On Aug 2, 2005, at 9:03 PM, Rod.. Whitworth wrote:
Anybody know what, if anything, it does that an OBSD solution doesn't/ cannot, that may be important?
Or alternatively the reverse.
What it does that an OBSD solution can't is be low power, cheap, and bought off the shelf (maybe there are off-the-shelf suppliers of OBSD machines, but they aren't in every strip mall in the country).
What it doesn't do is more a matter of the hardware itself. I've read reviews of various manufacturer's consumer-grade equipment, and I've tried to help people through their issues with their store- bought solutions.
From the reviews I've read, which are, admittedly, third-hand accounts, consumer-grade solutions are alternately unstable or poor quality. Some run hot, some have to be power-cycled on a regular basis.
My first-hand experience says this: sometimes consumer-grade equipment just doesn't work. When it doesn't, there is NOTHING you can do about it except take it back to the store for an exchange. Or two. You can't debug it: it either works or it doesn't. And you have no idea how, or if, it will function under heavy load.
An OBSD solution is one you can log into. Your limitations on filtering, etc., at least for small networks, will be limited only by how much hardware you want to throw at it. You won't be surprised one day to find that you've maxed out your filtering rules.
If there's a security issue or something broken about a consumer- grade solution and it's the firmware, not just bad hardware that needs to be returned, you're at the mercy of the manufacturer waiting for them to release a firmware update. Under OBSD, it's likely that a security issue or a major feature broken will get good attention, and you can patch it yourself if no one else is bothering. If your consumer box is more than a few models old, they may NEVER update the firmware, and you'll just have to buy a new one to fix the problem. I've been end-of-lifed on proprietary OS on some hardware devices that are perfectly serviceable, such as 10/100 PCI cards because the manufacturer released a new 10/100 card that they want you to buy.
And next year, when there's a new protocol or security service you want to offer, you won't have to buy a new machine, you just add the software.
