WEP is known to be insecure. It's why I just disabled it on my OpenBSD gateway that is also the wifi access point, and I'm using IPsec instead.
It works beautifully with a laptop running Linux (thanks, Freeswan), with the same laptop running Windows (thanks, Windows XP) and with another laptop running MacOS X (thanks, Racoon).
IPsec is a defacto standard. It's a bit complicated to set up (especially with different implementations), but implementations are interoperable, that's very nice.
The worse thing you will discover while switching to Windows is the default browser called Internet Explorer. If you are allowed to install only one random application, install another browser as soon as possible.
First, by using Internet Explorer you will discover another side of web sites you are usually browsing. With flashing stuff everywhere, with pages that forces you to wait while watching ads, and with dozens of popups everywhere.
Navigation with keyboard is impossible, so get a good optical mouse and a large screen if you want to preserve your nerves.
Also there is no tabbed browsing, so you have to lose habits like opening every new link in a new tab or you will quickly end up with tons of windows everywhere.
But the main problem is that if you don't browse only very trusted sites, strange things will happen. I never go to w4r3z web sites, but everytime I've used Internet Explorer, my system became a mess. Random windows (things about online Casinos, or odd search engines) appeared even while browsing Slashdot. My DNS settings were changed and things appeared in the service tray. I was never able to figure out what it was and how to remove this sort of annoyance, but it also happens all the time to other people I know who are using Windows, so this is probably normal.
I don't use WAP myself. Typing on a phone keyboard and watching an ugly result on a tiny screen is really not attractive.
However I work for a national FM radio and we provide a bunch of related WAP site.
People really don't use WAP to check what is on air. Neither do they use it to get the frequency they can listen us, neither do they use it to read news about music. Well, they do, but only once, only very quickly.
What they are spending time on, and what they are wasting money for is the chat section. The chat features geolocalisation so they send stupid messages to nearby people, hoping for a fuck. I don't know whether it actually works, but at least they try a lot.
OpenBSD has always been very picky when it comes to respecting licenses (unlike most other OS, they read the Postfix license before putting it on CD's).
Here's a recent post from Theo de Raadt on the OpenBSD misc@ mailing list:
Like other projects, we will not be incorporating new code from David Dawes into the XFree86 codebase used in OpenBSD. All such changes have to be skipped, rewritten, or you can contact the XFree86 group and place your own efforts to repair this damage.
I've tried to negotiate with David Dawes, and show him that his new license is not acceptable, and he has been hostile and it has gone nowhere. He keeps insisting that his license is a standard BSD licenses, yet, he won't use the same words that Berkeley used; if his words were intended to be compatible to the Berkeley spirit then he would be happy to use the same words; but he is not, and insists on different words which a lot of the community has trouble with.
It seems like every 8 years or so we have to go through some period where someone tries to take free software and makes it less free because they don't feel they are getting enough credit.
This is final; if that license stands, there will be forking.
And if you don't like that, don't bother telling me. Tell them.
It's a commercial Wine derivative that allows running a lot of Windows apps, including the full Microsoft Office suite.
And Office works extremely well. In fact... even better than Openoffice. Startup time is shorter than Openoffice. Rendering is good and fast. Compatibility is of course perfect.
Re:We *have* a fantastic FreeBSD 5 desktop
on
FreeBSD 5.2 Review
·
· Score: 1
OpenStep has nothing to do with FreeBSD.
Just like you can run notepad.exe with Wine doesn't mean that Windows is Linux.
Re:We *have* a fantastic FreeBSD 5 desktop
on
FreeBSD 5.2 Review
·
· Score: 1
MacOS X is not FreeBSD.
First, a part on it is actually based upon *BSD (OpenBSD, NetBSD and FreeBSD), GNU, KDE and some other opensource sofware like Curl, not just FreeBSD.
Next that part is important, but small in volume.
The "BSD subsystem" with most Unix tools is even just a package you choose to install or not.
The rest of MacOS is proprietary Apple work. And this part is huge.
Try to run a Cocoa app on FreeBSD, you can't. Try to run a Classic app on FreeBSD, you can't. Try to get the Aqua environment on FreeBSD, you can't.
