What would be awesome would be a linux distrib that has the same ease of upgrading that is possible with freebsd. Basically my/usr/src is a cvs checkout of the 4.4-STABLE cvs tree. I can update it when I want to via cvsup to the FreeBSD cvsup mirrors./usr/src contains the kernel and userland. It is really nice in terms of upgrading and it is possible to go from 4.4 to 4.5 and up with relative ease compared to getting out the ISO images on most other linux distribs. Debian comes close to this but in a much different way that is very top heavy in terms of people assembling packages, etc. I much prefer having ports and cvsup...
MAXUSERS was apparently tweaked. It is always set to 32 in the GENERIC kernel example. Why would it be changed downwards? This is not an example of some odd variable but rather one of the essential core items...
How do you upgrade from one release of Slackware to another? Is there a code repository like FreeBSD's where you can cvsup and make the kernel and userland? I'm assuming not but I don't know - it's a been a while since I used Slackware.
I'm not putting down Slack. Just wondering... It was my first distribution and I remember going from a.out to elf on it by myself (with a guide). It was a great experience.
I too had a similar experience but I've moved from Slackware->RedHat & Mandrake->Debian->Debian(desktops) & FreeBSD (servers) & OpenBSD (some tasks). This was of course over many years and there was a half year break between slack and redhat (went to redhat to see what all the hubub was about).
Debian testing or unstable is great on my laptop and desktop machines. FreeBSD is great on my servers. It's a win win situation.
Be sure to cvsup to 4.4-CURRENT and make a custom kernel and buildworld (just noting this for other people considering FreeBSD) and also if you use IDE drives edit/boot/loader.conf and put in:
hw.ata.atapi_dma=1
hw.ata.ata_dma=1
to enable DMA (have to reboot too)...
I could go on about how FreeBSD is simply less work than Debian to admin for a server (when you want current releases of apache, samba, etc) but I'd be preaching to the masses. Lets just say that you owe it to yourself to try both Debian and FreeBSD and see which you like better. Only you can make the right choice based on your needs...
For me it was FreeBSD.
An example: I'm upgrading a server from FreeBSD 4.0-RELEASE-CLIENT-2. It's a bit convoluted to get up to 4.4-STABLE but it can be done with cvsup and make. That's part of the beauty of FreeBSD...
I've heard rumors that with Netfilter you can have a firewall+NAT that allows external people to FTP in? Is that true? Something about stateless? I know this is possible with ipfilter but it is a pain in the ass. Would this also allow other programs that need to get in from the outside like certain instant messenger clients work?
Why would you think that? They typically don't appear to read the linked-to stories submitted before making glib and inaccurate comments, so why should 'Ask Slashdot' get special treatment? You must be mistaking this place for a source of reliable information.
Will Alan Cox's choice to not unveil security changes in the kernel changelog potentially affect other developers?
Once again a valid question modded as "Troll." Moderators that moderate based on personal vendettas rather than proper moderation protocol should be taken out back and shot. If you moderated the parent as "-1, Troll" you sir are an idiot. Go read the moderators guide and make sure you know the facts before you moderate based on your inexperience. Allan Cox did choose to keep certain security fixes to the kernel out of the US change log due to potential conflicts with the DMCA. He made the decision. Now other people want to question it. Wise up moderators.
How can something be impossible to document? If the person understands the problem well enough to write the code, they should be able to express the same thoughts and intentions in English comments.
When you write code you write for a specific standard (or compiler or interpreter) but when you write English you write for unknown. Descriptions could at some point get more lengthy than code. Would that be bad? I don't know. I'd rather have the information than not, personally. But I can see why bibles of information are kept out of the kernel.
Er... Reality? It is always that even numbers are stable and odd are development. Alan merely used the version number of the kernel he was patching (essential information for the users of the -ac line!).
Are you asking where the kernel number came from because it is so high? Did you look at kernel.org to see the archive of all the old kernels down to 1.x? There was a.xx line too of course. Those numbers are just increments up to today.
