• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

What are your thoughts on this article?

ronaldlees

Aspiring Daemon

Thanks: 242
Best answers: 2
Messages: 632

#26
By blocking TCP port 0 on Win10 it prevented it from doing something I didn't expect, I can't remember exactly what. It couldn't update itself or something with port 0 blocked. It's a rule I had always used before and I still block port 0 with my pf ruleset from my old Windows days
So, Windows has a special stack or bypass or packet handler that's used only for company related communication, since zero is normally non-valid (reserved for ephemeral port gen). I guess you can use raw sockets for making packets that use port zero. That seems like an obvious thing a company would do (for that kind of communication) after you read it. Out of sight - out of mind. Don't have a copy of Windows here, or else maybe I'd have a look. Interesting.

Read that some firewalls are configured to let port zero thru because the config tools assume there will be no port zero TCP traffic. Probably some monitors and net utils don't show TCP port0 either. Apparently pf blocks zero, but now it seems like a thing to verify.
 

cynwulf

New Member
Developer

Thanks: 9
Messages: 4

#27
More "eyeballs" doesn't automatically work - the eyeballs need to be looking and in the right places and know what they're looking for, the sheer numbers become irrelevant if they're not. If the codebase becomes so large and complex that it's no longer easy for humans to check, then one can only assume what happens.

http://www.linux.com/news/software/...report-dirk-hohndel-chats-with-linus-torvalds

It's amazing to me the damage done to all of Linux/GNU by one large organization upstream. It illustrates a fault in the development model there. I think FreeBSD being more structured is not vulnerable to this failing, at least I hope it's not.
Not just one big organisation. Lots of fingers in that particular pie.

https://www.linuxfoundation.org/about/board-members/
https://www.linuxfoundation.org/membership/members/

None of these are sitting on the board or "paying the bills" just for the hell of it.

The kernel is just one piece of course...
 

ronaldlees

Aspiring Daemon

Thanks: 242
Best answers: 2
Messages: 632

#28
I don't know if it's fair to compare Linux to any other operating systems with the exception of MS or Apple. Linux has gotten to be much bigger than operating systems such as FreeBSD and OpenBSD, in terms of people.

https://arstechnica.com/information...pers-and-gets-10000-patches-for-each-version/

The link is three years old and puts the number of developers of Linux at around 4500. More recently, I've seen 7000 developers listed in a quote from somewhere else. FreeBSD has what ... around 200? 300? 400 developers? FreeBSD is not in the same league as Linux, Windows, or Apple, when it comes to the total number of developers.

Has FreeBSD ever had significantly more than the current number of developers? I suspect the numbers haven't changed so much as to be able to say the BSDs are "dying" - that doesn't seem right. As far as the "many eyeballs" thing goes, can we really say that Linux is 20x more secure, since it has 20x more developers, relative to FreeBSD? Nah. No way. The reason is that many of those Linux devs are not doing security fixes, or even checking security issues. They're building the stuff into Linux that is of interest to them (Microsoft's agenda, for instance) - or creating new product drivers for the new gear they want to sell.

The FreeBSD guys are probably limiting their efforts to what really is needed, and don't try to cover so much hardware.
 

OJ

Daemon

Thanks: 253
Messages: 1,038

#29
The FreeBSD guys are probably limiting their efforts to what really is needed, . . .
That in itself has actual advantages. There not so much development of stuff that is not really needed. Which, as we've seen, is a problem with Linux.
 

Trihexagonal

Aspiring Daemon

Thanks: 423
Messages: 910

#30
So, Windows has a special stack or bypass or packet handler that's used only for company related communication, since zero is normally non-valid (reserved for ephemeral port gen)...
I'm not clear on the details, it does seem like it was updating it blocked, but I am absolutely positive blocking port 0, and I blocked TCP and UDP, had an unexpected effect on its ability to function normally. And I've used that rule since Win98 without that ever happening before.

