Um, basing your bets on stastical analysis of your opponents past betting is not "reading" your opponent, its statistical analysis. This is what I am saying, the entirety of online poker is 100% and completely statistics and probability. None of the skill involved in real poker is there. This is why these bots make perfect sense, and do make decent money.
A good player will beat incompetant colluders, sure. But online poker removes too much of the distinction between good and mediocre, and makes collusion much more of a problem. You either know how to play online poker, or you do not. You either analyze the probabilities of people having good hands, and based on the risk/reward you make a bet. Or you are one of those dumbasses who "reads" people that he can't see or hear, and may well be bots, and "feels" things instead of deciding things.
Sorry, a red herring then. The fact is you are acting like being technically competant takes away from your managerial skills, which is complete nonsense.
As I said, I have been an IT manager, and been managed by IT managers. The technically competant ones have without fail, 100% of the time been far better. They were also managerially competant though. As I said, advocating that managers be only half competant is crazy, regardless of which half of their skillset is lacking.
You are still dismissing the fundamental fact that you CANNOT analayze statistics you don't have. I decide if you are good or not based on how good a job you do. That means I need to know what a good job looks like. I call it magic because it would have to be. If you understand what a good job is, then you can certainly use a performance based system to determine who to keep/reward/fire/etc. But if you don't know what a good job is, then you have no reliable data to analyze. You can't see how often joe did good work, because you have no way to know if joe has ever done good work.
And spending a couple hours a week checking to make sure my department has done their tasks correctly is most certainly not something I should be delegating. Delegating it to who? "Hey guys, I want to know if you are doing a good job or not, so check and find out for me will you?". That's a great approach. My job as IT manager is to ensure that everything my department is supposed to take care of is done on time, on budget, and the best way possible for the company. I am responsable to make sure things are done right, and good employees are rewarded. I have to check their projects to find these things out, if I don't do this then I am not doing my job.
And I am not taking your word for anything, this is a matter of opinion, not fact. I am sure some incompetant managers have had good IT departments. I also think that competant managers are likely to do better. And that being technically competant is NOT A BAD THING. Being technically competant does not hinder your management skills in any way, and if you look at other things outside of IT, good managers always know about the jobs of their employees.
Online poker is not poker, its online poker. Reading your opponents is not a part of online poker, you cannot see or hear your opponents. There is no feeling going on, online poker is 100% purely statistics.
This is why the entire online poker fad is so stupid. You have no idea who or what you are playing against, and have no way to tell if they are cheating, and you can't do anything about it even if they are.
And collusion is a big problem, if you think being good can magically make you able to beat people who have more information than you, then you are deluding yourself, plain and simple. The fundamentals of poker are all about trying to guess what cards your opponents may have, based on what cards you know they don't have. In online poker, this is in fact the entire "game". If you have two sixes showing, you could have a good hand. But if I know that bob has a six and joe has a six, then I don't have to guess if you have 3 or 4 of a kind, I know you don't. I can make a much better decision now based on that information.
Huh, I must have imagined the apache part, possibly because of the openbsd part I assumed apache. Sorry.
If lighttpd is missing something (its mod_rewrite isn't as featureful for instance), you can still do fastcgi PHP with apache, and it will use less RAM than giving everyone their own apache.
It ate my comment, so here's a short version. You said apache, therefore its an apache question, pretty simple. And I didn't interpret it as an attack on anything, I interpreted it as a remarkably stupid question.
OpenBSD doesn't claim to have forked apache, they simply maintain an older, free version. If they had forked it, then it would be significantly different, and they would not be allowed to call it apache. Its not being developed, just maintained.
And finally, I did answer the question you apparently meant to ask, go back and look. Based on your new statements where apache doesn't matter anymore, I don't even know if PHP is still required, or if you just need some language, so its hard to give you a real answer. None the less, give each user a web app running as a unique user id. PHP with fastcgi works fine, although I think PHP sucks donkey cocks. I would suggest lighttpd if it has all the functionality you need, its not as featureful as apache, but its got most of the typical stuff you would need.
That's a total strawman though. So micromanaging managers is a problem, yep. That has no correlation to technically capable managers though. I've been micromanaged by someone who was totally clueless of technology, its certainly not limited to technically competant managers. And if a manager is wasting time micromanaging, then they are incompetant still, tech skills or not. They are failing to do their job, and apparently don't even understand what their job is, therefore they are incompetant. I am not saying we should shift managers over to being technically competant and managerially incompetant instead of the other way around. I am saying managers can actually be competant, in both aspects, almost like they are just plain competant, period.
