×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Learn From Robert Watson Of FreeBSD And TrustedBSD

Roblimo posted more than 13 years ago | from the many-faces-of-*bsd dept.

BSD 142

Robert Watson is a core developer for FreeBSD, and a member of the TrustedBSD project. He is one of the best people in the world to ask about FreeBSD security, and about FreeBSD development in general. Please post your questions below. We'll send 10 of the highest-moderated ones to Watson by email, and post his responses verbatim as soon as we get them back.

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

142 comments

TrustedBSD and OpenBSD (4)

Parise (423) | more than 13 years ago | (#511499)

What similarities and differences do you see between the TrustedBSD project and the type of security work undertaken by the OpenBSD team? How do their goals and philosophies differ?

TrustedBSD With VMS Features? (4)

Anonymous Coward | more than 13 years ago | (#511501)

I was reading some documentation on VMS the other day (don't ask), and found out something really interesting. VMS has per-thread security. Thus, a multi-threaded database application could still have ridged security even though it is one process.

I'm a UNIX admin, and don't wish to admin VMS, but this blew me away. Are there any other VMS you are or are considering adding to make TrustedBSD a more solid and extendable OS?

OS X based on FreeBSD (5)

Kevinv (21462) | more than 13 years ago | (#511502)

OS X's Darwin is based on FreeBSD. How good a member of the Open Source movement has Apple been? Have they contributed anything back to the FreeBSD project (code/money/t-shirts/etc...)?

USB support and the future (1)

CoBoLwArRiOr (301814) | more than 13 years ago | (#511504)

Being a newbie, I've set up FreeBSD on a different box than my everyday box. Someday I hope to have it on my everyday box, but I have a lot of USB products on my machine. What does the future hold in terms of USB support in FreeBSD, and what are 3 of the biggest ideas / projects / etc. that the FreeBSD crew are looking at for the next release?

-=-=-=-=-=-=-
The COBOL Warrior

Why another BSD? (2)

smooc (59753) | more than 13 years ago | (#511506)

With so many implementations around of the various *nix/*bsd flavors why another one?
Is there enough distinction between OpenBSD and TrustedBSD to justify it?

And most importantly How do you get some much time to devote it *two* projects?

Nevertheless I congratulate you (and am kind of jealous ;) ) with the work you have done.

Bolke.

Isn't FreeBSD now part of BSDi? (1)

Tymanthius (75808) | more than 13 years ago | (#511507)

Quick questions:

Isn't FreeBSD now part fo BSDi?

And if so, how is this affecting your development, support, etc. ad nausem?

bsd color scheme (1)

Anonymous Coward | more than 13 years ago | (#511508)

what happened to the bsd color scheme?

Why would you... ? (4)

SonOfSam (15164) | more than 13 years ago | (#511509)

FreeBSD development is obviously a big part of your life. I have noticed that peoples reasons for using a free OS are often not simply because its better, but because of some view or stance on freedom that they have.

I am a Windows guy, only because my job says so.

What I want to know is, how would you go about convincing me, a Win2k user, to consider using a *BSD. I am interested in learning a new OS... always. But, what makes it stand out from Linux/Win2k/MacOS?

Why will people continue to use FreeBSD? (1)

Siqnal 11 (210012) | more than 13 years ago | (#511512)

If they can't operate it (or administrate it), they simply won't. New users won't even try a system if they can't understand how to install it. A good solution to this is something like Max OS X -- you know, the BSD system that actually looks good.

Sure, anyone can install WindowMaker on BSD, but they can't control the entire system seamlessly, like you can with Mac OS X, NT, or for that matter, the Red Hat control panel.

Yes, I'm going to get flamed for this, but the fact is, FreeBSD needs to think about its future a little more competitively. Ever wonder how Linux, a much younger operating system, got so far so fast? You should see the graphical installation programs, which help you partition your drive, and then easily install the stuff you want.

So, what do you think can be done to keep FreeBSD alive?

--

Re:why *BSD is dying (1)

Bastian (66383) | more than 13 years ago | (#511513)

What are these market forces, and why should they hurt an OSS *BSD project any more than they hurt GNU/Linux?

From what I can tell, I don't know about FreeBSD (it seems that many people just see it as a Linux with less hardware support), but OpenBSD seems to be doing well because of its repuptation for security, and NetBSD is the only option for people who want to be running a *nix (or a Free OS) on many machines that are simply ignored by most every other software project.

FreeBSD Distribution (3)

proxima (165692) | more than 13 years ago | (#511514)

Do you think FreeBSD is hurting in its distribution in comparison with Linux and commercial OSes? Not only are they available from numerous online stores, one can usually find them at simple retail outlets like Best Buy. On the contrary, FreeBSD distribution seems much more limited, with less retail and shrink-wrap options.

I have noticed, however, that linuxmall.com sells FreeBSD CDs, has the FreeBSD community recieved much support from the Linux community over distribution (such as mirrored FTP from mostly Linux servers)?

