Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
BSD Operating Systems

OpenBSD Now Nine Years Old 60

Posted by michael from the make-a-wish dept.
NekkidBob writes "OpenBSD, my personal favorite *BSD, turns 9 years old today. And with only 1 remote hole in the default install, I'd say that is a pretty good acheivement. The first commit was at 16:36 MST on Saturday, October 14, 1995. Happy birthday OpenBSD!"
This discussion has been archived. No new comments can be posted.

OpenBSD Now Nine Years Old More

OpenBSD Now Nine Years Old

Comments Filter:

  • Re:Hmm (Score:3, Insightful)

    by twilight30 ( 84644 ) on Friday October 15, 2004 @01:25PM (#10537135) Homepage
    The BSD distributions were thought of as good kernel bases for the Debian userspace applications during 1999-2002. So Debian maintainers would rip out the Linux kernel infrastructure and replace it with a BSD variant.

    A similar attempt has been ongoing with the HURD kernel for at least the last decade.

    Packaging attempts were made with FreeBSD and OpenBSD.

    I don't know the status of the Debian/FreeBSD port but the Debian/OpenBSD port was abandoned when Andreas Schuldei, the maintainer of the port, realised that the kernel had shitloads of race conditions and offered no real advantages on its own over properly configured Linux kernels (such as those from Debian itself).

    He also believed that the Debian/Linux userspace was not any better or worse in any real sense over the OpenBSD userspace (the ports and packages systems on OpenBSD are not audited, for the most part).

  • Re:And with only 1 remote hole in the default inst (Score:3, Insightful)

    by nocomment ( 239368 ) on Friday October 15, 2004 @02:00PM (#10537596) Homepage Journal
    Have you ever installed and used it? Try it, you might like it.

  • Re:And with only 1 remote hole in the default inst (Score:4, Insightful)

    by pizza_milkshake ( 580452 ) on Friday October 15, 2004 @04:08PM (#10539151)
    the good comes from knowing that when you install OpenBSD you're starting on a level playing field. likely, any security holes your system will have will be as a direct result of a failure of due diligence either by you and/or the developers of the software

    this doesn't mean your final system won't have holes, but it means you're not already starting "in the hole"; it doesn't sound like much, and yet how many other systems out there can make this claim? OpenBSD isn't the end-all, be-all, it's just a good tool for your toolbox

  • Re:And with only 1 remote hole in the default inst (Score:4, Insightful)

    by evilviper ( 135110 ) on Friday October 15, 2004 @07:42PM (#10541269) Journal
    It's suffered the same Apache/SSL/FTP/PHP errors as everyone else.

    Fortunately, that's where you are wrong.

    It's quite common to search through bugtraq or another security list, and find it in the list as the only OS "unaffected". Now, that's not always the case, but it's surprisingly common.

    OpenBSD is more secure than other OSes, not just out of the box, but with major services enabled too... When you install Apache on Linux/FreeBSD, you just get the plain vanilla version. With OpenBSD, you get a version that has been audited by the team, and lots of changes have been made.

    Plus, about a year ago, Propolice, W^X, and other protection measures have be included by OpenBSD, which does negate most bugs, and does protect your OTHER services against software bugs.

    BTW, most of my machine have only SSHD enabled (which is one of a few services enabled by default), so the default install can be very useful for a great many things. SSH handles log-in, file transfer, plus port forwarding. So any other services can run on 127.0.0.1, and only be accesses remotely (via SSH) if you have an account.

    Nothing as secure as a box unplugged in a closet!

    Of course, but baring that, OpenBSD is a very good choice.

  • Re:And with only 1 remote hole in the default inst (Score:2, Insightful)

    by tedu ( 647286 ) on Friday October 15, 2004 @11:52PM (#10542575)
    My comment was, and is, a basic install unix type OS box are almost always secure, and yes even redhat. apparently you've never typed "redhat worm" into google.

  • Re:And with only 1 remote hole in the default inst (Score:5, Insightful)

    by Shanep ( 68243 ) on Saturday October 16, 2004 @01:47AM (#10542942) Homepage
    soon as you add in server applications, you decrease the security.

    No shit?!

    The point with OpenBSD, is that it has so many active security mechanisms, that a [insert network daemon] exploit might allow a remote root on your FreeBSD, Solaris and Linux machines, but only result in a DoS of that particular service on OpenBSD.

    Already we are not only seeing open source OS' take leafs out of OpenBSD's book, but also Microsoft and Sun.

    The multitude of active and passive security measures in OpenBSD is very impressive.

    Plus the point is, that an OS should be locked down from the initial install and then built on from there as the admin requires, not as the OS maintainers think you will require.

    Presumptuous people who build operating systems, do not make secure operating systems.

  • Re:one hole? (Score:4, Insightful)

    by Shanep ( 68243 ) on Saturday October 16, 2004 @02:16AM (#10543020) Homepage
    Given how little (that is, nothing) is turned on in the default install, one remote root hole is pretty damned bad. Remember that that's a remote root hole with *no* services running... Now, if they had only one remote root hole including sshd, a webserver, a mailserver and so on, that'd be something to brag about.

    You speak with such authority, for someone who obviously knows nothing about the subject.

    OpenSSH has been ON by default at some stage after or including OpenBSD 2.6 and only recently has the option to disable it within the install script, become an option for users. That's about 5.5 years out of that 8.

    The foundation of your rant is completely non-existent.

    Nowdays, even if you do enable popular daemons, your typical worst case is likely to be a DoS instead of a remote root, thanks to OpenBSD.

    I take, "Only one remote hole in the default install, in more than 8 years!", as a fact that is representative of the mindset of the developers behind the project, not as an absolute gauge of overall project security. Anyone who does or thinks that is what it is supposed to represent, is stupid.

    Take that statement for what it is. Reading more into it is your problem.

  • Re:And with only 1 remote hole in the default inst (Score:2, Insightful)

    by Dick Faze ( 711885 ) on Saturday October 16, 2004 @09:30PM (#10547820) Journal
    But a basic box by itself is of no use,

    It depends what you're doing, doesn't it?

    its the applications which by default have the applications, thus the exploits.

    Not sure what you mean by "the applications which by default have the applications", but if you meant "the applications which by default have the holes" (or "wholes" as you call them), no they don't. Stop spewing nonsense and spend 5 minutes at openbsd.org and read about the auditing work that goes into many of the specific versions of the applications included in the OS - Apache on OBSD is NOT the same as Apache on RedHat by default, etc.

    A uber secure box sitting there doing nothing, is still, doing nothing.

    Okay, you've no idea what's included in the "default install" of OpenBSD, we believe you already, no more evidence required.

Slashdot Top Deals

The key elements in human thinking are not numbers but labels of fuzzy sets. -- L. Zadeh

Close