I wonder if the volume of site-defacements will go down, because there won't be a site mirroring the defacements? Alot of the 0day skr1pt-kiddiez deface just to make their mark on attrition, but if they dont have anybody to "impress", do you think they will still waste their time? It will be interesting to see if the amount of defacements decreases.
And it takes a lot of work to make OpenBSD useful
Yeah, you know... cd'ing to the ports section of the application you want and typing 'make install clean'. Phew. Hard work.
which in turn makes it more vulnerable
Uhm, third-party apps don't make OpenBSD itself more vulnerable. Its not like if you install wuftpd on an OpenBSD box, the internal crypto subsystem would stop working, or it would suddenly drop your kern.securelevel to -1. Its the job of the admin to check out any services they are running for known exploits, perhaps grep the code for insecure functions, and do some active penetration tests (standard overflows, format strings, etc).
And don't tell me I don't know what I am talking about
You don't know what you are talking about.:)
I am a consultant who has installed OpenBSD on over 40 machines in 14 clients of the years
Great, I have installed OpenBSD on over 200 boxen and converted more than 25 people who used to use other BSD's and other Unicies (Solaris, UnixWare).
I don't see it doing more than the most basic Internet-facing stuff
Ho ho ho... I don't know where to begin with this comment. For one, I don't understand how you see this stuff as basic. Have you ever looked at the core code in OpenBSD? I bet you've never written IPSEC code, or a mail server. Whatever you're doing, it's obviously wrong, because you can do anything on an OpenBSD box that you can do with a Linux box, with the exception of stuff like video games, but don't blame that on OpenBSD... blame that on video card companies and gaming companies for not porting their software to BSD.
because the attitude of many of the chief OpenBSD developers turns off others who might work on the project
I've talked with Theo on many occasions, whether it be a question about OpenBSD, or about drivers or donations, and he has been more than helpful, and has even included smiley faces in his email. Maybe youre the one coming off as an asshole?
How do you know most of them cannot craft exploits?
Because one of the developers came right out and said it in an article.
Even if they claim they either don't or can't, does'nt necessarily reflect what they like to do when nobody is watching.
What the fsck are you talking about.
"Far from perfect", what.. [snip]..only better than most?
*sigh* You obviously missed the point. Far from perfect as in nothing in this fucking universe is perfect. And what is the best? IMHO, OpenBSD... something being the "best" is just a matter of someones opinion.
Perhaps, TDR and the gang.. [snip]..that is above all that.
Honestly, what was the point of that rant... you had no point and drew no conclusion. It's like you were argueing with yourself.
Your post gave me a headache... I award you no points, and may God have mercy on your soul.
Except that none of the developers ever said they are security gurus. Most of them don't even know how to craft an exploit. One of the most important goals to the OpenBSD project, is correctness, which includes writing code.
If you think about it, 95% of the exploits out there exploit the same thing over and over again... buffer overflows, format strings, etc. The person to blame is the programmer for creating sloppy code and using functions that do not perform bounds checking. When the OpenBSD team 'audits' their code, they don't go looking for exploitable code, they just go looking for programming errors (bugs). A side effect of such scrutiny is code that is more 'secure'.
Not to mention the project is based in Canada, which allows for the exportation of some awesome crypto.
Remember, a system is as secure as it's weakest link. OpenBSD is far from perfect, it's just a lot better than most of the stuff out there.
This seems like the greatest release of OpenBSD thus far. Im certainately glad to see the Alpha port back, and it's great to see OpenBSD _finally_ including new software. I know sometimes including the latest and greatest isn't exactly in the vein of OpenBSD, but it's still nice to see them shipping X4.0.3. I still can't believe the filesystem improvements. This is by far the best release yet!
So he stopped buying AMD* just because his K6 was a fluke? Well, I can't say I feel sorry for him when he buys a Pentium 4, instead of an Athlon, which, clock for clock, is faster, and a lot less expensive.
