comp29.tgz is an optional part of the OpenBSD OS, so you don't have to have it to run OpenBSD. And none of the code generated by GCC would be covered by the GPL either.
IPF however, was in the kernel, and now (retroactively) has a far more restrictive license than GCC does.
So stop spreading FUD... you should know better Brett.
It is indeed SoftF/X, re-released as OpenFX (as you might guess from the name). Stuart Ferguson (the author of the package) had actually decided to open source it for some time, and we really should have done this release about a year ago. Sorry for the delay, since it was largly my fault due to a lack of time;-) Hopefully, work will pick up on the WINE port now (dont forget to join our dev lists for more info on that)
Mind you, a box like that would never, ever, face the Internet directly.
That's the key point - I wouldn't really use OpenBSD for what you describe; probably one of the commercial unices which are tuned to the specific multi-proc hardware that they run on.
For x86 and single-proc Sparcs though (the only archs I've used OpenBSD on), it rocks hard! SMP would be 'nice', but certainly not something I'd lose sleep over not having. Also, I would prefer it to be implemented properly, and not with horrible global kernel locks lying all over the place...
For these types of ultra secure tasks, there should be extremely limited cases, and ideally no class of errors that would be "subtle" when it comes to standard library calls. I would suggest that C is not a good language to write a secure operating system in, because it very obviously requires too much manual labour to weed through the subtleties of it's operation
Uh, right. So go ahead and write an entire operating system in a new language then. Don't forget to design the language first though! Remember the C-bashing thread on Bugtraq over the summer? Whatever its limitations, we are stuck with C...
2. The proper approach seems to be a very limited operating system, perhaps in C, with a virtual machine over that which is proven secure, thereby giving at least strong security to every application then running ontop of that VM.
Nice theory, much like many of the other 'ground-up' papers I've read. And meanwhile, while you sit posting and postulating on the great designs that will rule the operating systems world, I'll just use OpenBSD, and be happy with the stability and reliability of the system. Perhaps I'll look you up in ten years when you've finished this idea?
What is the point? Why bother if you aren't even going to put in SMP?
I really, really don't care whether or not OpenBSD has SMP. If I need a faster box, I'll just upgrade to a faster processor. The majority of server systems these days are either I/O or connectivity bound these days.
If you track the OpenPackages lists a bit more closely, you'll observe that all sides are indeed co-operating.
There are sufficiently difficult architectural questions to be answered (depend on perl or not? netbsd doesnt have it in-tree, openbsd does), that it's not going to be a particularly smooth road.
Unfortunately, I find it's ports selection somewhat lacking
Feedback as to what is lacking is always appreciated...
Remember that OpenBSD provides enhancements to the other BSD's ports systems in the form of FLAVORS (which allow multiple options per port, for example in the case of PHP, you can select php-mysql-imap), and FAKE, which installs the port into a separate directory for packaging, instead of directly in the filesystem.
Right now, I'm tinkering away at a curses (visual) interface to the whole tree, that will allow advanced searching and browsing, instead of just through the command-line interface.
If it's just volume of packages that you find is bad, then please feel free to read bsd.port.mk and help the team out! Simply port your favourite application up and post it to ports@openbsd.org
No, you mean gtop - a poorly written program - segfaults. This is like saying that Windows crashed when in fact it was notepad.
Indeed, but I expect decent quality control from a distribution to avoid programs crashing out of the box. Win2k is very stable for me; it's crashed _once_, when I experimented with leaked NVidia drivers.
As for Windows 2000 running faster than Linux - there must be something seriously wrong with your configuration of Linux.
Fundamentally, the X-layer, with its protocol in between, makes the Linux desktop slower that the highly integrated Win32 system (which also has the benefit of primary testing from driver developers). And I'm sure I could tweak Linux to run ludicrously fast, but I don't really have time to do this...
And in terms of usability, don't even ask how hard it's been to find a decent web browser under Linux (and then, get the fonts rendering decently)...
