Ask Slashdot: Migrating a Router From Linux To *BSD? 403
An anonymous reader writes I'm in the camp that doesn't trust systemd. You can discuss the technical merits of all init solutions all you want, but if I wanted to run Windows NT I'd run Windows NT, not Linux. So I've decided to migrate my homebrew router/firewall/samba server to one of the BSDs. Question one is: which BSD? Question two: where's some good documentation regarding setting up a home router/firewall on your favorite BSD?
It's fine if the documentation is highly technical, I've written linux kernel drivers before :)
(Got a question? You can Ask Slashdot, too.)
It's fine if the documentation is highly technical, I've written linux kernel drivers before :)
pfsense (Score:5, Informative)
subject says it all.
runs from very small disk (I use a 4gb m-sata ssd) and has a great ui, is a superb firewall and is bsd based. used to be the old openwall code.
Re:pfsense (Score:5, Interesting)
Love PfSense doubleplus from me as well. However, I don't understand the blatant systemd misrepresentation/hatred
Re:pfsense (Score:4, Insightful)
PfSense is a must if you are running ESXi topologies.
SystemD hatred is pretty simple. A large amount of untested, potentially unsecure, unaudited code was placed at the core of Linux's userland, and forced on end users (enterprise IT shops) without any real testing or feedback by end users.
RedHat has bet the farm on SystemD... if/when it has security issues (it has network connections, so in theory, it can be remote rooted), it can cause a mass flight from RHEL and downstreams. The gain? Little to none, from the end user point of view.
I am keeping fingers crossed, and hoping someone forks the cash for an audit of the code... Oracle and Microsoft are waiting in the wings for mainstream Linux distros to fall on their face if something does break.
Re:pfsense (Score:5, Informative)
PfSense is a must if you are running ESXi topologies.
SystemD hatred is pretty simple. A large amount of untested, potentially unsecure, unaudited code was placed at the core of Linux's userland, and forced on end users (enterprise IT shops) without any real testing or feedback by end users.
RedHat has bet the farm on SystemD... if/when it has security issues (it has network connections, so in theory, it can be remote rooted), it can cause a mass flight from RHEL and downstreams. The gain? Little to none, from the end user point of view.
I am keeping fingers crossed, and hoping someone forks the cash for an audit of the code... Oracle and Microsoft are waiting in the wings for mainstream Linux distros to fall on their face if something does break.
You do realize that most of the systemd addon daemons run
1. As a completely separate process
2. With the minimum permissions need to do their job.
3. The stuff with network connections are definitely optional..
I know they have some network things that they optimized for containers but they don't seem general purpose so I don't run any of them on the servers I'm testing systemd on. So far the only actual Systemd issue I've had is that it screws up pulse audio on one of my machines (works fine on the laptop screws up on my desktop).
Re:pfsense (Score:4, Funny)
You do realize that most of the systemd addon daemons run
across their goddamned lawns, it would appear.
Re: (Score:3)
So far the only actual Systemd issue I've had is that it screws up pulse audio on one of my machines
That is karma if I've ever heard of it.
Re: (Score:3)
GNOME, systemd & BSDs (Score:4)
Re: (Score:2)
A large amount of untested, potentially unsecure, unaudited code
Sounds like software to me. Bash was unsecure and unaudited. So I guess you're in csh land now?
Re: (Score:3)
(it has network connections, so in theory, it can be remote rooted)
[root@buchan-laptop ~]# ps auxww|grep systemd|wc -l
12
[root@buchan-laptop ~]# netstat -plant|grep systemd
[root@buchan-laptop ~]#
Re:pfsense (Score:5, Insightful)
It's because the whole systemd thing is the latest in a line of trends where entire distros are being drastically changed rather than getting forked into something new. Ubuntu's Gnome thing caused a lot of people to basically write it off and move back to Debian, only to now find the same people responsible with the crappy Gnome changes have subverted the Debian core as well. Instead of forking Debian with the new systemd paradigm, Debian is rolling it in as the default. And since systemd touches so many different things, it's not really easy to get rid of.
One of the common defenses from systemd devs is something along the lines of "why are people so upset over it? SystemD is still new and they should give it time to play out before judging it." Which is exactly the kind of reason you *dont* put it in a live mainstream distro known for stability until after years of testing and positive results in a fork.
Re:pfsense (Score:4, Insightful)
Systemd is actually *really* easy to get rid of, you just have to be willing to do without Gnome and other packages that depend upon it.
Please provide a step-by-step list of the commands needed to remove systemd from CentOS 7 "minimal install", or a pointer to such a list.
I have now been told literally dozens of times that "you don't have to install systemd", but no one has yet to back that up with steps for an install without it, or how to remove it from an existing install.
Re: (Score:3)
Systemd is actually *really* easy to get rid of, you just have to be willing to do without Gnome and other packages that depend upon it.
If you aren't willing to make that choice, then you have chosen to run with it.
Statements like this are one of the many reasons people get pissed about systemd. I can't tell if this is just a really good troll, or if you seriously believe that and are ok with it, but I suspect that latter just because of apparent mindset of pro-systemd folks. So, assuming the latter...
You're saying systemd is easy to get rid of, if you get rid of all the things that now depend on it, and those that will in the future. Logind, for example, which means Gnome, which means other gnome stuff, and that's ju
Re:pfsense (Score:5, Informative)
>> I don't understand the blatant systemd misrepresentation/hatred
It is a complex and fairly large chunk of code that "fixes" a nonexistent problem, it flies in the face of Unix philosophy, and the author has a pretty bad track record.
Re:pfsense (Score:4, Insightful)
Considering it's the third major Unix to try fixing this problem, I don't think the problem is nonexistent or invented. Solaris came up with SMF, and OSX came up with launchd, basically to fix the same problem, which is that tangles of shell scripts are unmaintainable, buggy shit.
Re:pfsense (Score:4, Insightful)
Solaris lost favor due to crap like SMF because no one could really troubleshoot it when it broke as well, and OSX is no longer server friendly. If you want to talk about buggy shit, look at the two examples you just brought up. Systemd solves desktop problems, not server or embedded problems, it only causes problems in those realms.
Re: (Score:3)
That's pretty interesting considering it was designed for servers to begin with. Servers are far more likely to have weird dependencies on boot such as root drive over the network or worse yet, boot drive over clustered file system over the network and where Debian said they are losing share due to not being able to support some of the larger server configurations.
For the embedded space, it either uses less memory than the current setup, or you are rolling your own init and don't care about systemd at all.
systemd hatred (Score:5, Insightful)
I don't understand the blatent systemd pushing. Reasons for disliking it vary but don't really matter, because its adoption will force a *lot* of people who don't want it to either suffer through it or suffer through migration to another OS. That is reason enough not to adopt it. Trying to discredit people's reasons for disliking it is presumptuous, pointless, and rather stupid.
Re: (Score:2)
Clarification: I do not meant to imply that IMightB is trying to discredit people's reasons.
Re: (Score:2)
Don't you know. If you like something new you are just a blind follower. If you hate something then you must be smart enough to hate it.
Because if you have such a strong opinion about something it must mean you have a damn good reason to.
Re: (Score:3)
There are over 100 Linux distributions. I can guarantee with absolute certainty that not everyone one of them has switched to systemd. You don't like the new car Ford released so you switch to a boat, makes perfect sense.
It's hatred of change to something 90% finished (Score:3)
It's just a case of unfinished software replacing something that was rock solid and "the way we always did it". Anger, embarrassment and blaming the new tool that doe
Re: (Score:3, Insightful)
Out of curiousity I decided to take a look at a typical init file on this machine, running Ubuntu 14.04 LTS.
I chose apache because it was at the top of the list. The file is 410 lines long. Within the first 5 lines of code, we're in to this cryptic, barely readable shit:
SCRIPTNAME="${0##*/}"
SCRIPTNAME="${SCRIPTNAME##[KS][0-9][0-9]}"
The file also appears to be sourcing variables left, right and centre. User-editable init config options have to be spun off into files their own directory (in this case /etc/def
Re: (Score:3)
Re:pfsense (Score:4, Informative)
Pfsense is listed on these as well. If you don't want a turn-key like solution, but want something secure, use OpenBSD.
Re: (Score:2)
Definitely pfSense! You can build your own router with parts from PC Engines.
Link: http://pcengines.ch/
Re: (Score:2)
Yep "migration" is as easy as blowing out the Linux OS and installing pfsense.
In fact I am suprised that anyone would have rolled a linux router when pfsense has been around for a very long time and is a standard.
Migration (Score:2)
You don't even need to blow away the Linux partition. Just install to a 4GB USB stick and set that to be the first boot-device.
pFsense vs OpenBSD? (Score:2)
Re: (Score:2)
Re: (Score:3, Informative)
The version of pf that ships with pfsense is positively ancient
FreeBSD's PF is essentially an actively maintained fork which doesn't follow the upstream closely anymore. It has its own set of functionality like being SMP and VIMAGE capable.
http://networkfilter.blogspot.com.au/2014/12/security-openbsd-vs-freebsd.html#network
There is a good bit of misinformation on that page.
