Linked by Thom Holwerda on Wed 14th Mar 2007 17:52 UTC, submitted by Bernd
OpenBSD As recently reported on OpenBSD's errata page, a problem in the mbuf handling of IPv6 has been elevated to a security issue. This means that OpenBSD now has two remote exploits in 10 years, as already reflected on the OpenBSD Homepage. Theo advises to to update the system (or to block IPv6 using PF as a workaround).
Order by: Score:
Now... this is serious!
by eantoranz on Wed 14th Mar 2007 18:32 UTC
eantoranz
Member since:
2005-12-18

It's a shame Microsoft is not after BSD on its "Get the facts" campaign.... I'd LOVE to see ___ (any Microsoft puppy goes in the blank... Paul Thurrot comes to mind first hand, of course) trumpeting that "OpenBSD has doubled its exploits over the last year, it has being acknowledged... and Windows OSs only increased 10%", or Billy say that "you can take over a openBSD computer anytime anywhere by just looking at it from as far as 300 feet away..... Does anybody care about the truth these days?" or whatever comes up their mind. :-D

Edited 2007-03-14 18:34

Reply Score: 4

RE: Now... this is serious!
by TaterSalad on Wed 14th Mar 2007 19:49 UTC in reply to "Now... this is serious!"
TaterSalad Member since:
2005-07-06

I don't think you will ever see something like that. Microsoft doesn't have a hate relationship with the BSDs like they do with linux. The problem is linux users are always touting how wonderful linux is and sooooo much better than Windows. You don't see BSD people doing that and they are a lot more tolerable of Microsoft than linux users are. Additionally Microsoft has used BSD code in the past, not sure if they still do or not.

Reply Score: 5

RE[2]: Now... this is serious!
by raver31 on Wed 14th Mar 2007 20:17 UTC in reply to "RE: Now... this is serious!"
raver31 Member since:
2005-07-06

That is why Microsoft is tolerant of BSD... they like to go in, take what they like and not have to listen to the whining afterwards.

If the BSD guys do not mind others using their work, so what ?

Reply Score: 5

RE[3]: Now... this is serious!
by Oliver on Thu 15th Mar 2007 01:23 UTC in reply to "RE[2]: Now... this is serious!"
Oliver Member since:
2006-07-15

Feeding a troll is something stupid, but I cannot resist - real freedom is something other than RMS GPL dictatorship. Most Linux zealots will never understand this, because real freedom needs courage. And guess what? Real freedom is based on respect and common sense too. They're "whining" about this lack of respect. But apart from that most *BSD guys just code and tell people one or two times in the year about their "problems". Linux guys are whining every hour, every single day in year. Linux users are at "war" against Windows and other Linux distros. "Hating" Windows is the common denominator in Linux communities, without it you would have the essence of it - able people who build Linux instead of spreading hype and FUD altogether.

... and thanks for all the fish.

Reply Score: 2

RE[4]: Now... this is serious!
by phoenix on Fri 16th Mar 2007 03:10 UTC in reply to "RE[3]: Now... this is serious!"
phoenix Member since:
2005-07-11

I've always liked the tagline (no idea where/when it originated):

Linux is for people who hate Windows,
*BSD is for people who like Unix.

Reply Score: 3

RE[5]: Now... this is serious!
by Babi Asu on Fri 16th Mar 2007 05:33 UTC in reply to "RE[4]: Now... this is serious!"
Babi Asu Member since:
2006-02-11

Mine is:

Linux is only free if your time is worthless

Reply Score: 0

RE[3]: Now... this is serious!
by deb2006 on Thu 15th Mar 2007 06:35 UTC in reply to "RE[2]: Now... this is serious!"
deb2006 Member since:
2006-06-26

You know why most OSS developers prefer the GPL and _not_ the BSD license? Well, I'll tell you: It's exeactly that: They don't want the company of a closed source OS to take away their code and lock it away.