Don't get me wrong; I make (and enjoy) my share of contributions to OSS, but I also don't have any illusions about how well something like Linux competes in the desktop market.
It wont encourage you unless you know how poor Microsoft or Sun's compilers are.
I've had nothing but success with the Visual C++ 6.0 under Windows. The only compiler that came close to beating it for code speed for graphics apps was Watcom, in the old days.
As for BSD you clearly are clueless, as they use aging versions of gcc.
As for your inference that Windows software is easier to use, try Visual C++ some time. Their is no source control as standard, and the API's are dreadful (dodgy socket libraries for example).
There is source control as standard with gcc then? Neat, I've never seen it... you can always install CVS separately of course... but then, why not install CVS under Windows?
Where this stuff falls over is documentation for the newbie. If you face off linuxdoc.org vs the MSDN (which is literally gigabytes of copious documentation), I wonder which one would win.
Let's see - my desktop machine has not crashed once since I installed RedHat 6.2 on it four months ago
My RH6.2 install still consistently segfaults if I run 'gtop'. And when I switched to the excellent Debian, it look me literally a week of hard hacking to get XFree4 and 3D acceleration working. Doesn't really take that long under Win2k now, does it?
I'm now trying to use my Debian setup as my primary desktop, but there's a lot of stuff I sorely miss from Windows 2000 (the speed, the consistent interface, not needing to hack up WINE for games). Still, it's leaps and bounds ahead of what it was last year, so I'm pretty pleased with being able to use a *nix desktop again.
I've been scanning the bait logs on my machine (I run a simple tcp listener on port 111, 23 and others to report scans), and over the last four weeks the rate of scans against the machine has gone up orders of magnitude.
Probes to port 111 come about twice a day, from a large range of IPs. These boxes could all be compromised, and being used as part of a worm attack, but I dont have time to track down the postmaster of each of the ip addresses and mail him/her.
Does anyone know if there's a service run by CERT or anyone to report possibly compromised hosts that turn up in our logs too?
BIND9 was committed today into OpenBSD's port tree. Note that the port tree is _not_ audited, but provided as a convenient method of installing third party software.
OpenBSD comes with BIND4, which has been audited. BIND8, djbdns, and BIND9 are available in the ports tree.
djbdns does have IPv6 support, thanks to patches by Felix von Leitner - get them from www.tinydns.org
IFXR is an incremental method of zone transfering, which is completely useless if you use something like rsync and ssh. djbdns stores all of its zone data in a highly efficient CDB file. All you have to do to update your secondaries is to push the CDB file out. If you use rsync, then only the differences get pushed, the file gets updated atomically, and you're laughing.
If you use djbdns consistently, you have absolutely no need whatsoever for AFXR or IFXR. If you do secondary with other BIND servers then you'll need to run an AFXR process, unfortunately.
I'm hoping BIND9 is a complete, utter rewrite, with no code from BIND8 still remaining.
If it isn't, then it's way way too late - switch to Dan Bernstein's djbdns instead. Read the security guarantee and weep in relief. Notice the exceedingly small memory footprint. The lack of core dumps. That you can get rid of AXFR completely and just use rsync+ssh to transfer to your secondaries.
Check out tinydns.org which has migration tools from BIND which im playing with atm.
It's a very long, painful debate on the OpenBSD forums - go to the archives there and have a read.
Basically, Theo and his team auditted the OpenBSD version of sendmail and are happy with it security-wise. Add that to the fact that it's the industry standard and they're happy to keep it.
Also, qmail has a very very restrictive license that the BSD people are probably not happy with (they aren't really allowed to patch the source code and distribute it as 'qmail' in a binary package, which isn't acceptable).
Still, the first thing I do on my OpenBSD installs is to kill sendmail and install qmail from ports:-)
Adding nodes can only make the system faster, regardless of whether the new nodes are Windows or BSD
Definitely not true. If the additional machines are significantly slower and/or unreliable, then you destabilise the overall quality of service of Hotmail.
