Has FreeBSD been ported to little-endian machines before?
Um, yes... The x86.:-)
I think you meant to say big-endian machines, and the answer is still yes - the Dec/Compaq/HP Alpha was FreeBSD's second platform (if you don't count PC98 since that's still x86). 5.0 will add Sparc64 and PPC.
The only drivers that would need work would be for on-board devices. Presumably it has PCI slots, and any PCI devices supported on FreeBSD x86 should work just fine on any other platform (modulo bugs). So what sort of on-board devices do these things have? Anything more exotic than ATA, USB or Firewire controllers (which are likely to be well supported)?
I did read the article. A couple paragraphs before your selected quotation it says this:
How do you provide open source without escrow, yet protect what we are documenting up front as out intellectual property rights in the ownership of this code? (Emphasis mine)
My statement was in response to that use of the term "open source" to describe what clearly is not open source.
Open source implies that they have all the rights you specifically say that they will not be granted. Your scheme is closer to Microsoft's Shared Source scheme, or what we often refer to as "source under glass" - Look, but don't touch. Source, yes; open, no.
I'm sure there will be those here who will take an activistic viewpoint and urge you to do something different. I will not. You have every right to release code under any terms and conditions you may legally obtain, and more power to you. But my opinion is that you ought not use the phrase "open source" unless it meets the OSI mark requirements (which your plan most certainly would not).
The only reason I the only reason use Linux over FreeBSD WAS;) hardware accelerated graphics.
I've always done really well (on FreeBSD) with Matrox. They're not the fastest, but they're the best supported, so far as I can tell. On Windows I've had a history of issues with Matrox, but on *nix, they can't be touched for stability.
I'm sure someone will report that they get better than 27 fps @32 bpp 800x600 in bzflag, but this machine only has an old G450.
You should not run _any_ production system with the NVidia drivers,they are the cause of the most system crashes. Not even for the tried and tested GNU/Linux platform:(
I have found this to be true even on windows! I have a Dell C810 at the office that got upgraded to XP (I had to run XP as I had to develop an NDIS protocol module that would run on XP. Long story). I have no end of graphics trouble with it. I wind up with some sort of corruption that causes either a BSOD, a hang or an unrecoverable video corruption 2-3 times per day. It's not hardware. We've swapped that out a couple times, and others reported the same problems. Dell just shrugs and points out (truthfully) that win2k (the OS that was shipped with the machine) works just fine and that they don't support user installed software upgrades.
I heard a rumor once that some large double-digit percentage (I believe the figure I heard was 20%) of the XP BSOD "talkback" reports that Redmond has received so far have been traced to nVidia drivers. If true, I would not be surprised at all.
Re:All I want is a USB 2.0 or Firewire tuner.
on
Review: EyeTV
·
· Score: 2
It's not quite the same product, but there are a few analog-video-to-DV-over-firewire products. Dazzle makes a Hollywood DV Bridge, Miglia makes one as well (that looks nicer). I have the miglia on order and will provide a review when it arrives.
... Or you could join the Thawte web of trust and use S/MIME. The advantage there is that even if you do nothing more than sign up, your e-mail address is verified to belong to you. That alone is more rigorous verification than anything you're guaranteed with a PGP key. Get notarized twice, and your certificate can have your name in it, and those who get e-mail from you will know *exactly* what identity assurance the signature implies. The same can't be said with a signed PGP key. Plus with S/MIME, there is a key expiration mechanism, which insures that the key can't (reasonably) be brute-forced before it becomes useless.
S/MIME support is also more widespread. Why does that matter? Because more folks would be in a position to verify the signature. If you put a link on a download page to an S/MIME message with a mime-type of message/rfc822, browsers that support S/MIME (at least netscape, mozilla, I believe IE) will verify the signature and display the contents with a nice "signed" icon. The contents of the message would be the MD5 sums of the files.
In my youth, I actually transitioned from Apple ][ to Sun. I didn't buy my first PC until 1994 and then only to run FreeBSD on it. I was a big fan of Suns for a long time, which was tough to do given the pricing.