No, you can't use magic "performance-based system"s to find out if someone is doing their job well. If you don't have a good understanding of technology, how do you know wether that proposal they gave you for the new mail cluster is good or not? You can see how complex it is, and guess how long it would take, but you have no idea if its even a good idea to start with. Managers like this lead to huge cluster-fuck's that have to be fixed by an contracted IT company. As much as said companies appreciate the business, its bad for the companies these incompetant managers work for.
If you can't tell what a good firewall ruleset looks like, then you can't check it when they are done implimenting it, and your business could be at risk do to the incompetance of your employee, and your incompetance in not knowing they are incompetant. When I was in charge of IT, getting owned because the firewall was setup wrong would have certainly been MY fault, not my minions. I am responsable, that's my job, therefore I need to be capable of telling wether its done right or not.
Re:Jonathan Zdziarski is out of his mind.
on
Ending Spam
·
· Score: 1
I am not hostile to him. I am hostile to you because of the approach you took in pretending I was attacking you, and constantly throwing strawmen around while claiming you want a discussion. If you act like an asshole, people are likely to be hostile to you, either get used to it or stop acting like an asshole.
I simply said that I think Jonathan is insane, and that people reading his writing should be aware of what he thinks, so they can judge wether or not they think he is sane. You will find you might read someone's writing in a slightly different light if you believe that they are not mentally well. That's not hostile.
And finally, I didn't say you were insane, I said he was. For all I know you do not possess the ability to think rationally and logically, and so its not a real shock that you would ignore all scientific evidence for the sake of believing in something that has nothing to do with your religion, and pretending it is part of your religion. Jonathan however is a programmer, not just any programmer, but he does very logic and math intensive statistical programs. It seems very odd that such a person would discard all logic in another area of their life, multiple personality disorder perhaps?
Have you tried hooked on phonics? I clearly said he shouldn't be spending time learning about checkpoint. He should however know what a firewall does and why, and what a good firewall ruleset would look like. How hard is this to understand? I don't care if he has no clue how to use the nasty checkpoint interface, any reasonably bright person can figure it out, as long as they understand the fundamental concept of a firewall.
I disagree. Having been on both sides, I can say without a doubt that having the technical skills to handle the firewall does not mean you will micromanage. Not to brag, but I am one of the best tech guys I've ever met, yet if you were to ask the people who worked for me, I only got involved in the details if and when they needed me to, and they learned alot and made a much better department as a result.
Just because I know how to do your job, doesn't mean I am going to. It simply means I can provide guidance, and am able to tell if someone is doing their job properly or not. If you are not capable of doing your minions' jobs, then you are not capable of telling if they are doing their jobs adequately, incompetantly, or exceptionally. You can't reward and punish people appropriately, or judge who is worth hiring and who isn't. You are also likely to buy bullshit excuses because you don't know any better.
Understanding what is and is not a good firewall ruleset is something every IT manager should know. He or she should obviously not be spending the time to do it themselves, but they should still know how.
I am a BSD user myself, but the question is quite valid, "who cares?". The people who use BSDs tend to be people who care more about actual quality, so why would I care about a piece of paper that proves nothing? If I need to hire a BSD guy, I will see if he is competant, not if he took a stupid test. Do we really need the BSD equivilent of MCSEs?
Now you have actually succeeded in amazing me. Try quoting the ENTIRE thing you jackass:
"Then, I have a question for you, I honestly do not know if OpenBSD by now provides a good and secure way to implement the following but last time I checked it did not:"
See, that missing part that adds alot doesn't it? You asked if openbsd provieds a good and secure way to implement "the following", where "the following" is an apache question. As I said, if you ask "does openbsd have a magic way to alter the behaviour of a particular app?" that's what I will answer.
Uhmm, do you always forget your own questions, then try to pretend you asked something different?
Are you 10GHz by any chance? I cannot believe you are seriously this thick. Your examples have nothing to do with security, that's your fault not mine. How you fail to understand this is beyond me. Its not that I find your examples irrelivant, its that you completely and utterly failed to provide examples of what you claim. Your examples are not cases of functionality being missing because of openbsd's security features, therefore they are not examples of what you falsely claim is a problem. If you can't actually come up with a single fucking example of what you claim is a problem with openbsd, then you are spreading FUD, plain and simple.
Let me make this as simple as I can for you. It has nothing to do with me seeing a need for, or wanting the feature. It is simply not a feature that is missing because of security issues. Nobody has ever brought it up. Every linux distro and the other BSDs are also missing this feature for the same reason. Not because of the security consequences, but because there is no standard of what to run, and nobody has every proposed one. That's like pretending openbsd doesn't support tic tac toe in the kernel debugger because of security issues. True, it doesn't support that, but its got nothing to do with security, its simply that nobody has ever wanted it. Given that there is no software provided on its own cd for openbsd, I'm really not suprised nobody has ever brought this up. It says alot about your claim that even your wrong examples are contrived and silly.
