This approach is unfortunately rather pointless, as I believe has been established.
Yes, because you keep side stepping my points. On the security front, OpenBSD provides a lot more than just the default configuration presented at install and the inclusion of OpenSSH.
I've got better things to do than pander to a loonie.
Hey, I'm not the one who made some bullshit claims, then tried to defend them time and time again by altering my arguments. If you cannot defend your own comments with reason, then I guess everyone is going to seem like a loonie to you.
Cool, I have my own weirdo/. stalker. \o/
I won't be stalking you, you're not worth wasting that much time on. I'm just making sure that if you are going to talk shit about a successful project, I'd like to increase my chances of seeing that and expecting you to back it up. I don't like my chances of that though, since you're pig headed, sidestep reason and claim someone who does try to reason with you to be a loonie. I guess I would have to be a loonie to try to reason with the likes of you, now that I know what you're made of.
If you strongly disagree with this, as you seem to, please retort with substance.
You've marked me as a Foe, but since you've been so much fun, I'm going to mark you as a Friend. To make sure I don't miss a minute of your fascinating opinion.
Maybe I'll reply from time to time. And maybe you won't even notice.
BTW, is your constant incorrect spelling of "Theo de Raadt" based on ignorance or do you have an agenda?
You would think that one of these companies would have just donated the hardware. But nope.
Yes, I was pretty shocked at that.
With the incredible resources at these companies disposal, I would have thought that a donation costs so little to them, that the good press would be more than worth it.
Contrary to what you protest, I think you are engaging in significant contortion to attempt to support your arguments.
I do not need to engage in any contortion and have not done so. I have already shown that I cut your sentence down to no less that the minimum to reply and that I could apply my response to your full sentence as it stands in the logic of English grammar. If you strongly disagree with this, as you seem to, using words like "significant contortion", please retort with substance.
OpenBSD provides a multitude of different security mechanisms (active) and efforts (passive). Some of these include many different memory protection mechanisms, some of which work transparently to the executable and some of which are merely gained through compiling with OpenBSD's modified gcc.
Personally, I am not impressed by the touting of privilege separation nor chroot jails, nor protected memory as these are not new ideas developed by the OpenBSD team. Privilege separation is not a new concept (though the common use of the phrase is more recent), it's simply good software design for applications handling sensitive data,
You are side stepping my point. I've been participating in on-line forums for 15 years. If you think you will get far with me, by avoiding answering my challenges through switching to different but related arguments, then think again.
Whether you are impressed with OpenBSD's more elaborate security mechanisms is not what is under question here. Nor is the point that OpenBSD may or may not have developed these ideas. What matters, is that there are many security components to OpenBSD which are far more effective and more useful than the contribution of OpenSSH and the default of most services being off.
You assert, "the security hype being primarily based on (a) the contribution of OpenSSH - which Theo said he didn't want to make for any OS other than OpenBSD! - and (b) simply having all the services turned off on a default installation". This is simply ludicrous. Let me pull this appart...
the security hype being primarily based on
The "security hype" pointed out at OpenBSD's security specific page, shows the sensible stance on defaults, to be down at bullet SIX. Some points before that include the more substantial security components which I also hold above your ridiculous opinion.
(a) the contribution of OpenSSH
The only mention of OpenSSH on that page is regarding vulnerabilities. I don't know anyone who uses OpenBSD primarily because they contribute OpenSSH.
- which Theo said he didn't want to make for any OS other than OpenBSD!
What does a claimed political intention of Theo, towards projects outside of OpenBSD, have to do with the strengths of OpenBSD's security? Who cares if this were true? OpenBSD security is the subject here.
- and (b) simply having all the services turned off on a default installation
This is such a small, yet fundamental feature. It's trivial to provide and comes down to mindset. This is not quality of code or ingenuity of mechanism. This is policy at a most basic level. I agree that this gets hyped about a lot, outside of the OpenBSD project, but usually along with the other more substantial security features. If someone holds this up within the top two reasons to use OpenBSD, then I don't want to hear any more of their bankrupt excuses for rationale.
In fact, the most "secure by default" hype I hear, is when trolls are speaking badly of OpenBSD. They sum OpenBSD security up with, "of course it's secure, everything is switched off". What they fail to understand, is that the "secure by default" is merely an indication of overall project mindset and this phrase embodies that. People who sum OpenBSD security up to mostly that, are either ignorant or have an agenda.
I see you deliberly cut my sentence off at a convenient point.
I was doing nothing of the sort.
I assume you are refering to the dropping of, "(including processes executed as root)"? My reply stands if so.
nor does it allow the restriction of access to raw devices, memory or sockets for any user (including processes executed as root)
"Any user" is the wide term which root falls within. Your inclusion of root is additive but not necessary.
So, any user being any user, I once again say, that when I try to read the raw disk device as a normal user, I am denied on grounds of insufficient privilege. So again I ask you to be more specific and provide something to back those claims up. I'm ready to be enlightened on this, because I am very intrigued by that statement.
If the pertinent part I apparently cut off was, "Specifically (and unlike Linux) OpenBSD doesn't support MAC (Mandatory Access Control) restriction on files", then I must say that I was not replying to that and your "nor" excludes it, as a point, from the points in the rest of the sentence.
If what you meant to say was, "nor does it allow the restriction of access to raw devices, memory or sockets all the way down to the root user", then you should have. If that is your point, then I must say that few services run as root in OpenBSD these days. MAC and ACL would be nice though, in my opinion, however priv sep and revocation try to deal with the same problem in a different way.
I didn't say they were 'just hype', you seem to be trying quite hard to twist my words.
I am not trying to twist your words. If I found the need to twist, then I would not argue to begin with. I make a living out of seeking the truth and ego is nothing but a burden in my line of work. I get a lot of work because absolute honesty is hard to come by in my field where people are either scaremongers or too afraid to say things how they are. For them it just comes down to money.
(the security hype being primarily based on (a) the contribution of OpenSSH - which Theo said he didn't want to make for any OS other than OpenBSD! - and (b) simply having all the services turned off on a default installation).
