dead with great power. it's harder to kill the undead. so beware!
i would really like to see a comparison between all of these packet filters with strength and weaknesses and maybe an example of the fliter scripts used for a few common scenerios.
also maybe add in some ebtables+iptables stuff as well
hah but still i'm not dead BWAHAHAHAHAHAHAHAHAHAHA! i am the champion of the world! BWAHAHAHAHAHAHAHA! you linux users are full of insecurities, full of flames. but still you can't match my beloved WINDOWS!!!! BWAHAHAHAHAHAHAHA!
nibble nibble munchkin. the M$FT is so big yes. it controls, controls all. the people they walk by i see their feet though my window. their feet swing by the bars on my window. pretty feet shiny shoes. swish swish. are they going to work? i WILL NOT go to work. M$FT is at work. M$FT controls the pretty feet people. controls their money their futures.
...2.6!!!!!!!!! the M$FT it fears the linux. spreads lies. says the linux comes with no warranty. THE WARRANTY IT IS BAD! it goes into your pores. steals your power. the kernel is good. the kernel will rise and slay the M$FT. when the itching comes i think about the linux. it helps.
i sit and rebuld my kernel. my CPU thrums. the kernel it is the key. we hack the linux yes good. 2.3, 2.4, 2.5,
i hack a driver for my dvd-rom. it does not work. i debug. it does not work. i delete the old source. and start again. i recompile. it does not work. on M$FT the dvd-rom is plug and play. that is how they get you. get behind your eyes. start the itching. so i hack the driver. i hack, we hack: we gnaw. gnaw at the ropes of slavery. the ropes of M$FT. pretty feet people, we will save you.
the itching comes...
pf has been available in ports for quite a while. Although it only works on the 5.x branch, I'm running it as my firewall on an old 166mhz Pentium.
Personally, I find FreeBSD easier to deal with, but that's just me.
Merde, il pleut encore!
authpf allows you to authenticate remote users, and change the firewall rules. And it's all done by ssh'ing in with authpf as the user's shell.
Useful if you want to hide services from the outside world (except for selected users), but you don't want the complexity of ssh tunnels/vpn. (ie: I want to give some people access to my ftp server but hide it from the rest of the world, and not give them vpn access to the whole network)
I use Macs to up my productivity, so up yours Microsoft!
See the man-pages.
In Soviet Washington the swamp drains you.
Problem is that *BSD is worse off than SCO. Most analysts agree that *BSD is dying. The same forces that are killing *BSD are the same ones that hurt SCO. My gut feeling that none of it can be helped. It is a convergence of events over the last few years that is beyond any individual's (or marketings') ability to influence. Some events in the course of history happen as the result of the irresistible pull of fate. The decline and fall of *BSD is just such an event in the history of technology.
Spreading technology, not ideology...
Each time some BSD code is incorporated in a proprietary product the world is likely a better place, you don't want everyone and his dog coding an IP stack, if it was the case it would not be some unpatched windows boxes that would be used as attack launch points, the would be everything from your fridge to your car...
BTW the license does not discourage anything, it just does not make it mandatory. Common sense makes contributing back a good thing, as maintaining a fork is likely more expensive that contributing back your valuable intellectual property would cost you.
The record is clear on one thing: no operating system has ever come back from the grave. Efforts to resuscitate *BSD are one step away from spiritualists wishing to communicate with the dead. As the situation grows more desperate for the adherents of this doomed OS, the sorrow takes hold. An unremitting gloom hangs like a death shroud over a once hopeful *BSD community. The hope is gone; a mournful nostalgia has settled in. Now is the end time for *BSD.
Don't you people understand... It is not possible for Netcraft to gather any statistical data on how many BSD machines are being used, simply because no one is *forced* to make their machine identify as a BSD machine! Quote from : "There are some, even large, companies that use BSD as routers, firewalls and even servers, without people noticing. That is a reason why no one can give current usage statistics for BSD, because no one is forced to say he is using BSD at all, or in which number." http://mirbsd.bsdadvocacy.org/?bsd-intro Drawing conclusions from statistical date without proper knowledge on the subject is Bad Practice..
heh this is slashdot. answer troll replies with troll replies too.
...until pf is ported to run on XP?
www.bsdforums.org
Only the non-pro-BSD comments are modded down, the others are not! WHAT FAGGOTRY!
Before FreeBSD was acquired by BSDI (due to the bankruptcy of Walnut Creek) sales were abysmal. Now BSDI itself is dead. Major marketing surveys show that BSD has steadily declined in market share. BSD is very sick and its long term survival prospects are very dim.
If BSD is to survive at all it will be among hobbyist dilettante dabblers. The reasons behind the death of BSD are many and too sordid to describe in a short article. Suffice it to say, whatever the reasons, BSD is dead.