I wound up at one point doing some contracting for Axil. I still remember those days fondly. Among other products, Axil made a board called the Axilerate which was a drop-in replacement for the Sparcstation 1, 1+ or 2 motherboard which featured a Microsparc 2 CPU. In essence, you could upgrade your machine to the equivalent of a Sparcstation 5. I thought it was a great product (obviously modern machines are on a whole different level). Axil didn't have any sort of employee/contractor purchase program. I actually had to go to a reseller to buy my Axilerate board.
It was a shame when the asian flu hit Hyundai, which was Axil's parent company. In a cost-cutting measure, Hyundai shuttered Axil, which at the time was the #2 manufacturer of Sparc based computers (#3 was almost as far behind Axil as Axil was from Sun).
The quintessential book about stories like this is called "Set Phasers on Stun" by Steven M. Casey (ISBN 0963617885). If you're interested in tales of this sort, this should be your starting point.
someone else can take the same original PD/BSD code, alter and adapt it, and release it under the GPL or a similar required open-source liscense.
In the case of GPLing a BSD licensed piece of code, it would have to be a modified version of the GPL to take into account the original requirements of the BSD license - that attribution must be given in the documentation and that the BSD copyright notices must not be removed from the source. The BSD license allows you to add restrictions, but you may not remove the ones that were there.
So far as I know, more lawsuits have been filed in defense of the BSD license than the GPL so far.:-)
GPLing software denies the ability for proprietary software makers to touch the software in question. Excluding them from use of such software when it's taxpayer funded is no more fair than if the taxpayer funded software is patented and the patent holder collects royalties (thus making everyone pay twice).
I believe a more fair situation would be if such software were LGPLed. That is, everyone who distributes the software must open-source any modifications they make to the software itself, but need not open-source any software they wrote that is separate but happens to link to (or otherwise use) the taxpayer funded stuff.
but the best manual I know is titled 'Rise and Fall of the Third Reich'.
Which means that Val must certainly play the part of Vidkun Quisling.
(When the Nazis rolled into Norway, Quisling was the stooge they appointed to run the place for them. His name has become the word used to describe such a person)
Microsoft, like all game manufacturers, has adopted the Gillette marketing model - sell the handle at a loss and make it up charging more for the blades. In this case, Microsoft takes a substantial loss on the box, but gets a piece of every game sold. How do they get a piece of every game sold? Because no game will work on an Xbox that they don't (cryptographically) sign.
If Microsoft allowed an open bootloader of any kind on the Xbox, then their control, and hence their revenue stream, would disappear. The only way I can see that scenario working for them is if they charged a huge amount for the open bootloader - enough to make up for their lost revenue stream for the unit in which that bootloader would be used.
But if they charged that much for the bootloader, then the combined cost of the Xbox and bootloader would no longer be quite so competitive against an ordinary PC, so who would buy the boot loader? At that point, you've just got a very weird PC. What would be the purpose, except for the usual "Geek Mt. Everest" syndrome?
If someone made a mod chip that specifically excluded the ability to boot copied game disks, but allowed booting unsigned disks or out-of-region disks, it would be much harder for Microsoft to argue the illegality of it. I have no idea if such a thing is possible or not, but so long as the mod chips allow booting copied games, then the DMCA figures prominently.
the last thing I want to do is make it easy for hosts on the outside to have unrestricted access to the devices on the inside.
You continue to be confused because you imply that a lack of NAT provides "unrestricted access" to the devices on the inside. I put it to you that a stateful firewall is equally as effective at securing a network without complicating desired peer-to-peer connectivity.
And if you do not desire any peer-to-peer connectivity, then you don't really want the Internet, you want AOL.
Firewalls are good. I in no way suggested that people should not have a firewall. What I am saying is that NAT is a terrible thing because it makes peer to peer communication rediculously more cumbersome (or even impossible) even if I, as an administrator (whether you want to call them that or not, anyone who owns one of those little NAT routers is that router's administrator), want to allow some forms of it.
