Forgot your password?
typodupeerror
BSD Operating Systems

OpenBSD Now Nine Years Old 60

Posted by michael
from the make-a-wish dept.
NekkidBob writes "OpenBSD, my personal favorite *BSD, turns 9 years old today. And with only 1 remote hole in the default install, I'd say that is a pretty good acheivement. The first commit was at 16:36 MST on Saturday, October 14, 1995. Happy birthday OpenBSD!"
This discussion has been archived. No new comments can be posted.

OpenBSD Now Nine Years Old

Comments Filter:
  • Happy birthday ;))) /...and here comes an OpenBSD song.../
  • by Anonymous Coward
    I heard OpenBSD was merging with Debian... Is this the truth, or is it bunk?
    • by SirCyn (694031)
      OpenBSD is a BDS Unix. Debian is a Linux Unix. No. They are not merging. The amount of work to get code from one to work on the other would be prohibitive.
      • by gorre (519164)
        OpenBSD is a BDS Unix. Debian is a Linux Unix.
        Debian is not just a "Linux Unix", it also runs on the FreeBSD kernel [debian.org], the NetBSD kernel [debian.org] and let's not forget the HURD [debian.org].
        • by r2q2 (50527)
          Debian is a distribution that is kernel independant. The things that make debian debian are the package management and the locations of the configuration files etc...
    • Re:Hmm (Score:3, Insightful)

      by twilight30 (84644)
      The BSD distributions were thought of as good kernel bases for the Debian userspace applications during 1999-2002. So Debian maintainers would rip out the Linux kernel infrastructure and replace it with a BSD variant.

      A similar attempt has been ongoing with the HURD kernel for at least the last decade.

      Packaging attempts were made with FreeBSD and OpenBSD.

      I don't know the status of the Debian/FreeBSD port but the Debian/OpenBSD port was abandoned when Andreas Schuldei, the maintainer of the port, realised
      • He also believed that the Debian/Linux userspace was not any better or worse in any real sense over the OpenBSD userspace (the ports and packages systems on OpenBSD are not audited, for the most part).

        "He" does not understand that in context of licenses, they are very far appart. OpenBSD have replaced several GPL licensed utilities with a free alternative. They still use alot of GPL (LGPL) like the tool chain from the gcc project, but the spirit is there. Just witness the fork of Apache 1.3 and XFree86

        • I installed OpenNTP on gentoo only to find that there are no programs to monitor the state of the ntp daemon. It might be working, but you have to accept on faith that it is doing so.
      • by Anonymous Coward
        I think you're thinking Debian GNU/NetBSD:
        http://www.debian.org/ports/netbsd/ [debian.org]
      • And yet he doesn't answer when asked about his finds: http://lists.debian.org/debian-bsd/2002/10/msg0006 3.html [debian.org]

  • The love of BSD (Score:2, Interesting)

    by Anonymous Coward
    I've always been a firm believer in running BSD systems. I still stand by my beliefs. BSD operating systems have always been fun from the software packging systems to the firewalls. PF has made its way to all the widely free BSD systems. I thank OpenBSD and all the developers for doing such a great job at design. I'll always love reading what others have to say on the mailing lists.

    Let the Birthday party begin!

    David Ross
    dross logged on
    freenode.net - Join the #openbsd channel
  • Ok, I hear this over and over "With only 1 remote hole in the default install..."

    But, what good is the default install? Don't you want it to be doing something? It's suffered the same Apache/SSL/FTP/PHP errors as everyone else. I know if you search cert for openbsd you get lots of hits, so there are wholes in the applications.

    Nothing as secure as a box unplugged in a closet!

    • Have you ever installed and used it? Try it, you might like it.
      • Have you ever installed and used it? Try it, you might like it.

        I have, and do. But I favor freebsd for my servers, and linux for personal use. But for my work I use Solaris (with clustering).

        I just find the comment amusing, soon as you add in server applications, you decrease the security.