Reply Score: 0

RE[4]: Now... this is serious!
by Soulbender on Thu 15th Mar 2007 06:45 UTC in reply to "RE[3]: Now... this is serious!"
Soulbender Member since:
2005-08-18

"You know why most OSS developers prefer the GPL and _not_ the BSD license?"

What's your definition of "most"?
None of the below projects are GPL:
Apache
Sendmail
BIND
Perl
Python
OpenSSH
X.org
XFree86
PHP
Mozilla/Firefox/Thunderbird

Reply Score: 5

v RE[5]: Now... this is serious!
by Moulinneuf on Thu 15th Mar 2007 07:48 UTC in reply to "RE[4]: Now... this is serious!"
RE[6]: Now... this is serious!
by Soulbender on Thu 15th Mar 2007 08:05 UTC in reply to "RE[5]: Now... this is serious!"
Soulbender Member since:
2005-08-18

"YOU ARE WRONG , some of those you listed are GPL , most of them are NOT BSD."

So? I never said they're BSD, I said they're not GPL and that's true in every one of the cases (and more) except for the tri-licensed Moz/FF/TB. and dual-licensed Perl (which still supports my point, they're not GPL only).

Edited 2007-03-15 08:07

Reply Score: 5

RE[7]: Now... this is serious!
by Moulinneuf on Thu 15th Mar 2007 08:12 UTC in reply to "RE[5]: Now... this is serious!"
Moulinneuf Member since:
2005-07-06

"I never said they're BSD"

It was implied , sorry.

"I said they're not GPL and that's true in every one of the cases"

that's where you are wrong and have been proved false by me.

"which still proves my point"

No , it prove that some software who are in high usage do not use the GPL or are GPL and licensed with something else , The point you where refuting is that the majority is not GPL , you failed to achieve it by offering false information and being wrong.

" they're not GPL only)."

Your false point was , they are not GPL. You just added only now. You still fail to prove majority to other license or something else then GPL.

Reply Score: 0

RE[8]: Now... this is serious!
by Soulbender on Thu 15th Mar 2007 08:18 UTC in reply to "RE[7]: Now... this is serious!"
Soulbender Member since:
2005-08-18

"Your false point was , they are not GPL. You just added only now."
Really now, shall we see what I actually did say:

"None of the below projects are GPL:"

And that is true, they aren't. They are either not GPL or multi-licensed where *one* license is GPL and thus you arent coding for a GPL project since your code can (and will) be licensed under some non-GPL license.
I don't mind the GPL but with so many cornerstone projects NOT being GPL saying that "most OSS developers prefer GPL" is a far stretch. No doubt many do but many != most.

Reply Score: 4

v RE[9]: Now... this is serious!
by Moulinneuf on Thu 15th Mar 2007 10:01 UTC in reply to "RE[7]: Now... this is serious!"
RE[8]: Now... this is serious!
by BSDfan on Thu 15th Mar 2007 08:35 UTC in reply to "RE[5]: Now... this is serious!"
BSDfan Member since:
2007-03-14

Apache is neither BSD or GPL..
http://www.apache.org/licenses/LICENSE-2.0 - Although it's compatible with the GPL..

BIND does use a modified BSD-like licence!!

Permission to use, copy, modify, and distribute this software for any purpose with or without fee is hereby granted, provided that the above copyright notice and this permission notice appear in all copies.

Perl is GPL, but is also under an Artistic License...

Python is under a BSD-like licence!!
(1) GPL-compatible doesn't mean that we're distributing Python under the GPL. All Python licenses, unlike the GPL, let you distribute a modified version without making your changes open source. The GPL-compatible licenses make it possible to combine Python with other software that is released under the GPL; the others don't.
http://en.wikipedia.org/wiki/Python_Software_Foundation_License

X.Org's licence is a MIT ("X") License, Which again.. Is a Modified BSD Licence!!
http://en.wikipedia.org/wiki/MIT_License

XFree86 is under a BSD-like licence also.. With various incompatibilities in specific versions.

And PHP.. The licence is almost absolutely a Modified BSD licence..
http://www.php.net/license/3_01.txt

Each have various clauses you have to agree with, But there not too extreme.
(PHP's for example looks generic.. You could make a proprietary version called TIN-PEE-H-PEE This is not PHP.. if you wanted!!)

