[ previous ] [ next ] [ threads ]
 From:  Richard Morrell <dick at dickmorrell dot com>
 To:  Donald Deacon <donald at 501 dot co dot za>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Comparative Products to M0n0wall
 Date:  Thu, 11 Mar 2004 20:34:45 +0000
Where have you been ??

Every SW since July 2001 has always connected home. It's NOT spyware. It was 
designed so we could put FTP servers in locations we had no idea we had users. 
We were entirely public (just found 302 postings on various sites we made PRE 
doing it). The usual Slashdot geeks and idiots with agendas screamed but as we 
never collected IP address purely connection method, CPU string, RAM, Mainboad 
info AND were totally and utterly open (AT POINT OF INSTALLATION A WHOLE PAGE 
OF TEXT INFORMING THE USER). We also checked it with OSI and FSF and made it a 
condition of ownership.

It benefitted every SW user of next releases (0.9.6 onwards) by allowing us to 
work out aggregate users and hardware specs, e.g we could say 63% of users were 
P120 or above and 64MB and therefore tweak Apache and Squid and system 
resources as standard to suit the average user rather than cater for the sad 
geek with his die hard 486/66.

It meant we could pass on performance AND security benefits. 

NO there was no security implication, it only happened on FIRST attempted 
connection. Without sending this info it was therefore impossible to get the 
updates (e.g it wouldn't be able to upload updates). It made the platform grow 
fast and it was entirely sensible. One thing Donald, please don't ever assume I 
haven't the first clue about security - 10 yrs of security development under my 
belt :)

Everything I do - everything - is keyed around making life secure for people. 
It's why SW has never ever been hacked and how many millions of users use it ?

IPCop took it out. Biggest mistake they ever made because it meant they couldnt 
know the hardware of their userbase and they couldnt grow their platform but 
then they have a much much much smaller userbase. Thats the cool thing about 
OpenSource - we give you the code so you can enhance and modify :)

So no - no security risk and an entirely sensible and looking back we should 
have done it a year earlier. Parsing the SQL database became impossible even on 
a dual pentium a year later. That many single line entries.

Hope thats informative.


Quoting Donald Deacon <donald at 501 dot co dot za>:

> Richard are you saying the SW connects to a server and reports info about
> the setup of the firewall? Is that not a little bit insecure? What if that
> server is compromised?
> ----- Original Message ----- 
> From: "Richard Morrell" <dick at dickmorrell dot com>
> To: <joshmccormack at travelersdiary dot com>
> Cc: "David Rodgers" <david dot rodgers at kdsi dot net>; <m0n0wall at lists dot m0n0 dot ch>
> Sent: Thursday, March 11, 2004 4:19 PM
> Subject: RE: [m0n0wall] Comparative Products to M0n0wall
> > Quoting joshmccormack at travelersdiary dot com:
> >
> > > On Thu, 11 Mar 2004, David Rodgers wrote:
> > > <snip>
> > > >
> > > > It is not designed to fill these niches directly but indirectly it
> does
> > > > support almost ALL of them saving only dialup modem. Most people
> > > > seriously using ISDN or DSL in an enterprise environment would be
> using
> > > > it with a dedicated isdn/dsl router that would easily be able to hand
> > > > off to the firewall with ethernet.
> >
> > David thats blatantly untrue sorry. You'd think that was the case wouldnt
> you
> > but its not. You'd think with the easy availability of ISDN routers from
> AVM,
> > BT, Cisco 1601s with ISDN BRI, Zykel and Eicon Diva externals that they
> would
> > have market share. You'd be wrong. Fact is there are more ISDN PCI
> devices
> on
> > the market than routers. By a factor of about 5. Thats based on the fact
> that I
> > know exactly what hardware every SW installed has. SW calls home securely
> and
> > reports minimal info on every single base install (e.g connection device
> and
> > method). But also based on relationships with Eicon going back 5 yrs and
> based
> > on their manufacturing and market intelligence.
> >
> > Richard
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> >
> > ---
> > ***  Scanned for Viruses by Digital Dynamix   www.digital.co.za   ***
> >
> >
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch