often you will find that working out the chain of service dependencies
First of all, define "often". I've adminned a couple dozen Unix servers for the past 5 years, and I've never had to "work out" anything - I know what the dependencies are (if any) and which order things need to be started/stopped.
stopping them in reverse order and starting them again takes longer than a reboot
First of all, bullshit - how can stopping and starting a couple of services possibly take longer than stopping EVERYTHING, having the machine go through it's BIOS startup, loading the kernel, and then starting EVERYTHING all over again?
Second of all, even if this were the case (which it's not) all of the other services on the box will continue to run, so there is no interruption of them at all.
it would make life harder for the other 97 percent of computer users
Again, because Mass. doesn't have an IT department?
windows has the advantage of protecting us from ourselves. there is no init to kill. no kernel modules to delete. no kernel to compile
You seem to not know anything about how large organizations are run - they have sysadmins who make the computers work, so that the users can get on with their jobs. Normal users don't install kernels, or have the ability to kill init, or compile their own kernels.
Contrasted with Windows (95/98, but also 2K to some degree) - under Linux, there is no way for a virus to take the system down, there is no way for a user to accidentally delete a system file.
In a large organization, Linux makes life easier, not harder.
what problems do you think having these tools around will cause?
It will allow an attacker to build their own software, which is guaranteed to work on the box they've rooted. (I know this is obvious, but it needs stating clearly because it's more important than you realize.)
If they have precompiled binaries that won't run on your system (because you've deliberately chosen a system that's not common), they'll be forced to build their own - it won't stop them, but it will slow them down, or encourage them to seek greener pastures.
Unless you've pissed someone off, most attackers are going to hit your box because they want to use it for something (port scanner, relay, etc.) If the software they want doesn't exist on your box, they'll have to get it there, and get it to work. The longer that takes them, the better - as it gives you more time to notice the intrusion.
This is the same as not having a text editor, so that an intruder cannot change config files.
No, it isn't. You're not saying "I don't have a dev environment, so the attacker won't be able to do anything", you're saying "I don't have a dev envrionment, so it will take an attacker longer to do something."
When they could use an editor or compiler on your firewall, you've already lost.
There are different degrees of 'lost'. It's about damage mitigation - the more inhospitable your system, the less an inexperienced attacker will be able to do, and the more time an experienced attacker will take to do damage.
The point is that there is a bigger probability that you'll need to patch the firewall from time to time - than the probability of a cracker breaking into it and abusing the tools.
I disagree.
The first assumption I make is that every firewall I install WILL get rooted eventually.
So - the trick is to make it as painful as possible for an attacker to do anything once the box is compromised, in the hope that I find out about the breach before the attacker can do much damage.. and if I don't notice quick enough, then I hope that the intruder a) lacks the appropriate skills to do any damage, or b) gives up and find another target.
To this end, you eliminate everything you don't need, including the dev environment. If you don't need something, you leave it off - glibc has lots of features, but if you don't need them, use libc5 (that way an attacker has another hurdle if he/she wants to install their own dev tools - they either need static binaries, or they need to compile them for libc5.)
it's _very_ conventient to have the development tools ready when you need that little tool on the firewall Right Now, and don't want to fiddle with using the identical box WITH development tools to build it, then transfer the new libraries and programs to the firewall box.
If you have a single firewall, then this is probably true, but I manage a couple dozen, and if I need to update something, it's much easier to build & test it once on a development box, and then transfer it, than it is to build it and test it on each firewall separately.
It's all about minimizing risk. Convenience is no excuse.
Edward Jenner's discovery of cowpox and its use to innoculate against smallpox saved generations from the embarassment of unsightly facial scars, a social problem.
No, that would be a medical problem, not a social one. Medicine is a science. The scars may impact people's social lives, but are a side-effect of the medical problem, not a social problem themselves (unless you're suggesting that the vaccine solved all forms of non congenital facial disfigurement.. which it didn't - and would still be a medical, not social, problem.)
Social problems are things like poverty and crime.
Now that smallpox has been totally eradicated, I'd say that this is a social problem with a complete technological solution.
