Slashdot Mirror

That sounds like a great idea! But maybe installing something different would be more cost effective?

Try out spamd that is much likely to catch e-mails from infected PCs than SpamAssassin.

I'm sure that there are a few things you do not want to change just because some random person thinks that you should use the hottest, newest thing available? Why don't you be a real man and run OpenBSD. What, is it too hard to read clear, detailed instructions?

I'm sure that there are a few things you do not want to change just because some random person thinks that you should use the hottest, newest thing available? Why don't you be a real man and run OpenBSD. What, is it too hard to read clear, detailed instructions?

Does OpenBSD run FreeBSD apps?

Does OpenBSD run FreeBSD apps?

Does OpenBSD run FreeBSD apps?

Looking for free ISOs? Make my own? That's just what I was talking about, FYI. I don't care enough to somehow create my own iso, I simply download one and install it.

Hi Ulrich.

I did a quick search for where you might be located, to point you to an appropriate ftp server if you ever change your mind and noticed that you're into some interesting languages, including assembler. So I wouldn't be calling you a dumbass. ; )

If at some stage in the future you might like to try making your own OpenBSD CD. It is quick and easy for i386.

From one of the ftp sites like ftp://ftp.de.openbsd.org/pub/OpenBSD/3.8/i386 just download the files in that directory and use cdrom38.fs as the 2.88Mb boot floppy image as an El-Torito boot image. You should be able to do this no problem with mkisofs, I'm lazy and just use Nero from a Windows machine, but I should script it one day.

Typically your arch of choice will be about 150Mb. For stuff like sparc64 and macppc I use the appropriate cdrom38.iso image and then perform a network install or swap CD's when it comes time to copy files off the CD if you choose to install from CD.

There are some good guides for doing this.

I'd say that because they're one of the very few RAID companies actually working with OpenBSD. What, you never heard of OpenBSD's complaint re: hardware RAID?

OpenBSD Doesn't Like 3Ware

Notice the quote: "3Ware has lied to us and our users so many times they make politicians look saintly."

Or, a more detailed account is here:

ONLamp Interview w/ OpenBSD Devs

"Is there any vendor that chose to contribute with hardware or specifications?

Marco Peereboom: LSI has been very nice in providing hardware, certain pieces of documentation, and engineering help. In the end, to make all this happen, there was quite a bit of reverse engineering done as well."

If you compare vulnerability counts just from the last 3 months, OpenBSD had 79 for November, December and January compared to 11 for Microsoft (and that includes one each for Office and Exchange - so really 9 for all versions of Windows). I encourage you to look at the numbers reported at the OpenBSD site to verify that this is true.

First, I should say that OpenBSD includes a relatively small subset of the functionality that is included in Windows. You could argue that Microsoft should follow the same model for Windows that the OpenBSD Org follows for their OS. The problem is that users really want an OS that includes support for rich media content and for hardware devices, etc.

So while OpenBSD has done a good job of hardening their kernel, they don't seem to also audit important software that are used commonly by customers, such as PHP, Perl, etc. for security vulnerabilities. At Microsoft we're focusing on the entire software stack, from the Hardware Abstraction Layer in Windows, all the way through the memory manager, network stack, file systems, UI and shell, Internet Explorer, Internet Information Services, compilers (C/C++, .NET), Microsoft Exchange, Microsoft Office, Microsoft SQL Server and much, much more. If a software company's goal is to secure customers, you have to secure the entire stack.

Simply hardening one component, regardless of how important it is, does not solve real customer problems

If you compare vulnerability counts just from the last 3 months, OpenBSD had 79 for November, December and January compared to 11 for Microsoft (and that includes one each for Office and Exchange - so really 9 for all versions of Windows). I encourage you to look at the numbers reported at the OpenBSD site to verify that this is true.

First, I should say that OpenBSD includes a relatively small subset of the functionality that is included in Windows. You could argue that Microsoft should follow the same model for Windows that the OpenBSD Org follows for their OS. The problem is that users really want an OS that includes support for rich media content and for hardware devices, etc.

