Date: Sat, 17 Mar 2001 20:42:18 -0800 From: richard childers <fscked@pacbell.net> To: Andrew Hesford <ajh3@chmod.ath.cx> Cc: bcohen@bpecreative.com, freebsd-questions <freebsd-questions@FreeBSD.ORG> Subject: Re: FreeBSD Firewall vs. Black Ice Message-ID: <3AB43CAA.E161A4FD@pacbell.net> References: <NNEMIHKLBKHCIJHJJFGPGEDGDNAA.bcohen@bpecreative.com> <3AB0CE99.FA945074@pacbell.net> <20010315091522.B2685@cec.wustl.edu> <3AB38160.EAC752EB@pacbell.net> <20010317121834.A41772@cec.wustl.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
I think it's pretty likely that you'll see a PicoBSD-based router in ROM hit the
market in the next few months ... and then you'll have a really difficult choice to
make ... (-;
-- richard
Andrew Hesford wrote:
> First things first... I'm an EE, not an ME. So I don't care about moving
> parts. Second, the cards that may be reseated aren't movable. Movable
> parts as probable failure points are those which are constantly or
> frequently moving, as in motors or relays. Cards become unseated when
> people play with them, not on their own. They can't move on their own.
> Since nobody is playing with my router, its cards won't become unseated.
> In my ten-year computing history (I'm only 19), I have NEVER had to
> reseat a card to solve a problem.
>
> There is no hard drive in my router. If I had a hard disk, why would I
> run PicoBSD off of a floppy? I'd just use a real FreeBSD install. The
> idea behind this router is to keep noise and power consumption to a
> minimum, so a clunky hard disk had to go.
>
> As for failing floppy drives, every 3.5" floppy drive I've ever owned is
> still fully functional, and many of those are older than the FreeBSD
> project itself. While most haven't been used in a few years, they were
> used regularly in their time, since that was the file transfer medium of
> choice. The floppy drive in my router spins for five minutes at boot
> time, and then it is never read again, until the next boot. This occurs
> less frequently than every month, since reboots are only caused by cable
> service interruptions and power failures.
>
> It seems you are refuting my line about configurability with claims
> against stability. I've addressed these stability issues, and I stand by
> my configurability claims. As the Linksys router is kept in flash ROM
> and information about the operating system is abundant, there is a
> limited amount of configurability in the router. For one thing, upgrades
> are subject to Linksys's firmware update schedule, whereas my PicoBSD
> disk can be replaced by any RELENG_4 tree I desire. In addition, I
> understand that only certain ports can be forwarded through the Linksys
> router, namely 80 and 23. I can forward or drop any port I like.
>
> In addition, I very highly doubt that the Linksys network interfaces are
> configurable beyond IP address settings. For one thing, you are confined
> to a single DHCP client on the outbound interface, which may not work
> with all cable modems. I have only gotten my cable modem working with
> dhcpcd and wide-dhcp (in the ports); it doesn't work with ISC's dhclient
> or pump. Some cable modem users may be out of luck, but I can always
> change my client. What about DSL modems that use PPPoE? I don't believe
> the Linksys router has PPPoE capability, but if it does, I hear that
> Linux's PPPoE implementation is buggy (assuming the router runs Linux).
> As a final example, if I have more than 256 computers who want to share
> a connection (this is a stretch, I know), or just want to break up my
> sharing amongst different networks for ease of administration and
> privacy, I can configure PicoBSD with an extra ethernet card or an alias
> on a single card to handle NAT for extra networks. I don't believe the
> Linksys router can do this.
>
> Truthfully, when I talked about reliability, it was only referring to
> reliability of software. However, your hardware stability points are
> important, and did need to be addressed. But as far as software is
> concerned, I heard it mentioned that someone suspects Linksys uses Linux
> in the router. If this is true, PicoBSD has the advantage in stability
> of the IP stack. As it was said on this list, Linux's IP stack is a
> playground for Alan Cox, and is generally not nearly as stable as
> FreeBSD's IP stack, which is based on 4.4BSD's stack, which is
> considered the reference standard.
>
> On Sat, Mar 17, 2001 at 07:23:12AM -0800, richard childers wrote:
> > Summary for the impatient: moving parts are bad.
> >
> >
> > "I always have to laugh, because it's $160-180, and it's probably not too
> > configurable."
> >
> >
> > I do not believe that there is any basis for considering a PC more reliable
> > than a router.
> >
> > PCs generally have removable parts. This is good, because you can replace
> > them; but it is bad, because they can move about and become disconnected; the
> > interconnections between the components are at risk. And we all know how
> > often a mysterious problem has been resolved by reseating the boards.
> >
> > It is generally a rule of thumb amongst mechanical engineers that there is a
> > direct proportion between the number of moving parts in a given device and
> > the probability that it will cease working as a result of these moving parts.
> >
> > In the case of a PC running PicoBSD, I would expect that the floppy would be
> > the first to go - regardless of whether PicoBSD reads the floppy after
> > bootup, repeatedly, or only reads the floppy once, and loads itself into
> > memory.
> >
> > I haven't played with PicoBSD so I don't know if it has the capacity to log
> > data to a hard drive but if it does that's your second probable point of
> > failure. How many messages have you read over the past week from people whose
> > drives were making noise? I count two or three.
> >
> > I encourage folks to secure their perimeters with multiple devices, which
> > operate upon network traffic sequentially (IE, packets reach box B only by
> > passing through box A).
> >
> > I would never encourage people to confuse potentially useful "choke point"
> > hardware with the firewall itself; those whom bother to read the previous
> > message from me on this thread, in full, will see that I never said anything
> > else.
> >
> > ('The Screensavers'. What is this? The made-for-TV action drama based on the
> > fish tank? :-)
> --
> Andrew Hesford
> ajh3@chmod.ath.cx
--
Richard A. Childers
Senor UNIX Administrator
fscked@pacbell.net (email)
415.664.6291 (voice/msgs)
# Providing administrative expertise (not 'damage control') since 1986.
# PGP fingerprint: 7EFF 164A E878 7B04 8E9F 32B6 72C2 D8A2 582C 4AFA
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3AB43CAA.E161A4FD>