This is true, but the base install is pretty limited, so it's hard to compare, really.
That's not a bug: it's a feature. I know you already know that, but I mention it for the benefit of people not already familiar with OpenBSD. OpenBSD installs almost nothing by default, to the point that many systems don't even have man pages or a compiler. Fewer things installed = few things to break = fewer attack vectors = fewer things to maintain.
That also means that it's trivially easy to deploy a task-specific server that runs almost nothing not directly related to performing that task. For example, here are all the processes running after booting a particular mail gateway:
$ ps ax PID TT STAT TIME COMMAND 1 ?? Ss 0:00.01/sbin/init 21888 ?? Is 0:00.00 syslogd: [priv] (syslogd) 11594 ?? I 0:00.01/usr/sbin/syslogd -a/var/www/dev/log -a/var/empty/dev/log 18652 ?? Is 0:00.00 pflogd: [priv] (pflogd) 16925 ?? S 0:00.01 pflogd: [running] -s 160 -i pflog0 -f/var/log/pflog (pflogd) 4551 ?? Is 0:00.00 ntpd: [priv] (ntpd) 12960 ?? S 0:00.01 ntpd: ntp engine (ntpd) 15118 ?? I 0:00.00 ntpd: dns engine (ntpd) 8253 ?? Is 0:00.00/usr/sbin/sshd 32235 ?? Ss 0:00.01 sendmail: accepting connections (sendmail) 1749 ?? Ss 0:00.00/usr/sbin/cron 23675 ?? Is 0:00.05 sshd: kirk [priv] (sshd) 25682 ?? S 0:00.04 sshd: kirk@ttyp0 (sshd) 17102 p0 Ss 0:00.19 -zsh (zsh) 17713 p0 R+ 0:00.00 ps -ax 8581 C0 Is+ 0:00.00/usr/libexec/getty std.9600 ttyC0 4910 C1 Is+ 0:00.00/usr/libexec/getty std.9600 ttyC1 25709 C2 Is+ 0:00.00/usr/libexec/getty std.9600 ttyC2 12308 C3 Is+ 0:00.00/usr/libexec/getty std.9600 ttyC3 19809 C5 Is+ 0:00.00/usr/libexec/getty std.9600 ttyC5
So we have init (boots the system; makes sure things are running that are supposed to be); the system event logger; the firewall event logger; an NTP daemon to keep the time set correctly; the SSH daemon I used to connect into it; Sendmail (the OpenBSD-hardened version); the scheduled task manager; my shell process; and the program that listens for console logins. There's just not a lot you can strip away from that.
Here's the list of open sockets that an external user can connect to:
So SMTP (25 and 587) and SSH are listening. Again, that's as minimal as you can feasibly get. Well, I suppose you could axe everything firewall related, since the only open ports are to services that are deliberately exposed to the Internet already, but security comes in layers.
It's obviously possible to build secure systems with other OSes, but OpenBSD goes a long way toward making it easy. "Secure by default" is a wonderful starting point!
Oh, and pf has the most beautiful firewall rule syntax of any system I've ever used.
Aren't you also forced to watch commercials when you have a cable subscription? Just because you pay for the cable subscription does not mean that there are no commercials.
Correct, so when I buy a "premium" service (their word, not mine), I expect an upgrade over the alternatives. In my opinion, Hulu isn't an upgrade over its main competitor for my TV-watching dollar: basic cable. I certainly don't view it as an upgrade over Netflix, which is its biggest online competition (even though you seem to be under the impression that it isn't).
I signed up for a Hulu trial a month ago. Here's the subsequent interaction I had with them on Twitter:
Me: "Wait, so let me get this straight: you have to pay for Hulu Plus, but you still get commercials? BitTorrent doesn't have commercials. #fail"
@hulu_support: "@kstrauser Hi there! Current season content is expensive, and ads help us compensate our content providers."
Me: "@hulu_support Thanks, but no. I won't be finishing my trial week."
