Real men don't attack straw men

Richard Stallman wrote:
>
> I appreciate the work that OpenBSD has done in this area.
> It is an important contribution to our community.
>
Curious that it should take this long to obtain that admission from you.
Lies and insults are a strange way of showing appreciation.

Karthik Kumar No. It is about whose information is worthless.

On Jan 6, 2008 1:39 PM, Richard Stallman <rms@...> wrote:
A bad effect is that people still use non-free systems. They should
stop relying on that.

> The part of the practical effect that is negative is something we
> cannot prevent.  If we were to delete the Windows support from Emacs
> or GCC, that would not stop people from running Emacs or GCC on
> Windows.  The sort of people that would choose an operating system on
> this basis could easily maintain and redistribute such code.
>

No, but it would encourage people to being more BSD or GNU/Linux like.

> The other issue is the message we convey.  That is something we can
> control, but it also shows the difference between these two cases.
> Providing a recipe to install a non-free program is very direct and
> clear support for its use.  Making your free program work with
> something non-free if that's already installed is not such a direct
> message of support.  It makes sense to treat the two cases
> differently.
>
>

I see no difference in both cases. When the ideal is the same.
Encourage only free software.


--
Karthik
http://guilt.bafsoft.net

Karthik Kumar wrote:
> >
> No. It is a reply to someone who said it was not the money.
>
about the money??? --- what money?

There is no money involeved with the "free registrations"

Or is the free registration, and the desire to avoid such,
somehow about the money that desn't exist?
that desn't change hands?

On Jan 5, 2008, at 11:54 PM, Karthik Kumar wrote:
>
> openvpn 2.0.x is in the ports: not by default. PF is not enabled by  
> default.

Deliberately ignoring the point doesn't make it any less relevant.

On Sat, Jan 05, 2008 at 09:58:47PM +0530, Karthik Kumar wrote:
| > On another hand we are not GNU/GPL and we don't mind our users installing
| > non free software if it is what they want. The FAQ is where this needs to
| > be documented for users to get their job done faster.
| >
|
| If you don't mind users using non-free software, you shouldn't be
| putting the 'Free. ' in 'Free. Functional. Secure.'; You shouldn't be
| fighting those blob vendors and call them nasty names; Rather,

You really have no clue about what the portstree and the packages do
in OpenBSD, do you ?

OpenBSD is Free, Functional and Secure. This is not required from
software you install from packages or via the ports tree. It's the OS
that is free. Try to understand : all of OpenBSD is Free. Everything.
Nothing in OpenBSD is not free (barring bugs, but I believe those have
been eradicated by now). The kernel is free, binaries and manpages are
free, the ports tree is free, software used to install packages
(pkg_add) is free, free free free. You can get them at no extra charge
(apart from you internet connection fee + storage cost etc.) so the OS
is free as in "gratis" or "without charge". You can look at the source
of the kernel, binaries, manpages, portstree, pkg_add and change them
to your liking so the OS is free as in "freedom" : you have the
freedom to use and change it as you like.

OpenBSD got to be free because it fights blob vendors and calls them
nasty names. This keeps the OS Free (no restricting your freedom) and
Functional (it actually works on the hardware) and Secure (no blobs
running on your CPU/in your kernel that may do whatever).

And another cool part : OpenBSD does not restrict you (aka, gives you
the freedom) in what software you wish to install and run on your
system, be it free or non-free. That's another point for the
'free' part : freedom to install non-free software (if you chose to do
so) (also, it's another point for the 'functional' part, but that goes
without saying).  

You may consider running non-free software stupid / dumb / silly.
Sure, fine. I would (in general) consider doing an 'sudo rm -rf /'
stupid / dump / silly, but OpenBSD lets you do it.

Nowhere is it written that the Free operating system OpenBSD wants its
users to only run Free software. It is written, however, that OpenBSD
*ITSELF* wants to be free. Free for all to use and re-use as they see
fit.

| probably document how to use such drivers and firmware 'faster'. Then
| you shouldn't be making a claim that 'OpenBSD supports openness'. If
| you can manipulate your reasons for making this ethical, you shouldn't
| be calling others names. And you shouldn't bring back ethics' dead
| body around your neck.

No amount of word twisting is going to change the facts here. OpenBSD
is FREE. Here's a challenge : Go to the cvs repository of OpenBSD (it's
at http://www.openbsd.org/cgi-bin/cvsweb/src/ if you want a web
interface) and point out any one file that is not free. Keep in mind
that what is stored in that repository is OpenBSD (other, non-free
software that you can install on OpenBSD is *NOT* OpenBSD). Until you
find such a file, please refrain from your silly remarks about OpenBSD
being non-free or how ethics are involved : you obviously have no
clue.

| And the rest who do should avoid red herring arguments and accept what
| they are doing. In other words, they should say: 'I am wrong. I will
| fix the problem at my end. Your turn now.' I don't see anybody doing
| it. Don't you see how you're not doing anything but complaining? It
| doesn't make this any different.

