Hmmmm. ipfw has check-state, setup and established. Yes it does keep track of the state as it does have a state table. To see the state table in ipfw use ipfw -d show. To see the state tables in Linux you can look at the/proc filesystem. Not sure if iptables has an actual option for this. Under one of the/proc directories (can't remember which one) it has the state table of all the connections that the kernel knows about.
Truth is that if you want a secure system shutdown your unused services. Use keywords like setup (ipfw) or NEW (iptables) to keep track of new connections. Log new connections, user -j LOG in iptables, 'log' in ipf and ipfw. Not sure what the syntax is in pf. Lastly use ssh over telnet and ftp and REQUIRE shared keys. Webservers are hard to secure, because of 'stray' or possible badly coded cgi. DNS servers should only be run when necessary, or on the internal lan. Use things like ipsec w/ racoon to secure systems so that connection traffic can be encrypted.
Then use netfilter.. its pretty nice... I'd agree it does change each release. But you can also use the old way still. 2.4.x has all 3 in it so you can pick which one you want to use. So while yes it has changed, it also has more options now (another point of view).
Also both FreeBSD and NetBSD have had for a while ipfilter, which is able to 'keep state'. So they already had stateful filtering. At least that's what I thought the 'keep state' keyword in ipf was supposed to do. In FreeBSD 4.? they introduced ipfirewall or ipfw. FreeBSD 5.0 has ipfw2 which does a great job at keeping state. Just use ipfw -d show and you see what is going through your firewall in the state table. Actual ip:port to ip:port listing. I wish it had something like ipfilters ipfstat -t command.
FreeBSD now has 3 choices as far as stateful packet filtering go, ipfilter, packet filter and ipfirewall. What really needs to be done is metrics on all these to show which is actually better under FreeBSD. Metrics that show performane as well as features. Also ease of understanding.
I don't think so. A friend of mine in CA sued his former employer over a bonus he was owned when he was laid off and got it. AFAIK only management is exempt from this law.
This is a preference thing more than anything else. If you want tcsh on NetBSD cd/usr/pkgsrc/shells/tcsh && make install
I've used csh, sh, tcsh, ksh, and bash. I think at one point I used zsh. I found that tcsh, bash and zsh are usually similarly setup, and allow using the arrow keys and tab completion. History is something that you set up, and in these 3 shells its always been setup for me. In using ksh, csh and sh, my experience was eew eew eew, but that is just me. I was used to bash at that point. Bash can be a hog or so I am told. I never measured, ub tit does a lot and it is probably not something you'd want if you were building a flopy based distro. Tcsh is not that bad, and can be added nowadays to just about any UNIX platform. Zsh is supposedly better, but I never used it enough to know if it truely was.
If you are going to do shell scripting then I'd suggest sh for shell scripting. Of course you can write scripts in sh and use tcsh or any other shell if you know what you are doing. Uisng sh for scripting is more portable than perl, tcsh, ksh or bash, as sh is going to be on all modern unix systems. Perl may be on all systems, but don't rely on it. Csh does not allow shell functions, which are kinda handy. Ksh is Suns shell (I think) and I know it is not available on every platforms.
What do you prefer to use that is the real question. Personally I can make just about any shell work for me if I have to....
at least the programmer(s) should offer a workaround.. if it is a bug..
Being someone who has written open source software and had people file bugs, I do fix them, if they are bugs. If they are feature requests or something that does not work the way that they expect, I then would usually discuss either the workaround, or a fix.
As someone who has filed bugs at bugzilla and redhat, I can see the issue they face. I have seen a few "bugs" that are just bad design rather than bugs.