The future? (4)

jmenezes (100986) | more than 13 years ago | (#511515)

What do you see in the future for *BSD, with the huge amount of popularity that linux keeps on receiving, not to mention attention, esp. from our buddy Bill Gate$...
Do you think it will remain the strong, viable but simply less popular free OS it is now, hiding behind the limelight of linux, or will it come up in popularity, esp with the codebase for Apple's Darwin, which is all BSD based?

decent literature (4)

boog3r (62427) | more than 13 years ago | (#511516)

instead of asking you a few questions directly, i would like to solve them on my own with the best set of tools. what publications or literature would you recommend for:
  • the *bsd newbie or learner
  • the *bsd uber-know-it-all-i-dont-need-any-docs

i am trying to cut the signal/noise ratio out of understanding bsd. specifically, what security documentation have you found useful day-in/out?

Question Please! (3)

Brew Bird (59050) | more than 13 years ago | (#511517)

Can you explain, in some detail, the overall goals of the BSDs you particpate in?
Please try and direct your answer to people who continue to proclaim that *BSD is dying, and point at some made up marketing numbers.

Bah. (1)

Enahs (1606) | more than 13 years ago | (#511519)

Just when you think the BSDs are going to diverge and die, something like Open Packages [openpackages.org] comes along. Sure, it's not even close to an alpha stage yet, but they've even expressed some limited interest of allowing Linux into the fold. A Linux "make world", here we come! :-)

BTW, nice troll. Is that from some sort of Web-based marketing-speak script? It's so devoid of content. It's hilarious. :-)

Question for Mr. Watson (1)

packphour (257276) | more than 13 years ago | (#511520)

Do you prefer to be called Bob or Robert?
(never underestimate the importance of someone's name preference)

Biggest problem / Best advice (4)

mosch (204) | more than 13 years ago | (#511521)

Everybody knows there's no such thing as a perfect system. As such, what do you think is the most, and least perfect points regarding security in FreeBSD.

Also, in terms of security, what do you think the most common dangerous behaviours are by FreeBSD users and admins? What would you change about the FreeBSD userbase if you could?

--
"Don't trolls get tired?"

Security System (2)

jstepka (20825) | more than 13 years ago | (#511522)

Are there plans in the future to add an automated security update system? I see this as a database your system would check against to see if you are running any installation level security problems.

Re:TrustedBSD and OpenBSD (2)

squiggleslash (241428) | more than 13 years ago | (#511523)

You can find out a lot of this information just by reading the documentation. In essense though, OpenBSD is about auditing the existing code to remove bugs. TBSD is about adding a more secure paradigm to *nix (well, FreeBSD) so that security is more flexible, easier to maintain, and hence more secure (because admins wont leave as many holes in place to get around inflexibilities.)

Both complement one another. It'd be nice to see the OpenBSD team take the TrustedBSD stuff and integrate it into their system. (The other way around, integrate OpenBSD into FreeBSD would be a tad more awkward, it's easier to change the steering wheel of a car than to change the car attached to a steering wheel)
--

Do you think all boxes will get hackd eventually? (1)

wmulvihillDxR (212915) | more than 13 years ago | (#511524)

I was installing portsentry [psionic.com] from Psionic Software [psionic.com] and somewhere in one of the files about using the software the author discusses the inevitability of being cracked. He believes that system admins can't keep up with constant updates and that eventually some hacker will find an exploit using their server. That is, the exploit will first be found on their box.

Do you, as a member of a widely trusted BSD distribution, think that eventually all computers will be hacked in some way?

Second question, do you think FreeBSD (and Linux) should ship with the tightest security possible at all times? Some reasons not to would be, usability by the "average" desktop user and being a hassle to set up for admins who want, say, ftp enabled.

Mandatory Access controls (4)

Chalst (57653) | more than 13 years ago | (#511525)

There seem to be a proliferating number of proposed extensions to
*NIXes with ruleset-based mandatory access controls. Is
standardisation important? What influence do you see of NSA's
recently released `security enhanced linux' having on other systems
(like that in TrustedBSD)?

what do you do for *money*?? (5)

gskouby (61416) | more than 13 years ago | (#511526)

While perusing the mailing lists for -hackers, -stable, -current, etc. etc., I often wonder what people like yourself, Mike Smith, Greg Lehey, and the other core members do to pay the bills. Unless something has changed recently with the BSDi takeover, I can't imagine that the FreeBSD project keeps the food on the table. So how about a little insight into your and the other core members "real" jobs. (As if there is such a thing as a "real" job). But anyways, thanks for all the hard work for little pay!

TrustedBSD and NSA secure linux (5)

Xuther (223012) | more than 13 years ago | (#511527)

How does TrustedBSD compare with NSA secured linux (http://www.nsa.gov/selinux) in terms of new and or improved security features? And are there any plans to eventually integrate the rest of the TrustedBSD features back into the shared BSD source tree (the extended attributes already have been committed)? How would using TrustedBSD instead of FreeBSD impact clustering applications?