Even more to the point is that nowadays it is *trivial* to set up an IPv6 intranet as long as you have at least one publicly reachable IPv4 address - using 6to4. With 6to4 you can have 65536 networks with 2^64 hosts behind a single IPv4 address, and with RFC 3068 you can simply set your default router to 2002:c058:6301:: and reach non-6to4 addresses. There's no longer any need for any coordination or variable configuration. It just magically works.
There's certainly no technical reason the likes of Linksys or Netgear cannot include basic 6to4 functionality in their products *right now*.
NAT is an anathema to a truly connected Internet, where there is true peer to peer connectivity (this is not about peer to peer filesharing. There's far more you can do peer to peer than that). Because I have IPv6 connectivity at home and at work, I can ssh from one place to the other despite the fact that both places have IPv4 NATs that actually use the *same* IPv4 address space. It's magically delicious!
When people talk about software security, they're putting the cart before the horse. Security is a metaphor for quality. Every time a vulnerability exists, it is because of some sort of an error. This is true almost by definition.
Microsofts products are not crappy because they are insecure. They are insecure because they are crappy.
If you take the article in question and substitute the word "Quality" for "Security," it becomes a much more truthful statement of what's really going on. Microsoft never cared about quality because they had a monopoly. Their overriding concern has never been quality, it's been in maintenance of their monopoly position. So they've shoehorned in any new feature that has shown any promise of being a technology that they can monopolize down the road or that can comoditize the work of a competitor and thus help drive them out of business.
I would recommend making the CA certificate's key absurdly large, say, 16384 bits long, particularly if you want it to last 30+ years.
The idea is that this is the thing the users are going to have to all import into their browsers. You don't want to make them do it more than once. But the whole reason keys expire is that with concerted effort over time they can be factored. So you need to make the key length proportional to the expiration period in at least an attempt to insure that the key will remain secure over its lifespan.
The server cert should have a much smaller key, say a kilobit, because it's used a lot more than the CA cert (validating a server cert will be "hard" because its signed by a 16 kilobit key, but once it's done, the certificate is known-good as long as it remains valid), but because of that it should expire anually. But since you have a long-lived CA cert key, the users won't have to do anything when you do replace the server cert.
Of course, all of this is tempered by how paranoid you need (or want) to be.
Anyone with a copy of openssl can be their own CA. I won't go into tremendous detail, but the end result for the end user is that they will need to import the CA certificate once, and so long as you make that certificate last a long time (which implies that it must be a very large key so as to be cryptographically secure over its lifespan), the actual machine certificates can be recreated anually without requiring the users to approve new keys.
It's also nice to be able to set up multiple hosts or hostnames with certificates. It's truly a one-stop shop.
Of course, the security of the situation is similar to SSH - the first time you connect to an SSH server (or in this case, when the users click on the link to load the CA certificate), they don't have any guarantee that they're not being misled by a monkey-in-the-middle. That, for the most part, is the only thing the $x00 / year and/or the scary browser warnings really buy you.
My site doesn't do any e-commerce, but I do have some users who use Squirrelmail over HTTPS with such a setup. I've gotten no complaints from them about having to add the CA cert. And when I go visit someone else's house, it's sort of second nature for me to add the CA cert to their browser so that when I visit in the future I won't have to do it again.:-)
Somewhere on the net I heard about a PCI VGA card... that isn't one. It *emulates* a VGA card but actually has a serial port. http://www.bsdmall.com/console.html. It's not *quite* under your price point, but it's pretty close.
There's another angle that was missed by the article as well. Look at it also from the player's point of view.
It used to be 5 balls for a quarter. Then it got to be 3. Then they started pushing the flippers further apart. Then they angled the table higher. Then they aimed more of the ramps and features straight down the outhole.
They simply lowered the fun:$ ratio too far. Stepping up to a new video game, I feel like I just have a better chance to play longer than a new pinball game. That wasn't always the case.
When someone puts a quarter in and only gets to play for 30 seconds, that someone will feel like they got cheated, not challenged.
PPPoE is very easy to set up. Just take the cheapest PC you can get your hands on, give it 2 ethernet ports, set up FreeBSD on it and have it start pppoed when it boots. You'll be setting up ppp pretty much the same as if you were going to be offering dialup. It just magically works.
