The most secure product EVER is the product that nobody uses. OK, follow the so called "expert's" advice. If everybody follows them, MS will be the most secure in the world.
You could use the systems which get more secure with more users who are empowered (open source benefit), or you could use the system which stagnates as far as security goes, regardless of the size of the user base, because the problems can be hidden from customers.
Your choice.
PS, OpenBSD has a small user base, yet appears to be leading similar systems in terms of security. So I think security has more to do with attitude and aptitude than the number of users of a system.
This is actually the real bottleneck in modern machines and not processor power as many people think.
I didn't realise that there was one real bottleneck. Here I was, all this time, thinking that various parts in a computer system could become a bottleneck, depending on the application.
"I see it being introduced just as any other technology - early adopters will get half-baked, Rev. A quality devices and pay a large premium for them."
Why would these devices be half-baked, Rev. A quality? They're flash storage with an ATA interface. Compact Flash is flash storage with an ATA interface and CF works great as an IDE HDD drop-in replacement, with passive (no extra logic required) adaptors.
Just different packaging with maybe some better DMA capabilities over that which some Sandisk CF units already have.
Flash based IDE and SCSI interfaced solid state drives (non Sandisk) have been out for a long time.
"Hmm... I guess thermocouples are a figment of my imagination? After all, nobody has ever built a device powered by them."
Cool! Can I buy one of these for my mp3 player? It's an iRiver H340. I currently get about 16 hours playing time with the Li battery. How long could I get out of an RTG? 16 years? Will I live long enough to enjoy it?
If you can't see this whole bad situation for what it is, then oh well I don't think I'll anything else I can say will change your mind.
I could hear many other students asking the police to stop and for their ID's/badge numbers. If other students became that concerned, then that alone provides enough proof to me that the police were in the wrong and using an unreasonable amount of force.
Why should anyone here be convinced otherwise by you? That student is the victim, so I would not judge him for whatever choice he takes as a recourse.
Their insistence that he get on his feet or they would tase him again is all the proof we need that they were not the brightest bulbs in the pack. The function of a Taser shock is to disable by disrupting nerve and muscle function.
Yes. Many years ago when I first heard about the abilities of a Taser which go beyond ordinary stun guns, I looked at some Taser promotional material. At the time, Taser guaranteed that the use of their product would render the victim unconscious from anywhere between 1 minute to 45 minutes.
Guaranteed.
From all the Taser videos I have never seen, I have never seen anyone rendered unconscious by one, but the victims certainly go down quick and stay down for a while.
Tase - "get up" - Tase - "get up"....
Are those cops as stupid as Bart Simpson or are they just agressive arseholes? I hope they get sent to prison and feel a little police brutality in the opposite direction. With any luck they will be killed in prison, since they are essentially terrorists the World can do without.
The moral of the story: be extra careful when you're hungry:)
I once decided to boil an egg in the microwave and got the fright of my life. I placed the egg in a small bowl of water and then that in the microwave on high...
The explosion sounded just like a hollywood action movie explosion. Bang-BOOOOOMMMMM!!! The explosion was so powerful, that it blew the door right open, breaking the thick strong plastic latch on the door.
It was not a cheap quality microwave either. It was a large Panasonic.
Yes, that's right Dave, it seems the Mac's reputation for being a safe-haven from viruses is over...
ahh just a second... I'm getting a report...
NO! This just in Dave... it has been CONFIRMED that Symantec, venerable anti-malware company, DOES NOT KNOW the difference between a VIRUS and a TROJAN!
Experts are said to be "BEWILDERED" as to how this can be. Considering that viruses and trojans have been their bread-and-butter for more than a decade now. Some so-called experts are going so far as to claim that Symantec have been clamouring for a real virus to show off as a proof of concept, to corner this new exploding market and that Symantec have settled or "stooped" if you like, for passing off a basic application as an actual virus! But, heh, you'll always have the fringe groups out there Dave!
Hehe. We'll keep you posted as this incredible news unfolds! Back to you Dave...