Here's my pf port 0 rule:

Code:
### Block to and from port 0
block quick proto { tcp, udp } from any port = 0 to any
block quick proto { tcp, udp } from any to any port = 0
 

ronaldlees

Aspiring Daemon

Thanks: 242
Best answers: 2
Messages: 632

#31
Funny how I never really thought much about that. I've always just played by the rules, and worked with TCP the way you're supposed to work with it. So, when I see this, I feel a little dumb over not seeing things that are in plain sight. Best place to hide tho ...
 

CraigHB

Member

Thanks: 25
Messages: 95

#32
There was an old television series called Outer Limits where the introduction to the show was a blurb about how they have control over all you see and hear over the course of the show. It was amusing and I think it was intended to be, sort of a nod to The Brave New World. Though I think the makers of proprietary software are making it their mission statement now.
 

Trihexagonal

Aspiring Daemon

Thanks: 423
Messages: 910

#33
Funny how I never really thought much about that. I've always just played by the rules, and worked with TCP the way you're supposed to work with it. So, when I see this, I feel a little dumb over not seeing things that are in plain sight. Best place to hide tho ...
After I think about it, maybe that's how they carry out using everybody's bandwdith to distribute their software and apps. You can opt out, but it's like a peer-to-peer scheme.

I have my Win10 HDD in now and tomorrow will see if I can pick anything out of the logs. It was a year ago or more, but a couple weeks ago is the first time I've fired it up since and it's off now.

Win98 was a huge learning experience for me. I learned that if I was going to survive I had to know how to defend against exploit, and the best way to do that is know how they are carried out. It's something I picked up from way back then using Conseal PC Firewall, another packer filter.

I can't honestly remember if it's ever shown a block for port 0 in all the time I've used it up to now, and if it did was only once. But I feel better with it and I Admin my machines
 

sidetone

Aspiring Daemon

Thanks: 280
Messages: 846

#34
I'm not claiming that this isn't true (I can't make those kind of claims) but I do think that comments like these would have much more value to them if they were also specifically sharing the made reports. Give me PR numbers so that I can form my own opinion on this. Yet that important detail is carefully left out. "Convenient".
My instinct is that the author exaggerated, not about the duration of bugs, but the severity of mentioned bugs. There are a few bug reports and fixes in documentation, not severe and not in execution source code, that sit around for months. Also, it has to be considered, if there are bugs, perhaps they are not severe unless they are coupled with that cluttered GNU/Linux mess imported into ports.

I don't expect PR numbers, but the author could point to a more specific category or window of search within FreeBSD, NetBSD or OpenBSD Bugzilla.

It seems to me, this author was trying to get a reaction, or insert a heavy or ignorant bias.

FreeBSD has many strengths. While it may not have as many developers, companies dedicate resources to make sure that the base of FreeBSD and ethernet card drivers are professional.

Then to suggest that NetBSD is most terrible OS out there from a GNU/Linux perspective is ridiculous. Because where NetBSD beats GNU/Linux, no question, is it has a cleaner programs repository. NetBSD is ported on more systems, because of cleaner code, not in large part to more coding.
 

azathoth

Well-Known Member

Thanks: 13
Messages: 373

#38
My friend shared an article with me on "Are the BSDs dying?" I'd like your opinions on this

https://www.csoonline.com/article/3...dying-some-security-researchers-think-so.html

Maybe it's because I switched my personal servers to FreeBSD, but I see there is growing interest in the BSDs. I'm still a newcomer to the BSD world so I don't see much of what more of the veteran users see
sounds like doomsaying like global warming which will long term be proven total bs
 

azathoth

Well-Known Member

Thanks: 13
Messages: 373

#40
There are, check youtube. :)



Aside from a short run on Win7 to play Oblivion, Win10Pro was the first Windows I'd used since Vista. I had already read a lot of it on how it phoned home and such, some of it I knew from experience. I go through each firewall rule and set as I please and make my own as I go to enforce it. By blocking TCP port 0 on Win10 it prevented it from doing something I didn't expect, I can't remember exactly what. It couldn't update itself or something with port 0 blocked. It's a rule I had always used before and I still block port 0 with my pf ruleset from my old Windows days

I spent one whole day locking it down before ever going online. The time I spent online was to find more apps to lock it down further due to the "layered security" idea they adhere to, where you have to pile app upon app to do a job. The only sites I went to were Microsoft related and I still felt like the Sword of Damocles was hanging over my head the whole time.