So, in closing : You are wrong, please fix the problem at your end,
it's our turn now.

Paul 'WEiRD' de Weerd

--
>++++++++[<++++++++++>-]<+++++++.>+++[<------>-]<.>+++[<+
+++++++++++>-]<.>++[<------------>-]<+.--------------.[-]
                 http://www.weirdnet.nl/                 

2008/1/6, Karthik Kumar <karthikkumar@...>:
> down your name and address for contact details or whatever. I don't
> see why a registration form must be non-free here.
>
>

Well like... is it not that freedom number 3 or something as defined
by fsf say something like freedom to to distribute to your neighbours,
e.g. include such stuff in your OS and share the whole thing with your
neighbour?

--
Please avoid sending me Word or PowerPoint attachments.
See http://www.gnu.org/philosophy/no-word-attachments.html
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0

On Jan 6, 2008, at 1:28 AM, Karthik Kumar wrote:

>>
>> Deliberately ignoring the point doesn't make it any less relevant.
>>
>
> I am saying that the secure by default doesn't hold because lots of
> people use ports.

Most people do. Extending your UNIX system to make it work as you want  
is a basic, and natural, extension of using it.

> I use ports for mplayer, xmms, xfce, fluxbox, firefox, evince,
> openvpn, dante, flex, bison, gmake, squid, thttpd and php.
>
> The issue here is flashplayer is in the ports; People are told how to
> use it and install it on their OpenBSD system. So people do turn an
> otherwise secure OpenBSD system into one that is not: It doesn't make
> it "secure by use". I was not ignoring your point;

No, the issue was "non-free software is installed by default." You're  
now trying to backtrack on the point I was making: default install, by  
turning off most services, has had fewer remote exploits than any  
other OS out there. I run OpenVPN. Outside of it, LZO, and pftop,  
there is nothing else that's not "default" on the system. PF is  
installed by default, but not turned on. Big deal on it not being  
turned on, it's THERE. If you don't do some level of post install  
configuration, you have a useless hunk of hardware.

Adding in a layer of complexity by installing a any "non-default  
software" is an admittedly hazardous choice. But, risk mitigation (via  
randomizing mmap, pro-police being standard, keeping sockets turned  
off, privsep daemons, etc), is a very valuable system, and not one  
used often in other BSDs, let alone other UNIXen. It's hard to do  
right, hard to implement, and costly to maintain.

    ReactOS is a free software operative system with a support database
    that indicates which programs it can run.

    If I understand you weird meaninig of promotion, then you'll find this
    "a bad thing" too, right?

Yes.  Thank you for showing me those specific problems.
I will discuss them with the developers of ReactOS.

    What is an operating system? An OS could be considered an "application",

You could consider an OS an "application", and you could consider
hardware software, just as you could consider the Earth a pumpkin.  My
response is that you're starting from assumptions I find questionable,
so I don't accept the conclusions.

    "Run GNOME in a **VMWare Player** in a Linux virtual machine."

    Or:

    "Run GNOME on a virtual machine using QEMU on Linux or **Parallels**
    for **Mac** or Linux."

    promoting the use of non-free software?

This is a case of running a free program on non-free platforms.
Nonetheless, I think it is more of a problem than running on Windows,
because those non-free platforms are optional add-ons to the system.

Thanks for telling me about this.  I have not visited this site
myself:

    http://torrent.gnome.org/

Would you be so kind as to tell me the precise URLs where you
found those quotes?  If not, I will look for someone else who
will do that for me.

    I don't think OpenBSD users understand what you mean by "recommend
    non-free software",

I explained it earlier in this thread.

                        so if you could, please, give an example by
    showing where OpenBSD (web-site?) says that it recommend non-free
    software and the URL.

In OpenBSD the recommendation for certain non-free programs
is in the recipes for installing them.

    > As I've said, I think it's acceptable for free applications to run on
    > non-free platforms (and say that they do), because this doesn't
    > recommend the installation of those non-free platforms.  But free
    > systems should not recommend, suggest, or offer to install non-free
    > apps.

    I hope you do realize how much this reminds us of _1984_ ?

Surely you jest.  When I decide what I will say, that is not censoring
you.

On Jan 6, 2008 12:52 PM, Karthik Kumar <karthikkumar@...> wrote:
>
> Secure by default. Ship with nothing and call it secure. Wow! Maybe it
> shouldn't start the network by default, huh? Then that's secure, isn't
> it? Start no daemons, start no shells: ZOMG!!! it's secure :P
>

So which all daemons should be started in your opinion?

Apache?
NTPD? ( you have an option for that during install )
named?
ftp-proxy?
or any other?