You claim here that the hype surrounding OpenBSD's security, is primarily based on their contribution of OpenSSH and having services switched off. This is not true. There is so much more to the security OpenBSD provides, regardless of whether you think the remaining technologies are worthy or not, there is much hype around them. In fact what I most often hear touted in OpenBSD's favour is the on-going code audits. Why anyone would be excited to the point of hype, over services off-by-default, is beyond me. They ought to be using NetBSD.
if you actually intended to run services (such as Web, Mail or FTP) on that system or allow local user accounts then OpenBSD is not what I would consider a particularly secure platform and there are certainly far superior alternatives
Do you give no merit to a priv seperated and revoked service which is also protected by a multitude of active memory protection mechanisms, etc, which confine those services to themselves and their own associated files? Services which get killed if they step out of bounds?
I'd love to see MAC and ACL included in OpenBSD some day, but please don't try to claim that the hype of OpenBSD security comes down to OpenSSH and disabled services by-default.
You can hardly call it a dictatorship when people just ignore the leaders decisions if/when he does something they don't agree with.
It's only a dictatorship as far as what gets accepted into the official Linus kernel. Just the same as what gets accepted into the OpenBSD kernel. OpenBSD users are just as free to put the Adaptec driver back in if they want, for example.
Don't take dictatorship too seriously in this regard. Because people are free to leave or modify these OSS dictatorships. OpenBSD and Linux are not completely comparable anyway, since Linux is a kernel and OpenBSD is a whole OS.
I read those emails long ago. I sympathise with him. Maybe I'm a nutter too.
nor does it allow the restriction of access to raw devices, memory or sockets for any user
When I attempt to read from a raw disk device as a non privileged user, I get "access denied". Can you be more specific and provide links or proof that this is the current state of affairs with OpenBSD?
the security hype being primarily based on (a)... OpenSSH... and (b)... all the services turned off on a default installation.
Whether hype or reality, it does not just come down to those two things. They have audited code to remove potential dangers as new exploit techniques have come up, they've done a lot of work employing privilege separation, privilege revocation, memory protection with guard pages, W^X, randomizations, etc, chroot jails, Pro Police, Stack Ghost (on sparc and now sparc64).
I realise that OpenBSD does not have all worthy modern security features, but to say that OpenBSD security is just hype which boils down to OpenSSH and switched off services is just not right. It's not like all these things that you have failed to mention are useless. Since about OpenBSD 3.3, great results have started to appear due to their devotion to security.
OpenSSH - which Theo said he didn't want to make for any OS other than OpenBSD!
Can you back this up with a link? I find it a little hard to believe given his absolute freedom stance. Especially since OpenSSH is everywhere nowdays.
In fact, they have *actively* decided not to even attempt to implement POSIX.1e (according to this book, endorsed by Theo).
They believe they can make OpenBSD to be very secure and reliable while sticking to traditional BSD UNIX as much as possible. They might not actually need 1e in the end.
If (and I honestly think it's going to be 'if' rather than 'when' now), OpenBSD begins work to implement these features, then it might start to be considered useful as a secure platform.
This appears to be carefully worded. I guess what you are saying here is that OpenBSD is a secure platform, but less than useful? Sure, it is not the most useful system out there, but for what it does well, it does very well.
I can't see that the amount of credit he gets from some quarters is warranted. In conclusion, this is why I find the inference that he is 'very wise and well intentioned' at best riotously amusing.;-)
Not wise? The guy knows multiple architectures at a very low level and with other developers managed to get some pretty impressive no-execute type of work happening on CPU's that don't support it natively. A year or two later, Windows XP SP2 comes out with some similar features and Microsofts security guy says in an interview regarding these SP2 features, that he is an OpenBSD fan. Yet, SP2 does not come close to what OpenBSD no-execute does on i386.
Not well intentioned? He has OpenBSD's best interests in mind and his efforts in this regard often benefit broader OSS. He was awarded recently for his work of upholding his ideals of software freedom.
Is he a nutter? I could not care less. As long as he keeps doing what matters to me, I don't care if he slings crap around his house and smears himself in it. I'd frown on any baby mulching machine completion and use though. ; )
Low UID not withstanding, what are you smoking...Theo de Raadt's cock?
No. Theo has a GF, I beleive and I'm not into cock. I appreciate that he can be pretty rough, but the guy gets stuff done where other people fail or give up. Love him or hate him, he is mostly good for OSS and OpenBSD is one fine OS thanks mostly to him.
People who challenge the status quo are often not very popular. But people who bring about change for the better, are often people who challenge the status quo.
Colin Percival, who published a recent paper on the vulnerability, strongly disagreed with Linus' assessment saying, "it is at times like this that Linux really suffers from having a single dictator in charge; when Linus doesn't understand a problem, he won't fix it, even if all the cryptographers in the world are standing against him."
This reminds me of when, mid stable branch, the VM system was changed in Linux.
It also reminds me of when Linus said something to the effect of, "I have not looked at BSD lately or Windows XP, but I don't see anything worthy in them".
Dictatorships are great if the dictator is very wise and well intentioned. I am glad that OpenBSD has a dictator like Theo de Raadt.
FB: Another license war has started and it seems worse than before. Does OpenBSD really want to fork XFree starting from the last 4.4.0-RC2? ME: Yes.
And I'm one of the guys who works on gcc and binutils on a continuing basis.
Anil took it one step further and introduced an extension attribute to gcc: bounded, that can tie two function parameters, so that you can say, "Here is the buffer and the corresponding size, try to check that it fits."
With a few small changes to gcc, and with declaring that read is such a function, gcc is now able to detect erroneous code, such as:
ME: ProPolice is a gcc extension developed by Hiroaki Etoh, from IBM, based on older concepts such as StackGuard. ProPolice makes several advances compared to StackGuard:
Integrating ProPolice in OpenBSD has been hard work. ProPolice has found tons of bugs in various programs that shipped with the system. It's also been the first real-scale test of ProPolice itself. With a lot of hard work from Hiroaki Etoh and Miod Vallat (and Peter Valchev and Christian Weisgerber...). ProPolice itself modifies gcc a wee little bit. But, like most programs of its size, gcc itself is buggy, partly due to its gigantic design that is not quite sane in places. In a typical release of gcc, you don't see the bugs, because the corresponding code paths are never taken. Add ProPolice, and suddenly you're sending gcc through some dark venues that have seen less attention, and all of a sudden you are fixing actual, genuine bugs in gcc.
Not it is not maintained, it is called packaged. That they might have a few patches of their own isn't at all unusual - even if they are leet security fixes.
