I'd equivocate our security roughly with that of the ultra-secure operating systems used by the NSA. A non-executable stack is one of our own innovations - I thought this up one night while hacking away at some network code. Certainly, you couldn't claim that we aren't innovating in our distro. I guess you could say, we are working on things more significant and important than making sure OpenBSD works on crusty old PDP-8s and Nintendos.
As OpenBSD is already the most secure OS available, it's no wonder that we have some of the top scientists in Canada working on bringing in SMP support. We would have taken a ton of code from FreeBSD, but we believe that their upcoming implementation is inferior to what we could come up with on our own. Besides, there's no telling what kind of glaring security holes there could be in FreeBSD's SMP implementation.
In case I didn't make myself clear enough in my posting to misc@, the ECC "contribution" was really a trojan horse of patent litigation that would've taken away user's freedoms upon its use.
This is abominable behavior on the part of Sun, and I think they should perhaps ask first before trying to subvert our Free project for their own means and eventual ownership. It is in poor taste, to say the least.
It appears that a no good hacker managed to hack into one of our CVS systems and place this trojan in the code. This never would have happened if someone in our development group hadn't been irresponsible enough to install NetBSD on that CVS machine. I won't name names right now, because frankly such a mistake is too embarassing to warrant punishing the negligent person that severely, but I will say that the inherent insecurity of NetBSD got us in trouble (again).
All I can tell you is, let this be a lesson against using anything other than OpenBSD. At least we bother to look over our source code for security holes. We are still investigating exactly what led to the NetBSD machine being rooted, but we have a fair idea that it had something to do with the USB subsystem in the kernel. This is totally inexcusable. Just another reason to avoid that over-extended, slow, stinking pile of source code that is NetBSD. They oughta at least be grateful to me for finding this security hole for them, after all they've done to screw us over.
Hi. OpenBSD project leader here. We don't run source code without looking it over first. However, upon examination of the source packages, it does indeed appear that it has been trojaned. Perhaps you reconsider your hoax accusation; just because you didn't get the bad source distribution doesn't automatically mean it never happened. It's this kind of attitude of pretending that security holes don't exist until they blow up in your face that has caused KDE so many security problems in the past. I sincerely hope you are no longer a primary contributer to the project.
I don't really have a problem with the FreeBSD team. They produce excellent, high performance code for the x86 platform. As for their developers, I haven't really communicated with them, so I couldn't really say one way or the other.
I hear all these great things about the upcoming FreeBSD "release", but I never see any of these features touched by the light of day, so to speak. Why? Because, quite simply, all these warm, fuzzy feelings about FreeBSD are just that. Feelings. I have not yet seen a single feature mentioned here actually work effectively on a production machine. Not to mention that many people here are most likely foolish enough to run a release on production hardware just because it has some shiny new features like "SMP support".
Fine, they can do that, but when their boot partition gets corrupted by bad code, they'll be left wishing that they used something more reliable, like OpenBSD. Or even, and I say this reluctantly, the antiquated and arcane NetBSD. No one really needs these silly features, and they can only lead to system instability and security holes.
Every time I see someone call Java "portable," I just shake my head in wonderment that anyone could be that ignorant.
Sure, Sun Microsystems would like you to believe that Java is the ultimate in cross-platfrom portability, but could you list all the platforms that the latest JDK runs on? Hmm... let's see...
Windows
Mac OS
Linux
FreeBSD (maybe one of these days...)
Don't see OpenBSD in there, do you? Or NetBSD, the king of so-called "portability" (the irony is stinging). Furthermore, Java can't even perform as well as C or even C++. How do they expect to use this to write games for consoles that already have limited resources?
It is apparent that the only clear choice for game development is still well-written C. It's fast, clean and, if well-written, far more portable than Java could ever hope to be.
Why would it be a problem if I were to be on the show? I've created the most secure, stable operating system available under a truely Free license. I forked from NetBSD. I turned shit into gold with my Midas touch. People ought to be paying me to appear on television.
If nothing else catches their eye about open source software, maybe it would be the assurance that a team of experienced developers out there are developing the next generation of freely available information security tools (OpenSSH and OpenSSL, anyone?) that are already tightly integrated with a strong, BSD-based OS. We've already started working closely with several crypto-card manufacturers to write drivers for lightning-fast VPNs.
You are right about ESR, though. He's a nut.
Re:Where are the Free ISO images of OpenBSD?
on
NetBSD 1.5ZB
·
· Score: 1
I think you're here bashing NetBSD because you can't handle the competition.
You are mistaken here. There isn't really a competition here, per se. OpenBSD is just the logical evolution of NetBSD. NetBSD has already served its purpose in history. Only zealots like yourself would term any two open source projects as being in "competition" with each other. It is obvious to the clearer-thinking among us that two free projects, by their very nature, can't compete with each other. To say anything else is simply measuring the length of your penis with the popularity of your OS of choice.
You won't make ISO images available apparently because you don't want to lose your only source of income.
Take a good look at the BSD license, you fucking moron. Exactly where in there does it say that someone can't make a derivative work and sell it on his own terms? If you're so interested in depriving programmers of income, why don't you spout your foul little grease-hole off in favor of the GPL?
Meanwhile NetBSD makes ISO images available for many ports, and also creates ISO images of tons of prebuilt packages for NetBSD/i386.
Yet another thing that you fail to notice is that most of the useless platforms NetBSD gets ported to don't support booting off of CD-ROM images. Yes, that's right. It's entirely useless to make a CD-ROM image for the PDP-11 port.
NetBSD stopped being useful once I forked OpenBSD.
on
NetBSD 1.5ZB
·
· Score: -1, Flamebait
NetBSD, for all the merits that it had in its early releases, no longer serves a real purpose. When I took the code after being locked out of the development team and made something useful out of it, it only inspired more jealousy from their corner. They were left bickering like old women while I created a more open system where everyone could contribute and no one would have to go out of their way to secure their default install.
What business does anyone have with running UNIX on something so esoteric and outdated as an FIC8234? Is "portability" really an asset when the only platforms it supports that the rest of the UNIX world doesn't are so obsolete that it would be faster and cheaper to simply buy an old Pentium machine? What else does NetBSD have going for it? They were good for a USB system (which was the first of its kind in the UNIX world and is much less broken than it's Linux equivalent) and what else?
Frankly, I think that NetBSD has reached its endgame. There are only so many platforms you can port to until you have it running on your toaster. And frankly, I think its unprofessional to let things like SMP support or a decent packaging system slide while focusing on porting to platform after deficient platform. I have only one question: when I install NetBSD on my toaster one day, how many keys/second will it do for Distributed.net?
I often read here on Slashdot that security through obscurity is no security at all. This is just another convenient mantra that people like to parade around when they want other people to think that they know something. The truth is that obscurity is an essential part of any electronic security scheme.
The most obvious example of this principle is in encryption. In both public- and private-key schemes, it is essential that you obscure your keys (or private keys) from view in order to maintain secure communications. It works the same way with other methods, such as keeping the command structure of a sattelite secret. If no one knows the command structure, they might as well be brute forcing an encrypted message, because a command could be just about any length to be valid.
So really, people here should be very careful when speaking in absolutes. It doesn't work when comparing the performance of operating systems, and it certainly doesn't work here.
Here's a clue: Not understanding what you happen to understand does not make one stupid or unqualified for their job.
However, the inability to learn new things is most certainly a sign of stupidity. Nowhere in my post did I say that there should be a shifting of responsibilities in other departments onto the already overloaded backs of the programming group.
If the people in your company don't understand how to use CVS, or even what it is, then they really shouldn't be demanding that their documents are kept in an orderly fashion.
Don't bother trying to get an "easy to use" solution, which will take up valuble system resources just to run. Anything worth doing can be done from something simple like CVS.
If they are really so dumb that they CAN'T learn CVS, well, its time to tell them that they are in the wrong field, and that they should consider a carrer in garbage collection or burger flipping. Tough love oughta get them educated real fast.
I just hope that our continued improvement of Linux binary support will ease the transition from Linux to OpenBSD. These components will help people realize that they can still run all of their commercial Linux applications without having to worry about doing so on a cobbled together and insecure operating system.
Thus, you will less and less of phenomena such as the Ramen Worm and other stupid security issues in the future when commerce sites switch over to OpenBSD while still running such things as Oracle 8i and other applications that have a Linux port but no OpenBSD binaries.
Slashdot Mirror
I'd equivocate our security roughly with that of the ultra-secure operating systems used by the NSA. A non-executable stack is one of our own innovations - I thought this up one night while hacking away at some network code. Certainly, you couldn't claim that we aren't innovating in our distro. I guess you could say, we are working on things more significant and important than making sure OpenBSD works on crusty old PDP-8s and Nintendos.
As OpenBSD is already the most secure OS available, it's no wonder that we have some of the top scientists in Canada working on bringing in SMP support. We would have taken a ton of code from FreeBSD, but we believe that their upcoming implementation is inferior to what we could come up with on our own. Besides, there's no telling what kind of glaring security holes there could be in FreeBSD's SMP implementation.
This is abominable behavior on the part of Sun, and I think they should perhaps ask first before trying to subvert our Free project for their own means and eventual ownership. It is in poor taste, to say the least.
All I can tell you is, let this be a lesson against using anything other than OpenBSD. At least we bother to look over our source code for security holes. We are still investigating exactly what led to the NetBSD machine being rooted, but we have a fair idea that it had something to do with the USB subsystem in the kernel. This is totally inexcusable. Just another reason to avoid that over-extended, slow, stinking pile of source code that is NetBSD. They oughta at least be grateful to me for finding this security hole for them, after all they've done to screw us over.