Re: (Score:3)
Re: (Score:2, Insightful)
OpenBSD (Score:4, Informative)
http://www.bsdnow.tv/tutorials/openbsd-router
Or Slackware, Gentoo, or Devuan (Score:5, Informative)
The three distros in the Subject line do not use systemd, though Gentoo does offer it. They may well be the dig-in-the-heels distros that will stay that way, driven by people like you. Moving to one of those distros is a smaller/easier move for you, and doesn't preclude moving to a BSD in the future.
Years back I thought about moving my server to OpenBSD, based on reputation. However after some thinking I realized that potentially the safest server is the one you know best how to administer. I was probably better off knowing how to administer Linux well across my home cluster than to divide my efforts. I know OpenBSD is supposed to be "secure by default", but don't know how I might accidentally mess that up by mis-applying Linux knowledge to it.
Info about Gentoo, for those considering it (Score:5, Informative)
Like BSD, Gentoo is a source-based. So, if you're familiar with Linux, you might find Gentoo a sort of gentle introduction to a more BSD-like distro.
I've been using Gentoo for a while, and it has done what I expected most distros to do: It offers two init systems: OpenRC (the default), and systemd. OpenRC is actually Gentoo's own. It's sysvinit-like, with a few nice enhancements. If you're familiar with Sysvinit, you don't find it hard to switch: OpenRC is lightweight, and converting a syvinit-style startup script to an OpenRC one usually requires only a few modifications. OpenRC it lets you specify dependencies and runlevels by name, rather than having to manage a bunch of symlinks and numbers by hand.
Gentoo is not as user-friendly as, say, Ubuntu. There's no GUI installer. Instead, the Gentoo Handbook walks you through how to partition and format your disk, etc. I initially picked Gentoo because I wanted to learn more about Linux. Whenever I've gotten stuck, I have also found the online Gentoo community (wiki, forums,etc.) to be quite friendly and helpful.
Re: (Score:3)
I don't think it's really accurate to say the BSDs are primarily source-based from a user perspective these days. FreeBSD, NetBSD, and OpenBSD all use binary packages. You can build from source, but that's true on Debian too. The various BSD and Linux distributions differ a bit mainly in how strongly encouraged each option is, e.g. OpenBSD strongly recommends installing the official binary packages, not building your own.
Re: (Score:3)
I run gentoo for my home server so that I don't have to worry about a major upgrade every few years. That "package churn" is what happens when you want the latest code running the latest fixes.
Yeah, some of the upgrades get dicey, but I laid out my current root filesystem in 2008, and haven't reinstalled anything since. Yes, every once in a while I need to spend a weekend fixing package collisions, but that is the ticket I paid for when I chose not to use a package based distro.
So in a nutshell, Gentoo wi
Re: (Score:2)
This. IMHO, the whole point of Linux has always been the unlimited possibilities for customization, so I don't get this recent trend of threatening to leave Linux altogether because _some_ distros use Systemd _by default_.
Personally, I had a brief stint with NetBSD around 2003, and I was momentarily hooked by the Unix purity after all these flashy mainstream Linux distros. However, I soon learned I can a lot of the same experience with all the Linux goodies (such as hardware compatibility) by running Gen
Two things (Score:5, Interesting)
1) Don't run your fileserver on your router/firewall. You're asking for problems.
2) Not all Linuxes run Systemd (Yay Slackware). I have nothing against the BSDs and they are probably better for networking anyway.
Personally I have Tomato on my firewall/router and use Slackware for my server needs. Serves me pretty well.
Re: (Score:3)
The ideal is to have the router on its own bare metal, perhaps sitting on a hypervisor (Xen, ESXi, pick your poison), so if the router's VM gets compromised, the bare metal hardware cannot be attacked (video cards can be reflashed, even keyboard firmware can be augmented.) Plus, if snapshots are used, it can be restored from a snapshot if need be. Modern type 1 hypervisors can be well locked down so that compromise from a VM is extremely rare, especially if the management port cannot be touched from any o
Re: (Score:2)
Actually router/firewall + fileserver makes perfect sense in home setting.
Becasue no home users have any valuable data... By the way, can I get your router IP address please?
Re: (Score:3)
Sure. No problem.
It's 10.7.7.34
and when BSD moves to systemd... (Score:2, Insightful)
I'm not sure why all you systemd haters feel the need to say "If I wanted Windows, I'd run Windows". I don't know the technical details, but I assume systemd as a Linux init system is nothing like Windows - except maybe for the fact that it's not based on a bunch of shell scripts. If you're a Linux fan, I'd be surprised if the only reason you like Linux is it's script-based init system.