And the driver issue is just that, a driver issue. You should attach the device and have it work. If not, then its needs an appropriate driver. The only thing preventing this is having an interested developer have the hardware in question. There is no security issue here in any way. And there are certainly differences in how the BSDs usb support works, so trying it instead of assuming would make more sense. Just because the code was based on netbsd's initial code, doesn't mean it was put into the kernel in the same way.
And you totally miss the point of my selinux statement. Access controls don't do anything, that is the point. Its not adequate security for anything, its still full of buffer overlows, memory management errors, and other exploitable bugs. Access controls will not prevent these from being exploited, or limit their consequences, it just doesn't help at all, so that's not security. Saying bob can only do these things, but not everything root could do isn't security, its administrative management.
And if you just wanted advice on how to run a secure webserver for multiple users, you should have asked. You asked if openbsd had some magic way to change apache into a webserver that supports seperating websites. So that's the question I answered. Google should have a few answers to your question, none of which is really much better than simply giving everyone their own webserver. You can always give everyone just their own php using fastcgi if you want to save a little RAM, but PHP itself still uses a fair bit of memory.
Its not too much to ask at all. He's not asking for a manager that knows all the details of everything. But an IT manager should have been a tech at some point, and should have a good deal of IT knowledge.
For instance, you don't have to know what command is used to reload the firewall ruleset. But you should understand what a firewall does and why, and what a good firewall ruleset would look like.
Don't get confused and think its ok for an IT manager to be completely clueless and not understand basic, fundamental concepts, just because they don't have time to know the details. He should be capable of learning the details on his own if he had the time, otherwise he is incompetant.
Re:Jonathan Zdziarski is out of his mind.
on
Ending Spam
·
· Score: 1
Clearly you are incapable of reading and comprehending what I am saying, so there is no point in talking to you. You quoted me, where I said nothing about stupid at all, and then said that it means stupid. Guess what, I said it, not you. You cannot decide what I did and did not say, I SAID IT. I believe he has some form of psychological problem, not that he is stupid. If you thought about it for a second, you would see how rediculous that idea is. I clearly pointed out that he is a programmer, and thus not stupid.
As for the rest of your nonsense, you are still trying desperately to redirect the subject to your pointless strawmen. There is nothing I can do to make this clearer for you, and since you refuse to simply discuss what I say, and instead insist on talking about what you wish I said, there is no dealing with you.
I said nothing about him believing in god, or believing in creationism. I said he is crazy for believing the world is no more than 10,000 years old. There is a huge pile of scientific evidence that shows the earth is older than that, and NOTHING that shows it is that young. He actively dismisses scientific evidence with no reasonable explanations, to believe something made up by a person very recently, which has no evidence, and isn't even supported by the bible.
Are you really so desperate for attention that you need to argue against your imagination? If so, please go do it alone, you don't need anyone else involved.
You could have just said from the start you were just spreading FUD and I wouldn't have wasted my time. You managed to provide a whole whapping 0 examples of openbsd's security features limiting functionality, and instead pointed out two things that have nothing to do with it, and then told me to check the archives. Guess what, I have been subscribed to the list for years, tech and misc. This is why you can't lie to me about this and expect me to believe it.
Autorun is not supported because this is not windows. Wtf do you want it to run? Setup.exe? Automounting is supported just fine though.
Your usb device is simply a driver issue. Nothing to do with security at all. Have you actually tried it in openbsd, or are you simply assuming that it works the way you think it does? If it doesn't work properly, it simply needs a driver, this has nothing to do with security at all.
Selinux is not useful as simply adding access controls does not provide security. All the local root exploits in the linux kernel are still there, and access controls will do nothing to prevent someone from exploiting them.
As for debian, if you think reacting to exploits after the fact in a timely matter is the same as providing a secure OS, then you are simply crazy.
And the apache question has nothing to do with openbsd, its a general unix question, which applies the same to every unix system. Run multiple apache instances, or better yet don't run apache at all, use a better webserver. Are you seriously saying you expect openbsd to have some magic feature that alters the way one particular application works to suit you?
Perhaps you just need to try hooked on phonics, and you will be able to make sense of english. I didn't call you stupid, I said you made stupid assumptions, and you did.
SELinux does not provide security, it provides access controls. And debian is the only linux distro I know of that makes any serious attempt at keeping license issues in check, but they don't care about security.