Actually it would be a symptom of a medical problem with a scientific solution.
I think the assumption that spamming doesn't work is erroneous.
I guess we disagree then.. there is no hard evidence either way, just supposition. I stand by my beliefs.
If everybody were like me, there would be no spam, telemarketers, or junk mail - because I won't respond to direct advertising on principle.
Again, I disagree. Even if everybody were like you, there would be people who believed that there are people who are not like you - and that would be enough to maintain momentum. There would still be scammers who tell people that it works, and there would be people who would believe them - even if they wouldn't buy the stuff themselves. (Do you believe spammers buy stuff from the spam they receive?)
How many insanely stupid urban legends or ridiculous chain mails (forward this to a dozen friends and Bill Gates will send you a personal check for a hundred dollars!) have you received from friends who ought to know better?
I have received that letter exactly twice, and both times, when I told the person sending it that it wasn't true, they told me that they knew, but they forwarded it anyway, because they thought it was funny. To them, it was a joke.
Given its persitence I have to believe that for some, at least, it is working.
And I have a rock that keeps tigers away.
How does it work, you ask?
Well, it doesn't - it's just a rock. But you don't see any tigers around, do you?
OpenSSH is a part of Linux as much as RPC or Windows Messaging is a part of Windows.
Bullshit.
OpenSSH is an application. It's not necessary for any Linux system. You can choose not to install it if you don't want it - and the system will continue to be perfectly usable. If (like me) you want secure remote administration, you can even install an alternative.
And if you do choose to install OpenSSH, you can remove it at any time, with no adverse consequences.
Try not installing RPC or Windows Messaging when you install Windows - you can't - you're not even given the choice.
Try disabling RPC. You'll find that the OS stops working (no cut and paste.)
Microsoft has been good lately about doing proactive security reviews, and they often find holes before anyone else does.
This shows exactly how much knowledge you have on the topic.
Pretty much all of the remotely exploitable holes in the past year (in fact, every hole I know of in MS software) have been discovered by third-parties. MS makes an announcement - it doesn't meant that they discovered the vulnerability.
No, actually, it's a victory for pretty much everyone (except spammers.)
but at what cost
None - except the attorney fees.
Why does the spam problem require government intervention?
First of all, this is not government intervention. (the spammers asked the government for intervention to stop people from using those technological 'solutions' you desire so much, then tried to back out when they saw how fscked they were.)
Second of all, it requires a social solution (which is what laws are) because it's a social problem.
Almost every problem that has come up in recent history, particularly technical challenges, have been or can be solved with technical solutions
I'm hard pressed to think of any social problem that has ever been solved by technology. Can you please list some? (There are social problems that have been eased as a side effect of technology, but none I can think of that have a technological 'solution'.)
I hardly ever lose a real email to the spam folder while only about 5% of the spam I get ever reaches my inbox
So you're OK with being raped, just because you only see it 5% of the time?
Technology can't solve the problem of spam, because the problem of spam is that spammers want something for nothing, and don't care how many people or who they have to harrass/annoy/rob to do it. There is NO technological way to change this.
This is definitely not a win for the first amendment or civil liberties
It's also definitely not a win for the homeless, the starving children in Africa, battered wives, or the endangerd California condor (all of which have as much to do with spam as the first amendment or civil liberties.) Can you please bring something relevant to the conversaion?
This is definitely not a win that is going to help keep the internet a free place.
Wrong. It MOST DEFINITELY IS a win that is going to help keep the internet a free place, because it reinforces the fact that I am allowed to control the traffic that enters my network.
So why do they keep coming to work? Are they idiots? Or just malignant bastards?
Neither - they are con men.
why do companies keep using spam for advertising?
Take a look at some of the other replies to post, and you'll see why.. people see lots of spam, so they erroneously conclude that it works (after all, why would there be so much spam if it didn't work, they ask.)
It's all because spammers are con artists. They convince the stupid people (companies) that they can make money.. the net result is that the spammers get money, the stupid people get hosed, and everybody else gets spam.
The spammers then find another victim, and it all starts over again.
