I have to disagree a bit when it comes to the OpenBSD and Apache issue.
Apache is included in the standard install but it's default switched off.
If there's a security problem with Apache, then it's an issue with apache, not OpenBSD.
And nowadays it's even better, when you switch apache on it starts chroot jailed unless configured otherwise.
All showing the fundamentals of security.
If you don't use it, don't start it.
Configure it to run unchrooted _only_ if you have to.
Don't add any modules or functions that you don't intend to use.
This is in stark contrast to several other software/OS/dists that ship with a bells and whistles ready to run and you have to lock them down to get rid them.
// hdw
ps.
I still think it's a bug that OpenBSD allows root login over ssh as default.
ds.
This is a discussion that I think most ISPs have had for many many years.
Blocking dangerous ports would be a good thing for most ISPs, they want subscribers and online time, but preferrably as little traffic as possible.
Even more so as broadband/always-on connections multiply.
But all forms of ISP controlled blocks create two problems.
Some people want those ports open, some because they use those ports, some because they se it as an invasion of privacy (it's _my_ port, and _my_ computer, _I_ decide if I want it blocked or not!).
As soon as the ISP start to take 'responsibility' is hard to say where that responsibility ends. "You block port xxx but not port yyy, and because of that 1000's of customers got infected, bad ISP!"
And of course, it does mean more work for the staff, which costs money for the ISP.
But it's not a simple issue.
Most of it also applies to ISP spam blocks.
As a seriuos flightsim geek I've used over 40 different sims and games (just counted and found 35 flightsim CD's on the shelf, then add dowloads).
I stay updated on the latest versions of Flight Gear and due to it's openness it's the most promising sim I've found.
But it's way behind XPlane (and, dare I say it, MSFS).
Sadly enough I think what FG really needs is a madcap like Austin to get really good.
And even more sadly that I can't reach that level of commitment myself:(
But maybe some fine day it will be the best flightsim around.
I think you've missed the point a bit.
Swedish consumer law, the one the whole thread is about, explicitly allow you to copy records and record streaming media for private use. // hdw
This is just a silly construct.
If the material has been made available with the copyright holders permission this will be stated.
The law states, like always in such cases, that it's illegal to do it willfully and knowingly.
It's illegal to buy a stolen bike.
If you buy it from a shady dude on the street, and it's sporting a broken lock, you've broken the law.
If you buy it from a bike shop or from someone's home, and you get a written receipt, you haven't broken the law. Because there was no way for you to even suspect that it was stolen in the first place.
Same thing applies here.
If you download it from a source that states that it's free to download and seems legitimate. You're free to do so, even if it later shows that it wasn't free at all.
If you download it from Joe Random site you can be quite certain that it's "stolen".
Dead wrong on 4 accounts.
1. It's explicitly stated as allowed, unless she copies the entire songbook.
2. It's explicitly stated as allowed.
3. It's explicitly stated as allowed.
4. It's explicitly stated as allowed.
A good thing with the proposal is that it actually states that the stuff you mentioned is allowed.
There's three different issues here.
1. It will become illegal to download material that have been made available in an illegal manner.
It's simply the law about recieving stolen goods applied to electronic media.
If it's illegal to make copyrighted material available for download, it's only logical that it's also illegal (albeit to a lesser extent) to download it.
The right to make private copies are made clearer and allows anyone to make backups or move material to another media for private use.
Including recording of TV, radio or other streaming media for private use.
2. The law makes it illegal to create and distribute tools for breaking copy protection and likewise to use such tools.
It does _not_ outlaw generic crypto tools, just tools used to bypass copy protection.
This will not make it illegal to backup your DVD, but you can't rip it, recode it and store it in another format.
It will make it illegal to decode encrypted DVDs using anything else than the tools blessed by the copyright holder. But that's a commercial decision taken by the DVD distributors.
3. The levy on recordable media has been there for ages, it has been extended to cover new forms of media. It's intented to cover the _legal_ copying, like recording streaming media.
I don't there's a single platform without a working PPTP client ported.
We have simple rules, you can run any client you like, given:
1. It works.
2. You have a complete set of documented procedures for you OS and client approved by corporate security. Including at least, procurement, installation, testing, rollout, operations, maintainance, user access control (with re-verification every 6 months (3 months for root)), backup, etc, etc...
Corporate security isn't about functionality, it's about process control, and it should.
Because at work I have no choice, w2k pro is corporate standard.
I can install whatever OS I want on my machine, but I can't connect it to the network.
A non-networked OpenBSD machine in the corner looks quite sad.
I know, because I've got an old laptop with OBSD to give me comfort when the world is cruel.
At home my main desktop is windows(Me) because it allows me to bring work back home, and to telecommute the days I don't drag my ass to the office.
And to play Civ III, and F-15, and F22-ADF and Alpha Centauri.
There's Duron 1200 OpenBSD at slot 2 in my kvm-switch, which is used for all development and serious stuff.
There's three other OBSD boxen spread around, firewall, samba server, videoserver and various stuff.
But yes, my main desktop is windows.
I might move slot 2 to slot 1 in the switch, but not until I've bothered to compile the latest phoenix on the BSD can.
It's rather that the people who can't drive shouldn't be driving.
But this issue is a bit deeper for the ISPs than just figuring out what the customers want.
Speaking as a former ISP CTO.
First of all, if you offer "Internet connection", then you better provide that. Not a filtered down "we decide what's best for you" version.
But that doesn't stop you from creating a different service.
Call it secure, easy, managed or protected internet connection.
A lot of customers want exactly that, so why are no ISPs providing it?
Because it would be to expensive.
If you start blocking ports for security, than the customer will blame you, or at least bog down your helpdesk, if there's a problem with some other port.
Actually, since the service you offer is 'secure', the customers will hold you responsible for almost everything that happens to the customers' computers.
So on top of the cost you have to provide base internet access and support for that part, you also have to maintain the filters/security functions, provide much more support and risk a lawsuit (at least in the US).
Which makes the protected internet access 2 or 3 times more expensive than the raw/uncut version.
IM(nv)HO portal software is intended to create a single point of entrance to a wide set of content and/or applications.
Often personally customisable for style and content.
This includes the link collection stuff, like/., and other news or industry portals.
But it also includes functional portals, like 'my pages' that many companies have for their users.
Sites that allow the user to check their bill, update personal information, order new stuff, check order progress and so on.
Or internal corporate sites that lets the employees interact with the payroll and other HR systems, order stationary/hardware and that kind of operations as well of providing corporate wide information (guidelines, common procedures, forms).
Given the great amount of people who seem too like the features and function of OpenBSD but are miffed by the 'rude' responses by the OpenBSD crowd in general and the OpenBSD dev team in specific I've decided to start a new *BSD code branch "NiceBSD".
The project goals for NiceBSD is skip all the coding and writing stuff and concentrate on being nice and polite to the users.
All code and documentation will be ripped from OpenBSD and updated every week.
Users asking question that can be answered by reading FAQs or man pages will get the correct quote in a nice and polite way.
Users asking questions not covered by FAQs and man pages will be informed that we don't have a clue, in a nice and polite manner.
Users asking for new features will informed that we will consider it for the next release.
I haven't decided upon which cute mascot to use for NiceBSD but I think that a Donkey or a Jackass would be perfect.
If you want a certain feature then either add it yourself or pay someone to do it.
They've given away a serious amount of time and effort to create this free product. If they choose to be 'assholes' it's their right.
If you don't want to use their product, it's your choice.
Come on, how hard is it to download the floppyimage, create a boot floppy and do a netinstall?
Or download the installfiles and burn a CD?
And if some feature is missing?
It's a Free OS, fix the feature yourself and submit it to the team, or dog/hire someone to do it for you.
Elitist?
Because anyone asking questions that are explained in detail in FAQ are told to go back and read the FAQ?
Because anyone asking question that are explained in detail in the manpages are told to read the manpages?
OpenBSD is secure, stable and easy to maintain.
I use it for a lot of stuff:
at home, as firewalls, Wlan gateway, fileserver, software development, videograbbing and asorted stuff.
at my friends' and siblings' homes, as firewalls and gateways.
at small business, as firewalls, fileservers, proxies, apacheservers.
at the large telco that pays my salary, as firewalls, security gateways, proxies, MS-VPN servers, radius servers.
In short, I'm a dedicated OpenBSD fanatic, and I'm quite convinced that Theo can walk on water without getting his feet wet, or at least cross shallow ponds with only damp socks.
But this doesn't change the fact that there's several things stopping me from trying to replace the OS on every box I can find.
There's alot software that doesn't install and run clean on OpenBSD.
There's a lot of software that has to be cuddled with a bit before it works.
And from a maintain/support view there's a lot more people trained on various (GNU)/Linuxes, making it much easier (and cheaper) to hire support and contractors.
There's also the lack of stable SMP support, and the lack of support for less common hardware.
Will OpenBSD rule the world? No, I still se it a "targeted" product.
It doesn't promise world domination like Linux.
It doesn't promise maximum portability and support for obscure hardware like NetBSD.
It doesn't aim for maximum software support like FreeBSD.
It promises security and stability, and it delivers.
Slashdot Mirror
But most users have no need for all out max performance and scalability.
// hdw
Most users don't run a heavy loaded website or compile farm.
The users that do should also know how to optimize their systems.
Comparing raw, out-of-the-box, systems are quite pointless, unless used as 'facts' for some pissing contest.
I have to disagree a bit when it comes to the OpenBSD and Apache issue.
// hdw
Apache is included in the standard install but it's default switched off.
If there's a security problem with Apache, then it's an issue with apache, not OpenBSD.
And nowadays it's even better, when you switch apache on it starts chroot jailed unless configured otherwise.
All showing the fundamentals of security.
If you don't use it, don't start it.
Configure it to run unchrooted _only_ if you have to.
Don't add any modules or functions that you don't intend to use.
This is in stark contrast to several other software/OS/dists that ship with a bells and whistles ready to run and you have to lock them down to get rid them.
ps.
I still think it's a bug that OpenBSD allows root login over ssh as default.
ds.
Most people can't filter their email at the server, since most people doesn't have access to a server to filter at.
// hdw
So the majority has to filter locally, either in the client or with a local pop/imap proxy (like PopFile).
Blocking dangerous ports would be a good thing for most ISPs, they want subscribers and online time, but preferrably as little traffic as possible.
Even more so as broadband/always-on connections multiply.
But all forms of ISP controlled blocks create two problems.
Some people want those ports open, some because they use those ports, some because they se it as an invasion of privacy (it's _my_ port, and _my_ computer, _I_ decide if I want it blocked or not!).
As soon as the ISP start to take 'responsibility' is hard to say where that responsibility ends. "You block port xxx but not port yyy, and because of that 1000's of customers got infected, bad ISP!"
And of course, it does mean more work for the staff, which costs money for the ISP.
But it's not a simple issue.
Most of it also applies to ISP spam blocks.
And publicfile would protect them against a local kernel exploit?
// hdw
Read the the their statement.
// hdw
Local exploit of kernel bug.
Not ftpd or anything else.
How about reading the statement they've posted?
// hdw
"It appears that the machine was cracked using a ptrace exploit by a local user"
A bug in the kernel, not in ftpd.
As a seriuos flightsim geek I've used over 40 different sims and games (just counted and found 35 flightsim CD's on the shelf, then add dowloads).
:(
// hdwbr
I stay updated on the latest versions of Flight Gear and due to it's openness it's the most promising sim I've found.
But it's way behind XPlane (and, dare I say it, MSFS).
Sadly enough I think what FG really needs is a madcap like Austin to get really good.
And even more sadly that I can't reach that level of commitment myself
But maybe some fine day it will be the best flightsim around.
If it makes you so upset why don't you put your money (or work) where your mouth is?
// hdw
Spend some years coding something as good as XPlane and release it for free. Then you can come back and whine.
I think you've missed the point a bit.
// hdw
Swedish consumer law, the one the whole thread is about, explicitly allow you to copy records and record streaming media for private use.
This is just a silly construct.
If the material has been made available with the copyright holders permission this will be stated.
The law states, like always in such cases, that it's illegal to do it willfully and knowingly.
It's illegal to buy a stolen bike.
If you buy it from a shady dude on the street, and it's sporting a broken lock, you've broken the law.
If you buy it from a bike shop or from someone's home, and you get a written receipt, you haven't broken the law. Because there was no way for you to even suspect that it was stolen in the first place.
Same thing applies here.
If you download it from a source that states that it's free to download and seems legitimate. You're free to do so, even if it later shows that it wasn't free at all.
If you download it from Joe Random site you can be quite certain that it's "stolen".
hdw
Dead wrong on 4 accounts.
// hdw
1. It's explicitly stated as allowed, unless she copies the entire songbook.
2. It's explicitly stated as allowed.
3. It's explicitly stated as allowed.
4. It's explicitly stated as allowed.
A good thing with the proposal is that it actually states that the stuff you mentioned is allowed.
There's three different issues here.
// hdw
1. It will become illegal to download material that have been made available in an illegal manner.
It's simply the law about recieving stolen goods applied to electronic media.
If it's illegal to make copyrighted material available for download, it's only logical that it's also illegal (albeit to a lesser extent) to download it.
The right to make private copies are made clearer and allows anyone to make backups or move material to another media for private use.
Including recording of TV, radio or other streaming media for private use.
2. The law makes it illegal to create and distribute tools for breaking copy protection and likewise to use such tools.
It does _not_ outlaw generic crypto tools, just tools used to bypass copy protection.
This will not make it illegal to backup your DVD, but you can't rip it, recode it and store it in another format.
It will make it illegal to decode encrypted DVDs using anything else than the tools blessed by the copyright holder.
But that's a commercial decision taken by the DVD distributors.
3. The levy on recordable media has been there for ages, it has been extended to cover new forms of media.
It's intented to cover the _legal_ copying, like recording streaming media.
Also, being swedish, GSM is the only way to go for me.
In short:
Pros:
The size, just about rigth. Smaller than a normal PDA, but not to small to be useful.
It really works, both as a PDA and as a phone.
The quick dials, 50 quick dial numbers easily reachable with a one hand.
PalmOS, the basic set of apps are nice, but the fact that I can add almost anything to it (and easily hack something up myself.
GPRS, always on, not blocking calls or SMS, not losing TCP sessions because of a temp hickup in coverage.
Good handsfree, stays in my belt during most of my calls.
Cons:
Some random hickups, locking itself and needing a reset (doesn't loose data, just switch the mobile mode on again).
It freezes for 2-3 seconds before presenting a new SMS or call (annoying if you're writing something).
Grayscale, but it's not an issue for me, I have no need for a colour PDA.
Battery life, 2-3 hours talking or actively using GPRS, 4-5 days standby. Solved by getting an extra sync cable and charger to the office.
No hardware expansion, no slots of any kind. In theory you can expand it over USB, serial or IR.
Currently not possible to use it as a GPRS modem/router. (But writing on that app.)
Overall I'm very pleased with it, it does what I want it to.
Ssh login to my boxen when needed.
Surfin on the subway (reading /. ;))
Check my mail when on the road (and clean out spam).
Very nice for SMS.
Connecting to the MUD while at the pub ;)
Keeping time and alarms (with BigClock and sntp).
I don't there's a single platform without a working PPTP client ported.
...
We have simple rules, you can run any client you like, given:
1. It works.
2. You have a complete set of documented procedures for you OS and client approved by corporate security. Including at least, procurement, installation, testing, rollout, operations, maintainance, user access control (with re-verification every 6 months (3 months for root)), backup, etc, etc
Corporate security isn't about functionality, it's about process control, and it should.
Because at work I have no choice, w2k pro is corporate standard.
I can install whatever OS I want on my machine, but I can't connect it to the network.
A non-networked OpenBSD machine in the corner looks quite sad.
I know, because I've got an old laptop with OBSD to give me comfort when the world is cruel.
At home my main desktop is windows(Me) because it allows me to bring work back home, and to telecommute the days I don't drag my ass to the office.
And to play Civ III, and F-15, and F22-ADF and Alpha Centauri.
There's Duron 1200 OpenBSD at slot 2 in my kvm-switch, which is used for all development and serious stuff.
There's three other OBSD boxen spread around, firewall, samba server, videoserver and various stuff.
But yes, my main desktop is windows.
I might move slot 2 to slot 1 in the switch, but not until I've bothered to compile the latest phoenix on the BSD can.
It's rather that the people who can't drive shouldn't be driving.
But this issue is a bit deeper for the ISPs than just figuring out what the customers want.
Speaking as a former ISP CTO.
First of all, if you offer "Internet connection", then you better provide that. Not a filtered down "we decide what's best for you" version.
But that doesn't stop you from creating a different service.
Call it secure, easy, managed or protected internet connection.
A lot of customers want exactly that, so why are no ISPs providing it?
Because it would be to expensive.
If you start blocking ports for security, than the customer will blame you, or at least bog down your helpdesk, if there's a problem with some other port.
Actually, since the service you offer is 'secure', the customers will hold you responsible for almost everything that happens to the customers' computers.
So on top of the cost you have to provide base internet access and support for that part, you also have to maintain the filters/security functions, provide much more support and risk a lawsuit (at least in the US).
Which makes the protected internet access 2 or 3 times more expensive than the raw/uncut version.
It's rather that the people who can't drive shouldn't be drinving.
IM(nv)HO portal software is intended to create a single point of entrance to a wide set of content and/or applications.
/., and other news or industry portals.
Often personally customisable for style and content.
This includes the link collection stuff, like
But it also includes functional portals, like 'my pages' that many companies have for their users.
Sites that allow the user to check their bill, update personal information, order new stuff, check order progress and so on.
Or internal corporate sites that lets the employees interact with the payroll and other HR systems, order stationary/hardware and that kind of operations as well of providing corporate wide information (guidelines, common procedures, forms).
Your point is valid.
My point is that I prefer good coders with bad people skills over bad coders with good people skills.
Given the great amount of people who seem too like the features and function of OpenBSD but are miffed by the 'rude' responses by the OpenBSD crowd in general and the OpenBSD dev team in specific I've decided to start a new *BSD code branch "NiceBSD".
The project goals for NiceBSD is skip all the coding and writing stuff and concentrate on being nice and polite to the users.
All code and documentation will be ripped from OpenBSD and updated every week.
Users asking question that can be answered by reading FAQs or man pages will get the correct quote in a nice and polite way.
Users asking questions not covered by FAQs and man pages will be informed that we don't have a clue, in a nice and polite manner.
Users asking for new features will informed that we will consider it for the next release.
I haven't decided upon which cute mascot to use for NiceBSD but I think that a Donkey or a Jackass would be perfect.
Why do you ask for a feature in a free product?
If you want a certain feature then either add it yourself or pay someone to do it.
They've given away a serious amount of time and effort to create this free product.
If they choose to be 'assholes' it's their right.
If you don't want to use their product, it's your choice.
Come on, how hard is it to download the floppyimage, create a boot floppy and do a netinstall?
Or download the installfiles and burn a CD?
And if some feature is missing?
It's a Free OS, fix the feature yourself and submit it to the team, or dog/hire someone to do it for you.
Elitist?
Because anyone asking questions that are explained in detail in FAQ are told to go back and read the FAQ?
Because anyone asking question that are explained in detail in the manpages are told to read the manpages?
I use it for a lot of stuff:
at home, as firewalls, Wlan gateway, fileserver, software development, videograbbing and asorted stuff.
at my friends' and siblings' homes, as firewalls and gateways.
at small business, as firewalls, fileservers, proxies, apacheservers.
at the large telco that pays my salary, as firewalls, security gateways, proxies, MS-VPN servers, radius servers.
In short, I'm a dedicated OpenBSD fanatic, and I'm quite convinced that Theo can walk on water without getting his feet wet, or at least cross shallow ponds with only damp socks.
But this doesn't change the fact that there's several things stopping me from trying to replace the OS on every box I can find.
There's alot software that doesn't install and run clean on OpenBSD.
There's a lot of software that has to be cuddled with a bit before it works.
And from a maintain/support view there's a lot more people trained on various (GNU)/Linuxes, making it much easier (and cheaper) to hire support and contractors.
There's also the lack of stable SMP support, and the lack of support for less common hardware.
Will OpenBSD rule the world? No, I still se it a "targeted" product.
It doesn't promise world domination like Linux.
It doesn't promise maximum portability and support for obscure hardware like NetBSD.
It doesn't aim for maximum software support like FreeBSD.
It promises security and stability, and it delivers.