I know of other secure OSs, but remember it has to meet all the requirements, "free" and "unix" are both required too.
And finally, feel free to give an example of openbsd's security getting in the way. Or are you just tossing bullshit around because you've never tried it and don't understand it?
You are making it very clear that you don't know what you are talking about, that's not my fault. You seem to think that having a secure OS makes it no longer general purpose. This is simply wrong. I use openbsd for my laptop, for webservers, mail servers, database, ldap, routing, vpns, firewalls, nfs, snmp monitoring server, and undoubtably a few other things I am forgetting. Seems pretty general purpose to me. None of its security features make it less suitable for general purpose computing.
And you are also not listening to me. I didn't say openbsd's security was required for a general purpose OS. I said I want a free, secure general purpose unix. Those are my requirements, that is what I want. I am not aware of anything that fits that description besides openbsd, so I use openbsd. Every linux distro I have seen, solaris, freebsd and netbsd all have unfree code in them, and of those netbsd is the only one that even makes any attempt at being secure.
And you are making stupid assumptions, like I said. You assume that I am dismissing alternatives, and that I do not know of other unixes. I am not dismissing anything, there simply are no alternatives I am aware of. And I know a great deal about a large number of unixes, none of them fit my simple requirements though.
Re:Jonathan Zdziarski is out of his mind.
on
Ending Spam
·
· Score: 1
No, what you said is very clear. You called me stupid, and you twisted my words to pretend I called him stupid. You are the one making up a twisted version of reality to argue in, not me. If you can't go back and read the posts and see this for yourself, then clearly nobody can have a sane or resonable discussion with you.
If I have a need not filled by openbsd, I will use something else for that need. Why isn't this obvious to you? I don't have to use the same OS for everything you know. I use windows for playing games after all.
And since when did 3d modelling become general purpose? No, openbsd doesn't have any hardware 3d support. No, it has nothing to do with openbsd and everything to do with nvidia and ati sucking ball sacks. Yeah, its a shame, but what can you do?
I'm afraid you have no idea what you are talking about with regards to netbsd. Netbsd does not provide almost everything openbsd does. Its missing tons of security features from openbsd. Netbsd is certainly a good replacement for (un)freebsd, but not for openbsd.
Making stupid assumptions about someone doesn't help your argument. I use openbsd on my laptop, its a fine general purpose OS. I don't dismiss alternatives, I said when I want a free, secure, general purpose unix, openbsd is the only choice. I'm not dismissing the alternatives, there simply are none. Name another free, secure, general purpose unix for me.
Although freebsd was my first ever unix back in the day, and I still have a soft spot for it as a result, I do not use it because there is no situation where it is the best choice, something else is better at everything it seems. Linux distros are painful to use and have horrible security. Netbsd is alright, and if I have some need not filled by openbsd, then I will probably use it. But its neither free, nor as secure as openbsd, so it doesn't make the cut for my free, secure, general purpose unix.
Unless of course, what you want and what the developers want are the same. I want a free, secure general purpose unix OS. So do the openbsd developers. So I guess it makes it a pretty good choice for me, in fact its the only OS that fits my needs.
Nice try, but no. I don't like python. But just because I don't like it, doesn't change the fact that its faster. Nice that you can't be bothered to verify anything, but you expect us to do it for you?
I say its an order of magnitude faster than ruby because it is. Try them, ruby isn't bytecode compiled like python and perl, its interpreted. Its brutally slow. Matz, the guy who created ruby and is still its primary developer says "ruby is slow". Its one of the big issues he is hoping to address in ruby 2.
If you want to believe python is slow go right ahead, I don't really care. But if you want proof that it isn't, go ahread and benchmark it yourself. Any comparisons I or anyone else shows you will be shot down with complaints about it being biased or inaccurate.
Python is faster than perl. And its an order of magnitude faster than ruby, and rails seems to be giving everyone a permament boner lately.
Frankly I don't think python is a contender for CGI programming. Nor do I think perl or any other interpreted language is. Stop using CGI, its 2005 for fuck's sake.
You don't have to learn every framework to keep your resume up to date. If you are a competant programmer, you can pick up a new framework in a few days. If you know python already, learning cherrypy is trivial, and cherrypy isn't resume worthy anyways. That's like those idiots who put "word" as a skill on their resume. If you can't figure out how to work a different word processor then you shouldn't be looking for a job in IT.
And if a webhost is any good, they don't have to keep everything up to date for you, you can install stuff in your home dir and use it there. That's what you have to do when you want to use a beta version of something anyhow.
Sessions still need your browser to send the session id with every request, either in a cookie or with an ugly session_id=spdfiyasfduiahsdfp97safaishfpa8fadf89a7 d9f8sdyuf8usdf8 in the url.
