How does running Microsoft Office have anything to do with a headless rackmounted firewall machine in a data center somewhere?
You might not have to worry about drivers in MacOS. Oh wait, you do. A lot of hardware won't work on MacOS due to lack of drivers.
Anyway, you might not have to worry about drivers in MacOS, but you do have to worry about the lack of a decent firewall. And the lack of security features like privsep everywhere. And stack protection everywhere. And execution protection everywhere. These are precisely the features that make people choose OpenBSD over other OSes, and they are no more present on MacOS than they are on Linux (has a decent firewall, but it takes a lot of work to modify with non-standard modules so that it can keep up with pf).
To suggest that MacOS and OpenBSD have even remotely overlapping areas of usefulness (apart from things like the ability to serve web pages slower than Linux and FreeBSD) demonstrates a profound lack of understanding of the issues people need to deal with when they choose an OS.
"Everyone on here expects companies to spend millions in development and bend over backwards for their own purposes."
They want documentation for the hardware. Maybe a few hundred dollars for printing and shipping if they don't have it in electronic form. They must already have the docs, as they would be required for their own developers to write the Windows drivers.
This is a one time cost and can be recovered with a tiny number of sales. The OpenBSD developers want to do all the development themselves, so the costs to Adaptec once the docs have been released is zero.
"Adaptec isn't interested in OpenBSD because it's not in their best financial interest, despite their best intentions."
That would be why Theo put together a list of Adaptec customers that use OpenBSD. To prove that there is significant financial interest for Adaptec to give up the docs.
Interestingly, Theo of OpenBSD is more insistant that the entire base system be open source than the most popular Linuxes. GPL software is tolerable if there is no alternative, but commercial software is not tolerated.
The only exception is firmware binary blobs (which all OSes need, as it is not practical to create open source replacements), they are tolerated if they are released under a license that allows OpenBSD to distribute them.
That's similar to what Linuxes like Debian demand, and that's a lot more than Linuxes like Red Hat and Suse demand.
FreeBSD is more common as a desktop OS and webserver, but OpenBSD is more common as a firewall. And it often goes unnoticed by people because it just sits there firewalling things. Remember that companies rarely announce the details of their security arrangements. Needless to say, these firewalls are mission critical and need RAID.
Theo is a belligerent prick so he gets noticed more than the others, but every open source OS has identical problems with driver support. Why do you think Theo got that award when he and Stallman don't exactly see eye-to-eye?
Linux developed very quickly in the early years. BSD was pretty much the only real competition, and by the time the lawsuit was cleared up and it was working on 386, Linux was already established.
It is explicitly not a microkernel and they don't plan to make it one, but it has some microkernel-like properties. For example, programs do not invoke system calls directly, they pass though a translation layer in userspace. This allows a bunch of very cool things that I will not enumerate here because they're on the website.
It's not done yet but they have a working release.
"I have no idea why Linux became more popular in the first place, considering that there was already BSD and the HURD,"
BSD wasn't ready for 386 at the time, and had the AT&T lawsuit hanging over it. And with Hurd not ready to go now, what makes you think it was ready to go in the early 90s?
"dont know much about the BSD's but im sure if you took the compiler away you couldnt compile anything right?"
While that's true, you're missing the point. Taking away gcc does not help you at all.
-I can compile a binary somewhere else, download it, and run it. -I can use Perl (in the base system), or other languages like Python (not in the base system, but usually installed). These are perfectly capable of listening for connections. -I can use other software like nc (aka netcat) that knows how to listen for connections.
Locking down the system to prevent the use of these other systems would also prevent the use of the ftpd binary that's already there, so there would be no benefit to removing it.
Right, but the default ftpd is disabled in the base system.
"vsftpd is superior, both from a functionality and a security perspective. The license is then my first suspicion explaining its lack in base."
I'm not familiar with the specifics of its features and security, but the GPL license precludes its use in the base system of OpenBSD. For better or worse, that's the way it's going to stay.
I'm not saying it's the best ftpd, but as another poster said the OpenBSD one is being improved in security terms.
Well if I were running a public FTP site I wouldn't necessarily care if transfers were encrypted, but I would most assuredly not want anyone to be able to break in. That's why a secure ftpd is important.
I don't have a problem with it as long as it exits cleanly, which it clearly does.
The BSD way would be better if you had a file that had a large amount of leading '\0's. The GNU way would be better if you had lines longer than however many dozens of mb the BSD one will tolerate. I don't really have a preference on this one...
"Without a doubt, OpenBSD is giving us a less safe piece of software (because they don't want to include GPL code). Even OpenBSD's servers use vsftpd (in preferance to BSD ftpd) because of security and performance reasons."