Truly Mozilla/Apache/Perl are the only ones on there that have licences that are not modified BSD licences..

Maybe your just uneducated, But if you didn't know this already.. The BSD licence TEXT is public domain, You're free to modify it accordingly for use in your code/project..
(Not the licence on someone else's project/code though..).

http://en.wikipedia.org/wiki/BSD_licence

So stop trolling Moulinneuf!!

Edited 2007-03-15 08:54

Reply Score: 4

v RE[9]: Now... this is serious!
by Moulinneuf on Thu 15th Mar 2007 10:22 UTC in reply to "RE[8]: Now... this is serious!"
v RE[2]: Now... this is serious!
by Moulinneuf on Wed 14th Mar 2007 20:18 UTC in reply to "RE: Now... this is serious!"
RE[3]: Now... this is serious!
by jakesdad on Wed 14th Mar 2007 20:32 UTC in reply to "RE[2]: Now... this is serious!"
jakesdad Member since:
2005-12-28

"No , you are perfect in the eyes of your mommy with glass that can beat the hubble telescope range vision of space will being on earth..."

Huh?

Reply Score: 5

v RE[4]: Now... this is serious!
by Moulinneuf on Wed 14th Mar 2007 20:41 UTC in reply to "RE[3]: Now... this is serious!"
RE[5]: Now... this is serious!
by Soulbender on Thu 15th Mar 2007 06:19 UTC in reply to "RE[4]: Now... this is serious!"
Soulbender Member since:
2005-08-18

"In other word if BSD is the best why are people Buying and funding windows and GNU/Linux more ?"

Why are people buying and funding Windows more than Linux?

Reply Score: 4

v RE[6]: Now... this is serious!
by Moulinneuf on Thu 15th Mar 2007 06:44 UTC in reply to "RE[5]: Now... this is serious!"
StephenBeDoper Member since:
2005-07-06

If your glasses give you better space clarity then the Hubble space telescope who is in space to avoid heart interference , you got huge thick glass that are out of this world. Meaning your mom is blind and telling you you are perfect because she love you , not because she can really see you.

I can't tell if you're just mangling the concept of "ugly baby syndrome," or if you're also trying to suggest that the Hubble telescope has a heart condition...

Reply Score: 5

v RE[6]: Now... this is serious!
by Moulinneuf on Thu 15th Mar 2007 07:56 UTC in reply to "RE[5]: Now... this is serious!"
RE[7]: Now... this is serious!
by Johann Chua on Thu 15th Mar 2007 13:55 UTC in reply to "RE[6]: Now... this is serious!"
Johann Chua Member since:
2005-07-22

Dude, you mangle the English language a wee bit often when you rant.

Reply Score: 2

v RE[8]: Now... this is serious!
by Moulinneuf on Thu 15th Mar 2007 14:31 UTC in reply to "RE[6]: Now... this is serious!"
StephenBeDoper Member since:
2005-07-06

I am not mangling anything , the concept is "to be blinded by feeling witch have no basis on reality".

Uh, yes. In other words, "ugly baby syndrome" - aka "Well, it may be ugly as sin, but it's still our baby." Despite your insistence on over-explaining, it's not really a novel idea.

Now, I must be off - my latest issue of Tiresome Exposition Monthly has just arrived. It's the journal of needless exposition and those who expound (naturally).

Reply Score: 2

RE[2]: Now... this is serious!
by twenex on Wed 14th Mar 2007 23:46 UTC in reply to "RE: Now... this is serious!"
twenex Member since:
2006-04-21

Microsoft doesn't have a hate relationship with the BSDs like they do with linux. The problem is linux users are always touting how wonderful linux is and sooooo much better than Windows.

You make it sound like one has to do with the other; it doesn't.

The reason why Microsoft like BSD and not Linux is that they can (and already have) taken code from BSD and incorporate it in Windows without releasing the source code, but they can't do it with Linux. Also, BSD just isn't as big a threat as Linux at the moment.