And just for my information, where did all the packages for clustering BSD go? All I can seem to find anymore is the linux stuff. And personally I don't like redhat and their rpm distribution method, all anyone wants to distribute anymore is rpms which is not near enough to standard and compatable accross the board as tar-gzip for my purposes. (One primary difference being that I can open a tar-gzip on a windows box at work during break to browse through source, and to my knowledge no one has bothered to create a "winrpm")

Openpackages? (5)

Enahs (1606) | more than 13 years ago | (#511528)

What's your opinion on the Open Packages project? [openpackages.org] Even though I'm not currently a *BSD user, it sounds great on the surface--there's even been interest expressed in patches for Linux!--but I've got to wonder what sort of complexities need to be worked out to maintain a set of packages for FreeBSD, NetBSD, OpenBSD, Darwin...

More OS X (4)

Auckerman (223266) | more than 13 years ago | (#511529)

What is the exact relationship between the Darwin Kernel and the FreeBSD kernel? How much FreeBSD code is in Darwin and how much Darwin code is in FreeBSD?

Unified Ports Tree? (5)

SecretAsianMan (45389) | more than 13 years ago | (#511530)

A while ago there was some hubbub in our community regarding the concept unifying the ports trees of the the different BSD flavors. It seems to me that this would be a mostly good thing, reducing duplication of work and making the ports both more plentiful and of a generally higher quality. Has there been any discussion of this in core? If so, does it look like this will ever happen?

--
SecretAsianMan (54.5% Slashdot pure)

Cross-pollination with Linux security efforts? (4)

Coz (178857) | more than 13 years ago | (#511531)

There's been quite a bit on Slashdot about Linux (and BSD) security. Bastille Linux is about "hardening" standard Linux installations, the NSA has their own version that they've been mucking about with internally. So, questions:

Is there a need for something like Bastille for FreeBSD? There shouldn't be a need for it with TrustedBSD, should there?

Have you looked at what the NSA did to Linux and attempted to extract from it? Are there modifications they made that apply to TrustedBSD, either in source code or in spirit?

Re:Interbase Backdoor? (1)

kperrier (115199) | more than 13 years ago | (#511532)

Were either of the BSD distributions affected by the interbase backdoor?

Only if the *BSD box was running Interbase.

Kent

What is next: (3)

drenehtsral (29789) | more than 13 years ago | (#511533)

I've got a FreeBSD box that i want to bolt down and harden. It's a Dual PIII 800, and i want to use it for development and testing of a server program i'm writing. The server runs as nobody, so i'm not worried about that.
I've closed stuff off such that an nmap from localhost, tcp, syn, and udp shows only sshd, dhcpc, and syslog. I'm currently running the verson of openssh that comes with FreeBSD 4.2.
I'm planning on installing tripwire on the machine at some point as well. I also plan to write something that will mail me a diff of the setuid log between the current day and the previous day, as well as a similar thing for the password file. Any other suggestions?

Christians? (1)

redbird (24548) | more than 13 years ago | (#511534)

Do christians (or, other religions, too) have a problem with using any of the BSDs you've worked on due to the daemon mascot?

Re:USB support and the future (1)

CoBoLwArRiOr (301814) | more than 13 years ago | (#511535)

It does, but I have a couple of other things that will not work at all

-=-=-=-=-=-=-
The COBOL Warrior

Good question above (1)

rppp01 (236599) | more than 13 years ago | (#511536)

Why should an NT user switch to BSD as opposed to Linux? Sure, BSD can run most Linux binaries, but what does BSD offer in the way of applications that Linux doesn't?

OSS Philosophy (1)

Auckerman (223266) | more than 13 years ago | (#511537)

What do you think of Stallman's distinction between "Free" software and "Open Source" and his appearant refusal to deal with anyone who wants to discuss Open Sourcing their application until they speak in his language on these issues?

Re:OS X based on FreeBSD (2)

weston (16146) | more than 13 years ago | (#511538)

I believe OS X started life (back in its OpenStep
days) from BSD 3.2 put on top of Mach. It's now probably a 4.x on top of Mach. This means its codebase really isn't directly inherited from FreeBSD or NetBSD, AFAIK.

However, that might not stop it from contributing. The Apple-open OS X distro Darwin [darwinfo.com] may have a tip or trick to contribute back, and likely incorporates a bunch of *BSD stuff as well.

--

Process? (4)

rice_burners_suck (243660) | more than 13 years ago | (#511540)

Hi,

I'd like to thank you for all the work and effort you and your fellow developers are putting into this project. I currently use FreeBSD and have plans to try out your work on my next server configuration.

Could you give us a short overview of the process you're taking to make FreeBSD more secure? In particular, how does the TrustedBSD project compare with OpenBSD, which has been undergoing a line-by-line security audit for years? Most importantly, what are the advantages of choosing TrustedBSD over OpenBSD (besides the obvious project-loyalty factors)?

Kindest regards,
NGH

Stargazer! (2)

anacron (85469) | more than 13 years ago | (#511542)

Man .. I used to hang with Watson. He used to run a BBS called Starlight. I was a fellow sysop that used to run a BBS called Celestial Happenings. Props to Perry and the Ritual de lo Habitual creww, and Props to 'gazer and the rest of the DC WWiV crew.