Think about it... if 10% of the machines suddenly buckle under the load, but in such a way as to escape automatic removal, then 10% of URL requests will die mysteriously.
This is a pretty positive move from Microsoft's point of view though - after that initial burp, they've been very careful from a system integration point of view, and seem to be quite sane about the way they are migrating to 2000 now.
Investigate the latest version of Courier-IMAP which has built in support for IMAP-SSL/TLS, as opposed to using stunnel.
stunnel is great for a small number of connections, but the overhead of launching a new process every time is fairly significant as you scale up, so Courier does a great job of a lightweight, secure IMAP server.
You have to use maildir - but both Exim and qmail support it natively now, and it's far superior to the traditional mbox format anyway.
Also one machine that can go wrong all at once - flip side to that argument is that you can chop/change a cluster once its installed, and maximise its usage according to what you're doing.
Granted though, initial installation of an SGI is easier than a cluster.
Debra Goldfarb, group vice president at analyst firm IDC, agrees: "Modular computing empowers end users to build the kind of environment that they need not only today but over time. SGI, with this product, is really ahead of the curve in the market. We are seeing the [rest of the] industry absolutely trying to catch up" with SGI.
So the rest of the industry is playing "catchup" to SGI ?! I don't really think there's a huge market for large-scale multiprocessor machines when equivalents can be built up easily from cheap hardware and fast network infrastructure. The last time I saw an SGI was the NASA AMES crew using one for their amazing Viz tool, and even they were making mutterings about porting it to NT and Linux for ease of maintenance and actual use.
In addition, SGI Origin 3000 servers and SGI Onyx 3000 visualization systems reflect a return to SGI's core competencies.
At least that's true. The NT machines were a joke. Anyone tried SGI Linux yet?
The big three you mentioned up there are also incredibly american-biased news sources; something else that is of concern to those interested in independent news reporting.
Deja has clearly marked out that it's not a normal hyperlink, by the use of their little arrow icon before the link.
They obviously have to make money, and exposing their sales department to the portion of the site that gets the most page hits makes a lot of sense. After all, they arent changing the content of the post, only adding markup to it that the user can ignore at will.
I'd be much more up-in-arms if they were subtly insinuating new content and altering posts from Usenet, but a simple bit of advertising marked as such seems perfectly reasonable when the company has to make money somehow to actually provide this service so many of us use for free.
So what's the last time someone actually SPENT money at Deja then?:-) I never have...
While I applaud the efforts behind the Galleon web browser, and indeed any "open source" project, I cannot help but wonder if the effort might have been better spent on improving the Mozzila source code, and eliminating bugs, since we cannot compete with Internet Exploder unless the open source product is equally as good.
This isn't really a code fork from the Mozilla tree, but rather a very fundamentally different approach to the web browser.
Mozilla provides a very heavy-weight, cross-platform user interface which is highly extensible, works on a huge number of different architectures, is skinnable, uses loads of XML and snazzy technologies, and stuff like that. This user-interface is built on top of the core Gecko and Seamonkey modules.
Unfortunately, it's pig slow.
By providing a really lightweight, platform specific user interface just for GNOME, this project is going to deliver a simple, clean web browser which renders out webpages. Only on one platform, and without too many features, but it'll do it well.
I sincerely hope similar projects start off for Windows as well, to make the full use of that platform. Mozilla's UI has a bright future, but for the mid to short term, the shining star in the middle is their rendering engine, and it would be a real pity if people were put off Mozilla simply because the UI around that engine was unstable and slow.
Slashdot Mirror
comp29.tgz is an optional part of the OpenBSD OS, so you don't have to have it to run OpenBSD. And none of the code generated by GCC would be covered by the GPL either.
... you should know better Brett.
IPF however, was in the kernel, and now (retroactively) has a far more restrictive license than GCC does.
So stop spreading FUD
It is indeed SoftF/X, re-released as OpenFX (as you might guess from the name). Stuart Ferguson (the author of the package) had actually decided to open source it for some time, and we really should have done this release about a year ago. Sorry for the delay, since it was largly my fault due to a lack of time ;-) Hopefully, work will pick up on the WINE port now (dont forget to join our dev lists for more info on that)
Mind you, a box like that would never, ever, face the Internet directly.
...
That's the key point - I wouldn't really use OpenBSD for what you describe; probably one of the commercial unices which are tuned to the specific multi-proc hardware that they run on.
For x86 and single-proc Sparcs though (the only archs I've used OpenBSD on), it rocks hard! SMP would be 'nice', but certainly not something I'd lose sleep over not having. Also, I would prefer it to be implemented properly, and not with horrible global kernel locks lying all over the place
For these types of ultra secure tasks, there should be extremely limited cases, and ideally no class of errors that would be "subtle" when it comes to standard library calls. I would suggest that C is not a good language to write a secure operating system in, because it very obviously requires too much manual labour to weed through the subtleties of it's operation
...
Uh, right. So go ahead and write an entire operating system in a new language then. Don't forget to design the language first though! Remember the C-bashing thread on Bugtraq over the summer? Whatever its limitations, we are stuck with C
2. The proper approach seems to be a very limited operating system, perhaps in C, with a virtual machine over that which is proven secure, thereby giving at least strong security to every application then running ontop of that VM.
Nice theory, much like many of the other 'ground-up' papers I've read. And meanwhile, while you sit posting and postulating on the great designs that will rule the operating systems world, I'll just use OpenBSD, and be happy with the stability and reliability of the system. Perhaps I'll look you up in ten years when you've finished this idea?
What is the point? Why bother if you aren't even going to put in SMP?
I really, really don't care whether or not OpenBSD has SMP. If I need a faster box, I'll just upgrade to a faster processor. The majority of server systems these days are either I/O or connectivity bound these days.
If you track the OpenPackages lists a bit more closely, you'll observe that all sides are indeed co-operating.
There are sufficiently difficult architectural questions to be answered (depend on perl or not? netbsd doesnt have it in-tree, openbsd does), that it's not going to be a particularly smooth road.
Unfortunately, I find it's ports selection somewhat lacking
Feedback as to what is lacking is always appreciated...
Remember that OpenBSD provides enhancements to the other BSD's ports systems in the form of FLAVORS (which allow multiple options per port, for example in the case of PHP, you can select php-mysql-imap), and FAKE, which installs the port into a separate directory for packaging, instead of directly in the filesystem.
Right now, I'm tinkering away at a curses (visual) interface to the whole tree, that will allow advanced searching and browsing, instead of just through the command-line interface.
If it's just volume of packages that you find is bad, then please feel free to read bsd.port.mk and help the team out! Simply port your favourite application up and post it to ports@openbsd.org
No, you mean gtop - a poorly written program - segfaults. This is like saying that Windows crashed when in fact it was notepad.
Indeed, but I expect decent quality control from a distribution to avoid programs crashing out of the box. Win2k is very stable for me; it's crashed _once_, when I experimented with leaked NVidia drivers.
As for Windows 2000 running faster than Linux - there must be something seriously wrong with your configuration of Linux.
Fundamentally, the X-layer, with its protocol in between, makes the Linux desktop slower that the highly integrated Win32 system (which also has the benefit of primary testing from driver developers). And I'm sure I could tweak Linux to run ludicrously fast, but I don't really have time to do this...
And in terms of usability, don't even ask how hard it's been to find a decent web browser under Linux (and then, get the fonts rendering decently)...
Don't get me wrong; I make (and enjoy) my share of contributions to OSS, but I also don't have any illusions about how well something like Linux competes in the desktop market.
It wont encourage you unless you know how poor Microsoft or Sun's compilers are.
/root]# uname -a
/root]# gcc --version
...
... you can always install CVS separately of course ... but then, why not install CVS under Windows?
I've had nothing but success with the Visual C++ 6.0 under Windows. The only compiler that came close to beating it for code speed for graphics apps was Watcom, in the old days.