A technology will have a very hard time being standardized if someone holds the patent. However, in this case and others, nobody realized the patent issue when it was being pushed as a standard. Many years later, when everyone is using it, the patent holder comes out and claims the ownership and starts to collect payments. It's too late to correct the mistake. If the patent holder had been saying so from the beginning, it would not have had a chance to grow such a market value.
I think there should be some laws to restrict such a practice.
That is not what happened in this case. The patent holder was "holding back" in this case because they had no option. It was an Australian patent against a US corporation. Now that the FTA is in force, this has opened the opportunity not only for the Australian patent holder to enforce their patent in the US, but also for the US corporation to challenge the Australian patent in court. Guess what? The greedy US corportation challenged the CSIRO, an honorable scientific research entity, in court to have their patent invalidated. So naturally, as is required to retain a patent, the CSIRO had to defend their patent to keep it.
The CSIRO are good people. They do lots of good things for the good of not just Australia, but the World.
This court case was brought against them, the CSIRO, in an attempt to invalidate their rightful patent. If you do not defend your patent, you lose it.
So here we have a case where a money motivated corporation is trying to stomp on a scientific research entity (which only strives to further the state of the art), so that the corportation can make more money. Thankfully the scientific research entity came out on top.
There is patent abuse in this story, but it most certainly is NOT from the CSIRO. Thankfully that abuse failed.
I looked at the Panasonic DMC-LX2 and it looks great. The chromatic aberration is actually quite acceptable. Although it seems to wash out some of the finest detail in JPEGS, in RAW mode it seems okay and I don't mind passing the important images through Photoshop. She is not likely to have something printed larger than a magazine format anyway.
Are you a Jedi or something? That's uncanny. ; ) I've been with her for about 8 years and I've come to know that no matter what I get her, she's not going to be completely happy with it. Even when she buys something, she'll say just before we get home, "ohhh, I don't know, I think I should have got the other one" and then we have to go back to the store....
She is an artist and sometimes needs to take photos of her work to send off to magazines for publication in print or on the web. The web is obviously no problem, however I find it quite striking how the flaws in an image really come out in magazines. The pixelation and jpeg artfacts jump out. So I originally sold her on a Canon 350D. But now she's saying that she can only spend a third to half of what the 350D costs. Arhh. I also realise that she will not be happy with the size for many situations, but then not be happy with the quality of the small cameras, now that she knows what chromatic aberration is.
If I could afford it at the moment, I'd just add the $1,000 to her money and get her the newer Canon 400D. As you say, I probably should just get her the best little camera I can find. I'd then get a decent DSLR down the track for myself, which I'll use for her art needs.
If I were really loaded I'd just buy her the M8 with the 50mm f1.0 Noctilux and be done with it. No actually, I'd buy myself that and not let her anywhere near it. She'll just put it in her handbag and it will come out filthy and scratched and then my heart will tear into little pieces.
PS, yes, for the magazines I have taken slides with my Nikon to send off to the magazines. But this is my girlfriend we're talking about here. Usually she'll come to me in a frantic desperation, stating that she needs slides sent to a magazine publisher 1,000km's away, before the end of tomorrow and it is already late in the afternoon. ; )
I have been an avid photographer for almost 20 years and my lovely 29 year old Nikon F2AS with prime lenses is my current choice for photography. This will change when a 20MP+ DSLR comes out which I can afford. Putting my F2AS on the shelf saddens me, since I love it. The build quality is really amazing and the lenses are fantastic. I really appreciate the low flaring and chromatic aberration and high contrast and sharpness of decent lenses.
To the point however, my girlfriend wants to replace her old film compact camera with a digital compact, so she asked me (more than a year ago now) to research a good digital compact for her. I have been looking at a lot of review sites and at the sample pictures and I just can't bring myself to recommend one. The chromatic aberration in almost every single digital compact I have looked at, is terrible!
The only compact digital cameras which produce good to fantastic images (in the respect of low chromatic aberration, low flare, high sharpness and high contrast), are some of those from Leica. But the Leica's are really expensive. Like the Leica M8.
