Cisco (and probably several others) have done this by default for many many moons now. By way of practical demonstration, notice that equal weight routes load balance per flow, not per packet. What it allows is subsequent routing decisions to be offloaded from a route processor down to the asics on the card level. And don't try to turn CEF off on a layer 3 switch - even a lightly loaded one - unless you want your throughput to resemble 56k.
Just for clarification, the Virginia Department of Health Professionals is not the same agency as the Virginia Department of Health.
Each Virginia agency is its own little independent IT fiefdom, with all the disparity of budget and clue that entails. At least until their IT is taken over by Northrop Grumman, which is another clusterfuck entirely...
> The other half is trying to put aside your differences and making an attempt to work with the person in power.
Double-speak at its finest. Congratulations.
The other half is most assuredly not putting aside your differences. The system of checks and balances was designed specifically to avoid the very stifling of debate and trampling of dissent your pat euphemism advocates.
It is the responsibility of those holding differences to give voice to them, the responsibility of those holding power to listen, and the responsibility of both seek compromise. That may not be how a bureaucracy operates, nor the military, nor a business. But it is how a democratic political system operates, and it is imperative to the health of such a system to recognize that distinction. To expect dissenters to roll over in with the justification of working with the person in power is a delusional hubris, both dangerous and unpatriotic.
The darkest periods of American history share the common theme of the system of checks and balances faltering, either because those without power fail to stand up or those in power fail to listen.
Only... The US government did NOT develop SELinux. A company named Secure Computing was contracted by the NSA to add aspects of their SecureOS (which runs their Sidewinder firewalls) to Linux.
Good point. Checkpoint and ISA have had exactly those kinds of problems. However - and I'm not trying to sell koolaid here - the Sidewinder does a very good job when it comes to this. The reason is that the underlying OS isn't some patched up commodity OS such as Windows or Solaris. The OS underlying the Sidewinder, while based upon BSD/OS, has been custom developed with true Trusted Computing elements such as network stack cloning, filesystem ACLs, mandatory access controls, etc. So, though you may still be able to target a vulnerability in a particular proxy, you can't actually exploit the vulnerability to elevate system privileges or network access. About the worst you can do is cause a DoS of that particular proxy.
Downside to the Sidewinder is the gui sucks. But if you have the wherewithall to learn the convoluted syntax, you can do anything at the command line that you can do in the gui.
Other problems with application layer firewalls is that they can be slow. Not only do they have to de-encapsulate, inspect, and re-assemble traffic through all seven layers (vs. 3 or 4 for a packet filtering firewall), they have to do it in software since the nature of the work doesn't lend itself to being offloaded to ASICs. Furthermore, because they don't run on ASICs, you will have to deal with the same hardware failure issues typical to any "server".
It also doesn't help that Sun requires a very substantial "donation" for permitting a binary jdk distribution. The FreeBSD Foundation had to pony up major bucks for this to happen. Red Hat, et al, ponied up to Sun for a Linux binary jdk a long before FreeBSD did.
...the settlement happened between BSD 4.3 and 4.4.
The settlement happened between BSD 4.4 and BSD 4.4-LITE
...the whole reason BSD won is that they had rewritten all of the code
The reason BSD "won" is because UC-Berkeley countersued on the basis that large chunks of BSD were incorporated in System V with stripped copyrights and without fulfilling the requirements of the advertising clause. The judge suggested that ATT didn't have a case, and Berkeley did. Meanwhile, Novell bought UNIX and chose to wash its hands of the whole matter, hence the settlement.
EU company has idea, and creates software. US company takes idea and patents it. EU company tries to sell software in US. US company sues the snot out of EU company.
I'm not defending software patents, merely pointing out that software patents exist, even if they don't exist everywhere.
The law ammends 3 sections. You only looked at the ammendments to section 219a.
The following is excerpted from the ammendments to section 540c:
Sec. 540c.
(1) A person shall not assemble, develop, manufacture, possess, deliver, offer to deliver, or advertise an unlawful telecommunications access device or assemble, develop, manufacture, possess, deliver, offer to deliver, or advertise a telecommunications device intending to use those devices or to allow the devices to be used to do any of the following or knowing or having reason to know that the devices are intended to be used to do any of the following:
...
(b) Conceal the existence or place of origin or destination of any telecommunications service.