As for BSD you clearly are clueless, as they use aging versions of gcc.
[root@brick
OpenBSD brick 2.8 GENERIC#3 i386
[root@brick
2.95.3
That doesn't seem very aging to me
As for your inference that Windows software is easier to use, try Visual C++ some time. Their is no source control as standard, and the API's are dreadful (dodgy socket libraries for example).
There is source control as standard with gcc then? Neat, I've never seen it
Where this stuff falls over is documentation for the newbie. If you face off linuxdoc.org vs the MSDN (which is literally gigabytes of copious documentation), I wonder which one would win.
Let's see - my desktop machine has not crashed once since I installed RedHat 6.2 on it four months ago
My RH6.2 install still consistently segfaults if I run 'gtop'. And when I switched to the excellent Debian, it look me literally a week of hard hacking to get XFree4 and 3D acceleration working. Doesn't really take that long under Win2k now, does it?
I'm now trying to use my Debian setup as my primary desktop, but there's a lot of stuff I sorely miss from Windows 2000 (the speed, the consistent interface, not needing to hack up WINE for games). Still, it's leaps and bounds ahead of what it was last year, so I'm pretty pleased with being able to use a *nix desktop again.
Or use just use qmail, and let the world know you are using a secure MTA :-)
[root@brick /root]# uname -sr
/root]# cd /usr/ports/net/djbdns/
..
OpenBSD 2.8
[root@brick
[root@brick djbdns]# make install
Unlimited time? Not so hard I think
I've been scanning the bait logs on my machine (I run a simple tcp listener on port 111, 23 and others to report scans), and over the last four weeks the rate of scans against the machine has gone up orders of magnitude.
...
Probes to port 111 come about twice a day, from a large range of IPs. These boxes could all be compromised, and being used as part of a worm attack, but I dont have time to track down the postmaster of each of the ip addresses and mail him/her.
Does anyone know if there's a service run by CERT or anyone to report possibly compromised hosts that turn up in our logs too?
If not, it would be pretty useful to have
BIND9 was committed today into OpenBSD's port tree. Note that the port tree is _not_ audited, but provided as a convenient method of installing third party software.
OpenBSD comes with BIND4, which has been audited. BIND8, djbdns, and BIND9 are available in the ports tree.
djbdns does have IPv6 support, thanks to patches by Felix von Leitner - get them from www.tinydns.org
IFXR is an incremental method of zone transfering, which is completely useless if you use something like rsync and ssh. djbdns stores all of its zone data in a highly efficient CDB file. All you have to do to update your secondaries is to push the CDB file out. If you use rsync, then only the differences get pushed, the file gets updated atomically, and you're laughing.
If you use djbdns consistently, you have absolutely no need whatsoever for AFXR or IFXR. If you do secondary with other BIND servers then you'll need to run an AFXR process, unfortunately.
Err, no - its completely modular, so if for some reason you want tcp queries, you run afxrdns (as it says in the FAQ you kindly linked to)
I'm hoping BIND9 is a complete, utter rewrite, with no code from BIND8 still remaining.
If it isn't, then it's way way too late - switch to Dan Bernstein's djbdns instead. Read the security guarantee and weep in relief. Notice the exceedingly small memory footprint. The lack of core dumps. That you can get rid of AXFR completely and just use rsync+ssh to transfer to your secondaries.
Check out tinydns.org which has migration tools from BIND which im playing with atm.
It's a very long, painful debate on the OpenBSD forums - go to the archives there and have a read.
:-)
Basically, Theo and his team auditted the OpenBSD version of sendmail and are happy with it security-wise. Add that to the fact that it's the industry standard and they're happy to keep it.
Also, qmail has a very very restrictive license that the BSD people are probably not happy with (they aren't really allowed to patch the source code and distribute it as 'qmail' in a binary package, which isn't acceptable).