Anyway, I assume the various distros that are switching to systemd are doing it for a reason - and that reason isn't to m
Re: (Score:2)
...what makes you think the maintainers of BSD aren't going to run into the same walls that the systemd approach circumvents?...
If they do (and that's a big if, as I'm not convinced they will), then I would expect the BSD maintainers to arrive at a better solution.
BSD not likely to go systemd (Score:4, Interesting)
Re: (Score:2)
Err, BSD has never been SysV. BSD vs SysV was the last init system holy war.
Re: (Score:3)
Jordan Hubbard, you know, that guy that has a little influence in the FreeBSD project, seems to think that systemd is a pretty good idea [youtube.com] (Slideshare transcript) [slideshare.net].
Re:and when BSD moves to systemd... (Score:5, Informative)
The comparison to Windows NT is because systemd insists on binary logs, takes over vast chunks of functionality that it has no business touching, and makes it basically impossible to debug problems. It makes the experience of administering the server much more like administering Windows than administering Linux should be.
Re: (Score:2)
Re:and when BSD moves to systemd... (Score:5, Informative)
systemd insists on binary logs
My understanding is that SystemD makes binary logs for its own purposes, and that the binary features include indexes so it can very quickly answer queries like "what were the last ten things logged by Apache?"
However, SystemD permits continuing to run a time-tested conventional log daemon. The current recommended way to get network logging is to run rsyslog.
Some hard-core SystemD haters are still not happy, because the log events flow through SystemD on their way to the conventional log daemon.[1]
takes over vast chunks of functionality that it has no business touching
I'm not certain this really is the case. SystemD is a collection of services, and each one has a specific area of concern. The actual technical analyses I have read suggest that the basic design of SystemD is sound, and that it is doing things that people want to be done. For example, SystemD allows the graphics system (X.org) to run as a non-root user.
One criticism of SystemD that may have some validity: that the only documentation is whatever the source code contains this week. SystemD is being developed at a rapid pace and documentation may be suffering. This is one reason I am glad for projects like UselessD... they will force the SystemD interface to settle down a bit and be documented a bit better.
But I'll say it again: from what I have read (in technical analyses) the basic design of SystemD seems to be sound. The Debian technical committee that evaluated the situation concluded that SystemD was the best choice for Debian. (Then the politics blew up but that's another story.) Do you think that the Debian technical committee spent months evaluating SystemD and were just wrong about it? (That's not to say that SystemD is perfect. But something can be imperfect and still be the best choice for the future.)
makes it basically impossible to debug problems
I will not comment on this because I have no experience with SystemD yet. I have seen comments like this multiple times.
Perhaps, even if SystemD is the future, it should be adopted slowly and carefully in the present. Debian "jessie" has SystemD as optional which seems like a very good thing to me.
[1] I think that's probably an overreaction... if Red Hat can't get SystemD to reliably pass through log events, that would imply a level of brokenness that would preclude the widespread adoption that seems to be taking place.
because 'tail /var/log/httpd/error_log' was hard (Score:2, Troll)
> My understanding is that SystemD makes binary logs for its own purposes, and that the binary features include indexes so it can very quickly answer queries like "what were the last ten things logged by Apache?"
Oh okay, this huge monstrosity is worth it if it does things like make it easy to see the last ten log entries from Apache. Because for the last 35 years we've never been able to do:
tail /var/log/httpd/error_log
Lennart would add a hundred thousand extra lines of code before thinking about "tail"
grep '[3-6]:[0-9][0-9]' (Score:3)
Finding 3:00 to 6:DD in ANY file or device, not just a specific type of log:
grep '[3-6]:[0-9][0-9]
Note we've been doing it that way since the late seventies, so there's nothing for the sysadmins to learn. All files, disks, etc are searched with the same command, and the same one you've always used, on any *nix.
Re: (Score:3, Insightful)
Only if you're an idiot who can only point and click gui buttons and whose solution to any problem is to reboot.
Re: (Score:3)
I find it hard to imagine a scenario where you will have access to the file on disk but lack access to a program to unpack the log files. Sure, such a scenario can be concocted to prove a point; however, in the real world, you are going to be able to unpack the binary logs.
If your imagination is that weak, you have no business doing server postmortems. Sadly, the systemd devs' imaginations are, apparently, no better than yours.
Re: (Score:2)
In April 2014, Linus Torvalds expressed reservations about the attitude of a key systemd developer towards users and bug reports. In late April 2014, a campaign to boycott systemd was launched, with a website listing various reasons against its adoption.
In an August 2014 article published in InfoWorld, Paul Venezia wrote about the systemd controversy, and attributed the controversy to violation of the Unix philosophy, and to "enormous egos who firmly believe they can do no wrong." The article also characterizes the architecture of systemd as more similar to that of svchost.exe, a critical system component in Microsoft Windows with a broad functional scope.