"We've been looking at this for months. Every time we turn over a stone, there's something there," McBride said. "If you pull down (Mac) OS X you'll see a lot of copyright postings that point back to Unix Systems Laboratories, which is what we hold."
The University's suit claimed that USL had failed in their obligation to provide due credit to the University for the use of BSD code in System V as required by the license that they had signed with the University. If the claim were found to be valid, the University asked that USL be forced to reprint all their documentation with the appropriate due credit added, to notify all their licensees of their oversight, and to run full-page advertisements in major publications such as The Wall Street Journal and Fortune magazine notifying the business world of their inadvertent oversight.
...
The result was that three files were removed from the 18,000 that made up [BSD 4.4] Networking Release 2, and a number of minor changes were made to other files. In addition, the University agreed to add USL copyrights to about 70 files, although those files continued to be freely redistributed.
...
The lawsuit settlement also stipulated that USL would not sue any organization using 4.4BSD-Lite as the base for their system.
So, in other words, Mr. McBride - PPPPHHHTTTT!!
Oh, and might want to make sure you are providing due credit to the University of California at Berkeley before you cast the first stone, eh?
No worries. Any code derived from BSD4.4-Lite (e.g., FreeBSD) is indemnified of any SystemV-related intellectual property claims, as per the settlement between Novell and BSDI/UC-Berkeley of the infamous lawsuit begun by AT&T. This is the same SystemV intellectual property that SCO is waving around.
How is this rant any different from the rants on EQVault circa 1999? Same shit, different year. But here you are almost THREE YEARS LATER ranting about the same stuff most of us already quit playing over long long ago.
Don't get me wrong, I'm all for proprietary add-on software(desktop/server apps, games etc) for linux
Yeah, the BSD license is so very proprietary. So proprietary, in fact, that you can take BSD-licensed code, modify it, and release the result under GPL. Doesn't get much more non-free than that.
Sheesh, the GPL zealots never fail to astound me...
Use the RELENG_4_6 tag in your cvsup file to stay on the 4.6-release branch, of which 4.6.2-release is a part.
Be sure to check out Chapter 20 of the FreeBSD Handbook, especially the sections on Synchronizing Your Source and Using make world. Also read the top of/usr/src/Makefile
The real trick is going to be doing the upgrade to a remote server. Since you can't really drop to single user mode you'll have to do the installworld, installkernel, and mergemaster on a live system. Make sure your kern.securelevel is at -1 for that (you can always raise it back up afterwards). You may even want to go through the process on a spare box in front of you before attempting to do so remotely.
Thats why Raal should GPL the source; that scenario would not be possible without M$ being forced to free the source to Mafia Player, which they will never do.
Um, no.
Perhaps you didn't read all the bits about reverse-engineering-from-data-streams. So what if the code that originally produces the data streams is GPL'd? The GPL won't matter if the new code isn't based on the GPL code, even if both sets of code do the exact same thing. Or are you a fan of AT&T's failed "brain-tainting" argument?
Being well educated has nothing to do with being computer savvy.
Go to almost any college or university, and 90% of the professors will be using Macs. Why? Because they may be geniuses of their own subspecialty of a specific area of a particular division of their field, but otherwise they are mostly morons with all the computer sense of pocket lint. Even then Macs are too complicated for them, and they end up asking their secretary dozens of times a day how to perform the same simple actions that have been explained to them countless times before. Well educated? Yes. Computer savvy? Forget it.
Of course this is just based on anecdotal evidence, not any sort of scientific study. Heh...
Re:I wonder what happened to FreeBSD 5.0
on
FreeBSD 4.6
·
· Score: 1
Boy, I hope they finish soon so I do not have to spend a lot of money buying the cd's.
FreeBSD 5.0 will most likely be out late November or early December, at which point the 4-cd set will most likely cost $39.95 from freebsdmall.com, $39.50 from bsdmall.com.
Downloading the installation cd, which is all you really need, is (obviously) less than 650M. But buying the cd's helps the FreeBSD project, and really isn't that expensive.
Re:software for BSD
on
FreeBSD 4.6
·
· Score: 4, Informative
# cd/usr/ports/emulators/linux_base
# make install
# echo 'linux_enable="YES"' >>/etc/rc.conf
Note that if you choose linux binary compatibility during installation, the above is done for you.
For some things (vmware) you may need to add linprocfs to/etc/fstab.
linux_base comes with rpm, et al. Rarely, you may need to copy some shared libraries from a linux box to the the appropriate directories under/usr/compat/linux/
Really, its easy. The FreeBSD handbook does a good job of explaining.