I am judging cheap compact cameras here and not pro gear. But I can't beleive that in this day and age of computer modelling of lenses and the large size of some of the lenses on some compact digitals, that they can't produce a decent lens on an affordable camera.
For the price of a Leica M8 plus lens, you'd be not far off the price of a brand new small car.
Stepping up to an affordable DSLR on the other hand, shows a dramatic improvement in lens quality and thus final results. The difference is amazing.
Re:Old T-shirt is much better, Puffy is not for me
on
OpenBSD 4.0 Released
·
· Score: 1
If the old T-shirt with the Daemons Head was available I would buy one now.
I can't run any of the stuff I need to run under OpenBSD, so why the heck should I even care about it?
Why the heck should anyone here care about you or your needs? Mentally balanced people who don't find something meets their needs, THINK TO THEMSELVES, "this does not meet my needs" and then move on to find something which does. Meanwhile, the mentally ill rant in the streets about religion, as if people who already adhere to that-particular-brand-of-crazy need to be re-convinced or otherwise as if people who don't, actually should care. And then there are those who come into an Internet forum to tell the whole World that they don't like Pepsi.
Nobody bloody cares. Plenty of people on the other hand, care very much for OpenBSD.
It's a specialized OS for an extremely small minority of users. What a waste of resources...
Fanatastic perimeter security is not a "waste of resources". An OS with an excellent track record in security is not a "waste of resources". Web, mail, etc servers having gone through a decent security audit and running on that secure platform, is not a "waste of resources".
I use OpenBSD for many firewalls, internal and external servers and even for my own desktops. I love it, it does meet my needs, I donate and I am very grateful for the resources people put into it. It is worth people's consideration and if they find it does not meet their needs, they can just move on. Such is life.
They are not your resources, so why should you care? Do you use Linux? OpenSSH? There's a good chance that the OpenBSD people have contributed in a big way to something you use and you might not even know it.
True, I suppose I should have said "use cdrom40.fs," but I call it a floppy image since the installation notes refer to it as: "The i386 boot and installation 2.88MB floppy image"
Oh sorry, I thought you were refering to the floppy images which are named floppy?.fs.
I just noticed that you linked to instructions (unlike all the others I've seen), which use the cdrom??.fs.
BTW, if you are going to burn your own bootable i386 OpenBSD CD, you are better off using the cdrom40.fs as a 2.88MB bootable floppy image.
True, I suppose I should have said "use cdrom40.fs," but I call it a floppy image since the installation notes refer to it as: "The i386 boot and installation 2.88MB floppy image"
If you don't like 'wasting' a CD for only 5MB, you can make your own install CD, it isn't that hard. There are a lot of instructions out there, and I've even done it from Windows using Nero (just use the floppy image to make a bootable CD, then add in the rest of the files from the ftp site on the disk, burn, and boot!)
He wants to install on a VAX though. So he is much more limited with his options than i386.
BTW, if you are going to burn your own bootable i386 OpenBSD CD, you are better off using the cdrom40.fs as a 2.88MB bootable floppy image. The 1.44MB floppy images are whittled down, supporting (and lacking support) for different bits of hardware for machines which don't have a bootable CDROM drive or 2.88MB floppy drive. The 2.88MB cdrom40.fs on the other hand, supports more hardware in the one boot image.
For people wanting to make bootable sparc64 CDR(W)'s:
1. Make an ISO of the install files, with the appropriate structure (4.0/sparc64). 2. Use 4.0/sparc64/miniroot40.fs as the boot file with NetBSD's mksunbootcd, to modify the ISO you just made. 3. Burn the modified ISO and "boot cdrom" and install OpenBSD/sparc64 to your hearts content.
I used to get a shave with my haircut (2 bits!) in Japan; they always used a straight razor.
The straight razor, like most cheap ones when I shave myself, invariably left my face bleeding and tender. Not nicks, just raw. Even shaving with an electric razor was similar!
How strange that a straight razor in a barber, in Japan of all places, would be blunt. I figured the Japanese being known for perfection and super sharp blades, would take pride in having thier razors super sharp.
