The chroot()'ing in OpenBSD is still, in my opinion, worth less than the jail() in FreeBSD, because jail() works on all software, while chroot() require a substantial amount of work to setup, and this setup differs between packages and versions (ie: you have to make sure all of the required files are in the new root, and if you're using an advanced daemon - apache + php + perl + mysql - you start including most of the disk anyway). With jail(), you just make new copies of the OS, and then break that off from the real system. Any hole is in the jail itself, which can be rebuilt quickly and generically. You still get the privilege isolation, total file separation, services separated from each other, and you add the ability to create and destroy quickly and easily.
I've followed OpenBSD long enough to be vaguely familiar with systrace and the custom versions of apache and bind (bind 9 is in 3.3, right?), but I still prefer jail() to systrace / chroot(). Perhaps it's my personal preference, but I feel it's both cleaner and nicer.
As to the KSH comment: I used a version on solaris many years ago, and was entirely unimpressed. I don't know which version it was, though.
SMP is a HUGE drawback. Let's be realistic: to get the best performance per dollar, and make sure that performance isn't completely obsoleted in 6 months, you almost HAVE to go SMP. Workstations, shell servers, email, web, databases, SMP makes a HUGE difference.
FreeBSD is really quite clean, quite simple, and I'm continually impressed with how elegant it is. Realistically, Free/OpenBSD share a lot of the ports infrastructure, and I have had better luck with the make world sequence on FreeBSD than on OpenBSD.
To be completely fair, the two are really quite similar, but (1) I really need SMP, (2) I really like the FreeBSD lists more (not that the "check the archives" messages aren't helpful, but some tact isn't going to hurt anyone), and (3) it's much more realistic to get FreeBSD accepted in a corporate environment than OpenBSD, just by pointing to Yahoo!
Security is nice, but I'm not willing to trade SMP for "default security". I've never been rooted by a hole in the OS, it's always in a third party software package (I, actually, have never been rooted, but I've fixed a few, and they were OpenSSH and Apache holes, NOT the OS). In these cases, securelevel(8) set nice and high, schg attributes on everything I care about, strong firewalling, and IDS work wonders on minimizing damage.
Besides, ksh is horrid (I'll give it the edge of bash), tcsh is the ONLY way to go.
The OS is cleaner, the speed better (especially when you push the system, using close to max RAM, because the FreeBSD swapping alg. is smarter than Linux), and the ports and upgrading systems make the systems much easier to maintain.
Finally, FreeBSD has much better system documentation (manpages for EVERYTHING), and all of those 'linux only' applications can run (quite quickly) under emulation (even NVidia is finally catching up, with their binary drivers).
(I guess I'm a new resident FreeBSD fanboy - so be it)
Rendezvous is a standards-based implementation of multicast DNS. It uses multicast transport of those packets to cover a campus network. Unicast would refer to a single IP address source and destination.
You're right and you're wrong.
The application uses multicast DNS to FIND the service, but then reverts to unicast for actual USE of the service. It'd be quite silly to send all of that information all over the network.
The problem with exhaustive testing of OSs is that to get the best performance out of most of them, they require someone relatively knowledgable.
For instance, there was a large comparison of Windows v. FreeBSD v. Linux, and FreeBSD came in dead last. Those who know realize that the FreeBSD box wasn't tuned (at all), and that any competant sysadmin would have made 10-20 substantial changes to the system before running that benchmark. Similarly, the Windows and Linux boxes could have probably been tuned better (the benchmark claimed that miminal changes were made, but they were important changes).
There seems to have been much more research into specifically network related code under FreeBSD, but FreeBSD 5 also has UFS2, which is also apparently a nice performance increase.
I'm of the opinion that FreeBSD is still the fastest of the major OSs (Windows, FreeBSD, Linux) for most services, although the preemptive kernel patches for linux may make linux nicer for desktop use. NetBSD is close, OpenBSD still doesn't support SMP, so you can pretty much kiss off OpenBSD on large SMP hardware.
The HT support in 4.8 is actually pretty preliminary. The real development is going on in the 5-CURRENT branch, and although some of the changes are being MFC'd, most of them are not.
You may see a performance jump, but the real jump will be in 5.1.
And what's with the java comment, PHP is pretty much nothing like java. It has different uses, different strengths, and different semmantics. When are they going to properly fix PHP like making it stable? (*gasp*)
The problem with PHP isn't stability, it's a bogus security model that makes is unusable on massively multi-user systems.