In fact, you can go one step further if you like -- FreeBSD includes a 'hostap' mode for PrismII 802.11b cards. This means that you don't even need an access point - just plug the omni at the center into the 802.11b card and off you go.
IN FACT, you could go even one step further than THAT. There are T1 cards you can get that work with FreeBSD, so your el-cheapo PC-made-router can do it all - take the T1 in, do some firewalling if you like, be the access point for the wLAN, even set up a mail and web server on it if you like. The whole thing could be made into a 1U (if your 1U case can handle 2 PCI cards. If not, then certainly you could do it with a 2U case).
Slashdot Mirror
Um, yes... The x86. :-)
I think you meant to say big-endian machines, and the answer is still yes - the Dec/Compaq/HP Alpha was FreeBSD's second platform (if you don't count PC98 since that's still x86). 5.0 will add Sparc64 and PPC.
Because it would cost less.
Of course, that presumes your time and hacking effort is free, but for most /.ers, I suspect it is.
The only drivers that would need work would be for on-board devices. Presumably it has PCI slots, and any PCI devices supported on FreeBSD x86 should work just fine on any other platform (modulo bugs). So what sort of on-board devices do these things have? Anything more exotic than ATA, USB or Firewire controllers (which are likely to be well supported)?
FreeBSD 5.0 will have a PPC port. I wonder if it will run on this hardware? I imagine the only requirement is an OpenFirmware BIOS for booting.
How do you provide open source without escrow, yet protect what we are documenting up front as out intellectual property rights in the ownership of this code? (Emphasis mine)
My statement was in response to that use of the term "open source" to describe what clearly is not open source.
Open source implies that they have all the rights you specifically say that they will not be granted. Your scheme is closer to Microsoft's Shared Source scheme, or what we often refer to as "source under glass" - Look, but don't touch. Source, yes; open, no.
I'm sure there will be those here who will take an activistic viewpoint and urge you to do something different. I will not. You have every right to release code under any terms and conditions you may legally obtain, and more power to you. But my opinion is that you ought not use the phrase "open source" unless it meets the OSI mark requirements (which your plan most certainly would not).
I've always done really well (on FreeBSD) with Matrox. They're not the fastest, but they're the best supported, so far as I can tell. On Windows I've had a history of issues with Matrox, but on *nix, they can't be touched for stability.
I'm sure someone will report that they get better than 27 fps @32 bpp 800x600 in bzflag, but this machine only has an old G450.
I have found this to be true even on windows! I have a Dell C810 at the office that got upgraded to XP (I had to run XP as I had to develop an NDIS protocol module that would run on XP. Long story). I have no end of graphics trouble with it. I wind up with some sort of corruption that causes either a BSOD, a hang or an unrecoverable video corruption 2-3 times per day. It's not hardware. We've swapped that out a couple times, and others reported the same problems. Dell just shrugs and points out (truthfully) that win2k (the OS that was shipped with the machine) works just fine and that they don't support user installed software upgrades.
I heard a rumor once that some large double-digit percentage (I believe the figure I heard was 20%) of the XP BSOD "talkback" reports that Redmond has received so far have been traced to nVidia drivers. If true, I would not be surprised at all.
It's not quite the same product, but there are a few analog-video-to-DV-over-firewire products. Dazzle makes a Hollywood DV Bridge, Miglia makes one as well (that looks nicer). I have the miglia on order and will provide a review when it arrives.
... Or you could join the Thawte web of trust and use S/MIME. The advantage there is that even if you do nothing more than sign up, your e-mail address is verified to belong to you. That alone is more rigorous verification than anything you're guaranteed with a PGP key. Get notarized twice, and your certificate can have your name in it, and those who get e-mail from you will know *exactly* what identity assurance the signature implies. The same can't be said with a signed PGP key. Plus with S/MIME, there is a key expiration mechanism, which insures that the key can't (reasonably) be brute-forced before it becomes useless.
S/MIME support is also more widespread. Why does that matter? Because more folks would be in a position to verify the signature. If you put a link on a download page to an S/MIME message with a mime-type of message/rfc822, browsers that support S/MIME (at least netscape, mozilla, I believe IE) will verify the signature and display the contents with a nice "signed" icon. The contents of the message would be the MD5 sums of the files.