No, they use vsftpd because a server they don't control donates bandwidth to the OpenBSD project. The OS is not up to them, let alone the ftp server.
"It would be interesting to see a distribution that insisted on secure code, without fretting about licensing."
Like most of the GPLed software people miss in the BSDs, vsftpd can be installed from ports very easily.
"As to how to set the limits on the number of forks. Maybe I got this completly wrong but could it be that this depends entirely on your hardware? Perhaps the latest IBM mainframe can handle a few more then an ancient 386? How the hell is the distro supposed to know what I got?"
man 2 setrlimit
"RLIMIT_NPROC The maximum number of processes that can be created for the real user ID of the calling process. Upon encountering this limit, fork() fails with the error EAGAIN."
It's part of POSIX. It should work the same on any *nix on any hardware.
"BSD is very solid, this is known. It is also known that BSD has been along long before linux and but has been sucking it exhaust fumes ever since it arrived. For every story about how much more secure BSD is there are a dozen stories about linux actually making a mark on the world. So good. Your BSD survived a forkbomb. But why exactly was the author running a linux desktop then if BSD is so much better?"
You're clearly unaware of the various marks BSD has made. Essentially every OS out there today runs BSD code, including Linux and even Windows, and the BSDs continue to break new ground in ways that are frankly too numerous to go over here.
Also, most of the "difference" Linux has made is actually software that will run on BSD as well.
Please explain how the ftpd binary (not suid) can be used to exploit the system in ways that the user otherwise could not.
Taking away the ftpd binary wouldn't stop the user from doing exactly the same thing by some other means. For example, they could simply download the source and compile a new one by themselves. Or use Perl. Or compile a binary somewhere else and download that.
I don't think they're killed automatically. They seem to be running out of memory.
Of course, the same thing on my OpenBSD box doesn't run out of memory... Either a the GNU grep has a memory leak or the BSD grep has a check for something (long lines?).
Slashdot Mirror
How does running Microsoft Office have anything to do with a headless rackmounted firewall machine in a data center somewhere?
You might not have to worry about drivers in MacOS. Oh wait, you do. A lot of hardware won't work on MacOS due to lack of drivers.
Anyway, you might not have to worry about drivers in MacOS, but you do have to worry about the lack of a decent firewall. And the lack of security features like privsep everywhere. And stack protection everywhere. And execution protection everywhere. These are precisely the features that make people choose OpenBSD over other OSes, and they are no more present on MacOS than they are on Linux (has a decent firewall, but it takes a lot of work to modify with non-standard modules so that it can keep up with pf).
To suggest that MacOS and OpenBSD have even remotely overlapping areas of usefulness (apart from things like the ability to serve web pages slower than Linux and FreeBSD) demonstrates a profound lack of understanding of the issues people need to deal with when they choose an OS.
"Everyone on here expects companies to spend millions in development and bend over backwards for their own purposes."
They want documentation for the hardware. Maybe a few hundred dollars for printing and shipping if they don't have it in electronic form. They must already have the docs, as they would be required for their own developers to write the Windows drivers.
This is a one time cost and can be recovered with a tiny number of sales. The OpenBSD developers want to do all the development themselves, so the costs to Adaptec once the docs have been released is zero.
"Adaptec isn't interested in OpenBSD because it's not in their best financial interest, despite their best intentions."
That would be why Theo put together a list of Adaptec customers that use OpenBSD. To prove that there is significant financial interest for Adaptec to give up the docs.
"How is Theo being annoying? If one open system doesn't have the specs to support the hardware, then none of them will."
We can all agree with his goals (I do), but he can be an asshole sometimes.
OpenBSD would not accept a binary driver.
(note that that is different than firmware images, which OpenBSD will accept if they are allowed to include them in the base system)
Interestingly, Theo of OpenBSD is more insistant that the entire base system be open source than the most popular Linuxes. GPL software is tolerable if there is no alternative, but commercial software is not tolerated.
The only exception is firmware binary blobs (which all OSes need, as it is not practical to create open source replacements), they are tolerated if they are released under a license that allows OpenBSD to distribute them.
That's similar to what Linuxes like Debian demand, and that's a lot more than Linuxes like Red Hat and Suse demand.
"But he's belligerent in the right direction."
In this case it's a good thing. Sometimes it's not.
It's all about making sure the big shareholders know that the company's policies are costing them sales.
People say that Theo should stop being so annoying, but the only way shareholders find out is when it gets massively publicised like this.
It worked for the 802.11 drivers. It's worth a shot here.
FreeBSD is more common as a desktop OS and webserver, but OpenBSD is more common as a firewall. And it often goes unnoticed by people because it just sits there firewalling things. Remember that companies rarely announce the details of their security arrangements. Needless to say, these firewalls are mission critical and need RAID.