Nintendo used to be the one other gaming console makers looked towards for direction, now it seems they are way behind the times. With awesome gaming platforms like PS2, Xbox, and the DREAMCAST (only $99!!), they better have some awesome hardware and specs bundled with the Gamecube, or else Nintendo will be in a world of hurt. The ultimate goal they need to focus on is what can they offer gamers that the PS2 and Dreamcast can't. Both units have awesome graphics, the Dreamcast comes with all sorts of components (keyboard, ethernet adapter), and with the advent of the Xbox, Nintendo better have something else up their sleeves besides just another console.
I regularly go to NetBSD.org, and see the pathetic hodge-podge of ports they've managed to achieve. They've ported their OS to Dreamcast's and Amigas, and a whole host of obsolete boxes.
Since when is the Dreamcast obsolete? It came out about a year ago.
But it makes me wonder why people would expend effort banging their heads against old obsolete junk that no one is ever going to run? Old VAXStations and VMEBus junk? What masochist would even bother trying to get that stuff to run?
What are you talking about? Have you ever stepped outside of your x86 LAN of 5 computers in your bedroom? There are a TON of VAX's still in use today, especially at colleges. I know I would rather spend $30USD to get an old VAX that does the job up and running, instead of trying to convince the university to drop thousands of dollars on new equipment. Not to mention all the people that can't afford the latest and greatest hardware (schools, new businesses, etc...)
I wish these people would use their talents for productive things...they could be making their OS better, more stable and easier to use. Not to mention the fact that NetBSD, like the other BSD's is pretty thin on driver support for most modern hardware. Couldnt they be writing drivers for harware that matters?
You've obviously missed the point of NetBSD in general. Their core code has to be the cleanest code I have ever seen, and that's because it has to be in order to port to all different architectures. Driver support is awesome. NetBSD even officially supports devices like the Diamond Rio 500. How about you specifically tell us what you couldn't get working.. some awful proprietary piece of microsoft hardware?
And the whole ease-of-use thing is not something you can dismiss either...NetBSD is harder to get installed than six-year-old Slackware. I'd really -LIKE- NetBSD and OpenBSD to be more popular among users and hackers, but people like that want to program and run apps, not solve a Rubik's cube!
First of all, you say the installation program is too 'hard', and that it turns away normal users (understandable), but you also say hackers? If something is hard, the people to pick at it first will be hackers. Second of all, have you even installed NetBSD? I think NetBSD and OpenBSD are the _easiest_ to install. It's about as straightfoward as you can get. Not to mention their new installation program makes installing NetBSD even easier.
As for the Alpha hardware...well, Alpha has seen it's day come and go -- at least as far as hobbyist hardware is concerned.
Alpha hardware is very alive and well. I used to work at a place doing nothing but building Alpha boxen and putting Linux on them. I can't even remember how many clusters we put together for Bloomberg. Yes, that's right, BLOOMBERG. I'm talking clusters of 100-300 nodes, all being UP2000 boards with 2 750 Mhz Alphas, and 1 gig of RAM.
RISC along with NetBSD, and for that matter, *BSD in general, are dead.
Dictionary.com's definition of dead (business wise): Not commercially productive; idle. So what you're telling me, is that the *BSD's have been idle, and not productive in the past few months? Ha. Far from it. Face it, youre just another Troll that uses Linux because you heard it was 'cool'. I'll put money on the fact you posted your story using Internet Explorer running some release of Windows.
the difference between MS and linux, is that you actually have a _choice_ with linux. i run only blackbox for my window manager, and i seriously doubt that I would ever be affected by a linux (scripting) virus.
well, i wouldn't necessarily no bugs. as one netbsd developer said, every system has bugs, its just some systems have less. i love openbsd, its my favorite of all the BSD's, but to say it doesn't have any bugs is just foolish.
but why run something emulated when you can run on the accual OS they are written for
this is a general misconception. when freebsd (or any bsd for that matter) runs a linux application, its not emulating anything, its just intercepting syscalls from the linux binary.
So what you're trying to say is because Red Hat _finally_ decided to join the online-updates arena a little too late, and that they had to spend thousands of dollars to play catch up, that the users should be charged for it? Feh! Debian has been doing online updates for years now, and for FREE.
