Re: [GTALUG] interesting article on FreeBSD kernel almost getty dangerous code

2021-03-29 Thread Anthony de Boer via talk
Lennart Sorensen via talk wrote: > On Mon, Mar 29, 2021 at 04:10:38PM -0400, Peter King via talk wrote: > > OpenBSD is still thriving, and they carefully audit all their code before > > incorporating it, as well as have ongoing rolling security audits. They > > may be too extreme in their focus,

Re: [GTALUG] interesting article on FreeBSD kernel almost getty dangerous code

2021-03-29 Thread Dave Collier-Brown via talk
On 2021-03-29 3:31 p.m., Lennart Sorensen via talk wrote: On Mon, Mar 29, 2021 at 02:21:06PM -0400, James Knott via talk wrote: When I started using pfsense, about 5 years ago, I was surprised it was using FreeBSD and not Linux.  I also found BSD to be a bit crude, compared to Linux.  The only

Re: [GTALUG] interesting article on FreeBSD kernel almost getty dangerous code

2021-03-29 Thread D. Hugh Redelmeier via talk
| From: Peter King via talk | OpenBSD is still thriving, and they carefully audit all their code before | incorporating it, as well as have ongoing rolling security audits. They | may be too extreme in their focus, but that's another issue. That's what they claim. And it's probably true. But

Re: [GTALUG] interesting article on FreeBSD kernel almost getty dangerous code

2021-03-29 Thread Lennart Sorensen via talk
On Mon, Mar 29, 2021 at 04:10:38PM -0400, Peter King via talk wrote: > OpenBSD is still thriving, and they carefully audit all their code before > incorporating it, as well as have ongoing rolling security audits. They > may be too extreme in their focus, but that's another issue. Oh OpenBSD

Re: [GTALUG] interesting article on FreeBSD kernel almost getty dangerous code

2021-03-29 Thread Peter King via talk
On Mon, Mar 29, 2021 at 02:08:35PM -0400, Lennart Sorensen via talk wrote: > I think a more correct lesson is: FreeBSD has so few people involved > (and their processes for comming don't require review) that things don't > get checked in many cases. I certainly don't get the impression that >

Re: [GTALUG] interesting article on FreeBSD kernel almost getty dangerous code

2021-03-29 Thread James Knott via talk
On 2021-03-29 3:59 p.m., Scott Allen wrote: On Mon, 29 Mar 2021 at 15:40, James Knott via talk wrote: While I haven't used it much, OpenWRT isn't in the same class as pfsense. From what I found with a quick web search, it looks like DHCPv6-PD can be handled by wide-dhcpv6, maybe along with

Re: [GTALUG] interesting article on FreeBSD kernel almost getty dangerous code

2021-03-29 Thread Scott Allen via talk
On Mon, 29 Mar 2021 at 15:40, James Knott via talk wrote: > While I haven't used it much, OpenWRT isn't in the same class as > pfsense. From what I found with a quick web search, it looks like DHCPv6-PD can be handled by wide-dhcpv6, maybe along with dnsmasq, so any distribution supporting these

Re: [GTALUG] interesting article on FreeBSD kernel almost getty dangerous code

2021-03-29 Thread James Knott via talk
On 2021-03-29 3:31 p.m., Lennart Sorensen wrote: OpenWRT seems to handle it fine, whatever program they are using on linux. While I haven't used it much, OpenWRT isn't in the same class as pfsense.  In terms of function, it's closer to Cisco.  However, according to a book I read a while ago,

Re: [GTALUG] interesting article on FreeBSD kernel almost getty dangerous code

2021-03-29 Thread Lennart Sorensen via talk
On Mon, Mar 29, 2021 at 02:21:06PM -0400, James Knott via talk wrote: > When I started using pfsense, about 5 years ago, I was surprised it was > using FreeBSD and not Linux.  I also found BSD to be a bit crude, compared > to Linux.  The only reason I stopped using SUSE for my firewall was it >

Re: [GTALUG] interesting article on FreeBSD kernel almost getty dangerous code

2021-03-29 Thread James Knott via talk
On 2021-03-29 2:08 p.m., Lennart Sorensen via talk wrote: I think a more correct lesson is: FreeBSD has so few people involved (and their processes for comming don't require review) that things don't get checked in many cases. I certainly don't get the impression that there is much activity or

Re: [GTALUG] interesting article on FreeBSD kernel almost getty dangerous code

2021-03-29 Thread Lennart Sorensen via talk
On Sun, Mar 28, 2021 at 02:47:46PM -0400, D. Hugh Redelmeier via talk wrote: > > > Summary: a WireGuard port to FreeBSD was sponsored by Northgate (pfSense > company). The port was

Re: [GTALUG] interesting article on FreeBSD kernel almost getty dangerous code

2021-03-28 Thread James Knott via talk
Netgate did pay the programmer.  Also, my understanding is that many open source developers do the work while being paid by their employer to do it. On 2021-03-28 4:39 p.m., William Park via talk wrote: Solution: pay the testers and programmers. On 3/28/21 2:47 PM, D. Hugh Redelmeier via

Re: [GTALUG] interesting article on FreeBSD kernel almost getty dangerous code

2021-03-28 Thread William Park via talk
Solution:  pay the testers and programmers. On 3/28/21 2:47 PM, D. Hugh Redelmeier via talk wrote: Summary: a WireGuard port to FreeBSD was sponsored by Northgate (pfSense

[GTALUG] interesting article on FreeBSD kernel almost getty dangerous code

2021-03-28 Thread D. Hugh Redelmeier via talk
Summary: a WireGuard port to FreeBSD was sponsored by Northgate (pfSense company). The port was of poor quality and dangerously so. Nobody caught it until after pfSense was