One example of this is the whole password changeing / password manager in Mozilla. As of Mozilla 1.2 there is no where to "change" passwords. You must delete the password from the profile and then go to the web site and have it add it back to the profile. The mail application also has the same problem. This is just a bad design, and not a "bug". Hey UNIX has a passwd command, windows has ways of changing passwords, mac does to, its pretty much a standard that you CHANGE your password, instead of delete and re-add. Yes this is what most software is doing behind the scenes, but from the UI it does not look like that. This issue was filed by someone and somehow it got related to another bug that I filed, which is how I know about it. There was a heated debate in this bug and I keep getting email about it so I chimed in at the comment of 'well how should it work?'. I then said hmm I'll explain what I see in Outlook mail and let them go from there.
Typically my reaction to bugs has never been 'I'll stop using the software' or a 'fix it or else', but I have debated that something is or is not a bug. Not really a debate, as more of an explaination of why I think this is really a bug and am not just a wining pia. I also try to find a workaround if there is one, or if I find a workaround on my own, I try to update the bug report with my woraround.
Something that open source developers should thing about. 1) Major software companies do fix bugs. Especially if it is accounting software and there is an accounting glitch. 2) Bugs also have priorities. In the one that I mentioned above, I'd think that the 'bug / bad design' is a very low priority. There is a workaround (delete / re-add). 3) If your making software and you want people to use it then do you want to be making buggy software that people hate to use? Even Microsoft realizes that software must improve over time and Win XP is much better than Win98 (even though there are a few things they could have left out).
Lastly, I fix bugs for a living. Just yesterday I stomed out this huge spider (LOL), no seriously... I fix software bugs for a living. When there is a bug in my code, I want to fix it. To me, 'my code is my art'.
I think that one thing people are missing is that in a real FreeBSD system the/bin and/sbin contain static executables. Thus they are larger because all the code in 'in there'. In miniBSD all the programs are shared executables.
This thread, if you read all of it, suggests that a new BSD would be a little to much and that it may be better for it to be part of FreeBSD as either an option or a seperate script.
If you read the miniBSD there are scripts that do the coping for files from the real system to the directory that is going to be the compact flash directory. He starts out by telling the user to make world, which essentially tells people to build the system from the gound up. Also making sure to make NO static binaries. On most systems you may want static binaries, in case the system had an improper shutdown.If sh is shared and the shared libs are in/usr/lib (where they are on FreeBSD) then you would not be able to run sh if you could not mount/usr. In his scenerio it is a compact flash card that is being used and it is mounted read only ALL the time. If you do this to your system then you could cut down the size of the system.
Also there is pam to think about. My FreeBSD 4.7 system has pam on by default. He does not mention this. So when I used his mklibs.pl script it did not get the pam libs and the system was pretty hosed.
Oh and I have managed to cut FreeBSD down to about 72Megs with sshd running and bind 9, ipsec, and ipfw2, natd, and console access. Still I am looking at how to cut down more and still not loose functionality.
I think the real solution would be a project in the ports that would allow an automated minibsd system to be built. i.e. run script x and make a few choices and it builds the system for you. Options could be include sshd, include bind 8 or 9, include perl or not and get your customizish system that way.
Then you'd have to figure out how to scale down NetBSD to fit in uClinux space. Not sure what that is. But the miniFreeBSD would tell you pretty much what files you could keep at a minimum. It wouldn't help much with the/etc dir as NetBSD and FreeBSD/etc are slightly different.
Yes, and sun has them they are called the Sun Ray. More about them here. They are priced at 525 you add keyboard, video, mouse, and end user;-)
http://store.sun.com/catalog/doc/BrowsePage.jhtml? catid=40767
I actually got to use them at the benchmarking center and you could not tell they were not running x native (IMHO). Well this is not a Linux solution it is an X / Unix solution and the Sun Ray may even work with a Linux X server. Something to look at at least.
No joke, just yesterday my roommate told me of how his ibook saved the say. Here goes...
He was at his church trying to use thier windows pc to print the church budget for a meeting. Windows kept giving him the error message that 'either the printer is off or the port is disconnected.' Well it wasn't. It was hooked up and it is usb. My roommate after several tried gave up and hooked the usb cord for the printer up to his ibook. The ibook recgonized the printer, and he was able to print. He was so happy as there was no software installation nothing. Just plug in USB and print.
