OpenBSD Now Nine Years Old

NekkidBob writes "OpenBSD, my personal favorite *BSD, turns 9 years old today. And with only 1 remote hole in the default install, I'd say that is a pretty good acheivement. The first commit was at 16:36 MST on Saturday, October 14, 1995. Happy birthday OpenBSD!"

Re:And with only 1 remote hole in the default inst

[rosie_bhjp]

But, what good is the default install?

Drop a fresh OpenBSD installation into a hostile environment such as the internet.
Drop a fresh WindowsXP installation into the same environment.

You won't ask that question again.

Don't you want it to be doing something?

No I want it to do as little as possible. It is ready to serve when I say it is and no sooner. This lets you patch first and not everyone has the luxury of installing a box in a secure network.

It's suffered the same Apache/SSL/FTP/PHP errors as everyone else.

More or less, yes, the same problems. Thats why these services are off by default, to let you patch them first, and enable only what you need.

I know if you search cert for openbsd you get lots of hits, so there are wholes in the applications.

No one has ever suggested otherwise.

Re:And with only 1 remote hole in the default inst

[Shanep]

soon as you add in server applications, you decrease the security.

No shit?!

The point with OpenBSD, is that it has so many active security mechanisms, that a [insert network daemon] exploit might allow a remote root on your FreeBSD, Solaris and Linux machines, but only result in a DoS of that particular service on OpenBSD.

Already we are not only seeing open source OS' take leafs out of OpenBSD's book, but also Microsoft and Sun.

The multitude of active and passive security measures in OpenBSD is very impressive.

Plus the point is, that an OS should be locked down from the initial install and then built on from there as the admin requires, not as the OS maintainers think you will require.

Presumptuous people who build operating systems, do not make secure operating systems.