Not so strange, considering the differences in how BSD handles partitions.
You don't need to know the *BSD internal filesystems (which BSD calls partitions) to boot it on i386. If you are using GRUB, you boot *BSD the same way as you boot Windows : by chainloading using a specified partition (which BSD calls a slice).
That's all. I've done multi-boot setups several times using GRUB installed on a Linux distribution.
It'd take a two unpatched exploits. One to take over a running server, and one to elevate to root, unless the exploited server already runs as root, like ssh or often bind.
Good thing I use OpenBSD then, since the default install of bind will drop privileges and chroot. Similar for sshd;-)
Mutexes are named consistently enough under Windows that I wish somebody would make a program that simply caught all attempts at gaining a mutex and popped up a dialog window if the mutex hadn't been seen before. This would stop most any new software from running without first checking with the user. This is no good for a server of course, but ideal for a workstation.
Mandrake has been very good about using grsecurity in their secure kernels, and include it within the sets of patches in their kernel source packages. That is one of the things that has always attracted me to Mandrake. Their attention to security is often overlooked amidst all the attention they get for easy of use and "newbie friendly" features.
I was not aware of the secure kernel part of Mandrake, and as another poster said, this is overlooked by many. Nice to know, though. Kodus to Mandrake.
what about www.grsecurity.net [grsecurity.net]? IMHO, I think grsecurity is much more a better solution especially if it were ever integrated into 2.6 kernels. Face it, what other patch/modification/os could potentially protect you from flaws in the kernel itself??
I'm sure grsecurity is nice, but today it exists as a set of patches to the vanilla kernel only. The only distros that supports it is Adamantix and Gentoo (part of Hardened Gentoo). Other widely used distros like RedHat, SuSE and Mandrake does not.
As long as this state of affair exists, GRsecurity will not be a viable option for the majority of Linux users.
On OpenBSD you have similar technology integrated with the OS. No need for patches or other stuff to use it.
Have you lost the ability to use md5sum -v? Can't use rpm --checksig?
It's not just a question about verifying rmp when downloading security patches from an unofficial mirror. With an official mirror it's likely that the mirror is complete and updated. You got it now?
Frankly on my system (p2 266, 32MB TNT2 M64) I find the only distro that
seems to run GNOME with any decent speed is Red Hat 8.0. Whenever I try more recent distros like Gentoo/Knoppix the GUI is extremely slow in comparison.
With 32MB RAM you might consider using something less hungry for memory than a recent GNOME. I use XFCE4 on an older P2 laptop, but fluxbox is even leaner.
Hi their, just in case things go sidewise as it were I have put up a mirror.
The mirror of http://www.redhat.com/security/ is at http://mirrorit.demonmoo.com/r_109/www.redhat.com/ security/
The mirror of http://www.fedoralegacy.org/ is at http://mirrorit.demonmoo.com/r_109/www.fedoralegac y.org/
Not to be rude, but why should I download and install security patches from a site that is not an official mirror site?
..but a little late, considering that 3.5 is due to ship tomorrow.
He did try a snapshot dated 29th of March, and that snapshot is pretty much OpenBSD 3.5. It would be nice if he could at least toch upon some of the new features of OpenBSD 3.5 like Greylisting (very efficient anti-spam and anti-email-virus) or CARP (the Common Address Redundancy Protocol) for failover.
Actually, Apple uses AFP (Appleshare File Protocol), not AFS. Mac OS X ships with AFP, SMB and NFS. Turning on 'file sharing' turns on AFP, which is proprietary.
There are plenty of encrypted chat programs already out there. I know Hushmail has an encrypted chat program, and I believe there are encryption plugins that exist for ICQ, etc. If I am missing something here, I welcome anyone to explain what the hoopla is all about.
The hoopla is that you can encrypt all your network communications for "free" if you use AES, even on an otherwise "slow" CPU. OpenBSD will automatically take advantage of this CPU, if present. Not need to patch a Linux kernel if you want to test it.
Intel and AMD have a broad patent cross licensing agreement, so it's not a big deal.