Now before the mac haters or basher start I wil lsay this. Mac is missing a few things, like drivers for certain hardware. However the hardware that it does have drivers for works easily in my experience. Apple has done a wonderful job with their OS X and if windows was 1/2 as good we would not need as many desktop 'PC = personal computer' (which includes macs) admins. Yes some people would be out of jobs. I now do 0 admin on his machine whereas windows I was was doing lots of debugging because this or that did not work. I love mac's cause that have literally made MY life easeier. Your experience may vary, but I love the macs,a nd as soon as I can afford a powerbook, I'm getting one....
I would probably look at using picogui as it is designed for small embeded devices. Probably that and Linux. It would require some work I'd imagine, but teh end may be a usable computer.
... that says that they wont sue cause of your use of Linux.. I really think this claim is laim, but it's managment and mangement often thinks of bizare things.
We have clauses in our contracts that say that we are not responsible for clients data. If it get screwed up because of a batch job that is ours, they should taken a backup. While it may be our fault, it's software things like that happen.
yup.. an apple a day keeps the doctor away;-) (LOL)
No kidding though, my roommate got an apple and now I don't have any of the computer issues I have when he uses windows. Hell I don't hear him complain at all except that the wireless conneciton is slow, and I tell him to use the lan cause it is much faster;-).
Didn't they start out as 'super humans' and end up hating us 'none superhumans' and want to take over the world, cause they were better?
Yeah it was science fiction, but the point to science fiction is often to teach us lessons, and in this case the lesson is, just becuase we can do this doesn't mean we should.
they owe him whatever it takes to restore it to its previous state
NOT TRUE. It really depends on their terms of usage agreement or whatever they call that contract. If they have a clause in their contract that says that they are not responisble for damage caused to 3rd party modems by their system then they have essentially covered their butts, and he is screwed out of a modem. Their giving him a rental while he uses their service is probably all he can get.
Do read the fine print and all when getting internet access.
NetBSD's ports patches most software as there are a few things that are specific to NetBSD. Just do a make install and watch it say 'patching...'. Minor things like LD_LIBRARY_PATH and things that if configure is not set up for then it wont find (not sure what their patches do). FreeBSD does the same thing. RedHat can't ship a default kernel they have to ship their own kernel. So what's the point? In order for any vendor to ship apache or any other software they usually have patches applied. This is because the way apache is setup to do things and the way that the vendors setup things is different. To get update and things you have to pretty much wait till they are ready to update the software.
Solution: You want a virgin apache, download the source from apache.org and compile and install yourself. Pass configure the options you want. It's really not that hard.... Is this really worthy news?
Was it an 'automatic update' or did you download it an update your modem yourself?
Why didn't they supply you with the modem in the first place?
My DSl ISP sent me the DSL modem and I just hooked it up and was online and I have to manually update it.
If they sent you a signel it is their fault if it friend your modem. If you downloaded an update that fried your modem your screwed. It sounds like it could be their fault though, and it sounds like their compensation is a rental. You may be able to accuse them of purposely destroying your modem so that you would have to use the rental, but that would only be valid if they are making you pay extra for the rental.
I did not mention ssh, so I have no idea where you got that.. must be your meds..serial console is NOT ssh.. it is a serial cable hooked up to a serial port that if your system supports it it can redirect the output from the system to the serial port.. thus rather than having a vga card you have a serial cable that you hook up to a seperate computer and using a program like minicom or hyperterminal you see the system boot up. I do this with my server at home.. this is not ssh.. it is serail access..
As far as the bios settings go, Sun, HP and most none intel systems also output by default ALL the bios crap to the serial console.. that's what they do.. there are add in cards for intel machines that can also show the bios settings as well and allow one to change them..
so eht, where you got ssh from serial console is just beyond me???? unless you were either replying to another post, or you are just a plain confused..