According to Wikipedia, NBCUniversal, Fox Entertainment Group, and Disney-ABC Television Group own a total of 90% of Hulu. You seriously mean to tell me that a company almost totally owned by 3 of the 4 major broadcast networks can't afford to air those networks' own content commercial-free, even when I'm paying them directly without any cable or dish operator acting as an intermediary? I call BS.
Netflix isn't perfect, but I can understand why some content is out of their reach. Qwikster misstep last year aside, I'm happy with their service. I just can't find a reason why I'd ever pay for Hulu, though. If I'm going to have to pay for ad-laden content, I'll get basic cable and be done with it.
And yes, I cancelled my free trial before the week was over. I was sure to tell them why on my way out the door.
I'm amused that FreeBSD gets this one 100% correct "out of the box". As many processes may open and write to/dev/dsp as want to, and all mixing is automatically handled in software or hardware as needed. The best thing anyone could do for audio on Linux would be to give up on it, integrate what FreeBSD perfected, and be done with it.
Fortunately for the Republicans, enough Dems went along with the stupidity that the bill passed. If those 42 Dems hadn't voted against their constituents' interests, the final vote would've been 206 GOP ayes versus 210 mostly-Dem noes.
Why can't Congress ever work together on something I want?
According to an AP news article (http://bit.ly/Jd55Zz):
--------
WICHITA, Kan. (AP) — The grandmother of a 4-year-old girl who became hysterical during a security screening at a Kansas airport said Wednesday that the child was forced to undergo a pat-down after hugging her, with security agents yelling and calling the crying girl an uncooperative suspect.
--------
I am afraid for my country. We've been reduced to molesting terrified little girls in airports for a demonstration of fake security. When will this end? Please use your position as a Senator from our great state to protect Americans from the TSA.
Respectfully,
Kirk Strauser
What bothers me most is that I halfway expect to be asked about those letters or this post the next time I fly.
I worked for a company whose very first paying customer was named Richard Test. Poor Mr. Test had his account deleted by well-meaning and fastidious secretaries several times. (We'd have just renumbered his account if that ID wasn't used in a zillion other systems.)
It's not ad hominem to point out an entity's likely biases when they release a report conveniently supporting those biases. For instance, you can safely ignore anything ever written by Florian Mueller, Dan Lyons, or Maureen O'Gara about Linux and "intellectual property", because each of them have clearly demonstrated anti-Linux sentiments.
"Ad hominem" is "don't listen to him because he looks and smells funny". It's not "don't listen to him because he has a history of saying exactly this and being wrong about it".
Android includes a set of core libraries that provides most of the functionality available in the core libraries of the Java programming language.
Every Android application runs in its own process, with its own instance of the Dalvik virtual machine. Dalvik has been written so that a device can run multiple VMs efficiently. The Dalvik VM executes files in the Dalvik Executable (.dex) format which is optimized for minimal memory footprint. The VM is register-based, and runs classes compiled by a Java language compiler that have been transformed into the.dex format by the included "dx" tool.
The Dalvik VM relies on the Linux kernel for underlying functionality such as threading and low-level memory management.
But seeing as how cross-platform compatibility isn't a stated goal or feature of Java The Language on Android, that's all totally irrelevant to the situation at hand. Suppose someoneimplementedPython on a non-CPython VM. Your logic would imply that the Python Software Foundation should be able to sue them for breaking cross-platform.pyc compatibility. That's ludicrous.
That's a strawman; I never said anything about Apple being defenseless. But destitute insurgents in the Middle East caused terrible damage to our army, an army they could never hope to build and sustain on their own, and we were hardly defenseless. But that leads back to my premise: it's easier to destroy than to build. Greenpeace could never create an organization as strong and efficient as Apple, but they don't have to be able to be Apple to throw stones at them.
And there are an infinite number of reasons why LaTeX is better than both.