Slashdot Mirror
Um, basing your bets on stastical analysis of your opponents past betting is not "reading" your opponent, its statistical analysis. This is what I am saying, the entirety of online poker is 100% and completely statistics and probability. None of the skill involved in real poker is there. This is why these bots make perfect sense, and do make decent money.
A good player will beat incompetant colluders, sure. But online poker removes too much of the distinction between good and mediocre, and makes collusion much more of a problem. You either know how to play online poker, or you do not. You either analyze the probabilities of people having good hands, and based on the risk/reward you make a bet. Or you are one of those dumbasses who "reads" people that he can't see or hear, and may well be bots, and "feels" things instead of deciding things.
Sorry, a red herring then. The fact is you are acting like being technically competant takes away from your managerial skills, which is complete nonsense.
As I said, I have been an IT manager, and been managed by IT managers. The technically competant ones have without fail, 100% of the time been far better. They were also managerially competant though. As I said, advocating that managers be only half competant is crazy, regardless of which half of their skillset is lacking.
You are still dismissing the fundamental fact that you CANNOT analayze statistics you don't have. I decide if you are good or not based on how good a job you do. That means I need to know what a good job looks like. I call it magic because it would have to be. If you understand what a good job is, then you can certainly use a performance based system to determine who to keep/reward/fire/etc. But if you don't know what a good job is, then you have no reliable data to analyze. You can't see how often joe did good work, because you have no way to know if joe has ever done good work.
And spending a couple hours a week checking to make sure my department has done their tasks correctly is most certainly not something I should be delegating. Delegating it to who? "Hey guys, I want to know if you are doing a good job or not, so check and find out for me will you?". That's a great approach. My job as IT manager is to ensure that everything my department is supposed to take care of is done on time, on budget, and the best way possible for the company. I am responsable to make sure things are done right, and good employees are rewarded. I have to check their projects to find these things out, if I don't do this then I am not doing my job.
And I am not taking your word for anything, this is a matter of opinion, not fact. I am sure some incompetant managers have had good IT departments. I also think that competant managers are likely to do better. And that being technically competant is NOT A BAD THING. Being technically competant does not hinder your management skills in any way, and if you look at other things outside of IT, good managers always know about the jobs of their employees.
Online poker is not poker, its online poker. Reading your opponents is not a part of online poker, you cannot see or hear your opponents. There is no feeling going on, online poker is 100% purely statistics.
This is why the entire online poker fad is so stupid. You have no idea who or what you are playing against, and have no way to tell if they are cheating, and you can't do anything about it even if they are.
And collusion is a big problem, if you think being good can magically make you able to beat people who have more information than you, then you are deluding yourself, plain and simple. The fundamentals of poker are all about trying to guess what cards your opponents may have, based on what cards you know they don't have. In online poker, this is in fact the entire "game". If you have two sixes showing, you could have a good hand. But if I know that bob has a six and joe has a six, then I don't have to guess if you have 3 or 4 of a kind, I know you don't. I can make a much better decision now based on that information.
Huh, I must have imagined the apache part, possibly because of the openbsd part I assumed apache. Sorry.
If lighttpd is missing something (its mod_rewrite isn't as featureful for instance), you can still do fastcgi PHP with apache, and it will use less RAM than giving everyone their own apache.
It ate my comment, so here's a short version. You said apache, therefore its an apache question, pretty simple. And I didn't interpret it as an attack on anything, I interpreted it as a remarkably stupid question.
OpenBSD doesn't claim to have forked apache, they simply maintain an older, free version. If they had forked it, then it would be significantly different, and they would not be allowed to call it apache. Its not being developed, just maintained.
And finally, I did answer the question you apparently meant to ask, go back and look. Based on your new statements where apache doesn't matter anymore, I don't even know if PHP is still required, or if you just need some language, so its hard to give you a real answer. None the less, give each user a web app running as a unique user id. PHP with fastcgi works fine, although I think PHP sucks donkey cocks. I would suggest lighttpd if it has all the functionality you need, its not as featureful as apache, but its got most of the typical stuff you would need.
That's a total strawman though. So micromanaging managers is a problem, yep. That has no correlation to technically capable managers though. I've been micromanaged by someone who was totally clueless of technology, its certainly not limited to technically competant managers. And if a manager is wasting time micromanaging, then they are incompetant still, tech skills or not. They are failing to do their job, and apparently don't even understand what their job is, therefore they are incompetant. I am not saying we should shift managers over to being technically competant and managerially incompetant instead of the other way around. I am saying managers can actually be competant, in both aspects, almost like they are just plain competant, period.