Anyway, here's my question:

Security has traditionally been viewed as more of an architecture of denial than anything else -- stop people from getting where they are not supposed to get. However, these days security has more impetus because of the sheer amount of intellectual property that's being housed on publically accessable computers. Do you think's it's theoretically possible to ever build a 'crack proof' system? I'm famaliar with FreeBSD's track record, and use it for my firewall at home. But should the onus of security be placed on the sysadmins of the server, or on the people that make the operating system the server runs?

anacron (aka Surface)

Re:TrustedBSD and NSA secure linux (1)

rwm311 (24383) | more than 13 years ago | (#511543)

I don't want to get into a holy war about what package manager is better, but I think is a rather weak argument. Instead of downloading the binary rpm you simply download the source rpm (SRPM) and install it, then you look in /usr/src/redhat/SOURCES to see the source.

I build rpm's on a daily basis and while it does lack some robustness in the dependancies arena, I think it's overall A Good Thing. And by the way, RPM != Red Hat... I can't stand it when people use the two interchangably.

rwm

FreeBSD and X-Windows (4)

bsdbigot (186157) | more than 13 years ago | (#511545)

Given that X is an inherently insecure system (though great strides have been made to rectify this), how do you see the relationship between X and FreeBSD going forward? xfree86 v3.x is nice, v4.x is nicer (though it hasn't made it to the "default" windowing system for FreeBSD, presumably because of some gaping security holes). Surely, for the mindless masses, X (or some derivative) is a necessary part of the complete OS distribution. What does the core feel is a reasonable tradeoff between security and functionality, WRT this issue, and to what extent will the core move to "correct" any serious problems (non-platform specific) with future releases of X?

Re:FreeBSD Distribution (2)

Marasmus (63844) | more than 13 years ago | (#511546)

Just to be a nitpicking annoyance, I wanted to point out that most large distribution sites are running a variant of BSD. :) a handful (such as sunsite.unc.edu) run solaris, but most of them (cdrom.com, freesoftware.com, many of tucows.com's mirrors) are hosting from BSD :) It may be more accurate to view BSD as supporting Linux's distribution :)

How does TrustedBSD compare to Eros? (3)

jemfinch (94833) | more than 13 years ago | (#511547)

Eros [eros-os.org], unfortunately, doesn't look like it's actually going to arrive (at least not in a timely manner), but I've read several of the papers on capability-based security and they were all very interesting.

What do you think about Eros? What's your opinion (and your perception of the security community's opinion) about capability based security?

Thanks, Jeremy

Re:TrustedBSD With VMS Features? (1)

hch (304422) | more than 13 years ago | (#511548)

<i>I was reading some documentation on VMS the other day (don't ask), and found out something really interesting. VMS has per-thread security. Thus, a multi-threaded database application could still have ridged security even though it is one process.</i>

Linus has this feature, too (and FreeBSD using the linuxthreads port). But many people consider this a bug and not a feature ....

Re:Cross-pollination with Linux security efforts? (2)

Chalst (57653) | more than 13 years ago | (#511549)

I think `hardening' a distribution is (partly) orthogonal to what
TrustedBSD is up to: the TrustedBSD folks are aiming to provide tools
to make it possible to ensure that a distribution satisfies a security
policy, whilst Bastille is meant to check a given system for obvious
holes. A Bastille project for a TrustedBSD system would make sense.

What is part of FreeBSD and what is not ? (4)

f5426 (144654) | more than 13 years ago | (#511550)

I run FreeBSD on 3 machines here. I felt in love with it.

One thing I was wondering about is how decision are taken about what goes in the real system (/usr/src) and what does not. For instance, rcp is in the base system, while rsync is in the port tree. When I started, less was not in the distribution, but now is. Why ? Will FreeBSD grow and accumulate more and more tools in /usr/src ?

Something somewhat related that bother me is that as soon as I get away of the base system, things are much less clean. Even if the port tree is wonderfull, there is no simple command that will enable me to stay in sync with non-standard stuff. I would love beeing able to do something analogous to cvsup + make world to keep an up-to-date X / gnome / mozilla installation, with a defaut window manager and configuration that make sense. Is there any work in that direction ?

Cheers,

--fred

A few important questions: (5)

Bob Abooey (224634) | more than 13 years ago | (#511551)

1) Do you ever plan on moving away from the slow and resource intensive method of VMS style paging for memory address resolution

2) Are there plans to rewrite the TCP/IP stack to be multi threaded

3) Will BSD ever migrate away from UFS to a more modern file system?

4) With serious POSIX compatablity issues are there plans to use code from POSIX compliant OS's to become more commercially attractive to major corporations

Re:Christians? (1)

dhuff (42785) | more than 13 years ago | (#511553)

Well, I'm an Episcopalian and also run FreeBSD, drink coffee out of a BSD-logo mug, wear FreeBSD t-shirts at times, etc... Go to FreeBSD's site and read Evi Nemeth's explanation [freebsd.org] of the daemon mascot.

Just wanted to make it known that not all Christians get their panties in a twist about silly stuff like cartoon daemon logos :)

Are you mad? (1)

_ganja_ (179968) | more than 13 years ago | (#511554)

Did you SHAG widly last night and did someone KISS you goodbye THIS MORNING.