And sure, a lot of Linux people hate Microsoft and Windows but given that this is based on a lot of people's experience of Windows as a buggy, crappy product, and of Microsoft as a predatory, dishonest organisation, that attitude need not be, and indeed, isn't limited to Linux users but also extends to BSD users, BeOS/Haiku users, OS/2 users...

Equally, there are Linux people who do not like slagging off MS or Win.

Reply Score: 4

RE[3]: Now... this is serious!
by sbergman27 on Thu 15th Mar 2007 00:21 UTC in reply to "RE[2]: Now... this is serious!"
sbergman27 Member since:
2005-07-24

"""
The reason why Microsoft like BSD and not Linux is that they can (and already have) taken code from BSD and incorporate it in Windows without releasing the source code, but they can't do it with Linux. Also, BSD just isn't as big a threat as Linux at the moment.
"""

I would reverse the priorities of those two factors.

I think it has everything to do with the level of threat.

I don't see code swiping as being all that major a factor.

Differences in internals limit the value of literal copying of code even between Posix compatible OSes. (Which is why I'm not too overly concerned about Sun's choice of licenses for Solaris.)

Linux and Windows are far more distant from each other.

Reply Score: 2

RE[4]: Now... this is serious!
by twenex on Thu 15th Mar 2007 00:25 UTC in reply to "RE[3]: Now... this is serious!"
twenex Member since:
2006-04-21

True enough, but then BSD developers don't deny the validity of the IDEA of proprietarizing open source code, Linux developers do. That's probably closer to what I was trying to get at.

Reply Score: 2

An excellent OS
by Network23 on Wed 14th Mar 2007 18:33 UTC
Network23
Member since:
2005-07-11

It's pity OpenBSD doesn't get more attention, compared to its not-so-safe sister FreeBSD (Darwin, MacOS X) and its illegitimate sibling GNU/Linux.

Reply Score: 2

RE: An excellent OS
by johndaly on Wed 14th Mar 2007 18:48 UTC in reply to "An excellent OS"
johndaly Member since:
2006-01-16

OpenBSD already is the second most popular BSD after FreeBSD (I don't count MacOSX as a BSD) and that's a lot considering that you have to buy the OpenBSD CDs vs. just download FreeBSD.

I don't run OpenBSD but a am aware of it, I just don't need that type of security on my home machine. GNU/Linux trumps in convenience. But let me tell you I have a lot of respect for OpenBSD and should I ever need that type of security I know where to find it.

Reply Score: 5

RE[2]: An excellent OS
by Janizary on Wed 14th Mar 2007 19:01 UTC in reply to "RE: An excellent OS"
Janizary Member since:
2006-03-12

You can, "just download," OpenBSD. Netinstall is the most common method of installation for me and many other people, despite owning CDs. What you cannot, "just download," are ISOs, those are sold as CDs as an attempt to recoupe some development costs.

That Linux convenience that trumps OpenBSD tends to be bought at the cost of the source itself, the freedom that the GPL attempts to force on people. In fact, many of OpenBSD's release songs and art have been focused on that, "Open Source-AMI," for 4.1 being the most recent.

Edited 2007-03-14 19:10

Reply Score: 3

RE[3]: An excellent OS
by fretinator on Wed 14th Mar 2007 19:24 UTC in reply to "RE[2]: An excellent OS"
fretinator Member since:
2005-07-06

Netinstall is the most common method of installation for me and many other people, despite owning CDs

I bought a 3.9 CD, but I tend to do net-install anyway. The CD's are mostly a fund-raiser. I, too, like doing a base install and using ports to setup my system.

Certainly it is great as a server, but I also like to use OpenBSD on some of my older laptops. OpenBSD has great wireless support. When 4.1 comes out shortly (you can already pre-order CD's), it will have ACPI support, which will help immensely on newer laptops.