They have made major changes to Apache and as evidenced here and here, they forked it and are taking care of their own branch. Much as they have done for years before the Apache license change. Bundling some software up into a package might be what some Linux distros do, but not OpenBSD with Apache.
"Bolt Apache on" isn't very descriptive. That could be applied to the OpenBSD process too.
There is no way it can be applied to OpenBSD. They have made major changes over the years to the Apache they provide.
Sorry, no. OpenBSD does not maintain X, they do not maintain Apache. That is an insulting and slighting to the developers who do maintain those packages.
I was not saying OpenBSD developers maintain THE xfree and Apache code bases. It should have been obvious from my English that I was referring to the xfree and Apache which they release as part of their base OS. Thier changes do make it back to parent projects though from time to time.
You had better evaluate your specific devices before you say that one spec is faster than another, because there are an AWFUL LOT of lousy firewire cases out there.
Specs and implementations are completely seperate. It is completely valid to state that a given spec "is faster" even if it has never been implemented well. However the fact is, like the other guy, I always find FW400 to be much faster than USB2.
What I meant by the drive was actually the contents of the drive. In true Mac fashion there appear to be some magical things that need to happen in order for a drive to be bootable.
I initially thought there was some blessing that needed to be done (like you say). But even if I don't choose the firewire drive to be the "Startup Disk" and leave it to boot normally from the internal drive, booting with the firewire unit even just plugged in causes the grey screen and no boot to OS X.
It is NOT true, because it is too generic a statement. "Worth using". Worth using for what!? Plan your purchases! My mini IS worth using for what I use it for.
As a mac mini owner I have had to buy extra memory, a putty knife, a new usb keyboard (it wouldn't recognize the one I had for my pc), a usb hub and a firewire enclosure so that I could have the necessary disk space to use imovie.
Why on Earth would you buy a mini to begin with if you had such requirements? If you had to buy extra memory, then you did not plan your purchase. You could only go to 1GB, yet the mini can be purchased from the outset with 1GB. Everyone knows the mini was available with an 80GB max internal HDD. You could read from Apple's site how many USB ports were available too. Once again, why on Earth would you buy a mini to begin with if you had such requirements?
After its all finished I will have spent around $900 on this $500 computer and that is not counting the $100+ I had in coupons and gift certificates.
You did not plan your purchase! Had you planned your purchase, you'd have put that money towards a computer that fits your needs and you wouldn't be here complaining. There is fault here, but it is not Apple's.
Its not nearly the deal that apple makes it out to be and its basically unusable for all but the easiest tasks in the configuration that apple sells it for on their website.
Jesus, no shit sherlock. It is Apple's lowest end current offering and you are complaining that it is not appropriate for much more than low end tasks.
If I had it to do again I would probably go with one of the imacs that just became obsolete.
Next time, plan ahead. You could cut your losses to some extent buy selling it while it's still hot and buying something suitable for your needs.
If it sees the Firewire drive at all, like when you hold down the Option key when booting, you should have no problem booting from the external drive.
If I plug the firewire drive in, then start or restart the mini, I get a grey screen without the lighter grey Apple logo ever appearing.
I use the drive no problem within OS X, if I plug it in or switch it on after the Apple logo appears.
After booting from the Panther install DVD, I plug the firewire drive in and install to it (from memory) with no problem. However when restarting, I get the blank grey screen and nothing more.
I've tried getting to OFW, holding down appropriate keys etc, but it seems the machine locks before these can be used.
I haven't heard of a non-bootable Firewire chipset.
Take note: Prolific PL3507. Now you have. This guy has the same unit as mine and describes the same problem I have. Googling for "PL3507 mac boot" was less than pleasant, then there was some hope, which was dashed when I opened the unit back up to find I had revision A of this chipset. Which cannot be software flash upgraded, only with a hardware flash writer.
The PL3507 is truely a steaming pile of crap. If it works for you, it will corrupt your drive within weeks.
The problem is most likely the drive.
In desperation, I have tried three different drives (Maxtor 160GB, Seagate 120GB and Western Digital 80GB!) in this enclosure. No joy. Certainly not the drive and the history of the PL3507 confirms this. Right now I am removing the Seagate 120GB from the enclosure because in light of all this terrible info, I will not trust this chipset to anything.
File structure efficiently laid out without extraneous crap. Man pages succinct and complete. Default configuration files with comments specific for OpenBSD. man "any filename" usually brings up a man page for that file.
I disagree. Debian especially is very focussed on quality, and each package having a very good ratio of maintainers.
I agree that Debian is focused on quality. I used it for years (Potato) while also using OpenBSD. Debian is certainly the cleanest of the Linux distros I have used. But I did not find it to be as clean as OpenBSD.
The free BSDs are almost as distro-like as something like Debian, in that they write and maintain a small core set of software, and then package, test, and include 3rd party (free) software with changes to config management and packaging to fit their system, and often a few of their own changes to the code.
I don't agree with this, with regard to OpenBSD. All the software installed with the default install, is permanently maintained by OpenBSD developers. Including such software as Apache. When improvements to Apache are made outside of OpenBSD, the OpenBSD developers review changes and back port them into the OpenBSD Apache if they are deemed worthy (I realise Debian back ports).
Contrast this to Linux distros which bolt Apache on as it is with config changes to suit their distro.
As far as 3rd party software goes, yes they have packages of 3rd party software which remains largely unchanged. However there is a point where they have to stop. They can't maintain and develop everything in-house. But as far as the OS goes, (kernel, libraries, file structure, man pages, installer, boot loader, Apache, OpenSSH, X, ftpd, ntpd, etc etc) they do and they do it all as a whole. A lot of work goes into the packages though and they usually ship with almost ALL of them working without any problems.
With this basic idea, there is no difference between Linux distros and BSDs.
All of the software installed in a default install of OpenBSD, is maintained by OpenBSD developers as a tightly knit group. There is a huge difference between that and Linux where developers of various software work together largely independantly of the other groups and then communicate when it comes time to tie it all together, but not necessarily cooperate. Consider that those various groups also don't always agree and go their own way with some fundamental aspects. I see Linux distros and BSD development as being very different and to me it shows when I use them.
Have you spent much time in various Linux distros and BSD's?
There is still a great deal of 3rd party code used in BSDs needed to even *build* the system, let alone have any functionality.