Theo is a belligerent prick so he gets noticed more than the others, but every open source OS has identical problems with driver support. Why do you think Theo got that award when he and Stallman don't exactly see eye-to-eye?
What is needed is for routers to ship with a strong password by default. It can be printed on the unit itself, and could be changed if necessary.
That's true, but I was thinking about power struggles within one project.
networks I can see
That "SMC" network covers the entire building due to multiple people using SMC routers with the default.
Linux developed very quickly in the early years. BSD was pretty much the only real competition, and by the time the lawsuit was cleared up and it was working on 386, Linux was already established.
you should check out DragonFlyBSD
It is explicitly not a microkernel and they don't plan to make it one, but it has some microkernel-like properties. For example, programs do not invoke system calls directly, they pass though a translation layer in userspace. This allows a bunch of very cool things that I will not enumerate here because they're on the website.
It's not done yet but they have a working release.
"I have no idea why Linux became more popular in the first place, considering that there was already BSD and the HURD,"
BSD wasn't ready for 386 at the time, and had the AT&T lawsuit hanging over it. And with Hurd not ready to go now, what makes you think it was ready to go in the early 90s?
There's no infighting where you work?
Who do you work for and where can I send my resume?
"dont know much about the BSD's but im sure if you took the compiler away you couldnt compile anything right?"
While that's true, you're missing the point. Taking away gcc does not help you at all.
-I can compile a binary somewhere else, download it, and run it.
-I can use Perl (in the base system), or other languages like Python (not in the base system, but usually installed). These are perfectly capable of listening for connections.
-I can use other software like nc (aka netcat) that knows how to listen for connections.
Locking down the system to prevent the use of these other systems would also prevent the use of the ftpd binary that's already there, so there would be no benefit to removing it.
"Yes, but the base system should be trusted."
Right, but the default ftpd is disabled in the base system.
"vsftpd is superior, both from a functionality and a security perspective. The license is then my first suspicion explaining its lack in base."
I'm not familiar with the specifics of its features and security, but the GPL license precludes its use in the base system of OpenBSD. For better or worse, that's the way it's going to stay.
I'm not saying it's the best ftpd, but as another poster said the OpenBSD one is being improved in security terms.
"If you want secure, use sftp."
Well if I were running a public FTP site I wouldn't necessarily care if transfers were encrypted, but I would most assuredly not want anyone to be able to break in. That's why a secure ftpd is important.
Yup.
I don't have a problem with it as long as it exits cleanly, which it clearly does.
The BSD way would be better if you had a file that had a large amount of leading '\0's. The GNU way would be better if you had lines longer than however many dozens of mb the BSD one will tolerate. I don't really have a preference on this one...
"Without a doubt, OpenBSD is giving us a less safe piece of software (because they don't want to include GPL code). Even OpenBSD's servers use vsftpd (in preferance to BSD ftpd) because of security and performance reasons."
No, they use vsftpd because a server they don't control donates bandwidth to the OpenBSD project. The OS is not up to them, let alone the ftp server.
"It would be interesting to see a distribution that insisted on secure code, without fretting about licensing."
Like most of the GPLed software people miss in the BSDs, vsftpd can be installed from ports very easily.
man 2 setrlimit It's part of POSIX. It should work the same on any *nix on any hardware.
"BSD is very solid, this is known. It is also known that BSD has been along long before linux and but has been sucking it exhaust fumes ever since it arrived. For every story about how much more secure BSD is there are a dozen stories about linux actually making a mark on the world. So good. Your BSD survived a forkbomb. But why exactly was the author running a linux desktop then if BSD is so much better?"
You're clearly unaware of the various marks BSD has made. Essentially every OS out there today runs BSD code, including Linux and even Windows, and the BSDs continue to break new ground in ways that are frankly too numerous to go over here.
Also, most of the "difference" Linux has made is actually software that will run on BSD as well.
Please explain how the ftpd binary (not suid) can be used to exploit the system in ways that the user otherwise could not.
Taking away the ftpd binary wouldn't stop the user from doing exactly the same thing by some other means. For example, they could simply download the source and compile a new one by themselves. Or use Perl. Or compile a binary somewhere else and download that.
"???@mylinuxbox ~ $ grep foo /dev/zero /dev/zero: Cannot allocate memory"
grep:
I don't think they're killed automatically. They seem to be running out of memory.
Of course, the same thing on my OpenBSD box doesn't run out of memory... Either a the GNU grep has a memory leak or the BSD grep has a check for something (long lines?).
It'll still need highly refined raw materials and specialty items like processors.
FOR NOW
When one doesn't need a cordless mouse, $50-$70 is expensive.
If Apple only offers this new mouse as bluetooth, they're not going to convince many people to stop buying Microsoft and Logitech mice.