The people who need 64bit already know that they need 64bit. Gamers, home users, small businesses, and the like aren't in this category.
Remember that the primary reason for changing to 64bit isn't speed or cost, but rather the ability to have a much larger address space, which serves to remove the 4GB memory limit. These are the people who will want 64bit, and these are the people who already KNOW that they want it, they're just waiting patiently for it to be available (and for their OS of choice to be ported - correctly).
My first introduction to Z magazine was through the DVD documentary on Chompsky's Manufacturing Consent, and my first impression of the group was certainly less than favorable, as some of their arguments clearly lacked serious thought (to be fair, it seemed to be a rather informal interview without serious preparation, but the comments made were completely unsupportable).
While I'll conceed that having the military between the reporters and the end result allows for censorship, it seems that without this censorship, there exists a supreme risk for a compromise of intelligence, and that can not be tolerated. Furthermore, the fact that reporters are allowed in many of these situations is really a military favor, not a right, and any information coming from there should be seen as a privilege.
Spare me your hyperbole please. Either talk seriously about why the USA must bomb iraqi civilans and start an aggressive war against the will of the UN SC members or shut your cake hole.
First, if you don't want to see it, don't read it, and don't bother responding.
Second, I've listed elsewhere in this story a number of valid reasons for the war. I'll refer you to live video to see that lights are still on (an effort to spare the civilians excess grief), and even Iraqi TV isn't reporting civilians being killed in significant numbers (one report said the initial attack of opportunity killed only civilians - they also say that the US isn't in Southern Iraq, so you know how reputable that is).
Finally, the war was not against the will of the UN security council members, it was against the will of a single country, France, who vowed to veto any resolution that had any threat of force. Had this country not acted irrationally, it's possible that a formal vote may have taken place.
Regardless, the opening days of the war have shown that Iraq still has banned missiles (scuds) and is using them against US troops after claiming for the last 12 years that no such missiles existed. Clearly the UN inspection teams had no chance of ever positively ridding Iraq of banned weapons, and Saddam's refusal to leave voluntarily left but one guaranteed solution.
Yesterday they fired a number of ballistic missiles into kuwait.
Reports are saying that they are Scuds and Al Samoud 2s.
Both are forbidden by the terms of the first surrender, and Saddam has been claiming for 12 years that he had no banned weapons.
A few weeks ago, he "destroyed" all of the Al Samoud 2 weapons he had, under the supervision of the UN inspectors. Obviously the inspectors missed a few.
It's clear that Saddam still had banned weapons, that the UN inspectors never could have found these weapons, and that Saddam never had any intent of fully disarming to comply with the original surrender. The first hours of this war showed that banned weapons were still in the arsenal, and that should immediately justify the war for anyone who thinks rationally about the situation.
That's a worthless article. Z Magazine is known for their leftist, "free independent media" nonsense.
CNN is having their script approved for an obvious reason: they've been given the opportunity to ride along with the military units, and because of this, they have agreed to get approval on their scripts so that they don't give away their position or other strategic information.
You don't go riding with a convoy and start talking about "Yea, we've got 200 tanks moving from Kuwait up to Basrah, curving to the north west, so that we can enter the city from the North West corner."
Who's going to have control of spending the money?
What's the money going to be spent on?
Last I checked, the answers were: The UN on behalf of the Iraqi people; a democratic Iraqi government, and the Iraqi infrastructure for the Iraqi people.
I've never seen a mugging where you beat the head of the person, take the money, and spread it about around to all parts of the body.
War sucks, especially when it's for no good reason (or the reasons are manufactured).
Yea, war sucks. I'll agree with that.
But, let's look at the reasons.
Iraq invaded Kuwait. Upon surrendering, he agreed to certain restrictions.
One of these restrictions was to allow, and cooperate with, UN inspections. For 11 years, this condition was not met.
One of these restrictions was to allow the establishment of 'no fly zones' above parts of Iraq that Saddam had routinely attacked. This condition was met, but Saddam routinely fired at planes enforcing the zones.
One of these restrictions was the elimination of all weapons with a range greater than 93 miles. Yesterday, Iraqi forces fired more than 4 missles into Kuwait. These missiles are believed to be either Al Samoud 2 or Scud, both banned designed.