I parse your question but it seems like you either left some essential component of your question out or I'm missing something... By all means clarify your question if you aren't getting the answers you seek.
Oh that's great. Mod down a valid comment. I'm pointing out that the poster didn't read the whole comment or, if he or she did, they choose to ignore the part of the post they decided to reply too. Why? I dunno... Don't confuse my sig with the post. Stupid moderators.
If by switching to something else you can make your problem several times easier, then the cost of training every good candidate vs. sticking to your old ways is essentially negative!
So everyone bitched about this and didn't even find out this simple fact? It sounds like Connectiva is doing just fine with all the options. Mod this guy up!
Also, contrary to popular opinion, 2.4 ain't perfect, so it's good to be able to choose 2.2 if you need it.
I don't think you have to worry about anyone thinking 2.4 is perfect at the moment. Personally I'm getting excited now that the linus and ac branch are merging down and 2.5 is going to start soon. But of course all these changes means we'll have to wait a bit longer until we know 2.4 is edging towards well done.
I use ssh forwarding to take care of this. My outlook express looks at localhost for the IMAP server. I then use TeraTerm SSH to ssh into my home system. TTSSH is set up to forward the local imap port to the imap port on my machine. SSH forwarding has done wonders for closing down ports on my firewall.
That is a good point. I did know about SSH forwarding but I didn't think of using it in this case. The bonus of leaving all those ports closed to the outside world is very attractive. Thanks!
Because Joe Home User has no hope of being able to set up and use IPsec securely anytime soon
Good point. But...
Because IPsec does almost nothing to help protect your system or network from attack. (so what you have no cleartext data for someone to sniff? Someone can still hack your lan and your system)
How exactly are they going to be hacking the LAN? Grabbing IP addresses? That can be fixed... Nothing will be 100% but at least it'll be much much better than it is now.
Because there's an immense installed base of devices and systems with no IPsec support
Sure is... But...
Because there's more to the world than IP
No there isn't. Least not anything that I care about... But seriously - what other protocols do you think are important today?
Of course Joe Home User is going to be screwed but IPSec can be simplified extensively it shouldn't be a problem. The devices that don't support IPSec are almost worthless to Joe Home User so just toss 'em. Have an Ad-Hoc network using IPSec with Windows and they should be fine. Sure people without any brains or interest will have problems but what else is new? If they get hacked and their data is important they'll pay someone to fix it.
As I understand it IPSec can solve most of the security problems. Sure it would be nice if the specs were updated for 802.11b and new firmware was released to fix this security prolems but *RIGHT NOW* there isn't anything else. What are *YOU* going to do right now to stop people from sniffing your WEP encoded passwords (in my case my password is in cleartext when sent to my UW IMAP server, of course I'm moving to something else but in the meantime)...
I would agree that 802.11* security needs to be greatly enhanced but in the meantime IPSec is a viable option for many people. And it is a available right now.
The idea is put the ISA to PCMCIA adapter in a computer running some sort of *nix (mine is in a FreeBSD 4.4-STABLE server) and put one of the 802.11b cards in there. Then put the other card in the laptop (in my case the laptop is running Debian unstable). It works great in IBSS Ad-Hoc mode. I happen to be using Dell TrueMobile cards (rebranded Orinoco) with 128 bit WEP but knowing what I know about WEP now and how cheap the 64 bit WEP Orinoco cards are, I would simply buy the 64 bit WEP ones and run a secure protocol like IPSec on top. I'm planning to do this but I have to find the time to figure out how to get Linux w/ FreeSwan to talk to FreeBSD's IPSec (or find a nice easy HOWTO, links appreciated).
Also it is nice to have the real Orinoco cards instead of the rebranded ones because the Orinoco firmware flasher won't flash cards not branded as Orinoco. So I can't flash my Dell TrueMobile cards to the lastest Orinoco firmware. Hopefully someone will come out with a hack...