Hi. OpenBSD project leader here. We don't run source code without looking it over first. However, upon examination of the source packages, it does indeed appear that it has been trojaned. Perhaps you reconsider your hoax accusation; just because you didn't get the bad source distribution doesn't automatically mean it never happened. It's this kind of attitude of pretending that security holes don't exist until they blow up in your face that has caused KDE so many security problems in the past. I sincerely hope you are no longer a primary contributer to the project.
Yeah, those security exploits sure are craaaazy! I should be shipped to the loony bin!
As if I needed more people ripping off my OpenBSD ISO images and giving them to their friends.
Most of you people are repulsive enough without meeting you face to face.
Once and for all, my name is "Theo DeRaadt"
I don't really have a problem with the FreeBSD team. They produce excellent, high performance code for the x86 platform. As for their developers, I haven't really communicated with them, so I couldn't really say one way or the other.
Fine, they can do that, but when their boot partition gets corrupted by bad code, they'll be left wishing that they used something more reliable, like OpenBSD. Or even, and I say this reluctantly, the antiquated and arcane NetBSD. No one really needs these silly features, and they can only lead to system instability and security holes.
Thank you.
Sure, Sun Microsystems would like you to believe that Java is the ultimate in cross-platfrom portability, but could you list all the platforms that the latest JDK runs on? Hmm... let's see...
- Windows
- Mac OS
- Linux
- FreeBSD (maybe one of these days...)
Don't see OpenBSD in there, do you? Or NetBSD, the king of so-called "portability" (the irony is stinging). Furthermore, Java can't even perform as well as C or even C++. How do they expect to use this to write games for consoles that already have limited resources?It is apparent that the only clear choice for game development is still well-written C. It's fast, clean and, if well-written, far more portable than Java could ever hope to be.
Thank you.
If nothing else catches their eye about open source software, maybe it would be the assurance that a team of experienced developers out there are developing the next generation of freely available information security tools (OpenSSH and OpenSSL, anyone?) that are already tightly integrated with a strong, BSD-based OS. We've already started working closely with several crypto-card manufacturers to write drivers for lightning-fast VPNs.
You are right about ESR, though. He's a nut.
You are mistaken here. There isn't really a competition here, per se. OpenBSD is just the logical evolution of NetBSD. NetBSD has already served its purpose in history. Only zealots like yourself would term any two open source projects as being in "competition" with each other. It is obvious to the clearer-thinking among us that two free projects, by their very nature, can't compete with each other. To say anything else is simply measuring the length of your penis with the popularity of your OS of choice.
You won't make ISO images available apparently because you don't want to lose your only source of income.
Take a good look at the BSD license, you fucking moron. Exactly where in there does it say that someone can't make a derivative work and sell it on his own terms? If you're so interested in depriving programmers of income, why don't you spout your foul little grease-hole off in favor of the GPL?
Meanwhile NetBSD makes ISO images available for many ports, and also creates ISO images of tons of prebuilt packages for NetBSD/i386.
Yet another thing that you fail to notice is that most of the useless platforms NetBSD gets ported to don't support booting off of CD-ROM images. Yes, that's right. It's entirely useless to make a CD-ROM image for the PDP-11 port.
What business does anyone have with running UNIX on something so esoteric and outdated as an FIC8234? Is "portability" really an asset when the only platforms it supports that the rest of the UNIX world doesn't are so obsolete that it would be faster and cheaper to simply buy an old Pentium machine? What else does NetBSD have going for it? They were good for a USB system (which was the first of its kind in the UNIX world and is much less broken than it's Linux equivalent) and what else?
Frankly, I think that NetBSD has reached its endgame. There are only so many platforms you can port to until you have it running on your toaster. And frankly, I think its unprofessional to let things like SMP support or a decent packaging system slide while focusing on porting to platform after deficient platform. I have only one question: when I install NetBSD on my toaster one day, how many keys/second will it do for Distributed.net?
To settle this once and for all, my name is Theo DeRaadt. Happy?
The most obvious example of this principle is in encryption. In both public- and private-key schemes, it is essential that you obscure your keys (or private keys) from view in order to maintain secure communications. It works the same way with other methods, such as keeping the command structure of a sattelite secret. If no one knows the command structure, they might as well be brute forcing an encrypted message, because a command could be just about any length to be valid.
So really, people here should be very careful when speaking in absolutes. It doesn't work when comparing the performance of operating systems, and it certainly doesn't work here.
However, the inability to learn new things is most certainly a sign of stupidity. Nowhere in my post did I say that there should be a shifting of responsibilities in other departments onto the already overloaded backs of the programming group.
Don't bother trying to get an "easy to use" solution, which will take up valuble system resources just to run. Anything worth doing can be done from something simple like CVS.
If they are really so dumb that they CAN'T learn CVS, well, its time to tell them that they are in the wrong field, and that they should consider a carrer in garbage collection or burger flipping. Tough love oughta get them educated real fast.
Thus, you will less and less of phenomena such as the Ramen Worm and other stupid security issues in the future when commerce sites switch over to OpenBSD while still running such things as Oracle 8i and other applications that have a Linux port but no OpenBSD binaries.