...and an infinite-minus-one number of reasons why Markdown is better than LaTeX (the "-1" being math typesetting). I don't remember the last time I opened a word processor to write something new as opposed to reading a document that's been sent to me. Instead, I'll open a new editor tab/pane/buffer and start typing good ol' barely-formatted text. And with Pandoc, I can trivially convert that beautiful plaintext file to HTML, Word, EPUB, LaTeX, or almost any other document format.
LaTeX is wonderful and I have nothing bad to say about it, but I personally only use the subset of its abilities that Markdown supports in a much easier, simpler manner.
I agree with almost everything you say, but I "play devil's advocate" in good faith. I try to get others to see the opposite argument, even (perhaps especially!) if they don't want to. On the plus side,/.'s finely honed my debating skills in that I've gotten in the habit of identifying and countering arguments against my position before anyone else can. That's actually proven a handy skill to have.
That's not always true. I've played devil's advocate many times without ever been called a shill, at least that I remember. A big part of avoiding the accusation is being able to justify controversial positions in a thoughtful manner. Good: "Microsoft might have a point this time, because of [such and such legal case] and [the other party did something notably stupid]." Bad: "For the eleventieth time today: Liinux owes teh SCO some serious cash."
In my experience, Slashdot is remarkably tolerant of unpopular positions as long as you can give a plausible reason why you're espousing them, or why you can understand someone else holding them. But as Sagan said, "extraordinary claims require extraordinary evidence". You better be able to back them up, or you will get called out.
If this is the case, and the "chaos" that awaits is us migrating into a higher orbit, then whoopee, there goes us having to worry about the greenhouse effect... Oh wait... this isn't just another excuse not to curb our burning of fossil fuels is it?
How many billions of years are you planning to live?
4. I trust any company building out a major data center to take electrical efficiency into account when designing the thing, if for no reason less selfish than wanting to save on their electric bill. Greenpeace seems to think Apple wants to run an electric heater and an air conditioner at the same time, with the windows open and all the lights on. Why wouldn't Apple want to operate their facility as cheaply as possible?
I will NEVER understand why these corporations like Apple/Toyota think they can offer a warranty, and then not honor said warranty.
For much the same reason we programmers have a difficult time acknowledging runtime errors on users' systems. Obviously our software works right; it runs on our desktops/servers/phones after all. The problem must surely be with the user doing something wrong.
Slashdot Mirror
The OS I'm using has 65536 ports.
And if you're running Windows, there's a good chance they're all in use.
This is true, but the base install is pretty limited, so it's hard to compare, really.
That's not a bug: it's a feature. I know you already know that, but I mention it for the benefit of people not already familiar with OpenBSD. OpenBSD installs almost nothing by default, to the point that many systems don't even have man pages or a compiler. Fewer things installed = few things to break = fewer attack vectors = fewer things to maintain.
That also means that it's trivially easy to deploy a task-specific server that runs almost nothing not directly related to performing that task. For example, here are all the processes running after booting a particular mail gateway:
So we have init (boots the system; makes sure things are running that are supposed to be); the system event logger; the firewall event logger; an NTP daemon to keep the time set correctly; the SSH daemon I used to connect into it; Sendmail (the OpenBSD-hardened version); the scheduled task manager; my shell process; and the program that listens for console logins. There's just not a lot you can strip away from that.
Here's the list of open sockets that an external user can connect to:
So SMTP (25 and 587) and SSH are listening. Again, that's as minimal as you can feasibly get. Well, I suppose you could axe everything firewall related, since the only open ports are to services that are deliberately exposed to the Internet already, but security comes in layers.
It's obviously possible to build secure systems with other OSes, but OpenBSD goes a long way toward making it easy. "Secure by default" is a wonderful starting point!
Oh, and pf has the most beautiful firewall rule syntax of any system I've ever used.
Aren't you also forced to watch commercials when you have a cable subscription? Just because you pay for the cable subscription does not mean that there are no commercials.
