Where have you been ??
Every SW since July 2001 has always connected home. It's NOT spyware. It was
designed so we could put FTP servers in locations we had no idea we had users.
We were entirely public (just found 302 postings on various sites we made PRE
doing it). The usual Slashdot geeks and idiots with agendas screamed but as we
never collected IP address purely connection method, CPU string, RAM, Mainboad
info AND were totally and utterly open (AT POINT OF INSTALLATION A WHOLE PAGE
OF TEXT INFORMING THE USER). We also checked it with OSI and FSF and made it a
condition of ownership.
It benefitted every SW user of next releases (0.9.6 onwards) by allowing us to
work out aggregate users and hardware specs, e.g we could say 63% of users were
P120 or above and 64MB and therefore tweak Apache and Squid and system
resources as standard to suit the average user rather than cater for the sad
geek with his die hard 486/66.
It meant we could pass on performance AND security benefits.
NO there was no security implication, it only happened on FIRST attempted
connection. Without sending this info it was therefore impossible to get the
updates (e.g it wouldn't be able to upload updates). It made the platform grow
fast and it was entirely sensible. One thing Donald, please don't ever assume I
haven't the first clue about security - 10 yrs of security development under my
Everything I do - everything - is keyed around making life secure for people.
It's why SW has never ever been hacked and how many millions of users use it ?
IPCop took it out. Biggest mistake they ever made because it meant they couldnt
know the hardware of their userbase and they couldnt grow their platform but
then they have a much much much smaller userbase. Thats the cool thing about
OpenSource - we give you the code so you can enhance and modify :)
So no - no security risk and an entirely sensible and looking back we should
have done it a year earlier. Parsing the SQL database became impossible even on
a dual pentium a year later. That many single line entries.
Hope thats informative.
Quoting Donald Deacon <donald at 501 dot co dot za>:
> Richard are you saying the SW connects to a server and reports info about
> the setup of the firewall? Is that not a little bit insecure? What if that
> server is compromised?
> ----- Original Message -----
> From: "Richard Morrell" <dick at dickmorrell dot com>
> To: <joshmccormack at travelersdiary dot com>
> Cc: "David Rodgers" <david dot rodgers at kdsi dot net>; <m0n0wall at lists dot m0n0 dot ch>
> Sent: Thursday, March 11, 2004 4:19 PM
> Subject: RE: [m0n0wall] Comparative Products to M0n0wall
> > Quoting joshmccormack at travelersdiary dot com:
> > > On Thu, 11 Mar 2004, David Rodgers wrote:
> > > <snip>
> > > >
> > > > It is not designed to fill these niches directly but indirectly it
> > > > support almost ALL of them saving only dialup modem. Most people
> > > > seriously using ISDN or DSL in an enterprise environment would be
> > > > it with a dedicated isdn/dsl router that would easily be able to hand
> > > > off to the firewall with ethernet.
> > David thats blatantly untrue sorry. You'd think that was the case wouldnt
> > but its not. You'd think with the easy availability of ISDN routers from
> > BT, Cisco 1601s with ISDN BRI, Zykel and Eicon Diva externals that they
> > have market share. You'd be wrong. Fact is there are more ISDN PCI
> > the market than routers. By a factor of about 5. Thats based on the fact
> that I
> > know exactly what hardware every SW installed has. SW calls home securely
> > reports minimal info on every single base install (e.g connection device
> > method). But also based on relationships with Eicon going back 5 yrs and
> > on their manufacturing and market intelligence.
> > Richard
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> > ---
> > *** Scanned for Viruses by Digital Dynamix www.digital.co.za ***
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch