Yes, OpenBSD has a good firewall but the parent to which I responded to said: "I don't understand why anyone would use something else in a situation in which high-security is needed (which is any internet site these days)." Now, is every Internet site a firewall, or are there other sites, that, say, are webservers, mail servers, ftp servers, etc? Would you want SMP for any of these?
Could you give an example of an exploit that cannot be blocked by a plain ol packet filter that a stateful filter can?
Re IPsec: there are standards and then there are widely used/implemented standards. Until recently Cisco 675 routers did not support the protocol numbers of IPsec (50 and 51 I think). US West will most likely never release an update to its customers that do not have a version of CBOS with IPsec support. What are we to do? I also refer you to the related/. discussion about the immaturity of FreeS/WAN. CIPE is time-tested, production-quality, simple code.
Linux and OpenBSD are different operating systems. Could it be possible that there is a piece of hw or sw that Linux supports and OpenBSD does not? On the hardware side, note, for example, that OpenBSD does not support SMP. On the software side, some may prefer ipchains over OpenBSD's ipfilter. CIPE does not exist for OpenBSD either.
By keeping all data and major apps on a remote server you are sacrificing performance and avaliability for convenience. Not the users convenience, mind you, but the sysdamin's. Such a strategy may work in smaller (where the network can handle it) non-mission critical environments (so when your file server and its backups or the network go south and no work is possible its no big deal) or where you lack skilled system administrators to devise better systems. However, the most scalable and robust method is the use a remote update facility, e,g, rdist, rsync, apt, rpm.
Re:Could someone explain the benefits of WAP?!?
on
WAP Under Fire
·
· Score: 1
Are Nokia and Ericsson, major supporters of WAP, US-based companies? Last I heard Nokia is based in Finland and Ericsson in Sweden, but hey: let's blame the US!
I was pleased to find that Wine compiled cleanly and Starcraft installed easily. The only problem was that it locks up after about 20 min of playing. Save early, save often.
There are some of us who are still firmly entrenched in the command-line-driven small-program-doing-one-task-well Unix philosophy. We occasionally would like to look at Word, etc. documents. We do not want a 96MB word processor / mail client / window manager. We just want the documents converted to TeX or HTML. I wish command-line versions of just the filters would be released. My suspicion is that the filters produce horrible conversions, however. Programs that produce, e.g., html ususally produce such poor html it makes you want to kill the programmer who wrote the software.
Are you unaware of the problems with DSOs in Apache? They are slower, in beta, and cause nothing but headaches when restarting the server. The mod_perl mailing list is full of problem reports caused by DSOs.
How do I contact you? I need to change the domain contact for horvitznewspapers.net from you to a role-base email address and you are not answering email sent to the address in the whois record.
ipfilter, common on FreeBSD and OpenBSD has the option of dropping packets with tcp options. See the latest SysAdmin mag for more info. I don't think Linux ipchains has this ability.
Perl does much more than regular expressions. I beleive the most used module (acording to CPAN) is DBI, the database interface.
mod_perl scales as well as Apache. There are huge sites running mod_perl such and CNET and singles heaven. The mod_perl guide gives many performance tips and strategies as well. Did you try those before you concluded mod_perl does not scale?
The perl object module is better than the C++ object model. It is clean and straightforward. You do not have to wonder if there is a default constructor for your virtual base class, etc. You site no examples of inelegance so I don't know what you could mean.
mod_perl embeds a perl interpreter in Apache and provides a perl interface to Apache's internal processing system.
One benefit is that you can eliminate both forking and compiling (to p-code) when invoking perl CGI scripts. This is a huge win, and is what slashdot uses.
However, that is the tip of the iceberg. If you actually get into mod_perl the things you can do are amazing. You can control precisiely how apache handles a request at any stage of processing.
The mod_perl mailing list and web site are extermely helpful. The mod_perl guide will answer 90% of your questions. The gurus on the list will answer the remaining. That is, they will answer and not ignore you and they will not flame you. There is an O'Reilly book on mod_perl. What more support can you ask for?
Plus, there are many modules written for mod_perl. Perl coders ususally believe in sharing and so do not horde their code. You also can use the 100s of regular modules in CPAN. There are powerful large-website tools like Mason wirtten in mod_perl. There is an implementation of ASP written in mod_perl. To inifinity and beyond.