Correct, so when I buy a "premium" service (their word, not mine), I expect an upgrade over the alternatives. In my opinion, Hulu isn't an upgrade over its main competitor for my TV-watching dollar: basic cable. I certainly don't view it as an upgrade over Netflix, which is its biggest online competition (even though you seem to be under the impression that it isn't).
I'm a bit confused.
Yes.
I signed up for a Hulu trial a month ago. Here's the subsequent interaction I had with them on Twitter:
Me: "Wait, so let me get this straight: you have to pay for Hulu Plus, but you still get commercials? BitTorrent doesn't have commercials. #fail"
@hulu_support: "@kstrauser Hi there! Current season content is expensive, and ads help us compensate our content providers."
Me: "@hulu_support Thanks, but no. I won't be finishing my trial week."
According to Wikipedia, NBCUniversal, Fox Entertainment Group, and Disney-ABC Television Group own a total of 90% of Hulu. You seriously mean to tell me that a company almost totally owned by 3 of the 4 major broadcast networks can't afford to air those networks' own content commercial-free, even when I'm paying them directly without any cable or dish operator acting as an intermediary? I call BS.
Netflix isn't perfect, but I can understand why some content is out of their reach. Qwikster misstep last year aside, I'm happy with their service. I just can't find a reason why I'd ever pay for Hulu, though. If I'm going to have to pay for ad-laden content, I'll get basic cable and be done with it.
And yes, I cancelled my free trial before the week was over. I was sure to tell them why on my way out the door.
Sound doesn't work out of the box.
I'm amused that FreeBSD gets this one 100% correct "out of the box". As many processes may open and write to /dev/dsp as want to, and all mixing is automatically handled in software or hardware as needed. The best thing anyone could do for audio on Linux would be to give up on it, integrate what FreeBSD perfected, and be done with it.
Fortunately for the Republicans, enough Dems went along with the stupidity that the bill passed. If those 42 Dems hadn't voted against their constituents' interests, the final vote would've been 206 GOP ayes versus 210 mostly-Dem noes.
Why can't Congress ever work together on something I want?
This argument makes zero sense, you have no idea the chances of life arising, it COULD be 50 orders of magnitudes smaller than the number of planets.
...in the observable universe, which is, of course, dwarfed by "infinity" (assuming current cosmology is reasonably accurate).
What I just wrote to my Senators:
According to an AP news article (http://bit.ly/Jd55Zz):
--------
WICHITA, Kan. (AP) — The grandmother of a 4-year-old girl who became hysterical during a security screening at a Kansas airport said Wednesday that the child was forced to undergo a pat-down after hugging her, with security agents yelling and calling the crying girl an uncooperative suspect.
--------
I am afraid for my country. We've been reduced to molesting terrified little girls in airports for a demonstration of fake security. When will this end? Please use your position as a Senator from our great state to protect Americans from the TSA.
Respectfully,
Kirk Strauser
What bothers me most is that I halfway expect to be asked about those letters or this post the next time I fly.
You now have two copies of the book, one printed and a second digital copy.
Are you under the impression that format shifting was illegal?
I worked for a company whose very first paying customer was named Richard Test. Poor Mr. Test had his account deleted by well-meaning and fastidious secretaries several times. (We'd have just renumbered his account if that ID wasn't used in a zillion other systems.)
It's not ad hominem to point out an entity's likely biases when they release a report conveniently supporting those biases. For instance, you can safely ignore anything ever written by Florian Mueller, Dan Lyons, or Maureen O'Gara about Linux and "intellectual property", because each of them have clearly demonstrated anti-Linux sentiments.
"Ad hominem" is "don't listen to him because he looks and smells funny". It's not "don't listen to him because he has a history of saying exactly this and being wrong about it".
Google is breaking the Java "contract" with developers: portability.
I'd be much more (read: nonzero) sympathetic to that position if Google didn't explicitly state that their binaries run on Dalvik, and not the JVM:
But seeing as how cross-platform compatibility isn't a stated goal or feature of Java The Language on Android, that's all totally irrelevant to the situation at hand. Suppose someone implemented Python on a non-CPython VM. Your logic would imply that the Python Software Foundation should be able to sue them for breaking cross-platform .pyc compatibility. That's ludicrous.