No, you can't use magic "performance-based system"s to find out if someone is doing their job well. If you don't have a good understanding of technology, how do you know wether that proposal they gave you for the new mail cluster is good or not? You can see how complex it is, and guess how long it would take, but you have no idea if its even a good idea to start with. Managers like this lead to huge cluster-fuck's that have to be fixed by an contracted IT company. As much as said companies appreciate the business, its bad for the companies these incompetant managers work for.
If you can't tell what a good firewall ruleset looks like, then you can't check it when they are done implimenting it, and your business could be at risk do to the incompetance of your employee, and your incompetance in not knowing they are incompetant. When I was in charge of IT, getting owned because the firewall was setup wrong would have certainly been MY fault, not my minions. I am responsable, that's my job, therefore I need to be capable of telling wether its done right or not.
I am not hostile to him. I am hostile to you because of the approach you took in pretending I was attacking you, and constantly throwing strawmen around while claiming you want a discussion. If you act like an asshole, people are likely to be hostile to you, either get used to it or stop acting like an asshole.
I simply said that I think Jonathan is insane, and that people reading his writing should be aware of what he thinks, so they can judge wether or not they think he is sane. You will find you might read someone's writing in a slightly different light if you believe that they are not mentally well. That's not hostile.
And finally, I didn't say you were insane, I said he was. For all I know you do not possess the ability to think rationally and logically, and so its not a real shock that you would ignore all scientific evidence for the sake of believing in something that has nothing to do with your religion, and pretending it is part of your religion. Jonathan however is a programmer, not just any programmer, but he does very logic and math intensive statistical programs. It seems very odd that such a person would discard all logic in another area of their life, multiple personality disorder perhaps?
Have you tried hooked on phonics? I clearly said he shouldn't be spending time learning about checkpoint. He should however know what a firewall does and why, and what a good firewall ruleset would look like. How hard is this to understand? I don't care if he has no clue how to use the nasty checkpoint interface, any reasonably bright person can figure it out, as long as they understand the fundamental concept of a firewall.
I disagree. Having been on both sides, I can say without a doubt that having the technical skills to handle the firewall does not mean you will micromanage. Not to brag, but I am one of the best tech guys I've ever met, yet if you were to ask the people who worked for me, I only got involved in the details if and when they needed me to, and they learned alot and made a much better department as a result.
Just because I know how to do your job, doesn't mean I am going to. It simply means I can provide guidance, and am able to tell if someone is doing their job properly or not. If you are not capable of doing your minions' jobs, then you are not capable of telling if they are doing their jobs adequately, incompetantly, or exceptionally. You can't reward and punish people appropriately, or judge who is worth hiring and who isn't. You are also likely to buy bullshit excuses because you don't know any better.
Understanding what is and is not a good firewall ruleset is something every IT manager should know. He or she should obviously not be spending the time to do it themselves, but they should still know how.
I am a BSD user myself, but the question is quite valid, "who cares?". The people who use BSDs tend to be people who care more about actual quality, so why would I care about a piece of paper that proves nothing? If I need to hire a BSD guy, I will see if he is competant, not if he took a stupid test. Do we really need the BSD equivilent of MCSEs?
Now you have actually succeeded in amazing me. Try quoting the ENTIRE thing you jackass:
"Then, I have a question for you, I honestly do not know if OpenBSD by now provides a good and secure way to implement the following but last time I checked it did not:"
See, that missing part that adds alot doesn't it? You asked if openbsd provieds a good and secure way to implement "the following", where "the following" is an apache question. As I said, if you ask "does openbsd have a magic way to alter the behaviour of a particular app?" that's what I will answer.
Uhmm, do you always forget your own questions, then try to pretend you asked something different?
Are you 10GHz by any chance? I cannot believe you are seriously this thick. Your examples have nothing to do with security, that's your fault not mine. How you fail to understand this is beyond me. Its not that I find your examples irrelivant, its that you completely and utterly failed to provide examples of what you claim. Your examples are not cases of functionality being missing because of openbsd's security features, therefore they are not examples of what you falsely claim is a problem. If you can't actually come up with a single fucking example of what you claim is a problem with openbsd, then you are spreading FUD, plain and simple.
Let me make this as simple as I can for you. It has nothing to do with me seeing a need for, or wanting the feature. It is simply not a feature that is missing because of security issues. Nobody has ever brought it up. Every linux distro and the other BSDs are also missing this feature for the same reason. Not because of the security consequences, but because there is no standard of what to run, and nobody has every proposed one. That's like pretending openbsd doesn't support tic tac toe in the kernel debugger because of security issues. True, it doesn't support that, but its got nothing to do with security, its simply that nobody has ever wanted it. Given that there is no software provided on its own cd for openbsd, I'm really not suprised nobody has ever brought this up. It says alot about your claim that even your wrong examples are contrived and silly.