Oh sorry, this isn't the Andre's Hedrick interview.

Re:TrustedBSD and OpenBSD (1)

platinum (20276) | more than 13 years ago | (#511555)

Actually, FreeBSD regularly integrates OpenBSD's fixes into the system (and vice versa). The nice thing about having the 3 open-source BSD's (along with MacOS X and BSD/OS) is that much code is shared, and is available for the others to use.

Re:Why another BSD? (2)

platinum (20276) | more than 13 years ago | (#511556)

It you actually read what TrustedBSD [trustedbsd.org] is about, you would see that it is an extension to FreeBSD and should be integrated into FreeBSD-proper before 5.0 is released.

BSD Security (1)

ahknight (128958) | more than 13 years ago | (#511557)

I've heard a lot about BSD being inheirently more secure than Linux, but have yet to see some concrete reasons why. So far, it comes down to code review from what I understand. What difference, then, is there between "secure" BSD distributions and, say, Immunix?
--

Changing face of security (3)

QuantumG (50515) | more than 13 years ago | (#511558)

Do you think there is ever a time when you can declare a system "secure"? Assuming you dont, do you think it is even possible to objectively rate the security of a system?

BSD hackers vs GPL hackers (4)

Arandir (19206) | more than 13 years ago | (#511560)

I've heard it said numerous times that "Linux is more successful than BSD because of the license". The argument is that hackers prefer the GPL because their code can't be "stolen", whereas nothing stops Microsoft from using the BSD licensed code. I've even seen some Linux advocates point to Darwin as the ultimate example of exploitation.

What are your views on this from a perspective as a BSD hacker? Can free software really be stolen? Is BSD open for exploitation (in the negative sense)?

Re:FreeBSD and X-Windows (1)

EverCode (60025) | more than 13 years ago | (#511561)

FreeBSD 4.2 has a security level setting (during installation), and if you set it above normal (default), X will not run.

IMHO, this is about all that can be done. X = security problems, no matter what.

Secure programming (1)

emir (111909) | more than 13 years ago | (#511562)

I would like to learn more about secure programming under *nix. I have decent knowledge of c, cpp and java.
Where should I start?
What book/doc/faq do you recommand me reading?

OS X and FreeBSD (1)

gagganator (223646) | more than 13 years ago | (#511563)

apple states [apple.com] that mac os x/darwin is based on freebsd 3.2. how complete an implementation is this? has darwin contributed any new ideas/code/features to bsd?

Re:FreeBSD question (1)

Rogue Orion (209687) | more than 13 years ago | (#511564)

From what I understand (And please correct me if I am wrong), FreeBSD has a completely different kernel than Linux (which Mandrake is just a distribution of).

On top of that kernel, you can run X-Windows, and then a common window-manager (like GNOME, KDE etc.)
In theory, you could have a system that looks identical to Mandrake(linux) that runs on top of the FreeBSD kernel. Some argue that the BSD kernel is more stable and "industrial strength".

Re:Good question above (1)

mr (88570) | more than 13 years ago | (#511565)

At this time, some benchmarks done by some people show BSD running 10-30% faster than the linux distro of the month. Even the linux compatibility mode runs faster. Given the speed of machines these days....such matters little today.

The design methodology of a group of people VS linus is an advantage. (FreeBSD gets out releases once a quarter. the linux kernel has been delayed) Because of the design of BSD, updating a BSD box goes like this:

become root
cd /usr/src
make update
make buildworld
make installworld

And the BSD license is a difference. If Micro$oft 'attacks' GNU/Linux, Micro$oft will use the GPL as the vector of the attack.

Applications: Rate shaping for TCP/IP traffic is an example. How about Office 2001 for MAc OS X? (the whole Mac OS X stuff)

Re:Why will people continue to use FreeBSD? (3)

SoupIsGood Food (1179) | more than 13 years ago | (#511567)

Mac users still get uncontrollable giggle fits when people talk about the "User friendly Windows interface". If you need a seemless, integrated UI for total control over the presentation and creation of complex data (Graphics, sound effects, bad screenplays, etc.) you need BeOS or a Mac.

Unix in all its many splendored flavors is good for when you need stability and performance. This is why it's usually paired with the =really= sexxxy hardware you need a government grant to buy. Unix boxes are at their finest as tools, accessories. Big, expensive shared peripherals that serve a specific, tailored purpose.

In my case, I've got a Sparcstation LX running OpenBSD for a purpose: I need to host a private web forum. It has to be robust, able to cope with large loads, and dirt cheap. Including the OpenBSD CD(with stickers!), the setup cost me $50. I don't need a windowing environment...I have my MacOS Powerbook on a network with it. After the initial install, I can administrate it better sitting on my couch than I can sitting on the terminal...the Mac's tools for editing bits of text from a usercentric standpoint are second to none. Perfect for tweaking configuration files.

And you will need to tweak configuration files. By hand. Might as well start off that way rather than continually correcting what the GUI administration applications assume is what you want. This is where BSD's shine. Their systems are simple and unsophisticated, well documented with clearly written manpages and FAQs, thus shallowing the learning curve if you need to get into the nitty-gritty of networking, soft-raid, security auditing, etc. You know...the stuff Unix is =good= at.