Just seems like classic "compare any software I dislike to Windows" kind of stuff, but I'd love to hear from someone who is more familiar with it.
systemd == Windows? (Score:5, Insightful)
IMO the comparison comes about because the philosophies of the two (systemd and windows) are more related to one another than they are to Unix. Unix favors a collection of interacting tools that each do something (ideally, doing that something well). Windows is a giant monolithic shroud covering a multitude of interacting moving parts that you can't see, touch, or understand unless you spend the necessary years becoming an insider. Systemd seems to be leaning in that direction, hence the comparison. It's a big collection of "stuff" that refuses to be broken up into component functional bits.
It certainly doesn't help that the systemd authors seem to think so highly of themselves, that I feel no need to add to their aggrandizement by thinking highly of them myself.
Re: (Score:2)
Re: (Score:2)
> So is this all just people acting on some philosophical principle, rather than picking the best tool to complete the job they want?
The UNIX philosophy leads to the best tool for the job.
> what the hell is the difference between one big black box versus 20 smaller ones?
The 20 smaller ones are much easier to maintain, and update. Also the 20 smaller ones make for a more versatile user experience.
Re: (Score:3)
So is this all just people acting on some philosophical principle, rather than picking the best tool to complete the job they want?
No. That's just how it's presented to minimize the functional shortcomings and design flaws on which many people, myself included, base the decision not to use systemd for practical reasons.
e.g.
* It's in "rapid development.": Presumably, this is thrown out by proponents to counter that the crufty old init systems are stagnant and old. To anyone responsible for maintaining production servers, this is likely a huge red flag. It's not for dramatic reasons that the "rapid development" version of Debian is calle
Re:and when BSD moves to systemd... (Score:4, Insightful)
>> If you're a Linux fan, I'd be surprised if the only reason you like Linux is it's script-based init system.
For me at least, its not the only reason but its certainly one of the big benefits. I like being able to non-ambiguously see and control exactly what is really going on, and to even be able to run those scripts individually in a sandbox if I want.
I also really like plaintext system log files, having to now use some commandline tool to continually create them first is nothing but a giant pain in the ass.
For me at least, Systemd takes a lot of simplicity and usability away, with nothing even close to a correspondingly sized gain in other benefits.
Re: (Score:2)
If you want simplicity then systemd is exactly what you're looking for. Take a look at just about any .service file. It's miles easier to read an understand than the corresponding LSB init script.
Re: (Score:2)
systemd doesn't reduce complexity, all it does is hide it away where you can't see it anymore (even if you need to).
Re: (Score:2)
Here's the source code. Just go and have a look.
http://cgit.freedesktop.org/sy... [freedesktop.org]
So it's C instead of shell, the same programming language that probably most of the software you're running is written in anyway.
Re: (Score:2)
I'm not sure why all you systemd haters feel the need to say "If I wanted Windows, I'd run Windows". I don't know the technical details...
"Well, there is your problem." :) So, some reasons people think it in Windows like. Binary logs. Monolitic code base. Absorbing other functions and projects. (Like putting NAT in init? Really?) Top down design decisions.
I think that last one is the big one. Early on in development, some people raised some concerns. They were told "Your Wrong! "Trust us!" and "You are just afraid of change." That combined with the fact that the lead's last project, Pulse Audio, was a nightmare for a very long time
Re:and when BSD moves to systemd... (Score:5, Informative)
Below is a great explanation as to why systemd is like windows.
From "SystemD Abomination"
Subject Vested interest in control. RedHat and SystemD
Date Mon, 17 Nov 2014 04:40:08 +0100
by beaverdownunder:
It should be obvious to anyone that RedHat has a vested interest in making the vast majority of Linux distributions dependent on technology it controls. Linux is its bread-and-butter.
It appears RedHat has realised that, through systemd, it can readily provide preferential support for its own projects, and place roadblocks up for projects it does not control, thus extending its influence broadly and quickly. By using tenuous dependencies amongst its own projects it can speed adoption even faster.
Once it has significant influence, and the maintainers of competing projects have drifted away either out of frustration or because they are starved of oxygen, RedHat knows that they can effectively take Linux closed-source by restricting access to documentation and fighting changes that are not in their own best interests.
At this point, they can market themselves as the only rational choice for corporate Linux support -- and this would be perfectly reasonable because they would have effective control of the ecosystem.
Linux (as in a full OS implementation) is an extremely complex beast and you can't just "fork it" and start your own 'distro' from scratch anymore -- you would have to leverage a small army to do it, then keep that army to maintain it. It's just not practical.