There are other actionable reasons. Consider the Anfal campaign against the Kurds, or the open funding of terrorism in Palestine (Saddam has openly declared his willingness to reward the families of suicide bombers). Both of these, while not directly listed as reasons for war, are certainly more than just causes.
Yes, war is bad. But, there are certainly many good reasons.
A reasonable code escrow system will be a gov't office that recieves source code, and that enters it into the public domain once a pre-set revenue from the project is met.
The GPL IS NOT PUBLIC DOMAIN.
The BSD license comes much closer to public domain, as it has less restrictions on use. True public domain software would not require the feedback into the community that corporations dislike (it's hard to give away your IP that you've paid a lot of money for).
What they haven't (yet) realized is that most people don't want to have to turn off their computers ever. They are just forced to reboot all the time by crappy "features" such as these.
Completely wrong. Most people only care that their computers work reliably for up to 8 hours at a time, and shut them off when they're not in use.
Most people don't 24x7 uptime, and wouldn't want it anyway: computers use quite a bit of power, and power costs money.
Indeed, most people I know turn their computers off when not in use.
People like Terry Lambert pop up often with quasi-benchmarks taken from personal experience.
Check out http://news.gw.com/freebsd.arch/9169 for a detailed way to get 1.6 million simultaneous connections in FreeBSD, a number that Linux simply can't match.
In a critical measure of secure Web serving performance, a 4-way eServer p630 set an industry record for entry level (4-way) systems supporting 1,988 simultaneous connections, far outpacing the 568 simultaneous connections achieved by the 4-way Sun Fire V480 on the SPECweb99_SSL performance measure.[2]
The eServer p630 set an additional 4-way Web serving record when the system processed 6,895 simultaneous connections, offering greater than 50 percent more performance than a 4-way Sun Fire V480 with 4,500 simultaneous connections.[3]
1.6 million compared to 6,900. To be fair, one is excessively tuned, but despite that, it's a huge difference.
Apache had the chunked encoding vulnerability that got a lot of Unix boxes cracked, not to mention a ton of other problems: http://www.apacheweek.com/features/security-13
NetBSD has a whole list of security bugs ( http://www.netbsd.org/Security/ )
Slashdot Mirror
The chroot()'ing in OpenBSD is still, in my opinion, worth less than the jail() in FreeBSD, because jail() works on all software, while chroot() require a substantial amount of work to setup, and this setup differs between packages and versions (ie: you have to make sure all of the required files are in the new root, and if you're using an advanced daemon - apache + php + perl + mysql - you start including most of the disk anyway). With jail(), you just make new copies of the OS, and then break that off from the real system. Any hole is in the jail itself, which can be rebuilt quickly and generically. You still get the privilege isolation, total file separation, services separated from each other, and you add the ability to create and destroy quickly and easily.
I've followed OpenBSD long enough to be vaguely familiar with systrace and the custom versions of apache and bind (bind 9 is in 3.3, right?), but I still prefer jail() to systrace / chroot(). Perhaps it's my personal preference, but I feel it's both cleaner and nicer.
As to the KSH comment: I used a version on solaris many years ago, and was entirely unimpressed. I don't know which version it was, though.
SMP is a HUGE drawback. Let's be realistic: to get the best performance per dollar, and make sure that performance isn't completely obsoleted in 6 months, you almost HAVE to go SMP. Workstations, shell servers, email, web, databases, SMP makes a HUGE difference.
FreeBSD is really quite clean, quite simple, and I'm continually impressed with how elegant it is. Realistically, Free/OpenBSD share a lot of the ports infrastructure, and I have had better luck with the make world sequence on FreeBSD than on OpenBSD.
To be completely fair, the two are really quite similar, but (1) I really need SMP, (2) I really like the FreeBSD lists more (not that the "check the archives" messages aren't helpful, but some tact isn't going to hurt anyone), and (3) it's much more realistic to get FreeBSD accepted in a corporate environment than OpenBSD, just by pointing to Yahoo!
Security is nice, but I'm not willing to trade SMP for "default security". I've never been rooted by a hole in the OS, it's always in a third party software package (I, actually, have never been rooted, but I've fixed a few, and they were OpenSSH and Apache holes, NOT the OS). In these cases, securelevel(8) set nice and high, schg attributes on everything I care about, strong firewalling, and IDS work wonders on minimizing damage.
Besides, ksh is horrid (I'll give it the edge of bash), tcsh is the ONLY way to go.
Same situation, but we went with FreeBSD.
The OS is cleaner, the speed better (especially when you push the system, using close to max RAM, because the FreeBSD swapping alg. is smarter than Linux), and the ports and upgrading systems make the systems much easier to maintain.
Finally, FreeBSD has much better system documentation (manpages for EVERYTHING), and all of those 'linux only' applications can run (quite quickly) under emulation (even NVidia is finally catching up, with their binary drivers).
(I guess I'm a new resident FreeBSD fanboy - so be it)
Rendezvous is a standards-based implementation of multicast DNS. It uses multicast transport of those packets to cover a campus network. Unicast would refer to a single IP address source and destination.
You're right and you're wrong.
The application uses multicast DNS to FIND the service, but then reverts to unicast for actual USE of the service. It'd be quite silly to send all of that information all over the network.
Send it to questions@freebsd.org (make sure vinum is in the title, you're guaranteed to get a response from Greg).
The problem with exhaustive testing of OSs is that to get the best performance out of most of them, they require someone relatively knowledgable.
For instance, there was a large comparison of Windows v. FreeBSD v. Linux, and FreeBSD came in dead last. Those who know realize that the FreeBSD box wasn't tuned (at all), and that any competant sysadmin would have made 10-20 substantial changes to the system before running that benchmark. Similarly, the Windows and Linux boxes could have probably been tuned better (the benchmark claimed that miminal changes were made, but they were important changes).
There seems to have been much more research into specifically network related code under FreeBSD, but FreeBSD 5 also has UFS2, which is also apparently a nice performance increase.
I'm of the opinion that FreeBSD is still the fastest of the major OSs (Windows, FreeBSD, Linux) for most services, although the preemptive kernel patches for linux may make linux nicer for desktop use. NetBSD is close, OpenBSD still doesn't support SMP, so you can pretty much kiss off OpenBSD on large SMP hardware.
The HT support in 4.8 is actually pretty preliminary. The real development is going on in the 5-CURRENT branch, and although some of the changes are being MFC'd, most of them are not.
You may see a performance jump, but the real jump will be in 5.1.
And what's with the java comment, PHP is pretty much nothing like java. It has different uses, different strengths, and different semmantics. When are they going to properly fix PHP like making it stable? (*gasp*)
The problem with PHP isn't stability, it's a bogus security model that makes is unusable on massively multi-user systems.
The people who need 64bit already know that they need 64bit. Gamers, home users, small businesses, and the like aren't in this category.
Remember that the primary reason for changing to 64bit isn't speed or cost, but rather the ability to have a much larger address space, which serves to remove the 4GB memory limit. These are the people who will want 64bit, and these are the people who already KNOW that they want it, they're just waiting patiently for it to be available (and for their OS of choice to be ported - correctly).
Yea, some people need more than 4 gigs of memory per process. That's just not easy to do with 32bit.
True.
My first introduction to Z magazine was through the DVD documentary on Chompsky's Manufacturing Consent, and my first impression of the group was certainly less than favorable, as some of their arguments clearly lacked serious thought (to be fair, it seemed to be a rather informal interview without serious preparation, but the comments made were completely unsupportable).
While I'll conceed that having the military between the reporters and the end result allows for censorship, it seems that without this censorship, there exists a supreme risk for a compromise of intelligence, and that can not be tolerated. Furthermore, the fact that reporters are allowed in many of these situations is really a military favor, not a right, and any information coming from there should be seen as a privilege.
Spare me your hyperbole please. Either talk seriously about why the USA must bomb iraqi civilans and start an aggressive war against the will of the UN SC members or shut your cake hole.
First, if you don't want to see it, don't read it, and don't bother responding.
Second, I've listed elsewhere in this story a number of valid reasons for the war. I'll refer you to live video to see that lights are still on (an effort to spare the civilians excess grief), and even Iraqi TV isn't reporting civilians being killed in significant numbers (one report said the initial attack of opportunity killed only civilians - they also say that the US isn't in Southern Iraq, so you know how reputable that is).
Finally, the war was not against the will of the UN security council members, it was against the will of a single country, France, who vowed to veto any resolution that had any threat of force. Had this country not acted irrationally, it's possible that a formal vote may have taken place.
Regardless, the opening days of the war have shown that Iraq still has banned missiles (scuds) and is using them against US troops after claiming for the last 12 years that no such missiles existed. Clearly the UN inspection teams had no chance of ever positively ridding Iraq of banned weapons, and Saddam's refusal to leave voluntarily left but one guaranteed solution.
