OpenBSD 3.2 Available 331
fredrikv writes "Right on time, the files defining OpenBSD 3.2 have moved away from "snapshots" to the 3.2 directory of the OpenBSD mirrors. It is well known as the world's most secure operating system and now sports chroot'd Apache, fewer suid binaries, cool pictures for xdm-logins, a brilliant "antispoof" packet filtering rule and as usual includes lots of small updates and fixes. The files are there. What are you waiting for?"
FreeBSD (Score:2, Interesting)
OpenBSD questions (Score:1, Interesting)
2. Are the fsn.hu isos kosher?
Most Secure OS (Score:5, Interesting)
OpenBSD based floppy firewall? (Score:3, Interesting)
Please provide .iso's (Score:3, Interesting)
What do others think?
Re:Most Secure OS (Score:3, Interesting)
The above uses attacks per overall attacks as the rating for the OS. What should be done is OS specific attacks per installed machines running the particular OS.
MA -- machine attacks
TA -- total attacks
MI -- machines installed
TI -- total installed
The article gives MA/TA, but we want MA/MI. MA/MI gives the vulnerability of a particular OS seperated from the quantity of attacks. I don't know the total number of installed computers, but say it's 10,000,000. Then the MA/MI for Mac's is:
10,000,000 * 0.03 = 300,000
31/300,000 = 0.000103
So about 0.0103%. By contract look at the Windows numbers. Suppose Windows has 75% market share.
10,000,000 * 0.75 = 7,500,000
31,431/7,500,000 = 0.0041908
So about 0.41908%. These numbers show what percentage of installed machines will be affected instead of what portion of all attacks they represent. Another way to think about it is say you have 1 machine running CrappyOS and that machine is attacked. It will only represent 1/57,978 hacks performed in 2002. By contrast MA/MI will be 100%, meaning that every single machine running CrappyOS was hacked.
Numbers don't lie, people do.
Re:OpenBSD use. (Score:2, Interesting)
(emphasis mine)
Some would count the lack of a GUI as a downside. Don't knock GUIs -- even web-based ones. They can really help out with the easy stuff. And since it's a Unix, you can always pop up a shell window to do the more complicated stuff.
Check out Mac OS X for an example of this.
Re:Please provide .iso's (Score:2, Interesting)
One thing that is different about OpenBSD is that the patches are released in source code form and so you have to compile the system yourself to keep it up to date. I keep an up to date source code tree of the latest OpenBSD stable release and with a couple of shell scripts that automate the process I've been building my own OpenBSD releases for a while now. I even put together a old PPro 200 system that I use as a dedicated build system. I download the created tarballs from my build system and use them to update my live BSD systems when I need to.
Re:Same horrible fdisk and disklable process? (Score:3, Interesting)
Re:I DO think so.... (Score:3, Interesting)
OpenBSD is what you make of it... If you set everything SUID it's certainly not going to be very secure, but you can secure an OpenBSD system extremely well if you want to do so.
Stick that in your VMS pipe and smoke it!
Signed files? MD5s? (Score:4, Interesting)
That said, how can I trust that my copy of the "world's most secure operating system" hasn't been tampered with? OpenBSD does not sign their files with PGP, GnuPG, or OpenSSL (yes, the latter has been suggested on lists). OpenSSH does. Why can't OpenBSD?
The ports tree, the kernel source, and the rest of the base source (ports.tar.gz, srcsys.tar.gz, and src.tar.gz) don't even have published MD5 hashes (but the archetecture-specific binaries do). The source matters, because (aside from using potentially unstable snapshots binaries) you need the source to apply security patches as security issues are discovered.
For an OS with such a focus on cryptography "because we can", I don't see it being used where it counts. (I've written to the misc list, and only received one response. I've filed a bug report and have received none.)
Re:FreeBSD (Score:2, Interesting)
I use it for a lot of stuff:
at home, as firewalls, Wlan gateway, fileserver, software development, videograbbing and asorted stuff.
at my friends' and siblings' homes, as firewalls and gateways.
at small business, as firewalls, fileservers, proxies, apacheservers.
at the large telco that pays my salary, as firewalls, security gateways, proxies, MS-VPN servers, radius servers.
In short, I'm a dedicated OpenBSD fanatic, and I'm quite convinced that Theo can walk on water without getting his feet wet, or at least cross shallow ponds with only damp socks.
But this doesn't change the fact that there's several things stopping me from trying to replace the OS on every box I can find.
There's alot software that doesn't install and run clean on OpenBSD.
There's a lot of software that has to be cuddled with a bit before it works.
And from a maintain/support view there's a lot more people trained on various (GNU)/Linuxes, making it much easier (and cheaper) to hire support and contractors.
There's also the lack of stable SMP support, and the lack of support for less common hardware.
Will OpenBSD rule the world? No, I still se it a "targeted" product.
It doesn't promise world domination like Linux.
It doesn't promise maximum portability and support for obscure hardware like NetBSD.
It doesn't aim for maximum software support like FreeBSD.
It promises security and stability, and it delivers.