So while OpenBSD has done a good job of hardening their kernel, they don't seem to also audit important software that are used commonly by customers, such as PHP, Perl, etc. for security vulnerabilities. At Microsoft we're focusing on the entire software stack, from the Hardware Abstraction Layer in Windows, all the way through the memory manager, network stack, file systems, UI and shell, Internet Explorer, Internet Information Services, compilers (C/C++, .NET), Microsoft Exchange, Microsoft Office, Microsoft SQL Server and much, much more. If a software company's goal is to secure customers, you have to secure the entire stack.

Simply hardening one component, regardless of how important it is, does not solve real customer problems

You want to know what those OpenBSD bugs are? Visit http://openbsd.org/security.html#38

Note that there have only been 6 (!) bugs since V3.7 (almost a year old now; 3.9 Beta is already available), none are remote exploitable, and all have been fixed!

And Nash talks about the software stack? The ports for Apache and Sendmail have been audited and patched, the sendmail patches are sent up-stream and the Apache patches... well, I guess it's a fork at this point, but still secured.

Oh, well all know that MS has an affinity for BSD-licenced software -- is it any surprise that their attempt at "write xor execute" memory came after OpenBSD's did?

"OpenBSD had 79 for November, December and January"
"I encourage you to look at the numbers reported at the OpenBSD site to verify that this is true."

Am I missing something?

http://openbsd.org/security.html

I count 2:
- Jan 5, 2006: Do not allow users to trick suid programs into re-opening files via /dev/fd.
- Jan 5, 2006: A buffer overflow has been found in the Perl interpreter with the sprintf function which may be exploitable under certain conditions.

Neither of these are remote vulnerabilities, either.

If you are simply using Linux because you don't like Microsoft products, you might want to have a wander into the *BSD camp and try out OpenBSD which has excellent wireless support* (see compatability list here - Belkin USB adapters are in there, but check the model number). OpenBSD is an extremely secure free operating system with most of the applications that you can find on a Linux distribution. If however it must be Linux, then try SuSE out - it may have the support you need.

* And excellent documentation, a brilliant firewall, a wonderfully clean code base, superb ports system and super sweet line of T-Shirts! =)

Taking it to Starbucks, (at least where I live) means using Wifi. It really isn't possible they've implemented usable Wifi support in their LiveCD is it? Usually getting wireless to work on linux means finding windows drivers, utilizing NDISWrapper, etc.

My Spidey senses are telling me that you've never tried to use OpenBSD with a supported wireless card.

If a card is supported, it is typically supported from a driver built into the GENERIC OpenBSD kernel and "just works" like any other supported NIC.

In fact it is so good, that you can even bond your wired NIC to your wireless NIC as a trunk and then if you unplug your network cable to move yourself and your laptop away from your desk, your current connections are retained and continue to function. Your downloads keep downloading, your ssh sessions are still alive, etc.

If you like to use UNIX like operating systems and wireless, give OpenBSD a try. As long as you're using a supported wireless NIC (probably from a company proud and confident enough to back thier products up with open documentation) then you might be surprised to find it works easier than Windows XP! My PRISM2.5 based Demarc Technologies DT200 card requires a driver download to work in Windows XP, yet OpenBSD sees it as a usable NIC by default.

Check out the list of OpenBSD i386 supported wireless cards (BTW, OpenBSD do not use the word "supported" loosely). That is not the entire list either. For example my supported card is not on that list. One caveat though, is that some manufacturers choose to completely change thier card designs while retaining the exact same model number. Making wireless card purchase a minefield for anybody buying for a non Windows machine. Sure you can use an NDIS wrapper on OS which support that, but I'd rather return the product for a refund to try my luck again with another card. There are always the options to buy cards from vendors who advertise the exact chipset used too. Which I choose to do to get specific cards which are supported and have excellent receive sensitivity and decent variable transmit power.

Taking it to Starbucks, (at least where I live) means using Wifi. It really isn't possible they've implemented usable Wifi support in their LiveCD is it? Usually getting wireless to work on linux means finding windows drivers, utilizing NDISWrapper, etc.

My Spidey senses are telling me that you've never tried to use OpenBSD with a supported wireless card.

If a card is supported, it is typically supported from a driver built into the GENERIC OpenBSD kernel and "just works" like any other supported NIC.

In fact it is so good, that you can even bond your wired NIC to your wireless NIC as a trunk and then if you unplug your network cable to move yourself and your laptop away from your desk, your current connections are retained and continue to function. Your downloads keep downloading, your ssh sessions are still alive, etc.

