Pim van Riezen wrote:
>
> On Fri, 15 Jun 2001, David Douthitt wrote:
> For me personally, my aim is not to build "black box appliances that need
> no maintenance", but rather to build "network appliances that don't carry
> Unix baggage unless if there's no alternatives".
That's if you consider UNIX "baggage" to be a bad thing, which I don't
:-)
> With my consumer hat on,
> if I install an appliance to take care of a specific task for me, I don't
> want to have to hassle with source configuration and all those other
> wonderful Unix traits: I get an appliance because I want the job done
> quickly with a device that is tuned for that specific purpose.
A very worthy goal - don't get me wrong. However, when *I* get
something like that for myself, I want to know what makes it tick. If
I bought one of those off the wall routers, I'd probably bang at it
with nmap, try to identify what it runs, and try to learn what every
last option in every last menu did and why. Most folks I think
wouldn't read the manual unless they have to: I like to read manuals,
sooner or later: they tell you all the little hidden short cuts.
> Think about it, a 500MB IDE harddrive to install FreeBSD, OpenBSD, Debian
> Linux or whatever else on costs close to nothing. If I wanted a Unix
> machine to do that task, I'd go and build one and wouldn't bother with
> things like LRP. As a 'consumer', I go for LRP because I specifically
> _don't_ want a "flexible, can do anything" solution, but a "stick it in,
> configure it, stop worrying" one.
Granted - this is the realm of Eigerstein. I'm trying to increase the
ease of use of Oxygen as time goes on, but for me one must always
Worry About Security. The number one Bad Thing that system
administrators fail to do is to upgrade their systems and apply OS and
server patches when they come out. That's why you see systems
continually compromised that have security holes that the manufacturer
fixed three years ago - or even longer!
> > I see! One of the things I keep in the back of my mind is I want
> > Oxygen to work just like Real UNIX(tm) - which is a second reason why
> > vi is the default editor - but being a vi nut helps too :-)
>
> We will probably perpetually disagree in our viewpoints here then. Which
> doesn't matter, diversity == strength :)
Being a vi nut, I'm used to being alone :-)
> Take a look at Cisco I'd say. I never have to compile IOS from source, but
> they're pretty responsible in reporting security issues.
I don't know about Cisco, but many operating systems will do a HOST of
things behind your back and won't let you change how they operate.
This is the "don't worry, we know what we're doing" mentality - often
disguised in the form of "ease-of-use." It's this sort of programming
that makes it impossible to do new things, which in networking could
be ProxyARP or DMZs or other things. If the original programmers
didn't think of it, you can't do it without an OS patch - possibly
illegally created via reverse engineering, and almost certainly very
version sensitive. For the worst offenders, if it wasn't programmed
in, the corporate response is "Why do you want to do that? Just do it
the right way - our way."
THAT'S what I mean. I don't know if Cisco is that way; Apple was at
one time.
_______________________________________________
Leaf-devel mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/leaf-devel