I don't do online banking but I do use ebay a lot and on the same machines I use daily with the same browser. I know what scripts I'm allowing, type the URL by hand, have puny code disabled in my browser, etc. They might ask me to identify my 2 step authentication when I log in or my password again if I start to make a transaction. The first time I spoofed my useragent from FreeBSD they messaged "Something doesn't look right..."

So I am fairly confident in my BSD setup, and I do still have that Win10Pro HDD to play Oblivion, but I never connect it to the net anymore and still have the version before Creators Update.
of course the earth is flat
I mean just go outside an look!
 

azathoth

Well-Known Member

Thanks: 13
Messages: 373

#41
Archlinux or alpine are competitors to bsd, not deadrat ur-bung-2 and dweebian. pkg narrowed the pkg mgnt gap but freebsd ahead with ZFS and openbsd on security.....
-my 1 cents
 

Oko

Daemon

Thanks: 717
Messages: 1,593

#42
My friend shared an article with me on "Are the BSDs dying?" I'd like your opinions on this

https://www.csoonline.com/article/3...dying-some-security-researchers-think-so.html

Maybe it's because I switched my personal servers to FreeBSD, but I see there is growing interest in the BSDs. I'm still a newcomer to the BSD world so I don't see much of what more of the veteran users see
The article is not very deep but for what is worth it is fairly accurate. Last's year DEFCON 25 and 34c3 Ilja Van Sprundel security audits are well known across BSDs communities and they are taken very seriously. Some people who recognized themselves in the Ilja's valid critiques are still trying to defend themselves with BS blog posts as recent as few days ago

http://blog.netbsd.org/tnf/entry/recent_security_affairs

but the actions speak far louder than the words. I remember a day after the DEFCON 25 Ilya's presentation applying 30+ patches via syspatch on my OpenBSD machines.

I think that the article's assessment of BSDs futures is also pretty accurate. From where I am sitting (school of computer science Carnegie Mellon University) BSDs are statistical error. I can't see nothing but Linux deployment with NAS storage being possible exceptions (many, many FreeNAS installations among big data guys). Sure people who are not using Cisco or Juniper network gear do heavily relay on OpenBSD but that is a very niche market segment.

I don't see any BSDs being used for general purpose or scientific computing. I have never seen a single NetBSD or DragonFly BSD server deployed in production (My own private file server runs DragonFly). Actually I have never seen or met a single NetBSD developer using NetBSD at work (I met few at various BSD conferences over the years but they used Linux for living). I have yet to come across a live human being who deployed DragonFly for real like me.
 

vermaden

Son of Beastie

Thanks: 959
Messages: 2,629

#44
@stratacast1

I would say currently BSDs have never been better, I would rather write 'Linux is dying ...', look what is happening because of systemd ... two Linux worlds co-exist today ...
 

Oko

Daemon

Thanks: 717
Messages: 1,593

#46
@stratacast1

I would say currently BSDs have never been better, I would rather write 'Linux is dying ...', look what is happening because of systemd ... two Linux worlds co-exist today ...
vermaden I know you for many, may years as a very serious UNIX guy. Please tell me that I am hallucinating or that you have little bit too much to drink when you posted that BS.

Carl Sagan — 'Better the hard truth, I say, than the comforting fantasy.'
 

CraigHB

Member

Thanks: 25
Messages: 95

#49
I would say currently BSDs have never been better, I would rather write 'Linux is dying ...', look what is happening because of systemd ... two Linux worlds co-exist today ...
I don't know, I would sooner agree. I'm pretty mad at Debian Linux right now. FreeBSD saved me from being stuck with it and grumbling about it.
 

vermaden

Son of Beastie

Thanks: 959
Messages: 2,629

#50
Too much sarcasm in one sentence I suppose ;)
 
Top