Reply Score: 3

RE[3]: An excellent OS
by KLU9 on Thu 15th Mar 2007 15:03 UTC in reply to "RE[2]: An excellent OS"
KLU9 Member since:
2006-12-06

iirc you can download isos of OpenBSD, but from third parties... as long as they have put them together in a way that doesn't copy the layout of original purchased OBSD isos, as the original ISO layout is copyrighted.

Reply Score: 1

Amazing
by anomie on Wed 14th Mar 2007 18:42 UTC
anomie
Member since:
2007-02-26

And openbsd.org has now been updated to read: "Only two remote holes in the default install, in more than 10 years!"

They owned up to it and took care of it quickly. Great work as usual.

Not sure I'd characterize FreeBSD as a "not-so-safe sister" (I don't understand that comment).

Reply Score: 5

One sweets OS!
by brewmastre on Wed 14th Mar 2007 18:52 UTC
brewmastre
Member since:
2006-08-01

I have been using OpenBSD for about 4 years now, and it truly is an awesome OS. I think the statement saying that FreeBSD is the "not-so-safe sister" is partially true though. Not saying that FreeBSD is not secure, it very much is, just not as much so as OpenBSD. FreeBSD seems to be trying very hard to work themselves onto the desktop; whereas, OpenBSD is staying right where it belongs as one KICK-ASS secure server platform. Good job Theo and company.

Reply Score: 4

Time for a new tagline?
by bm3719 on Wed 14th Mar 2007 18:59 UTC
bm3719
Member since:
2006-05-30

As an OpenBSD fan for about 7 years now, I always thought it should have changed after the first one was discovered. Each time that number increases (not that it happens often), it loses a lot of its weight.

As for OpenBSD not being convenient (in response to a previous comment), I personally think it is, compared to all the work it takes to customize a Linux box. I guess if you don't really care as much about your system's setup, and just want something that will work, most any Linux distro will do. If you have very particular tastes and preferences, however, doing a base install of OpenBSD, getting the ports tree, then building your system from there is quite convenient and less work in the long run than trying to make a stock distro install what you want it to be.

Reply Score: 2

OpenBSD is the wrong solution
by stephanem on Wed 14th Mar 2007 19:32 UTC
stephanem
Member since:
2006-01-11

Nothing is opened by default - well exactly how the hell does that help me if I want to run services, install modules?.

Windows can also be made ultra secure if you just yank the ethernet cable.

Reply Score: 0

RE: OpenBSD is the wrong solution
by thjayo on Wed 14th Mar 2007 19:35 UTC in reply to "OpenBSD is the wrong solution"
thjayo Member since:
2005-11-11

Then you just do it?

Reply Score: 4

RE: OpenBSD is the wrong solution
by Adam S on Wed 14th Mar 2007 19:54 UTC in reply to "OpenBSD is the wrong solution"
Adam S Member since:
2005-04-01

Nothing is opened by default - well exactly how the hell does that help me if I want to run services, install modules?

Install a server, open the port. What would you prefer - everything open by default and you shut off what you don't need. This is PRECISELY the way a server should be.

Reply Score: 2

stephanem Member since:
2006-01-11

Install a server, open the port. What would you prefer - everything open by default and you shut off what you don't need. This is PRECISELY the way a server should be.


The point is that it's not secure because of its internal architecture - it's secure because the doors and windows are closed.


You open telnet and you're as vulnerable as Windows.

You can lay claim to the title as MOST SECURE OS only if you can throw open all the ports and remain secure against attacks.

Edited 2007-03-14 20:05

Reply Score: 1

Adam S Member since:
2005-04-01

You open telnet and you're as vulnerable as Windows.

Vulnerable to what? A brute force attack? Who cares? The point is that the default install is secure instead of wide open. I don't see the point you're trying to make.

Let me illustrate: would you rather stay in a house with open doors and windows or one with closed and locked doors and windows? Isn't it really pointless to say "Leave the door open and your house invites theives just like the no door house"? Because the answer is: "Well, it's a good thing I DIDN'T leave the door open!"

OpenBSD is intended to be secure, and you must manually open the ports and run services. To imagine security any other way is just silly.