I think the best commercial was the Snickers commercial when this guy was on the side of the street selling talking dolls, and some guy came up and asked him for the 'wazzzzzup' guy, and he smashed him! At last! Victory! That has been the most obnoxious series of commercials I have seen in years. There is nothing more annoying than hearing that phrase being repeated 50 times a day, so needless to say when the guy stomped that 'wazzzzzup' doll, I was cheering myself. In fact, I think there is a hunger inside me right now.;)
Thats an aweful attitude to have in life. I know Im not the happiest person, or the richest person, but I try to do things to make what I have that much better. Drowing yourself in smoke and booze does nothing except make the problems disappear for a few hours, but once you become sober again, you realize you cant escape them with chemicals. I guess youre one of the millions of people who need to have something done DIRECTLY to them to see the _true_ dangers and risks. That is unfortunate.
I am a 19 year-old straightedge person (being straightedge means no drinking, no smoking and no drugs). I honestly believe I am this way because I've watched all these substances destroy my family and some of my friends.
I just wanted to know if your views of alcohol, in general, has changed after your accident or if you have joined any anti-drunk driving organisations (i.e. MADD)?
Taken from the article:
"OpenBSD's team reviews all code, looking for possible exploits as well as any other userland exploits."
This is simply not true. The OpenBSD doesn't look for 'possible exploits', they just fix bugs/buffer overflows. It just so happens that sometimes these bugs result in exploits. I believe it was Aaron Campbell who said that he doesn't know the first thing about writing exploits, he just fixes code that is 'wrong', and in my opinion, this is how it should be done.
Slashdot Mirror
My guess is that they will release a revision 2 keyboard with some lame XOR encryption that can be cracked within a week.
:)
This raises an interesting point... can one spoof their keyboard's identity to send keystrokes to another reciever?
I wonder how fast someone can type "echo + + > ~/.rhosts"
---------------
hahaha... good call!
by the way, dont forget OpenBSD 2.9 is being released in a week! Help support the cause and buy a CD for you and a friend!
---------------
I wonder if the volume of site-defacements will go down, because there won't be a site mirroring the defacements? Alot of the 0day skr1pt-kiddiez deface just to make their mark on attrition, but if they dont have anybody to "impress", do you think they will still waste their time? It will be interesting to see if the amount of defacements decreases.
---------------
And it takes a lot of work to make OpenBSD useful
:)
Yeah, you know... cd'ing to the ports section of the application you want and typing 'make install clean'. Phew. Hard work.
which in turn makes it more vulnerable
Uhm, third-party apps don't make OpenBSD itself more vulnerable. Its not like if you install wuftpd on an OpenBSD box, the internal crypto subsystem would stop working, or it would suddenly drop your kern.securelevel to -1. Its the job of the admin to check out any services they are running for known exploits, perhaps grep the code for insecure functions, and do some active penetration tests (standard overflows, format strings, etc).
And don't tell me I don't know what I am talking about
You don't know what you are talking about.
I am a consultant who has installed OpenBSD on over 40 machines in 14 clients of the years
Great, I have installed OpenBSD on over 200 boxen and converted more than 25 people who used to use other BSD's and other Unicies (Solaris, UnixWare).
I don't see it doing more than the most basic Internet-facing stuff
Ho ho ho... I don't know where to begin with this comment. For one, I don't understand how you see this stuff as basic. Have you ever looked at the core code in OpenBSD? I bet you've never written IPSEC code, or a mail server. Whatever you're doing, it's obviously wrong, because you can do anything on an OpenBSD box that you can do with a Linux box, with the exception of stuff like video games, but don't blame that on OpenBSD... blame that on video card companies and gaming companies for not porting their software to BSD.
because the attitude of many of the chief OpenBSD developers turns off others who might work on the project
I've talked with Theo on many occasions, whether it be a question about OpenBSD, or about drivers or donations, and he has been more than helpful, and has even included smiley faces in his email. Maybe youre the one coming off as an asshole?
---------------
How do you know most of them cannot craft exploits?
..only better than most?
..that is above all that.
Because one of the developers came right out and said it in an article.
Even if they claim they either don't or can't, does'nt necessarily reflect what they like to do when nobody is watching.
What the fsck are you talking about.
"Far from perfect", what.. [snip]
*sigh* You obviously missed the point. Far from perfect as in nothing in this fucking universe is perfect. And what is the best? IMHO, OpenBSD... something being the "best" is just a matter of someones opinion.
Perhaps, TDR and the gang.. [snip]
Honestly, what was the point of that rant... you had no point and drew no conclusion. It's like you were argueing with yourself.
Your post gave me a headache... I award you no points, and may God have mercy on your soul.
---------------
Except that none of the developers ever said they are security gurus. Most of them don't even know how to craft an exploit. One of the most important goals to the OpenBSD project, is correctness, which includes writing code.
If you think about it, 95% of the exploits out there exploit the same thing over and over again... buffer overflows, format strings, etc. The person to blame is the programmer for creating sloppy code and using functions that do not perform bounds checking. When the OpenBSD team 'audits' their code, they don't go looking for exploitable code, they just go looking for programming errors (bugs). A side effect of such scrutiny is code that is more 'secure'.
Not to mention the project is based in Canada, which allows for the exportation of some awesome crypto.
Remember, a system is as secure as it's weakest link. OpenBSD is far from perfect, it's just a lot better than most of the stuff out there.
---------------
This seems like the greatest release of OpenBSD thus far. Im certainately glad to see the Alpha port back, and it's great to see OpenBSD _finally_ including new software. I know sometimes including the latest and greatest isn't exactly in the vein of OpenBSD, but it's still nice to see them shipping X4.0.3. I still can't believe the filesystem improvements. This is by far the best release yet!
---------------
So he stopped buying AMD* just because his K6 was a fluke? Well, I can't say I feel sorry for him when he buys a Pentium 4, instead of an Athlon, which, clock for clock, is faster, and a lot less expensive.
---------------
Nintendo used to be the one other gaming console makers looked towards for direction, now it seems they are way behind the times. With awesome gaming platforms like PS2, Xbox, and the DREAMCAST (only $99!!), they better have some awesome hardware and specs bundled with the Gamecube, or else Nintendo will be in a world of hurt. The ultimate goal they need to focus on is what can they offer gamers that the PS2 and Dreamcast can't. Both units have awesome graphics, the Dreamcast comes with all sorts of components (keyboard, ethernet adapter), and with the advent of the Xbox, Nintendo better have something else up their sleeves besides just another console.
---------------
I regularly go to NetBSD.org, and see the pathetic hodge-podge of ports they've managed to achieve. They've ported their OS to Dreamcast's and Amigas, and a whole host of obsolete boxes.
Since when is the Dreamcast obsolete? It came out about a year ago.
But it makes me wonder why people would expend effort banging their heads against old obsolete junk that no one is ever going to run? Old VAXStations and VMEBus junk? What masochist would even bother trying to get that stuff to run?
What are you talking about? Have you ever stepped outside of your x86 LAN of 5 computers in your bedroom? There are a TON of VAX's still in use today, especially at colleges. I know I would rather spend $30USD to get an old VAX that does the job up and running, instead of trying to convince the university to drop thousands of dollars on new equipment. Not to mention all the people that can't afford the latest and greatest hardware (schools, new businesses, etc...)
I wish these people would use their talents for productive things...they could be making their OS better, more stable and easier to use. Not to mention the fact that NetBSD, like the other BSD's is pretty thin on driver support for most modern hardware. Couldnt they be writing drivers for harware that matters?
You've obviously missed the point of NetBSD in general. Their core code has to be the cleanest code I have ever seen, and that's because it has to be in order to port to all different architectures. Driver support is awesome. NetBSD even officially supports devices like the Diamond Rio 500. How about you specifically tell us what you couldn't get working.. some awful proprietary piece of microsoft hardware?