The responses to this article is hilarious. AMD have not used billions of dollars a new CPU that gets luke warm responses (Itanium+Itanium2). All the markethype from Intel concerning 64 bits for the unwashed masses, and here comes AMD showing the way. This time AMD is not playing the "catchup game".
So reverse engineering is not a problem in this case. In fact, it's not unlikely that AMD simply handed them the documentation.
Security wise, it is bad that Intel decided not to copy the NX (No Excute on pages) part as well.The NX is not an AMD invention, of course, but it's very nice that they included it. And who uses this? OpenBSD developers was not very happy with the Intel decision : they actually recommend buying AMD before Intel.
Now show us that you can do more than mock me and respond with an intelligent post and prove me wrong. (...)
See I feel it's ok to call someone a moron or whatever if there is some beef behind what I say.
I'm not particularly impressed by your abusive language in lack of real arguments. But since I'm in a friendly mood, but friendless, I might add, I've made you my first abusive Slashdot friend.
Just as I expected, people like you can't be argued with. So I just call you a name and leave it at that, because I know you understand that.
Yet again I'm dazzled by your razor sharp intellects ability to rip apart any argument, and to show the world for what it relly is. I'm sure that this unique talent of yours must have been honed to perfection by pondering over the latest Fox News bulletin.
....Learn how to read, and how to think logically, then RTFA otherwise don't bother replying.
Oh, and since you don't understand logic, try this: go fuck yourself.
I'm deeply impressed with your thoughtful opinions expressed with such an elevated language. I'm sure we'll all be delighted when you share with us your profound thoughts in your next Slashdot post. Your karma bonus should really +5 so we can be sure that no one can ignore you. Several moderators have already achieved Nirvana and moderated your post to +4 Insightful.
You completely missed the point. It's not about whether the OS can run on those machines, but the fact that they are giving away/install an OS that is no longer supported (ie EOLed - End Of Life-ed).
Of course the OS no longer supported by Microsoft, since it's intended to run on PC that in the rich world is "obsolete". Do you think that P4 3.4 GHz with 1GB RAM and DSL line is common i Africa?
And why did the post get modded up? Because it suggested that Linux may work on a machine that Win2K won't? Lamers.
Perhaps because the moderator realizes that very many in the world is poor, and has to do with what they have? Btw, as far as I know, Win 2000 is not EOLed. But then again, you don't run obsolete and old software when you can have shiny new XP to impress your friends?
Considering that in several countries you can vist a shop to purchase a cd with windows longhorn even for less than $5. How many of these countries will actually care that you get a legal copy of windows with the referbished computer?
There are several organizations that work to introduce IT in the third world (and elsewhere, of course), and they of course can't buy cracked versions of Windows.
How odd that they would officially support the installation of an OS that's been EOLed (WinME is the oldest 16 bit still supported, yes?)
Quite the contrary! WinME can run on the older hardware that is available on many countries, and on those PC's *BSD/Linux runs just fine. Actually, there is a UN program for introducing IT in Afghanistan that uses old hardware and software from FSF. Win2000 won't run nicely on those machines, but Linux will.....
Amazing. The BSD zealots STILL can't refute the strenghts of Linux, instead opting to hand-wave their way out of the argument. Sheesh!
When I first saw your post, I thought you where just another Slashdot troll, and did not reply. If it was not a troll, then I must say that your reasons and methology is superficial. I would not trust your jugdement based upon this, nor should your managers.
Slashdot Mirror
You don't need to know the *BSD internal filesystems (which BSD calls partitions) to boot it on i386. If you are using GRUB, you boot *BSD the same way as you boot Windows : by chainloading using a specified partition (which BSD calls a slice).
That's all. I've done multi-boot setups several times using GRUB installed on a Linux distribution.
They add detection for GNU Hurd, but not OpenBSD, FreeBSD and NetBSD. Funny, really.
Good thing I use OpenBSD then, since the default install of bind will drop privileges and chroot. Similar for sshd ;-)
Pure drivel.
Urk, should not be so hasty to push that "submit button.
