Project ?

sean o'malley somalley at
Wed Jun 23 00:19:17 EST 1999

I don't know if this is up anyone's alley or not, but it might be worth a
case of beer or more.
It might fit into another project like like clustering, but im not exactly
sure what he is talking about =)


Date: Mon, 21 Jun 1999 23:21:23 -0400
From: Marcus J. Ranum <mjr at>
To: Greg Shipley <gshipley at>, nfr-users at
Subject: Re: Redhat 6.0

>I think NFR might want to take a good look
>at what can be done with Linux.

We have had Zero customers make Linux a requirement for
purchase. Obviously someone could change that, by writing
"I need Linux" on the back of a Purchase Order for, say,
200 units, and Linux will get our undivided attention. ;)

Joking aside, we _have_ done a lot with Linux. For each
version, when it's come out, we've tested its performance
and found it inadequate. We've explained, in this forum
and in others, gently and less gently, why Linux' packet
capture code is mediocre. We've burned considerable man
hours attempting to transfer clue to Linux religionists,
and now, I see, to ""technology" journalist" Linux
religionists. The main answer we get is "if you don't
like Linux's packet capture, then _FIX_ it."

We don't like it.

Why don't _YOU_ fix it?

C'mon, seriously - one of you Linux heads out there
could write the bitchenest zero-copy packet capture
code on the planet. We'll buy you a beer. Hell, we'll
buy you a case. How about it? We're busy writing studly
traffic analysis engines. We're busy making them work
at speeds close to 100mb/s on reasonable hardware running
reasonable operating systems. We're _BUSY_, get it? Fixing
Linux is not our job, making the best ID software on the
market is our job.
Tell you what, smarty-pants. I'll give you $4,000 and a
cool NFR T-shirt if you write a zero copy-per-packet
input bpf emulation for Linux. Ok? I'll do one better than
you can do: I'll put my money where my mouth is.

>I'm not sure what the details are in Jim's case, but I've seen this
>before.  As any admin who has been around the block will tell you, you
>can't always use the best tool for the job.

Gosh, I'm just a non-technical CEO type who's never done
any network administration. So I appreciate your educating
me. Certainly I've never done enough technical work to get
to the point of realizing that _REAL_ network admins
don't have time to get religion about technology. The
only technology you can afford to get religious about is
that it _WORKS_.

>I don't want to start another OS war, but I've been in a few fairly large
>(7,000+ nodes, multiple countries, etc.) NT and NetWare shops that will
>ONLY allow one flavor of UNIX.  In fact, one of them ONLY allows Linux,
>simply because their admins are familiar with it.

Yeah. I'm sure they complain bitterly to Cisco that
their routers don't run Linux, too.

>So while Linux may have some serious drawbacks, saying "it stinks" IMHO,
>is a silly answer.  Hell, how many firewall vendors are still saying
>"don't use NT - <insert reason here>?"  Not many.  Most of us know about
>NT's problems, but because of the current state of the industry we are
>forced to deploy NT-based firewalls....

Oddly, customers are willing to _PAY_ for NT products. That
means that we get to stay in business and keep doing what
we do well: building butt-kicking ID systems. I guess we
could spend all our time fixing freeware, but then we'd
be out of business, now, wouldn't we?

>The simply fact of the matter is that Linux has momentum, and people use
>it.  In some cases, it's the only flavor of UNIX in the door - and then it
>is NOT a decision by the admin.

Yeah, I read Wired, too.

>This isn't the first one of these cases you've seen, it certainly won't be
>the last, and it's not always as simple as "don't use it - use something
>else."  IMHO, that's a pretty limiting view of reality.

I work within lots of limits. The fact that there aren't
enough hours in the day for my team to do all the stuff
we're trying to do is one of them.

I find it ironic that someone preaching Linux ideology at me
would say "don't use it - use something else" is a bogus way
of handling something inadequate. _THAT_ is the reason many
Linux users give for not using Windows.

We haven't got anything against Linux* -- it's a good operating
system. It just doesn't do well the one thing we need an operating
system to do well. So we ask people not to use it. Seems simple,
no? No, it's not simple. Things are never so simple when
technology and fanaticism mix.


(* Though I'm not fond of Linux bigots )

Marcus J. Ranum, CEO, Network Flight Recorder, Inc.
work -
home -

[[ This message was sent via the linuxppc-dev mailing list.  Replies are ]]
[[ not  forced  back  to the list, so be sure to Cc linuxppc-dev if your ]]
[[ reply is of general interest. Please check ]]
[[ and for useful information before posting.   ]]

More information about the Linuxppc-dev mailing list