Still, the first thing I do on my OpenBSD installs is to kill sendmail and install qmail from ports
Adding nodes can only make the system faster, regardless of whether the new nodes are Windows or BSD
... if 10% of the machines suddenly buckle under the load, but in such a way as to escape automatic removal, then 10% of URL requests will die mysteriously.
Definitely not true. If the additional machines are significantly slower and/or unreliable, then you destabilise the overall quality of service of Hotmail.
Think about it
This is a pretty positive move from Microsoft's point of view though - after that initial burp, they've been very careful from a system integration point of view, and seem to be quite sane about the way they are migrating to 2000 now.
We'll be releasing OpenFX towards the end of August.
...
GPLed
Investigate the latest version of Courier-IMAP which has built in support for IMAP-SSL/TLS, as opposed to using stunnel.
stunnel is great for a small number of connections, but the overhead of launching a new process every time is fairly significant as you scale up, so Courier does a great job of a lightweight, secure IMAP server.
You have to use maildir - but both Exim and qmail support it natively now, and it's far superior to the traditional mbox format anyway.
lol, it'll be a while before you see SGI's in space though :-)
Also one machine that can go wrong all at once - flip side to that argument is that you can chop/change a cluster once its installed, and maximise its usage according to what you're doing.
Granted though, initial installation of an SGI is easier than a cluster.
Amusing bits from the page:
Debra Goldfarb, group vice president at analyst firm IDC, agrees: "Modular computing empowers end users to build the kind of environment that they need not only today but over time. SGI, with this product, is really ahead of the curve in the market. We are seeing the [rest of the] industry absolutely trying to catch up" with SGI.
So the rest of the industry is playing "catchup" to SGI ?! I don't really think there's a huge market for large-scale multiprocessor machines when equivalents can be built up easily from cheap hardware and fast network infrastructure. The last time I saw an SGI was the NASA AMES crew using one for their amazing Viz tool, and even they were making mutterings about porting it to NT and Linux for ease of maintenance and actual use.
In addition, SGI Origin 3000 servers and SGI Onyx 3000 visualization systems reflect a return to SGI's core competencies.
At least that's true. The NT machines were a joke. Anyone tried SGI Linux yet?
The big three you mentioned up there are also incredibly american-biased news sources; something else that is of concern to those interested in independent news reporting.
Rock on the BBC Website and the BBC World Service!
Not perfect, but imho a slightly less skewed view of the world than most other reports.
What's wrong with this then?
:-) I never have ...
Deja has clearly marked out that it's not a normal hyperlink, by the use of their little arrow icon before the link.
They obviously have to make money, and exposing their sales department to the portion of the site that gets the most page hits makes a lot of sense. After all, they arent changing the content of the post, only adding markup to it that the user can ignore at will.
I'd be much more up-in-arms if they were subtly insinuating new content and altering posts from Usenet, but a simple bit of advertising marked as such seems perfectly reasonable when the company has to make money somehow to actually provide this service so many of us use for free.
So what's the last time someone actually SPENT money at Deja then?
While I applaud the efforts behind the Galleon web browser, and indeed any "open source" project, I cannot help but wonder if the effort might have been better spent on improving the Mozzila source code, and eliminating bugs, since we cannot compete with Internet Exploder unless the open source product is equally as good.
This isn't really a code fork from the Mozilla tree, but rather a very fundamentally different approach to the web browser.
Mozilla provides a very heavy-weight, cross-platform user interface which is highly extensible, works on a huge number of different architectures, is skinnable, uses loads of XML and snazzy technologies, and stuff like that. This user-interface is built on top of the core Gecko and Seamonkey modules.
Unfortunately, it's pig slow.
By providing a really lightweight, platform specific user interface just for GNOME, this project is going to deliver a simple, clean web browser which renders out webpages. Only on one platform, and without too many features, but it'll do it well.
I sincerely hope similar projects start off for Windows as well, to make the full use of that platform. Mozilla's UI has a bright future, but for the mid to short term, the shining star in the middle is their rendering engine, and it would be a real pity if people were put off Mozilla simply because the UI around that engine was unstable and slow.