BSD Interview Roundup

Some anonymous readers wrote in to let us know about a couple of different interviews in the OpenBSD and NetBSD communities. O'Reilly's ONLamp has an interview with OpenBSD's Marc Espie, who maintains a good share of OpenBSD's build tools, as well as having made numerous contributions to the project. OSDN's own NewsForge also has a interview with NetBSD's Luke Mewburn of the NetBSD Core Group.

Somebody settle it once and for all

[Anonymous Coward]

Which is more secure, OpensBSD or NetBSD?

Re:Somebody settle it once and for all

[Nimrangul]

Open, their code is audited regularly, Net is more focused on the portability. That's why they say Open is secure and Net can run on a toaster.

Re:Somebody settle it once and for all

[Chreo]

But auditing is not an "end to all problems" or a sustitute for good defaults. To me good defaults make or break an OS (just look at Windows). NetBSD have more secure defaults IMHO

Since when?

[Bensmum]

How something so blatently stupid is modded insightful I can't imagine. Seriously, openbsd has had only 1 remote hole in 7 entire years with its defaults. This is a factual public record of how good their defaults are, and you think that's not as good as net? Get real.

Re:Somebody settle it once and for all

[animus9]

I would say that the BSDs are all pretty close security wise. The typical answer is "OpenBSD" is the most secure, but the truth is that it's the sys admin that makes the biggest difference.

A bad sys admin is like a bad driver, and we all know what happens when you let a bad driver borrow your BMW.

Whenever a really great security feature gets added to OpenBSD, it won't be long before it will end up in the others. So when you get the time it's likely best to try them all and choose which you like best,

Re:Somebody settle it once and for all

[hubertf]

NetBSD - we just don't make a hype out of it.

NetBSD - secure OF COURSE!

- Hubert

Its not even a question.

[Bensmum]

Its very clearly open. Code is being audited all the time, daemons are being modified to run with priviledge seperation, setuid root programs are almost non-existant now on open. Then on top of that, there is the non-executable stack, propolice, and W^X protection of memory pages, and stack gap randomization. The first things make exploits much less likely, and the second make it very difficult to successfully exploit something that has an exploitable bug. Anyone who pretends netbsd is more secure is de

Re:My success with OpenBSD

[Anonymous Coward]

Needless to say, I had our quad Xeons back running OpenBSD by the end of the week. Gerbil is back on its way to another glorious 3 years of uptime.

OpenBSD on Quad anything is silly at the moment.

OpenBSD is known to be used at the Pentagon and various other .gov and .mil sites and when was the last time the USAF donated a foreign software project $2M US?

OpenBSD has a security track record that no other network operating system has ever matched.

FreeBSD has phenominal stability and incredible SMP performance is fast coming to a stable release.

NetBSD runs on everything and managed to beat Linux 2.6 scheduler performance (2 years in the making) with just 2 weeks of coding to "catch up".

The BSD's are complete systems and if you ever use one, you'll know why we BSD users value that. The best part is, the BSD's are able to share code amongst themselves. When NetBSD ports to an architecture which interests some OpenBSD developer, that quickly gets ported to OpenBSD. When OpenBSD finds holes, NetBSD and FreeBSD benefit not only from the heads-up but often from a patch which either applies cleanly, or is trivial to modify.

With ProPolice, OpenBSD are now finding lots of holes.

I challenge every person out there who honestly beleives that BSD is dying, to download OpenBSD 3.5 when it comes out. Read the FAQ, read the afterboot man page, use apropos with some level of intelligence and read the man pages, search Google groups and as a last resort ask questions on the OpenBSD mailing lists.

Here's a tip, SCO is dying and they want Linux to die too. Meanwhile, after already surviving a legal battle, BSD is thriving with mature developers who really know their stuff [dalerahn.com].

Re:My success with OpenBSD

[Anonymous Coward]

Here's a tip, SCO is dying and they want Linux to die too. Meanwhile, after already surviving a legal battle, BSD is thriving with mature developers who really know their stuff.

Do I detect a hint of condescension at the end?

That the *BSDs are able to pull off such feats is a testament to the continued good design from the projects.

Don't try to flaunt it.

Remember, we're on the same side.

Re:My success with OpenBSD

[_Sharp'r_]

This guy (grandparent poster) knows even less about Windows than he does about OpenBSD.

[...] he decided to change all of the Computer Administrator passwords on a few of the XP Professional boxes sitting around in the server room. This caused absolute havoc, as Dell had failed to send along administrator passwords for the new boxes. Our company could not make use of these computers for three days. It took Dell that long to get us the administrator passwords.

So, they got "new boxes" from Dell without administrator passwords and Dell could send them administrator passwords after their employee had changed them? My head spins with the multitude of ways this story contradicts itself.

New boxes don't come with administrator passwords preset.