Apple made a huge work to build MacOS X, it's definitely not just FreeBSD.
I don't know whether it applies to that one, but a _very_ efficient way to avoid the annoyance of Windows email worms is to use your firewall block all incoming traffic from a Windows machine to port 25.
On OpenBSD, the following line is enough:
block drop in log quick proto tcp from any os Windows to any port smtp
There is really not a lot of legacy mail exchangers running Windows so it doesn't hurt.
However, it blocks most worms that are trying to directly send mail.
Two other GPL violations are made by Realmedia (http://www.247realmedia.com/), a company selling a popular web ads ring through their OpenAdStream product.
OpenAdStream's core is an Apache module called mod_oas.so . The module includes modified versions of GNU Rx and GNU GDBM. But:
- The module is commercial and closed source. - There is no copy of the GPL licence anywhere with the product. - There is even no credit to the authors of GNU Rx and GNU GDBM anywhere. Full copyrights are for Realmedia.
Evidences of the inclusion of GNU Rx and GNU GDBM are obvious, just grep for them to see the GNU copyright in the binary.
I contacted them multiple ways, with no answer ever.
Both articles give nice ideas, but it may not be a good idea to blindly follow their advices.
For instance, polling doesn't always improve things. Past the theory, I tried to enable device polling on a web server running FreeBSD 4.9-STABLE and the performance significantly _decreased_.
Also one of those papers suggests playing with extra GCC optimization flags. Well. First, don't expect your system to get significant speed improvements except for some very specific applications (usually not servers, rather intensive maths work).
Next, FreeBSD is not Gentoo Linux. Gentoo has tons of users heavily testing all possible GCC optimization and discovering breakages. Those breakages are solved by adding extra patches, by backporting patches from CVS trees or by filtering annoying gcc flags for some piece of software. The whole thing works and it is even reliable because Gentoo Linux was designed that way and people use it that way.
On the other hand, almost no FreeBSD user use special flags. Even nothing but "-O" is explicitely recommended. There is no Gentoo-like workarounds for specific optimization flags. Nothing is really tested with extreme compiler optimization flags. So if you start playing with this, you may hit strange bugs and not a lot of people would have encoutered the same bug. So you're on your own. Your system may be unstable while your actual gain of performance will be near zero (really in a real world, bottlenecks are often disk/io, ram and network latency).
Actually it's the opposite. 2.6 is very stable. But implementation of some features (especially device-mapper) is still incomplete. And it will not change when it will be called 2.6.0, it means adding a lot of new code, not fixing an obvious bug.
"ip" is definitely great and I really miss that command on BSD systems.
Not only it is way more powerful that ifconfig, it is also easier to use, with a very logical and comprehensive syntax ("ip route add default via 192.168.1.221")
Refactoring "ifconfig" nowadays sounds like a total waste of time IMHO. Hopefully Dragonfly will take a more modern approach.
The strength of OpenBSD is that people continously audit the code and implement preventive stuff like privilege separation to reduce the risks in case of a vulnerability.
On the other hand, the code of BSD kernels is a real mess. Some parts are really tricky, with glue between historic and new code and a lot of ugly, possible unsafe macros everywhere. The Linux kernel framework is way cleaner and more robust. When something goes wrong in a kernel thread, it can almost always properly recover and not just go to panic().
And Linux has also some barriers like SELinux that theorically renders uncommon situations not exploitable. Theorically, because there can still be bugs in SELinux or other parts of the kernel that would bypass it.
The "barriers" approach, although described as useless by some people is, in a real world, very efficient. Grsecurity (or recent OpenBSD with PaX and co) and SELinux make it very difficult to write reliable exploits. Still if an exploit would work, it will only work after having filled gigabytes of log files, giving a change to system administrators to take an action on time.
The cons of the "barriers" approach is that it cures the implications of a problem, not the cause. The bug is still there, but instead of being exploitable to execute arbitrary code, it crashes the process (eventually immediately restarted with a tool like Monit or Supervise).
The OpenBSD auditing approach aims at curing the bug itself, thus not causing any crash.
Both approaches are actually complementary, but still not 100% efficient.