I was not aware of the secure kernel part of Mandrake, and as another poster said, this is overlooked by many. Nice to know, though. Kodus to Mandrake.
I'm sure grsecurity is nice, but today it exists as a set of patches to the vanilla kernel only. The only distros that supports it is Adamantix and Gentoo (part of Hardened Gentoo). Other widely used distros like RedHat, SuSE and Mandrake does not.
As long as this state of affair exists, GRsecurity will not be a viable option for the majority of Linux users.
On OpenBSD you have similar technology integrated with the OS. No need for patches or other stuff to use it.
It's not just a question about verifying rmp when downloading security patches from an unofficial mirror. With an official mirror it's likely that the mirror is complete and updated. You got it now?
With 32MB RAM you might consider using something less hungry for memory than a recent GNOME. I use XFCE4 on an older P2 laptop, but fluxbox is even leaner.
Not to be rude, but why should I download and install security patches from a site that is not an official mirror site?
He did try a snapshot dated 29th of March, and that snapshot is pretty much OpenBSD 3.5. It would be nice if he could at least toch upon some of the new features of OpenBSD 3.5 like Greylisting (very efficient anti-spam and anti-email-virus) or CARP (the Common Address Redundancy Protocol) for failover.
Try tell that to the Enron employees that lost their pensions. I'm quite sure they would like to see white collar criminals spend some time in jail.
Ouch, I sit corrected.
Actually, Apple uses AFS (Andrew File System) as distributed file system, but I'm sure Apple works well with NFS as well.
The hoopla is that you can encrypt all your network communications for "free" if you use AES, even on an otherwise "slow" CPU. OpenBSD will automatically take advantage of this CPU, if present. Not need to patch a Linux kernel if you want to test it.
The responses to this article is hilarious. AMD have not used billions of dollars a new CPU that gets luke warm responses (Itanium+Itanium2). All the markethype from Intel concerning 64 bits for the unwashed masses, and here comes AMD showing the way. This time AMD is not playing the "catchup game".
Security wise, it is bad that Intel decided not to copy the NX (No Excute on pages) part as well.The NX is not an AMD invention, of course, but it's very nice that they included it. And who uses this? OpenBSD developers was not very happy with the Intel decision : they actually recommend buying AMD before Intel.
I'm not particularly impressed by your abusive language in lack of real arguments. But since I'm in a friendly mood, but friendless, I might add, I've made you my first abusive Slashdot friend.
Yet again I'm dazzled by your razor sharp intellects ability to rip apart any argument, and to show the world for what it relly is. I'm sure that this unique talent of yours must have been honed to perfection by pondering over the latest Fox News bulletin.
I'm deeply impressed with your thoughtful opinions expressed with such an elevated language. I'm sure we'll all be delighted when you share with us your profound thoughts in your next Slashdot post. Your karma bonus should really +5 so we can be sure that no one can ignore you. Several moderators have already achieved Nirvana and moderated your post to +4 Insightful.
Of course the OS no longer supported by Microsoft, since it's intended to run on PC that in the rich world is "obsolete". Do you think that P4 3.4 GHz with 1GB RAM and DSL line is common i Africa?
Perhaps because the moderator realizes that very many in the world is poor, and has to do with what they have? Btw, as far as I know, Win 2000 is not EOLed. But then again, you don't run obsolete and old software when you can have shiny new XP to impress your friends?
There are several organizations that work to introduce IT in the third world (and elsewhere, of course), and they of course can't buy cracked versions of Windows.
Quite the contrary! WinME can run on the older hardware that is available on many countries, and on those PC's *BSD/Linux runs just fine. Actually, there is a UN program for introducing IT in Afghanistan that uses old hardware and software from FSF. Win2000 won't run nicely on those machines, but Linux will.....
When I first saw your post, I thought you where just another Slashdot troll, and did not reply. If it was not a troll, then I must say that your reasons and methology is superficial. I would not trust your jugdement based upon this, nor should your managers.
The new port Xen virtual machine monitor for i386 sure looks interesting. The guest OS has to be ported to the Xen architecture, though.