IPSec. Why waste your time with anything else? I really want a guide for getting Linux with FreeSwan to talk to FreeBSDs IPSec (using racoon?). There are a number of guides to getting IPSec working on Windows 2000, FreeBSD, OpenBSD, etc... Here are a few links:
Why does IPSec with Linux seem like such a hack? FreeSwan is pretty annoying - why don't they just get IPSec into the kernel and go from there? Instead there appears to be a megapatch. It just makes me nervous. It's probably ok but man... Also, while I'm bitching, IPSec is a bit of a pain - or at least the implementations are. It doesn't need to be this complicated.
802.11b card: $59.95 (2x$59.95 + $12.95 shipped: $132.85)
ISA to PCMCIA adapter: $24 ($24 + $8 shipped: = $32)
$164.85
So maybe a bit pricey compared to two good PCI 10/100 NICs but it isn't all that bad...
note: I have no relation to the eBay deal for the PCMCIA to ISA adapters but I did buy two and they work great with freebsd (haven't tried it with linux yet but it should be fine, will try soon). Also the eBay sale is $24 buy it now with 200 there, it isn't an auction. That guy also seems to sell some interesting 802.11 antennas (see his ebay store).
Slashdot Mirror
Be sure to cvsup to 4.4-CURRENT...
Ahhh! Sorry, that should be 4.4-STABLE! My bad...
And the same holds true for GNU/Linux.
/usr/src is a cvs checkout of the 4.4-STABLE cvs tree. I can update it when I want to via cvsup to the FreeBSD cvsup mirrors. /usr/src contains the kernel and userland. It is really nice in terms of upgrading and it is possible to go from 4.4 to 4.5 and up with relative ease compared to getting out the ISO images on most other linux distribs. Debian comes close to this but in a much different way that is very top heavy in terms of people assembling packages, etc. I much prefer having ports and cvsup...
What would be awesome would be a linux distrib that has the same ease of upgrading that is possible with freebsd. Basically my
MAXUSERS was apparently tweaked. It is always set to 32 in the GENERIC kernel example. Why would it be changed downwards? This is not an example of some odd variable but rather one of the essential core items...
How do you upgrade from one release of Slackware to another? Is there a code repository like FreeBSD's where you can cvsup and make the kernel and userland? I'm assuming not but I don't know - it's a been a while since I used Slackware.
I'm not putting down Slack. Just wondering... It was my first distribution and I remember going from a.out to elf on it by myself (with a guide). It was a great experience.
I too had a similar experience but I've moved from Slackware->RedHat & Mandrake->Debian->Debian(desktops) & FreeBSD (servers) & OpenBSD (some tasks). This was of course over many years and there was a half year break between slack and redhat (went to redhat to see what all the hubub was about).
/boot/loader.conf and put in:
Debian testing or unstable is great on my laptop and desktop machines. FreeBSD is great on my servers. It's a win win situation.
Be sure to cvsup to 4.4-CURRENT and make a custom kernel and buildworld (just noting this for other people considering FreeBSD) and also if you use IDE drives edit
hw.ata.atapi_dma=1
hw.ata.ata_dma=1
to enable DMA (have to reboot too)...
I could go on about how FreeBSD is simply less work than Debian to admin for a server (when you want current releases of apache, samba, etc) but I'd be preaching to the masses. Lets just say that you owe it to yourself to try both Debian and FreeBSD and see which you like better. Only you can make the right choice based on your needs...
For me it was FreeBSD.
An example: I'm upgrading a server from FreeBSD 4.0-RELEASE-CLIENT-2. It's a bit convoluted to get up to 4.4-STABLE but it can be done with cvsup and make. That's part of the beauty of FreeBSD...
I've heard rumors that with Netfilter you can have a firewall+NAT that allows external people to FTP in? Is that true? Something about stateless? I know this is possible with ipfilter but it is a pain in the ass. Would this also allow other programs that need to get in from the outside like certain instant messenger clients work?