And the driver issue is just that, a driver issue. You should attach the device and have it work. If not, then its needs an appropriate driver. The only thing preventing this is having an interested developer have the hardware in question. There is no security issue here in any way. And there are certainly differences in how the BSDs usb support works, so trying it instead of assuming would make more sense. Just because the code was based on netbsd's initial code, doesn't mean it was put into the kernel in the same way.
And you totally miss the point of my selinux statement. Access controls don't do anything, that is the point. Its not adequate security for anything, its still full of buffer overlows, memory management errors, and other exploitable bugs. Access controls will not prevent these from being exploited, or limit their consequences, it just doesn't help at all, so that's not security. Saying bob can only do these things, but not everything root could do isn't security, its administrative management.
And if you just wanted advice on how to run a secure webserver for multiple users, you should have asked. You asked if openbsd had some magic way to change apache into a webserver that supports seperating websites. So that's the question I answered. Google should have a few answers to your question, none of which is really much better than simply giving everyone their own webserver. You can always give everyone just their own php using fastcgi if you want to save a little RAM, but PHP itself still uses a fair bit of memory.
Its not too much to ask at all. He's not asking for a manager that knows all the details of everything. But an IT manager should have been a tech at some point, and should have a good deal of IT knowledge.
For instance, you don't have to know what command is used to reload the firewall ruleset. But you should understand what a firewall does and why, and what a good firewall ruleset would look like.
Don't get confused and think its ok for an IT manager to be completely clueless and not understand basic, fundamental concepts, just because they don't have time to know the details. He should be capable of learning the details on his own if he had the time, otherwise he is incompetant.
Clearly you are incapable of reading and comprehending what I am saying, so there is no point in talking to you. You quoted me, where I said nothing about stupid at all, and then said that it means stupid. Guess what, I said it, not you. You cannot decide what I did and did not say, I SAID IT. I believe he has some form of psychological problem, not that he is stupid. If you thought about it for a second, you would see how rediculous that idea is. I clearly pointed out that he is a programmer, and thus not stupid.
As for the rest of your nonsense, you are still trying desperately to redirect the subject to your pointless strawmen. There is nothing I can do to make this clearer for you, and since you refuse to simply discuss what I say, and instead insist on talking about what you wish I said, there is no dealing with you.
I said nothing about him believing in god, or believing in creationism. I said he is crazy for believing the world is no more than 10,000 years old. There is a huge pile of scientific evidence that shows the earth is older than that, and NOTHING that shows it is that young. He actively dismisses scientific evidence with no reasonable explanations, to believe something made up by a person very recently, which has no evidence, and isn't even supported by the bible.
Are you really so desperate for attention that you need to argue against your imagination? If so, please go do it alone, you don't need anyone else involved.
You could have just said from the start you were just spreading FUD and I wouldn't have wasted my time. You managed to provide a whole whapping 0 examples of openbsd's security features limiting functionality, and instead pointed out two things that have nothing to do with it, and then told me to check the archives. Guess what, I have been subscribed to the list for years, tech and misc. This is why you can't lie to me about this and expect me to believe it.
Autorun is not supported because this is not windows. Wtf do you want it to run? Setup.exe? Automounting is supported just fine though.
Your usb device is simply a driver issue. Nothing to do with security at all. Have you actually tried it in openbsd, or are you simply assuming that it works the way you think it does? If it doesn't work properly, it simply needs a driver, this has nothing to do with security at all.
Selinux is not useful as simply adding access controls does not provide security. All the local root exploits in the linux kernel are still there, and access controls will do nothing to prevent someone from exploiting them.
As for debian, if you think reacting to exploits after the fact in a timely matter is the same as providing a secure OS, then you are simply crazy.
And the apache question has nothing to do with openbsd, its a general unix question, which applies the same to every unix system. Run multiple apache instances, or better yet don't run apache at all, use a better webserver. Are you seriously saying you expect openbsd to have some magic feature that alters the way one particular application works to suit you?
Perhaps you just need to try hooked on phonics, and you will be able to make sense of english. I didn't call you stupid, I said you made stupid assumptions, and you did.
SELinux does not provide security, it provides access controls. And debian is the only linux distro I know of that makes any serious attempt at keeping license issues in check, but they don't care about security.
I know of other secure OSs, but remember it has to meet all the requirements, "free" and "unix" are both required too.
