The following message was mailed to the Network Flight Recorder Users
mailing list as part of a debate on the performance of the Linux packet
filtering implementation.
Is anyone interested in getting $4000 for writing a good BPF implementation
for Linux?
I think anyone in security should know who Marcus Ranum is, so take it from
whence it comes. I think he should know what he is talking about.
Rogan
______________________________ Forward Header __________________________________
Subject: Re: Redhat 6.0
Author: "Marcus J. Ranum" <mjr@nfr.net> at Internet-SA
Date: 99/06/21 11:21 PM
>I think NFR might want to take a good look
>at what can be done with Linux.
We have had Zero customers make Linux a requirement for
purchase. Obviously someone could change that, by writing
"I need Linux" on the back of a Purchase Order for, say,
200 units, and Linux will get our undivided attention. ;)
Joking aside, we _have_ done a lot with Linux. For each
version, when it's come out, we've tested its performance
and found it inadequate. We've explained, in this forum
and in others, gently and less gently, why Linux' packet
capture code is mediocre. We've burned considerable man
hours attempting to transfer clue to Linux religionists,
and now, I see, to ""technology" journalist" Linux
religionists. The main answer we get is "if you don't like
Linux's packet capture, then _FIX_ it."
We don't like it.
Why don't _YOU_ fix it?
C'mon, seriously - one of you Linux heads out there
could write the bitchenest zero-copy packet capture
code on the planet. We'll buy you a beer. Hell, we'll
buy you a case. How about it? We're busy writing studly
traffic analysis engines. We're busy making them work
at speeds close to 100mb/s on reasonable hardware running
reasonable operating systems. We're _BUSY_, get it? Fixing
Linux is not our job, making the best ID software on the
market is our job.
Tell you what, smarty-pants. I'll give you $4,000 and a
cool NFR T-shirt if you write a zero copy-per-packet
input bpf emulation for Linux. Ok? I'll do one better than
you can do: I'll put my money where my mouth is.
>I'm not sure what the details are in Jim's case, but I've seen this
>before. As any admin who has been around the block will tell you, you
>can't always use the best tool for the job.
Gosh, I'm just a non-technical CEO type who's never done
any network administration. So I appreciate your educating
me. Certainly I've never done enough technical work to get
to the point of realizing that _REAL_ network admins
don't have time to get religion about technology. The
only technology you can afford to get religious about is
that it _WORKS_.
>I don't want to start another OS war, but I've been in a few fairly large
>(7,000+ nodes, multiple countries, etc.) NT and NetWare shops that will
>ONLY allow one flavor of UNIX. In fact, one of them ONLY allows Linux,
>simply because their admins are familiar with it.
Yeah. I'm sure they complain bitterly to Cisco that
their routers don't run Linux, too.
>So while Linux may have some serious drawbacks, saying "it stinks" IMHO,
>is a silly answer. Hell, how many firewall vendors are still saying
>"don't use NT - <insert reason here>?" Not many. Most of us know about
>NT's problems, but because of the current state of the industry we are
>forced to deploy NT-based firewalls....
Oddly, customers are willing to _PAY_ for NT products. That
means that we get to stay in business and keep doing what
we do well: building butt-kicking ID systems. I guess we
could spend all our time fixing freeware, but then we'd
be out of business, now, wouldn't we?
>The simply fact of the matter is that Linux has momentum, and people use
>it. In some cases, it's the only flavor of UNIX in the door - and then it
>is NOT a decision by the admin.
Yeah, I read Wired, too.
>This isn't the first one of these cases you've seen, it certainly won't be
>the last, and it's not always as simple as "don't use it - use something
>else." IMHO, that's a pretty limiting view of reality.
I work within lots of limits. The fact that there aren't
enough hours in the day for my team to do all the stuff
we're trying to do is one of them.
I find it ironic that someone preaching Linux ideology at me
would say "don't use it - use something else" is a bogus way
of handling something inadequate. _THAT_ is the reason many
Linux users give for not using Windows.
We haven't got anything against Linux* -- it's a good operating
system. It just doesn't do well the one thing we need an operating
system to do well. So we ask people not to use it. Seems simple,
no? No, it's not simple. Things are never so simple when
technology and fanaticism mix.
mjr.
(* Though I'm not fond of Linux bigots )
-- Marcus J. Ranum, CEO, Network Flight Recorder, Inc. work - http://www.nfr.net home - http://www.clark.net/pub/mjr**************************************************************** TO POST A MESSAGE on this list, send it to nfr-users@nfr.net. TO UNSUBSCRIBE from this list, send the following text in the message body (not subject line) to majordomo@nfr.net
unsubscribe nfr-users your-email-address **************************************************************** --IMA.Boundary.3044700390 Content-Type: text/plain; charset="US-ASCII"; name="RFC822 message headers" Content-Transfer-Encoding: 7bit Content-Description: cc:Mail note part Content-Disposition: inline; filename="RFC822 message headers"
Received: from nfr.net ([208.196.145.10]) by mailgate.dtt.co.za with SMTP (IMA Internet Exchange 3.12) id 0006189C; Tue, 22 Jun 1999 09:09:21 -0700 Received: (from lists@localhost) by nfr.net (8.8.8/8.8.8) id WAA05068 for nfr-users-outgoing; Mon, 21 Jun 1999 22:51:34 -0500 (CDT) Received: (from kent@localhost) by nfr.net (8.8.8/8.8.8) id WAA05060 for nfr-users@nfr.net; Mon, 21 Jun 1999 22:51:30 -0500 (CDT) Received: from smtp-out.vma.verio.net (smtp-out.vma.verio.net [168.143.190.239]) by nfr.net (8.8.8/8.8.8) with ESMTP id WAA04827 for <nfr-users@nfr.net>; Mon, 21 Jun 1999 22:22:20 -0500 (CDT) Received: from smtp-gw.vma.verio.net ([168.143.0.18]) by smtp-out.vma.verio.net with esmtp (Exim 2.10 #1) id 10wH5u-0004WA-00; Mon, 21 Jun 1999 23:19:30 -0400 Received: from desktop (mjp.mnsinc.com [206.239.88.222]) by smtp-gw.vma.verio.net (8.9.3/8.9.3) with SMTP id XAA16493; Mon, 21 Jun 1999 23:22:21 -0400 (EDT) Message-Id: <3.0.6.32.19990621232123.007a5180@mail.clark.net> X-Sender: mjr@mail.clark.net X-Mailer: QUALCOMM Windows Eudora Light Version 3.0.6 (32) Date: Mon, 21 Jun 1999 23:21:23 -0400 To: Greg Shipley <gshipley@neohapsis.com>, nfr-users@nfr.net From: "Marcus J. Ranum" <mjr@nfr.net> Subject: Re: Redhat 6.0 In-Reply-To: <Pine.LNX.4.10.9906211754270.6308-100000@7of9.neohapsis.com > References: <3.0.6.32.19990621113653.00a78610@mail.clark.net> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-nfr-users@nfr.net Precedence: bulk Reply-To: "Marcus J. Ranum" <mjr@nfr.net> --IMA.Boundary.3044700390--
- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/