I have my server at home set up this way and it runs FreeBSD. Most UNIX's do this very well. Not sure about windows, but I did not see that as being a requirement There are also add in cards that can handle the display for the bios.
Then you can bring a laptop and a null modem cable to the colo and your hooked up.
If so you could use servlets and jsp or asp (eew) and then they would just open a web browser and go to the necessary site. This would mean that they would need internet connectivity, or a wireless network or something. This may be feasable.
Slashdot Mirror
Truth is that if you want a secure system shutdown your unused services. Use keywords like setup (ipfw) or NEW (iptables) to keep track of new connections. Log new connections, user -j LOG in iptables, 'log' in ipf and ipfw. Not sure what the syntax is in pf. Lastly use ssh over telnet and ftp and REQUIRE shared keys. Webservers are hard to secure, because of 'stray' or possible badly coded cgi. DNS servers should only be run when necessary, or on the internal lan. Use things like ipsec w/ racoon to secure systems so that connection traffic can be encrypted.
Also both FreeBSD and NetBSD have had for a while ipfilter, which is able to 'keep state'. So they already had stateful filtering. At least that's what I thought the 'keep state' keyword in ipf was supposed to do. In FreeBSD 4.? they introduced ipfirewall or ipfw. FreeBSD 5.0 has ipfw2 which does a great job at keeping state. Just use ipfw -d show and you see what is going through your firewall in the state table. Actual ip:port to ip:port listing. I wish it had something like ipfilters ipfstat -t command.
FreeBSD now has 3 choices as far as stateful packet filtering go, ipfilter, packet filter and ipfirewall. What really needs to be done is metrics on all these to show which is actually better under FreeBSD. Metrics that show performane as well as features. Also ease of understanding.
I don't think so. A friend of mine in CA sued his former employer over a bonus he was owned when he was laid off and got it. AFAIK only management is exempt from this law.
This is a preference thing more than anything else. If you want tcsh on NetBSD cd /usr/pkgsrc/shells/tcsh && make install
I've used csh, sh, tcsh, ksh, and bash. I think at one point I used zsh. I found that tcsh, bash and zsh are usually similarly setup, and allow using the arrow keys and tab completion. History is something that you set up, and in these 3 shells its always been setup for me. In using ksh, csh and sh, my experience was eew eew eew, but that is just me. I was used to bash at that point. Bash can be a hog or so I am told. I never measured, ub tit does a lot and it is probably not something you'd want if you were building a flopy based distro. Tcsh is not that bad, and can be added nowadays to just about any UNIX platform. Zsh is supposedly better, but I never used it enough to know if it truely was.
If you are going to do shell scripting then I'd suggest sh for shell scripting. Of course you can write scripts in sh and use tcsh or any other shell if you know what you are doing. Uisng sh for scripting is more portable than perl, tcsh, ksh or bash, as sh is going to be on all modern unix systems. Perl may be on all systems, but don't rely on it. Csh does not allow shell functions, which are kinda handy. Ksh is Suns shell (I think) and I know it is not available on every platforms.
What do you prefer to use that is the real question. Personally I can make just about any shell work for me if I have to....
Being someone who has written open source software and had people file bugs, I do fix them, if they are bugs. If they are feature requests or something that does not work the way that they expect, I then would usually discuss either the workaround, or a fix.
As someone who has filed bugs at bugzilla and redhat, I can see the issue they face. I have seen a few "bugs" that are just bad design rather than bugs.
One example of this is the whole password changeing / password manager in Mozilla. As of Mozilla 1.2 there is no where to "change" passwords. You must delete the password from the profile and then go to the web site and have it add it back to the profile. The mail application also has the same problem. This is just a bad design, and not a "bug". Hey UNIX has a passwd command, windows has ways of changing passwords, mac does to, its pretty much a standard that you CHANGE your password, instead of delete and re-add. Yes this is what most software is doing behind the scenes, but from the UI it does not look like that. This issue was filed by someone and somehow it got related to another bug that I filed, which is how I know about it. There was a heated debate in this bug and I keep getting email about it so I chimed in at the comment of 'well how should it work?'. I then said hmm I'll explain what I see in Outlook mail and let them go from there.