That's the kind of stuff that is interesting...
Why would you think that? They typically don't appear to read the linked-to stories submitted before making glib and inaccurate comments, so why should 'Ask Slashdot' get special treatment? You must be mistaking this place for a source of reliable information.
Hey, quit shattering the illusion!
Hei Dolphin and Whale are not fish !
They are mammals....
Doh! Good point. 100 lashes with a wet noodle I will take.
The funny thing is your post is "Insightful" while the your parent post is "Funny." Shouldn't it be the opposite way around?
But if I take your post seriously - say he answered the question, what would your evaluation be on the following responses:
1) Discus
2) Corydora
3) Salmon
4) Dolphin
5) Blowfish
6) Whale
7) Minnow
8) Piranha
Will Alan Cox's choice to not unveil security changes in the kernel changelog potentially affect other developers?
Once again a valid question modded as "Troll." Moderators that moderate based on personal vendettas rather than proper moderation protocol should be taken out back and shot. If you moderated the parent as "-1, Troll" you sir are an idiot. Go read the moderators guide and make sure you know the facts before you moderate based on your inexperience. Allan Cox did choose to keep certain security fixes to the kernel out of the US change log due to potential conflicts with the DMCA. He made the decision. Now other people want to question it. Wise up moderators.
Will you be following Alan Cox's lead by withholding security patch information from the kernel Changelogs?
How is this flamebait? Come one now, stupid moderators. At least the smart moderators modded up. Good question and I hope it does get answered.
How can something be impossible to document? If the person understands the problem well enough to write the code, they should be able to express the same thoughts and intentions in English comments.
When you write code you write for a specific standard (or compiler or interpreter) but when you write English you write for unknown. Descriptions could at some point get more lengthy than code. Would that be bad? I don't know. I'd rather have the information than not, personally. But I can see why bibles of information are kept out of the kernel.
Er... Reality? It is always that even numbers are stable and odd are development. Alan merely used the version number of the kernel he was patching (essential information for the users of the -ac line!).
.xx line too of course. Those numbers are just increments up to today.
Are you asking where the kernel number came from because it is so high? Did you look at kernel.org to see the archive of all the old kernels down to 1.x? There was a
I parse your question but it seems like you either left some essential component of your question out or I'm missing something... By all means clarify your question if you aren't getting the answers you seek.
What is up with your version number? 2.3.1? Why?
Oh that's great. Mod down a valid comment. I'm pointing out that the poster didn't read the whole comment or, if he or she did, they choose to ignore the part of the post they decided to reply too. Why? I dunno... Don't confuse my sig with the post. Stupid moderators.
If by switching to something else you can make your problem several times easier, then the cost of training every good candidate vs. sticking to your old ways is essentially negative!
Can't we just all get along? :-) Other than his dislike for distributors (does he roll his own?) DJB seems like a cool guy.
I thought so too once but then I watched him bang his ahead against the wall on one of the OpenBSD mailing lists.
Repeatedly.
Someone who hits their head that often surely has a few problems...
So everyone bitched about this and didn't even find out this simple fact? It sounds like Connectiva is doing just fine with all the options. Mod this guy up!
Also, contrary to popular opinion, 2.4 ain't perfect, so it's good to be able to choose 2.2 if you need it.
I don't think you have to worry about anyone thinking 2.4 is perfect at the moment. Personally I'm getting excited now that the linus and ac branch are merging down and 2.5 is going to start soon. But of course all these changes means we'll have to wait a bit longer until we know 2.4 is edging towards well done.
I use ssh forwarding to take care of this. My outlook express looks at localhost for the IMAP server. I then use TeraTerm SSH to ssh into my home system. TTSSH is set up to forward the local imap port to the imap port on my machine. SSH forwarding has done wonders for closing down ports on my firewall.
That is a good point. I did know about SSH forwarding but I didn't think of using it in this case. The bonus of leaving all those ports closed to the outside world is very attractive. Thanks!