I always wanted to give up the disposables and my crappy electric (Panasonic Linear) and instead invest in a straight razor. I finally bought one and then it took me a while to muster up the courage to actually use it. The lady in the shop warned me that I should practice on a balloon with shaving cream on it. She also told me a horror story about a guy who bought one off her and then came back wanting to return it because it has cut his face badly. She also quietly warned me to NOT buy one.
My girlfriend begged me to not get one also.
After a few weeks and some internet razor groups searching, I decided to get one. One of these. Once I actually got the balls to use it on my face, I was really amazed at the results. It is by far the closest shave I have ever had (after plenty of practice) and it almost never cuts me. All disposable razors cut me. In fact, even my Panasonic electric cuts enough to see tiny little blood spots. But rarely the straight razor.
Just like I had heard in the message boards. Closest shave ever and almost never cuts my skin.
You see that is the problem. I don't think that OpenBSD is moving to the model I described. To do that would mean changing the entire driver system and I doubt they will do that anytime soon. It would mean almost making it a microkernel system. The benefits if done correctly could be huge.
Yes they could. But these huge benefits sound like they also require huge changes. I'd love to see them, but I understand that with the small resources of the OpenBSD project, it could take some time.
I don't think that closed source drivers are going to go away and I really don't think that binary drivers are a bad idea.
An exploitable bug was found in 2004 (but was not known to be exploitable then) and then not fixed until 2006. I realise that it is possible that there has been an exploitable bug in OpenBSD for years and not discovered or fixed yet. But the deal with this nVidia issue, is the time between discovery of the bug and the fix, which highlights how OSS people who accept binary blobs are at the mercy of closed source vendors. That does not fit into the ideals of OSS. I would really rather see enough documentation released to allow an OSS driver to be written by the OSS communities. What are you going to do with your nVidia card once nVidia considers it to be too old and unsupported? Continue to live with a broken, vulnerable driver while it gets further and further away from being relevant, as the OS you use changes around it? Or will you break out the disassembler on a big binary file and hone your assembly language skills?
And besides the latest beta drivers fixed this, so I am not vulnerable at all anyway.
If by "this" you mean this one vulnerability, then you may be right. But if by "this" you mean the risks of binary blobs, then no, you are still at risk with a driver that has a history of a bug discovered in 2004, being fixed in 2006.
I wouldn't call that "fixed" when the root cause remains.
Customers and true advocates of the virtues of open source should demand better.
This issue, regardless of how severe it is, highlights the problem with binary blobs though.
"There have been multiple public reports of this Nvidia bug on the NVNews forum and elsewhere, dating back to 2004," Rapid7 said in its advisory.
If that is true, then it shows that even though the community became aware of the problem (bug at that stage, yet to be found to be exploitable) long ago, they could not fix it. If this driver were open source and somebody noticed a bug in 2004, it would have been fixed in 2004. Yes an exploit would have been written faster, but a fix would have been written faster too. The end result would have been accelerated improvements in stability and security, since bugs were not just given a number and placed on some small groups todo list, with a priority of 1 because it is not considered a vulnerability at that stage.
I don't care how good your code is the best way to secure a system is to run a little privileged code as possible.
Yes, I agree. OpenBSD are trying to run little priv code and I'm sure they'll continue to improve. I wouldn't claim that OpenBSD is perfect, but I can't wait to see OpenBSD 5.0.
Yet OpenBSD produced code with exploits that made it to production.
Is there a point to this? I would EXPECT them to. We are just human and as such shouldn't judge things in absolutes, rather things should be seen as falling somewhere within a scale between broken and perfect. With broken sometimes being a reality and perfect being something to at least work towards. With that in mind, the OpenBSD project has done a wonderful job, especially when you considering it comparatively.
You speak as if some other project has produced a networkable system of the complexity of OpenBSD, but without delivering exploitable production code.
Slashdot Mirror
The most secure product EVER is the product that nobody uses. OK, follow the so called "expert's" advice. If everybody follows them, MS will be the most secure in the world.
You could use the systems which get more secure with more users who are empowered (open source benefit), or you could use the system which stagnates as far as security goes, regardless of the size of the user base, because the problems can be hidden from customers.
