DCAWD.com

More /. goodness found hmah.

Ok, no biggie for us n3rdz, right?


Btw, If vi-ing or pico-ing an ipfw-based firewall is beyond your comfort level - try waterroof. It's a pretty decent GUI frontend for teh configz. wewt.


ZOMG INnArWEBZ!!!!!1

After looking at their article... they are making mountains out of mole hills in some areas (not all though). The way the Mac firewall works is by allowing any network program that is started to automatically start servicing requests. So if you start services (like they did in the first part of the article), it will allow them. Windows does the same thing...

Sounds like Apple isn't updating the Mac firewall GUI with the latest rule sets. Easy enough to fix.

Now this part is a different story:

A number of peculiarities emerged in the course of testing. A newly booted MacBook refused time synchronization - only to permit it a few moments later for no apparent reason without any changes to the security settings having been made. Further, it is not clear at what point Mac OS X starts which services, or how it decides which of these should be accessible and which should not.

This really isn't good and I have to wonder what changed. I REALLY wish they had done a "ipfw show" before and after running all of these commands.

You are right though, we (geeks in general) won't have to worry about this, but some of these problems should be addresses for regular home users.

i understood a bit of that, but for the most part,




ps - aapl... flawed software? z0mg NO WAI!!1

ipfw makes baby jesus cry.

I'm just hoping that Leopard has better WPA support because using my wireless on Tiger SUCKS!

Before I have a seizure, plz change avatar k thx!

No, I think you deserve a seizure.

schvin wrote:ipfw makes baby jesus cry.

Come on, it's not THAT bad... Hell, throw dummynet on it and you've got a rate limiting firewall

Sabre wrote:

schvin wrote:ipfw makes baby jesus cry.

Come on, it's not THAT bad... Hell, throw dummynet on it and you've got a rate limiting firewall

I was thinking the same! It's not that bad!

What would yonder security guru (teh schvin, talkin' at ya) recommend if ipfw is makin' teh jeebus cry?

complacent wrote:

Sabre wrote:

schvin wrote:ipfw makes baby jesus cry.

Come on, it's not THAT bad... Hell, throw dummynet on it and you've got a rate limiting firewall

I was thinking the same! It's not that bad!

What would yonder security guru (teh schvin, talkin' at ya) recommend if ipfw is makin' teh jeebus cry?

If anyone says IPChains I will promptly punch them in the gonads... or cuch if need be.

Alright, alright... back to Leopard's flaws. I have to agree with this article in thanking the Mac geeks, er... fools, no... early adopters (don't hurt me Colin ) for the getting these bugs out of the way now before the rest of us drop our hard-earned duckets on this OS.

Beyond the normal growing pains of adapting to a new OS, and the aforementioned firewall deal, there seems to be no Java 6 support in Leopard which has developers up in arms.

/. posting
Associated c|net art.

i wish the new macbook pros weren't so damn expensive. i'd like to experiment with the dark side (light side?)

Libra Monkee wrote:Alright, alright... back to Leopard's flaws. I have to agree with this article in thanking the Mac geeks, er... fools, no... early adopters (don't hurt me Colin ) for the getting these bugs out of the way now before the rest of us drop our hard-earned duckets on this OS.

Beyond the normal growing pains of adapting to a new OS, and the aforementioned firewall deal, there seems to be no Java 6 support in Leopard which has developers up in arms.

/. posting
Associated c|net art.

Congrats!

I believe I had java6 running on mine, but not 100% sure. I will say though for the record, I hate java

Sabre wrote:

complacent wrote:

Sabre wrote: Come on, it's not THAT bad... Hell, throw dummynet on it and you've got a rate limiting firewall

I was thinking the same! It's not that bad!

What would yonder security guru (teh schvin, talkin' at ya) recommend if ipfw is makin' teh jeebus cry?

If anyone says IPChains I will promptly punch them in the gonads... or cuch if need be.

oh, not a chance that punching would definitely be deserved!

oh, and pf ftw.

pf (and altq/etc) have been rolled out of openbsd to netbsd and freebsd so far, so i can't imagine it's much of a stretch to get it on the osx. my 2 cents.

schvin wrote: oh, not a chance that punching would definitely be deserved!

oh, and pf ftw.

pf (and altq/etc) have been rolled out of openbsd to netbsd and freebsd so far, so i can't imagine it's much of a stretch to get it on the osx. my 2 cents.

Ok, we can still be friends PF should be fairly easy to get over to OSX me thinks.

Sabre wrote:

schvin wrote: oh, not a chance that punching would definitely be deserved!

oh, and pf ftw.

pf (and altq/etc) have been rolled out of openbsd to netbsd and freebsd so far, so i can't imagine it's much of a stretch to get it on the osx. my 2 cents.

Ok, we can still be friends PF should be fairly easy to get over to OSX me thinks.

+1