Sounds tasty. I'll have to give it a try. Thanks.
Because Joe Home User has no hope of being able to set up and use IPsec securely anytime soon
Good point. But...
Because IPsec does almost nothing to help protect your system or network from attack. (so what you have no cleartext data for someone to sniff? Someone can still hack your lan and your system)
How exactly are they going to be hacking the LAN? Grabbing IP addresses? That can be fixed... Nothing will be 100% but at least it'll be much much better than it is now.
Because there's an immense installed base of devices and systems with no IPsec support
Sure is... But...
Because there's more to the world than IP
No there isn't. Least not anything that I care about... But seriously - what other protocols do you think are important today?
Of course Joe Home User is going to be screwed but IPSec can be simplified extensively it shouldn't be a problem. The devices that don't support IPSec are almost worthless to Joe Home User so just toss 'em. Have an Ad-Hoc network using IPSec with Windows and they should be fine. Sure people without any brains or interest will have problems but what else is new? If they get hacked and their data is important they'll pay someone to fix it.
As I understand it IPSec can solve most of the security problems. Sure it would be nice if the specs were updated for 802.11b and new firmware was released to fix this security prolems but *RIGHT NOW* there isn't anything else. What are *YOU* going to do right now to stop people from sniffing your WEP encoded passwords (in my case my password is in cleartext when sent to my UW IMAP server, of course I'm moving to something else but in the meantime)...
I would agree that 802.11* security needs to be greatly enhanced but in the meantime IPSec is a viable option for many people. And it is a available right now.
A few more details:
The idea is put the ISA to PCMCIA adapter in a computer running some sort of *nix (mine is in a FreeBSD 4.4-STABLE server) and put one of the 802.11b cards in there. Then put the other card in the laptop (in my case the laptop is running Debian unstable). It works great in IBSS Ad-Hoc mode. I happen to be using Dell TrueMobile cards (rebranded Orinoco) with 128 bit WEP but knowing what I know about WEP now and how cheap the 64 bit WEP Orinoco cards are, I would simply buy the 64 bit WEP ones and run a secure protocol like IPSec on top. I'm planning to do this but I have to find the time to figure out how to get Linux w/ FreeSwan to talk to FreeBSD's IPSec (or find a nice easy HOWTO, links appreciated).
Also it is nice to have the real Orinoco cards instead of the rebranded ones because the Orinoco firmware flasher won't flash cards not branded as Orinoco. So I can't flash my Dell TrueMobile cards to the lastest Orinoco firmware. Hopefully someone will come out with a hack...
IPSec. Why waste your time with anything else? I really want a guide for getting Linux with FreeSwan to talk to FreeBSDs IPSec (using racoon?). There are a number of guides to getting IPSec working on Windows 2000, FreeBSD, OpenBSD, etc... Here are a few links:
How to setup IPsec interoperable for Linux, OpenBSD and PGPNet
Replacing WEP With IPsec
Why does IPSec with Linux seem like such a hack? FreeSwan is pretty annoying - why don't they just get IPSec into the kernel and go from there? Instead there appears to be a megapatch. It just makes me nervous. It's probably ok but man... Also, while I'm bitching, IPSec is a bit of a pain - or at least the implementations are. It doesn't need to be this complicated.
802.11b card: $59.95 (2x$59.95 + $12.95 shipped: $132.85)
ISA to PCMCIA adapter: $24 ($24 + $8 shipped: = $32)
$164.85
So maybe a bit pricey compared to two good PCI 10/100 NICs but it isn't all that bad...
note: I have no relation to the eBay deal for the PCMCIA to ISA adapters but I did buy two and they work great with freebsd (haven't tried it with linux yet but it should be fine, will try soon). Also the eBay sale is $24 buy it now with 200 there, it isn't an auction. That guy also seems to sell some interesting 802.11 antennas (see his ebay store).