Slashdot Mirror

← Back to Stories (view on slashdot.org)

OpenBSD Review at DistroWatch

Posted by michael on from the it's-not-paranoia dept.

jpkunst writes "Robert Storey at DistroWatch com has written an in-depth and favorable review of OpenBSD: OpenBSD - For Your Eyes Only. 'The first OpenBSD memento I ever saw was a T-shirt with a picture of a cop chasing a script kiddie. That image remained etched in my mind for well over a year before I finally got my hands on a copy of this fine OS. Now that I have it installed on my machine, I only wonder what took me so long.'"

13 of 236 comments (clear)

  1. Re:just waiting... by Short+Circuit · · Score: 4, Interesting

    Now that OpenBSD is implementing SMP support, I wonder if (more?) high-end servers will start running it.

    --
    tasks(723) drafts(105) languages(484) examples(29106)
  2. Firewalling on BSD by raistphrk · · Score: 4, Interesting

    I learned my packet filtering basics on FreeBSD. I've looked at ipchains and iptables/netfilter, but the ipfilter/pf packages just seem to be the packages that best encompass my beliefs of how firewalls should be constructed. I've always liked the syntax and organization; I suppose that's one of the major reasons I've stuck with FreeBSD for so long.

    OpenBSD felt "more" secure than FreeBSD, but in terms of desktop use, FreeBSD just offered more. I'll run OpenBSD on my servers, but for my desktop I want FreeBSD.

    1. Re:Firewalling on BSD by phaetonic · · Score: 2, Interesting

      I'll second this and say that I learned and implemeneted NAT, firewall techniques, and port knocking all on OpenBSD since 'pf' became available. A pretty weak system can handle a large amount of packets. I also felt that OpenBSD was not a good desktop platform, however there was an ease of mind knowing my peremiter was protected by OpenBSD. In fact, I'd be curious if there have been more Cisco IOS exploits than default install OpenBSD exploits.

    2. Re:Firewalling on BSD by Anonymous Coward · · Score: 3, Interesting

      Question to you or anyone. Why would it not be a good desktop system? Just ease of use, or lack of apps, or what? Aren't most apps that most folks use on a typical desktop available? Browser, email, chat client, media players, editors, etc? If it has all that, then what's the problem?

      Just wondering because I keep threatening myself to switch from Linux, for better firewalling and a tighter but smaller community. I like that the apps get relooked at,audited before inclusion, I like that part a LOT, because I didn't know they did that. That makes sense to me. I'd rather have fewer apps, but better quality apps. I take it this concept is unique to openBSD?

      Reading the description in the article for installing and a few tweaks doesn't seem that difficult at first glance. I am impressed with their claim of only one remote exploit in many years.

      Last question, how does it run on older hardware in a GUI desktop environemnt? Acceptable, fast, dog slow, what? Similar to linux from one of the big vendors? What is a practical minimum set of hardware specs for a good GUI environemnt? So far I have found various Linux distros to be modest in this regard, I always get them installed on less than what passes for a minimum acceptable configuration into full GUI. Well, because that's all I currently own to be frank. It takes me awhile, but it's doable.

      Sorry for all the questions, but I truly am interested. The more I am on the net, the more security I want, and this latest month has seen just a slew of potentially bad news exploits. I don't want to fool with it, I think it makes more sense to start out with the best and most secure system and learn and build from that, rather than patch and patch and patch all the time and sit and surf with your fingers crossed.

  3. Re:this should be a definitive guide to installing by Anonymous Coward · · Score: 5, Interesting

    non-trivial to whom? as a linux dork maybe 5 years ago, i installed BSD on a friends laptop without ever reading a single thing about BSD. He asked me if I would, then handed me the cd's. A little while later it was up and running.

    non-trivial to MS-Windows users, Mac users, and Linux initiates maybe. But 5 years ago, I was barely above the status of linux newb. Ok, so it wasn't exactly trivial to do at the time, but easy enough to do without documentation.

    Still, your point is well taken.

  4. Re:BSD FAR from dead by Anonymous Coward · · Score: 5, Interesting

    Keep in mind that all the BSDs share code with eachother. FreeBSD and NetBSD have imported OpenBSD's PF. NetBSD has imported OpenBSD W^X. All of the BSD's share various internals and device drivers.
    There have been 300+ committers to FreeBSD in the past year. I'm guessing Open/Net/DragonFlyBSD have 1-3 dozen developers each. Apple has a bunch of developers. All combined, the BSDs are doing pretty good.
    Since each BSD has a different focus, the developer has a choice of which fits their style best.

  5. Re:this should be a definitive guide to installing by iomanip · · Score: 4, Interesting

    I have found OpenBSD to be trivial to install on one platform out of the three I have tried. When installing OpenBSD on an UltraSparc 10 there was no issues what-so-ever and everything might as well have been point and click. The x86 family of processors and the Power PC processors, however, were an entirely different story and headache all together. You'd think that with OpenBSD talking about how secure it is and how great it is, that you'd see one of those developers make some user friendly installer in order to increase the popularity of the operating system. Personally I believe that more people running more secure computers is a good thing, but thats just me and I ramble.

  6. Re:What really holds back OpenBSD... by nacturation · · Score: 2, Interesting

    Speaking of logos, anyone know where to find a gallery of the submitted NetBSD logos? Is one available?

    --
    Want to improve your Karma? Instead of "Post Anonymously", try the "Post Humously" option.
  7. Re:BSD FAR from dead by J.+J.+Ramsey · · Score: 2, Interesting

    "Perhaps you would like to know that FreeBSD usually gets new hardware support before Linux... It some cases, LONG before Linux... USB & Firewire support come to mind immediately"

    OTOH, in my experience, Linux has had *working* USB scanner support, while FreeBSD support (at least in the 4.x versions) was pretty broken.

  8. Re:Easiest *nix by LittleLebowskiUrbanA · · Score: 2, Interesting

    I've had more headaches configuring a Cisco PIX than PF. Almost like writing firewall rules in English using PF.

    --
    This guy is way out there
  9. Re:Too true by Brandybuck · · Score: 4, Interesting

    The best example of a stupid GNU man page is the GCC man page. It's downright insulting: "If we find that the things in this man page that are out of date cause significant confusion or complaints, we will stop distributing the man page." In other words, don't complain or they'll take it away!

    --
    Don't blame me, I didn't vote for either of them!
  10. Re:Too true by zemoo · · Score: 4, Interesting

    man does not come with its own viewer. By default, man pages are viewed with 'more', which is the behaviour you see in Solaris.
    Apparently, under BSD, the pager has been set to 'less', which supports the vi commands.

    Under Solaris, I try setting the PAGER environment variable to '/usr/bin/less -isrm' or something similar in your startup scripts. This will change man's behaviour.

  11. Agree: PF syntax is beautiful! by JimmytheGeek · · Score: 2, Interesting

    When I deployed my fw, I didn't get very far into writing the config file before it hit me: the programmers must have had to maintain other firewalls and decided to fix what sucked about them. They get it!

    Man! Easy ways to compose arbitrary lists. macros that help readibility. Read in lists from external text files. Dynamic rules. I can express in one line what has taken 10 in a cisco acl. On and on. It is a real improvement - simpler, shorter human input means fewer human mistakes.

    And pf follows the UNIX philosophy of keeping tools small and focussed. No http proxy - use Squid or something. Use pf to enforce the policy that browsers must go through the proxy. I use ftpsesame as an add-on to handle ftp. I have an inline fw, so the ftpproxy won't work.

    I am astonished at its performance, too. Incredibly tiny amounts of memory. I'm in awe. pf is incredible.

    It ties into CARP - which is a nice middle finger for Cisco's bogus load-balancing/failover patent. They implemented failover and made it secure. So you can have two or ten pf firewalls sharing state tables, unplug one (or nine) and sessions still flow. Maybe total bandwidth takes a hit, but it still flows.

    I apologize for my total fanboyism. It's justified, but probably embarassing to read.