Linked by Thom Holwerda on Mon 24th Sep 2007 21:52 UTC, submitted by Oliver
PC-BSD "The PC-BSD team is pleased to announce the availability of PC-BSD 1.4 (da Vinci edition)! This release is made available via the efforts of many developers and testers, who have spent the past months refining and improving upon the core PC-BSD experience." This release comes with Xorg 7.2, KDE 3.5.7, Compiz-Fusion 0.5.2, support for Flash7, and much more. There are release notes, a changelog, and downloads.
Thread beginning with comment 274233
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[4]: The future of PC-BSD
by Doc Pain on Tue 25th Sep 2007 14:24 UTC in reply to "RE[3]: The future of PC-BSD"
Doc Pain
Member since:
2006-10-08

"From creators point of view per definition true otherwise they wouldn't create."

Creators of malware just use the functionality that exists on the assumed "customer" computers, along with the usual thinking habits of these "customers" which are predictable in an easy way.

"From the end users point of view nonsense, if your PC is infested with malignent activity so too speak and tries to infect other peoples PC's on the subnet the chance is great your internet connection is (temporarily ) cut off. That must make you as user more aware."

Where does such a cut-off occur? Usually, malware acts in the background as soon as it's activated (secretly or by a well designed communicational event).

One terrible habit is that ISPs deny transfering mail from client systems which have an own mail server running (mail server for sending mail out of the system by its default mail queue), even if masquerading is applied.

Example:

% dmesg | mail -s "This is my dmesg" bob@micros~1.com

Such messages won't be received, but returned. Instead, you have two options: a) use the SMTP server of your mail provider, and b) use the MX relay of your ISP (in this case you won't receive status messages about sending success in /var/log/maillog).

Okay, I went off topic. :-) This example should be to illustrate: The ISP wants to do something against spam (infected mail servers), so he cuts off all mail server functionality. But because infected systems use the user's standard SMTP access to send their mail, this means does not work.

"You don't want to know how many customers we had to shut off due to spamming. I know this because i used to work for a big ISP."

I'd like to know how many. Up to now, I didn't think ISPs do take actions against spammers. Still more than 90% of the mail crossing the Internet is spam. Why? There should be more such interventions.

"I'm curious to know where specific ( an example?) the difference between the user and admin is schrinking?"

The shrinking difference is obvious: Because more and more people run servers (intended or accidently) without knowing what they're doing in fact ("Oh, that's a shiny server with many options I can click!"), problems may increase. System administration requires knowledge, experience and, of course, time. Nearly every computer needs some kind of administration. Users don't administrate, they "just use". Things like automated updates do help here, but that's just half of the rent. Because people do install computers by theirselves, a solid OS as a basis is needed. To come back on topic, I think PC-BSD is such a system.

"Tell me who is 100% safe on the internet."

Everyone without Internet. :-)

"Hundred percent secure is an utopia. Security is a process with a awfull lot of facets. Even the most talented security practitioners can become the victim themselves. Thereis little you can do against a 0day and at the same time maintain a satisfiable amount of usability."

You're characterizing the situation well. It's a process, not a state. The more secure is a system by itself, the less opportunities it gives to potential attackers, the more safe a user environment is designed, the better. 100% security cannot be achieved in this way, that's true, but you can always do something to make the situation better - for you, and so for everyone connected to the Internet.

"Anxiety is good for the sales figures."

War is, too.

"About time vapourware is been brought more into the spotlight. Especially to expose the good,the bad and the ugly amongst security tools,practices,procedures."

The "Budenzauber" applications ("shiny firewall imitation") I mentioned on another topic. Good that most of this crap doesn't run on PC-BSD. :-)

Reply Parent Score: 3

RE[5]: The future of PC-BSD
by netpython on Tue 25th Sep 2007 14:40 in reply to "RE[4]: The future of PC-BSD"
netpython Member since:
2005-07-06

a solid OS as a basis is needed. To come back on topic, I think PC-BSD is such a system.

Good point. I also agree FreeBSD is a solid foundation to build on. Similar is debian in case of Ubuntu. Although a lot of work still has to be done.

The "Budenzauber" applications ("shiny firewall imitation") I mentioned on another topic. Good that most of this crap doesn't run on PC-BSD. :-)

To be frankly i think the firewall GUI in PCBSD is such a "budenzauber". I would like to see pf blocking all incoming connections by default. Yet tcp{22,445, 139} ports are open. I expected to see all ports to be filtered. Feel free to see it at http://bp3.blogger.com/_1x0XSMJrRwQ/RvjhHgmDLyI/AAAAAAAAAAg/597b1FT...

Reply Parent Score: 3

RE[6]: The future of PC-BSD
by Doc Pain on Tue 25th Sep 2007 15:32 in reply to "RE[5]: The future of PC-BSD"
Doc Pain Member since:
2006-10-08

"To be frankly i think the firewall GUI in PCBSD is such a "budenzauber". I would like to see pf blocking all incoming connections by default. Yet tcp{22,445, 139} ports are open. I expected to see all ports to be filtered. "

Filtered? No. Closed, please. There's a RFC (cannot remember which) that requires closed ports to reply with a RST packet if closed, or ACK if open, but replying nothing is not recommended. Instead, having all ports closed for incomming connections (sending RST on request) would be good. If someone needs (!) to enable a certain connection (e. g. to run a web server, a mail server or allow SSH connections), he should be smart enough to do it on his own. As far as I know, OpenBSD has all ports closed by default and needs enabling by the user afterwards, if intended.

SSH functionality enabled by default is not that bad because it cannot be used without knowledge of a valid user account (name + password). Port 139/tcp is "netbios-ssn" and 445/tcp is "microsoft-ds", what are these needed for? I wondered in PC-BSD versions prior to 1.4...

A frontend to form pf rulesets could be a good idea, allthough I'd like to mention that I've formed my few firewall rules many years ago and never needed to change them.

Reply Parent Score: 5

Flatland_Spider Member since:
2006-09-01

"Port 139/tcp is "netbios-ssn" and 445/tcp is "microsoft-ds", what are these needed for? I wondered in PC-BSD versions prior to 1.4... "

I'm sure you know, but just for completeness I'll add that they're used by Samba to connect to Windows shares.

Reply Parent Score: 1