The point with BSD, is that when external code comes in, it is maintained from that point internally. That code does not keep getting imported each time it changes externally just because that happens. This avoids problems being crept in. It only gets imported if deemed worthy. New code does not very often get imported anyway and when it does, external changes are usually re-implemented rather than being imported as is. This is what I am refering to when I say, "take ownership".
What's more, most Debian people who package eg. the kernel are actually kernel developers as well who work on the upstream kernel. So it's not like a huge difference there.
I would not doubt this. However, in OpenBSD, the developers don't just maintain the kernel and libraries, they maintain all of the software that gets installed by default. They even maintain and modify gcc and X. As far as the kernel goes, it is specifically developed for OpenBSD as a whole, not a much larger community outside of OpenBSD. They can focus on their system as a whole when developing their kernel as a result of this. Not take into consideration every other user outside of their system. This all makes for an absolutely
re are a couple tests that show the same drive to be faster externally, but it's certainly not consistent, or "usually".
Yes, I just did a recount and will retract "usually". ; ) 4 times out of 9, if my counting is correct, the same drive is faster on the external. 1 time out of that 9 it is equal.
Regardless, I am still surprised that at any time a given drive is faster on the firewire than it is on the internal IDE. I would not have expected this outcome.
BTW, what are the SCSI features of firewire of which you speak? I am aware that USB is similar enough to SCSI to allow wrappers to convert it to SCSI in a simple fashion. But what features of firewire provide SCSI like benefits? Queuing? Elevator sorting?
OpenBSD is not a "distribution" if you are using the term as it would be used with respect to Linux "distributions". Linux distro's package other peoples software and tailor it, whereas BSD developers "take ownership" of all the software that falls under their releases and maintain it all as a whole.
This might sound like a minor difference, however use a bunch of Linux distros and then use OpenBSD and you might, like I and many others have, notice the very clean and integrated system which results. Linux distros always seem rough around the edges by comparison. Even the likes of SuSE or Debian.
No offence intended however to the Linux camp. Their work is highly admirable and their acheivements impressive. I just notice this distinction as being due to the fundamental mindset of responsibility extending to all parts of BSD systems versus the responsibility of tailoring the packaging of distinct components.
OpenBSD, stands out to me by far, as the cleanest system. I don't feel I can use the word "integrated" with OpenBSD because the whole is so complete that it feels as if there was nothing to integrate to begin with. As if the system were created completely from the ground up with a lot of foresight to do things correctly.
I will always think of my island home (Australia) as being an island though.
In addition to this, I consider the change from Australia being an island, to being a continent to be wrong. The powers that be were wrong to do that and the World was wrong to accept it.
An island implies isolation. Australia is the largest country to be completely isolated by water and thus it is an island.
PS, with George W Bush at the helm of the USA, I feel a large part of North America is quickly becoming incontinent. ie, it is randomly and uncontrollably shitting and pissing on the rest of the World.
It isn't, it however located on an island. Most commonly the island is called "America", and it is generally divided into two parts: "North America", and "South America".
I was tought at school, that an island, is an expanse of land surrounded by water which contains no more than one country. If it does contain more than one country, then it is a continent and not considered an island.
Australia is the largest island in the World by this definition. However since it is so large, it is considered to be a continent itself and so Greenland gets the title of Worlds largest island. North and South America are continents.
I will always think of my island home (Australia) as being an island though.
Very strange that the same drives are usually faster on the external firewire enclosure, than they are on the internal IDE interface. Could the internal IDE interface be crap? I hope not. This reminds me of my Sun Ultra 5's and 10's which have really crappy IDE interfaces.
Using these drives with external firewire interfaces, should show a slight performance decrease due to the added latency of extra hardware (and firewire to begin with):
Well, clearly price, performance and functionality all take a back seat. All that's left is the size and looks of the thing.
The mini comes with a CD burner at a minimum, BTW. What is your problem with the mini's functionality?
For some people, the price of the mini is fine for the performance it allows with OS X. And that is the point. OS X. I don't fight with OS X the way I have been for the past 17 years with MS products. That's where productivity comes in.
I also have a need for number crunching, which is why I will be upgrading my machine dedicated for this (AMD XP2800+) to a dual Opteron. I ssh to the Opteron from my mini, kick off jobs which take extended periods of time to complete and then come back to my mini to use it for what it is good for. This illustrates my point, that productivity, performance and functionality is highly dependant on the task at hand and the user.
What good is a P4 2.8GHz versus a G4 1.42GHz if the P4 is hobbled by an unfriendly OS that a USER must USE? If the task is highly sporadic with CPU usage, then the P4 may well just waste more idle cycles than the G4, so OS usability becomes much more important in that scenario. XP is leaps and bounds more usable that older Windows OSes, but it still has nothing on OS X.
If your work requires both a GUI and extreme CPU speed, then by all means get an AMD64 or Powermac. But when we're talking low end USER machines, the interface counts for a lot and the mini has the huge benefit of actually running OS X (and running it pretty well too).
Just make sure the firewire enclosure you use will boot fine from a mini. I purchased a Zynet Firewire/USB2 combo enclosure so that I could boot from an external seperate drive for testing (Mac OS X on external, various other OSes on internal), while allowing protection of my OS X stuff by unplugging it. The mini just gives me a grey screen with no Apple logo when I try to boot from the firewire drive.
I've not seen much complaint of this with firewire drives, so I assume this is due to the cheap Zynet.
Slashdot Mirror
This approach is unfortunately rather pointless, as I believe has been established.
/. stalker. \o/
Yes, because you keep side stepping my points. On the security front, OpenBSD provides a lot more than just the default configuration presented at install and the inclusion of OpenSSH.
I've got better things to do than pander to a loonie.
Hey, I'm not the one who made some bullshit claims, then tried to defend them time and time again by altering my arguments. If you cannot defend your own comments with reason, then I guess everyone is going to seem like a loonie to you.
Cool, I have my own weirdo
I won't be stalking you, you're not worth wasting that much time on. I'm just making sure that if you are going to talk shit about a successful project, I'd like to increase my chances of seeing that and expecting you to back it up. I don't like my chances of that though, since you're pig headed, sidestep reason and claim someone who does try to reason with you to be a loonie. I guess I would have to be a loonie to try to reason with the likes of you, now that I know what you're made of.