Your choice.
PS, OpenBSD has a small user base, yet appears to be leading similar systems in terms of security. So I think security has more to do with attitude and aptitude than the number of users of a system.
This is actually the real bottleneck in modern machines and not processor power as many people think.
I didn't realise that there was one real bottleneck. Here I was, all this time, thinking that various parts in a computer system could become a bottleneck, depending on the application.
If you are so worried about reliability, for $500 you can RAID-mirror two 200GB drives in a notebook and have 6x more storage than this flash drive.
That really isn't possible with a notebook computer now is it?
There are a number of laptops around which can take more than one HDD internally.
"I see it being introduced just as any other technology - early adopters will get half-baked, Rev. A quality devices and pay a large premium for them."
Why would these devices be half-baked, Rev. A quality? They're flash storage with an ATA interface. Compact Flash is flash storage with an ATA interface and CF works great as an IDE HDD drop-in replacement, with passive (no extra logic required) adaptors.
Just different packaging with maybe some better DMA capabilities over that which some Sandisk CF units already have.
Flash based IDE and SCSI interfaced solid state drives (non Sandisk) have been out for a long time.
"Hmm... I guess thermocouples are a figment of my imagination? After all, nobody has ever built a device powered by them."
Cool! Can I buy one of these for my mp3 player? It's an iRiver H340. I currently get about 16 hours playing time with the Li battery. How long could I get out of an RTG? 16 years? Will I live long enough to enjoy it?
If you can't see this whole bad situation for what it is, then oh well I don't think I'll anything else I can say will change your mind.
I could hear many other students asking the police to stop and for their ID's/badge numbers. If other students became that concerned, then that alone provides enough proof to me that the police were in the wrong and using an unreasonable amount of force.
Why should anyone here be convinced otherwise by you? That student is the victim, so I would not judge him for whatever choice he takes as a recourse.
Their insistence that he get on his feet or they would tase him again is all the proof we need that they were not the brightest bulbs in the pack. The function of a Taser shock is to disable by disrupting nerve and muscle function.
Yes. Many years ago when I first heard about the abilities of a Taser which go beyond ordinary stun guns, I looked at some Taser promotional material. At the time, Taser guaranteed that the use of their product would render the victim unconscious from anywhere between 1 minute to 45 minutes.
Guaranteed.
From all the Taser videos I have never seen, I have never seen anyone rendered unconscious by one, but the victims certainly go down quick and stay down for a while.
Tase - "get up" - Tase - "get up"....
Are those cops as stupid as Bart Simpson or are they just agressive arseholes? I hope they get sent to prison and feel a little police brutality in the opposite direction. With any luck they will be killed in prison, since they are essentially terrorists the World can do without.
The moral of the story: be extra careful when you're hungry :)
I once decided to boil an egg in the microwave and got the fright of my life. I placed the egg in a small bowl of water and then that in the microwave on high...
The explosion sounded just like a hollywood action movie explosion. Bang-BOOOOOMMMMM!!! The explosion was so powerful, that it blew the door right open, breaking the thick strong plastic latch on the door.
It was not a cheap quality microwave either. It was a large Panasonic.
Yes, that's right Dave, it seems the Mac's reputation for being a safe-haven from viruses is over...
ahh just a second... I'm getting a report...
NO! This just in Dave... it has been CONFIRMED that Symantec, venerable anti-malware company, DOES NOT KNOW the difference between a VIRUS and a TROJAN!
Experts are said to be "BEWILDERED" as to how this can be. Considering that viruses and trojans have been their bread-and-butter for more than a decade now. Some so-called experts are going so far as to claim that Symantec have been clamouring for a real virus to show off as a proof of concept, to corner this new exploding market and that Symantec have settled or "stooped" if you like, for passing off a basic application as an actual virus! But, heh, you'll always have the fringe groups out there Dave!
Hehe. We'll keep you posted as this incredible news unfolds! Back to you Dave...