It's perfectly acceptable to assume the X of Y, as long as you use the Y's with defined X's
I don't think "assume" means what you think it means.
That's a strawman; I never said anything about Apple being defenseless. But destitute insurgents in the Middle East caused terrible damage to our army, an army they could never hope to build and sustain on their own, and we were hardly defenseless. But that leads back to my premise: it's easier to destroy than to build. Greenpeace could never create an organization as strong and efficient as Apple, but they don't have to be able to be Apple to throw stones at them.
And there are an infinite number of reasons why LaTeX is better than both.
...and an infinite-minus-one number of reasons why Markdown is better than LaTeX (the "-1" being math typesetting). I don't remember the last time I opened a word processor to write something new as opposed to reading a document that's been sent to me. Instead, I'll open a new editor tab/pane/buffer and start typing good ol' barely-formatted text. And with Pandoc, I can trivially convert that beautiful plaintext file to HTML, Word, EPUB, LaTeX, or almost any other document format.
LaTeX is wonderful and I have nothing bad to say about it, but I personally only use the subset of its abilities that Markdown supports in a much easier, simpler manner.
I agree with almost everything you say, but I "play devil's advocate" in good faith. I try to get others to see the opposite argument, even (perhaps especially!) if they don't want to. On the plus side, /.'s finely honed my debating skills in that I've gotten in the habit of identifying and countering arguments against my position before anyone else can. That's actually proven a handy skill to have.
If you had your kids vaccinated before they were able to discuss it with you, you believe in forcing people to take shots.
I also force them to go to school and eat their vegetables, even when they don't want to.
That's not always true. I've played devil's advocate many times without ever been called a shill, at least that I remember. A big part of avoiding the accusation is being able to justify controversial positions in a thoughtful manner. Good: "Microsoft might have a point this time, because of [such and such legal case] and [the other party did something notably stupid]." Bad: "For the eleventieth time today: Liinux owes teh SCO some serious cash."
In my experience, Slashdot is remarkably tolerant of unpopular positions as long as you can give a plausible reason why you're espousing them, or why you can understand someone else holding them. But as Sagan said, "extraordinary claims require extraordinary evidence". You better be able to back them up, or you will get called out.
If this is the case, and the "chaos" that awaits is us migrating into a higher orbit, then whoopee, there goes us having to worry about the greenhouse effect... Oh wait... this isn't just another excuse not to curb our burning of fossil fuels is it?
How many billions of years are you planning to live?
I do wonder how it is that an organisation that "rakes in" about 1% *annually* of what Apple raked in last *quarter* is somehow bullying Apple?
Because it's a lot cheaper to destroy than to build. I can pick up a rock, for free, and throw it through an expensive plate glass window.
How about:
4. I trust any company building out a major data center to take electrical efficiency into account when designing the thing, if for no reason less selfish than wanting to save on their electric bill. Greenpeace seems to think Apple wants to run an electric heater and an air conditioner at the same time, with the windows open and all the lights on. Why wouldn't Apple want to operate their facility as cheaply as possible?
I'm an energy system researcher with no connection to Greenpeace, but the research reports they produce are very good.
Except when they flat-out make shit up. I wouldn't trust a Greenpeace report demonstrating that the sky was blue.
I will NEVER understand why these corporations like Apple/Toyota think they can offer a warranty, and then not honor said warranty.
For much the same reason we programmers have a difficult time acknowledging runtime errors on users' systems. Obviously our software works right; it runs on our desktops/servers/phones after all. The problem must surely be with the user doing something wrong.
Yes. I was proctored, inspected, detected, infected, neglected and selected.
Yeah. I narrowed the range to somewhere between Charly and Charlie, depending on how much coffee and sleep I had that day.