In my youth, I actually transitioned from Apple ][ to Sun. I didn't buy my first PC until 1994 and then only to run FreeBSD on it. I was a big fan of Suns for a long time, which was tough to do given the pricing.
I wound up at one point doing some contracting for Axil. I still remember those days fondly. Among other products, Axil made a board called the Axilerate which was a drop-in replacement for the Sparcstation 1, 1+ or 2 motherboard which featured a Microsparc 2 CPU. In essence, you could upgrade your machine to the equivalent of a Sparcstation 5. I thought it was a great product (obviously modern machines are on a whole different level). Axil didn't have any sort of employee/contractor purchase program. I actually had to go to a reseller to buy my Axilerate board.
It was a shame when the asian flu hit Hyundai, which was Axil's parent company. In a cost-cutting measure, Hyundai shuttered Axil, which at the time was the #2 manufacturer of Sparc based computers (#3 was almost as far behind Axil as Axil was from Sun).
The quintessential book about stories like this is called "Set Phasers on Stun" by Steven M. Casey (ISBN 0963617885). If you're interested in tales of this sort, this should be your starting point.
In the case of GPLing a BSD licensed piece of code, it would have to be a modified version of the GPL to take into account the original requirements of the BSD license - that attribution must be given in the documentation and that the BSD copyright notices must not be removed from the source. The BSD license allows you to add restrictions, but you may not remove the ones that were there.
So far as I know, more lawsuits have been filed in defense of the BSD license than the GPL so far. :-)
GPLing software denies the ability for proprietary software makers to touch the software in question. Excluding them from use of such software when it's taxpayer funded is no more fair than if the taxpayer funded software is patented and the patent holder collects royalties (thus making everyone pay twice).
I believe a more fair situation would be if such software were LGPLed. That is, everyone who distributes the software must open-source any modifications they make to the software itself, but need not open-source any software they wrote that is separate but happens to link to (or otherwise use) the taxpayer funded stuff.
but the best manual I know is titled 'Rise and Fall of the Third Reich'.
Which means that Val must certainly play the part of Vidkun Quisling.
(When the Nazis rolled into Norway, Quisling was the stooge they appointed to run the place for them. His name has become the word used to describe such a person)
If Microsoft allowed an open bootloader of any kind on the Xbox, then their control, and hence their revenue stream, would disappear. The only way I can see that scenario working for them is if they charged a huge amount for the open bootloader - enough to make up for their lost revenue stream for the unit in which that bootloader would be used.
But if they charged that much for the bootloader, then the combined cost of the Xbox and bootloader would no longer be quite so competitive against an ordinary PC, so who would buy the boot loader? At that point, you've just got a very weird PC. What would be the purpose, except for the usual "Geek Mt. Everest" syndrome?
If someone made a mod chip that specifically excluded the ability to boot copied game disks, but allowed booting unsigned disks or out-of-region disks, it would be much harder for Microsoft to argue the illegality of it. I have no idea if such a thing is possible or not, but so long as the mod chips allow booting copied games, then the DMCA figures prominently.
You continue to be confused because you imply that a lack of NAT provides "unrestricted access" to the devices on the inside. I put it to you that a stateful firewall is equally as effective at securing a network without complicating desired peer-to-peer connectivity.
And if you do not desire any peer-to-peer connectivity, then you don't really want the Internet, you want AOL.
Do not confuse NAT with firewalls, grasshopper.
Firewalls are good. I in no way suggested that people should not have a firewall. What I am saying is that NAT is a terrible thing because it makes peer to peer communication rediculously more cumbersome (or even impossible) even if I, as an administrator (whether you want to call them that or not, anyone who owns one of those little NAT routers is that router's administrator), want to allow some forms of it.
Even more to the point is that nowadays it is *trivial* to set up an IPv6 intranet as long as you have at least one publicly reachable IPv4 address - using 6to4. With 6to4 you can have 65536 networks with 2^64 hosts behind a single IPv4 address, and with RFC 3068 you can simply set your default router to 2002:c058:6301:: and reach non-6to4 addresses. There's no longer any need for any coordination or variable configuration. It just magically works.