Novel techniques of interaction with computers would benefit us all since we are all temporarily handicapped on one time or another. Two examples that spring to mind: In ops centers your eyes may be busy looking at a log file when you need to get some information from another system without moving your eyes. Another example is when driving: you should not take your eyes of the roard for any lenght of time to fiddle with the PC-based MP3 player.
It me, embobo. Please prevent the use (utilization) of the word "utilizing" for the rest of eternity. I'll give you a crufix-shaped cookie if you do. Don't make me unleash my core competencies or my skill set upon you.
With Linux nowadays most hardware and (good) software is supported. OpenBSD has considerably less hw and sw support.
Before trying to install OpenBSD you should verify that your hardware is supported. For example, the CMD640 PCI IDE controller is not. The CMD640 is common in many older Dell boxes (e.g., the $100 133Mhz Pentiums you can find by the boatload at Boeing Surplus). It has a nasty bug where simulatenous access to both channels causes servere data corruption. A generic PCI IDE driver will work mostly but will not prevent this problem.
Do not assume that just because a piece of software works on many Unix-style systems it will work on OpenBSD. Even sw that works on FreeBSD may not work on OpenBSD. Two examples that bit me are: 1.
The latest postgresql. Each OS has its own odd way of implementing atomic test and set lock. There must be a specific postgresql interface to this written for each OS. There is (could be was) none for OpenBSD.
Apache::Session::SysVSemaphoreLocker does not work on OpenBSD. I believe OpenBSD SysV semaphores are broken. mod_ssl used to have a problem with this but Engenschall has worked around it.
If your hw/sw is supported by OpenBSD, then you should seriously consider using it.
See http://www.kernel.org/pub/linux/libs/pam/modules.h tml . On that page there are also links to Radius and TACACS+ PAMs. Additionally http://www.livingston.com/tech/docs/radius/introdu cing.html talks about radius->securid gateways.
I would use preview if/. didn't cause netscape to crash 40% of the time.
I think exactly the opposite. When I hear "X is available for Linux" I think "Cool, that means it probably will run under Solaris too." Then I go to the site/read the README/attempt to compile and run to find out if it actually does work under Solaris.
Slashdot Mirror
Yes, OpenBSD has a good firewall but the parent to which I responded to said: "I don't understand why anyone would use something else in a situation in which high-security is needed (which is any internet site these days)." Now, is every Internet site a firewall, or are there other sites, that, say, are webservers, mail servers, ftp servers, etc? Would you want SMP for any of these?
Could you give an example of an exploit that cannot be blocked by a plain ol packet filter that a stateful filter can?
Re IPsec: there are standards and then there are widely used/implemented standards. Until recently Cisco 675 routers did not support the protocol numbers of IPsec (50 and 51 I think). US West will most likely never release an update to its customers that do not have a version of CBOS with IPsec support. What are we to do? I also refer you to the related /. discussion about the immaturity of FreeS/WAN. CIPE is time-tested, production-quality, simple code.
Linux and OpenBSD are different operating systems. Could it be possible that there is a piece of hw or sw that Linux supports and OpenBSD does not? On the hardware side, note, for example, that OpenBSD does not support SMP. On the software side, some may prefer ipchains over OpenBSD's ipfilter. CIPE does not exist for OpenBSD either.
By keeping all data and major apps on a remote server you are sacrificing performance and avaliability for convenience. Not the users convenience, mind you, but the sysdamin's. Such a strategy may work in smaller (where the network can handle it) non-mission critical environments (so when your file server and its backups or the network go south and no work is possible its no big deal) or where you lack skilled system administrators to devise better systems. However, the most scalable and robust method is the use a remote update facility, e,g, rdist, rsync, apt, rpm.
Are Nokia and Ericsson, major supporters of WAP, US-based companies? Last I heard Nokia is based in Finland and Ericsson in Sweden, but hey: let's blame the US!
I was pleased to find that Wine compiled cleanly and Starcraft installed easily. The only problem was that it locks up after about 20 min of playing. Save early, save often.
...in my pocket. It happens at times like these, whenever I gaze at your mom's lovely form (I'm posting from bed with my cell phone).
There are some of us who are still firmly entrenched in the command-line-driven small-program-doing-one-task-well Unix philosophy. We occasionally would like to look at Word, etc. documents. We do not want a 96MB word processor / mail client / window manager. We just want the documents converted to TeX or HTML. I wish command-line versions of just the filters would be released. My suspicion is that the filters produce horrible conversions, however. Programs that produce, e.g., html ususally produce such poor html it makes you want to kill the programmer who wrote the software.
