Who knows, someday the BSD world might break up lke this:
OpenBSD is for Routers and firewalls
NetBSD is for XBox/Toaster/microwave/everything else =P
FreeBSD is for Servers
and
DragonBSD is for SSI Supercomputers or other highly scalable systems.
This might come as a surprise for you, but all of the BSD are general purpose OS, even though they have different focus. There are quite a few OpenBSD servers out there, just as there are quite a few FreeBSD firewalls and routers, and the same goes for NetBSD. NetBSD has even set the TCP speed record over "the pond".
The shells that are part of OpenBSD install (ksh, sh, csh) are in/bin, and are security audited by OpenBSD. I change the default root shell from csh to ksh since csh is a pain to use, and ksh is a safe alternative.
It's even beter practice to put things in the correct place, like keeping all static binaries in/sbin.
On OpenBSD, the correct place to put a statically compiled shell is in/bin. So in fact, the grand parent poster did the correct thing by putting bsd into/bin.
A quick look at
man hier combined with "which sh" will show you this.
For all the talk of "the bazaar" model, the core of Linux is largely created by a small number of highly skilled developers. The BSDs just formalize this fact by publicly identifying "core" teams. Both have a cloud of lesser developers contributing.
With *BSD you also have that userland is kept in sync with the kernel, and the core developers work on userland as well. The *BSD is an operating system, while Linux is a kernel.
that some security flaws are Windows only. In a local newpapers there was a small article about the latest security exploit that could install a trojan on your machine, and thus possibly empty your bank account. For once, it was said this only was an issue for users using Microsoft Windows in combination with Internet Explorer. Usually, when a Microsoft Windows virus/trojan/worm is reported, no reference is made to Windows as such.
Also - does anyone use IPSec on Wi-Fi networks? (given that WEP can be cracked with a large enough data capture)
OpenBSD has built-in support for IPSec, so it was quite easy to setup for WiFi. The OpenBSD firewall at home is functioning as an access point, and only IPSec related/authenticated traffic is allowed. So when I boot up the older laptop - that is also running OpenBSD - I'm up and running securely. And fast, since no encryption is done on the WiFi chipset, and thus freeing the chipset for handling packets only.
OpenBSD really makes it straightforward to setup a secure, functional and stable home gateway.
OpenVPN is a free VPN client (talking to an OpenVPN gateway, of course) on Windows that is much easier to setup and get working than IPSec - at least for Windows 2000 Pro. Most Windows users will use a commercial VPN client when using IPSec.
Hello,
Doesn't it ring the bell to you? I wonder whether they understand the meaning of the word privacy.
Well, they probably understand the concept of privacy very well. It's just that they want to want to cover their asses legally.
As an example of this, look at the current US administration (and Pentagon) handling of the concept of
torture :
For members of the military, the report suggested that officials could escape torture convictions by arguing that they were following superior orders, since such orders "may be inferred to be lawful" and are "disobeyed at the peril of the subordinate." Examining the "superior orders" defense at the Nuremberg trials of Nazi war criminals, the Vietnam War prosecution of U.S. Army Lt. William Calley for the My Lai massacre and the current U.N. war-crimes tribunals for Rwanda and the former Yugoslavia, the report concluded it could be asserted by "U.S. armed forces personnel engaged in exceptional interrogations except where the conduct goes so far as to be patently unlawful."
When one starts examining the defence of
convicted war criminals in order to avoid
prosecution, I think someone should be paying attention.
It might just be a troll. On the one hand we know that some enjoy annoying others by mindlessly copy/pasting works done by their betters. On the other hand we know that many just parrot things they don't want to understand anyway. By the gripping hand, there appears to be no middle ground.
Seriously, you don't know what you are talking about.
You defend your thesis based upon the results you have gotten during research. This person appears to have defended is thesis based upon falsefied results. Of course he should be stripped of is PhD.
He is not the first, nor the last person to have done this, be it PhD thesis or not.
I was going to buy a Netgear wireless access point/router this week.