Slashdot Mirror
Yippee.
Cisco (and probably several others) have done this by default for many many moons now. By way of practical demonstration, notice that equal weight routes load balance per flow, not per packet. What it allows is subsequent routing decisions to be offloaded from a route processor down to the asics on the card level. And don't try to turn CEF off on a layer 3 switch - even a lightly loaded one - unless you want your throughput to resemble 56k.
Just for clarification, the Virginia Department of Health Professionals is not the same agency as the Virginia Department of Health.
Each Virginia agency is its own little independent IT fiefdom, with all the disparity of budget and clue that entails. At least until their IT is taken over by Northrop Grumman, which is another clusterfuck entirely...
> The other half is trying to put aside your differences and making an attempt to work with the person in power.
Double-speak at its finest. Congratulations.
The other half is most assuredly not putting aside your differences. The system of checks and balances was designed specifically to avoid the very stifling of debate and trampling of dissent your pat euphemism advocates.
It is the responsibility of those holding differences to give voice to them, the responsibility of those holding power to listen, and the responsibility of both seek compromise. That may not be how a bureaucracy operates, nor the military, nor a business. But it is how a democratic political system operates, and it is imperative to the health of such a system to recognize that distinction. To expect dissenters to roll over in with the justification of working with the person in power is a delusional hubris, both dangerous and unpatriotic.
The darkest periods of American history share the common theme of the system of checks and balances faltering, either because those without power fail to stand up or those in power fail to listen.
Only... The US government did NOT develop SELinux. A company named Secure Computing was contracted by the NSA to add aspects of their SecureOS (which runs their Sidewinder firewalls) to Linux.
natd is userland, but You do have to re-compile the kernel to get divert sockets.
pf is not the default filter, but it is in the ports tree and only a pkg_add or make install away.
Good point. Checkpoint and ISA have had exactly those kinds of problems. However - and I'm not trying to sell koolaid here - the Sidewinder does a very good job when it comes to this. The reason is that the underlying OS isn't some patched up commodity OS such as Windows or Solaris. The OS underlying the Sidewinder, while based upon BSD/OS, has been custom developed with true Trusted Computing elements such as network stack cloning, filesystem ACLs, mandatory access controls, etc. So, though you may still be able to target a vulnerability in a particular proxy, you can't actually exploit the vulnerability to elevate system privileges or network access. About the worst you can do is cause a DoS of that particular proxy.
Downside to the Sidewinder is the gui sucks. But if you have the wherewithall to learn the convoluted syntax, you can do anything at the command line that you can do in the gui.
Other problems with application layer firewalls is that they can be slow. Not only do they have to de-encapsulate, inspect, and re-assemble traffic through all seven layers (vs. 3 or 4 for a packet filtering firewall), they have to do it in software since the nature of the work doesn't lend itself to being offloaded to ASICs. Furthermore, because they don't run on ASICs, you will have to deal with the same hardware failure issues typical to any "server".
It also doesn't help that Sun requires a very substantial "donation" for permitting a binary jdk distribution. The FreeBSD Foundation had to pony up major bucks for this to happen. Red Hat, et al, ponied up to Sun for a Linux binary jdk a long before FreeBSD did.
Just a couple corrections:
The settlement happened between BSD 4.4 and BSD 4.4-LITE
The reason BSD "won" is because UC-Berkeley countersued on the basis that large chunks of BSD were incorporated in System V with stripped copyrights and without fulfilling the requirements of the advertising clause. The judge suggested that ATT didn't have a case, and Berkeley did. Meanwhile, Novell bought UNIX and chose to wash its hands of the whole matter, hence the settlement.
EU company has idea, and creates software.
US company takes idea and patents it.
EU company tries to sell software in US.
US company sues the snot out of EU company.
I'm not defending software patents, merely pointing out that software patents exist, even if they don't exist everywhere.
http://www.merit.edu/mail.archives/nanog/2003-03/
Maybe APNIC shouldn't be so picky about its allocations, hm?
From today means for HEAD (aka "-current") from April 20th onward.
RELENG_5_0 is only for security fixes, and will not include this change.
Eventually, when RELENG_5_1_0_RELEASE is tagged, it will include this change.
Learning how to think is more important than learning how to do.