Linux is too chaotic, the distros vary too wildly from one to the other to make low level administration and automation easy. They cram everything but the kitchen sink into your system, none of it documented very well. This is fine if your hobby is computer science and you need a toy to play with, or you need a robust workstation environment, or you want to compete with Windows to be the hottest Mac rip-off arround. Not so good if you're trying to track BBS users by IP to filter out the trolls and bots.

There just isn't a GUI front end for that sort of stuff. Fancy windowing environments soak up valuable processor cycles and RAM. If you need a robust and fast server tailored to meet a specific utility, you need *BSD.

SoupIsGood Food

FreeBSD and Operating System Ports (2)

Matthew Luckie (173043) | more than 13 years ago | (#511568)

Hi

You might not be the best person to ask, but what are the difficulties in porting FreeBSD to other operating systems?

The alpha port seems to have been struggling somewhat recently with all the different motherboard configurations (alphapc for one) that make the alpha an almost completely different CPU in some critical points.

Theres also the sparc port, which doesnt appear to have made lots of progress at all.

Here comes the questions:

  • What is it about NetBSD's architecture that makes it more simple to port to other platforms compared with FreeBSD's?
  • How is the IA64 port progressing? What are the major issues in changing parts of the base of FreeBSD to take advantage of some of the new features. Has intel even supplied you with the appropriate hardware required?

Re:Isn't FreeBSD now part of BSDi? (1)

MadAhab (40080) | more than 13 years ago | (#511569)

I won't explain the "part fo BSDi" thing; do the reading yourself.

I will say, however, that so far I've noticed nothing in -stable. Still works great and is easy to maintain and administer, still doesn't support devices as broadly as linux. No changes significant enough to change anyone's reasons for using or not using FreeBSD, in my view.

In the -current version, however, there appear to be lots of changes afoot. FreeBSD 5 is supposedly going to come with a lot of the SMP stuff from BSDi merged in, which would be a huge plus for FreeBSD.



Boss of nothin. Big deal.
Son, go get daddy's hard plastic eyes.

File Transfers (1)

pboulang (16954) | more than 13 years ago | (#511570)

As a protocol, FTP is one of the worst. Open a control channel on port 21, then if using active FTP, choose a random port.. (actually x*256+y where x and y can be predicted) and have the server initiate a data channel from port 20 to that port. If you are using passive FTP, then the client initiates a data channel to the random port on the server.

Now really, does that make any sense? It means that behind a firewall (BSD, of course) running NAT, a client must run passive FTP, since there is no way an outside box should be able to initiate into the client box at a high port. However, what about that server? Do I really want to allow high port access to that box?


Finally, my question is this: How does one properly configure FTP between two NAT'd boxes without opening up lots of high ports?
Better still: Where do I write my congressman to make FTP illegal!?

--paul

Re:FreeBSD question (1)

The_Rift (257762) | more than 13 years ago | (#511571)

That and the kernel and userland come together. In FreeBSD the userland is designed around the kernel and vice versa. Unlike a Linux distro such as Mandrake where you get a Linux kernel + a userland built out of various GNU and whatnot software.

As to your comments on X-windows, that's a seperate piece of software to the OS and would look more or less the same on any platform it runs on. (and it runs on a lot more than just Linux and FreeBSD).

Re:USB support and the future (3)

AntiBasic (83586) | more than 13 years ago | (#511572)

FreeBSD has had USB support since 3.3 iirc. Go check LINT, search FreeBSD.org [freebsd.org], look at FreeBSD Diary [freebsddiary.org] and the FreeBSD Handbook [freebsd.org] for further information about setting up your FreeBSD box. I'm sure you'll see just how solid it is.

Ports Unification (3)

Christopher B. Brown (1267) | more than 13 years ago | (#511573)

A unified "Ports" tree would almost certainly be helpful to FreeBSD and NetBSD in diminishing duplicated efforts.

On the other hand, for OpenBSD and TrustedBSD, the "fuzzyness" of sharing the code base may make it more difficult to "warrant" the security of packages.

Would it be sensible/preferable to have a "fork" whereby there might be a set of Trusted Ports that would represent a (perhaps limited) set of software that undergoes more comprehensive code auditing, as well as the Unified Ports containing software that hasn't undergone such testing?

Re: A few important questions: (4)

reg (5428) | more than 13 years ago | (#511574)

Only important questions if you are trolling...

1) Do you ever plan on moving away from the slow and resource intensive method of VMS style paging for memory address resolution

FreeBSD's paging code is extremely fast, which is why FreeBSD performs so well under load. It is fairly resource intensive, but the requirements for page tables etc are proportional to your RAM size, so FreeBSD will still run in low memory configurations.

2) Are there plans to rewrite the TCP/IP stack to be multi threaded

Once again, this is a buzz word issue - the TCP/IP stack performance is very good (ie can staturate whatever network you happen to plug in). But the entire kernel is being multi-threaded for 5.0, to provide fine grained SMP support.

3) Will BSD ever migrate away from UFS to a more modern file system?