Reply Score: 1

stephanem Member since:
2006-01-11

Let me illustrate: would you rather stay in a house with open doors and windows or one with closed and locked doors and windows? Isn't it really pointless to say "Leave the door open and your house invites theives just like the no door house"? Because the answer is: "Well, it's a good thing I DIDN'T leave the door open!"



You can keep the house doors/windows wide open (ie having all the sockets/ports wide open) and if you can nail/bolt every single item in the house down to the floor/table (securing every single service and program) then thieves can walk in all they want but they can't walk out with anything. Think of it like Disneyland - anybody can walk in and use the rides and do whatever they want but nobody can walk out with Space Mountain in the back pockets.

Edited 2007-03-14 21:28

Reply Score: 1

digitaldisaster Member since:
2006-01-02

No, OpenBSD is still more secure because of their constant audit of the entire code base and the protective countermeasures that they have put in place such as using the NX bit on newer processors, emulating this on older processors and randomizing the stack (Yes I know that this is possible on Linux but AFAIK it was in OpenBSD first and it is in there by default).

Reply Score: 5

ameasures Member since:
2006-01-09

>Install a server, open the port.What would you prefer-
>everything open by default and you shut off what you
>don't need.
>This is PRECISELY the way a server should be.

Philosophically WRONG. Human nature will leave a few extras open because "hey it's working and the boss wants other stuff done" or because the sysadmin isn't totally expert.

On todays internet that philosophy increases your risks many times over.


>The point is that it's not secure because of its
>internal architecture - it's secure because the
>doors and windows are closed.

Yes doors and windows are closed but actually the OpenBSD team are close to being obsessed with security to an extent you have not comprehended. They see security partly as a by-product of quality and are totally serious about it.


>You open telnet and you're as vulnerable as Windows.

Firstly, with ssh to hand why would anyone use telnet.
(ssh being their own OpenSSH...)

Secondly, I cannot find an ordinary telnet daemon for OpenBSD (among the 4000 packages) though there is an encrypted version called "stel".

Get a hint: telnet is not a relevant issue.


>You can lay claim to the title as MOST SECURE OS only
>if you can throw open all the ports and remain secure
>against attacks.

You have missed the turn. Software security is still in the dark ages and nobody with sense offers the black hats more of a target than they have to.

And, why degrade the performance and responsiveness of a system with unnecessary stuff running in the background?

You are applying logic from the desktop domain to the server and router domain and as result you are just wrong.

The OpenBSD guys are far from arrogant about security: I would say its the MOST SECURE OS but that isn't how they describe it on their homepage.


You also didn't bother to check your assertions.

Reply Score: 5

vimh Member since:
2006-02-04

"You can lay claim to the title as MOST SECURE OS only if you can throw open all the ports and remain secure against attacks."

That doesn't make any sense to me. You cannot open all ports and hope to remain secure. You secure your home by closing and locking the door. You can't expect a whole lot of securety if you leave that door wide open.

Reply Score: 5

Soulbender Member since:
2005-08-18

"You can lay claim to the title as MOST SECURE OS only if you can throw open all the ports and remain secure against attacks."

By default all ports ARE open in OpenBSD (pf isn't enabled by default) although there isn't anything listening on most of them. The only ports that has anything listening on them by default are ident, daytime and time.
So by your own definition it IS the most secure OS.

Reply Score: 5

Francis Kuntz Member since:
2006-09-23

No, it's only PRECISELY showing that you have no clue about software security.

Reply Score: 1

RE: OpenBSD is the wrong solution
by MacTO on Wed 14th Mar 2007 21:02 UTC in reply to "OpenBSD is the wrong solution"
MacTO Member since:
2006-09-21

With OpenBSD, you can have a secure system *and* leave the cable attached. ;)

Seriously though, they have a fairly sound way to secure a system. By forcing the sysadmin to enable services that they need, they make it easier for the sysadmin to track security issues because they automatically know what is running.

They also avoid security issues popping up from services that are enabled by default, but they don't use or don't really need to use.