There's certainly no technical reason the likes of Linksys or Netgear cannot include basic 6to4 functionality in their products *right now*.
NAT is an anathema to a truly connected Internet, where there is true peer to peer connectivity (this is not about peer to peer filesharing. There's far more you can do peer to peer than that). Because I have IPv6 connectivity at home and at work, I can ssh from one place to the other despite the fact that both places have IPv4 NATs that actually use the *same* IPv4 address space. It's magically delicious!
When people talk about software security, they're putting the cart before the horse. Security is a metaphor for quality. Every time a vulnerability exists, it is because of some sort of an error. This is true almost by definition.
Microsofts products are not crappy because they are insecure. They are insecure because they are crappy.
If you take the article in question and substitute the word "Quality" for "Security," it becomes a much more truthful statement of what's really going on. Microsoft never cared about quality because they had a monopoly. Their overriding concern has never been quality, it's been in maintenance of their monopoly position. So they've shoehorned in any new feature that has shown any promise of being a technology that they can monopolize down the road or that can comoditize the work of a competitor and thus help drive them out of business.
The idea is that this is the thing the users are going to have to all import into their browsers. You don't want to make them do it more than once. But the whole reason keys expire is that with concerted effort over time they can be factored. So you need to make the key length proportional to the expiration period in at least an attempt to insure that the key will remain secure over its lifespan.
The server cert should have a much smaller key, say a kilobit, because it's used a lot more than the CA cert (validating a server cert will be "hard" because its signed by a 16 kilobit key, but once it's done, the certificate is known-good as long as it remains valid), but because of that it should expire anually. But since you have a long-lived CA cert key, the users won't have to do anything when you do replace the server cert.
Of course, all of this is tempered by how paranoid you need (or want) to be.
It's also nice to be able to set up multiple hosts or hostnames with certificates. It's truly a one-stop shop.
Of course, the security of the situation is similar to SSH - the first time you connect to an SSH server (or in this case, when the users click on the link to load the CA certificate), they don't have any guarantee that they're not being misled by a monkey-in-the-middle. That, for the most part, is the only thing the $x00 / year and/or the scary browser warnings really buy you.
My site doesn't do any e-commerce, but I do have some users who use Squirrelmail over HTTPS with such a setup. I've gotten no complaints from them about having to add the CA cert. And when I go visit someone else's house, it's sort of second nature for me to add the CA cert to their browser so that when I visit in the future I won't have to do it again.
Somewhere on the net I heard about a PCI VGA card... that isn't one. It *emulates* a VGA card but actually has a serial port. http://www.bsdmall.com/console.html. It's not *quite* under your price point, but it's pretty close.
It used to be 5 balls for a quarter. Then it got to be 3. Then they started pushing the flippers further apart. Then they angled the table higher. Then they aimed more of the ramps and features straight down the outhole.
They simply lowered the fun:$ ratio too far. Stepping up to a new video game, I feel like I just have a better chance to play longer than a new pinball game. That wasn't always the case.
When someone puts a quarter in and only gets to play for 30 seconds, that someone will feel like they got cheated, not challenged.
PPPoE is very easy to set up. Just take the cheapest PC you can get your hands on, give it 2 ethernet ports, set up FreeBSD on it and have it start pppoed when it boots. You'll be setting up ppp pretty much the same as if you were going to be offering dialup. It just magically works.
In fact, you can go one step further if you like -- FreeBSD includes a 'hostap' mode for PrismII 802.11b cards. This means that you don't even need an access point - just plug the omni at the center into the 802.11b card and off you go.
IN FACT, you could go even one step further than THAT. There are T1 cards you can get that work with FreeBSD, so your el-cheapo PC-made-router can do it all - take the T1 in, do some firewalling if you like, be the access point for the wLAN, even set up a mail and web server on it if you like. The whole thing could be made into a 1U (if your 1U case can handle 2 PCI cards. If not, then certainly you could do it with a 2U case).