NYLXS - Free Software Events

Fri Nov 22 00:12:04 2024

EVENTS

FREE
SOFTWARE
INSTITUTE

POLITICS

JOBS

MEMBERS'
CORNER

MAILING
LIST

NYLXS Members have a lot to say and share but we don't keep many secrets. Join the Hangout Mailing List and say your peice.

DATE 2004-06-01

HANGOUT

2024-11-22 | 2024-10-22 | 2024-09-22 | 2024-08-22 | 2024-07-22 | 2024-06-22 | 2024-05-22 | 2024-04-22 | 2024-03-22 | 2024-02-22 | 2024-01-22 | 2023-12-22 | 2023-11-22 | 2023-10-22 | 2023-09-22 | 2023-08-22 | 2023-07-22 | 2023-06-22 | 2023-05-22 | 2023-04-22 | 2023-03-22 | 2023-02-22 | 2023-01-22 | 2022-12-22 | 2022-11-22 | 2022-10-22 | 2022-09-22 | 2022-08-22 | 2022-07-22 | 2022-06-22 | 2022-05-22 | 2022-04-22 | 2022-03-22 | 2022-02-22 | 2022-01-22 | 2021-12-22 | 2021-11-22 | 2021-10-22 | 2021-09-22 | 2021-08-22 | 2021-07-22 | 2021-06-22 | 2021-05-22 | 2021-04-22 | 2021-03-22 | 2021-02-22 | 2021-01-22 | 2020-12-22 | 2020-11-22 | 2020-10-22 | 2020-09-22 | 2020-08-22 | 2020-07-22 | 2020-06-22 | 2020-05-22 | 2020-04-22 | 2020-03-22 | 2020-02-22 | 2020-01-22 | 2019-12-22 | 2019-11-22 | 2019-10-22 | 2019-09-22 | 2019-08-22 | 2019-07-22 | 2019-06-22 | 2019-05-22 | 2019-04-22 | 2019-03-22 | 2019-02-22 | 2019-01-22 | 2018-12-22 | 2018-11-22 | 2018-10-22 | 2018-09-22 | 2018-08-22 | 2018-07-22 | 2018-06-22 | 2018-05-22 | 2018-04-22 | 2018-03-22 | 2018-02-22 | 2018-01-22 | 2017-12-22 | 2017-11-22 | 2017-10-22 | 2017-09-22 | 2017-08-22 | 2017-07-22 | 2017-06-22 | 2017-05-22 | 2017-04-22 | 2017-03-22 | 2017-02-22 | 2017-01-22 | 2016-12-22 | 2016-11-22 | 2016-10-22 | 2016-09-22 | 2016-08-22 | 2016-07-22 | 2016-06-22 | 2016-05-22 | 2016-04-22 | 2016-03-22 | 2016-02-22 | 2016-01-22 | 2015-12-22 | 2015-11-22 | 2015-10-22 | 2015-09-22 | 2015-08-22 | 2015-07-22 | 2015-06-22 | 2015-05-22 | 2015-04-22 | 2015-03-22 | 2015-02-22 | 2015-01-22 | 2014-12-22 | 2014-11-22 | 2014-10-22 | 2014-09-22 | 2014-08-22 | 2014-07-22 | 2014-06-22 | 2014-05-22 | 2014-04-22 | 2014-03-22 | 2014-02-22 | 2014-01-22 | 2013-12-22 | 2013-11-22 | 2013-10-22 | 2013-09-22 | 2013-08-22 | 2013-07-22 | 2013-06-22 | 2013-05-22 | 2013-04-22 | 2013-03-22 | 2013-02-22 | 2013-01-22 | 2012-12-22 | 2012-11-22 | 2012-10-22 | 2012-09-22 | 2012-08-22 | 2012-07-22 | 2012-06-22 | 2012-05-22 | 2012-04-22 | 2012-03-22 | 2012-02-22 | 2012-01-22 | 2011-12-22 | 2011-11-22 | 2011-10-22 | 2011-09-22 | 2011-08-22 | 2011-07-22 | 2011-06-22 | 2011-05-22 | 2011-04-22 | 2011-03-22 | 2011-02-22 | 2011-01-22 | 2010-12-22 | 2010-11-22 | 2010-10-22 | 2010-09-22 | 2010-08-22 | 2010-07-22 | 2010-06-22 | 2010-05-22 | 2010-04-22 | 2010-03-22 | 2010-02-22 | 2010-01-22 | 2009-12-22 | 2009-11-22 | 2009-10-22 | 2009-09-22 | 2009-08-22 | 2009-07-22 | 2009-06-22 | 2009-05-22 | 2009-04-22 | 2009-03-22 | 2009-02-22 | 2009-01-22 | 2008-12-22 | 2008-11-22 | 2008-10-22 | 2008-09-22 | 2008-08-22 | 2008-07-22 | 2008-06-22 | 2008-05-22 | 2008-04-22 | 2008-03-22 | 2008-02-22 | 2008-01-22 | 2007-12-22 | 2007-11-22 | 2007-10-22 | 2007-09-22 | 2007-08-22 | 2007-07-22 | 2007-06-22 | 2007-05-22 | 2007-04-22 | 2007-03-22 | 2007-02-22 | 2007-01-22 | 2006-12-22 | 2006-11-22 | 2006-10-22 | 2006-09-22 | 2006-08-22 | 2006-07-22 | 2006-06-22 | 2006-05-22 | 2006-04-22 | 2006-03-22 | 2006-02-22 | 2006-01-22 | 2005-12-22 | 2005-11-22 | 2005-10-22 | 2005-09-22 | 2005-08-22 | 2005-07-22 | 2005-06-22 | 2005-05-22 | 2005-04-22 | 2005-03-22 | 2005-02-22 | 2005-01-22 | 2004-12-22 | 2004-11-22 | 2004-10-22 | 2004-09-22 | 2004-08-22 | 2004-07-22 | 2004-06-22 | 2004-05-22 | 2004-04-22 | 2004-03-22 | 2004-02-22 | 2004-01-22 | 2003-12-22 | 2003-11-22 | 2003-10-22 | 2003-09-22 | 2003-08-22 | 2003-07-22 | 2003-06-22 | 2003-05-22 | 2003-04-22 | 2003-03-22 | 2003-02-22 | 2003-01-22 | 2002-12-22 | 2002-11-22 | 2002-10-22 | 2002-09-22 | 2002-08-22 | 2002-07-22 | 2002-06-22 | 2002-05-22 | 2002-04-22 | 2002-03-22 | 2002-02-22 | 2002-01-22 | 2001-12-22 | 2001-11-22 | 2001-10-22 | 2001-09-22 | 2001-08-22 | 2001-07-22 | 2001-06-22 | 2001-05-22 | 2001-04-22 | 2001-03-22 | 2001-02-22 | 2001-01-22 | 2000-12-22 | 2000-11-22 | 2000-10-22 | 2000-09-22 | 2000-08-22 | 2000-07-22 | 2000-06-22 | 2000-05-22 | 2000-04-22 | 2000-03-22 | 2000-02-22 | 2000-01-22 | 1999-12-22

