It's funny to see his comments in comparison with the release notes from the hot-of-the-press (3.4) version OpenBSD.
The Open crew really know their stuff and has realised that there is no such thing as perfect code. So far Bill and them correlate, then the big difference raise. The Open guys, as you see from the release notes, add layer after layer of protections to compensate for the lack of perfect software in the real world. Why else should you have ProPolice, W^X, randomized dyn linker stuff, systrace, fixed the bufferoverruns in the source etc?
If something is broken, such as a buffer overrun in an application, the consequences probably isn't catastrophical if some of the other layers can trap the attack (of course they still can be bad if the user is stupid when configuring)
Have Bill these layers? No, I didn't think so....
....thats the difference in philosophies between the PR and marketing droids in Bills camp and hardcore security geeks in the Open crew that have some real knowledge.
Slashdot Mirror
It's funny to see his comments in comparison with the release notes from the hot-of-the-press (3.4) version OpenBSD.
....thats the difference in philosophies between the PR and marketing droids in Bills camp and hardcore security geeks in the Open crew that have some real knowledge.
The Open crew really know their stuff and has realised that there is no such thing as perfect code. So far Bill and them correlate, then the big difference raise. The Open guys, as you see from the release notes, add layer after layer of protections to compensate for the lack of perfect software in the real world. Why else should you have ProPolice, W^X, randomized dyn linker stuff, systrace, fixed the bufferoverruns in the source etc?
If something is broken, such as a buffer overrun in an application, the consequences probably isn't catastrophical if some of the other layers can trap the attack (of course they still can be bad if the user is stupid when configuring)
Have Bill these layers? No, I didn't think so....