        • OpenBSD still has other security features which help in securing the machine which the other BSDs do not. I do however agree that the "default" install doesn't mean a whole lot, but consider how hard it is to secure windows 2000 with a default install when connecting directly to the internet - your machine is already 0wned before you had the chance to update it.
          • but consider how hard it is to secure windows 2000 with a default install when connecting directly to the internet

            Is this possible without invoking black magic? Windows 2000 might very well have some advanced features to harden it, but they are so inaccessible/hard to understand as to be useless.

        • by Shanep (68243) on Saturday October 16, 2004 @01:47AM (#10542942) Homepage
          soon as you add in server applications, you decrease the security.

          No shit?!

          The point with OpenBSD, is that it has so many active security mechanisms, that a [insert network daemon] exploit might allow a remote root on your FreeBSD, Solaris and Linux machines, but only result in a DoS of that particular service on OpenBSD.

          Already we are not only seeing open source OS' take leafs out of OpenBSD's book, but also Microsoft and Sun.

          The multitude of active and passive security measures in OpenBSD is very impressive.

          Plus the point is, that an OS should be locked down from the initial install and then built on from there as the admin requires, not as the OS maintainers think you will require.

          Presumptuous people who build operating systems, do not make secure operating systems.

      • Why do you assume that his critique is an expression of personal dislike for the OS?

        There are people in the world who are objective and who form conclusions based upon evidence and experience. I know that when you hang out on slashdot too long it is easy to become convinced that everyone is biased, prejudiced, and an inflexible partisan on one side or the other of one of the various ideological/technological disputes.

        The next time you read a critique, don't assume that the person making it has some kind
    • by Anonymous Coward
      holes not wholes.

      first off, the FTP daemon is in the default and hasnt had holes. apache is also heavily modified and audited, and has also not had any remote root exploits as configured by default, not to mention its chrooted

      second, most of the other security issues dont even matter because they are inapplicable due to propolice.

      third, if youre going to make a comment about security on openbsd, you better know what your are talking about. noob.
      • FTP is not on by default, so it doesn't count.

        Anyways, that kind of comments like the grandparent post come from time to time from people that can't see the importance of a secure by default OS installation.

        How much does it take to hack into any Windows box just installed and connected to Internet? Make the numbers. How about a Red Hat Linux?

        With the "Secure by default" and the "Only one remote exploit ..." slogans OpenBSD is not claiming it is the most secure OS, but that you can be reasonably

        • Anyways, that kind of comments like the grandparent post come from time to time from people that can't see the importance of a secure by default OS installation.

          What? I never said no such thing. I said the comment was funny thats all. So stop throwing windows into the mix. My comment was, and is, a basic install unix type OS box are almost always secure, and yes even redhat. But a basic box by itself is of no use, its the applications which by default have the applications, thus the exploits.

          The "Wind
          • What? I never said no such thing.

            I guess you mean "I never said such thing". From your first post:

            But, what good is the default install? Don't you want it to be doing something? It's suffered the same Apache/SSL/FTP/PHP errors as everyone else. I know if you search cert for openbsd you get lots of hits, so there are wholes in the applications.

            Then you can't see the importance of the security in the default install in OpenBSD.

            I said the comment was funny thats all.

            I fail to see where do

          • My comment was, and is, a basic install unix type OS box are almost always secure, and yes even redhat. apparently you've never typed "redhat worm" into google.
          • But a basic box by itself is of no use,

            It depends what you're doing, doesn't it?

            its the applications which by default have the applications, thus the exploits.