If you strongly disagree with this, as you seem to, please retort with substance.
You've marked me as a Foe, but since you've been so much fun, I'm going to mark you as a Friend. To make sure I don't miss a minute of your fascinating opinion.
Maybe I'll reply from time to time. And maybe you won't even notice.
BTW, is your constant incorrect spelling of "Theo de Raadt" based on ignorance or do you have an agenda?
You would think that one of these companies would have just donated the hardware. But nope.
Yes, I was pretty shocked at that.
With the incredible resources at these companies disposal, I would have thought that a donation costs so little to them, that the good press would be more than worth it.
Contrary to what you protest, I think you are engaging in significant contortion to attempt to support your arguments.
I do not need to engage in any contortion and have not done so. I have already shown that I cut your sentence down to no less that the minimum to reply and that I could apply my response to your full sentence as it stands in the logic of English grammar. If you strongly disagree with this, as you seem to, using words like "significant contortion", please retort with substance.
OpenBSD provides a multitude of different security mechanisms (active) and efforts (passive). Some of these include many different memory protection mechanisms, some of which work transparently to the executable and some of which are merely gained through compiling with OpenBSD's modified gcc.
Personally, I am not impressed by the touting of privilege separation nor chroot jails, nor protected memory as these are not new ideas developed by the OpenBSD team. Privilege separation is not a new concept (though the common use of the phrase is more recent), it's simply good software design for applications handling sensitive data,
You are side stepping my point. I've been participating in on-line forums for 15 years. If you think you will get far with me, by avoiding answering my challenges through switching to different but related arguments, then think again.
Whether you are impressed with OpenBSD's more elaborate security mechanisms is not what is under question here. Nor is the point that OpenBSD may or may not have developed these ideas. What matters, is that there are many security components to OpenBSD which are far more effective and more useful than the contribution of OpenSSH and the default of most services being off.
You assert, "the security hype being primarily based on (a) the contribution of OpenSSH - which Theo said he didn't want to make for any OS other than OpenBSD! - and (b) simply having all the services turned off on a default installation". This is simply ludicrous. Let me pull this appart...
the security hype being primarily based on
The "security hype" pointed out at OpenBSD's security specific page, shows the sensible stance on defaults, to be down at bullet SIX. Some points before that include the more substantial security components which I also hold above your ridiculous opinion.
(a) the contribution of OpenSSH
The only mention of OpenSSH on that page is regarding vulnerabilities. I don't know anyone who uses OpenBSD primarily because they contribute OpenSSH.
- which Theo said he didn't want to make for any OS other than OpenBSD!
What does a claimed political intention of Theo, towards projects outside of OpenBSD, have to do with the strengths of OpenBSD's security? Who cares if this were true? OpenBSD security is the subject here.
- and (b) simply having all the services turned off on a default installation
This is such a small, yet fundamental feature. It's trivial to provide and comes down to mindset. This is not quality of code or ingenuity of mechanism. This is policy at a most basic level. I agree that this gets hyped about a lot, outside of the OpenBSD project, but usually along with the other more substantial security features. If someone holds this up within the top two reasons to use OpenBSD, then I don't want to hear any more of their bankrupt excuses for rationale.
In fact, the most "secure by default" hype I hear, is when trolls are speaking badly of OpenBSD. They sum OpenBSD security up with, "of course it's secure, everything is switched off". What they fail to understand, is that the "secure by default" is merely an indication of overall project mindset and this phrase embodies that. People who sum OpenBSD security up to mostly that, are either ignorant or have an agenda.
chroot jails date back to
I see you deliberly cut my sentence off at a convenient point.
I was doing nothing of the sort.
I assume you are refering to the dropping of, "(including processes executed as root)"? My reply stands if so.
nor does it allow the restriction of access to raw devices, memory or sockets for any user (including processes executed as root)
"Any user" is the wide term which root falls within. Your inclusion of root is additive but not necessary.
So, any user being any user, I once again say, that when I try to read the raw disk device as a normal user, I am denied on grounds of insufficient privilege. So again I ask you to be more specific and provide something to back those claims up. I'm ready to be enlightened on this, because I am very intrigued by that statement.
If the pertinent part I apparently cut off was, "Specifically (and unlike Linux) OpenBSD doesn't support MAC (Mandatory Access Control) restriction on files", then I must say that I was not replying to that and your "nor" excludes it, as a point, from the points in the rest of the sentence.
If what you meant to say was, "nor does it allow the restriction of access to raw devices, memory or sockets all the way down to the root user", then you should have. If that is your point, then I must say that few services run as root in OpenBSD these days. MAC and ACL would be nice though, in my opinion, however priv sep and revocation try to deal with the same problem in a different way.
I didn't say they were 'just hype', you seem to be trying quite hard to twist my words.
I am not trying to twist your words. If I found the need to twist, then I would not argue to begin with. I make a living out of seeking the truth and ego is nothing but a burden in my line of work. I get a lot of work because absolute honesty is hard to come by in my field where people are either scaremongers or too afraid to say things how they are. For them it just comes down to money.
(the security hype being primarily based on (a) the contribution of OpenSSH - which Theo said he didn't want to make for any OS other than OpenBSD! - and (b) simply having all the services turned off on a default installation).
You claim here that the hype surrounding OpenBSD's security, is primarily based on their contribution of OpenSSH and having services switched off. This is not true. There is so much more to the security OpenBSD provides, regardless of whether you think the remaining technologies are worthy or not, there is much hype around them. In fact what I most often hear touted in OpenBSD's favour is the on-going code audits. Why anyone would be excited to the point of hype, over services off-by-default, is beyond me. They ought to be using NetBSD.
if you actually intended to run services (such as Web, Mail or FTP) on that system or allow local user accounts then OpenBSD is not what I would consider a particularly secure platform and there are certainly far superior alternatives
Do you give no merit to a priv seperated and revoked service which is also protected by a multitude of active memory protection mechanisms, etc, which confine those services to themselves and their own associated files? Services which get killed if they step out of bounds?
I'd love to see MAC and ACL included in OpenBSD some day, but please don't try to claim that the hype of OpenBSD security comes down to OpenSSH and disabled services by-default.
You can hardly call it a dictatorship when people just ignore the leaders decisions if/when he does something they don't agree with.