Typically my reaction to bugs has never been 'I'll stop using the software' or a 'fix it or else', but I have debated that something is or is not a bug. Not really a debate, as more of an explaination of why I think this is really a bug and am not just a wining pia. I also try to find a workaround if there is one, or if I find a workaround on my own, I try to update the bug report with my woraround.
Something that open source developers should thing about. 1) Major software companies do fix bugs. Especially if it is accounting software and there is an accounting glitch. 2) Bugs also have priorities. In the one that I mentioned above, I'd think that the 'bug / bad design' is a very low priority. There is a workaround (delete / re-add). 3) If your making software and you want people to use it then do you want to be making buggy software that people hate to use? Even Microsoft realizes that software must improve over time and Win XP is much better than Win98 (even though there are a few things they could have left out).
Lastly, I fix bugs for a living. Just yesterday I stomed out this huge spider (LOL), no seriously... I fix software bugs for a living. When there is a bug in my code, I want to fix it. To me, 'my code is my art'.
This thread, if you read all of it, suggests that a new BSD would be a little to much and that it may be better for it to be part of FreeBSD as either an option or a seperate script.
If you read the miniBSD there are scripts that do the coping for files from the real system to the directory that is going to be the compact flash directory. He starts out by telling the user to make world, which essentially tells people to build the system from the gound up. Also making sure to make NO static binaries. On most systems you may want static binaries, in case the system had an improper shutdown.If sh is shared and the shared libs are in /usr/lib (where they are on FreeBSD) then you would not be able to run sh if you could not mount /usr. In his scenerio it is a compact flash card that is being used and it is mounted read only ALL the time. If you do this to your system then you could cut down the size of the system.
Also there is pam to think about. My FreeBSD 4.7 system has pam on by default. He does not mention this. So when I used his mklibs.pl script it did not get the pam libs and the system was pretty hosed.
Oh and I have managed to cut FreeBSD down to about 72Megs with sshd running and bind 9, ipsec, and ipfw2, natd, and console access. Still I am looking at how to cut down more and still not loose functionality.
I think the real solution would be a project in the ports that would allow an automated minibsd system to be built. i.e. run script x and make a few choices and it builds the system for you. Options could be include sshd, include bind 8 or 9, include perl or not and get your customizish system that way.
Then you'd have to figure out how to scale down NetBSD to fit in uClinux space. Not sure what that is. But the miniFreeBSD would tell you pretty much what files you could keep at a minimum. It wouldn't help much with the /etc dir as NetBSD and FreeBSD /etc are slightly different.
they make great doorstops.. ;-)
I actually got to use them at the benchmarking center and you could not tell they were not running x native (IMHO). Well this is not a Linux solution it is an X / Unix solution and the Sun Ray may even work with a Linux X server. Something to look at at least.
He was at his church trying to use thier windows pc to print the church budget for a meeting. Windows kept giving him the error message that 'either the printer is off or the port is disconnected.' Well it wasn't. It was hooked up and it is usb. My roommate after several tried gave up and hooked the usb cord for the printer up to his ibook. The ibook recgonized the printer, and he was able to print. He was so happy as there was no software installation nothing. Just plug in USB and print.
Now before the mac haters or basher start I wil lsay this. Mac is missing a few things, like drivers for certain hardware. However the hardware that it does have drivers for works easily in my experience. Apple has done a wonderful job with their OS X and if windows was 1/2 as good we would not need as many desktop 'PC = personal computer' (which includes macs) admins. Yes some people would be out of jobs. I now do 0 admin on his machine whereas windows I was was doing lots of debugging because this or that did not work. I love mac's cause that have literally made MY life easeier. Your experience may vary, but I love the macs,a nd as soon as I can afford a powerbook, I'm getting one....