The UFS file system is being continously upgraded. It has features which Linux and most other commercial FSs would love - like softupdates, and new utilities to grow filesystems (and shink them too hopefully soon). Just because Linux has had to rewrite it's FS because of poor reliability doesn't mean that the BSDs have a bad file system.

4) With serious POSIX compatablity issues are there plans to use code from POSIX compliant OS's to become more commercially attractive to major corporations

POSIX compatibility is also something which is always being improved. But I think that you're wrong about POSIX compatibility being an issue for major corporations. They are far more concerned with stable APIs, and at the moment they want stable APIs for things like windowing services. This is why people code for Windows, not POSIX compliance.

Regards,
-Jeremy

A very long, complete answer (3)

mosch (204) | more than 13 years ago | (#511575)

You can find an exceptionally detailed answer at http://people.freebsd.org/~alex/libh/ [freebsd.org] which should give you a very good idea of where the FreeBSD distribution is headed, in the manner of granular, custimizable upgrades. JKH wrote a wonderful paper that covers this.

--
"Don't trolls get tired?"

The future of gaming on BSDs, GNU/Linux, Darwin (1)

Angelwrath (125723) | more than 13 years ago | (#511576)

Many companies producing the popular gaming titles for Windows seem reluctant to support the Open Source, FSF and MacOS platforms with their products. However, Apple is about to join the BSD party with Darwin, offering the potential to add several million new BSD installations over the next few years. With that in mind, adding up the various *BSD communities and Darwin yields a large, growing group of users. Add GNU/Linux, and that total becomes even larger. Growth of these platforms is significant, as is the potential for game sales.

What can these communities do to allow a game developer to write one title and port it easily across platforms, while retaining performance and quality?

Can you comment on what would be required to put something like this together, in terms of software, standards and effort on the part of the developers?

Thank you, and good luck with your TrustedBSD efforts.

common misconception alert! (1)

Clover_Kicker (20761) | more than 13 years ago | (#511577)

The ports are 3rd party software.

The OpenBSD/FreeBSD/NetBSD team has no direct control over the s/w in the ports collection.

There is no organized effort to audit everything in the ports collection.

The OpenBSD audit is only concerned with the base OS, that in itself is a huge job. They don't have the resources to audit the thousands of apps in the ports collection.

The ports team does what they can to keep up with bugfixes from the various apps, but they aren't auditing the ports.

Once you install some 3rd party software, it's up to you to keep up with bugfixes for that 3rd party s/w.

Re:Good question above (1)

Petrophile (253809) | more than 13 years ago | (#511578)

Office for MacOS X, and pretty much every other MacOS X application are built on the proprietary Apple Carbon API and has nothing to do with MacOS X's BSD compatibility server.

But, if it was said on Slashdot (OS X == BSD), it must be true!

Re:decent literature (1)

MochaMan (30021) | more than 13 years ago | (#511580)

If you understand the basics of operating systems and you want a great reference to BSD, a GREAT book is "The Design and Implementation of the 4.4BSD Operating System", written by the original authors of 4.4BSD and published by Addison Wesley.

It covers basically anything you need to know, and makes a great reference if you want to understand the source code itself.

An overview of the book is at this location [awlonline.com].

Exactly (1)

Xuther (223012) | more than 13 years ago | (#511581)

I didn't mean to touch off a holy war there with my comments, I just stated that I can't open RPM on a windblows system while at work during a break or something, whereas winzip handles tgz just fine.

Re:What is next: (1)

jmcneill (256391) | more than 13 years ago | (#511582)

If your machine isn't logging for another, set the following in /etc/rc.conf:

syslogd_flags="-s -s"

This will make syslogd only listen on a UNIX domain socket, so it can't be accessed remotely.

Re:what do you do for *money*?? (1)

phusnikn (232888) | more than 13 years ago | (#511583)

Robert Works for Network Associates like most of the uber unix coders we all work for big time .com companies and just hack other peoples code on the side for fun =) You dont really think we would let all our talents go to waste ? ;)

Re:File Transfers (2)

jmcneill (256391) | more than 13 years ago | (#511584)

If you're using IP Filter (and not natd, I don't have experience with it) you can add the following to the _top_ of /etc/ipnat.conf:

map ep0 192.168.0.0/24 -> 0/32 proxy port ftp ftp/tcp

To allow active FTP through the NAT, assuming 192.168.0.0/24 is your local network and ep0 is your external interface. I use this on my NetBSD NAT machine and it works great.

Why is FreeBSD PAM support poor? (1)

djm (126641) | more than 13 years ago | (#511585)

I'd like to know why FreeBSD (I use 4.2-STABLE) ships with PAM but with no PAM support in OpenSSH or any of the 3 versions of Kerberos, and with only minimal PAM support in the core login, ftpd, and rshd (no support for sessions or account management). It was a nasty surprise when I installed and configured a PAM module that restricts logins using account management, and none of the login mechanisms used it!

Solaris and Linux have done a much better integration job in this area. I'm wondering why FreeBSD pretends to support PAM and ships with it when it doesn't really use it. It seems dangerous to mislead sysadmins into thinking they have secured their system when the security mechanisms are actually ignored.

