From chrisb at jesmond.demon.co.uk Fri May 2 07:47:56 2003 From: chrisb at jesmond.demon.co.uk (Chris Benson) Date: Wed Aug 4 00:11:00 2004 Subject: OT: smoothwall firewall impressions Message-ID: <20030502134756.A21372@gamma.home> Just for a change, a software review. After thinking about it for over a year and having the CD for over 6 months, I finally tried out the SmoothWall firewall today. A Linux distribution that turns a redundant PC into a reasonably competent firewall. This is SmoothWall GPL 1.0. from http://www.smoothwall.org/ Bootable CDROM bought from www.linuxemporium.co.uk. Installation (short): - insert CD - boot - confirm keyboard layout, timezone, - set IP address and hostname - choose passwords for root, setup and admin users - press Return a few times - remove CD Installation (more): - When I first looked at SmoothWall I had ISDN and SmoothWall didn't. - Now it has ISDN and USB ADSL support - It supports two or three networks:- -- GREEN is the ethernet card on the internal (safe) network -- RED is the ethernet card/ISDN/ADSL/modem connected to the Internet -- ORANGE is an optional ethernet card connected to the DMZ - a semi-safe network. - After initial setup of the above administration is by connecting to web-pages and logging in as admin. - Can do IPSEC VPNs - Can port-forward, NAT, all the firewall stuff - Can run Squid web cache and Snort intrusion detection - Can have the external (RED) interface configured by DHCP - Can offer DHCP to machines on the GREEN network - Has the MindBright Java/SSH client to allow shell access from anywhere with a Java-enabled browser! Looks like it will comfortably fit in 150MB/disk: Filesystem 1k-blocks Used Available Use% Mounted on /dev/hda4 4949344 53204 4644724 1% / /dev/hda1 7776 805 6570 11% /boot /dev/hda3 1249164 304 1185404 0% /var/log Device Boot Start End Blocks Id System /dev/hda1 1 1 8032 83 Linux /dev/hda2 2 4 24097+ 82 Linux swap /dev/hda3 5 162 1269135 83 Linux /dev/hda4 * 163 788 5028345 83 Linux And 64MB/RAM: Memory: total used free shared buffers cached Mem: 257592 21012 236580 17716 1508 10388 -/+ buffers/cache: 9116 248476 Swap: 24092 0 24092 Usage: - It appears to "just work"(tm) - All normal administration is done through the web-pages. - I've not used it as a real firewall or used many of the options: VPN, Update latest patches, DHCP, cacheing, ... but it looks solid and well thought through. - patch 5 now out. Downsides: - requires IDE disks (I only had SCSI machines available for a long time). - Adverts for the commercial version are rather intrusive especially in the help pages. - still runs 2.2 kernel which lacks support for new hardware and the iptables firewall in the 2.4 kernels. Conclusion: - I would use this if -- I were setting up a firewall from scratch for a SoHo/SMB-user -- I had a PC with IDE hard disk and the necessary NICs - If there was budget, I'd use the commercial version -- Chris Benson From chrisb at jesmond.demon.co.uk Tue May 6 16:08:10 2003 From: chrisb at jesmond.demon.co.uk (Chris Benson) Date: Wed Aug 4 00:11:00 2004 Subject: [OT?] Paul Graham, "Hackers and Painters" Message-ID: <20030506220810.A16116@gamma.home> Hi, I'm reading the essay http://www.paulgraham.com/hp.html as suggested by Tim Bray at http://tbray.org/ongoing/When/200x/2003/05/05/Languages . About a quarter of the way through, where he's talking about programming as sketching I was thinking "YESSS! this is what I do." "A programming language is for thinking of programs, not for expressing programs you've already thought of. It should be a pencil, not a pen. Static typing would be a fine idea if people actually did write programs the way they taught me to in college. But that's not how any of the hackers I know write programs. We need a language that lets us scribble and smudge and smear, not a language where you have to sit with a teacup of types balanced on your knee and make polite conversation with a strict old aunt of a compiler. " So who's a sketcher and who an engineer? -- Chris Benson, returning you to your regular schedule.