Right, but I'd prefer the new one as it has SATA on board. It's also a bit faster, more memory bandwidth, etc. I'd be using it to host dynamic content and as a file server as well. When they get a dual NIC version of the new one, I'll be able to build the server I want with no PCI cards, which is what I'd prefer to do.
I'm not going to replace my aging system now when I can wait a little bit longer and get a system that does everything I want without any upgrades.
I thought about getting one of the older ones, and my local place can order them in if you ask... try this with your local store. It's not worth hunting around online for a better price when shipping will eat the advantage many times over. With more expensive parts, it can be worth it but these things are cheap.
I imagine I'll get one when there's dual-NIC version. They're pretty tough to beat for firewalling. There's cheaper and lower power systems in existance, but you usually sacrifice quite a bit.
No, but bright people have created some of the most awful rotten code I've ever maintained. The fact is that professional development is often boring, there is very little room for creativity in the vast majority of actual coding that goes into a huge system.
You need bright people to write maintainable code, but bright people do not necessarily write maintainable code.
So why can't people in India or wherever be competent?
I was shooting for something that expressed "large but poorly trained army of programmers". People in India can be competent, just as people here can be incompetent. I expressed that poorly.
From what I've seen programming for money in the short time that I've been doing it, you need bright people to write maintainable code. They don't come off the assembly line. It's possible to have a one shot thing done in India or wherever, but if you need software to be expanded and maintained over any significant length of time, it MUST be done by competent people.
Are you seriously suggesting that anyone would read the article anyway?
No, this is the time to broadcast one's opinions in a fashion loosely connected with what we think the article might be about.
I stand corrected.
But in my case I was running some disk i/o heavy stuff that didn't fork any new processes.
In any case, "You pay for the security and reliability with speed." is a condition I can live with when what I want is reliability or security.
I think it's pretty fast, given that it's doing much more than most other systems. All that crypto and random goodness doesn't come for free. From "Practical Cryptography": "There are already enough fast, insecure systems. The world doesn't need another one."
There's not a lot of crypto going on if I'm on the local machine from the console.
Have you tested that with softupdates enabled?
Yes.
It's not enough to make a noticeable difference with most GUI stuff, but my projects run slower on the same hardware. And that was testing it against Linux 2.4... FreeBSD 5 and Linux 2.6 both spank Linux 2.4, from what I've seen.
I haven't personally done anything that would be affected much by softupdates as the stuff I do doesn't change the metadata much.
The security requires high quality code, which also happens to make it more reliable. That's why I like it. It's not always the best OS for the job, and I'm happy to use other stuff when necessary. Mostly it comes down to working with Java. I get money for doing stuff with Java on an officially supported platform*. In that situation, choosing between FreeBSD, Linux, and OpenBSD becomes extremely easy.
*-I know about FreeBSD binary compatability, but I need to be able to tell my employer that it works on a platform that's supported by Sun. Period.
Privsep=privilege seperation. As many daemons as possible either drop priviliges or run as two processes, one privileged and one not. This makes a sucessful attack against a deamon less damaging because the attacker's incfluence will be trapped in a process that's not allowed to touch anything important. It turns a remote root attack into a denial of service.
W^X (the operator is "exclusive or" not "or") makes many kinds of arbitrary code attacks impossible, by making it impossible for processes to execute memory they can write to. Other OSes probably have this, but I don't know of any, and all the big ones (Linux, Windows, FreeBSD, Solaris, AIX, etc) do not. It breaks some stuff, but it makes everything else more secure. It's a tradeoff, and I suppose OpenBSD is the only one focused enough on security to do it. I've heard that Windows will use it in the 64-bit version of Windows, but that will break Java and.NET unless they add kernel hooks to get at writable and executable memory. But that will make it a lot less effective...
Also, everything is compiled with ProPolice stack protection, which makes stack smashing almost impossible. If you look at recent OpenBSD security advisories, many of them say "propolice turns this from a local root exploit into a denial of service", or words to that effect. Many similar problems are local root exploits on NetBSD solely because it lacks ProPolice.
OpenBSD is considered better (by many) for firewalling largely because the security is very good. If one system has to touch the Internet, better to use an OS that has very good security. Also, PF is a much better firewall than any of the competition. FreeBSD is importing it for this reason, but at the moment the only OS with PF in an official release is OpenBSD.
Personally, I like it because of the reliability. It's the only OS I use regularly that's never broken without bad hardware or me making mistakes. From what I've heard, Debian-stable is also that good, but OpenBSD has much better firewalling features.
OpenBSD is hardly the leader of the pack as far as performance goes. Even on UP systems, it's still slower than almost everything else in key areas (disk performance being the big one). When it has SMP support, it will initially use one big mutex to lock the kernel, and will not initially be optimized for anything weird (Hyperthreading, NUMA).
Sure it's my favorite OS. But not for everything.
Just do what I do. Give up. An easy to use, powerful, stable, compatable desktop OS is, IMO impossible. Windows isn't easier to use as such, it's just less noisy in the intermediate stages of failure.
Be glad you know how to drop to the command line/edit the registry/whatever.
Having more than one relationship with someone is asking for trouble. "girlfriend" and "employee" ranks up there with "friend" and "landlord" in the list of no-nos.
IMO.
It's not practical to have 100% identical machines most of the time. After a while the original replacement hardware starts getting hard to find, but a lot of the time there's no reason to replace the machine. And if you did replace the machine, everything wouldn't be identical anymore...
If you're in a company with any significant number of computers, you have literally tons of spare parts lying around. All the machines will drift as they're maintained, and get customized. Someone might need more memory, someone else might need dual monitors, etc.
As I'm sure we're all aware, market share is not necessarily indicitive of quality or suitability for a given purpose. Just think about what that would say about Windows if it were true.
I agree 100%.
When I don't need to touch fortran anymore, we can talk about getting rid of C.
And every OS that has a kernel written primarily in C will need to be reimplemented in something else. Last time I checked, that was all the ones that counted.
I'm not migrating to 2.6 from 2.4. I'm having problems with stuff that *works* in 2.6.2. If the security problem is fixed in a version of the kernel where basic functionality doesn't work, I'm not going to upgrade.
For that tiny slice of ground of stuff that's too trivial for Python and too big to do manually, Bash scripts are the best way to go for most things. Unless you're really short on memory, it's worth it. An OpenBSD system with all the defaults and no X takes up about 20 megs (I don't even know how much of that was bash). With the extravagant stuff I've done because I had a 256 mb DIMM with nothing better to do, I'm up to 30.
It's like KDE. Sure it's a hog, but who cares? Memory is cheap, and effort is not. Fluff is nice sometimes.
This sounds like a troll, because stuff usually makes it to stable within a few days (unless there's recursive dependencies with something that could cause major breakage, this usually isn't the case with security patches). But you're 100% right about this:
Gentoo has come a ways from when I first tried it, and I use it on 3 systems- but the Gentoo team needs to make a serious effort to recruit people for maintaining the portage tree and especially fast, thorough certification of updated packages.
Every package in stable should always compile. Always. There have been times when no one bothered to do a sanity check (trying it on a stable system would have caught some of it) before releasing something to stable and it resulted in significant and long duration breakage. I think they've been rushed to get everything up to date for 2004.0, but it's been one thing after another. I don't expect it to be bug free, but I do expect to be able to install a working system with an up to date stable. Branch it temporarily if necessary, compile errors in stable are not acceptable.
It worked fine on my 2ghz AMD64 from the 2004.0 CD.
That's good to hear.
P.s. this release abolsutely flys on the AMD64. I started the emerge, and at the time it was downloading QT I left to go get some fast food. A quick drive down the road through the pickup window, and back down the road I had come up and I was home, and QT was already completly compiled/installed (and it was working on another package). Shortly after that, I was in KDE 3.2...
I don't mind the long compiles, only the compiles that die right in the middle. No matter how fast your CPU is, you still have disk i/o to worry about. You're not going to get something like KDE 3.2 compiled on a clean install in less than 2-3 hours without a pretty outrageous system. More like 3-4 on mine, and mine is no slouch. I want that to happen while I'm asleep or at uni/work.