But some one else may have a different list :-(

And some one like me may want to use it as desktop and may not want to
start any of these daemons so it is just wasting my memory and
needlessly causing pain for a new user to find out what to stop and
how to stop them!!!!

> OpenBSD got pwned a year ago with another remote hole. I hope they
> find enough so they can stop bragging about 'Secure by default'.
>

It is said openly in the main page itself

http://www.openbsd.org/

"Only two remote holes in the default install, in more than 10 years!"

No hiding the truth, Which other OS can brag like that?
Please let us know!

Do you have any Idea about the auditing of code that takes place in
OpenBSD compared to other OSes? Do you know what is the difference
between the gcc in OpenBSD and others.

http://www.openbsd.org/papers/asiabsdcon07-development/mgp00006.html

Please read the full presentation to see how OpenBSD is a better OS as
a software development environment than others. And how free it is.

http://www.openbsd.org/papers/asiabsdcon07-development/mgp00006.html

And all the fault you could find in all these 10 years was one another
remote hole ( of a total of only two ) inorder to say that they are
inconsistent to their stand?

> Do you realize that many people just can not live with 'default'?
>

yes that is why you are given a website with FAQ, a mailing list like
this where developers take time to answer some times in a detailed way
on how to handle things.

One example is what I can never forget is How Daniel Hartmeir helped
me in detail with the tread shown below.

http://marc.info/?l=openbsd-pf&m=110690953100933&w=2

And that is also why you are told to read

#man man
and
#man afterboot

once you install.

Which OS installation does provide all the variety of their users the
luxury of start using it in any way they want without any
configuration after install?

Come on Don't be silly!!!

Well If you expect **spoon feeding** then go to

http://mailman.theapt.org/listinfo/openbsd-newbies

http://www.bsd-india.org/mailman/listinfo/bsd-india

http://www.bsdforums.org/

Thats where I got my spoon feedings from when I first started using it
from 3.4 or 3.5 in production.
For somebody new to BSD it is going to take some amount of reading and
experimentation and asking and learning but that is not just for
OpenBSD it is for any OS including Linux and MS Windows(es)


> Look: people do "use" OpenBSD for things other than plain old fvwm
> with xterm. And keeping security as a goal is not just for a stupid
> dubious marketing campaign.
>

Yes of course! not every one uses plain old fvwm with xterm.
Especially if it is a sever then they don't install the X*.tgz
packages at all!! so it does not matter what in in the X*.tgz sets. It
is irrelevent!!!
It is true they would need other software without X from the packages
if they are not explictly using OpenBSD as a firewall.

For a Desktop it is necessary to add more programs.
For example I use fvwm2 from packages.
The guy sitting next to me used flux box from packages and recently
changed to cwm.
A girl I know uses kde.
I think my brother some time uses gnome on OpenBSD.
Another one I know uses windowmaker.
Still another uses afterstep.
I have used them all and stuck to fvwm2 from packages

and all you need to install those new software is mentioned clearly
and precisely in the FAQ.

http://www.openbsd.org/faq/faq15.html

When you come to use anything new you should first read the manual to
get an Idea.
The FAQ was written by Nick Holland just for that.

Do you expect to install an OS and some how magically get all the
right daemons and programs you want to be started? Isn't that insane?

Now the OpenBSD team has even tried to improve the quality of some of
the other softwares as well by giving them bug reports and diffs which
were not accepted by them.

http://marc.info/?l=openbsd-misc&m=110026474109499&w=2

you know why they did not care about those fixes?
because then apache would not be compatible with Netware OS.

and there is a limit to going about auditing the code of all the
software in packages/ports when they don't have enough developers to
code and do the more ambitious things they would like to do in the
Base itself. But you still have a disciplined time frame for the next
release after every 6 months. Which other project can boast of that
kind of precise delivery ?

And still the Base distribution after install is free of holes for the
last 10 years except for 2.

Please read.


http://openbsd-osnew.blogspot.com/2007/08/bind-9-cache-poisoning-vulnerability.html

http://openbsd-os.blogspot.com/2005/11/examples-of-securing-software-much.html

What do you think is better for security?

1) Provide a base distribution with the minimum needed things to run
as a **complete Operating System** and allowing the users to add their
own fancy collection of software after finding out its consequences

OR

2) Start an array of daemons with the firewall also on/off and let the
guy figure out which are the un needed ones and try to stop them and
in the process stop some necessary ones and fiddle with the firewall
rules and make it more insecure?

I see that you are a programmer.
Why don't you quit talking and take some problem in any area of this
Operating system be it base or ports and submit diffs?

You were telling earlier that everyone here is bitching.
Now see you are the on who is bitching. That too beyond limits!

Count the no. of developers who contributed to this thread and you
will find that they were busy coding so that 4.3 will be a better OS
even more secure.

