Absolutely. There are valid reasons not to use OpenBSD. There are valid reasons not to use any OS.
We could argue on the technical merits of Linux and OpenBSD until we are both blue in the face, and in the end the conclusion would be that OpenBSD is good for some things, and Linux is good for others. The thing that seems to get missed is that the two overlap in several areas. There are a lot of things in OpenBSD that will be familiar to a Linux user. You may find OpenBSD's tighter adherance to Unix standards to be favourable, or maybe not. But you won't know unless you try it. If you don't like OpenBSD, you might want to take a look at FreeBSD as well. The community is much more Linux-like than the OpenBSD community.
Don't get caught up in blindly following Linux because it is the big one right now. Check out the whole slew of OSes available out there today. They've got some cool things going too. They just don't have as many 'blind advocates' getting the message out.
Oh, and to return to my original point once more, if you're paranoid about security, check out OpenBSD.
What weight does your opinion carry in security matters, oh anonymous coward. Prove to us why it should be considered.
I urge anyone reading this thread to go out and look into this yourself. As a five month old newbie of OpenBSD, I am not qualified to discuss the technical merits of security issues surrounding Linux and OpenBSD. However, I have read the opinions of those who are qualified to make the judgement call, and time and again I have read that OpenBSD is the champ. Not once, ever, have I seen a credible security expert state that Linux is as secure as OpenBSD, default install or otherwise. Pound for pound, hour for hour spent administering the firewall, I'd wager that OpenBSD is the best fighter in the world (not to mention faster at dealing with network traffic).
And as far as exploits go, check out the turn around time on security patches to OpenBSD as compared to Linux. When a problem is discovered on OpenBSD it is patched NOW. Here's something Theo de Raadt (OpenBSD head developer) had to say about the timely addressing of security issues by various factions of the open source movement:
"The various failed Linux and FreeBSD "security-auditing" mailing lists are living, er, I mean dead, proof that the distributed nature of `open source' isn't enough of an assist. Speaking about ALL of these lists, they have always just done nothing except chit-chat.
For instance, about a month ago, someone on the FreeBSD auditing mailing list reported about 80 programs that were just 'crashing'. The list this happened on had just come to the conclusion (like we had 3 years earlier) that increasing quality in all areas is better, and leads to security improvements, by accident if you like. In my mind, seeing 80 bugs being reported just like that is really nice. So what did they do? They fixed about 7. Three days later, by the time they had fixed about 7, we'd fixed 79 of them. As far as I know, they've still not fixed the other 73. They were er, `distributed'... but we were APPLIED."
Here is a link to the OpenBSD press page. This will lead to some qualified opinions on the subject of OpenBSD security. Perhaps a little one sided, but it should only be considered a start: http://www.openbsd.org/press.html
I'll leave you with three quotes gleaned from Slashdot interviews of people qualified to comment on the security offered by OpenBSD:
"In retrospect, I wish I/had/ chosen OpenBSD;-)
And I would certainly choose OpenBSD over GNU/Linux if I were building a firewall, or an intrusion detection system (based on say, Marcus Ranum's NFR) where packet capture at wire speed was important. (No - that tells you nothing about CCTA's network architecture....)"
-Mick Morgan, CCTA
"All of those operating systems are (resonably) securable, in theory, but if you want to make the job of securing a box easier, why not run OpenBSD?"
-Tweety Fish, cDc
"I -know- this is a Linux crowd, but I'm tellin' ya, take a look at OpenBSD for PROACTIVE security when it comes to that mission critical firewall box, network monitor, webserver, etc."
OpenBSD is the most secure OS around today. You can make an excellent firewall with it. If you don't know much about your network security, you need to get working on it. DL the install disk, do an FTP install on an old machine, and get learning how to set it up.
I've been using it for five months and it is awesome. Easy to install (newbies: be sure to read the directions), everything works without a lot of messing around (something I can't say about the other freenixes I've tried), and version 2.6 now has OpenSSH to allow you to securely administer your machine (not like it needs much once you have it up and running). Just check out ipnat (network address translation) and ipf (packet filtering) on the OpenBSD website (the man pages are the place to look) for more information
It is definitely better to run a basic OpenBSD firewall than to have Linux, Windoze, Solaris, or whatever else hooked up directly to the pipe. Run it on as little as a 486 with 8MBs RAM and a 200MB HD (you could probably run it on less, but I have only used it with the above minimum hardware). And if you really wanna get funky, run it as your workstation. Lotsa of programs have been ported to it, and the rest you can run using Linux emulation.
Also, for those of you interested in OpenSSH outside of OpenBSD use: http://www.openssh.org/
For those of you with lingering doubts about ease of installation: five months ago when I first put it up, I was virtually clueless about Unix. I had muddled around with several Linux distros (Red Hat, Mandrake, Slackware, Turbo, Suse, Caldera, and Corel to be precise) but none of them worked as flawlessly as many Linux proponents say (two of them crashed on me (Mandrake and Corel), and many times library inconsistencies made my life a living hell when installing software from the Internet). It took me two weeks of spare time to figure out enough about OpenBSD to go ahead and install it with ipnat and ipf enabled. Since then I have learnt more about packet filtering in my spare time and tightened things up further. The machine has been going for 5 months strong and only came down once because I wanted to upgrade it to OpenBSD 2.6. In short, if I could get it running in two weeks, any regular moron should be able to do it in one, and any Unix knowledgable person should be able to get it going in a couple of hours.
Slashdot Mirror
Absolutely. There are valid reasons not to use OpenBSD. There are valid reasons not to use any OS.
We could argue on the technical merits of Linux and OpenBSD until we are both blue in the face, and in the end the conclusion would be that OpenBSD is good for some things, and Linux is good for others. The thing that seems to get missed is that the two overlap in several areas. There are a lot of things in OpenBSD that will be familiar to a Linux user. You may find OpenBSD's tighter adherance to Unix standards to be favourable, or maybe not. But you won't know unless you try it. If you don't like OpenBSD, you might want to take a look at FreeBSD as well. The community is much more Linux-like than the OpenBSD community.
Don't get caught up in blindly following Linux because it is the big one right now. Check out the whole slew of OSes available out there today. They've got some cool things going too. They just don't have as many 'blind advocates' getting the message out.
Oh, and to return to my original point once more, if you're paranoid about security, check out OpenBSD.
What weight does your opinion carry in security matters, oh anonymous coward. Prove to us why it should be considered.
/had/ chosen OpenBSD ;-)
I urge anyone reading this thread to go out and look into this yourself. As a five month old newbie of OpenBSD, I am not qualified to discuss the technical merits of security issues surrounding Linux and OpenBSD. However, I have read the opinions of those who are qualified to make the judgement call, and time and again I have read that OpenBSD is the champ. Not once, ever, have I seen a credible security expert state that Linux is as secure as OpenBSD, default install or otherwise. Pound for pound, hour for hour spent administering the firewall, I'd wager that OpenBSD is the best fighter in the world (not to mention faster at dealing with network traffic).
And as far as exploits go, check out the turn around time on security patches to OpenBSD as compared to Linux. When a problem is discovered on OpenBSD it is patched NOW. Here's something Theo de Raadt (OpenBSD head developer) had to say about the timely addressing of security issues by various factions of the open source movement:
"The various failed Linux and FreeBSD "security-auditing" mailing lists are living, er, I mean dead, proof that the distributed nature of `open source' isn't enough of an assist. Speaking about ALL of these lists, they have always just done nothing except chit-chat.
For instance, about a month ago, someone on the FreeBSD auditing mailing list reported about 80 programs that were just 'crashing'. The list this happened on had just come to the conclusion (like we had 3 years earlier) that increasing quality in all areas is better, and leads to security improvements, by accident if you like. In my mind, seeing 80 bugs being reported just like that is really nice. So what did they do? They fixed about 7. Three days later, by the time they had fixed about 7, we'd fixed 79 of them. As far as I know, they've still not fixed the other 73. They were er, `distributed'... but we were APPLIED."
Here is a link to the OpenBSD press page. This will lead to some qualified opinions on the subject of OpenBSD security. Perhaps a little one sided, but it should only be considered a start: http://www.openbsd.org/press.html
I'll leave you with three quotes gleaned from Slashdot interviews of people qualified to comment on the security offered by OpenBSD:
"In retrospect, I wish I
And I would certainly choose OpenBSD over GNU/Linux if I were building a firewall, or an intrusion detection system (based on say, Marcus Ranum's NFR) where packet capture at wire speed was important. (No - that tells you nothing about CCTA's network architecture....)"
-Mick Morgan, CCTA
"All of those operating systems are (resonably) securable, in theory, but if you want to make the job of securing a box easier, why not run OpenBSD?"
-Tweety Fish, cDc
"I -know- this is a Linux crowd, but I'm tellin' ya, take a look at OpenBSD for PROACTIVE security when it comes to that mission critical firewall box, network monitor, webserver, etc."
-DilDog, cDc
OpenBSD is the most secure OS around today. You can make an excellent firewall with it. If you don't know much about your network security, you need to get working on it. DL the install disk, do an FTP install on an old machine, and get learning how to set it up.
I've been using it for five months and it is awesome. Easy to install (newbies: be sure to read the directions), everything works without a lot of messing around (something I can't say about the other freenixes I've tried), and version 2.6 now has OpenSSH to allow you to securely administer your machine (not like it needs much once you have it up and running). Just check out ipnat (network address translation) and ipf (packet filtering) on the OpenBSD website (the man pages are the place to look) for more information
It is definitely better to run a basic OpenBSD firewall than to have Linux, Windoze, Solaris, or whatever else hooked up directly to the pipe. Run it on as little as a 486 with 8MBs RAM and a 200MB HD (you could probably run it on less, but I have only used it with the above minimum hardware). And if you really wanna get funky, run it as your workstation. Lotsa of programs have been ported to it, and the rest you can run using Linux emulation.
Check it out: http://www.openbsd.org/
Also, for those of you interested in OpenSSH outside of OpenBSD use: http://www.openssh.org/
For those of you with lingering doubts about ease of installation: five months ago when I first put it up, I was virtually clueless about Unix. I had muddled around with several Linux distros (Red Hat, Mandrake, Slackware, Turbo, Suse, Caldera, and Corel to be precise) but none of them worked as flawlessly as many Linux proponents say (two of them crashed on me (Mandrake and Corel), and many times library inconsistencies made my life a living hell when installing software from the Internet). It took me two weeks of spare time to figure out enough about OpenBSD to go ahead and install it with ipnat and ipf enabled. Since then I have learnt more about packet filtering in my spare time and tightened things up further. The machine has been going for 5 months strong and only came down once because I wanted to upgrade it to OpenBSD 2.6. In short, if I could get it running in two weeks, any regular moron should be able to do it in one, and any Unix knowledgable person should be able to get it going in a couple of hours.