A technology will have a very hard time being standardized if someone holds the patent. However, in this case and others, nobody realized the patent issue when it was being pushed as a standard. Many years later, when everyone is using it, the patent holder comes out and claims the ownership and starts to collect payments. It's too late to correct the mistake. If the patent holder had been saying so from the beginning, it would not have had a chance to grow such a market value.
I think there should be some laws to restrict such a practice.
That is not what happened in this case. The patent holder was "holding back" in this case because they had no option. It was an Australian patent against a US corporation. Now that the FTA is in force, this has opened the opportunity not only for the Australian patent holder to enforce their patent in the US, but also for the US corporation to challenge the Australian patent in court. Guess what? The greedy US corportation challenged the CSIRO, an honorable scientific research entity, in court to have their patent invalidated. So naturally, as is required to retain a patent, the CSIRO had to defend their patent to keep it.
The CSIRO are good people. They do lots of good things for the good of not just Australia, but the World.
This court case was brought against them, the CSIRO, in an attempt to invalidate their rightful patent. If you do not defend your patent, you lose it.
So here we have a case where a money motivated corporation is trying to stomp on a scientific research entity (which only strives to further the state of the art), so that the corportation can make more money. Thankfully the scientific research entity came out on top.
There is patent abuse in this story, but it most certainly is NOT from the CSIRO. Thankfully that abuse failed.
Thanks Damsa,
I looked at the Panasonic DMC-LX2 and it looks great. The chromatic aberration is actually quite acceptable. Although it seems to wash out some of the finest detail in JPEGS, in RAW mode it seems okay and I don't mind passing the important images through Photoshop. She is not likely to have something printed larger than a magazine format anyway.
So we have ordered one for her.
I'm glad you pointed me to it. Thanks again.
Are you a Jedi or something? That's uncanny. ; ) I've been with her for about 8 years and I've come to know that no matter what I get her, she's not going to be completely happy with it. Even when she buys something, she'll say just before we get home, "ohhh, I don't know, I think I should have got the other one" and then we have to go back to the store....
She is an artist and sometimes needs to take photos of her work to send off to magazines for publication in print or on the web. The web is obviously no problem, however I find it quite striking how the flaws in an image really come out in magazines. The pixelation and jpeg artfacts jump out. So I originally sold her on a Canon 350D. But now she's saying that she can only spend a third to half of what the 350D costs. Arhh. I also realise that she will not be happy with the size for many situations, but then not be happy with the quality of the small cameras, now that she knows what chromatic aberration is.
If I could afford it at the moment, I'd just add the $1,000 to her money and get her the newer Canon 400D. As you say, I probably should just get her the best little camera I can find. I'd then get a decent DSLR down the track for myself, which I'll use for her art needs.
If I were really loaded I'd just buy her the M8 with the 50mm f1.0 Noctilux and be done with it. No actually, I'd buy myself that and not let her anywhere near it. She'll just put it in her handbag and it will come out filthy and scratched and then my heart will tear into little pieces.
PS, yes, for the magazines I have taken slides with my Nikon to send off to the magazines. But this is my girlfriend we're talking about here. Usually she'll come to me in a frantic desperation, stating that she needs slides sent to a magazine publisher 1,000km's away, before the end of tomorrow and it is already late in the afternoon. ; )
I'll believe this when I see it.
Meet Cocoa and Java, a nice young couple celebrating the impending release of the Java source code under the GPL, in style.
I have been an avid photographer for almost 20 years and my lovely 29 year old Nikon F2AS with prime lenses is my current choice for photography. This will change when a 20MP+ DSLR comes out which I can afford. Putting my F2AS on the shelf saddens me, since I love it. The build quality is really amazing and the lenses are fantastic. I really appreciate the low flaring and chromatic aberration and high contrast and sharpness of decent lenses.
To the point however, my girlfriend wants to replace her old film compact camera with a digital compact, so she asked me (more than a year ago now) to research a good digital compact for her. I have been looking at a lot of review sites and at the sample pictures and I just can't bring myself to recommend one. The chromatic aberration in almost every single digital compact I have looked at, is terrible!
