[ previous ] [ next ] [ threads ]
 From:  Peter Allgeyer <allgeyer at web dot de>
 To:  Manuel Kasper <mk at neon1 dot net>, Peter Curran <peter at closeconsultants dot com>
 Cc:  m0n0wall dash dev at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall-dev] RE: [m0n0wall] The future
 Date:  Wed, 12 Oct 2005 22:51:12 +0200
Hi Manuel, hi folks!

First let me say, that I'm no real fan of the OO approach in general.
There *are* possible benefits in using it, when it comes to GUI
programming, but not all apps are standing to benefit from OO. I can
imagine some things in m0n0wall where OO is useful: interfaces, objects
of hosts, networks and rules for example. In my opinion, PHP is able to
give us enough functionality for this.

Am Mittwoch, den 12.10.2005, 18:59 +0200 schrieb lola:
> to be honest, i like m0n0wall because it uses php! it makes changes to
> m0n0wall or the gui simple and easy. i think this is a great feature. i
> wouldnt give that up.
There's almost nothing I can add to this opinion.

Am Mittwoch, den 12.10.2005, 18:41 +0100 schrieb Peter Curran:
> 3.  Can I offer Python as a possibility?  It is naturally OO (literally the 
> whole thing is a bunch of objects).  It compiles down to a .pyc bytecode ala 
> java and is becoming well supported and used
Thanks for mentioning, Peter. If OO is a "must have" there's IMHO no
other language than python which gives us more flexibility. It's widely
used for web apps as it is for standalone programs. The availibility to
precompile the code gives us small and fast programs. The language
itself was designed as true OO (do I here Smalltalk anywhere ;-)).

Perl? The OO part is the same as in PHP: only added afterwards. No, if
someone says Perl, then we can stay by using PHP.

Java? Convince me that it's not as slow and memory hungry as I know it
(especially on low end HW like our net4501).

C(++). Yes, for the backend (daemon part).

> In regards to an OS.
> I have been playing (a lot) with a linksys device called an NSLU2 and 
> replacement software called OpenSLUG (www.openslug.org).  This shows that you 
> can make a mean and lean Linux, with a mature development environment from 
> OpenEbedded.  Maybe Linux is the way to go (I can't beleive I am saying 
> this!)
Linux (which I'm using for 13 years now) is surely one of the famous
OSes in our time. There is still rumour that the network code isn't as
stable and fast as that of the BSDish ones, but that's nonsense and not
true anymore. Even the filtering language (netfilter) has become a
global player. It's really amazing what we can do with netfilter in
combination with iproute2. Another good point for linux is the embedded
part of the kernel, but please keep in mind: Actually we have images for
four platforms: wrap net4801, nbet4501 and generic-pc (not mentioned the
cd image as fifth one); do we really want to support one for mips, one
for xscale, one for ...

Why I'm not voting for linux? See below:
> If you move from FreeBSD my vote would be for OpenBSD.  There is a lot of 
> clunky stuff in FreeBSD 4.x (like bridging) that may have been fixed in 6.x.
I'm not convinced in FreeBSD, too. FreeBSD5 was a showstopper and I
don't know how good FreeBSD6 is. Yes, pfsense is using it and Chris
surely can tell us more about it, so I'll stop with talking about
FreeBSD here.

My vote goes to OpenBSD, too. Why?

* due to its emphasis on security, as Manuel said it.
  It's not only build with security in mind, there are also a lot of
  security related protocols like openssh which were actively pushed by
  the OpenBSD team.
* the integration of pf and carp - pf is IMHO the best filtering
  language around (if you don't mention netfilter ;-)), very similar to
  ipfiter (since it's a further development of it), with a lot of
  features, ipfilter4 should also bring us, but how stable would it be?
* carp/pfsync: this is the real highlight of OpenBSD and the real cause
  not choosing Linux/netfilter. A HA application for filtering, just 
  like we know it from the good old Nokia appliances running the very
  expensive CP software. I can't imagine any better point for OpenBSD as
  this one, having stateful HA interfaces.
  Sure both, pf and carp are ported to FreeBSD as well, but nothing is
  better than the original.
* OpenBSD IPsec implementation (isakmpd), giving us NAT-T, xauth (for
  cisco vpn clients for example) and filterable (!) Interfaces (one of
  the major points why I looked at OpenVPN in m0n0)
* Hardware encryption: suports not only the soekris cards but also
  VIA C3 and the RNG of the Intel motherboards
* better bridging code: STP support and able to be filtered by pf

It convinces me in the integration of all these features. Not like
FreeBSD/ipfw/ipfilter, OpenBSD uses one filtering language, one IPSEC
implementation and integrates all those perfectly into the kernel,
supporting cryptographic functions and accelaretion to all of them.

Thanks Manuel for developing m0n0wall. We'll do our best helping to make
it even better!!

Best regards, PIT

 copyleft(c) by |           "By golly, I'm beginning to think Linux really
 Peter Allgeyer |   _-_     *is* the best thing since sliced bread." (By
                | 0(o_o)0   Vance Petree, Virginia Power)