The only way to make reliable and secure (even from a theoric point of view) is to prove the code. Unfortunately it's not a trivial task and it can't be made upon an existing unix-like base.
But if you never heard about it, have a look at the very promizing EROS Project: http://www.eros-os.org/
Looking at the photographs, the entiere beast resides in 64 rack cases. With 42 units per case and 65536 CPU total, there are 24 CPUs per unit.
Not bad:)
I can't imagine the overall heat of the thing.
OpenAdStream (http://www.realmedia.com/) serves a lot of banners you see on the web sites.
The core of the product is mod_oas.so, an Apache module.
It embeds GDBM and GNU Rx that are both published under the GPL licence. It doesn't dynamically links with these libraries, it really embeds a specific version of them (the server works without the libraries installed on the system). If you are an OpenAdStream customer, just run "strings" on the module to discover the name of the source code of GDBM and an RCS ID of GNU Rx.
However the module is commercial, closed-source software. The GPL licence is available nowhere in the product. Even GNU Rx and GDBM author's names are missing.
I sent them multiple emails about this, none ever were answered.
Slashdot Mirror
WEP is known to be insecure.
It's why I just disabled it on my OpenBSD gateway that is also the wifi access point, and I'm using IPsec instead.
It works beautifully with a laptop running Linux (thanks, Freeswan), with the same laptop running Windows (thanks, Windows XP) and with another laptop running MacOS X (thanks, Racoon).
IPsec is a defacto standard. It's a bit complicated to set up (especially with different implementations), but implementations are interoperable, that's very nice.
The worse thing you will discover while switching to Windows is the default browser called Internet Explorer. If you are allowed to install only one random application, install another browser as soon as possible.
First, by using Internet Explorer you will discover another side of web sites you are usually browsing. With flashing stuff everywhere, with pages that forces you to wait while watching ads, and with dozens of popups everywhere.
Navigation with keyboard is impossible, so get a good optical mouse and a large screen if you want to preserve your nerves.
Also there is no tabbed browsing, so you have to lose habits like opening every new link in a new tab or you will quickly end up with tons of windows everywhere.
But the main problem is that if you don't browse only very trusted sites, strange things will happen. I never go to w4r3z web sites, but everytime I've used Internet Explorer, my system became a mess. Random windows (things about online Casinos, or odd search engines) appeared even while browsing Slashdot. My DNS settings were changed and things appeared in the service tray. I was never able to figure out what it was and how to remove this sort of annoyance, but it also happens all the time to other people I know who are using Windows, so this is probably normal.
I don't use WAP myself. Typing on a phone keyboard and watching an ugly result on a tiny screen is really not attractive.
However I work for a national FM radio and we provide a bunch of related WAP site.
People really don't use WAP to check what is on air. Neither do they use it to get the frequency they can listen us, neither do they use it to read news about music. Well, they do, but only once, only very quickly.
What they are spending time on, and what they are wasting money for is the chat section. The chat features geolocalisation so they send stupid messages to nearby people, hoping for a fuck. I don't know whether it actually works, but at least they try a lot.
MySQL has transactions for 5 years.
I've never used MyISAM.
How does it compare to MySQL for web sites, that typically makes a lot of short connections to the same database?
OpenBSD has always been very picky when it comes to respecting licenses (unlike most other OS, they read the Postfix license before putting it on CD's).
:
Here's a recent post from Theo de Raadt on the OpenBSD misc@ mailing list
Like other projects, we will not be incorporating new code from David
Dawes into the XFree86 codebase used in OpenBSD. All such changes
have to be skipped, rewritten, or you can contact the XFree86 group
and place your own efforts to repair this damage.
I've tried to negotiate with David Dawes, and show him that his new
license is not acceptable, and he has been hostile and it has gone
nowhere. He keeps insisting that his license is a standard BSD
licenses, yet, he won't use the same words that Berkeley used; if his
words were intended to be compatible to the Berkeley spirit then he
would be happy to use the same words; but he is not, and insists on
different words which a lot of the community has trouble with.
It seems like every 8 years or so we have to go through some period
where someone tries to take free software and makes it less free
because they don't feel they are getting enough credit.
This is final; if that license stands, there will be forking.