The only compact digital cameras which produce good to fantastic images (in the respect of low chromatic aberration, low flare, high sharpness and high contrast), are some of those from Leica. But the Leica's are really expensive. Like the Leica M8.
I am judging cheap compact cameras here and not pro gear. But I can't beleive that in this day and age of computer modelling of lenses and the large size of some of the lenses on some compact digitals, that they can't produce a decent lens on an affordable camera.
For the price of a Leica M8 plus lens, you'd be not far off the price of a brand new small car.
Stepping up to an affordable DSLR on the other hand, shows a dramatic improvement in lens quality and thus final results. The difference is amazing.
If the old T-shirt with the Daemons Head was available I would buy one now.
Do you mean this one?
This shirt was unavailable for a short while, but it's been available again for some time now.
I can't run any of the stuff I need to run under OpenBSD, so why the heck should I even care about it?
Why the heck should anyone here care about you or your needs? Mentally balanced people who don't find something meets their needs, THINK TO THEMSELVES, "this does not meet my needs" and then move on to find something which does. Meanwhile, the mentally ill rant in the streets about religion, as if people who already adhere to that-particular-brand-of-crazy need to be re-convinced or otherwise as if people who don't, actually should care. And then there are those who come into an Internet forum to tell the whole World that they don't like Pepsi.
Nobody bloody cares. Plenty of people on the other hand, care very much for OpenBSD.
It's a specialized OS for an extremely small minority of users. What a waste of resources...
Fanatastic perimeter security is not a "waste of resources". An OS with an excellent track record in security is not a "waste of resources". Web, mail, etc servers having gone through a decent security audit and running on that secure platform, is not a "waste of resources".
I use OpenBSD for many firewalls, internal and external servers and even for my own desktops. I love it, it does meet my needs, I donate and I am very grateful for the resources people put into it. It is worth people's consideration and if they find it does not meet their needs, they can just move on. Such is life.
They are not your resources, so why should you care? Do you use Linux? OpenSSH? There's a good chance that the OpenBSD people have contributed in a big way to something you use and you might not even know it.
True, I suppose I should have said "use cdrom40.fs," but I call it a floppy image since the installation notes refer to it as: "The i386 boot and installation 2.88MB floppy image"
Oh sorry, I thought you were refering to the floppy images which are named floppy?.fs.
I just noticed that you linked to instructions (unlike all the others I've seen), which use the cdrom??.fs.
BTW, if you are going to burn your own bootable i386 OpenBSD CD, you are better off using the cdrom40.fs as a 2.88MB bootable floppy image.
True, I suppose I should have said "use cdrom40.fs," but I call it a floppy image since the installation notes refer to it as: "The i386 boot and installation 2.88MB floppy image"
I call it a floppy image too. (???)
If you don't like 'wasting' a CD for only 5MB, you can make your own install CD, it isn't that hard. There are a lot of instructions out there, and I've even done it from Windows using Nero (just use the floppy image to make a bootable CD, then add in the rest of the files from the ftp site on the disk, burn, and boot!)
He wants to install on a VAX though. So he is much more limited with his options than i386.
BTW, if you are going to burn your own bootable i386 OpenBSD CD, you are better off using the cdrom40.fs as a 2.88MB bootable floppy image. The 1.44MB floppy images are whittled down, supporting (and lacking support) for different bits of hardware for machines which don't have a bootable CDROM drive or 2.88MB floppy drive. The 2.88MB cdrom40.fs on the other hand, supports more hardware in the one boot image.
For people wanting to make bootable sparc64 CDR(W)'s:
1. Make an ISO of the install files, with the appropriate structure (4.0/sparc64).
2. Use 4.0/sparc64/miniroot40.fs as the boot file with NetBSD's mksunbootcd, to modify the ISO you just made.
3. Burn the modified ISO and "boot cdrom" and install OpenBSD/sparc64 to your hearts content.
I used to get a shave with my haircut (2 bits!) in Japan; they always used a straight razor.
The straight razor, like most cheap ones when I shave myself, invariably left my face bleeding and tender. Not nicks, just raw. Even shaving with an electric razor was similar!