Because the "EMA" was a shell - it's only reason to exist was to bring this lawsuit. This was in an attempt to hide the identities of the spammers who were behind it.
Now that they've been so thoroughly trashed, there is no reason to continue paying for hosting.
Users would have to forward mail to the ISPs smart host for delivery, which should only accept mail from their own IP ranges
A better idea than blocking is to transparently proxy all outbound SMTP sessions to the ISP's mailserver.
restrict the number fo emails from a single server over a specific time period. This puts a bottle neck on spammers and helps, but does not eliminate the problem.
Transparent proxying would aid in this a great deal, as otherwise, you're not preventing spammers from abusing open relays (spammer sends one email to an open relay, with 10,000 BCC'ed recipients.)
Add monitoring (when the load on the SMTP server rises past a certain point, the sysadmin gets paged.)
I implemented this at the ISP I work for, and it works wonderfully. We've had a total on one piece of spam (single email, to a single recipient) leave our system over the past 5 years.
When I googled for docs on setting up a FreeBSD firewall, I saw two implementations, one seemed pretty ugly (firewall rules ran backwards - as in it fired all rules, and used the last one that matched) Is this the other one you mentioned?
ipfw/natd is the "standard" one, and sounds like the one you're using.
Yes. And it's particularly ugly.. the documentation for the other one sounded worse..:o) (I've adminned a ton of other firewalls, and never seen one where the last rule in the list was used before all the others.)
ipf/ipnat is the other one (and IMHO the better one). Nat runs in kernel space. And `ipfstat -nhio` gives you the stats.
From time to time I need detailed packet logs for network troubleshooting (listing interface, packet direction, source/dest address/port, TTL, packet length, protocol, flags, etc. for every packet hitting a particular rule or set of rules.) Is this what you mean by 'stats', or are you talking about a summary?
The package management and most importantly PORTS aspect of freebsd rock my world.
Package management seems to install everything in/usr/local - I prefer packages to put stuff in/usr../usr/local should be reserved for stuff you compile yourself..
I know that packages are supposed to be relocatable at install time, but I found that particular feature inconsistant at best..
I prefer slackware's package management - when adminning a large number of similar servers, I compile and test on a dev machine, and turn it into a package which gets sent to the online machines and installed via installpkg... (yes, I know it's possible with FreeBSD packages, but slackware's method of creating packages is simpler..)
Ports don't do too much for me - I hate the thought of having to compile for each machine.. (most of my machines don't have any dev tools on them at all.)
BSD's rc.conf is a little simpler, but can cause problems when you don't know all of the available options, or in which order they'll be used (is the firewall script called before or after the network is initialized, for example.)
I much prefer the ethernet device naming that Linux uses - for example, it makes writing firewall scripts for multiple interfaces much easier - you know that eth0 will always be your external interface, even if you're forced to change network cards (if one fails) and don't have the same model available..
Documentation - it's gotten better.. but my first experience was a couple of years ago - trying to build a FreeBSD kernel.. the Handbook documentation looked like it was written by someone with Zero-wing syndrome in one place, it actually offered a binary question, but offered three outcomes! (If you have version X or above, do A - if you have a version lower than X, do B - otherwise, do C.) I asked several people to parse it, and none of them could.
The sendmail flags are difficult - the setup program listed "YES" and "NO" for options as to whether to start sendmail, but it still kept starting - turned out you have to put "NONE" in order to keep it from really starting..
I still don't know where to look for logging of firewall rules - I've told them to log, but nothing shows up in dmesg.. if it's supposed to show up in syslog, I couldn't find any reference to the level/facility in the documentation..
I'm a diehard Slack user.. A few months ago I had to install some FreeBSD boxes for a frame-relay network (Linux's FR stack doesn't support Cisco LMI, or I would have stuck with Slackware.)
I found that FreeBSD's NAT leave a lot to be desired - it runs in user-space, and so requires a significantly faster CPU in order to be usable.. I had to upgrade all of the boxes (which had been running Linux) just to get it to work at all, and the latency is still higher on the FreeBSD boxes.