If 11Mbps is sufficient for your needs, you could by a 802.11b wireless card that uses the Prism 2.5 chipset. This chipset can function in hostAP mode. At home I use Netgear MA311 in an older Dell functioning as my wireless access point, internet gateway and firewall. Instead of WEP, I use IPSec, and only authorized IPSec traffic is allowed (and thus no leaching from my Kazaa loving neighbour).
You might need to flash the firmware, though, which you can
find here.
If you want a secure, easy and hassle free gateway, just install
OpenBSD.
If you don't know anyone in China (or Asia) you can use a blacklist for the whole region. My firewall with OpenBSD's awesome spamd autoupdates its tarpit blacklists every couple of hours.
OpenBSD has added
greylisting support to spamd in 3.5, and that feature is very efficient in dealing with spam as well as e-mails from infected Windows machines. SpamAssassin has much less work todo now:-)
And Why did the FreeBSD project adopt that idea? I know FreeBSD is an excellent OS, and the favorite BSD for ISPs, but there are some who will be discouraged by the amateurish baby red devil marketing scheme.
FreeBSD is not alone in this, as can be seen from
why Mac is bad;-)
But there are even darker undertones to this company than most are aware of. Consider the name of the company and its logo: an apple with a bite taken out of it. This is clearly a reference to the Fall, when Adam and Eve were tempted with an apple3 by the serpent. It is now Apple Computers offering us temptation, thereby aligning themselves with the forces of darkness.
Just me or does this seem like the perfect chip for a subdermal implant. Seriosly, stick one of these babys next to a pacemaker and you can control your heartrate via the TCP/IP...
Seriously, you would never do that. A pace maker uses advanced technology (inluding the surgery) to make it simple and reliable, to just work as long as possible, What is at stake is the lifespan and medical health of the patient. A TCP/IP is not part of that.
But this doesn't prove the program is safe. It only shows that the one time (or however many) you ran it, it wasn't doing anything bad. You have no way of knowing that this program won't try to do something bad (e.g., delete your files) in the future.
>P>Indeed, systrace does not prove that the program is safe. The purpose of systrace is to catch system calls that are not allowed according to some policy (but setting up said policy is not that easy). So you always run the program under systrace control.
How do you "test" a file to make sure it doesn't do anything bad? Other than just running it once and saying "yup, I didn't notice any files being deleted" how can you tell if it's safe?
i would really like to see a comparison between all of these packet filters with strength and weaknesses and maybe an example of the fliter scripts used for a few common scenerios.
Don't overestimate the value of your data. When you pass on, the only person who probably cares about your data will be dead.
There is one group that would care, and that are future historians trying to understand us. All the written letters, document, newspapers, records of various sorts are what the historians have to work with. Future historians may in some sense have less to work with due to problems preserving digital data.
You need to insert some kernel modules manually during install (for NIC, sound, etc.), which means you'd have to know what hardware you're running. Familiarity with the Linux kernel's 'make menuconfig' module selection is an advantage here too because the selections in the Debian installer are the same (ie. same groupings).
Contrast this with an OpenBSD install : If the hardware is supported, it's ready for use when the kernel is loaded. No messing around with loading the correct kernel modules, not to mention to find them in the first place.
Slashdot Mirror
This might come as a surprise for you, but all of the BSD are general purpose OS, even though they have different focus. There are quite a few OpenBSD servers out there, just as there are quite a few FreeBSD firewalls and routers, and the same goes for NetBSD. NetBSD has even set the TCP speed record over "the pond".
The shells that are part of OpenBSD install (ksh, sh, csh) are in /bin, and are security audited by OpenBSD. I change the default root shell from csh to ksh since csh is a pain to use, and ksh is a safe alternative.
On OpenBSD, the correct place to put a statically compiled shell is in /bin. So in fact, the grand parent poster did the correct thing by putting bsd into /bin.
A quick look at man hier combined with "which sh" will show you this.
The Korn shell ksh is part of the base install, and would not be that unfamiliar for one used to bash.
With *BSD you also have that userland is kept in sync with the kernel, and the core developers work on userland as well. The *BSD is an operating system, while Linux is a kernel.
