Felipe Alfaro Solana

Hoy he intentado llamar a mi padre a su móvil que tiene contratado con Movistar. En el momento de la primera llamada, he recibido el típico tono o señal intermitente que indica que el número está ocupado, pero lo realmente curioso del asunto es que mientras escuchaba dicha señal una voz muy agradable me ha informado que cuando dicho número volviera a estar disponible la red me enviará un mensaje indicándolo así antes de 3 horas.

Y así ha sido. Al poco de colgar, he recibido un mensaje corto cuyo número originante era el número de mi padre y cuyo cuerpo contenía el texto “AVISAME”. Este nuevo servicio se anuncia como gratuito, pero no tengo muy claro para quién — si para la persona que llama (en este caso yo) o el destinatario de la llamada (en este caso mi padre). Así mismo, creo que, aunque la funcionalidad pueda resultar útil y la idea buena, resulta algo intrusivo con respecto a la privacidad personal. Ahora, comprobar si una persona está hablando por teléfono o está ocupada no requiere una acción (activa), como hacer una llamada cada X minutos y comprobar la señal de llamada, sino que la propia red informa del estado del destinatario de forma automática, sin realizar acción ninguna (pasiva).

¿Qué opinión os merece un servicio como éste? ¿Atenta contra la privacidad? ¿Compensan los beneficios obtenidos con esa pérdida relativa de privacidad? ¿Habilita Movistar este servicio por defecto para todos los abonados?

Today, I was reading a post about how the world would look like if Microsoft disappeared tomorrow. One of the comments on this post said:

With fast processors with virtualization Microsoft should abandon their code base entirely and run legacy software in virtualization. The Windows code is a “dead end”.

I cannot agree more on this.

Windows has become more insecure and bloated over time. Its complexity has increased almost exponentially, but some of the engineering decissions that were made in the past turn to get more and more expensive today, like the hundreds of security vulnerabilities that have been undisclosed this year. Simply said, Windows wasn’t architected with security in mind. Windows was architected as a GUI-based operating system, much like the original Apple operating system or GEM were. I think the time has come to ditch it hard and start all over again, with a cleanly designed system, done from the ground up, with security in mind, that leaves all useless features off in order to keep complexity under control. That’s precisely one of the things that I like about most of the free, open source operating systems: the ability to do extensive customization. It makes total sense to remove components or services that are not being used in a particular deployment scenario, such as removing the Web browser and Windows Media Player software in Windows machines playing the role of servers. Such bloated code takes resources, increases complexity and uncertainty and increases the chance of somebody trying to break into the system due to a vulnerability in this unused code.

Virtualization allows you to keep all these legacy code running in a controlled, stable and static system, while being able to take advantage of more modern, customizable, secure and stable software codebase, call it GNU/Linux, *BSD, Mac OS X, Solaris or XYZ.

Today, the mini-barebone computer that I ordered last week has been shipped. Basically, it consists of an ASUS Pundit P3-PH4 case and motherboard with an Intel LGA775 CPU socket, 4 dual-channel 533/600 DDR2 memory slots, 2 SATA connectors, 1 IDE connector, 1 serial port, 1 parallel port, 8-channel sound card, integrated Intel-based VGA, 4 USB 2.0 ports, 1 IEEE-1394 400 (FireWire) port, 1 Intel Pro 1000/MT Gigabit Ethernet controller, 1 CF/SD/MMC built-in reader (USB-based), 1 PCI Express x1 slot, 1 PCI Express x16 slot and 2 PCI slots. I added a Pentium 4 3.0GHz CPU, a 160GiB SATA hard drive and a standard DVD-/+RW drive. I was looking for a small form-factor machine that was able to run silently and cool but powerful enough to run things like IDS, file and print services or the Xen hypervisor. I discarded products like Soekris-based computers because they are expensive and underpowered when compared to a computer like this mini-barebone.

I decided to install OpenBSD 4.0 which has proven to be an extremely reliable, stable, easy to install and use, secure, Free/Libre Open Source Operating System. What is more, OpenBSD built-in firewall (named PF) is one of the most powerful, comprehensive open source firewalls in the market with support for stateful filtering, traffic normalization, traffic classification (ALTQ), load-balancing and resilience (pfsync) with good logging support (pflog) that, when combined with OpenBGPD and OpenSSH, make it a win-win platform to build network and security-oriented servers and appliances. OpenBSD can be downloaded from http://www.openbsd.org/ftp.html.

My initial expectations were low, to be honest. I have been using older versions of OpenBSD on quite old, low-end systems for a long time. The mini-barebone system has a full array of mostly-new hardware, like the built-in CF/SD/MMC reader, the SATA disk controller, and DDR2 memory. However, it turned out that OpenBSD 4.0 has absolutely no problem at all at dealing with all the integrated hardware. The SATA disk was recognized as such (wd0), the CF/SD/MMC built-in reader is recognized as three different devices (sd0, sd1 and sd2), and the USB 2.0 EHCI and FireWire built-in controllers are properly configured and recognized. Additionally, since the machine sports an Intel Pro 1000/MT Gigabit Ethernet controller, OpenBSD is able to use TCP/UDP checksum offloading (the em driver has been supporting this feature since OpenBSD release 3.8, as far as I know).

Overall, I’m quite impressed with the hardware support provided by OpenBSD 4.0. This superb piece of free/libre, open source software is a pleasure to use every day, and the ports collection brings a lot of software to the table to make OpenBSD a platform that I can use to convert my DVDs to DivX, store and serve files, protect my network from external threats, act as a Wireless Access Point, run a BIND DNS server and Mail server and do it all flawlessly and comfortably. Kudos to the OpenBSD team for this great operating systen and platform!