And if you don't like that, don't bother telling me. Tell them.
Have a look at Codeweavers Crossover Office.
It's a commercial Wine derivative that allows running a lot of Windows apps, including the full Microsoft Office suite.
And Office works extremely well. In fact... even better than Openoffice. Startup time is shorter than Openoffice. Rendering is good and fast. Compatibility is of course perfect.
OpenStep has nothing to do with FreeBSD.
Just like you can run notepad.exe with Wine doesn't mean that Windows is Linux.
MacOS X is not FreeBSD.
First, a part on it is actually based upon *BSD (OpenBSD, NetBSD and FreeBSD), GNU, KDE and some other opensource sofware like Curl, not just FreeBSD.
Next that part is important, but small in volume.
The "BSD subsystem" with most Unix tools is even just a package you choose to install or not.
The rest of MacOS is proprietary Apple work. And
this part is huge.
Try to run a Cocoa app on FreeBSD, you can't.
Try to run a Classic app on FreeBSD, you can't.
Try to get the Aqua environment on FreeBSD, you can't.
Apple made a huge work to build MacOS X, it's definitely not just FreeBSD.
Please stop saying that MacOS X unix tools is based upon FreeBSD.
:
/usr/bin/* /bin/* /sbin/* /usr/sbin/* 2>/dev/null | fgrep OpenBSD | wc -l /usr/bin/* /bin/* /sbin/* /usr/sbin/* 2>/dev/null | fgrep FreeBSD | wc -l /usr/bin/* /bin/* /sbin/* /usr/sbin/* 2>/dev/null | fgrep NetBSD | wc -l
:
Apple actually took parts of NetBSD, FreeBSD and OpenBSD.
Most tools actually come from OpenBSD.
If you got MacOS X and if you need a proof, just try
ident
ident
ident
Here's what I get on Darwin 7.2.0 (Panther, everything up to date)
OpenBSD : 303
FreeBSD : 258
NetBSD : 143
The rest is mostly GNU tools.
No, because there's a pass in quick for the local network interface before.
I don't know whether it applies to that one, but a _very_ efficient way to avoid the annoyance of Windows email worms is to use your firewall block all incoming traffic from a Windows machine to port 25.
:
On OpenBSD, the following line is enough
block drop in log quick proto tcp from any os Windows to any port smtp
There is really not a lot of legacy mail exchangers running Windows so it doesn't hurt.
However, it blocks most worms that are trying to directly send mail.
Forbidden /~fullermd/rants/bsd4linux/bsd4linux1.php on this server.
:)
You don't have permission to access
Apache/1.3.27 Server at www.over-yonder.net Port 80
Ok, as a Linux user, I really understand why I should _not_ use BSD after reading this
Two other GPL violations are made by Realmedia (http://www.247realmedia.com/), a company selling a popular web ads ring through their OpenAdStream product.
:
OpenAdStream's core is an Apache module called mod_oas.so . The module includes modified versions of GNU Rx and GNU GDBM. But
- The module is commercial and closed source.
- There is no copy of the GPL licence anywhere with the product.
- There is even no credit to the authors of GNU Rx and GNU GDBM anywhere. Full copyrights are for Realmedia.
Evidences of the inclusion of GNU Rx and GNU GDBM are obvious, just grep for them to see the GNU copyright in the binary.
I contacted them multiple ways, with no answer ever.
Both articles give nice ideas, but it may not be a good idea to blindly follow their advices.
For instance, polling doesn't always improve things. Past the theory, I tried to enable device polling on a web server running FreeBSD 4.9-STABLE and the performance significantly _decreased_.
Also one of those papers suggests playing with extra GCC optimization flags. Well. First, don't expect your system to get significant speed improvements except for some very specific applications (usually not servers, rather intensive maths work).
Next, FreeBSD is not Gentoo Linux.
Gentoo has tons of users heavily testing all possible GCC optimization and discovering breakages. Those breakages are solved by adding extra patches, by backporting patches from CVS trees or by filtering annoying gcc flags for some piece of software. The whole thing works and it is even reliable because Gentoo Linux was designed that way and people use it that way.