Well, there are alot if signed software on Windows that contains security holes, spyware and other junk.
that some security flaws are Windows only. In a local newpapers there was a small article about the latest security exploit that could install a trojan on your machine, and thus possibly empty your bank account. For once, it was said this only was an issue for users using Microsoft Windows in combination with Internet Explorer. Usually, when a Microsoft Windows virus/trojan/worm is reported, no reference is made to Windows as such.
You can detach a process, logout, login again, and the process is still running as you left it. This is handy when doing a long compile over ssh.
OpenBSD has built-in support for IPSec, so it was quite easy to setup for WiFi. The OpenBSD firewall at home is functioning as an access point, and only IPSec related/authenticated traffic is allowed. So when I boot up the older laptop - that is also running OpenBSD - I'm up and running securely. And fast, since no encryption is done on the WiFi chipset, and thus freeing the chipset for handling packets only.
OpenBSD really makes it straightforward to setup a secure, functional and stable home gateway.
OpenVPN is a free VPN client (talking to an OpenVPN gateway, of course) on Windows that is much easier to setup and get working than IPSec - at least for Windows 2000 Pro. Most Windows users will use a commercial VPN client when using IPSec.
Well, they probably understand the concept of privacy very well. It's just that they want to want to cover their asses legally. As an example of this, look at the current US administration (and Pentagon) handling of the concept of torture :
When one starts examining the defence of convicted war criminals in order to avoid prosecution, I think someone should be paying attention.
It might just be a troll. On the one hand we know that some enjoy annoying others by mindlessly copy/pasting works done by their betters. On the other hand we know that many just parrot things they don't want to understand anyway. By the gripping hand, there appears to be no middle ground.
Seriously, you don't know what you are talking about. You defend your thesis based upon the results you have gotten during research. This person appears to have defended is thesis based upon falsefied results. Of course he should be stripped of is PhD.
He is not the first, nor the last person to have done this, be it PhD thesis or not.
If 11Mbps is sufficient for your needs, you could by a 802.11b wireless card that uses the Prism 2.5 chipset. This chipset can function in hostAP mode. At home I use Netgear MA311 in an older Dell functioning as my wireless access point, internet gateway and firewall. Instead of WEP, I use IPSec, and only authorized IPSec traffic is allowed (and thus no leaching from my Kazaa loving neighbour).
You might need to flash the firmware, though, which you can find here.
If you want a secure, easy and hassle free gateway, just install OpenBSD.
OpenBSD has added greylisting support to spamd in 3.5, and that feature is very efficient in dealing with spam as well as e-mails from infected Windows machines. SpamAssassin has much less work todo now :-)
Yes, we all deeply appreciate your courage in this matter.
FreeBSD is not alone in this, as can be seen from why Mac is bad ;-)
Seriously, you would never do that. A pace maker uses advanced technology (inluding the surgery) to make it simple and reliable, to just work as long as possible, What is at stake is the lifespan and medical health of the patient. A TCP/IP is not part of that.
But this doesn't prove the program is safe. It only shows that the one time (or however many) you ran it, it wasn't doing anything bad. You have no way of knowing that this program won't try to do something bad (e.g., delete your files) in the future. >P>Indeed, systrace does not prove that the program is safe. The purpose of systrace is to catch system calls that are not allowed according to some policy (but setting up said policy is not that easy). So you always run the program under systrace control.
You can use systrace. There is even a GUI frontend that works on Mac OS.
A similar program om Windows could do far more than just hose someones Home folder, because most Windows users runs with high privileges.
War crimes
For an example of setting up firewall for home or small office, have a look at the execellent PF User Guide> .
Tired of sucky download performance when you max your upload on your ADSL connection? Well, PF solves that with packet queueing and prioritization.
There is one group that would care, and that are future historians trying to understand us. All the written letters, document, newspapers, records of various sorts are what the historians have to work with. Future historians may in some sense have less to work with due to problems preserving digital data.
Contrast this with an OpenBSD install : If the hardware is supported, it's ready for use when the kernel is loaded. No messing around with loading the correct kernel modules, not to mention to find them in the first place.