There's no real difference between the two as far as adminning goes (speed- or other-wise) - but Linux has more features (or at least better documentation on how to get those features to work.) Network troubleshooting in particular - getting verbose network reports under Linux is kiss-simple, but I still haven't found how to get FreeBSD to report detailed packet logs for specific firewall rules.
Once they are discovered, they are no longer entitled to trade secret protection, meaning they cannot sue the releasing party if they were released illegally.
The thing is - anything that's in the Linux code base by definition is not a secret.
Nobody's telling SCO "show all of your code" - they're saying "which lines of the Linux source do you believe is infringing?"
The only reason not to answer that question is that there is no infringing code.
So you are omnipotent?
No, I just have a basic understanding of my servers, and the processes that run on them.
often you will find that working out the chain of service dependencies
First of all, define "often". I've adminned a couple dozen Unix servers for the past 5 years, and I've never had to "work out" anything - I know what the dependencies are (if any) and which order things need to be started/stopped.
stopping them in reverse order and starting them again takes longer than a reboot
First of all, bullshit - how can stopping and starting a couple of services possibly take longer than stopping EVERYTHING, having the machine go through it's BIOS startup, loading the kernel, and then starting EVERYTHING all over again?
Second of all, even if this were the case (which it's not) all of the other services on the box will continue to run, so there is no interruption of them at all.
This gives a little with both sides of the argument, but it does demonstrate that email mass-marketing generates revenue.
. html
Not really - it's just as simple to believe that the list was placed to make people believe that it generates revenue.
This article suggests that New Zealanders alone have ponied up over 100 million in response to the old Nigerian email scam
The Nigerian scam is not an email scam - it existed well before the fax machine.
http://www.stuff.co.nz/stuff/0,2106,2686411a10,00
Rule #1: spammers lie. Rule #2: When examining the statistics produced by spammers, see rule #1.
there is some solid evidence and quite a bit of circumstancial evidence that at least some spam generates revenue.
No, there is a lot of circumstantial evidence.
it's clear that a real econimic incentive is at least part of the whole spam picture
Again, I disagree - the only "economic incentive" that exists are for the Nigerian 419'ers..
slap linux on this and bam, he's out of a job.
Why? Does this school not have an IT department?
it would make life harder for the other 97 percent of computer users
Again, because Mass. doesn't have an IT department?
windows has the advantage of protecting us from ourselves. there is no init to kill. no kernel modules to delete. no kernel to compile
You seem to not know anything about how large organizations are run - they have sysadmins who make the computers work, so that the users can get on with their jobs. Normal users don't install kernels, or have the ability to kill init, or compile their own kernels.
Contrasted with Windows (95/98, but also 2K to some degree) - under Linux, there is no way for a virus to take the system down, there is no way for a user to accidentally delete a system file.
In a large organization, Linux makes life easier, not harder.
what problems do you think having these tools around will cause?
It will allow an attacker to build their own software, which is guaranteed to work on the box they've rooted. (I know this is obvious, but it needs stating clearly because it's more important than you realize.)
If they have precompiled binaries that won't run on your system (because you've deliberately chosen a system that's not common), they'll be forced to build their own - it won't stop them, but it will slow them down, or encourage them to seek greener pastures.
Unless you've pissed someone off, most attackers are going to hit your box because they want to use it for something (port scanner, relay, etc.) If the software they want doesn't exist on your box, they'll have to get it there, and get it to work. The longer that takes them, the better - as it gives you more time to notice the intrusion.
This is the same as not having a text editor, so that an intruder cannot change config files.
No, it isn't. You're not saying "I don't have a dev environment, so the attacker won't be able to do anything", you're saying "I don't have a dev envrionment, so it will take an attacker longer to do something."
When they could use an editor or compiler on your firewall, you've already lost.
There are different degrees of 'lost'. It's about damage mitigation - the more inhospitable your system, the less an inexperienced attacker will be able to do, and the more time an experienced attacker will take to do damage.
The point is that there is a bigger probability that you'll need to patch the firewall from time to time - than the probability of a cracker breaking into it and abusing the tools.