At the same time, Linux has matured to the point of attaining some measure of corporate credibility, and from RedHat's point of view, it no longer needs its 'open source' roots to remain viable. RedHat also, understandably, fears potential competition.
Through systemd and subsequent takeovers of other ecosystem components, RedHat can leverage its own position while stifling potential competition -- this is a best-case scenario for any corporation. It will have an advantage in the marketplace, potential customers will recognize that advantage, and buy its products and support contracts.
I hope you can understand why many see this as an extremely compelling case. Arguing that RedHat has 'ethics' and would 'never do such a thing' is immature and silly -- RedHat is a corporation, it exists to profit from its opportunities, just like any other company. To attempt to argue that it would not do so is contrary to what we can assume is its default state.
It's no 'conspiracy theory' to assume that a corporation will behave like a corporation; arguing that it is just makes one look like a naive child. systemd is one large step toward RedHat gaining the ability to reap what it has sewn -- for its benefit and not necessarily ours.
Any BSD is good (Score:2)
Ignore the idiots who are dismissive. Just because someone is highly technical in one area doesn't mean there's something wrong if they're not very technical in others.
I personally use NetBSD because I use different hardware in different places for NAT / IPv6 routing / DNS / all that. In homes I use a PogoPlug or Seagate Dockstar with a USB flash or SD card and a USB-ethernet and / or USB-wireless. In businesses I use amd64, sparc64 and powerpc systems. NetBSD uses the same configurations regardless of the
OpenBSD (Score:4, Insightful)
OpenBSD. Feel free to look at the others, just don't get distracted by shiny bells & whistles and GUIs and the like.
OpenBSD does what you want and does it very well.
Re: (Score:3)
Alpine linux? (Score:3)
Re: Good documentation (Score:3, Informative)
Peter N. M. Hansteen's PF tutorial and books are recommended reads, Peter remains involved with the developers and the information stays relevant and useful. He also ensures that readers using other BSD systems, especially with older versions of pf, can learn just as much from it.
* The Book of PF, 3rd Edition, 2014 - ISBN: 978-1593275891
* http://home.nuug.no/~peter/pf/ [home.nuug.no]
Michael W Lucas is another author that writes books for both the BSD and sysadmin communities, similarly, he works closely with developers and users to release these short, yet all-encompassing tomes of information, covering a wide variety of topics.
https://www.michaelwlucas.com/... [michaelwlucas.com]
* Absolute OpenBSD, 2nd Edition, 2013 - ISBN: 978-1593274764
* SSH Mastery, 2012 - ISBN: 978-1470069711
* Sudo Master, 2013 - ISBN: 978-1493626205
And of course, official documentation is great. The effort of many people working to improve, Jason McIntyre improving readability and overall quality, Ingo Schwarze's amazing work on mandoc(1) tools. OpenBSD's FAQ, which is usually the first step people take to learn more about the system, is maintained by Nick Holland.
http://www.openbsd.org/faq/ [openbsd.org]
http://www.openbsd.org/cgi-bin... [openbsd.org]
Why not outside the box? (Score:2)
Picking AROS [sourceforge.net] or Minix 3 [minix3.org].
There is also RouterOS [mikrotik.com]?
Just realize that whatever you do you will suffer some disadvantage.
Why don't you like systemd? (Score:3, Funny)
Frankly, I love it when I am forced to take a 5 minute coffee break when I can't CTRL+C out of my misconfigured network card. This is a delicious way to start the day.
Article is wrong... (Score:4, Funny)
The article should say: I used to write Linux kernel drivers and hate the direction systemd is taking it. Please support me by clicking on my rant and joining me in installing BSD on your router.
Seriously, I'm barely familiar with Linux as I'm just an end user, and I know well enough that I don't need an ask slashdot to figure out which OS I can put on a router which doesn't include systemd.
A few answers from the original AC (Score:5, Informative)
I'm the original AC who asked the question. Or someone pretending to be him, you have no way of knowing.
1. Not trusting systemd.
Because it can't be troubleshooted if all you have is something to read text files with. When all you have is a single user shell, for example. Or you've put the hard drive in a different system, which is whatever you had on hand and could even be Windows with an ext3 plugin.
Because it comes from the author of PulseAudio, who is world renowned for the stability of his products. And low CPU consumption, when they work.
Because it contradicts the Unix philosophy of having a lot of little utilities that each do one thing. It may not be a big deal for a full time sysadmin, but if your main job isn't that it's a lot easier to just read about the small parts that interest you and disable the rest.