I would pay $500/month to watch 100 Network Operation people running around with their heads cut off as long as it was a different set every month.
Direct link to Crimson Story without all the inane Yahoo editorializing.
Are you unaware of the problems with DSOs in Apache? They are slower, in beta, and cause nothing but headaches when restarting the server. The mod_perl mailing list is full of problem reports caused by DSOs.
How do I contact you? I need to change the domain contact for horvitznewspapers.net from you to a role-base email address and you are not answering email sent to the address in the whois record.
Not having read anything:
ipfilter, common on FreeBSD and OpenBSD has the option of dropping packets with tcp options. See the latest SysAdmin mag for more info. I don't think Linux ipchains has this ability.
Perl does much more than regular expressions. I beleive the most used module (acording to CPAN) is DBI, the database interface.
mod_perl scales as well as Apache. There are huge sites running mod_perl such and CNET and singles heaven. The mod_perl guide gives many performance tips and strategies as well. Did you try those before you concluded mod_perl does not scale?
The perl object module is better than the C++ object model. It is clean and straightforward. You do not have to wonder if there is a default constructor for your virtual base class, etc. You site no examples of inelegance so I don't know what you could mean.
mod_perl embeds a perl interpreter in Apache and provides a perl interface to Apache's internal processing system.
One benefit is that you can eliminate both forking and compiling (to p-code) when invoking perl CGI scripts. This is a huge win, and is what slashdot uses.
However, that is the tip of the iceberg. If you actually get into mod_perl the things you can do are amazing. You can control precisiely how apache handles a request at any stage of processing.
The mod_perl mailing list and web site are extermely helpful. The mod_perl guide will answer 90% of your questions. The gurus on the list will answer the remaining. That is, they will answer and not ignore you and they will not flame you. There is an O'Reilly book on mod_perl. What more support can you ask for?
Plus, there are many modules written for mod_perl. Perl coders ususally believe in sharing and so do not horde their code. You also can use the 100s of regular modules in CPAN. There are powerful large-website tools like Mason wirtten in mod_perl. There is an implementation of ASP written in mod_perl. To inifinity and beyond.
Novel techniques of interaction with computers would benefit us all since we are all temporarily handicapped on one time or another. Two examples that spring to mind: In ops centers your eyes may be busy looking at a log file when you need to get some information from another system without moving your eyes. Another example is when driving: you should not take your eyes of the roard for any lenght of time to fiddle with the PC-based MP3 player.
Of course the real area 51 is in Colorado near ....$#@#$ NO CARRIER
It me, embobo. Please prevent the use (utilization) of the word "utilizing" for the rest of eternity. I'll give you a crufix-shaped cookie if you do. Don't make me unleash my core competencies or my skill set upon you.
With Linux nowadays most hardware and (good) software is supported. OpenBSD has considerably less hw and sw support.
Before trying to install OpenBSD you should verify that your hardware is supported. For example, the CMD640 PCI IDE controller is not. The CMD640 is common in many older Dell boxes (e.g., the $100 133Mhz Pentiums you can find by the boatload at Boeing Surplus). It has a nasty bug where simulatenous access to both channels causes servere data corruption. A generic PCI IDE driver will work mostly but will not prevent this problem.
Do not assume that just because a piece of software works on many Unix-style systems it will work on OpenBSD. Even sw that works on FreeBSD may not work on OpenBSD. Two examples that bit me are: 1.
If your hw/sw is supported by OpenBSD, then you should seriously consider using it.
What's this space for? All my thoughts are succinct enough to be completely expressed in the subject line.
"It still crashes occasionally, without warning, and comletely unreproducably..."
And this is different that Navigator 4.7 how? *wham*
See http://www.kernel.org/pub/linux/libs/pam/modules.h tml . On that page there are also links to Radius and TACACS+ PAMs. Additionally http://www.livingston.com/tech/docs/radius/introdu cing.html talks about radius->securid gateways.
I would use preview if /. didn't cause netscape to crash 40% of the time.
It may be possible to setup a TACACS or Radius gateway to the SecurID server and use a linux PAM TACACS or Radius module. Then again, it may not.
Don't even try to download the files if you aren't on Windows or Mac.
I parsed that s/Chess/Cheese/g. I suggest re-reading the blurb doing the same.
I think exactly the opposite. When I hear "X is available for Linux" I think "Cool, that means it probably will run under Solaris too." Then I go to the site/read the README/attempt to compile and run to find out if it actually does work under Solaris.