It's only a dictatorship as far as what gets accepted into the official Linus kernel. Just the same as what gets accepted into the OpenBSD kernel. OpenBSD users are just as free to put the Adaptec driver back in if they want, for example.
Don't take dictatorship too seriously in this regard. Because people are free to leave or modify these OSS dictatorships. OpenBSD and Linux are not completely comparable anyway, since Linux is a kernel and OpenBSD is a whole OS.
I read those emails long ago. I sympathise with him. Maybe I'm a nutter too.
... OpenSSH ... and (b) ... all the services turned off on a default installation.
;-)
nor does it allow the restriction of access to raw devices, memory or sockets for any user
When I attempt to read from a raw disk device as a non privileged user, I get "access denied". Can you be more specific and provide links or proof that this is the current state of affairs with OpenBSD?
the security hype being primarily based on (a)
Whether hype or reality, it does not just come down to those two things. They have audited code to remove potential dangers as new exploit techniques have come up, they've done a lot of work employing privilege separation, privilege revocation, memory protection with guard pages, W^X, randomizations, etc, chroot jails, Pro Police, Stack Ghost (on sparc and now sparc64).
I realise that OpenBSD does not have all worthy modern security features, but to say that OpenBSD security is just hype which boils down to OpenSSH and switched off services is just not right. It's not like all these things that you have failed to mention are useless. Since about OpenBSD 3.3, great results have started to appear due to their devotion to security.
OpenSSH - which Theo said he didn't want to make for any OS other than OpenBSD!
Can you back this up with a link? I find it a little hard to believe given his absolute freedom stance. Especially since OpenSSH is everywhere nowdays.
In fact, they have *actively* decided not to even attempt to implement POSIX.1e (according to this book, endorsed by Theo).
They believe they can make OpenBSD to be very secure and reliable while sticking to traditional BSD UNIX as much as possible. They might not actually need 1e in the end.
If (and I honestly think it's going to be 'if' rather than 'when' now), OpenBSD begins work to implement these features, then it might start to be considered useful as a secure platform.
This appears to be carefully worded. I guess what you are saying here is that OpenBSD is a secure platform, but less than useful? Sure, it is not the most useful system out there, but for what it does well, it does very well.
I can't see that the amount of credit he gets from some quarters is warranted. In conclusion, this is why I find the inference that he is 'very wise and well intentioned' at best riotously amusing.
Not wise? The guy knows multiple architectures at a very low level and with other developers managed to get some pretty impressive no-execute type of work happening on CPU's that don't support it natively. A year or two later, Windows XP SP2 comes out with some similar features and Microsofts security guy says in an interview regarding these SP2 features, that he is an OpenBSD fan. Yet, SP2 does not come close to what OpenBSD no-execute does on i386.
Not well intentioned? He has OpenBSD's best interests in mind and his efforts in this regard often benefit broader OSS. He was awarded recently for his work of upholding his ideals of software freedom.
Is he a nutter? I could not care less. As long as he keeps doing what matters to me, I don't care if he slings crap around his house and smears himself in it. I'd frown on any baby mulching machine completion and use though. ; )
Apple is pleased to announce an new, special limited edition of the Mac mini! The Mac mini Semtex.
Apple takes no responsibility for user safety when travelling through Israelli check points.
*blinks*
*blinks again*
I feel like that guy in the crowd in South Park, when Toto was in town and just finished a song, "Yeah! Whoohoo! Toto rocks!!! YEAH!!!".
Actually, I do like Toto. Georgy Porgy is great.
Low UID not withstanding, what are you smoking...Theo de Raadt's cock?
No. Theo has a GF, I beleive and I'm not into cock. I appreciate that he can be pretty rough, but the guy gets stuff done where other people fail or give up. Love him or hate him, he is mostly good for OSS and OpenBSD is one fine OS thanks mostly to him.
People who challenge the status quo are often not very popular. But people who bring about change for the better, are often people who challenge the status quo.
Colin Percival, who published a recent paper on the vulnerability, strongly disagreed with Linus' assessment saying, "it is at times like this that Linux really suffers from having a single dictator in charge; when Linus doesn't understand a problem, he won't fix it, even if all the cryptographers in the world are standing against him."
This reminds me of when, mid stable branch, the VM system was changed in Linux.
It also reminds me of when Linus said something to the effect of, "I have not looked at BSD lately or Windows XP, but I don't see anything worthy in them".
Dictatorships are great if the dictator is very wise and well intentioned. I am glad that OpenBSD has a dictator like Theo de Raadt.
I don't follow it closely enough to know.
It shows. As does your arrogance. I've been using OpenBSD for 6 years and Linux for 8 years. I have been following OpenBSD very closely.
X? I don't think so. gcc? No.
Such strong statements for someone who does not follow it closely enough.
Xfree forked.
x11 - Houses OpenBSD's adaptation of the XFree86-3 software project. xf4 - Houses OpenBSD's adaptation of the XFree86-4 software project.
gcc is worked on within OpenBSD's source tree and part of their work enabled an mvme88k port.
A few choice quotes from here.
FB: Another license war has started and it seems worse than before. Does OpenBSD really want to fork XFree starting from the last 4.4.0-RC2?
ME: Yes.
And I'm one of the guys who works on gcc and binutils on a continuing basis.
Anil took it one step further and introduced an extension attribute to gcc: bounded, that can tie two function parameters, so that you can say, "Here is the buffer and the corresponding size, try to check that it fits."
With a few small changes to gcc, and with declaring that read is such a function, gcc is now able to detect erroneous code, such as:
ME: ProPolice is a gcc extension developed by Hiroaki Etoh, from IBM, based on older concepts such as StackGuard. ProPolice makes several advances compared to StackGuard:
Hiroaki is also an OpenBSD developer, by the way.
Integrating ProPolice in OpenBSD has been hard work. ProPolice has found tons of bugs in various programs that shipped with the system. It's also been the first real-scale test of ProPolice itself. With a lot of hard work from Hiroaki Etoh and Miod Vallat (and Peter Valchev and Christian Weisgerber...). ProPolice itself modifies gcc a wee little bit. But, like most programs of its size, gcc itself is buggy, partly due to its gigantic design that is not quite sane in places. In a typical release of gcc, you don't see the bugs, because the corresponding code paths are never taken. Add ProPolice, and suddenly you're sending gcc through some dark venues that have seen less attention, and all of a sudden you are fixing actual, genuine bugs in gcc.