2. If he can write Linux kernel drivers, why does he need to ask Slashdot, or why doesn't he google it?
Because I don't know anything about BSD, and I'm not looking for "learn BSD in 10 easy mouse clicks". Although the signal to noise ratio on here sometimes approaches zero, there is the occasional informed opinion, and with a bit of luck, there will be some pointer to some actual pertinent information.
3. Use pfSense
If i use pfSense I won't learn anything. I've installed it before, it took about zero BSD knowledge. Also, I want the file serving part, see 4.
4. Move your Samba server to another machine for security reasons.
The router doesn't have any important files on it. It has the usual torrents, and it runs a private http server. I update the http server's pages through samba because it's the most convenient. It's not worth running this on a separate machine as there's nothing on there that I can't afford to lose. The real data is on other machines, and backed up properly.
Looking forward to the next batch of flame posts now :)
Re: (Score:2, Informative)
Because it can't be troubleshooted if all you have is something to read text files with. When all you have is a single user shell, for example. Or you've put the hard drive in a different system, which is whatever you had on hand and could even be Windows with an ext3 plugin.
Why would less work in single user mode but not journalctl? And nothing stops you or anyone else from writing a journal reader for Windows. The on-disk file format is not a secret.
Because it comes from the author of PulseAudio, who is world renowned for the stability of his products. And low CPU consumption, when they work.
PulseAudio runs on FreeBSD as well, just so you know.
Because it contradicts the Unix philosophy of having a lot of little utilities that each do one thing. It may not be a big deal for a full time sysadmin, but if your main job isn't that it's a lot easier to just read about the small parts that interest you and disable the rest.
systemctl disable $foo
And that's supposed to be easier just because $foo is implemented with a shell script instead of a .service file?
2. If he can write Linux kernel drivers, why does he need to ask Slashdot, or why doesn't he google it?
Because I don't know anything about BSD, and I'm not looking for "learn BSD in 10 easy mouse clicks". Although the signal to noise ratio on here sometimes approaches zero, there is the occasional informed opinion, and with a bit of luck, there will be some pointer to some actual pertinent information.
https://www.freebsd.org/doc/ha... [freebsd.org]
Recommended.
Re: (Score:2)
Text files take too long to read and have problems with things like rotation. By using its own format systemd can include meta data and indexing that allows the journal to be search faster and more precise.
Re: (Score:3)
So what software is available for reading systemd binary journal files on Windows? Saying "write your own" is a cop-out.
Plenty of applications for reading text files though. Notepad++ is my favourite. (I've even got it running in Linus using Wine!)
For systemd to truly replace existing init systems, it needs stand-alone journal-readers for other (non-systemd)
Re: (Score:2)
Because it contradicts the Unix philosophy of having a lot of little utilities that each do one thing
systemd is actually a lot of little utilities that each do one thing. If you don't know that, you're probably getting your information from biased sources.
Although the signal to noise ratio on here sometimes approaches zero, there is the occasional informed opinion
You're welcome.
FreeBSD - tutorial inside (Score:2)
Hi,
I've written a tutorial for installing freebsd on an encrypted root using a serial console. That should actually explain some things.
http://forums.smallnetbuilder.... [smallnetbuilder.com]
Otherwise:
Get an installer image:
https://www.freebsd.org/where.... [freebsd.org]
The release version is FreeBSD-10.1
try the memstick image /dev/sdX" will copy it to stick
a "cp FreeBSD.img
While you install:
don't install the package ports, you will get the freshest ones
through portsnap
Add an "admin" user make him member of group "wheel"
because that user can
FreeBSD (Score:2)
Without a doubt, FreeBSD is the best at these tasks. I have used it in the past and you can create a basic forwarding firewall with only a few lines of config. Add a dozen or so more for better control. I also ran BIND, isc-dhcpd, and a wifi access point. This would be a little tough under OpenBSD and NetBSD as they don't have quite the same range of wifi hardware supported out of the box.
FreeBSD has good package management and is very well documented. In many benchmarks, it is faster and scales better than
Is that really necessary? (Score:2)
My understanding (feel free to enlightenme if wrong) is that most distros still offer other init systems, they just aren't requiring package maintainers to suppor them. Thus.. things you want to use might become dependent on Systemd.
Also (as far as I know) Gnome is the only thing already doing this with KDE likely to follow soon.
I'm guessing (more speculative) that Systemd dependency is only likely to be an issue with big "desktopy" projects like this.
I hope that you are not running Gnome or KDE on your ro
OpenBSD & PF are your only sane choice (Score:3)
I have learned this the hard way so please take heed;
NB! most of the guides online have the syntax (order of wording) wrong for pf.conf included the beloved OBSD FAQ.