I know very little to code.
I am learning C and wrote my first "Hello World" program but now I am
afraid to compile it because according to RMS's standard I cannot use
GCC because it is not free ;-)

So you try the coding way rather than bitching unless you also feel
that RMS syndrome is keeping you from GCC. LOL!!!!!

Hope you will appreciate my advice :-)))))))))))))))

On Jan 6, 2008 1:05 PM, L <L@...> wrote: [...]

Hope I am one of the first ten - GNU is pure b u l l s h i t, and it
can't get worse than this. But yes, GNU has the magical power to
impress the newcomers' - I was one of them long time ago. The away you
move from GNU, as time progresses, the wiser you become.

-Amarendra

On Jan 6, 2008 1:13 PM, Karthik Kumar <karthikkumar@...> wrote:
>
> So registration form = non-free.
>

YES! Did you fill the form when you downloaded OpenBSD? NO!

>You failed to prove how it was not
> free.
>

NO! You failed to see how it was proved.
I will leave the home work to you.

>I asked if it required OpenBSD to pay money to a vendor, or the
> issue was about something else besides the money. I don't see the
> registration form being a problem here.
>

You are not the world.
So many others feel it is a real problem.



>Maybe they might simply take
> down your name and address for contact details or whatever.
>

MAYBE :-)))))))
So you yourself are not sure eh?

Maybe NOT!


>I don't
> see why a registration form must be non-free here.
>

You don't see many things that is why you keep posting silly stuff :-)

Richard Stallman wrote:
>     What is an operating system? An OS could be considered an "application",
>
> You could consider an OS an "application", and you could consider
> hardware software, just as you could consider the Earth a pumpkin.  My
> response is that you're starting from assumptions I find questionable,
> so I don't accept the conclusions.

Isn't that what you, Richard, do all the time here, starting from
assumptions?  Didn't you do that right from the start when you came
to our lists to post the wrong conclusions you draw from your
un-researched assumptions?

Richard

Why do you use (obviously flawed) research methods? Why are you replying on
everybody else to point these things you to you?
Why cant you just go to google like everybody else? Perhaps you would not
have so many mistakes or misunderstandings.

A while ago you also pointed out that people need about 8 hours sleep. I do
not know of one developer or any IT related person (save yourself) that
sleeps for 8 hours. Your comment was in reference to you not replying to
emails quickly enough. I just hope you realise how fast this IT world moves.

Pretty much everybody i know will check their email just before going to bed
and pretty just after they wake up. Why do you take so long then? Why are
you so disconnected from this computer world?

Perhaps you need to change your methods, unless you can point out why you
choose these methods over obviously far superior methods.

Regards
Dusty

On Jan 6, 2008 12:46 PM, Richard Stallman <rms@...> wrote:

>    ReactOS is a free software operative system with a support database
>    that indicates which programs it can run.
>
>    If I understand you weird meaninig of promotion, then you'll find this
>    "a bad thing" too, right?
>
> Yes.  Thank you for showing me those specific problems.
> I will discuss them with the developers of ReactOS.

On Sun, Jan 06, 2008 at 12:52:04PM +0530, Karthik Kumar wrote:
Unfortunately for you, OpenBSD ships with a lot of things that you don't
even have in a Linux minimal install, including a compiler and software
that runs the most common services such as ssh, http, smtp, pop3, ...

It does not start the daemons because it makes *NO SENSE* starting tons
of services just to have users figure out how to disable them. Let's
apply your reasonning to real life: when you go shopping at OpenBSD
Mall, you take a cart and chose what you put in it from what's in the
store. When you go to your own store, someone hands you a cart that's
already filled up with everything, and you need to put things you don't
want back to the storages.

Your reasonning is twisted, not to say idiotic.


> OpenBSD got pwned a year ago with another remote hole. I hope they
> find enough so they can stop bragging about 'Secure by default'.
>

This has been argued already hundreds of time...

> Do you realize that many people just can not live with 'default'?
> Look: people do "use" OpenBSD for things other than plain old fvwm
> with xterm. And keeping security as a goal is not just for a stupid
> dubious marketing campaign.
>

So ?
Because people install different things we should have all of it installed
and enabled by default ? You live in wonderland.

OpenBSD is secure by default, people who run it and install applications
that come from elsewhere need to only worry about the security of these
applications because we take care of worrying for our own. If we hit a
bug, they are made aware of it and it is likely that we will find a bug
in OpenBSD before they do as we actively search them.

Security may be a final goal, but the immediate goal is to fix things to
improve quality of the code. The side effect of this is less bugs and a
better quality. You obviously know nothing about programming.

--
Gilles Chehade

On Sun, Jan 06, 2008 at 05:47:11AM -0500, Richard Stallman wrote:
No, but when you redefine "free" to mean something specific, you redefine
your own language.  When you refuse to endorse some free OSes because
they allow proprietary software to be installed, you are walking a damn
fine line.