Key: Value:

MESSAGE

DATE	2004-06-08
FROM	From: "Inker, Evan"
SUBJECT	Subject: [hangout] The Source : OpenBSD revisited
The Source : OpenBSD revisited Juha Saarinen, Auckland 07 June 2004 http://www.computerworld.co.nz/cw.nsf/0/F7C960083289B28DCC256EA60079E55E?Ope nDocument I'm busy and want to sleep soundly and not with one eye on my internet-exposed hosts. Therefore I picked OpenBSD 3.5 as the operating system for the firewalling router handling my new home office connection. OpenBSD is one of the three major free Berkeley Software Design Unix derivatives, the other ones being FreeBSD and NetBSD. Unlike Linux, which is a kernel with a userland bolted on, the various free BSDs are complete operating systems, each with their own area of strength. One of the goals for the OpenBSD project is to try being the most secure operating system. The OpenBSD developers say the open software development model allows them to take a "more uncompromising view towards security than other vendors are able to". To this end the developers have been auditing OpenBSD components on a file-by-file basis since 1996, and continue the process to this day. Not saying that this is a fail-safe process, but the results speak for themselves: apart from a single security hole in SSH, there have been no breaches in the default OpenBSD installation for eight years. Another benefit from this paranoid approach is that the OpenBSD doesn't assume that everyone using the OS is a security expert. OpenBSD ships in a "secure by default" mode, with no non-essential services running when it fires up. For some, it can be a bit annoying having to manually start up the services you need, but this approach has obvious security rewards and even Microsoft is now going down this track with Windows Server 2003. I tried out versions 2.6 to 2.8 some years ago and wasn't all that happy with them. I felt that compared to FreeBSD and, for that matter, Red Hat Linux, OpenBSD was too awkward to be usable. With that in mind, I was surprised how slick version 3.5 is. The installation is text-based with the trickiest bit being the disk partitioning but it's not hard as long as you take a few minutes to read the very good instructions for setting up OpenBSD. The defaults are sane, and there's very little you need to do apart from saying "yes" to the majority of the prompts. What's nice about OpenBSD is that the default kernel covers just about every hardware set-up, at least on x86, so there's usually no need to recompile. In fact, if you do recompile, the OpenBSD team explicitly states that you're on your own, so don't go crying for help if things break - you're likely to be laughed off the mailing list. For me, the main reason to deploy OpenBSD was the "pf" packet filter. This is a very flexible tool for filtering and managing IP traffic, and it also happens to be programmable by mere mortals. If you've ever had a go with Linux "iptables", you'll know what I mean here. By and large, I was able to set up a firewall/router by simply reading the very complete OpenBSD manual pages. Well, OpenBSD specialist Nicholas Lee in Wellington helped clean up the rules a bit, but the whole process was refreshingly painless and quick. As OpenBSD can be fed a meagre hardware diet, it's popular as the OS for embedded applications. Nicholas works with these things, similar to the small low-power Soekris Engineering devices where you load the OS onto CompactFlash storage. This brings me to one part of OpenBSD that could in my opinion be better: patch management. Currently the OpenBSD team issues patches in source code format only, and you have to compile new binaries. It's not difficult, but binary patches would be better for those situations when you don't have development tools installed - a likely scenario when working with embedded devices like the Soekris ones. Binary patching is also faster; not an unimportant concern today. However, as the case often is with open source, a quick Google turned up unofficial solutions for binary patching like binpatch. OpenBSD isn't an operating system for the masses by any means, but if you want a fast and secure platform for network-oriented tasks you could do an awful lot worse. Buying OpenBSD CDs and T-shirts helps fund the project. Otherwise, the New Zealand mirror is at Citylink in Wellington (ftp.citylink.co.nz/openbsd). ************************************************************************** This message contains confidential information and is intended only for the individual or entity named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission. If verification is required please request a hard-copy version. This message is provided for informational purposes and should not be construed as an invitation or offer to buy or sell any securities or related financial instruments. GAM operates in many jurisdictions and is regulated or licensed in those jurisdictions as required. ************************************************************************** ____________________________ NYLXS: New Yorker Free Software Users Scene Fair Use - because it's either fair use or useless.... NYLXS is a trademark of NYLXS, Inc