I disagree.
The first assumption I make is that every firewall I install WILL get rooted eventually.
So - the trick is to make it as painful as possible for an attacker to do anything once the box is compromised, in the hope that I find out about the breach before the attacker can do much damage.. and if I don't notice quick enough, then I hope that the intruder a) lacks the appropriate skills to do any damage, or b) gives up and find another target.
To this end, you eliminate everything you don't need, including the dev environment. If you don't need something, you leave it off - glibc has lots of features, but if you don't need them, use libc5 (that way an attacker has another hurdle if he/she wants to install their own dev tools - they either need static binaries, or they need to compile them for libc5.)
it's _very_ conventient to have the development tools ready when you need that little tool on the firewall Right Now, and don't want to fiddle with using the identical box WITH development tools to build it, then transfer the new libraries and programs to the firewall box.
If you have a single firewall, then this is probably true, but I manage a couple dozen, and if I need to update something, it's much easier to build & test it once on a development box, and then transfer it, than it is to build it and test it on each firewall separately.
It's all about minimizing risk. Convenience is no excuse.
Edward Jenner's discovery of cowpox and its use to innoculate against smallpox saved generations from the embarassment of unsightly facial scars, a social problem.
No, that would be a medical problem, not a social one. Medicine is a science. The scars may impact people's social lives, but are a side-effect of the medical problem, not a social problem themselves (unless you're suggesting that the vaccine solved all forms of non congenital facial disfigurement.. which it didn't - and would still be a medical, not social, problem.)
Social problems are things like poverty and crime.
Now that smallpox has been totally eradicated, I'd say that this is a social problem with a complete technological solution.
Actually it would be a symptom of a medical problem with a scientific solution.
I think the assumption that spamming doesn't work is erroneous.
I guess we disagree then.. there is no hard evidence either way, just supposition. I stand by my beliefs.
If everybody were like me, there would be no spam, telemarketers, or junk mail - because I won't respond to direct advertising on principle.
Again, I disagree. Even if everybody were like you, there would be people who believed that there are people who are not like you - and that would be enough to maintain momentum. There would still be scammers who tell people that it works, and there would be people who would believe them - even if they wouldn't buy the stuff themselves. (Do you believe spammers buy stuff from the spam they receive?)
How many insanely stupid urban legends or ridiculous chain mails (forward this to a dozen friends and Bill Gates will send you a personal check for a hundred dollars!) have you received from friends who ought to know better?
I have received that letter exactly twice, and both times, when I told the person sending it that it wasn't true, they told me that they knew, but they forwarded it anyway, because they thought it was funny. To them, it was a joke.
Given its persitence I have to believe that for some, at least, it is working.
And I have a rock that keeps tigers away.
How does it work, you ask?
Well, it doesn't - it's just a rock. But you don't see any tigers around, do you?
OpenSSH is a part of Linux as much as RPC or Windows Messaging is a part of Windows.
Bullshit.
OpenSSH is an application. It's not necessary for any Linux system. You can choose not to install it if you don't want it - and the system will continue to be perfectly usable. If (like me) you want secure remote administration, you can even install an alternative.
And if you do choose to install OpenSSH, you can remove it at any time, with no adverse consequences.
Try not installing RPC or Windows Messaging when you install Windows - you can't - you're not even given the choice.
Try disabling RPC. You'll find that the OS stops working (no cut and paste.)
Microsoft has been good lately about doing proactive security reviews, and they often find holes before anyone else does.
This shows exactly how much knowledge you have on the topic.
Pretty much all of the remotely exploitable holes in the past year (in fact, every hole I know of in MS software) have been discovered by third-parties. MS makes an announcement - it doesn't meant that they discovered the vulnerability.
Take your trolls somewhere else.
This may be a victory for the anti-spammers
No, actually, it's a victory for pretty much everyone (except spammers.)
but at what cost
None - except the attorney fees.
Why does the spam problem require government intervention?
First of all, this is not government intervention. (the spammers asked the government for intervention to stop people from using those technological 'solutions' you desire so much, then tried to back out when they saw how fscked they were.)
