At 00:07 23/01/01 -0500, Michael H. Warfield wrote:
> No...
>
> You make the common mistake that because OpenBSD is secure then
>FreeBSD is secure and that because FreeBSD is high performance then
>OpenBSD is high performance.
All the *BSDs are secure when compared to other OSes. While there are
differences,
there are much more similarities.
all the *BSDs are high performance thanks to the BSD kernel.
>They are NOT the same.
if you compile two kernels with different parameters, then you'll have
different results.
Does that mean that the OSes are "NOT" the same?
For performance, there are places where the different flavors use different
algos or
different parameter values, but the kernel structure is the same.
do you find that a linux kernel is the same however do you compile it?
> Some of those
>guys won't even SPEAK to each other.
so what? these are human problems, and human problems are everywhere.
I've known people working on the same (and relatively small) project who
didn't
speak to each other.
> Theo de Ratt is a security fanatic,
>whom I respect most of the time and could strangle some of the time.
>I've shared a few beers with him at a security symposium and you don't
>get into a discussion with him if you are thin skinned or not prepared
>to back up your arguments (I'm neither). He also has his blind spots.
>(Like the time the OpenBSD firewall got hacked during the capture the
>flag game at DefCon because Theo let his password get sniffed :-) ).
>Some of the FreeBSD folks detest him and can quote chapter and verse why.
As I said above, these are human problems, and unfortunately they do exist
everywhere.
That said, being a genious is not the whole story. One must act friendly,
respectuously, ... etc.
>Unfortunately, his abrasiveness has detracted from his intelligence and
>some people on the FreeBSD side have been less than receptive, to say
>the least.
The *BSD are all derived from the 4.4BSD, and thus share a large set of code.
we're talking kernel here, which is the most important thing for both security
and performance.
> I have OpenBSD and FreeBSD systems running side by side with
>my Linux systems at multiple sites. FreeBSD != OpenBSD. No way, no
>how. *BSD is an oxymoron. The one thing that the *BSD systems do
>have in common is that they are all more difficult (for me and everyone
>I know, at least) to manage and maintain.
I hope you realize this is silly.
every OS is difficult to manage and maintain until you learn the details of
how things go.
> Your mileage may differ.
>If you are more comfortable with *BSD then go for it. If you are NOT
>comfortable with *BSD, then puting in a firewall based on it may be
>a serious mistake, given that human errors are the most common source
>of failures.
If I follow your arguent, then no one will ever use any firewalling solution!
indeed, every firewall has its tricks and problems, and if you've never used
it, you're not comfortable with.
If you mean that "one has to take into account the OS manageability", then
I agree. but some people don't bother learning new OSes, at least when these
are not veryf far from OSes they know. For example, although the Unices are
all different, it's feasible to switch from one to the other (sure it
requires work,
but everything requires work).
As for the human errors, they are not restricted to any OS...
> Given the personality conflicts that plague the BSD camps (plural
>intentional and emphasized), I'll stick with my Linux based Netfilter
>firewalls. :-)
No, you're stick with your linux cos' you lik it. nothing more.
probably aren't you familiar enough with *BSD.
It doesn't seem to me that these conflicts are stopping the progress of
the *BSDs. I've seen so many improvements in all of them these years.
aren't you just following the traditionnal linuxity that consists of
considering
specificities in Linux (OS+community) as good(tm), and considering
specificities of other OSes/communities as bad?
oh that one-world-one-vision inherited from too many years gnu fanatism.
cheers,
mouss
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
