Domain: wideopenbsd.org
Stories and comments across the archive that link to wideopenbsd.org.
Comments · 8
-
Re:Is it enough? Yes.
I'm trying to figure out your point in the relationship to the story and why it's insightful.
a) there was a story?
b) my comment is just inherently insightful, ergo the mods. (they don't RTFAs, either.)
In all seriousness, my comment was more a reply to the tone of the summary than any particular points is the articles. (Though I don't know why this guy is freaking out that Apple isn't work overtime to get patches out for undisclosed bugs overnight. All vendors often have gaps between when someone announces a potential vulnerability and when a suitable patch comes out. This is nothing new.)
Are you arguing that it's "enough" for Apple to not patch known problems? That because Apple has a good track record that they can be lax? That Apple should imitate Microsoft's policies of the late 1990s and not take "gray hats" seriously?
I'm going by the dictionary definition of "enough:" "sufficient to meet a need or satisfy a desire; adequate." I would say Apple's track record shows they're doing "enough" with regard to security for the most part. )I think the worst thing they've done so far wasn't even security-related--it was that buggy update that erased hard drives with spaces for the first character in their names.) That's why "enough" != "everything possible." For example: Am I eating as many vegetables as I should? Probably not. Am I eating enough to keep myself from imminent death? Since I've been eating this way for a couple decades, I'd say yes. In that sense, I'm eating "enough" vegetables.
Now, do I want Apple to become lax and sloppy? Of course not. Could they be doing more? Absolutely.* But, overall, since you could probably fit all the people who have lost data to OS X viruses in a small room, I'd say that their effort--the result of which is a handful of infections out of millions of machines--counts as 'enough.'
* While I don't think Tom Ferris should be making a big stink about Apple's turnaround time, I would very much like to see them fix whatever he found this week. I'd like to see them patch whatever holes the winner of the 'rm-my-mac' contest** used to escalate privileges. (Sure, that required a local account in the first place, but a flaw is a flaw.) Mostly, I'd like to see them have Safari's "Open 'safe' files" option UNchecked by default--I agree with others, that's an accident waiting to happen.
** nice to see he finally put up something of a postmortem. http://rm-my-mac.wideopenbsd.org/ -
Re:considering
go look at the original page where the challenge is posted. TFA is just that a FA. It was written by some idiot who didnt read the actual challenge and wrote an article trying to be as ambigious as possible. It was 6 hours and not 30 minutes as the article calims (though, with a shell i've gotten root in a couple of minutes on some macs)
people set up ssh accounts on the machine and they were supposed to rm -rf the thing and no one has.
if you look on the page people can remotely add accounts to the server in order to get shell access VIA THE FUCKING WEB PAGE -
"obsd propaganda"You don't have to believe all the propaganda coming from the "proactively secure Unix-like operating system.." leader. It is an insecure OS, like any other existing OS, simply because coders are human and prone to failure. Theo never used Linux, yet he can judge the quality of it. You can always try to convince yourself (and your brainwashed audience) that you write the NUMBER ONE secure Operating System in the world ("if you're not already there"), yet it means nothing.
I have personally more faith in NetBSD. Strange that noone recalls the ibcs2 kernel overflow. obsd had a straight stack overflow, but nbsd code checked this properly and therefore wasn't vulnerable. Noone recalls apachenosejob.c where #obsd dev couldn't even manage to make it work on their own machine, and hence denied that it actually worked? what about shutuptheo sshd heap overflow ? and the non-exploitable format string in talkd? what about privsep if you can break it so easily with a kernel select() int overflow bug (or other undiscovered one)? is it openbsd or wide openbsd (http://wideopenbsd.org/) ?
don't believe what you're being told to believe.
-
BSD is dying
what I know about *BSD
1. You can not play games on it.
2. It cannot be used by my grandma.
3. It lacks a GUI of any note.
4. There is no support available for it.
5. It is an assortment of fragmented OSes.
6. It cannot be run on the x86 platform.
7. You have to compile everything and know C.
8. Support for the latest hardware is always poor.
9. It is incompatiable with GNU/Linux.
10.It is dying. -
Re:More misplaced effort
BSD isn't about anything. The proof is here: http://wideopenbsd.org/
The only "proud" freebsd user is a *former* freebsd user. -
FUD
This is FUD -- Linux certainly routes faster than 100kpps. And http://wideopenbsd.org/ clearly shows how OpenBSD is fundamentally flawed and should not be used by anyone except for OS dilitante dabblers.
STOP SPREADING FUD! -
Re:Requiem for the FUD
hahahahahahaha, you suck.
-
ten things I know about OpenBSD
what I know about *BSD
1. You can not play games on it.
2. It cannot be used by my grandma.
3. It lacks a GUI of any note.
4. There is no support available for it.
5. It is an assortment of fragmented OSes.
6. It cannot be run on the x86 platform.
7. You have to compile everything and know C.
8. Support for the latest hardware is always poor.
9. It is incompatiable with GNU/Linux.
10.It is dying.