Reply Score: 4

RE: OpenBSD is the wrong solution
by vimh on Wed 14th Mar 2007 21:09 UTC in reply to "OpenBSD is the wrong solution"
vimh Member since:
2006-02-04

Off by default is exactly what I like. It is far easier to go and turn on what I need than to go and shut everything I don't need off.

As for Windows being made secure by yanking the ethernet cables. Well, at that point, you don't need very many Windows servces do you? So you're left with a bunch of services that are completely useless. You don't need much on OpenBSD at that point either. But since everything is off, they won't get in your way.

Ok, I admit. I'm running a linux box. I used to run a OpenBSD box while back and I'm seriously considering switching back.

Reply Score: 2

RE: OpenBSD is the wrong solution
by Soulbender on Thu 15th Mar 2007 03:26 UTC in reply to "OpenBSD is the wrong solution"
Soulbender Member since:
2005-08-18

"Nothing is opened by default - well exactly how the hell does that help me if I want to run services, install modules?."

I'll go out an a limb here and guess; you enable the services you want?

"Windows can also be made ultra secure if you just yank the ethernet cable."

That's an entirely different matter.

Reply Score: 2

RE: OpenBSD is the wrong solution
by Steven on Wed 21st Mar 2007 09:08 UTC in reply to "OpenBSD is the wrong solution"
Steven Member since:
2005-07-20

Why are people so stupid? Seriously, what kind of a question is that? Was it supposed to make me want to claw my eyes out?

Reply Score: 1

Awesome Track Record
by TaterSalad on Wed 14th Mar 2007 19:54 UTC
TaterSalad
Member since:
2005-07-06

"Only two remote holes in the default install, in more than 10 years!"

That is an excellent track record for an operating system. I've always been impressed by the security that Theo and his gang put into openbsd. Sometimes I think they go a little too far, but in the end it always seems to be the right decision. This exploit won't stop me from ever using or reconsidering openbsd.

Reply Score: 5

OMG Netbeans in the port !
by Duffman on Wed 14th Mar 2007 20:02 UTC
Duffman
Member since:
2005-11-23

Over 4200 ports, 4000 pre-built packages (for i386), minor robustness improvements in package tools. Some highlights:
gstreamer-0.10 tools.
OpenOffice.org package, available through ftp for size reasons.
KDE 3.5.6 and koffice 1.6.2.
a large (> 500) number of new/updated perl modules, from CPAN, including most of the catalyst web framework.
NetBeans 5.5 Java IDE.
updated Linux emulation support by using Fedora Core libraries.
Mozilla Firefox 2.0.0.2 (with translations).
PostgreSQL 8.2.3.

Reply Score: 2

openbsd in guatemala
by 2501 on Wed 14th Mar 2007 20:02 UTC
2501
Member since:
2005-07-14

openbsd is an excellent os. i should try it too.

read this article.......

http://www.munts.com/openbsd/papers/InTheJungle.html

-2501

Reply Score: 2

v Ridiculous BSD claims as usual ...
by Moulinneuf on Wed 14th Mar 2007 20:09 UTC
TaterSalad Member since:
2005-07-06

Because GNU/Linux system are more secure , so there is less chance of a payout

When was the last time that a linux distro made the claim of "Only two remote holes in the default install, in more than 10 years!" for security? I think we would all love to hear you explain to us how linux is more secure.

Why are Servers and workstation and desktop and laptop not shipping in majority with OpenBSD as default ?

Because OpenBSD is a server OS meant for server hardware. That is why you don't see it on too many desktops or latpops. It can be used for such purposes as desktop/laptop, but not too many people do.

Reply Score: 5

Doc Pain Member since:
2006-10-08

"Because OpenBSD is a server OS meant for server hardware. That is why you don't see it on too many desktops or latpops. It can be used for such purposes as desktop/laptop, but not too many people do."

A friend of mine actually uses OpenBSD on his workstation, a machine you cannot definitely identify as being a workstation or a server, it serves both purposes. Some things require basic knowledge to do (installing, configuring etc.), but that's obvious. People installing OpenBSD first read, then think, then do. "I just deleted my files, how do I get them back?" :-)

OpenBSD is even getting secure implementations to use with ACPI and other "modern" stuff. So the situation is constantly improving.