It wouldn't build fam-2.7.0 which was one of the packages required by KDE 3.2.0. KDE was the first non-essential thing I tried to emerge on a fresh install. The build script was fixed some time later, and an "emerge sync" allowed KDE to build properly.
Slashdot Mirror
Right, but I'd prefer the new one as it has SATA on board. It's also a bit faster, more memory bandwidth, etc. I'd be using it to host dynamic content and as a file server as well. When they get a dual NIC version of the new one, I'll be able to build the server I want with no PCI cards, which is what I'd prefer to do. I'm not going to replace my aging system now when I can wait a little bit longer and get a system that does everything I want without any upgrades.
not of the new one (slower, no SATA, etc)
I thought about getting one of the older ones, and my local place can order them in if you ask... try this with your local store. It's not worth hunting around online for a better price when shipping will eat the advantage many times over. With more expensive parts, it can be worth it but these things are cheap.
I imagine I'll get one when there's dual-NIC version. They're pretty tough to beat for firewalling. There's cheaper and lower power systems in existance, but you usually sacrifice quite a bit.
No, but bright people have created some of the most awful rotten code I've ever maintained. The fact is that professional development is often boring, there is very little room for creativity in the vast majority of actual coding that goes into a huge system.
You need bright people to write maintainable code, but bright people do not necessarily write maintainable code.
So why can't people in India or wherever be competent?
I was shooting for something that expressed "large but poorly trained army of programmers". People in India can be competent, just as people here can be incompetent. I expressed that poorly.
I disagree. Partly.
From what I've seen programming for money in the short time that I've been doing it, you need bright people to write maintainable code. They don't come off the assembly line. It's possible to have a one shot thing done in India or wherever, but if you need software to be expanded and maintained over any significant length of time, it MUST be done by competent people.
Are you seriously suggesting that anyone would read the article anyway? No, this is the time to broadcast one's opinions in a fashion loosely connected with what we think the article might be about.
Depends on how much damage is done to the filesystem. You might be able to read it in another computer, or maybe repair then read it.
I stand corrected. But in my case I was running some disk i/o heavy stuff that didn't fork any new processes. In any case, "You pay for the security and reliability with speed." is a condition I can live with when what I want is reliability or security.
I think it's pretty fast, given that it's doing much more than most other systems. All that crypto and random goodness doesn't come for free. From "Practical Cryptography": "There are already enough fast, insecure systems. The world doesn't need another one."
There's not a lot of crypto going on if I'm on the local machine from the console.
Have you tested that with softupdates enabled?
Yes.
It's not enough to make a noticeable difference with most GUI stuff, but my projects run slower on the same hardware. And that was testing it against Linux 2.4... FreeBSD 5 and Linux 2.6 both spank Linux 2.4, from what I've seen.
I haven't personally done anything that would be affected much by softupdates as the stuff I do doesn't change the metadata much.
The security requires high quality code, which also happens to make it more reliable. That's why I like it. It's not always the best OS for the job, and I'm happy to use other stuff when necessary. Mostly it comes down to working with Java. I get money for doing stuff with Java on an officially supported platform*. In that situation, choosing between FreeBSD, Linux, and OpenBSD becomes extremely easy.
*-I know about FreeBSD binary compatability, but I need to be able to tell my employer that it works on a platform that's supported by Sun. Period.
The list isn't exaustive...
.NET unless they add kernel hooks to get at writable and executable memory. But that will make it a lot less effective...
Privsep=privilege seperation. As many daemons as possible either drop priviliges or run as two processes, one privileged and one not. This makes a sucessful attack against a deamon less damaging because the attacker's incfluence will be trapped in a process that's not allowed to touch anything important. It turns a remote root attack into a denial of service.