This is accurate and works on OBSD v5.6
99% of the online howto & guides will get your firewall almost working.
Use this as an example from my working pf.conf
You can spot the variables. Use 'LOG' for all of your entries and keep a "tcpdump -nettti em0 host 192.168.0.x" running while testing your setup.
Re: Uh. (Score:2, Insightful)
Experience usually leads to a realization that you don't know everything... Asking others is a good way to increase your available options from the few you are comfortable with to include ones you might not know exist.
Re:Uh. (Score:5, Funny)
He said he's written drivers. He didn't say they compiled or worked.
Re: (Score:2)
Re: (Score:2)
He said he's written drivers. He didn't say they compiled or worked.
So he was just puttering around?
Re: (Score:2)
Re:Uh. (Score:4, Informative)
I'm in a similar boat. I recently (a few months ago) migrated from Gentoo to FreeBSD.
The problem with systemd, and probably why so many people are running from it, is that it's not as simple as just not using systemd, or even not using a distro with systemd as a default.
A lot of packages are gaining direct or indirect dependencies on systemd, and it is becoming a huge pain to run a systemd free system. I found myself having to use portage's blacklist for the first time because simply specifying -systemd as a use flag wasn't enough. I also had to uninstall a bunch of packages and fix the associated breakage. I don't use gnome, but enough gnome packages ended up installed as dependencies of various things that it was a real headache. Slackware has straight up dropped gnome because it's too hard to have it without systemd. And of course you have systemd as an indirect requirement for gimp. Yes friends, when a graphics editing tool depends on a specific init system, it's time to get the hell out of there!
Systemd isn't the only factor, but it's certainly a major one and I think it's pushing a lot of people (like myself) who have kinda been disillusioned with Linux for some time over the edge. At some point mainstream adoption became the big goal, and this mindset where it was better to have a less flexible but easier to use system started destroying a lot of what drew us to Linux in the first place. Linux is basically morphing into a more open version of Windows for the sake of mass appeal, which may be great for humanity, but it's not why I got interested in Linux.
Re: (Score:3)
Or just run Ubuntu.. or maybe Windows?
This is a terrible argument and totally against everything that drove me to Linux in the first place. If I don't like the way something works, I can and am encouraged to roll my own. Systemd is the culmination of this new mindset of "lets all just standardize so it's more presentable to the masses and business". Projects are becoming their own little ecosystems rather than a set of useful utilities that can be used somewhat independently. Gnome is kind of the extreme ve
Re: (Score:3)
Too stupid to understand routing, but smart enough to write kernel code? Something doesn't add up here.
Can't you recognize click-bait when you see it?
Heaven knows slashdot needs click-bait, what with the crap they have been doing to their layout in the last 2 days. Right now it's utter crap on Safari 6.1*, but sometimes its good and other times it's worse. And sometimes its borked on Safari 8 and even IE 11. It's as if Dice has never heard of testing on a test system and not testing on production.
*And yes I am still there because of 32 EFI, and yes I know there are ways to get >Lion running on 32 bit E
In that case... (Score:2)
Netcraft confirms it, BSD is dead.
Re: (Score:2)
Oh geez, Safari? Not that I want to stick up for Dice-dot but come on! I might use Links to browse on occasion myself but at least I understand that when I do I am so far from the norm that I get what I get and I shouldn't expect webmasters to cater to me!
Next will be a horde of angry Arachne users!
Re: (Score:2)
Answer to #1: pfSense (http://www.pfsense.org/)
Answer to #2: pfSense (http://forum.pfsense.org/)
See, wasn't that easy?
Even though pfSense can act as a Samba server, I'd put the firewall and Samba server on separate hardware. The Alix or APU from PC Engines [pcengines.ch] board makes a nice low power firewall.
Re: (Score:3)
> You may have written linux kernel drivers before, but apparently you have never encountered this thing called Google?
Yes. Google. With all kinds of things tossed together both good and bad. Just because something is on Google, it doesn't mean you can trust it. The Internet is a great conduit for spreading nonsense.
Re:FreeBSD (Score:5, Informative)
Re: (Score:2)
TrueOS is just FreeBSD with some very minor additional utilities thrown in - and no support for x86 32 bit.
Re:FreeBSD (Score:5, Informative)
Re: (Score:2)
Doesn't trust it to not fail catastrophically, or not break when you update your system. Slashdot is full of horror stories where a supposedly stable distribution switched to systemd, and systems that have operated for a decade suddenly failed to boot right. It's still experimental-quality.
Re: (Score:2)
Okay, fine, I'm going by anecdotes. But did you seriously just argue based on "I haven't read the same comments as you, it so it must not be true"?