Re:Isn't FreeBSD now part of BSDi? (1)

jkh (3999) | more than 13 years ago | (#511586)

No, FreeBSD was never "taken over" by BSDi, something which would be impossible even if BSDi had ever wished to do such a thing (how do you take over a volunteer development organization?). When BSDi merged with Walnut Creek CDROM, the existing cooperative relationship between WC and the FreeBSD project simply went with it. BSDi continues to make and ship FreeBSD CDs as well as employ several people to work on FreeBSD full-time and FreeBSD continues to support this as a Good Thing(tm). That's all there is to it. I now return you to your regularly scheduled conspiracy theories. :)

Re:OS X based on FreeBSD (1)

jkh (3999) | more than 13 years ago | (#511587)

Darwin has been going through some changes as OS X gets closer to its ship date of March 24th, 2001. It's true that in the past there was a bit of NetBSD and a bit of FreeBSD in the mix, though more recently the Darwin group has been standardizing on the FreeBSD code base and, as their web site states, last syncronized with FreeBSD 3.2. That's one of the reasons more active code-sharing hasn't really happened yet - things have simply been too far out of sync while the Apple people dealt with far more pressing issues related to getting their first release out the door.

Once that happens, some of the pressure will be off and hopefully a more recent version of the FreeBSD code base can be sync'd with Darwin along with the inevitable flood of product update requests and bug fixes which go into the first point release of OS X. Apple hasn't shown itself to be reluctant to play the open source game at all, they simply don't appear to have had sufficient resources to really take an active role in BSD development and also address all the other challenges they've had to face in getting OS X ready to ship. I've met with various Apple developers on several occasions now and they've shown a lot of enthusiasm for getting more actively involved once they have the cycles to spare.

FreeBSD 5.0? (2)

cpeterso (19082) | more than 13 years ago | (#511589)

the entire kernel is being multi-threaded for 5.0, to provide fine grained SMP support.

Where can I find more info about plans for FreeBSD 5.0? Is 5.0 include the integration of BSDI code? Freebsd.org doesn't seem to mention much.

chris

Re:Why would you... ? (1)

mrowlands (80337) | more than 13 years ago | (#511590)

I hear you bro! Well as someone coming from a very similar angle, pretty much every task I have needed to do in NT....dns / mail / firewalling / network monitoring has simply been that much easier and more transparent than NT / 2K. With 'nix type machines, imho and limited experience and especially with open source 'nixes, you have a better chance of: a) making it work, b) understanding why/how it works and c) fixing it when it don't. There is also another plus, it has opened my eyes to a much wider range of techniques for solving problems in the windows world. A lot of 'nix utilities are now ported to win32 and can be used in both environments. If nothing else, learning something new never killed anyone (more or less)

Re:OS X based on FreeBSD (1)

flynn_nrg (266463) | more than 13 years ago | (#511591)

MacOS X is based on FreeBSD? FreeBSD's kernel is aimed at i386 (it supports alpha as well), so did Apple just throw away all hardware dependent code and rewrote it to fit theirs? I thought that the MacOS X core is BSD based, which is != FreeBSD based. Please correct me on this if I'm wrong.

FreeBSD & Directory Services (2)

willy_me (212994) | more than 13 years ago | (#511592)

Microsoft has Active Directory.
Novell has NDS.
NextStep has NetInfo.

Will FreeBSD be supporting any type of directory service? I know there's always DNS but I was thinking of something a little more powerful.

What I (and most network admins) would like is a nice central way to manage users, computers, or any other network "object". In order for this to work well the service will probably have to be added to the distro - not just supplied as an external package (hence your envolvement.)

I was thinking that since NetInfo has been opensourced it might be a good solution. I know a Linux port already exists.

Making xxBSD easy to setup and administer would greatly increase its appeal to network administers. During the install procedure you should have the option "connect via NetInfo" where everything is done for you - you shouldn't even have to assign it a root password. All administration, and I mean everything, should be done from a central location. (I know most UNIX gurus probably want their commands like "adduser" - but some type of directory service should still be an option.)

Aah, network nirvana...
Willy

Re:Is it just me? (1)

Aunt Mable (301965) | more than 13 years ago | (#511594)

The general ratio's and the yellowness (blue pants - too) are probably what did it for you.

-- Eat your greens or I'll hit you!

IPFW (1)

IanA (260196) | more than 13 years ago | (#511595)

Can you port ipfw to linux? please??
ipfw has to be the greatest firewall tool ever :)

Re: libh (1)

Fruit (31966) | more than 13 years ago | (#511596)

Zip files plus (god forbid) TCL are supposed to be superior to apt+dpkg?! Don't get me wrong here, I like FreeBSD as much as the next guy, but it would merely approach dpkg/rpm, leaving apt junkies like me standing in the cold.

I like his idea of restricted installation scripts though (anyone remember SYS:Installer? =)

Re:Why will people continue to use FreeBSD? (1)

scott4000 (42414) | more than 13 years ago | (#511597)

Perhaps FreeBSD does not need to compete against anything...FreeBSD will continue to stay alive for a very long time, because the people who use it will not let it die.
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...