On Thu, Feb 16, 2006 at 03:24:27PM -0600, Les Mikesell wrote: > On Thu, 2006-02-16 at 15:07, Dave Jones wrote: > > > > There is a cisco vpn client for linux. Run that for work all the time. > > > > > > Check their web site for the software or ask you IT group for it. > > > > It uses a binary only kernel module that frequently causes problems > > judging by the number of reports I've seen in bugzilla tainted by it, > > which magically 'go away' when the user switches to using vpnc. > > > > One of the horrors of binary kernel modules is they don't keep up > > with the steady release of upstream kernels, so what might work > > fine on one release might break horribly in next weeks updates, > > sometimes in particularly drastic ways like memory corruption > > when then finds its way written out to disk. > > That's one way of thinking about it. The other is that one of > the horrors of running Linux is that every kernel release may > break previously used interfaces and force you to replace all > your tested modules. Even if there were an established ABI that the upstream kernel maintained, there would still be incompatibilities between versions. Look at any OS that maintains such an illusion for proof of this. Every time a vendor has done this, there's been some internal struct or function that wasn't exported, that 3rd parties wanted to poke around with, which inevitably does completely the wrong thing when things are changed. The lack of ABI argument is totally bogus. It's no panacea to 3rd-party code magically getting better. The real problem is by keeping it binary, no-one but them can fix it, and when they aren't inclined to do so, who loses? Dave