W^X (the operator is "exclusive or" not "or") makes many kinds of arbitrary code attacks impossible, by making it impossible for processes to execute memory they can write to. Other OSes probably have this, but I don't know of any, and all the big ones (Linux, Windows, FreeBSD, Solaris, AIX, etc) do not. It breaks some stuff, but it makes everything else more secure. It's a tradeoff, and I suppose OpenBSD is the only one focused enough on security to do it. I've heard that Windows will use it in the 64-bit version of Windows, but that will break Java and
Also, everything is compiled with ProPolice stack protection, which makes stack smashing almost impossible. If you look at recent OpenBSD security advisories, many of them say "propolice turns this from a local root exploit into a denial of service", or words to that effect. Many similar problems are local root exploits on NetBSD solely because it lacks ProPolice.
OpenBSD is considered better (by many) for firewalling largely because the security is very good. If one system has to touch the Internet, better to use an OS that has very good security. Also, PF is a much better firewall than any of the competition. FreeBSD is importing it for this reason, but at the moment the only OS with PF in an official release is OpenBSD.
Personally, I like it because of the reliability. It's the only OS I use regularly that's never broken without bad hardware or me making mistakes. From what I've heard, Debian-stable is also that good, but OpenBSD has much better firewalling features.
OpenBSD is hardly the leader of the pack as far as performance goes. Even on UP systems, it's still slower than almost everything else in key areas (disk performance being the big one). When it has SMP support, it will initially use one big mutex to lock the kernel, and will not initially be optimized for anything weird (Hyperthreading, NUMA). Sure it's my favorite OS. But not for everything.
You are insane. Gentoo stable is broken on a semi-regular basis. It was especially bad as they were preparing to release 2004.0.
Just do what I do. Give up. An easy to use, powerful, stable, compatable desktop OS is, IMO impossible. Windows isn't easier to use as such, it's just less noisy in the intermediate stages of failure.
Be glad you know how to drop to the command line/edit the registry/whatever.
Having more than one relationship with someone is asking for trouble. "girlfriend" and "employee" ranks up there with "friend" and "landlord" in the list of no-nos. IMO.
It's not practical to have 100% identical machines most of the time. After a while the original replacement hardware starts getting hard to find, but a lot of the time there's no reason to replace the machine. And if you did replace the machine, everything wouldn't be identical anymore...
If you're in a company with any significant number of computers, you have literally tons of spare parts lying around. All the machines will drift as they're maintained, and get customized. Someone might need more memory, someone else might need dual monitors, etc.
As I'm sure we're all aware, market share is not necessarily indicitive of quality or suitability for a given purpose. Just think about what that would say about Windows if it were true.
I agree 100%. When I don't need to touch fortran anymore, we can talk about getting rid of C. And every OS that has a kernel written primarily in C will need to be reimplemented in something else. Last time I checked, that was all the ones that counted.
see the thread on the gentoo forums.
I'm not migrating to 2.6 from 2.4. I'm having problems with stuff that *works* in 2.6.2. If the security problem is fixed in a version of the kernel where basic functionality doesn't work, I'm not going to upgrade.
Wonderful. scsi is broken on 2.6.3-gentoo-r1. My burner and USB disks don't work, and that's worse than a local root.
but... but...
all my scripts...
For that tiny slice of ground of stuff that's too trivial for Python and too big to do manually, Bash scripts are the best way to go for most things. Unless you're really short on memory, it's worth it. An OpenBSD system with all the defaults and no X takes up about 20 megs (I don't even know how much of that was bash). With the extravagant stuff I've done because I had a 256 mb DIMM with nothing better to do, I'm up to 30.
It's like KDE. Sure it's a hog, but who cares? Memory is cheap, and effort is not. Fluff is nice sometimes.
That's good to hear.
I don't mind the long compiles, only the compiles that die right in the middle. No matter how fast your CPU is, you still have disk i/o to worry about. You're not going to get something like KDE 3.2 compiled on a clean install in less than 2-3 hours without a pretty outrageous system. More like 3-4 on mine, and mine is no slouch. I want that to happen while I'm asleep or at uni/work.
fam-2.7.0 emake error
It wouldn't build fam-2.7.0 which was one of the packages required by KDE 3.2.0. KDE was the first non-essential thing I tried to emerge on a fresh install. The build script was fixed some time later, and an "emerge sync" allowed KDE to build properly.
It works now, but immediately after kde-3.2.0 went to stable a number of things were broken and they took a while to fix.