On the other hand, almost no FreeBSD user use special flags. Even nothing but "-O" is explicitely recommended. There is no Gentoo-like workarounds for specific optimization flags. Nothing is really tested with extreme compiler optimization flags. So if you start playing with this, you may hit strange bugs and not a lot of people would have encoutered the same bug. So you're on your own. Your system may be unstable while your actual gain of performance will be near zero (really in a real world, bottlenecks are often disk/io, ram and network latency).
Actually it's the opposite.
2.6 is very stable.
But implementation of some features (especially device-mapper) is still incomplete. And it will not change when it will be called 2.6.0, it means adding a lot of new code, not fixing an obvious bug.
The logical volumes manager (device-mapper) is still incomplete in current 2.6 kernels.
:
Snapshots don't work without an experimental patches.
Other patches are needed to make EVMS properly work.
This is a showstopper.
However, if you don't need virtual volumes, yes, 2.6 definitely
1) rocks
2) is stable.
You must confuse with Solaris.
You can assign any number of addresses to a single interface without cloning it.
$ ip addr add 192.168.1.7/24 dev eth0
$ ip addr add 10.1.7.7/24 dev eth0
$ ip addr add 10.2.4.5/24 dev eth0 scope link
> you can do:
> # ifconfig fxp0 192.168.1.12/32 alias
Woah, impressive!
Have you ever used Linux?
Please mod this up.
"ip" is definitely great and I really miss that command on BSD systems.
Not only it is way more powerful that ifconfig, it is also easier to use, with a very logical and comprehensive syntax ("ip route add default via 192.168.1.221")
Refactoring "ifconfig" nowadays sounds like a total waste of time IMHO. Hopefully Dragonfly will take a more modern approach.
Well... yes... and no.
:
The strength of OpenBSD is that people continously audit the code and implement preventive stuff like privilege separation to reduce the risks in case of a vulnerability.
On the other hand, the code of BSD kernels is a real mess. Some parts are really tricky, with glue between historic and new code and a lot of ugly, possible unsafe macros everywhere. The Linux kernel framework is way cleaner and more robust. When something goes wrong in a kernel thread, it can almost always properly recover and not just go to panic().
And Linux has also some barriers like SELinux that theorically renders uncommon situations not exploitable. Theorically, because there can still be bugs in SELinux or other parts of the kernel that would bypass it.
The "barriers" approach, although described as useless by some people is, in a real world, very efficient. Grsecurity (or recent OpenBSD with PaX and co) and SELinux make it very difficult to write reliable exploits. Still if an exploit would work, it will only work after having filled gigabytes of log files, giving a change to system administrators to take an action on time.
The cons of the "barriers" approach is that it cures the implications of a problem, not the cause. The bug is still there, but instead of being exploitable to execute arbitrary code, it crashes the process (eventually immediately restarted with a tool like Monit or Supervise).
The OpenBSD auditing approach aims at curing the bug itself, thus not causing any crash.
Both approaches are actually complementary, but still not 100% efficient.
The only way to make reliable and secure (even from a theoric point of view) is to prove the code. Unfortunately it's not a trivial task and it can't be made upon an existing unix-like base.
But if you never heard about it, have a look at the very promizing EROS Project
http://www.eros-os.org/
It's fun to see how security research shifted from applications to kernels lately.
Looking at the photographs, the entiere beast resides in 64 rack cases. With 42 units per case and 65536 CPU total, there are 24 CPUs per unit. Not bad :)
I can't imagine the overall heat of the thing.
a Beowulf cluster of those?
(sorry, but someone had to say it)
OpenAdStream (http://www.realmedia.com/) serves a lot of banners you see on the web sites.
The core of the product is mod_oas.so, an Apache module.
It embeds GDBM and GNU Rx that are both published under the GPL licence. It doesn't dynamically links with these libraries, it really embeds a specific version of them (the server works without the libraries installed on the system). If you are an OpenAdStream customer, just run "strings" on the module to discover the name of the source code of GDBM and an RCS ID of GNU Rx.
However the module is commercial, closed-source software. The GPL licence is available nowhere in the product. Even GNU Rx and GDBM author's names are missing.
I sent them multiple emails about this, none ever were answered.