Yesterday they fired a number of ballistic missiles into kuwait.
Reports are saying that they are Scuds and Al Samoud 2s.
Both are forbidden by the terms of the first surrender, and Saddam has been claiming for 12 years that he had no banned weapons.
A few weeks ago, he "destroyed" all of the Al Samoud 2 weapons he had, under the supervision of the UN inspectors. Obviously the inspectors missed a few.
It's clear that Saddam still had banned weapons, that the UN inspectors never could have found these weapons, and that Saddam never had any intent of fully disarming to comply with the original surrender. The first hours of this war showed that banned weapons were still in the arsenal, and that should immediately justify the war for anyone who thinks rationally about the situation.
Ah yes, and who is going to get paid by the democratic Iraqi government to help rebuild it's infrastructure?
First, being paid for services is not "Stealing Iraqi Oil".
Second, if you know of any better, cheaper, faster corporations, there will be a bidding process.
When you rebuild a nation after a war, it's common for the dominant world power to provide that support. You do remember the Marshall plan, right?
That's a worthless article. Z Magazine is known for their leftist, "free independent media" nonsense.
CNN is having their script approved for an obvious reason: they've been given the opportunity to ride along with the military units, and because of this, they have agreed to get approval on their scripts so that they don't give away their position or other strategic information.
You don't go riding with a convoy and start talking about "Yea, we've got 200 tanks moving from Kuwait up to Basrah, curving to the north west, so that we can enter the city from the North West corner."
Nice theory.
Who's going to claim the oil?
Who's going to have control of spending the money?
What's the money going to be spent on?
Last I checked, the answers were: The UN on behalf of the Iraqi people; a democratic Iraqi government, and the Iraqi infrastructure for the Iraqi people.
I've never seen a mugging where you beat the head of the person, take the money, and spread it about around to all parts of the body.
Yea, war sucks. I'll agree with that.
But, let's look at the reasons.
There are other actionable reasons. Consider the Anfal campaign against the Kurds, or the open funding of terrorism in Palestine (Saddam has openly declared his willingness to reward the families of suicide bombers). Both of these, while not directly listed as reasons for war, are certainly more than just causes.
Yes, war is bad. But, there are certainly many good reasons.
Right, but look at the pictures: the lights in the buildings are still on.
They're not bombing blindly, and they're not bombing infrastructure. They're bombing palaces and military, nothing else.
Right, but ....
The 11 year old has a twenty year history of killing innocents, and stands up in the streets saying "Fuck You" to everyone who walks by.
Sometimes you've just gotta smack some people.
A reasonable code escrow system will be a gov't office that recieves source code, and that enters it into the public domain once a pre-set revenue from the project is met.
The GPL IS NOT PUBLIC DOMAIN.
The BSD license comes much closer to public domain, as it has less restrictions on use. True public domain software would not require the feedback into the community that corporations dislike (it's hard to give away your IP that you've paid a lot of money for).
Hopefully someone from the FreeBSD project will port over propolice from OpenBSD, it'll be nice to see...
What they haven't (yet) realized is that most people don't want to have to turn off their computers ever. They are just forced to reboot all the time by crappy "features" such as these.
Completely wrong. Most people only care that their computers work reliably for up to 8 hours at a time, and shut them off when they're not in use.
Most people don't 24x7 uptime, and wouldn't want it anyway: computers use quite a bit of power, and power costs money.
Indeed, most people I know turn their computers off when not in use.
People like Terry Lambert pop up often with quasi-benchmarks taken from personal experience.
Check out http://news.gw.com/freebsd.arch/9169 for a detailed way to get 1.6 million simultaneous connections in FreeBSD, a number that Linux simply can't match.
Check out http://linuxpr.com/releases/5611.html for IBM's simultaneous connection limit:
1.6 million compared to 6,900. To be fair, one is excessively tuned, but despite that, it's a huge difference.
Can't you read?
The OS comes with the PC, so we're paying the OEM license cost rather than the shelf cost for the OS.
Huh?
Apache had the chunked encoding vulnerability that got a lot of Unix boxes cracked, not to mention a ton of other problems: http://www.apacheweek.com/features/security-13
NetBSD has a whole list of security bugs ( http://www.netbsd.org/Security/ )
ErOS is a toy OS.