I would probably look at using picogui as it is designed for small embeded devices. Probably that and Linux. It would require some work I'd imagine, but teh end may be a usable computer.
ROTFLOL... he said he had 2 Megs of RAM, windows 95 wont run on that. I don't even think it would install on that. Windows 3.1 maybe.
We have clauses in our contracts that say that we are not responsible for clients data. If it get screwed up because of a batch job that is ours, they should taken a backup. While it may be our fault, it's software things like that happen.
Yes it is possible to run the Linux jvms under FreeBSD as well as NetBSD. Look at the ports, both OS's have ports of the JVM's.
Also the 1.4.1 JVM has been ported from linux blackdown project to FreeBSD.
Below is the story ...
http://bsd.slashdot.org/article.pl?sid=03/03/07/ 1458220
No kidding though, my roommate got an apple and now I don't have any of the computer issues I have when he uses windows. Hell I don't hear him complain at all except that the wireless conneciton is slow, and I tell him to use the lan cause it is much faster ;-).
Didn't they start out as 'super humans' and end up hating us 'none superhumans' and want to take over the world, cause they were better?
Yeah it was science fiction, but the point to science fiction is often to teach us lessons, and in this case the lesson is, just becuase we can do this doesn't mean we should.
NOT TRUE. It really depends on their terms of usage agreement or whatever they call that contract. If they have a clause in their contract that says that they are not responisble for damage caused to 3rd party modems by their system then they have essentially covered their butts, and he is screwed out of a modem. Their giving him a rental while he uses their service is probably all he can get.
Do read the fine print and all when getting internet access.
NetBSD's ports patches most software as there are a few things that are specific to NetBSD. Just do a make install and watch it say 'patching...'. Minor things like LD_LIBRARY_PATH and things that if configure is not set up for then it wont find (not sure what their patches do). FreeBSD does the same thing. RedHat can't ship a default kernel they have to ship their own kernel. So what's the point? In order for any vendor to ship apache or any other software they usually have patches applied. This is because the way apache is setup to do things and the way that the vendors setup things is different. To get update and things you have to pretty much wait till they are ready to update the software.
Solution: You want a virgin apache, download the source from apache.org and compile and install yourself. Pass configure the options you want. It's really not that hard.... Is this really worthy news?
Was it an 'automatic update' or did you download it an update your modem yourself?
Why didn't they supply you with the modem in the first place?
My DSl ISP sent me the DSL modem and I just hooked it up and was online and I have to manually update it.
If they sent you a signel it is their fault if it friend your modem. If you downloaded an update that fried your modem your screwed. It sounds like it could be their fault though, and it sounds like their compensation is a rental. You may be able to accuse them of purposely destroying your modem so that you would have to use the rental, but that would only be valid if they are making you pay extra for the rental.
isn't that an oxymoron like "army intelligence"?
As far as the bios settings go, Sun, HP and most none intel systems also output by default ALL the bios crap to the serial console.. that's what they do.. there are add in cards for intel machines that can also show the bios settings as well and allow one to change them..
so eht, where you got ssh from serial console is just beyond me???? unless you were either replying to another post, or you are just a plain confused..
I have my server at home set up this way and it runs FreeBSD. Most UNIX's do this very well. Not sure about windows, but I did not see that as being a requirement There are also add in cards that can handle the display for the bios.
Then you can bring a laptop and a null modem cable to the colo and your hooked up.
something is missing...
If so you could use servlets and jsp or asp (eew) and then they would just open a web browser and go to the necessary site. This would mean that they would need internet connectivity, or a wireless network or something. This may be feasable.
both allow you to turn on their spam elimitaion software. I use it it does help, but its not enough IMHO. I like yahoo's block user setup.