From the CNET story:
From Twenty Years of Berkeley Unix by Marshall Kirk McKusick:
- The University's suit claimed that USL had failed in their obligation to provide due credit to the University for the use of BSD code in System V as required by the license that they had signed with the University. If the claim were found to be valid, the University asked that USL be forced to reprint all their documentation with the appropriate due credit added, to notify all their licensees of their oversight, and to run full-page advertisements in major publications such as The Wall Street Journal and Fortune magazine notifying the business world of their inadvertent oversight.
So, in other words, Mr. McBride - PPPPHHHTTTT!!...
The result was that three files were removed from the 18,000 that made up [BSD 4.4] Networking Release 2, and a number of minor changes were made to other files. In addition, the University agreed to add USL copyrights to about 70 files, although those files continued to be freely redistributed.
...
The lawsuit settlement also stipulated that USL would not sue any organization using 4.4BSD-Lite as the base for their system.
Oh, and might want to make sure you are providing due credit to the University of California at Berkeley before you cast the first stone, eh?
No worries. Any code derived from BSD4.4-Lite (e.g., FreeBSD) is indemnified of any SystemV-related intellectual property claims, as per the settlement between Novell and BSDI/UC-Berkeley of the infamous lawsuit begun by AT&T. This is the same SystemV intellectual property that SCO is waving around.
How is this rant any different from the rants on EQVault circa 1999? Same shit, different year. But here you are almost THREE YEARS LATER ranting about the same stuff most of us already quit playing over long long ago.
Is this a worthy principled stand, or is it more like Kruschev banging his shoe in the UN? Will this help or hurt Apple's adoption of GPL technology?
None of the above. GNU-Darwin is not Darwin, Apple, or even BSD. GNU-Darwin is completely irrelevant.
Don't get me wrong, I'm all for proprietary add-on software(desktop/server apps, games etc) for linux
Yeah, the BSD license is so very proprietary. So proprietary, in fact, that you can take BSD-licensed code, modify it, and release the result under GPL. Doesn't get much more non-free than that.
Sheesh, the GPL zealots never fail to astound me...
man burncd
Naim: http://site.rpi-acm.org/info/naim/
Use the RELENG_4_6 tag in your cvsup file to stay on the 4.6-release branch, of which 4.6.2-release is a part.
Be sure to check out Chapter 20 of the FreeBSD Handbook, especially the sections on Synchronizing Your Source and Using make world. Also read the top of
The real trick is going to be doing the upgrade to a remote server. Since you can't really drop to single user mode you'll have to do the installworld, installkernel, and mergemaster on a live system. Make sure your kern.securelevel is at -1 for that (you can always raise it back up afterwards). You may even want to go through the process on a spare box in front of you before attempting to do so remotely.
Thats why Raal should GPL the source; that scenario would not be possible without M$ being forced to free the source to Mafia Player, which they will never do.
Um, no.
Perhaps you didn't read all the bits about reverse-engineering-from-data-streams. So what if the code that originally produces the data streams is GPL'd? The GPL won't matter if the new code isn't based on the GPL code, even if both sets of code do the exact same thing. Or are you a fan of AT&T's failed "brain-tainting" argument?
Being well educated has nothing to do with being computer savvy.
Go to almost any college or university, and 90% of the professors will be using Macs. Why? Because they may be geniuses of their own subspecialty of a specific area of a particular division of their field, but otherwise they are mostly morons with all the computer sense of pocket lint. Even then Macs are too complicated for them, and they end up asking their secretary dozens of times a day how to perform the same simple actions that have been explained to them countless times before. Well educated? Yes. Computer savvy? Forget it.
Of course this is just based on anecdotal evidence, not any sort of scientific study. Heh...
Boy, I hope they finish soon so I do not have to spend a lot of money buying the cd's.
FreeBSD 5.0 will most likely be out late November or early December, at which point the 4-cd set will most likely cost $39.95 from freebsdmall.com, $39.50 from bsdmall.com.
Downloading the installation cd, which is all you really need, is (obviously) less than 650M. But buying the cd's helps the FreeBSD project, and really isn't that expensive.
# cd
# make install
# echo 'linux_enable="YES"' >>
Note that if you choose linux binary compatibility during installation, the above is done for you.
For some things (vmware) you may need to add linprocfs to
linux_base comes with rpm, et al. Rarely, you may need to copy some shared libraries from a linux box to the the appropriate directories under
Really, its easy. The FreeBSD handbook does a good job of explaining.