-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 09/27/15 12:27, Adam wrote: > Asking this on the OpenBSD list gives it a tone: > > I have no background in IT security and operating systems other > than Windows (I hated it less than Ubuntu, actually). I have found > in the archives that in general you can recommend OpenBSD to anyone > without any background to start tinkering with. So, there might be > no benefit of a learning curve of FreeBSD --> OpenBSD, as I, may > have wrongly guessed?
I've been on the "OpenBSD unless some specific requirement trumps it" track for some years now, mainly because the system comes with sensible defaults (essentially everywhere else you will find some silly things that need to be turned off or tweaked in order to be useful) and things generally make sense, at least to this greying old hack. And when I've needed to improvise something from 'found object' equipment, I've found that OpenBSD is a very good starting point. You'll find various war stories on the net, one frequently referenced one is Michael Lucas' one (http://blather.michaelwlucas.com/archives/605 ). > What I'd like is a secure wireless router and a file server (for my > mobile devices in the first place, really). Many suggested the PC > Engines APU board here. Check. Can it handle both roles, router and > file server, or, is it a good idea to have one device for these 2 > roles in the first place? It would encounter very modest load on > both of its roles. The PCengines kit looks capable enough at least for the small scale of a number of things, but your specification is really open ended. How much space does that file server need to offer? How much physical space is the equipment allowed to fill up? At this point, the FreeBSD camp would point out that they have ZFS for infinite flexibility in building multi-terabyte storage pools, while the OpenBSD side has mainly FFS2 and softraid, and possibly a ported HAMMER on the horizon at some point. That said, both modern SSDs and multi-terabyte spinning platters are handled quite well, thank you, by FFS2 on OpenBSD. I've done enough work with both OpenBSD and FreeBSD as routers for wireless networks that I've seen that yes, they will work, but support for the newer-flavor protocols such as ac just isn't there yet, and setting up with a separate wireless access point is likely to get you better performance. Using the OpenBSD box as the router, firewall, DHCP server and so forth has left me saner at least, but actually getting a link for wireless equipment is likely better handled by special-purpose hardware. As to the question of splitting file server duties out to a separate box, I'm pretty sure any modern hardware will be able to perform both routing and file serving duties at the same time, unless of course your use case is somehow extremely demanding. I'd say the more relevant concern would be security - your router is likely more or less in direct contact with the big bad internet of shady characters and misconfigured equipment, and you need to consider the possibility that 'they' manage to compromise your internet-facing device. If that device is not the one that holds files that you care about one way or the other (as in, you more likely than not made a backup of your config files, right?), 'they' would need to repeat their success at the separate file server in order to get at your data. There are a number of ways to limit the available attack surface using the tools in the base system such as ssh, pf and various others you've heard about . > I have no intention whatsoever to run any x86/amd64 desktop > software on NIX in the post-PC world (in the desktop space, > really). > > It would also be an interesting side-note on how do you see the > future of (NIX on) desktop PCs (already a dead market as and old > post here suggested), or embedded/ARM mobile devices and NIX, > perhaps other than iOS/Android derivatives of the latter. Hm. I'm typing this on a 2014-vintage Clevo laptop running OpenBSD (a recent amd64 snapshot), and I've only used not-unix software on desktops and laptops when forced to do so during the last ten or more years. It's quite possible that we're entering the post-desktop age, but do keep in mind that at the moment, the majority of the touchscreen devices such as phones and tablets run a unixish system underneath the designed-for-one-finger interface. And for my own part, getting any real work done requires a unix, whick in my case tends to be OpenBSD unless something specific to the occasion trips me up. - - Peter - -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds. iQIcBAEBAgAGBQJWB+K4AAoJELJiGF9h4DyeNlkP/Rt0cdP8hRWZAhLZkZ6CeB87 fk2UbA7bK6ToEqtQ6y+UdJEBVuqLtajvWvHeNRnLjf5reg0GKg7TxUvcyW3IlTk7 mNsd9h1ZK/xAdVmA6IfdLiSkrFn/wHEem/zU6ZdJ08eueaV+c/R1VVSaO7MiIX9v Mf4Phemhmrda6jnel1CByI6LSymLJOpHBTmx/5pgHXoxEXdW2lCOg2QSLxL9wctv mRjhXTWGbDuQno9EITkWYrvtIUAn79emr0u2xuvkGWH+MtfEoz0qvK629AeIAVdt UU1mbHPIW+uYs1wF5o3Mirv2zdm9Eyj591UZL/ENKlsE/6Vc3TSQBN6iVGcUyKNr 9AC3hhCzHz+HSvkqGG3jdGXJYeBG/NMPcTP/98Sh/p3iJP3jpdiLlG+OuklD5MlB e9D/fQ+LursodGQySWAaIc5lCxirXTUQVjsfV5TJQ4jlGcklV0rYfA3CfteqpOhj kD5qLZdIl51Q5yNFwyFh/z86NGYYQP+UfCR6DWrLednVD3ek189eP7aUugc0VoYJ lS/T86IzVFRGt357Fji/Xc1p5K4TahG0mop0Z4arT70gSPzAp6ukrk+lfsFBIdYV GIXLAKctzA9ImrgI8Am0Te9AH6P4i1ZdHYu+i+ozESZwWYLK6blGYUIDUTPhnkxf vS3ae7Rb2k6rW7qQ/Uxi =V0Or -----END PGP SIGNATURE-----