If they did, their employee couldn't have changed them without knowing them.

If they are new boxes, why would it cause havoc?

If they're smart enough to use OpenBSD, why aren't they smart enough to know to just burn something like knoppix [booksunderreview.com] and boot the servers that way to reset the local administrator password?

Or, since they were "new" boxes, just boot from the install media, format and reload them?

Does this guy really think people are dumb enough to fall for such obvious inconsistencies?

Re:My success with OpenBSD

[greygent]

NetBSD runs on everything and managed to beat Linux 2.6 scheduler performance (2 years in the making) with just 2 weeks of coding to "catch up".


I'm no Linux zealot, but your point here is horse shit. NetBSD took only two weeks to catch up because they had Linux's (two years of) work to learn from.

Standing on the shoulder of giants, as they say.

OpenBSD on quad Xeons?

[Anonymous Coward]

OpenBSD is far from a terrible choice for servers in general, except for one class; SMP boxes. Currently, OpenBSD has no SMP support, and although it is being worked on, it won't be out for at least another year, it will be for i386 boxes only, and it will be of a "Big Giant Lock" type of SMP, where if one kernel process holds the BGL, no other kernel processes will be able to run on any of the computer's CPUs. OpenBSD also has no kernel threading ATM, making it less optimal for really intensive tasks.

Re:My success with OpenBSD

[butane_bob2003]

!! your boss is a tool. If a MS sales person walked into our server room, you can bet I would go out to the lot and remove all the tires from his car. How a fortune 500 company can say 'hey, lets go all microsoft today!' and actually do it is beyond me. We do have some MS .NET pundits in the organization, but looking at what they were previously working on, it might have actually been an improvement. (Their systems were/are still based on PICK Basic and the PICK OS, no idea what they are doing with .NET)

MOD PARENT UP (Re:The report concludes:)

[Anonymous Coward]

It mentions things even I didn't
know, but after some googling they
turned out to be true. Those
DragonflyBSD mailing lists are
indeed hilarious!

Re:BSD Problems

[sirket]

There is no point in trying to convince you that BSD as you have already made up your mind.

Copying a 17 meg file should not take _any_ time as all it requires is an update to the file systems tables. It might take some time if you are moving the file from one file system to another (/usr to /var for example where /usr and/var are different partitions) but even then a 17 meg file can be moved in a few seconds.

I am not sure what you (or the person who set the box up) screwed up, but something is definitely wrong. I would suggest you find a unix admin and figure out what is really happening. Are you trying to copy /dev/random to /dev/null? are you trying to copy a file to a recursive symlink?

If you've never seen a FreeBSD box run faster than it's Windows counterparts then again we can not help you. You claim this 800 MHz box is slow. That is certainly possible. How about finding a properly configured system and givnig that a try? How about letting someone who knows what they are doing use the box?

I do a lot of Windows work. These days it is mostly active directory related stuff. Setting up servers, replication, DNS, etc. I have never seen an instance where Windows was faster to set up, easier to patch, or more stable. You want reasons, how about starting with those three.

-sirket

Re:BSD Problems

[Piquan]

YHBT.

The OP is an old Mac troll... originally around the System 7 days, IIRC; you can see versions from six years ago online [kottke.org]. It evolved over time, and became a BSD troll by way of OS X. I found out about it because I fell for it about a year ago. :-)

But I do have a couple of comments about your post:

Copying a 17 meg file should not take _any_ time as all it requires is an update to the file systems tables.

No, copying a file (as in, using cp) does duplicate all the data blocks. It sounds like you're

Re:Yet another crippling BSD vulnerability

[sirket]

- removal of *BSD operating system, replace with Linux or Windows XP

The fact that you chose to lump Linux in with Windows XP is not lost those of who use FreeBSD :)

-sirket

Re:bsd posts and slashdot == retards

[Dahan]

I "might" fire up a linux box to use asterix though.

The Gaul? [asterix.tm.fr] I don't think he's into being "used" in that manner.

pkgsrCon 2004!

[dotz]

As /. rejected story about this, perhaps at least people, who read messages here can read this... http://pkgsrcCon.org , the first pkgsrc conference ever will be held in Vienna (Austria, Europe) on April 30 - May 2, 2004 Visit the official www page [pkgsrccon.org]

Re:pkgsrCon 2004!

[dotz]

I don't think, that slashdot is really anti-BSD. Sorry if you felt this way after my comment.

Re:Does No One read the Interviews?

[Shanep]

Yes, BSD does save you from being hacked, in the same way that having no network cord plugged in saves you, because it has no services running in the default install, but the advantage goes away if both are configured properly to do the same thing.

Well, specifically with OpenBSD, this might have been true once upon a time, but with W^X, ProPolice, priv sep, etc that is an old argument which no longer holds much weight.