[ previous ] [ next ] [ threads ]
 From:  "Pavel A. Grodek" <m0n0wall at abletools dot com>
 To:  m0n0wall dash dev at lists dot m0n0 dot ch
 Subject:  Re[2]: [m0n0wall-dev] Re[3]: The future
 Date:  Thu, 13 Oct 2005 14:37:37 +0400
Hello Chris,

Thursday, October 13, 2005, 6:46:48 AM, you wrote:

First and foremost, I seem to agree to most your points. It would be
great to see and check the details of the tests you mentioned, but I
don't really expect any major holes. Still, certain things are more a
matter of interpretation, and with these I tend to disagree.

I also have to note that I don't really push for OpenBSD (basically, I
have no favorite tools here), I'm just trying to stay objective, and
from this point of view I still believe it's viable.

>> especially in the places where embedded devices handle the traffic.
>> So I wouldn't be surprised if in a year or two (by the time the
>> next m0n0 gets stable, polished and ready for public release)
>> OpenBSD's performance just won't matter anymore.

CB> so to the thousands of existing 4501, 4801, and WRAP users, they're
CB> just out of luck?  For what, an OS that has nearly no benefits (and
CB> many drawbacks) over the other, faster options?  Chances are, for at
CB> least the next 6 months to a year, the existing Soekris and WRAP lines
CB> will continue to be the most popular m0n0wall platform.

Basically, what you say here is "every single current user of 4501,
4801 and WRAP is not going to upgrade his hardware and yet would not
be happy with m0m0 1.2 and, at the same time, needs to achieve top
speed with his setup". That's just not true. Quite a lot of them are
"fire-and-forget" installations which are sitting quietly somewhere
and will do their job till the hardware fails or some major security
hole pushes them to update. Another group would like to get new
features but has no need for top speed as their m0n0 only handles WAN
traffic from some DSL. And, of course, some users will be happy to
update their hardware to get more security - it's certainly cheap
enough to upgrade even before it fails, even if only to make sure it
won't fail unexpectedly and cause problems.

All these groups will not be adversely affected by OS change.

Your time estimates (6 months to a year) also seem to be very similar
to what I have in mind - 1-2 years to the final release. And that
means that these boards are not "most popular m0n0wall platform" for
next m0n0, the hardware _will_ change before release. Both soekris and
WRAP are long overdue for new versions and I believe they will be
updated soon.

CB> The other reasons are enough to eliminate Open, especially if we want
CB> to continue wireless support.  OpenBSD will never use Atheros binary
CB> drivers, so will never end up with a highly reliable ath driver.

CB> That's another good reason to avoid Open, their
CB> political/philosophical beliefs punish the user base.  They could have
CB> good Atheros support today, but because it isn't "free" as in open
CB> source, their users don't get very functional ath support.  There are
CB> other recent examples.  Many view their efforts as worthwhile and with
CB> good intent and occasionally good results.  But me and probably 99% of
CB> m0n0wall users couldn't give a shit less if our drivers are truly
CB> "free" or not, as long as they work and work well.

In this area it depends on the user's mindset. As with most
security-related applications, there are some influential and very
paranoid users out there. And they don't like to have a piece of code
in their firewall that they can't verify. Sure, most home users with
"I have nothing to lose on my machines" mentality don't give a shit,
but I'd be much more comfortable deploying a firewall and knowing
there are no bombs in the binary drivers that handle private traffic
(and wireless is, by definition, "private").

It's not the question of "free", it's the question of "safe". Imagine
a disgruntled programmer putting something nasty in Atheros binary
drivers. Ask yourself - do you want some major attack caused by this
to happen at _your_ site?

Best regards,
 Pavel                            mailto:m0n0wall at abletools dot com