Second of all, it requires a social solution (which is what laws are) because it's a social problem.
Almost every problem that has come up in recent history, particularly technical challenges, have been or can be solved with technical solutions
I'm hard pressed to think of any social problem that has ever been solved by technology. Can you please list some? (There are social problems that have been eased as a side effect of technology, but none I can think of that have a technological 'solution'.)
I hardly ever lose a real email to the spam folder while only about 5% of the spam I get ever reaches my inbox
So you're OK with being raped, just because you only see it 5% of the time?
Technology can't solve the problem of spam, because the problem of spam is that spammers want something for nothing, and don't care how many people or who they have to harrass/annoy/rob to do it. There is NO technological way to change this.
This is definitely not a win for the first amendment or civil liberties
It's also definitely not a win for the homeless, the starving children in Africa, battered wives, or the endangerd California condor (all of which have as much to do with spam as the first amendment or civil liberties.) Can you please bring something relevant to the conversaion?
This is definitely not a win that is going to help keep the internet a free place.
Wrong. It MOST DEFINITELY IS a win that is going to help keep the internet a free place, because it reinforces the fact that I am allowed to control the traffic that enters my network.
So why do they keep coming to work? Are they idiots? Or just malignant bastards?
Neither - they are con men.
why do companies keep using spam for advertising?
Take a look at some of the other replies to post, and you'll see why.. people see lots of spam, so they erroneously conclude that it works (after all, why would there be so much spam if it didn't work, they ask.)
It's all because spammers are con artists. They convince the stupid people (companies) that they can make money.. the net result is that the spammers get money, the stupid people get hosed, and everybody else gets spam.
The spammers then find another victim, and it all starts over again.
Does anyone have any backgroundinfo on this case?
Try this
I'm afraid that down the line, some gov't or corp will use these rulings to stiffle legitimate email/free speach/ or whatever
Spam has nothing to do with free speech.
Free speech means "you can say whatever you want."
It does NOT mean "you can force people to listen to you", nor does it mean "you can force people to pay for your speech."
Why'd their website go offline? Anyone know why?
Because the "EMA" was a shell - it's only reason to exist was to bring this lawsuit. This was in an attempt to hide the identities of the spammers who were behind it.
Now that they've been so thoroughly trashed, there is no reason to continue paying for hosting.
It is a shame that the judge didn't automatically award costs
If you read the link, you'll notice that the judge couldn't award costs - the Florida legal system doesn't allow it.
If you want to get technical then: Copyright Laws.
OK, I've read both the Canadian Copyright laws (C-42), and the US ones (Title 17).
I didn't see anything about requirements for region-coding DVDs.
If they are implemented in the copyright laws of other countries, please list the country, and the appropriate section of the law.
Again, please post a reference to the specific section of the law in question.
laws that require region coding on DVDs
I'm sorry, but exactly which laws are you talking about? Can you cite a title and section (as well as the country, if outside the US) of these "laws"?
If you meant "MPAA/RIAA self-imposed rules to screw consumers", then you should say so - but that's not a law.
when a company takes OSS code and doesn't give modifications back, they're not hurting anybody.
Yes they are - they are hurting ME.. and anyone else who sells service for that software.
Users would have to forward mail to the ISPs smart host for delivery, which should only accept mail from their own IP ranges
A better idea than blocking is to transparently proxy all outbound SMTP sessions to the ISP's mailserver.
restrict the number fo emails from a single server over a specific time period. This puts a bottle neck on spammers and helps, but does not eliminate the problem.
Transparent proxying would aid in this a great deal, as otherwise, you're not preventing spammers from abusing open relays (spammer sends one email to an open relay, with 10,000 BCC'ed recipients.)
Add monitoring (when the load on the SMTP server rises past a certain point, the sysadmin gets paged.)
I implemented this at the ISP I work for, and it works wonderfully. We've had a total on one piece of spam (single email, to a single recipient) leave our system over the past 5 years.
a kitchen sink!
:o)
No, it has to be able to read and send email! We need SMTP and IMAP4/POP3 in the kernel!
