Which BSD for an Experienced Linux User?

Bruce C asks: "I'm a software developer with 28 years commercial experience. Although my day job is mostly on Windows software, I've been using SuSE Linux for 6 years at home. Before that I worked on HP/UX. I've no pressing plans to abandon Linux, but I am interested in experimenting with a BSD style operating system. My current motivation is largely curiosity. Of course, I might end up being converted, but that isn't my intention. I'm wondering which of the various *BSD systems would be the 'best' introduction for a person like me. The workstation I'm planning to use is a generic beige box: Celeron 1.2, 768Mb RAM, 120 Gb IDE, with about 80Gb free. It's on a LAN, behind a firewall. The live CDs for FreeBSD (Freebsie), DragnoflyBSD, and NetBSD all booted and started on it. I haven't tried an OpenBSD CDROM. Which BSD should I pick?"

Re:What do you want?

[molnarcs]

However, Apache isn't auditted.

Do you know what you are talking about? It seems more and more likely you don't. OpenBSD devs had a number of problems with the apache project. One was licencing issues, so they don't have apache2 included in the base system (you are still free to install it via ports). The other gripe was (and this is quite well known for it was publicized a few times even here on ./) that apache.org was slow/reluctant to include all the security fixes the openbsd project submitted - after auditing the code. The apache 1.3.x version is a security enchanched version of the normal 1.3-release.

And that was just one example of your ignorance. Now, would you be so kind as to stop posting crap please? There is a difference between the security of say linux (or even FreeBSD) and OpenBSD. OpenBSD isn't completely secure, no one claims that. It is more secure by default even if you allow services. Not to mention the fact that pf eats iptables for breakfast (now also part of FreeBSD's base system).

Re:What do you want?

[Homology]

However, Apache isn't auditted. DHCP isn't auditted. The FTP server, I'm fairly sure isn't auditted. Nothing they don't actually write themselves. If you install an OpenBSD machine on the internet and actually turn on services, you'll have just as many security problems as anyone running Linux. OpenSSH has it's fair share of security problems (written by pretty much the same people who wrote OpenBSD). Although with priveledge separation it should have even fewer problems that are actually exploitable to become root.

You entire post shows that you know very little about OpenBSD. Everything that is part of the base install is audited, and that includes programs like Apache httpd, BIND, Sendmail, DHCP and SSH. For the 3.6 release, the DHCP server and client underwent a major cleanup to improve security. In addition there are security enhancments as well (like privilege separation, chroot).

While it probably has a more secure kernel, most exploits out there in the world involve exploiting a user process that is running as root.

Very few deamons are running as root on OpenBSD. Most are running under their own unique, chrooted and privilege separated if possible.

The OpenBSD team has done alot to lessen the impact of exploits. Yes, even programs running on OpenBSD can be exploited, but there is a difference. An attempt to exploit a buffer overflow on OpenBSD is likely to just induce a crash, and thus not work.

Re:OSX

[vrai]

I'm waiting for someone to find a way of combining Mac and Nintendo zealotry with insulting Sony, Real, Microsoft, SCO, Sun, the whole concept of big iron computing over generic boxes, .NET, C++, Qt's windows license, and any form of DRM.

I honestly don't think Slashcode will be able to cope with 1e16 'Insightful' mods.