And finally, feel free to give an example of openbsd's security getting in the way. Or are you just tossing bullshit around because you've never tried it and don't understand it?
You are making it very clear that you don't know what you are talking about, that's not my fault. You seem to think that having a secure OS makes it no longer general purpose. This is simply wrong. I use openbsd for my laptop, for webservers, mail servers, database, ldap, routing, vpns, firewalls, nfs, snmp monitoring server, and undoubtably a few other things I am forgetting. Seems pretty general purpose to me. None of its security features make it less suitable for general purpose computing.
And you are also not listening to me. I didn't say openbsd's security was required for a general purpose OS. I said I want a free, secure general purpose unix. Those are my requirements, that is what I want. I am not aware of anything that fits that description besides openbsd, so I use openbsd. Every linux distro I have seen, solaris, freebsd and netbsd all have unfree code in them, and of those netbsd is the only one that even makes any attempt at being secure.
And you are making stupid assumptions, like I said. You assume that I am dismissing alternatives, and that I do not know of other unixes. I am not dismissing anything, there simply are no alternatives I am aware of. And I know a great deal about a large number of unixes, none of them fit my simple requirements though.
No, what you said is very clear. You called me stupid, and you twisted my words to pretend I called him stupid. You are the one making up a twisted version of reality to argue in, not me. If you can't go back and read the posts and see this for yourself, then clearly nobody can have a sane or resonable discussion with you.
If I have a need not filled by openbsd, I will use something else for that need. Why isn't this obvious to you? I don't have to use the same OS for everything you know. I use windows for playing games after all.
And since when did 3d modelling become general purpose? No, openbsd doesn't have any hardware 3d support. No, it has nothing to do with openbsd and everything to do with nvidia and ati sucking ball sacks. Yeah, its a shame, but what can you do?
I'm afraid you have no idea what you are talking about with regards to netbsd. Netbsd does not provide almost everything openbsd does. Its missing tons of security features from openbsd. Netbsd is certainly a good replacement for (un)freebsd, but not for openbsd.
Making stupid assumptions about someone doesn't help your argument. I use openbsd on my laptop, its a fine general purpose OS. I don't dismiss alternatives, I said when I want a free, secure, general purpose unix, openbsd is the only choice. I'm not dismissing the alternatives, there simply are none. Name another free, secure, general purpose unix for me.
Although freebsd was my first ever unix back in the day, and I still have a soft spot for it as a result, I do not use it because there is no situation where it is the best choice, something else is better at everything it seems. Linux distros are painful to use and have horrible security. Netbsd is alright, and if I have some need not filled by openbsd, then I will probably use it. But its neither free, nor as secure as openbsd, so it doesn't make the cut for my free, secure, general purpose unix.
Did you reply to the wrong post by accident or something? What does anything you are saying have to do with my post?
Unless of course, what you want and what the developers want are the same. I want a free, secure general purpose unix OS. So do the openbsd developers. So I guess it makes it a pretty good choice for me, in fact its the only OS that fits my needs.
Nice try, but no. I don't like python. But just because I don't like it, doesn't change the fact that its faster. Nice that you can't be bothered to verify anything, but you expect us to do it for you?
I say its an order of magnitude faster than ruby because it is. Try them, ruby isn't bytecode compiled like python and perl, its interpreted. Its brutally slow. Matz, the guy who created ruby and is still its primary developer says "ruby is slow". Its one of the big issues he is hoping to address in ruby 2.
If you want to believe python is slow go right ahead, I don't really care. But if you want proof that it isn't, go ahread and benchmark it yourself. Any comparisons I or anyone else shows you will be shot down with complaints about it being biased or inaccurate.
Python is faster than perl. And its an order of magnitude faster than ruby, and rails seems to be giving everyone a permament boner lately.
Frankly I don't think python is a contender for CGI programming. Nor do I think perl or any other interpreted language is. Stop using CGI, its 2005 for fuck's sake.
You don't have to learn every framework to keep your resume up to date. If you are a competant programmer, you can pick up a new framework in a few days. If you know python already, learning cherrypy is trivial, and cherrypy isn't resume worthy anyways. That's like those idiots who put "word" as a skill on their resume. If you can't figure out how to work a different word processor then you shouldn't be looking for a job in IT.
And if a webhost is any good, they don't have to keep everything up to date for you, you can install stuff in your home dir and use it there. That's what you have to do when you want to use a beta version of something anyhow.
Sessions still need your browser to send the session id with every request, either in a cookie or with an ugly session_id=spdfiyasfduiahsdfp97safaishfpa8fadf89a7 d9f8sdyuf8usdf8 in the url.