How strange that a straight razor in a barber, in Japan of all places, would be blunt. I figured the Japanese being known for perfection and super sharp blades, would take pride in having thier razors super sharp.
I always wanted to give up the disposables and my crappy electric (Panasonic Linear) and instead invest in a straight razor. I finally bought one and then it took me a while to muster up the courage to actually use it. The lady in the shop warned me that I should practice on a balloon with shaving cream on it. She also told me a horror story about a guy who bought one off her and then came back wanting to return it because it has cut his face badly. She also quietly warned me to NOT buy one.
My girlfriend begged me to not get one also.
After a few weeks and some internet razor groups searching, I decided to get one. One of these. Once I actually got the balls to use it on my face, I was really amazed at the results. It is by far the closest shave I have ever had (after plenty of practice) and it almost never cuts me. All disposable razors cut me. In fact, even my Panasonic electric cuts enough to see tiny little blood spots. But rarely the straight razor.
Just like I had heard in the message boards. Closest shave ever and almost never cuts my skin.
The tricky bit is keeping it super sharp.
You see that is the problem. I don't think that OpenBSD is moving to the model I described. To do that would mean changing the entire driver system and I doubt they will do that anytime soon. It would mean almost making it a microkernel system.
The benefits if done correctly could be huge.
Yes they could. But these huge benefits sound like they also require huge changes. I'd love to see them, but I understand that with the small resources of the OpenBSD project, it could take some time.
I don't think that closed source drivers are going to go away and I really don't think that binary drivers are a bad idea.
An exploitable bug was found in 2004 (but was not known to be exploitable then) and then not fixed until 2006. I realise that it is possible that there has been an exploitable bug in OpenBSD for years and not discovered or fixed yet. But the deal with this nVidia issue, is the time between discovery of the bug and the fix, which highlights how OSS people who accept binary blobs are at the mercy of closed source vendors. That does not fit into the ideals of OSS. I would really rather see enough documentation released to allow an OSS driver to be written by the OSS communities. What are you going to do with your nVidia card once nVidia considers it to be too old and unsupported? Continue to live with a broken, vulnerable driver while it gets further and further away from being relevant, as the OS you use changes around it? Or will you break out the disassembler on a big binary file and hone your assembly language skills?
I try to avoid the closed hardware vendors.
And besides the latest beta drivers fixed this, so I am not vulnerable at all anyway.
If by "this" you mean this one vulnerability, then you may be right. But if by "this" you mean the risks of binary blobs, then no, you are still at risk with a driver that has a history of a bug discovered in 2004, being fixed in 2006.
I wouldn't call that "fixed" when the root cause remains.
Customers and true advocates of the virtues of open source should demand better.
This issue, regardless of how severe it is, highlights the problem with binary blobs though.
"There have been multiple public reports of this Nvidia bug on the NVNews forum and elsewhere, dating back to 2004," Rapid7 said in its advisory.
If that is true, then it shows that even though the community became aware of the problem (bug at that stage, yet to be found to be exploitable) long ago, they could not fix it. If this driver were open source and somebody noticed a bug in 2004, it would have been fixed in 2004. Yes an exploit would have been written faster, but a fix would have been written faster too. The end result would have been accelerated improvements in stability and security, since bugs were not just given a number and placed on some small groups todo list, with a priority of 1 because it is not considered a vulnerability at that stage.
I don't care how good your code is the best way to secure a system is to run a little privileged code as possible.
Yes, I agree. OpenBSD are trying to run little priv code and I'm sure they'll continue to improve. I wouldn't claim that OpenBSD is perfect, but I can't wait to see OpenBSD 5.0.
Yet OpenBSD produced code with exploits that made it to production.
Is there a point to this? I would EXPECT them to. We are just human and as such shouldn't judge things in absolutes, rather things should be seen as falling somewhere within a scale between broken and perfect. With broken sometimes being a reality and perfect being something to at least work towards. With that in mind, the OpenBSD project has done a wonderful job, especially when you considering it comparatively.
You speak as if some other project has produced a networkable system of the complexity of OpenBSD, but without delivering exploitable production code.