            Not sure what you mean by "the applications which by default have the applications", but if you meant "the applications which by default have the holes" (or "wholes" as you call them), no they don't. Stop spewing nonsense and spend 5 minutes at openbsd.org and read about the auditing work that goes into many of the specific versions of the appli

    • by pizza_milkshake (580452) on Friday October 15, 2004 @04:08PM (#10539151)
      the good comes from knowing that when you install OpenBSD you're starting on a level playing field. likely, any security holes your system will have will be as a direct result of a failure of due diligence either by you and/or the developers of the software

      this doesn't mean your final system won't have holes, but it means you're not already starting "in the hole"; it doesn't sound like much, and yet how many other systems out there can make this claim? OpenBSD isn't the end-all, be-all, it's just a good tool for your toolbox

    • by rosie_bhjp (40538) on Friday October 15, 2004 @04:16PM (#10539243) Homepage
      But, what good is the default install?

      Drop a fresh OpenBSD installation into a hostile environment such as the internet.
      Drop a fresh WindowsXP installation into the same environment.

      You won't ask that question again.

      Don't you want it to be doing something?

      No I want it to do as little as possible. It is ready to serve when I say it is and no sooner. This lets you patch first and not everyone has the luxury of installing a box in a secure network.

      It's suffered the same Apache/SSL/FTP/PHP errors as everyone else.

      More or less, yes, the same problems. Thats why these services are off by default, to let you patch them first, and enable only what you need.

      I know if you search cert for openbsd you get lots of hits, so there are wholes in the applications.

      No one has ever suggested otherwise.
    • by evilviper (135110) on Friday October 15, 2004 @07:42PM (#10541269) Journal
      It's suffered the same Apache/SSL/FTP/PHP errors as everyone else.

      Fortunately, that's where you are wrong.

      It's quite common to search through bugtraq or another security list, and find it in the list as the only OS "unaffected". Now, that's not always the case, but it's surprisingly common.

      OpenBSD is more secure than other OSes, not just out of the box, but with major services enabled too... When you install Apache on Linux/FreeBSD, you just get the plain vanilla version. With OpenBSD, you get a version that has been audited by the team, and lots of changes have been made.

      Plus, about a year ago, Propolice, W^X, and other protection measures have be included by OpenBSD, which does negate most bugs, and does protect your OTHER services against software bugs.

      BTW, most of my machine have only SSHD enabled (which is one of a few services enabled by default), so the default install can be very useful for a great many things. SSH handles log-in, file transfer, plus port forwarding. So any other services can run on 127.0.0.1, and only be accesses remotely (via SSH) if you have an account.

      Nothing as secure as a box unplugged in a closet!

      Of course, but baring that, OpenBSD is a very good choice.
    • well, considering if you use the default install for many other operating systems, you won't be finding a remote hole either.
      generally speaking, operating systems are relatively secure out of the box,
      its the shit you add to it, apache, php, sql, perl, ftp, etc...
      that end up really being your headache.

      in fact, i believe a study was done, (i don't remember where now though)
      about ~90% of all unix and unix-like boxes "rooted", are done so under the ftp service/daemon.

      it kinda makes people want to think
  • I sure wish -I- was 9 years old. :-/

    Some of the early 1980s were some fun times.

    Though i can't decide whether computers were cool then, or if they sucked.
  • Many thanks and best of birthday wishes to Theo and crew. They have given us a great OS and development model.

    The world can sleep better tonight knowing Puff the Barbarian is on guard.
  • Somebody modded flamebait my three-word ("Happy Birthday OpenBSD!") post.

    I'm trying to understand the mechanics of this fellow's brain. I'll provide here all the possible explanations I can think of - since mine was indeed a three-word post, their number is actually quite small.

    1) It's "Happy".
    Maybe my wishing a "happy" birthday instead of a "fairly good birthday", or "decent birthday", sounded like an abuse to everybody in the world who was not particularly happy ("Hey! How dare you talk about happiness

  • Have they stopped backdooring their SSH and reclassifying bugs/exploits so they can keep the record of having the fewest remote holes going? http://www.wideopenbsd.net/ Also GOBBLES speach from defcon a few years ago mentions Theo IRC'ing from cvs.openbsd.org. Thats a pretty shitty security practice methinks. ss
  • BSD is dead /obligatory

Never trust a computer you can't repair yourself.

Working...