Slashdot Mirror
OpenBSD, Reductionist Design
Duke of URL writes: "Sam Williams, of Upside Today has an article discussing OpenBSD's overall design philosophy, with good quotes from Theo de Raadt, the OpenBSD project leader.
Williams also covers how the OpenBSD project goes about supporting their financial needs (by selling t-shirts, CDs, and posters) and briefly covers their lack of desire to receive venture capital despite offers. "
I start fires by rubbing sticks together and I bathe in streams. I always wear the bare minimum (just enough so I won't get arrested). My productivity has increased since my switch from Open BDSM, and I've become more appealing to women!
did you READ??? they DO NOT WANT venture capital. NOT want.
Read that last paragraph from the article again.
Main OS Advantages:
Windows: Software & cutting edge driver hardware support.
Linux: Growth.
FreeBSD: maturity/stability
OpenBSD: security
Choose your OS based on needs.
If you need games, get windows.
If you need Unix qualities and app support, get Linux.
If you need an OS that's tried and true, use FreeBSD.
If you need security, get OpenBSD
Note each OS has more qualities that listed here.
Personally, I choose OpenBSD b/c I store mission-critical, ultra-sensitive data on my home PC, and I don't care if I have any applications.
> that's what it wants, and I have to respect
> that.
Wait a minute. You're in marketing, you should be perfectly positioned to know that most of the stuff marketing makes up is over-hyped and/or completely untrue. So why would you respect what the market decides is the defacto standard?
WWJD? JWRTFM!!!
While I can understand your trust issues, I have to disagree. What if Linus became an asshole? Would you stop using the Linux kernel? Theo may be rather tough at times, but thats just the way he is. If it bothers you, thats fine -- but it in no way affects the quality of OpenBSD.
:)
With OpenBSD's development model (all packages are audited and checked before being integrated properly with the system, as opposed to Linux, where all packages are thrown at the computer and put in little directories untill they work) the work of every developer, including Theo, is checked and audited by the other developers. 'OpenSource' software is the same way, you say? I don't see anyone checking the quality of a program before they make an RPM of it and drop it in their distributions CD. For example, just go throw in your latest RedHat CD and search for GNOME RPM's
I trust Theo more than I trust a bunch of little, non-connected groups of penguin-shirt-wearing developers who preach Linux all the time. Linux is nice, and I'm no Linux basher - but I've yet to find a situation where Linux is the best choice to implement, instead of a BSD or other OS. Linux Firewall? No thanks, I like something secure, OpenBSD please! Linux Webserver? FreeBSD here I come. Of course, BSD's aren't as good as Linux is, because they aren't ever on ZDtv, and not in every national publication. Silly me, I forgot that the best software is the one thats got the most publicity, not the one that has the highest quality. Perhaps you forget August 24, 1995.
jason
It was a big media event. People across the nation camped out to wait for copies of a great (heh) new piece of software that would forever lower the bar for software quality:
Windows95 was released August 24th, 1995.
:) jason
I run a quad CPU system on FreeBSD.
:)
I've never had a piece of quality hardware that was not supported out of the box by OpenBSD (or at least NetBSD).
OpenBSD can binary emulate most of the other UNIX-alike's for the platform it runs on, including Linux.
And I get all the support I could ever need from the newsgroups, the great man pages, and the FAQ.
Any other arguments?
jason
so if you want to home firewall / NAT / router thats easy to set up and use, the default install gives you all that.
my point here is that its also very well thought out for its other uses as well, and unlike netbsd, they are not afraid to break traditions if they think something is better. (they are not like slackware here, again, its just little things)
even the installation is well thought out. almost all of it is just hitting enter for defaults except paritioning, which almost anyone doing this is going to have thier own preferences for anyway.
i think the fact that most of us ftp install is because its so easy even if you have the CD.
i still dont use it for alot of my work, it does lack some stuff that linux has. (like java-1.2)
you could have runtime protection automatically inserted by the compiler, like stackguard but it'd probably be better in the long term to use languages that have strict bounds and type checking. (modula3?)
NetBSD: the cathedral vs the bizzare.
I've been in the same situation you are alot of times. I haven't found a solution for the situation, as the company i'm working for has spent about 1/2 million on sun and oracle stuff (at least not windows), that could have done with one pc running linux and mysql, but here are
a couple of ideas:
1. Install the box, regardless of what anyone says. Once it's there they will probably use it.
2. Work for another company, where geting things done is valued more than politics
3. Install whatever equipment they want. You are a techie, and you are expected to like expensive equipment. Enjoy it and encourage them to buy more, remember it's not your money!
Um. What happened August 24, 1995?
WTF... My bad apparently, this is not in reply to the comment it is attached to...
Wow! Just the right mix of "can this guy really be true" and "what a toker." Congrats on the hilarious post. Now I hope this gets moderated to "funny" (or whatever the humor category is) and not flame bait! Or maybe it is just my lack of sleep...
While I'm no BSD zealot I think you took a few turns off the main road by accident with your example of Hotmail. The security holes were in Hotmail (the custom server software) not BSD.
A truly cynical slashdot reader would walk down the street, and upon seeing two people in conversation, would wonder "who trolled who?"
FOLKS! If I post something, and someone else responds to it, that does not necessarily mean that I trolled that other guy! There is a possibility that we are actually having a conversation!
I ought to retell the story of the little boy who cried "troll" sometime...
If tits were wings it'd be flying around.
No! Don't buy the CD-ROMs just to support the project. Buy them if you need to. Otherwise just download the damn thing. If you want to support the project, just figure out the price of the CD, plus shipping, and donate it to the project. They get to keep the shipping expense, and there's one less worthless CD destined for some landfill.
If you really want to own some physical thing that shows you support OpenBSD, then buy a T-shirt or two. You'll use it a hell of a lot more often than you would use a CD, and in the long run it's a bit more biodegradeable ;)
I don't want to jump into an OS flamewar, but I have to correct the above statement. Both NetBSD and FreeBSD projects were founded later than Linux. The BSD UN*X has been there longer than Linux for sure. 386BSD and Linux are about the same age, but the FreeBSD/NetBSD projects as well as the OpenBSD project are younger than Linux.
I think (no flames, please) the success of Linux should be attributed to its license and to its more open development model instead of speaking at the conferences and writing the press releases (Do you remember any press release by Linus except for the press releases for Linux 1.0, 1.2, 2.0 and 2.2?).
-Yenya
--
-Yenya
--
While Linux is larger than Emacs, at least Linux has the excuse that it has to be. --Linus
ok, the xml support maybe. I suppose that's not a bad idea, but I'm not a big fan of kernel modules. DirectX though, not a chance. There are efforts underway to make crossplatform versions of such things though, like SDL.
-lx
You folks just don't get it, do you? BSD is NOT TRYING to gain more marketshare. You're thinking of Linux. BSD is concerned with making the best product possible - if lots of people use it, fine, if only a few do, fine. There is no need for market strategy, and this seems to be a hard concept for people to wrap their minds around. As for your 'monthly release cycle', we have a daily one. There are nightly snapshots, and you can always sync your source with the current versions.
Furthermore, what kind of crack are your experts on? XML support in the kernel? What the hell for? That makes zero sense. And besides the fact that DirectX is a proprietary Microsoft standard, why exactly does UNIX need it?
-lx
security is a function of...
1) how well designed certain OS features are
2) how much time people are WILLING to poke at it
Linux's announcement count benefits from 2, at least as much as 1. I'd say "same with Windows", but nobody has access to the code, to see if its kernel is written anything like a sensible kernel would be.
Looks like 1999 was a very bad year for linux and NT in general. Why the sudden kie compare to other years? I don't believe the numbers are accurate. Since when does netware and macos get so few security holes? I think the numbers are much higher for these lame systems.
"If a show of teeth is not enough, bite
>What is the difference between a version (BSD)
>and a distro (Linux)?
The various Linux distros all have the same Linux kernel (maybe different versions, but it's all the same kernel, more or less).
Linux distros differ mostly in userland stuff, i.e. how the directories are laid out, init scripts, what utilities are bundled, packaging infrastructure, etc.
The various BSDs have different kernels. They all started from the same codebase, but have diverged significantly since.
Of course, the various BSD userland stuff has some differences as well.
I know it's still not as convenient, but all I did was download the packages directory and base directory for i386, and made my own damn bootable ISO :) Took about 2 hours of downloading, half an hour of burning, and magic. And because it's not for multi-platform like the OpenBSD CDs you buy I have the whole i386 package collection all on one CD. Bleh.
Few products with the word "open" in their names are Free (Stallman's definition) or even Open (Raymond's). OpenBSD is Open and Free.
Many people in this thread talk about Theo's harsh personality... I have a little doubt:
Is RMS a nicer person than Theo?
They both will rage about their positions and will not tolerate any other person's - But they both have done great things for all of us!
A careless developer can make anything insecure whatever flavour OS it's running.
AFAIK The hotmail problems were backdoors and mistakes written into the server side programming, not the system configuration.
+++++
+++++
The harder you look the less you see. That's what we're up against.
What, you want me to put my REAL email address on here? Yeah...right. I've managed to make my life nearly spam-free, and I plan to keep it that way.
"That's Tron. He fights for the Users."
Windows 98
Three days without a remote hole in any install!
Uh, localhost hole?
Lier. I found it in less then 30 seconds, and I didn't have to resort to doing a site search. I actually bothered to think.. heck, even less. I looked at the menu on the front page.
From the faq (http://www.openbsd.com/faq/faq3.html#3.1.2)
3.1.2 - Does OpenBSD provide an ISO image available for download?
You can't. The official OpenBSD CD-ROM layout is copyright Theo de Raadt, as an incentive for people to buy the CD set. Note that only the layout is copyrighted, OpenBSD itself is free. Nothing precludes someone else to just grab OpenBSD and make their own CD.
So basically, you really did pester him because your to lazy to do anything. Why else do you think BSD people get bad reps for not being polite to newbies? Think.
"Open Source?" - Press any key to continue
This article didn't have anything new in it, but it was well written I thought, and interesting none the less.
-- Superlame http://catpro.dragonfire.net/joshua/
Further similarity between OpenBSD and Judaism are that neither sets out to maximise it's "market share" and that it's a little difficult for an outsider to get accepted into the community. Linux must be equated to Christianity cos there are many many distros, some of which are almost identical. FreeBSD and Islam are both supposed to be updated versions of something which predates and sparked their "competitors" - although FreeBSD 4.0 is not regarded as "final" in at all the same way as Islam.
perl -e 'fork||print for split//,"hahahaha"'
Never mistake an operating system for the lines of code which comprise its current version. The team developing the code are probably a more important part in the long run.
I think the answer is either "Yes" or "No", depending on whether you believe the Bible to be the word of God or self-contradictory. But this ain't the place for that debate ;-). Anyway, I don't think the original poster was making that claim, he was just making a comparison. A parable if you like. Jesus never said we were actually seeds scattered on the ground. Similarly, the original poster never said that OSes actually were religions.
perl -e 'fork||print for split//,"hahahaha"'
Quite the sticky situation. I've been fortunate enough to deal with many people who understood open source. And I'm male (which could be fortunate or unfortunate depending on how you look at it).
So are they disregarding you because you're female, or because you use Linux? Maybe we should get OS preference included in non-discrimination laws.
Any sufficiently advanced civilization is indistinguishable from Gods.
>TIMe Join LINUX
Which Linux?
Look at redhatisnotlinux.org. This site:
1) claims to not be an anti-red-hat site.
2) trying to get the world to see that linux is more than redhat
Given one of the options is:
>CompileFarm, for comercial entities to build binary distributions for ALL MAJOR Linux distributions.
It looks like there is not ONE LINUX to join...but MANY Linuxes to pick from. So which Linux distro do you want us to do free work on?
>WHy do we have soo many different unix variants.
Answer this question: Why are there over 150 Linux versions?
Given all the different distros, and the need for a special compile farm, it looks like Linux is more fragmented than the commerical Unix world ever was.
If it was said on slashdot, it MUST be true!
>At the moment BSD does not have enough support
Really? I look at the ftp program in NT, Apple's Mac OS X, and even Linux, and find BSD code.
Looks like plenty of people support the use of BSD in open AND closed source.
>In a case like this BSD developers should either focus on releasing a better and more secure linux,
And Linux NEEDS this help based on the money I make fixing Linux boxes that have been broken into. I hope it takes a long time to get around to fixing Linux...I *LIKE* making money off of Linux, and it only helps me install BSD....once these people get sick of Linux and being hit by script kiddies.
If it was said on slashdot, it MUST be true!
According to securityfocus Linux is #2 for most announcements, with NT in the lead.
Given the number of security announcements for Linux, exactly HOW is BSD less secure?
Debian 2 2 29 5
FreeBSD 4 2 18 6
HP-UX 8 5 7 3
IRIX 26 13 8 3
Linux (aggr.) 10 23 84 30
MacOS 0 1 5 0
MacOS X Server 0 0 1 0
NetBSD 1 4 10 3
OpenBSD 1 2 4 2
RedHat 5 10 38 17
Solaris 24 31 34 6
Windows 3.1x/95/98 1 1 46 11
Windows NT 4 6 99 34
If it was said on slashdot, it MUST be true!
Look at all the security sites....For example....RootShell.com what do they run? exactly.
Chaos, Mayhem, and Destruction: Not
I installed OpenBSD over the phone for a friend and then ssh'ed into his box and had NAT setup (including dhcpd) in 15 minutes. All he had to do was plug the 1st nic into the cable modem, and the other into the hub. No need to install X or anything, just keep it small. BTW, I remember playing with RH 6.1 and i told it not to install KDE or GNOME (just use enlightenment duh) and it still installed GNOME. Stupid RH
Chaos, Mayhem, and Destruction: Not
I am a highly regarded professional marketer,
-1 Troll. Aww come on. That was one of the funnier posts I've read recently. Miserable bastards - go and read it again.
We all know that crap is king
Give us dirty laundry!
What is the difference between a version (BSD)
and a distro (Linux)?
Where is answerman?
Who would that "charismatic leader" of chritianity be? Jesus? Islam wasn't even around back then. And Christianity has never eroded Judaism's "user base" not has Islam seriously affected that of Christianity. They all just spread out in different directions.
Also, AFAIK there are presently more christians than muslims.
The illegal we do immediately. The unconstitutional takes a little longer.
--Henry Kissinger
Still, he *is* a troll. And getting lazy, too.
The illegal we do immediately. The unconstitutional takes a little longer.
--Henry Kissinger
But what makes "Why is there no iso?" a stupid question?
Umm... If you read my follow up, I stated I DID try and look up the answer.. but at the time when I did a search on the site for "ISO image" nothing showed up.. So I asked..
UPS Sucks
And.. If you read my OTHER messages.. You would have seen me say that it IS there now.. it wasn't when I originally was interested in the trying OpenBSD.
UPS Sucks
No.. Its NOT that he doesn't like ISO's.. Its the fact that his "logic" is flawed (Supply ISO Image = No CD Sales).. Sorry..
As for FTP install.. On a 33.6K dialup ? I did it ONCE, only ONCE for a FreeBSD system (Version 2.2.5).. 5 hours to do an install is not what I want to do. (Bringing the computer to my place of employ to install isn't an acceptable option - unauthorized system on the network). I only wanted a CD so I could do the install from home on my own machine and at my own rate.
Odds are that I would have purchased it (even if I DIDN'T use it, just as a sign of support) had I NOT been annoyed.
Is it childish ? A little. Tough.. 1st impressions are REALLY important.
UPS Sucks
Actually, I believe it was a recursive troll. No serious flame contains the word "boobies".An excellent faux-flame response, and you leap into YHBTing.
YHBRT. HAND. hahahahahahaha!
You burn linux and freebsd images, right? Well download the files you need and make your own image.
Only the State obtains its revenue by coercion. - Murray Rothbard
Do a ftp install then or make your own ISO image, its not that difficult. Show your support to the project by purchasing the cd. So your opinion of an OS is based on the the fact he doesn't like ISO images? Give me a break.
Only the State obtains its revenue by coercion. - Murray Rothbard
Simple. Buy the CD. It then costs money, but not as much as another system.
Make up something about the firewall boxes being more suitable for small businesses with no permanent technical support, (Or if that isn't likely to work, pick a type of company that the one you work for doesn't want to be like).
You might be able to find some statistics that support your choice as well, but only use this approach if they actually ask for figures.
I don't know if you've ever studied European history, like say, in German and Russia, for example, in the first half of the 20th century, for example. Christianity has done to Judaism far worse than MS has ever done to any other OS or application company. The Holocaust and the brutal treatment under the rule of the Czars are just tiny examples of Christians doing evil to Jews. Christianity has gone far beyond mere FUD in its evils. It makes me ashamed at times to be associated with it.
By the way, his analogy was actually very good. Yes, Jesus was a charismatic leader. Also, as far as Islam not being around at the time, you must have missed the reference to the BSD fork.
Yes, it's true that most analogies are flawed, but that's because they're meant to approximate the situation in simpler terms. This doesn't make them wrong.
WARNING: there is a trojan on your
When I got to OpenBSD, Nope.. No ISO. When I asked (in what I believe to be a polite manner) I was told basically to stick it that if I wanted a CD, I had to purchase it becuase creating an ISO would cause his sales on CD's to go to nothing (Really ? Tell this to RedHat, FreeBSD, NetBSD, etc.) Sorry, with opensource I try before I buy..
I doubt the problem was your level of "politeness". The problem was that you are about the ten-thousandth person to ask "Where's the ISO?" They don't provide ISOs. Even a cursory glance through the mailing list would determine that. It's probably in the FAQ.
The surest way to piss Theo (and a lot of other people) off is to ask the same question over and over again.
In short, before anybody complains "Theo was a dick to me!", ask yourself "Did I actually attempt to find the answer myself, or just waste other people's time reasking a FAQ?"
If you went to a company and their spokesperson was rude to you.. Would you EVER use that product ? Would you EVER reccomend that product ?
Depends on the product. If the product suits your needs, then use it. Salesmen lie to me, and I consider that extremely rude. Theo has a short temper, but he and the other OpenBSD developers make a quality product. In many situations, I use it and recommend it. In others I don't. But his attitude has little to do with his product.
I doubt Scott McNealy would be much more forgiving if I wandered into his office and said "What's, uh, the deal with this Solaris thing..." At best, he'll point me to a stack glossy literature...
I still buy shit from Sun.
Don't tell me his personality isn't a determent to the project. I talked with people who are "in" with Free/Net BSD's.. They said FreeBSD and NetBSD could probably actually merge into a common code base but they also said there is little chance in hell of ever merging with OpenBSD due to "personality conflicts"....
Determent how? OpenBSD isn't about marketshare, or making money. Their expansion is based on one thing only: "Is our stuff better than theirs?"
Would one big OpenFreeNetBSDi really be better? Why?
And I actually DID try and find something about ISO images.. A search of their site (at that time) showed nothing.
That's good, but there's still a few more places to check before yelling "Help" on the mailing lists. The archives are one of the best, just to make sure no one asked the same thing yesterday.
So you're saying we should just shut the forks up? :)
now that was just wrong...
umm, yes, I would, if the product was significantly better than the compititon. That, and i usually refrain from asking stupid questions.
I have set up 2 OpenBSD firewalls with brconfig (bridging) and ipf. easy easy easy to do. one box is a p100 and the other is a p133, both with 64 meg ram, both b/t router (t1) and first switch on the network, and handle all of that traffic no problemo. Linux supports bridging but its not even close to being robust as the BSD version. Since it uses ipf, it supports a better form of chaining than linux as well.
Moreover, I think that the market isn't really "getting" about open source yet is that there isn't the proprietary prisoner's dillema that exists in commercial OSes. Developing for Linux does not exclude OpenBSD. Both have their strengths and weaknesses, and because both are open, both can "borrow" the good ideas from each other.
Also, open OS's promote a "toolbox" view of OS code. Because of the open development, you're not "stuck" using an OS that doesn't really meet your wants because it has one or two proprietary features you need. This means that running several differant OS's is okay, because the open nature makes them interoperable.
This Sig Intentionally left blank
"simplify, simplify, simplify" - thoreau RISC chips, OpenBSD, gnu compiler... now that's tight!
Let's be clear: anyone who thinks dominance comes from having the best product should go sit on that stack of Betamax video tapes for a while until it sinks in.
This is a call-to-arms for those looking to get into the game. For all those who complain that they're forever being overlooked: Stand on a fucking chair if you have to, and figure out what it takes to make more people like you and listen to what you say. And if you want to keep screaming and waving that bloody mallet and slavering and dripping gore on the linoleum and hollering "WHY WON'T ANYONE JOIN ME IN MY HOLY MISSION OF TRUTH?!", well, fine. You can go sit with the other cult members. The Christians and Muslims and Jews and Linux users may get criticized for being mainstream, but at least they're friendly and don't make such a mess. And, oh, by the way: they're 90% of your potential market, so you'd best treat them nice. (Me, I'm a Unitarian. We just drink coffee and pontificate.)
Love,
Benjy
www.monkeybagel.com
---
Benjy Feen
http://www.monkeybagel.com
---
Benjy Feen
http://www.monkeybagel.com
---
Jesus christ. Can you try staying on topic? OpenBSD to anti-religious fervor. Good job. -- This message would be in caps if it weren't for automated content filters.
I can cvsup and recompile the OS every couple of hours if I want.
CONGRATS. You have just been trolled. Have a bagel; you can slide it off my humungous shlong.
>> n0w 5hut th3 phukk up b3f0r3 1 k1ck j00r 455, f4gg0t. > What's scary is that I'm getting to where I can actually read this stuff as a stream, rather than having to decypher it one character at a time. Maybe I'm ready to tackle perl now. What's exceptionally scary about all of this is if you add all the numbers in that phrase together, (count 0's as tens) they come up to more than double the original posters I.Q. And they say monkeys can't do math well...
It will be easy to motivate our fellow man; there is hardly anything people treasure more than not being annihilated.
ha ha
80% of small businesses don't need SMP and can afford to make sure they don't pick unsupported hardware.
Tell me about commercial support with linux...
Apps used have (like samba) have the same support as with linux, as it is simply the same.
Your point [d] betrays you as just an ideologic opensource hater and nothing else. Point [e] shows you're clueless. OpenBSD runs linux and Solaris binaries...
You think that I propose OpenBSD as a valid alternative for anything and everything? You should learn to read!
I'm rookie, ok. Most of all, I'm availability conscious and rather the anxious type. I guess I'm not alone.
Three days ago I gave OpenBSD a try. This OS is straight Unix. Configuration may be painfull at some stage, like disklabel creation. I guess more awaits me. I compiled Samba in, which is not audited and may suffer exploits and flaws. I'll certainly add other similar software in the future.
Why bother then, some will argue?
That's what is impressive with OpenBSD: network exploits, security holes, can only result of MY wrong doing. To my surprise, the thought is surprisingly conforting.
The thing is, I know I may be adding vulnerabilities which each service I add, but as I add services, I can read the related doc, learning IN TIME about the security issue, and learn AT THE SAME TIME what countermeasure I have to take.
I've added Samba, my next move is set the firewall accordingly.
The relief is so great that the unix "unfriendliness" of the systems appears light in comparison: being carefull is feasible and will be fully rewarded.
In summary:
The stress factor is all important but often neglected, especially in business. But the hidden costs inccured are probably high. OpenBSD may help reduce these costs, as it gives the following adventages:
More infos:
- BSD Today: A step-by-step journal of installing OpenBSD
- www.openbsd.org
- OpenBSD Explained
enjoy!
Raph
I really don't think this is accurate; I know there were a number of local exploits in the past 6 months that affected all BSDs, including OpenBSD.
most recent exploit: tricky procfs hole. of course, openbsd doesn't mount procfs by default.
Now, this might just be a matter of hair-splitting; perhaps OpenBSD doesn't install any of the vulnerable BSD utils by default.
that is correct.
If that's the case, it's not a fair comparison, since RedHat has a number of different installation levels available.
of course it's a fair comparison. the openbsd developers carefully check over all pieces of the operating system before including them by default. it's a measure that other vendors do not take. you may think that redhat provides a secure installation level, but do you really think that they read every piece of the linux kernel source, hunting for bugs? or even the small important utilities. this is where openbsd pulls ahead.
I really don't think this is accurate; I know there were a number of local exploits in the past 6 months that affected all BSDs, including OpenBSD.
Now, this might just be a matter of hair-splitting; perhaps OpenBSD doesn't install any of the vulnerable BSD utils by default.
If that's the case, it's not a fair comparison, since RedHat has a number of different installation levels available.
That said, I'd like to see things like LIDS incorporated into the Linux kernel, available for all to use. That would go a long way towards helping make Linux distributions more secure, if they'd at least turn on some of the openwall stuff (which has supposedly been incorporated into LIDS).
--
Network Flight Recorder is one such device(not a firewall of course) that cant be configured at all. the openbsd box you want to install is the real deal and they have you there to make it do whatever is needed. i have yet to see a "real" router ping for lowest latency on different lines to determin which one to use for example. but a little perl on a bsd box did that trick nicely.
you can also show them the messages from bugtraq, (a security vunerablilty / exploit mailing list if your not already on it) where sometimes, firewalls and little boxes come up. openbsd does not. almost any security site can help here. rootshell is another quick easy one.
if they keep ignoring you, with your skills, maybe you should work elsewhere or just go to work take advantage of the free time and pay check your getting anyway.
Good question. Let them know that they are not letting you do your job. Let them know that they should either let you do the job, or expect you to find a different job, one where you get both responsibilities and the authority to make things happen.
Alternatively, tell them how you're going to solve the problem, solve the problem that way, then tell them you've solved the problem.
If it's a matter of not having an extra box to build a firewall with, pick up a used box yourself, or claim the old machine next time someone upgrades their desktop.
There are lots of people doing work on Linux for free. Some of that work is even off in userland where it will help some or all of the BSDs as well.
There are people employed by Red Hat (and I expect others) that are payed to work on Red Hat. The folks that work for Red Hat Labs for example.
Sure. But Linux has done the work to get them. It's users were more excited. More intrested in recuriting others. More willing to try a new devlopment model. More willing to try a new bisness model. More willing to risk the goose that gave them their golden egg.
People doing it for the ego boost would be somewhat more intrested in who has the larger user base. People intrested in doing coding on an OS they can sell the boss may go for the one that has recieved more press. People tired of Windows coding may see the alternitave covered in the press and go for it.
So, yeah, the press helps. And some people who use BSD are jelious of Linux's success. Some people who use BSD are delighted by Linuxes success. Some people who use BSD are happy to see BSD get a bit more press too. Some people who use BSD would rather keep it's eletest nature and not see so much press. I'm all of the above, in diffrent mesures as the days pass.
But you've got to admit that the majority of Slashdot posters come across as clueless teenagers looking for a flamefest. I applaud the moderators for moderating that particular post down, as its author was clearly in the dark when it comes to the development of BSD and operating systems in general.
As noted on the OpenBSD pages, there are a similar number of developers working on the core of OpenBSD as there are for Linux. Put simply, there just aren't that many coders out there who have the skills to work on a task like operating system development. Likewise, there is a threshold to how much of a large piece of software an individual can understand in its entirety. The Alan Cox's and Theo's of this world are pretty few and far between, but contrarily there are enough to sustain the development of Linux and the free BSD's.
As for the original posters claim that developers should focus on Linux because it has a wider installed base than say FreeBSD, is to misunderstand the design goals of Linux. While OpenBSD concentrates on being stable and secure, while perhaps not state of the art, Linux aims to support as many peripherals as possible. This leads to experimental code in the kernel source tree, but a bigger chance that it will work on the latest hardware.
Linux and OpenBSD have greatly differing design goals, and the original posters ignorance of them rightly deserved his post's critical moderation.
Chris Wareham
because he is ignorant to the facts his post should be moderated down and ignored right?
... but this moderation struck me as spot on. The original poster didn't couch their message in terms of a question, but more like a blunt statement.
When it comes across as flamebait, then yes.
He or she obviously didn't even take the time to read the article which Slashdot was linking too, or else the nature of OpenBSD would have been apparent.
It all comes down to whether you want Slashdot to descend into a morass of 'Frequently Asked Questions' (or frequently stated misconceptions as is more often the case). Personally I'd like a slightly more informed level of discourse on Slashdot - not the inane drivel I have to contend with on Usenet.
At the same time the balance has to be right. I'd hate to see the level of pedantry and nit-picking that permeates comp.lang.c
Chris Wareham
Hmmm, you obviously misread the intention of my post. You also used a rather poor analogy.
Racecars don't have CD players. I can't make my car into a racecar by yanking out my CD player
Bad analogy because I can strip down Linux and make a secure server. It may not be as reassuringly secure as OpenBSD, but given the disproportionate number of security holes in applications (as opposed to the kernel) then I'm content. The real analogy is to compare a rally car to a roadgoing version of the same model. The rally car has been finely honed for performance in much the same way OpenBSD is tweaked for security. The roadgoing version offers more features, but you may not need that added functionality. To carry the analogy to an extreme, OpenBSD is like making the rally car available to me - but I have to accept the possible limitations in functionality.
By stating that a Linux user should strip down their install if they wish to be security conscious, I wasn't implying that they should give OpenBSD a miss. In fact, the main reason I stick with Linux is because I have considerably more experience with it than with OpenBSD. As I came from a SVR4 rather than BSD background that may be the reason why, (I find I have to 'relearn' things occasionally on BSD systems, while most Linux distros strike me as more SysV-ish).
THe install base of Linux compared to OpenBSD does offer up the possibility that bugs are more quickly found in the former. However I find greater reassurance in OpenBSD's code audit than the possibility that bugs are reporte more readily for Linux systems. In this I assume you are in agreement.
Chris Wareham
Some people who use BSD are delighted by Linuxes success
An interesting point of view is the one I came across in a book on building firewalls with Linux and OpenBSD. Some in the BSD community look upon Linux with its bigger install base as an ideal testing ground for new software. This camp positively encourages development targeted at Linux at first, with the possibility of porting across to the BSD systems at a later date.
There is a certain amount of the snobbery evident in this view. They see the Linux userbase as more tolerant of buggy software, with the obvious implication that the whole system is buggier. This is redolent of the complacency in the BSD community with regard to how their operating systems are perceived. Many potential users are put off by the condescending attitude that is more prevalent in BSD circles than in Linux ones.
This attitude certainly put me off of using FreeBSD, especially as I found it a poor desktop system in comparison to the typical Linux distro. Thankfully, this seems to be changing as a number of people migrate to dual booting a BSD operating system alongside Linux, or switching altogether.
Chris Wareham
Perhaps it is time for the temporary-permanent OpenBSD box? Set it up for the "time being" and soon weeds will be growing up around the edges. Of course I'm in a slightly less PHB place so this might not be an option - but you could try it!
If is passworded, the developer can do nothing about the user making their password their boyfriend's nickname, or putting it on a post-it note on their monitor.
The system must not accept foolishly easy passwords; it must enforce mixed-case with special characters.
There will always be first-time users, as well as human mistakes, and hot-headed if not straightforward evil intentions.
I'm all for educating users, but it can not be the sole basis of security, can it?
On the other hand, scaring lusers with love viruses is a great way to teach them about secure system. Or rather, less flawed ones.
I think, therefore thoughts exist. Ego is just an impression.
Quite right indeed
Then again, that is exactly the reason why you have to assume that the average user is hostile. User itself might not be, but those who see the password might be.
Anyway, forcing it to be near random noise makes it less easy to be guessed without seeing that note.
Post-It's should come with self-destruction enabled in case they get a password-resembling string written on them!
I think, therefore thoughts exist. Ego is just an impression.
Just to add my "me too" post:
:)...
:)
:)
Yes, minimalist is good when you want to get the job done.
I couldn't be happier with openbsd at work -- it handles firewalling for the part of the network that needs to be hidden, it handles NAT for the windows boxen of the developers, it has 69 aliases on the external nic which handle web pages by portforwarding.. and all of this from a spiffy 486/66 box with 8 megs of ram...
I can safely say that little or no other unixen can do that without desperately needing beefier hardware.
Oh, and yes -- once configured as a silent firewall it could just be left there, without me having sleepless nights wandering when the new security hole will occur...
And to top that off, you can almost daily find Theo in #openbsd @efnet and he *will* answer your questions, provided they are not extremely stupid (mine are sometimes
So, if you ever need a secure, silent workhorse that needs little or no tweaking to get working -- use openbsd
flame on...
Does OpenBSD support a firewall that has a chainlike structure like linux's ipchains? People say that OpenBSD is more secure for a firewall, which I would gladly accept, but what I want to know is if you have a really complicated firewall setup, can OpenBSD keep up because it has a logarithm chainlike design, or is it a linear packet-matching design like other firewalls? I only ask because some commercial quality firewalls (including the pre-boxed ones) can get extremely poor performance when you start passing large amounts of traffic through a firewall with a large number of settings.
Can someone familiar with OpenBSD internals provide an answer to this?
Fuck off, Bastard.
WHY must there be so many different distributions of Linux?
WHY are there so many SVR4 variants?
Us UNIX geeks like to have variety, I suppose. Maybe it's not always in the best interests of solidarity and progress, but having the choices there is a nice feeling.
"That's Tron. He fights for the Users."
Only if the software has no easily exploitable bugs is the uneducated user the primary flaw in security.
It's not people leaving their passwords on Post-it (TM) notes that allows people to hack hundreds or thousands of boxes to do a DDOS attack with.
Trees can't go dancing
So do them a big favor
Pretend dancing stinks!
This article says "OpenBSD population 7000"
7000 is an accurate number of CDs sold for OpenBSD 2.6, but not total!!!
Luser unsecurity hype is mostly unnecessary; software developers need to be more conscious.
Bollocks. If is passworded, the developer can do nothing about the user making their password their boyfriend's nickname, or putting it on a post-it note on their monitor.
The uneducated user is the primary flaw in security.
Pax,
White Rabbit +++ Divide by Cucumber Error ++
free experimental electronic music netlabel at www.viablehybrid.com
WHy do we have soo many different unix variants. Its time we got all the people stop wasting their time with so many different unices. Time to UNITE. TIMe Join LINUX...... Be a penguin or sit on a Window }:) UTS MOooooooS !
So you're saying we should just shut the forks up? :)
Pax,
White Rabbit +++ Divide by Cucumber Error ++
free experimental electronic music netlabel at www.viablehybrid.com
Insanity is the last line of defence for the master diplomat. But you have to lay the groundwork early.
If Open BSD wants venture capitalists, they should get someone OTHER Theo to talk to them. He can have an attitude (as an example, think about things like the OpenSSH.ORG/COM Issue). If you take both sides statements with a grain of salt, It seems like the owner of OpenSSH.ORG was WILLING to make a deal (if OpenBSD/SSH would just add some links to OTHER open source security projects). But Theo copped a 'tude and sicked SlashDot on the owner of the OpenSSH.ORG domain (not a good PR thing).
As an aside (and a vent) they (read Theo) aren't not listening to the community. The other BSD's (Free and Net) both are now releasing ISO images to download. When I wanted to do some comparisons of Free/Net/Open BSD's, I wanted to download the ISO's and burn CD's (at work, since at home I only had a 33.6K dial up). For Net and Free BSD's this was not a problem. When I got to OpenBSD, Nope.. No ISO. When I asked (in what I believe to be a polite manner) I was told basically to stick it that if I wanted a CD, I had to purchase it becuase creating an ISO would cause his sales on CD's to go to nothing (Really ? Tell this to RedHat, FreeBSD, NetBSD, etc.) Sorry, with opensource I try before I buy..
Not good to annoy someone who helps plan server deployment at their company (and for their own company). So.. No OPEN BSD.. No Purchases (since I DO purchase open source software and CD's.. I have been buying FreeBSD since 2.2.5 and have 4 different Linux Distro's too).
UPS Sucks
The thought of BSD, any version, as "minimalist" is pushing it. But compared to the shovelware that's sold as operating systems today, I suppose it makes sense. Still, compare QNX.
"I'm quite tech-savvy". Understand that when someone says something like this, it's like a girl saying "I have gigantic boobies": not only is it faintly goofy-sounding, but the information being imparted will either be obvious to the observer or clearly untrue. In neither case is it an advantage to make the statement, and it can only hurt you if the observer disagrees.
And since you call yourself an NT and VB \"guru\", and you're talking about UNIX, that makes you an A-cup girl in a prom dress, and let me tell you, honey, no amount of Kleenex is gonna help.
I was going to argue some technical points, but I need another beer. Hang on.
---
Benjy Feen
http://www.monkeybagel.com
---
Benjy Feen
http://www.monkeybagel.com
---
Hmm, no mention that 98% of OpenBSD users have downloaded the Os, or did a FTP install. (which works very nice) I think they could have mentioned that somewhere. I place that number MUCH higher than 7,000.
I am a highly regarded professional marketer, concentrating on the "tech-savvy" demographic. It has been proven time and time again, that there are 2 things that will get people to buy.
1) sex
2) fear
Anyone with experience of the open source community (bearded, sandal wearing, grateful dead listening, socialistic, eliter-than-thou socipaths) will realise that sex is noth something they will understand in any meaningful way. Hence the marketing strategy must be all about FEAR. (or at the more 31337 would say P|-|334R.
For BSD (Open, Net, Free, Whatever, they're all the same) to become popular and reach the dizzy heights that RedHat has achieved, it needs to change the marketing strategy.
If I were in charge, I would instigate a Monthly release cycle. This way, the comfort and satisfaction a nerd gets from being "up to date" would be a short lived thing, and he would be constantly needing to upgrade to stay current. Even a moron can see the revenue streams here.
Also, I would try and get the marketing story a bit more coherent. I mean, what DIFFERENTIATES *BSD from all its competitors (Linux, BeOs, Solaris) etc.
I'm quite tech-savvy, being an NT and VB "guru" but I don't know operating systems. However the experts I've spoken with are clear, Free/Open/Net Bsd needs DirectX and XML support in the kernal, in order to compete with Windows, on a feature by feature comparision.
I realise now that slashdot readers do not care for my insightful observations, however I continue to post them, as I personally am conviced of my expertise, and do not require it to be validated by a bunch of whining 16-year old Korn-listening skript kiddies, hell bent on destroying the music industry with their illegal "napster" protocols.
RedHat Linux has more security advisories, but that's a consequence of including so much software as part of the standard distribution. They also include lots of beta and recently developed code. OpenBSD in comparison only uses carefully audited code and older, well tried applications. The downside to the OpenBSD approach is that you only get a small set of tools with the standard disribution.
So you should pick what you need from your Linux distribution, and don't install anything else. Or install OpenBSD if you want to. Just remember that a lot of free software is currently written with Linux as its primary target, so you may need to tweak it to get it going on OpenBSD.
Comparing RedHat Linux to OpenBSD simply on the basis of how often security flaws are found in the entire distribution is misleading.
(disclaimer: I happily use both RedHat Linux and OpenBSD, so I know the strengths and weaknesses of both)
Chris Wareham
This is what I have been saying for a while now.
There is a strong, growing need of
Luser unsecurity hype is mostly unnecessary; software developers need to be more conscious.
@input = map {
$cgi->param($key) =~
( $key, $1 );
} $cgi->param(),
I think, therefore thoughts exist. Ego is just an impression.
> n0w 5hut th3 phukk up b3f0r3 1 k1ck j00r 455, f4gg0t.
What's scary is that I'm getting to where I can actually read this stuff as a stream, rather than having to decypher it one character at a time.
Maybe I'm ready to tackle perl now.
--
Sheesh, evil *and* a jerk. -- Jade
Then perhaps, although probably not, if he's a PHB, pointing him to GNATbox and/or www.dubbele.com will help - these are the 'plug it in' boxes he talks about, and they use BSD variants..
Of course, it's because RedHat began treating Linux as a traditional product that must be "released" that has made it the investor's baby of open source. Free/NetBSD have been around longer than Linux, but they didn't get the attention because they're more concerned with refining the code than writing press releases and speaking at conferences.
But then, it seems that a few BSD folks, like Theo, are doing the publicity thing; perhaps to try to avoid being left in the populist dust of Linux. I just hope it doesn't adversely affect the quality of the software.
Not that Linux hasn't done wonders and that the high profile distros are doing anything "bad", of course. But I'd hate to see BSD suffer because everyone instantly associates open-source with Linux; and further associating Linux with Red Hat. I don't want to lose options because they're not as popular.
Any sufficiently advanced civilization is indistinguishable from Gods.
OpenBSD:
Three years without a remote hole in the default install!
Two years without a localhost hole in the default install!
RedHat:
Three weeks without a remote hole in the default install!
Two weeks without a localhost hole in the default install!
Thats all im going to say.
Chaos, Mayhem, and Destruction: Not
The reductionist philosophy of OpenBSD has rubbed off on me as well. My dual boot machine contains RedHat Linux on one drive, and OpenBSD on the other. The Linux install is stripped down by most peoples standards, but includes all sorts of bells and whistles like GNOME, AbiWord, Mozilla, etc. all fastiduously kept uptodate with latest versions.
...).
Meanwhile, my OpenBSD install has the bare minimum - Blackbox WM, NEdit, DDD, Gimp and Communicator. The KISS philosophy that permeates OpenBSD really is infectious. The sparsity of a new OpenBSD install belies the extreme care that goes into what is there. The man pages are upto date and accurate, the tools are rock solid.
I really, really recommend looking into OpenBSD for development boxes as well as it's usual server niche. My productivity has increased since the switch from Linux, as I get les of an urge to spend time compiling pre-release kernels and the latest GNOME tarballs. Instead I do that at home (hmmm, maybe I need to get out more
I disagree with the interpretation of the UpsideToday article's "Like craft brewers, de Raadt and the OpenBSD development team prefer to let the software age a little, offering only two updates per year."
Two updates per year at fairly predictable times is quite fast for operating systems. Also this contrasts with the philosophy of no guarantees whatsoever about when releases will be made, a philosophy that I believe has been demonstrated to result in the longest aged software, for no good reason.
Looking at OpenBSD's current changelog, they are at least testing almost all of the important recently released software such as GCC's and Perl's.
I think UpsideToday has it 180 degrees backwards. OpenBSD's fairly regular releases means that users will get inspected and verified packages faster than if they used another operating system where there is no set schedule. I think OpenBSD simply has better management in this respect because they have a disciplined schedule. They're releasing and updating at the fastest rate possible.
I use OpenBSD not because I necessarily like or agree with everything Theo has done that may be controversial over the years. I use OpenBSD because, all things considered, it's a damn good OS. The developers work hard with a primary goal of producing the best code, not just code-that-works-and-supports-latest-doohickey.
As I said in a previous OpenBSD thread, I don't care if the project lead eats children for breakfast and pushes old people out of wheelchairs for fun; if it works and I like it, I'll damn well use it.
"That's Tron. He fights for the Users."
I've emailed the story link to my PHB, who asked me to recommend what to use for a firewall. I wrote a report that concluded OpenBSD -- it's free, an it's good. Now he keeps asking me about various little "firewall" boxes where you plug the server into one end and the internet into the other and hope for the best. Any ideas of how to explain "You would pay more money for a less good thing"?
They've already tagged me as "that wierd linux girl" so every non-microsoft solution I suggest gets nodded at and then pretty much ignored. I mean, you morons hired me to handle your technology, why oh why won't you listen?
Aarrrgh
People always whine about OpenBSD not having official ISO images available online. Think about it: If you are on a slow modem connection to the Internet, would you rather download a 650MB ISO image, or a custom created 100MB image that's exactly what you need? I thought so...Here's how to do it:
/path/to/openbsd/distribution/files
/path/to/openbsd/distribution/files/cdrom26.fs. (and yes there are other options, read the man page: http://www.openbsd.org's man page of mkisofs
If you read the mkisofs man page, it's only a matter of setting up 2 options, one to point to the floppy disk image that you are going to boot from (for OpenBSD they are labeled *.fs, use cdrom26.fs for a CD) and then specify a _location_ destination for the boot.catalog.
So just set up the mkisofs like you would for any other CD, then use -b cdrom.fs and -c boot.catalog and you'll be fine. (the *.fs file path is relative to the other files). It couldn't be simpler.
Here's an example:
mkisofs -b cdrom26.fs -c boot.catalog -L -R -o openbsd.iso
and cdrom26.fs is presumed to be at
If people would quit complaining, they'd realize that it's BETTER this way, as you can create customized cdroms. I make -current CDROMs for x86 and put every package and licensed file on there. It's great...
Oh and here's how you burn it:
cdrecord -v speed=4 dev=/dev/cd0c driver=mmc_cdr openbsd.iso
The cdrecord options are for either ATAPI or SCSI since we unified the driver in 2.6.
Give 2.7 a try, it's wonderful!! And DO buy the CDROMs, they help the project in so many ways...
Linux AFAIK only has one version, RedHat (although other version known as "distros" exist, they are not 100% Official, like RedHat is.
The confusion about which BSD is the true "100% Official" BSD must be losing them users.
RedHat's 100% official RedHat site is at RedHat