Not it is not maintained, it is called packaged. That they might have a few patches of their own isn't at all unusual - even if they are leet security fixes.
They have made major changes to Apache and as evidenced here and here, they forked it and are taking care of their own branch. Much as they have done for years before the Apache license change. Bundling some software up into a package might be what some Linux distros do, but not OpenBSD with Apache.
"Bolt Apache on" isn't very descriptive. That could be applied to the OpenBSD process too.
There is no way it can be applied to OpenBSD. They have made major changes over the years to the Apache they provide.
Sorry, no. OpenBSD does not maintain X, they do not maintain Apache. That is an insulting and slighting to the developers who do maintain those packages.
I was not saying OpenBSD developers maintain THE xfree and Apache code bases. It should have been obvious from my English that I was referring to the xfree and Apache which they release as part of their base OS. Thier changes do make it back to parent projects though from time to time.
Linux distros
You had better evaluate your specific devices before you say that one spec is faster than another, because there are an AWFUL LOT of lousy firewire cases out there.
Specs and implementations are completely seperate. It is completely valid to state that a given spec "is faster" even if it has never been implemented well. However the fact is, like the other guy, I always find FW400 to be much faster than USB2.
What I meant by the drive was actually the contents of the drive. In true Mac fashion there appear to be some magical things that need to happen in order for a drive to be bootable.
I initially thought there was some blessing that needed to be done (like you say). But even if I don't choose the firewire drive to be the "Startup Disk" and leave it to boot normally from the internal drive, booting with the firewire unit even just plugged in causes the grey screen and no boot to OS X.
As if the Mac does not complete POST.
Thank you for your advice, BTW.
It IS true.
It is NOT true, because it is too generic a statement. "Worth using". Worth using for what!? Plan your purchases! My mini IS worth using for what I use it for.
As a mac mini owner I have had to buy extra memory, a putty knife, a new usb keyboard (it wouldn't recognize the one I had for my pc), a usb hub and a firewire enclosure so that I could have the necessary disk space to use imovie.
Why on Earth would you buy a mini to begin with if you had such requirements? If you had to buy extra memory, then you did not plan your purchase. You could only go to 1GB, yet the mini can be purchased from the outset with 1GB. Everyone knows the mini was available with an 80GB max internal HDD. You could read from Apple's site how many USB ports were available too. Once again, why on Earth would you buy a mini to begin with if you had such requirements?
After its all finished I will have spent around $900 on this $500 computer and that is not counting the $100+ I had in coupons and gift certificates.
You did not plan your purchase! Had you planned your purchase, you'd have put that money towards a computer that fits your needs and you wouldn't be here complaining. There is fault here, but it is not Apple's.
Its not nearly the deal that apple makes it out to be and its basically unusable for all but the easiest tasks in the configuration that apple sells it for on their website.
Jesus, no shit sherlock. It is Apple's lowest end current offering and you are complaining that it is not appropriate for much more than low end tasks.
If I had it to do again I would probably go with one of the imacs that just became obsolete.
Next time, plan ahead. You could cut your losses to some extent buy selling it while it's still hot and buying something suitable for your needs.
If it sees the Firewire drive at all, like when you hold down the Option key when booting, you should have no problem booting from the external drive.
If I plug the firewire drive in, then start or restart the mini, I get a grey screen without the lighter grey Apple logo ever appearing.
I use the drive no problem within OS X, if I plug it in or switch it on after the Apple logo appears.
After booting from the Panther install DVD, I plug the firewire drive in and install to it (from memory) with no problem. However when restarting, I get the blank grey screen and nothing more.
I've tried getting to OFW, holding down appropriate keys etc, but it seems the machine locks before these can be used.
I haven't heard of a non-bootable Firewire chipset.
Take note: Prolific PL3507. Now you have. This guy has the same unit as mine and describes the same problem I have. Googling for "PL3507 mac boot" was less than pleasant, then there was some hope, which was dashed when I opened the unit back up to find I had revision A of this chipset. Which cannot be software flash upgraded, only with a hardware flash writer.
The PL3507 is truely a steaming pile of crap. If it works for you, it will corrupt your drive within weeks.
The problem is most likely the drive.
In desperation, I have tried three different drives (Maxtor 160GB, Seagate 120GB and Western Digital 80GB!) in this enclosure. No joy. Certainly not the drive and the history of the PL3507 confirms this. Right now I am removing the Seagate 120GB from the enclosure because in light of all this terrible info, I will not trust this chipset to anything.
It was not an analogy. It was a comparison of the mindset of some people who must make things better.
We've had this concept for decades...it's called buying a new motherboard.
Funny that you say this is a bad analogy, when it isn't an analogy at all and then when treating it as such you equate the motherboard as the engine?
(BTW. what do you mean by cleanliness?)
File structure efficiently laid out without extraneous crap. Man pages succinct and complete. Default configuration files with comments specific for OpenBSD. man "any filename" usually brings up a man page for that file.
I disagree. Debian especially is very focussed on quality, and each package having a very good ratio of maintainers.
I agree that Debian is focused on quality. I used it for years (Potato) while also using OpenBSD. Debian is certainly the cleanest of the Linux distros I have used. But I did not find it to be as clean as OpenBSD.
The free BSDs are almost as distro-like as something like Debian, in that they write and maintain a small core set of software, and then package, test, and include 3rd party (free) software with changes to config management and packaging to fit their system, and often a few of their own changes to the code.
I don't agree with this, with regard to OpenBSD. All the software installed with the default install, is permanently maintained by OpenBSD developers. Including such software as Apache. When improvements to Apache are made outside of OpenBSD, the OpenBSD developers review changes and back port them into the OpenBSD Apache if they are deemed worthy (I realise Debian back ports).
Contrast this to Linux distros which bolt Apache on as it is with config changes to suit their distro.
As far as 3rd party software goes, yes they have packages of 3rd party software which remains largely unchanged. However there is a point where they have to stop. They can't maintain and develop everything in-house. But as far as the OS goes, (kernel, libraries, file structure, man pages, installer, boot loader, Apache, OpenSSH, X, ftpd, ntpd, etc etc) they do and they do it all as a whole. A lot of work goes into the packages though and they usually ship with almost ALL of them working without any problems.