If you like to use UNIX like operating systems and wireless, give OpenBSD a try. As long as you're using a supported wireless NIC (probably from a company proud and confident enough to back thier products up with open documentation) then you might be surprised to find it works easier than Windows XP! My PRISM2.5 based Demarc Technologies DT200 card requires a driver download to work in Windows XP, yet OpenBSD sees it as a usable NIC by default.

Check out the list of OpenBSD i386 supported wireless cards (BTW, OpenBSD do not use the word "supported" loosely). That is not the entire list either. For example my supported card is not on that list. One caveat though, is that some manufacturers choose to completely change thier card designs while retaining the exact same model number. Making wireless card purchase a minefield for anybody buying for a non Windows machine. Sure you can use an NDIS wrapper on OS which support that, but I'd rather return the product for a refund to try my luck again with another card. There are always the options to buy cards from vendors who advertise the exact chipset used too. Which I choose to do to get specific cards which are supported and have excellent receive sensitivity and decent variable transmit power.

Yeah, try Plan9, though it has no full-featured web browser ;-) A non-x86 CPU would help as well. Or one could just use OpenBSD.

But some exploits are targetted at applications (say Firefox) and would work on most OS.

Yeah, BSD licenses sure have killed a lot of projects.
That's just five minutes of searching for BSD licensed projects, I didn't look for MIT licensed projects.

why is it so difficult to read?

Because it's written by lawyers for lawyers, not for programmers. Gotta love the OpenBSD license. Excluding the warranty disclaimer and copyright notice, here's the entire text:

"Permission to use, copy, modify, and distribute this software for any
purpose with or without fee is hereby granted, provided that the above
copyright notice and this permission notice appear in all copies."

I like my licenses without built-in ideologies.

RAID could help with downtime, but is not a substitute for backup, really. Tape backup is still very expensive (high inital cost), and DVD's are limited in both quality and storage capacity. Well, I use both, but then my storage needs are slight since I burn my most important data to a DVD-RAM disc every night.

What OpenBSD thinks about RAID:

RAID (Redundant Array of Inexpensive Disks) gives an opportunity to use multiple drives to give better performance, capacity and/or redundancy than one can get out of a single drive alone. While a full discussion of the benefits and risks of RAID are outside the scope of this article, there are a couple points that are important to make here:

* RAID has nothing to do with backup.
* By itself, RAID will not eliminate down-time.

If this is new information to you, this is not a good starting point for your exploration of RAID.

Exactly. I would love to buy a copy of OS X for x86 on my PC, even if it cost me $400 to do so. It is worth the price, IMO. I will kill for an operating system on plain vanilla x86 machines that is almost perfect. Windows is insecure and needs to be scrapped, and Linux is just too hard to use for an everyday user. OS X is the perfect operating system. It is easy to use for both regular users and is great for computer science majors and other people who need Unix. But, as I see it, Apple will never give in and sell Mac OS X to people with vanilla x86 boxes, or collaborate with Dell and HP and bundle OS X with their machines. Once that happens, we can kiss Apple and OS X goodbye.

The time is ripe for a brand new operating system on the x86 platform. I would love to see something with the architecture and/or the ideas of Plan 9 or something like the L4 microkernel, the compatibility of *nix and Windows (via Wine) so that way we don't all have to start from scratch, the security of OpenBSD, a kick-butt windowing system like Aqua (except better), radical new ideas for user interfaces, rapid software development, and overall just knocks the socks off of everything else that we have seen so far. It will be much like NeXTSTEP back in the day or Mac OS X is currently. I would love to see an operating system that solves nearly all of the technical problems, security issues, and usability issues that we face today. Mac OS X does well in all of these regards, but it isn't available for everybody. Imagine if we had an operating system that was not only better than OS X is, but is also available for all computers that can handle it. Regular users who desperately want to leave Windows must either shell out $$$ for a Macintosh (which requires that they buy a new computer), or endure the learning curve that switching to Linux entails. My ideal OS will have no restrictive licensing that tells me that I can only install it on a Pear x86 box, and no DRM that sends the helicopters flying over my house when I install PearPC OS on my vanilla x86 box. Any volunteers?