And the whole ease-of-use thing is not something you can dismiss either...NetBSD is harder to get installed than six-year-old Slackware. I'd really -LIKE- NetBSD and OpenBSD to be more popular among users and hackers, but people like that want to program and run apps, not solve a Rubik's cube!
First of all, you say the installation program is too 'hard', and that it turns away normal users (understandable), but you also say hackers? If something is hard, the people to pick at it first will be hackers. Second of all, have you even installed NetBSD? I think NetBSD and OpenBSD are the _easiest_ to install. It's about as straightfoward as you can get. Not to mention their new installation program makes installing NetBSD even easier.
As for the Alpha hardware...well, Alpha has seen it's day come and go -- at least as far as hobbyist hardware is concerned.
Alpha hardware is very alive and well. I used to work at a place doing nothing but building Alpha boxen and putting Linux on them. I can't even remember how many clusters we put together for Bloomberg. Yes, that's right, BLOOMBERG. I'm talking clusters of 100-300 nodes, all being UP2000 boards with 2 750 Mhz Alphas, and 1 gig of RAM.
RISC along with NetBSD, and for that matter, *BSD in general, are dead.
Dictionary.com's definition of dead (business wise): Not commercially productive; idle. So what you're telling me, is that the *BSD's have been idle, and not productive in the past few months? Ha. Far from it. Face it, youre just another Troll that uses Linux because you heard it was 'cool'. I'll put money on the fact you posted your story using Internet Explorer running some release of Windows.
---------------
who waited? *raises hand*
---------------
the difference between MS and linux, is that you actually have a _choice_ with linux. i run only blackbox for my window manager, and i seriously doubt that I would ever be affected by a linux (scripting) virus.
well, considering the fact that openbsd has zero smp support.... id say linux 2.4 has a better smp system.
Maybe you will learn how to correctly phrase sentences. ;)
well, i wouldn't necessarily no bugs. as one netbsd developer said, every system has bugs, its just some systems have less. i love openbsd, its my favorite of all the BSD's, but to say it doesn't have any bugs is just foolish.
but why run something emulated when you can run on the accual OS they are written for
this is a general misconception. when freebsd (or any bsd for that matter) runs a linux application, its not emulating anything, its just intercepting syscalls from the linux binary.
So what you're trying to say is because Red Hat _finally_ decided to join the online-updates arena a little too late, and that they had to spend thousands of dollars to play catch up, that the users should be charged for it? Feh! Debian has been doing online updates for years now, and for FREE.
I think the best commercial was the Snickers commercial when this guy was on the side of the street selling talking dolls, and some guy came up and asked him for the 'wazzzzzup' guy, and he smashed him! At last! Victory! That has been the most obnoxious series of commercials I have seen in years. There is nothing more annoying than hearing that phrase being repeated 50 times a day, so needless to say when the guy stomped that 'wazzzzzup' doll, I was cheering myself. In fact, I think there is a hunger inside me right now. ;)
If everyone is anti-drunk driving, then why do tragidies like this exist?
Thats an aweful attitude to have in life. I know Im not the happiest person, or the richest person, but I try to do things to make what I have that much better. Drowing yourself in smoke and booze does nothing except make the problems disappear for a few hours, but once you become sober again, you realize you cant escape them with chemicals. I guess youre one of the millions of people who need to have something done DIRECTLY to them to see the _true_ dangers and risks. That is unfortunate.
I am a 19 year-old straightedge person (being straightedge means no drinking, no smoking and no drugs). I honestly believe I am this way because I've watched all these substances destroy my family and some of my friends.
I just wanted to know if your views of alcohol, in general, has changed after your accident or if you have joined any anti-drunk driving organisations (i.e. MADD)?
Taken from the article:
"OpenBSD's team reviews all code, looking for possible exploits as well as any other userland exploits."
This is simply not true. The OpenBSD doesn't look for 'possible exploits', they just fix bugs/buffer overflows. It just so happens that sometimes these bugs result in exploits. I believe it was Aaron Campbell who said that he doesn't know the first thing about writing exploits, he just fixes code that is 'wrong', and in my opinion, this is how it should be done.