With this basic idea, there is no difference between Linux distros and BSDs.
All of the software installed in a default install of OpenBSD, is maintained by OpenBSD developers as a tightly knit group. There is a huge difference between that and Linux where developers of various software work together largely independantly of the other groups and then communicate when it comes time to tie it all together, but not necessarily cooperate. Consider that those various groups also don't always agree and go their own way with some fundamental aspects. I see Linux distros and BSD development as being very different and to me it shows when I use them.
Have you spent much time in various Linux distros and BSD's?
There is still a great deal of 3rd party code used in BSDs needed to even *build* the system, let alone have any functionality.
The point with BSD, is that when external code comes in, it is maintained from that point internally. That code does not keep getting imported each time it changes externally just because that happens. This avoids problems being crept in. It only gets imported if deemed worthy. New code does not very often get imported anyway and when it does, external changes are usually re-implemented rather than being imported as is. This is what I am refering to when I say, "take ownership".
What's more, most Debian people who package eg. the kernel are actually kernel developers as well who work on the upstream kernel. So it's not like a huge difference there.
I would not doubt this. However, in OpenBSD, the developers don't just maintain the kernel and libraries, they maintain all of the software that gets installed by default. They even maintain and modify gcc and X. As far as the kernel goes, it is specifically developed for OpenBSD as a whole, not a much larger community outside of OpenBSD. They can focus on their system as a whole when developing their kernel as a result of this. Not take into consideration every other user outside of their system. This all makes for an absolutely
re are a couple tests that show the same drive to be faster externally, but it's certainly not consistent, or "usually".
Yes, I just did a recount and will retract "usually". ; ) 4 times out of 9, if my counting is correct, the same drive is faster on the external. 1 time out of that 9 it is equal.
Regardless, I am still surprised that at any time a given drive is faster on the firewire than it is on the internal IDE. I would not have expected this outcome.
BTW, what are the SCSI features of firewire of which you speak? I am aware that USB is similar enough to SCSI to allow wrappers to convert it to SCSI in a simple fashion. But what features of firewire provide SCSI like benefits? Queuing? Elevator sorting?
openbsd is a nicely managed distribution
OpenBSD is not a "distribution" if you are using the term as it would be used with respect to Linux "distributions". Linux distro's package other peoples software and tailor it, whereas BSD developers "take ownership" of all the software that falls under their releases and maintain it all as a whole.
This might sound like a minor difference, however use a bunch of Linux distros and then use OpenBSD and you might, like I and many others have, notice the very clean and integrated system which results. Linux distros always seem rough around the edges by comparison. Even the likes of SuSE or Debian.
No offence intended however to the Linux camp. Their work is highly admirable and their acheivements impressive. I just notice this distinction as being due to the fundamental mindset of responsibility extending to all parts of BSD systems versus the responsibility of tailoring the packaging of distinct components.
OpenBSD, stands out to me by far, as the cleanest system. I don't feel I can use the word "integrated" with OpenBSD because the whole is so complete that it feels as if there was nothing to integrate to begin with. As if the system were created completely from the ground up with a lot of foresight to do things correctly.
I will always think of my island home (Australia) as being an island though.
In addition to this, I consider the change from Australia being an island, to being a continent to be wrong. The powers that be were wrong to do that and the World was wrong to accept it.
An island implies isolation. Australia is the largest country to be completely isolated by water and thus it is an island.
PS, with George W Bush at the helm of the USA, I feel a large part of North America is quickly becoming incontinent. ie, it is randomly and uncontrollably shitting and pissing on the rest of the World.
It isn't, it however located on an island. Most commonly the island is called "America", and it is generally divided into two parts: "North America", and "South America".
I was tought at school, that an island, is an expanse of land surrounded by water which contains no more than one country. If it does contain more than one country, then it is a continent and not considered an island.
Australia is the largest island in the World by this definition. However since it is so large, it is considered to be a continent itself and so Greenland gets the title of Worlds largest island. North and South America are continents.
I will always think of my island home (Australia) as being an island though.
good analysis w/ lotsa pretty graphs
Very strange that the same drives are usually faster on the external firewire enclosure, than they are on the internal IDE interface. Could the internal IDE interface be crap? I hope not. This reminds me of my Sun Ultra 5's and 10's which have really crappy IDE interfaces.
Using these drives with external firewire interfaces, should show a slight performance decrease due to the added latency of extra hardware (and firewire to begin with):
Drive-IDE-Motherboard
versus
Drive-IDE-Firewire-Firewire-Motherboard.
Well, clearly price, performance and functionality all take a back seat. All that's left is the size and looks of the thing.
The mini comes with a CD burner at a minimum, BTW. What is your problem with the mini's functionality?
For some people, the price of the mini is fine for the performance it allows with OS X. And that is the point. OS X. I don't fight with OS X the way I have been for the past 17 years with MS products. That's where productivity comes in.
I also have a need for number crunching, which is why I will be upgrading my machine dedicated for this (AMD XP2800+) to a dual Opteron. I ssh to the Opteron from my mini, kick off jobs which take extended periods of time to complete and then come back to my mini to use it for what it is good for. This illustrates my point, that productivity, performance and functionality is highly dependant on the task at hand and the user.
What good is a P4 2.8GHz versus a G4 1.42GHz if the P4 is hobbled by an unfriendly OS that a USER must USE? If the task is highly sporadic with CPU usage, then the P4 may well just waste more idle cycles than the G4, so OS usability becomes much more important in that scenario. XP is leaps and bounds more usable that older Windows OSes, but it still has nothing on OS X.
If your work requires both a GUI and extreme CPU speed, then by all means get an AMD64 or Powermac. But when we're talking low end USER machines, the interface counts for a lot and the mini has the huge benefit of actually running OS X (and running it pretty well too).
Recent Macs boot from a firewire drive just fine.
Just make sure the firewire enclosure you use will boot fine from a mini. I purchased a Zynet Firewire/USB2 combo enclosure so that I could boot from an external seperate drive for testing (Mac OS X on external, various other OSes on internal), while allowing protection of my OS X stuff by unplugging it. The mini just gives me a grey screen with no Apple logo when I try to boot from the firewire drive.
I've not seen much complaint of this with firewire drives, so I assume this is due to the cheap Zynet.