A time service is a sensitive, but important, service to use. Having many reliable time servers to choose among will lessen the security risk of hacked servers, or servers just out of sync for some reason. A public timer server will see alot of traffic, so not everyone has the bandwidth nor the hardware.

The OpenBSD Network Time Protocol daemon selects randomly among various time servers, and is very easy to setup. However, if there are few time servers available, there is not much randomness to it...

1. Slackware Linux. Still the best after all this time.
2. OpenBSD. Just because you are paranoid does not mean they are not out there trying to get you.
3. OpenSSH. Because you just can't use plain text telnet anymore.
4. Rsync. Just because.
5. GNU Screen. Triple your terminal productivity. Now with minty-fresh taste!
6. GNU Wget. Because you have better thing to do than watch over a download.
7. Vim.Because Emacs is for losers.
8. Nmap. Look at 'OpenBSD' above.
9. IPTables. Lock that machine down, admin boy.
10. pf. I said, lock that machine down , admin boy!

1. Slackware Linux. Still the best after all this time.
2. OpenBSD. Just because you are paranoid does not mean they are not out there trying to get you.
3. OpenSSH. Because you just can't use plain text telnet anymore.
4. Rsync. Just because.
5. GNU Screen. Triple your terminal productivity. Now with minty-fresh taste!
6. GNU Wget. Because you have better thing to do than watch over a download.
7. Vim.Because Emacs is for losers.
8. Nmap. Look at 'OpenBSD' above.
9. IPTables. Lock that machine down, admin boy.
10. pf. I said, lock that machine down , admin boy!

Backup moved from .Mac to iLife?

I'd like to see them open up the .Mac XMLRPC schema so it'd be easier for users to roll their own .Mac.

Ah heck, lets just list a couple of things I'd like to see (which are completely unrelated to iLife):

• Tabbed chat in iChat
• Single-system image or some type of tightly coupled clustering with NUMA
• Option to share podcast playlist in iTunes (right now, all playlists appear 'cept for the podcast one to users over Bonjour)
• Ability to force iSync to do "Last name, first name" on Motorola v550s (and any other Motorola phone)
• pf instead of ipfw
• OpenVPN support in the Internet Connect.app

Okay, I'm done... for now.

Hey, what about the Windows Bootloader? If you have a Windows partition you should try it first. It even boots OpenBSD without big headache (see http://www.openbsd.org/faq/faq4.html#Multibooting) . One of its advantages is that it saves time when resuming Windows from suspend-to-disk. If you have Linux, you still need LILO or grub at least for your Linux partition...

Take a look at OpenBSD. Once you understand the UNIX philosophy, using it is a breeze. Combine a bells-and-whistles shell like bash with a terminal multiplexer like screen and you have a powerful and elegant user environment. And your investment in time will pay you back double.

We've replaced half of our servers at this point-- very little new hardware required. The new machines stay up longer, they require less maintenance, and they work the way you expect them to. They aren't susceptable to viruses. When they finish running nightly jobs, they email me reports, even if the programs aren't designed to do so because I have the control. Need new functionality with your app? Usually piping the output to some other built-in utility gets the job done. None of our users know the difference; they still use Outlook to check email, use file and print servers. What they don't know is that most of these services aren't running on a MS platform anymore. But MY job is a lot easier. And that is only the tip of the iceberg.

Obviously, I don't know what you spend your time doing, and if you say you don't have the time, then maybe you really don't. But I've heard this same argument before, from admins at my company who work in different offices, and you just sound just like them. They just can't be bothered. Too bad. I'm not working nearly as hard. Remember the Perl motto: "The three principal virtues of a programmer are Laziness, Impatience, and Hubris."

sure they do.

Care to try out version 3.0? The netbooting issue was solved, perhaps as long ago as versions 2.0.1. Version 1.6 shipped with a broken boot.mop, but worked find if you booted the install from a CD or used the boot.mop from 1.5. As for NetBSD/VAX being "unrunnable" once installed, that's just bullshit, or else I must be imagining the VS4000 VLC and VS3100 m30 humming away next to me.

NetBSD supports more models of VAX than OpenBSD - try comparing the lists on http://www.netbsd.org/Ports/vax/ and http://www.openbsd.org/vax.html. NetBSD also supports more devices, such as framebuffers and SCSI controllers.

