OpenBSD, Reductionist Design

Duke of URL writes: "Sam Williams, of Upside Today has an article discussing OpenBSD's overall design philosophy, with good quotes from Theo de Raadt, the OpenBSD project leader. Williams also covers how the OpenBSD project goes about supporting their financial needs (by selling t-shirts, CDs, and posters) and briefly covers their lack of desire to receive venture capital despite offers. "

only 7,000 OpenBSD users????

Hmm, no mention that 98% of OpenBSD users have downloaded the Os, or did a FTP install. (which works very nice) I think they could have mentioned that somewhere. I place that number MUCH higher than 7,000.

Re:all about marketing

For once a Slashdot poster makes sense.
I am a highly regarded professional marketer, concentrating on the "tech-savvy" demographic. It has been proven time and time again, that there are 2 things that will get people to buy.

1) sex

2) fear

Anyone with experience of the open source community (bearded, sandal wearing, grateful dead listening, socialistic, eliter-than-thou socipaths) will realise that sex is noth something they will understand in any meaningful way. Hence the marketing strategy must be all about FEAR. (or at the more 31337 would say P|-|334R.

For BSD (Open, Net, Free, Whatever, they're all the same) to become popular and reach the dizzy heights that RedHat has achieved, it needs to change the marketing strategy.

If I were in charge, I would instigate a Monthly release cycle. This way, the comfort and satisfaction a nerd gets from being "up to date" would be a short lived thing, and he would be constantly needing to upgrade to stay current. Even a moron can see the revenue streams here.

Also, I would try and get the marketing story a bit more coherent. I mean, what DIFFERENTIATES *BSD from all its competitors (Linux, BeOs, Solaris) etc.

I'm quite tech-savvy, being an NT and VB "guru" but I don't know operating systems. However the experts I've spoken with are clear, Free/Open/Net Bsd needs DirectX and XML support in the kernal, in order to compete with Windows, on a feature by feature comparision.

I realise now that slashdot readers do not care for my insightful observations, however I continue to post them, as I personally am conviced of my expertise, and do not require it to be validated by a bunch of whining 16-year old Korn-listening skript kiddies, hell bent on destroying the music industry with their illegal "napster" protocols.

Not informative, just misleading.

[LizardKing]

RedHat Linux has more security advisories, but that's a consequence of including so much software as part of the standard distribution. They also include lots of beta and recently developed code. OpenBSD in comparison only uses carefully audited code and older, well tried applications. The downside to the OpenBSD approach is that you only get a small set of tools with the standard disribution.

So you should pick what you need from your Linux distribution, and don't install anything else. Or install OpenBSD if you want to. Just remember that a lot of free software is currently written with Linux as its primary target, so you may need to tweak it to get it going on OpenBSD.

Comparing RedHat Linux to OpenBSD simply on the basis of how often security flaws are found in the entire distribution is misleading.

(disclaimer: I happily use both RedHat Linux and OpenBSD, so I know the strengths and weaknesses of both)

Chris Wareham

Re:Not informative, just misleading.

[stripes]

So you should pick what you need from your Linux distribution, and don't install anything else. Or install OpenBSD if you want to. Just remember that a lot of free software is currently written with Linux as its primary target, so you may need to tweak it to get it going on OpenBSD.

Now you have the misleading comparisin.

The stripped down Linux will be just as sparse of features as OpenBSD (or more so if you do your job right). But who audited all that code for security holes? Who went over that code looking for buffer overuns? Who went back over that code looking for mis-uses of strncat?

OpenBSD isn't secure because they don't ship much stuff. It is secure because they only ship stuff they have secured. That ends up being not much stuff because it is hard to secure things.

Racecars don't have CD players. I can't make my car into a racecar by yanking out my CD player.

Comparing RedHat Linux to OpenBSD simply on the basis of how often security flaws are found in the entire distribution is misleading.

That I'll give you. RedHat has more users, and may be a more intresting target, so it may show more flaws. Except OpenBSD has made itself an extreamly tempting target by going "undefieted" so long, and being the chokepoint into more and more networks.

Still looking at the raw numbers is not as cut and dried as it looks.

disclaimer: I happily use both RedHat Linux and OpenBSD, so I know the strengths and weaknesses of both)

Apparently not. Then again we all make mistakes.

More of Less!

[korpiq]

Why We're Doomed to Failure, linked to from # (mandatory for roots?) discusses this as well.

This is what I have been saying for a while now.

There is a strong, growing need of

• Moving all networked computers off Windows (will viruses eventually do this job?)
  
• Securing all (restricted) networks with Open SSH
  
• Developing/studying systems that can be proved secure (buffer overflow wrapper where?)
  
• Packaging all software in a safe default installation.
  

Luser unsecurity hype is mostly unnecessary; software developers need to be more conscious.

@input = map {
/^(\w+)$/ and $key=$1 and
$cgi->param($key) =~ /^([\w\xA1-\xFF]*)$/ and
( $key, $1 );
} $cgi->param(),

Re:j00 4r3 4 phukk1n l4m3r,

[Black+Parrot]

> n0w 5hut th3 phukk up b3f0r3 1 k1ck j00r 455, f4gg0t.

What's scary is that I'm getting to where I can actually read this stuff as a stream, rather than having to decypher it one character at a time.

Maybe I'm ready to tackle perl now.

--

plug the server...

[DreamerFi]

Then perhaps, although probably not, if he's a PHB, pointing him to GNATbox and/or www.dubbele.com will help - these are the 'plug it in' boxes he talks about, and they use BSD variants..

all about marketing

[ptbrown]

Of course, it's because RedHat began treating Linux as a traditional product that must be "released" that has made it the investor's baby of open source. Free/NetBSD have been around longer than Linux, but they didn't get the attention because they're more concerned with refining the code than writing press releases and speaking at conferences.

But then, it seems that a few BSD folks, like Theo, are doing the publicity thing; perhaps to try to avoid being left in the populist dust of Linux. I just hope it doesn't adversely affect the quality of the software.

Not that Linux hasn't done wonders and that the high profile distros are doing anything "bad", of course. But I'd hate to see BSD suffer because everyone instantly associates open-source with Linux; and further associating Linux with Red Hat. I don't want to lose options because they're not as popular.

Re:all about marketing

[WhyteRabbyt]

To be honest, I dont see how BSD would 'suffer because everyone instantly associates open-source with Linux'.

I just dont understand that context of 'suffer'. The various flavours of BSD are being developed, much as the Linux kernel, without commercial or other constraints. The Linux kernel isn't being developed for RedHat, or Caldera, or whatever. Its being developed as a communal project, by people scratching a communal itch. And the developers of the BSDs are doing the same thing.

Are there fewer BSD developers because of Linux, then? Maybe, although I'd reckon that there a lot more than there were (say) three years ago. Plus Linux apps tend to be fairly straightforward to get running on BSD systems, so its not as though all that Linux development gives Linux some kind of edge.

So I dont get it. Yeah, Linux gets more press. But who the hell is doing Linux development for the press? And when did lack of press make a difference to bedroom coders?

Pax,

White Rabbit +++ Divide by Cucumber Error ++

OpenBSD owns

[niekze]

OpenBSD:

Three years without a remote hole in the default install!
Two years without a localhost hole in the default install!

RedHat:

Three weeks without a remote hole in the default install!
Two weeks without a localhost hole in the default install!

Thats all im going to say.

Re:No Capital ? Partial blame is Theo

[SirGeek]

Depends on the product. If the product suits your needs, then use it. Salesmen lie to me, and I consider that extremely rude. Theo has a short temper, but he and the other OpenBSD developers make a quality product. In many situations, I use it and recommend it. In others I don't. But his attitude has little to do with his product.

But does the Salesman belittle you or tell you you are stupid if you don't buy the product ? I have HAD this happen at Best Buy (salestwit refused to ring up a $ 500 order because I didn't want a $ 40 extended service plan).

No.. Theo's attitude doesn't affect the product.. It DOES affect perception of the company/project. If you go into a store to make a purchase and the manager tells you that you don't know anything, you will leave and not make any purchases there. Same would apply if the manager was calling someone else stupid or being rude.

Perception is reality. If people perceve Theo to act childish, they in turn will have a bad perception of the project. I can understand the annoyance of an FAQ question, I try to NEVER ask an FAQ question. But it happens, sometimes the documentation is obscure or not 100 % clear, is it my fault if I can't totally understand something?

Also the old addage of "you catch more flies with honey than you do vinigar" also applies (and don't remind me that "if you pull their wings off they'll eat whatever you give them" as that doesn't apply here *g*). If he doesn't "work and play well with others", Let him stick with what he is good at (software development). Let someone else with better people skills deal with the PR side of things.

Reductionist OS, reductionist user ...

The reductionist philosophy of OpenBSD has rubbed off on me as well. My dual boot machine contains RedHat Linux on one drive, and OpenBSD on the other. The Linux install is stripped down by most peoples standards, but includes all sorts of bells and whistles like GNOME, AbiWord, Mozilla, etc. all fastiduously kept uptodate with latest versions.

Meanwhile, my OpenBSD install has the bare minimum - Blackbox WM, NEdit, DDD, Gimp and Communicator. The KISS philosophy that permeates OpenBSD really is infectious. The sparsity of a new OpenBSD install belies the extreme care that goes into what is there. The man pages are upto date and accurate, the tools are rock solid.

I really, really recommend looking into OpenBSD for development boxes as well as it's usual server niche. My productivity has increased since the switch from Linux, as I get les of an urge to spend time compiling pre-release kernels and the latest GNOME tarballs. Instead I do that at home (hmmm, maybe I need to get out more ...).

Regular release = faster package upgrading

[joneshenry]

I disagree with the interpretation of the UpsideToday article's "Like craft brewers, de Raadt and the OpenBSD development team prefer to let the software age a little, offering only two updates per year."

Two updates per year at fairly predictable times is quite fast for operating systems. Also this contrasts with the philosophy of no guarantees whatsoever about when releases will be made, a philosophy that I believe has been demonstrated to result in the longest aged software, for no good reason.

Looking at OpenBSD's current changelog, they are at least testing almost all of the important recently released software such as GCC's and Perl's.

I think UpsideToday has it 180 degrees backwards. OpenBSD's fairly regular releases means that users will get inspected and verified packages faster than if they used another operating system where there is no set schedule. I think OpenBSD simply has better management in this respect because they have a disciplined schedule. They're releasing and updating at the fastest rate possible.

Re:OpenBSD's history

[JatTDB]

I use OpenBSD not because I necessarily like or agree with everything Theo has done that may be controversial over the years. I use OpenBSD because, all things considered, it's a damn good OS. The developers work hard with a primary goal of producing the best code, not just code-that-works-and-supports-latest-doohickey.

As I said in a previous OpenBSD thread, I don't care if the project lead eats children for breakfast and pushes old people out of wheelchairs for fun; if it works and I like it, I'll damn well use it.

How do you convince PHB to use BSD?

[Staciebeth]

I've emailed the story link to my PHB, who asked me to recommend what to use for a firewall. I wrote a report that concluded OpenBSD -- it's free, an it's good. Now he keeps asking me about various little "firewall" boxes where you plug the server into one end and the internet into the other and hope for the best. Any ideas of how to explain "You would pay more money for a less good thing"?

They've already tagged me as "that wierd linux girl" so every non-microsoft solution I suggest gets nodded at and then pretty much ignored. I mean, you morons hired me to handle your technology, why oh why won't you listen?

Aarrrgh

Tired of people whining about OpenBSD CDROM Images

People always whine about OpenBSD not having official ISO images available online. Think about it: If you are on a slow modem connection to the Internet, would you rather download a 650MB ISO image, or a custom created 100MB image that's exactly what you need? I thought so...Here's how to do it:

If you read the mkisofs man page, it's only a matter of setting up 2 options, one to point to the floppy disk image that you are going to boot from (for OpenBSD they are labeled *.fs, use cdrom26.fs for a CD) and then specify a _location_ destination for the boot.catalog.

So just set up the mkisofs like you would for any other CD, then use -b cdrom.fs and -c boot.catalog and you'll be fine. (the *.fs file path is relative to the other files). It couldn't be simpler.

Here's an example:

mkisofs -b cdrom26.fs -c boot.catalog -L -R -o openbsd.iso /path/to/openbsd/distribution/files

and cdrom26.fs is presumed to be at /path/to/openbsd/distribution/files/cdrom26.fs. (and yes there are other options, read the man page: http://www.openbsd.org's man page of mkisofs

If people would quit complaining, they'd realize that it's BETTER this way, as you can create customized cdroms. I make -current CDROMs for x86 and put every package and licensed file on there. It's great...

Oh and here's how you burn it:

cdrecord -v speed=4 dev=/dev/cd0c driver=mmc_cdr openbsd.iso

The cdrecord options are for either ATAPI or SCSI since we unified the driver in 2.6.

Give 2.7 a try, it's wonderful!! And DO buy the CDROMs, they help the project in so many ways...

Question: Why so many versions ?

I have a serious question, why are there so many versions of BSD, NetBSD, FreeBSD, OpenBSD, BSDI, LameBSD, SecureBSD, WinBSD, etc etc

Linux AFAIK only has one version, RedHat (although other version known as "distros" exist, they are not 100% Official, like RedHat is.

The confusion about which BSD is the true "100% Official" BSD must be losing them users.

RedHat's 100% official RedHat site is at RedHat