FreeBSD come with 2 firewall/nat packages.
:o) (I've adminned a ton of other firewalls, and never seen one where the last rule in the list was used before all the others.)
When I googled for docs on setting up a FreeBSD firewall, I saw two implementations, one seemed pretty ugly (firewall rules ran backwards - as in it fired all rules, and used the last one that matched) Is this the other one you mentioned?
ipfw/natd is the "standard" one, and sounds like the one you're using.
Yes. And it's particularly ugly.. the documentation for the other one sounded worse..
ipf/ipnat is the other one (and IMHO the better one). Nat runs in kernel space. And `ipfstat -nhio` gives you the stats.
From time to time I need detailed packet logs for network troubleshooting (listing interface, packet direction, source/dest address/port, TTL, packet length, protocol, flags, etc. for every packet hitting a particular rule or set of rules.) Is this what you mean by 'stats', or are you talking about a summary?
The package management and most importantly PORTS aspect of freebsd rock my world.
/usr/local - I prefer packages to put stuff in /usr.. /usr/local should be reserved for stuff you compile yourself..
Package management seems to install everything in
I know that packages are supposed to be relocatable at install time, but I found that particular feature inconsistant at best..
I prefer slackware's package management - when adminning a large number of similar servers, I compile and test on a dev machine, and turn it into a package which gets sent to the online machines and installed via installpkg... (yes, I know it's possible with FreeBSD packages, but slackware's method of creating packages is simpler..)
Ports don't do too much for me - I hate the thought of having to compile for each machine.. (most of my machines don't have any dev tools on them at all.)
BSD's rc.conf is a little simpler, but can cause problems when you don't know all of the available options, or in which order they'll be used (is the firewall script called before or after the network is initialized, for example.)
I much prefer the ethernet device naming that Linux uses - for example, it makes writing firewall scripts for multiple interfaces much easier - you know that eth0 will always be your external interface, even if you're forced to change network cards (if one fails) and don't have the same model available..
Documentation - it's gotten better.. but my first experience was a couple of years ago - trying to build a FreeBSD kernel.. the Handbook documentation looked like it was written by someone with Zero-wing syndrome in one place, it actually offered a binary question, but offered three outcomes! (If you have version X or above, do A - if you have a version lower than X, do B - otherwise, do C.) I asked several people to parse it, and none of them could.
The sendmail flags are difficult - the setup program listed "YES" and "NO" for options as to whether to start sendmail, but it still kept starting - turned out you have to put "NONE" in order to keep it from really starting..
I still don't know where to look for logging of firewall rules - I've told them to log, but nothing shows up in dmesg.. if it's supposed to show up in syslog, I couldn't find any reference to the level/facility in the documentation..
I'm a diehard Slack user.. A few months ago I had to install some FreeBSD boxes for a frame-relay network (Linux's FR stack doesn't support Cisco LMI, or I would have stuck with Slackware.)
I found that FreeBSD's NAT leave a lot to be desired - it runs in user-space, and so requires a significantly faster CPU in order to be usable.. I had to upgrade all of the boxes (which had been running Linux) just to get it to work at all, and the latency is still higher on the FreeBSD boxes.
There's no real difference between the two as far as adminning goes (speed- or other-wise) - but Linux has more features (or at least better documentation on how to get those features to work.) Network troubleshooting in particular - getting verbose network reports under Linux is kiss-simple, but I still haven't found how to get FreeBSD to report detailed packet logs for specific firewall rules.
Once they are discovered, they are no longer entitled to trade secret protection, meaning they cannot sue the releasing party if they were released illegally.
The thing is - anything that's in the Linux code base by definition is not a secret.
Nobody's telling SCO "show all of your code" - they're saying "which lines of the Linux source do you believe is infringing?"
The only reason not to answer that question is that there is no infringing code.
It's a bit more like, not having the right to break a window to get into a rented car.
Actually, it's more like "not having the right to break a window to get into a car you own"
You bought the CD, it's yours. You have the right to do anything you want with it, within the bounds of copyright law.