OpenSSH just keeps getting better. Not just a great shell client and server, but support for multiple streams, secure tunnels, SCP, SFTP, every authentication method you could want, and finally VPN (the next logical extension). OpenSSH ships with every Linux distribution I can name (well, except embedded ones), the BSDs, and MacOS, and is available for Windows (under Cygwin) and every other major UNIX and UNIX-like OS out there. The code is all available to anyone for any purpose with no real restrictions (other than giving some credit to the developers), so you could include it in any app you make, regardless of license (GPL included). Thanks, everyone who works on this valuable tool. I think I'll go buy a T-shirt

Just by experience, but OpenBSD never had 'Excellent' hardware support, neither do the developers put that as the top priority of the os, compared to Linux or moreover for Windows.

Sure, recent versions of OpenBSD does support most of the modern hardwares just fine, but you really should check out the hardware compatibility documentation (link is for i386 hardware) thoroughly if you know which hardware to go by.

One thing as wireless card not working on 802.11g but only on 802.11b really puts you off because of driver issue, just as an example, so check things out before.

Oh and, being free means, the risk is on you, not to whoever you have payed the support for. You need a good administrator for a free product, unless you contract some OpenBSD support shop.

I second this. You can learn OpenBSD's pf firewall well in about a week. Get started here: http://www.openbsd.org/faq/pf/ . A 600 MHz PIII, 256 MB RAM, 4 GB HD, is plenty for 4 to 6 100 Mbit NICs on 32-bit PCI; if you have higher bandwidth needs you might put the money into a machine with 64-bit PCI or PCI-E and Gigabit NICs.

How about the OpenBSD Project? I know, some folks have issues with Theo deRaadt himself -- and I must admit to some mutterings, myself.

But in the realm of technical computing, they've raised the bar higher for everybody. Kudos to them.

http://www.openbsd.org/donations.html

Like ClamAV and pf?

By harder to install I mean it takes more than becoming root and typing.

apt-get install firefox

or pkg_add ftp://ftp.openbsd.org/pub/OpenBSD/3.8/packages/amd 64/mozilla-thunderbird-1.0.6.tgz

Also didn't mean that it didn't have any features. I mean that it didn't come bundled with any OSes. Now by my own admission I haven't used Opera but I have yet to have somebody point me to a kiler feature. It may very well have such things. I just haven't heard of them.

Having said that I use pretty much a plain FF everyplace I'm not using Safari. So maybe I'm just not the target audince.

VAX sucks

This is small kids you are talking about, and I'm sure that they have more fun stuff to do than reading about systrace, pf.conf or isakmpd.conf for that matter. At least the kids are exposed to an OS that is secure and has very high quality docmentation in form of manual pages and User Guide

Btw, the OpenBSD developers abhors the Linux HOWTOS since they deprive the reader for increasing her understanding of the subject matter. The kids are supposed to learn to think for themselves, or ;-)

This is small kids you are talking about, and I'm sure that they have more fun stuff to do than reading about systrace, pf.conf or isakmpd.conf for that matter. At least the kids are exposed to an OS that is secure and has very high quality docmentation in form of manual pages and User Guide

Btw, the OpenBSD developers abhors the Linux HOWTOS since they deprive the reader for increasing her understanding of the subject matter. The kids are supposed to learn to think for themselves, or ;-)

This is small kids you are talking about, and I'm sure that they have more fun stuff to do than reading about systrace, pf.conf or isakmpd.conf for that matter. At least the kids are exposed to an OS that is secure and has very high quality docmentation in form of manual pages and User Guide

Btw, the OpenBSD developers abhors the Linux HOWTOS since they deprive the reader for increasing her understanding of the subject matter. The kids are supposed to learn to think for themselves, or ;-)

This is small kids you are talking about, and I'm sure that they have more fun stuff to do than reading about systrace, pf.conf or isakmpd.conf for that matter. At least the kids are exposed to an OS that is secure and has very high quality docmentation in form of manual pages and User Guide

Btw, the OpenBSD developers abhors the Linux HOWTOS since they deprive the reader for increasing her understanding of the subject matter. The kids are supposed to learn to think for themselves, or ;-)

This is small kids you are talking about, and I'm sure that they have more fun stuff to do than reading about systrace, pf.conf or isakmpd.conf for that matter. At least the kids are exposed to an OS that is secure and has very high quality docmentation in form of manual pages and User Guide

Btw, the OpenBSD developers abhors the Linux HOWTOS since they deprive the reader for increasing her understanding of the subject matter. The kids are supposed to learn to think for themselves, or ;-)

If memory serves, most of these home routers are running on MIPS based hardware. There is no port of OpenBSD to the sbmips platform (yes there is an SGI MIPS port but I doubt it is similar enough for an easy transition). I believe NetBSD has been ported to this platform but I am unsure of whether the supported chipset is the same as that in a home router. There's also the possiblity that there won't be wifi card or ethernet drivers on NetBSD so you would have to reverse engineer those... Personally I'd just stick with Linux but porting a *BSD for full support would be an interesting exercise.

As another poster said, if you want to run OpenBSD on embedded hardware you are better off going for the soekris stuff but you'll pay a LOT more (prices for just the board without case, wifi card or power cable start at $128) than for the shelf consumer stuff (Amazon has a WRT54 for $54.99).

here's one from 1997.

I think MS has come a long way from where they were, but I agree. To the people who claim it can't be done: OpenBSD does it!

There's no doubt that running a secure OS and adhering to good practices (such as never do anything as root that doesn't have to be done by root) is increasingly important these days. One client I work with is running Openwall and it seems to be a good solution. There are many other security enhanced Linix possibilities, too, as well as OpenBSD - which I don't have direct experience with, but I hear it's pretty tight.

At home, I just keep up-to-date with Debian and practice careful management, but for any corporate systems, I'd start with a secure OS.

From TFA: "We basically accelerated the heck out of Wi-Fi," Corbett said. "We plan to do the same thing around digital entertainment."

Oh yeah, without Intel hardly anyone would be using Wi-fi! Thank you Centrino for making such a huge difference in the Wi-fi marketplace!

What an ass.

To echo this sentiment, here is the OpenBSD WiFi recommendations:

Note that in order to use the Intel-based cards, you will need to acquire the firmware files, which Intel refuses to allow free distribution of, so they can not be included with OpenBSD. Contact Intel to let them know what you feel about this, or to let them know what other product you have purchased instead.

Other manufacturers, such as Broadcom, Texas Instruments and Connexant have actively fought our attempts to develop free drivers for their products. We encourage you to respect their wishes by not buying their products. Realtek, Ralink, Atmel, and ADMtek make good products and support the open source community's desire for free drivers, and have earned our support and business.

Stallman explicitly states that he things that open source should be sold for money.

The second is that RMS doesn't use the term "open source" to describe "free software". Both are, in practice, loaded terms. Free Software is associated with an ideology RMS himself identifies (and is identified) with strongly. It has baggage in terms of being associated with the right to modify and/or redistribute software you've been given. By comparison, Open Source has baggage too - it's generally associated with the superiority of a development model where anyone can contribute, and the movement to sell this development model to businesses and other professional software developers in the hope it'll encourage the creation of free software. You may feel (and a lot of people would agree with you) that this is a trivial distinction when both, ultimately, refer to software that can be freely modified and redistributed, but RMS is as interested in the baggage as he is the destination, and as such he would distance himself from any comment implying any view of "open source" and what it should be.

What would stop me from purchasing a copy of the software for sale, change a byte or two, call it derivate work, and sell it for a lower price?

I have a stack of old boxen in my office doing reliable duty as (respectively) a NAT router / packet filter, an SMTP server, DNS server, SMTP server and SMB fileserver. They are all running OpenBSD except the fileserver which runs FreeBSD (because my SATA RAID controller shipped with a driver for FreeBSD). They all perform excellently, although Gallery is a bit slow on the webserver when doing things like resizing photos. The "fastest" one of the bunch is a Pentium II with 64 Mb RAM.

Indeed. In RAID options for OpenBSD you see the following warning:

While a full discussion of the benefits and risks of RAID are outside the scope of this article, there are a couple points that are important to make here:

* RAID has nothing to do with backup.
* By itself, RAID will not eliminate down-time.

If this is new information to you, this is not a good starting point for your exploration of RAID.

"Don't even try to compare that trashy xbox hardware to the linux OS."

No need to. Linux (mmm spaghetti code) is, indeed, a piece of shit/trash/etc.

Anyways, I have a present for you. A link to a real operating system just for you!