OpenBSD depends on 100 % functioning hardware. While "Windows" ignores hardware defects and just plays on, missing some bits here and bytes there, OpenBSD refuses to use hardware that is in unstable condition.

As it has been mentioned before, the people using OpenBSD know what they're doing. Nobody is that stupid to install a root account without password and having telnet enabled. So the concept of "open the ports that you need, the rest keeps closed" is very secure. As you surely know, the most security problems reside between keyboard and chair. :-)

Reply Score: 3

Janizary Member since:
2006-03-12

Moulinneuf, I am suprised you still have a positive score with the way you comment on things, why do you even come here?

Default install is a key word, that means the software that OpenBSD is responsible for, including OpenSSH, Sendmail, Apache and BIND. Remote exploits in other software has nothing to do with OpenBSD, I'd don't think Microsoft is claiming bugs in QuickTime, so why would OpenBSD claim bugs in other people's software?

It's no lie that when OpenBSD says, this is how OpenBSD does things, if you don't do it the OpenBSD way you're on your own. That how everyone does things. Using Ubuntu? Do things the Ubuntu way or you're on your own.

The next two paragraphs, if they should be called that, make no sense what so ever, so consider this a response to them: "Snapple grasps tangos in the midmorning sun as the eagle flies over the trickling stream." It makes just as much sense.

BSD isn't dead, what pride OpenBSD has is based in it's track record, one that is reasonably proven, and I don't recall many fables being created by OpenBSD users, maybe you could tell as a yarn or two?

A majority of servers, workstations, desktop computers and laptops ship with Windows, is this because of the false claims of Redhat, SuSE and OS/2?

I don't recall anyone blaming GNU/Linux for anything, what on earth are you on about this time?

Reply Score: 5

twenex Member since:
2006-04-21

Notice how once Linux started winning he switched his trolling from Linux to BSD? I guess at least that shows he's got one more brain cell than tomcat; forsoever the dog developeth with digger on a wobbly Netware morn (that's Moullineuf-speak for "However, I DO wish they would both go away").

Reply Score: 5

ameasures Member since:
2006-01-09

> OpenSSH, Built , funded , developed by GNU/Linux.

Catch a clue: OpenSSH is from the OpenBSD team.

Reply Score: 5

nick8325 Member since:
2005-10-06

And BIND predates Linux by 5 years, and Sendmail by 10.

Reply Score: 4

nick8325 Member since:
2005-10-06

But if someone develops something it normally means they did most of the work. I think the word you're looking for is "contributed". After all, many organisations contributed to Linux (for example, SGI ported XFS), but people don't say that SGI developed Linux.

Edited 2007-03-14 21:48

Reply Score: 2

ThawkTH Member since:
2005-07-06

Do you realize that half of the problem people have with you is the way you present your arguments?

The fact that few can understand you without rereading your post several times does not help matters.

"Just talking reality..."

Everyone speaks from their own reality. That's no excuse. If you want people to get ANYTHING out of what you're saying, please please please PLEASE rethink how you present yourself! How you present arguments!

Oh, and try backing up what you say with some facts. Or else you are indeed trolling. Period. If someone sticks to a pov that's unpopular they will likely be labeled a troll, this is true. A good way to guard against it is to present FACTS, preferably as unbiased a source as possible, and present your arguments clearly and concisely.

Then at the very least most people would disagree with you...You'd maintain some dignity however.

Reply Score: 5

SEJeff Member since:
2005-11-05

The OpenBSD team wrote openssh and the openssl libraries. They wrote openssh because the gnu ssh server, lsh, really sucks.
http://www.lysator.liu.se/~nisse/lsh/

If you think that Linux built and developed openssh, you need to get your facts straight before speaking again.

Reply Score: 5

DominoTree Member since:
2007-03-14

That is MANDRIVA, which is not OpenBSD. Their implementation of OpenSSH had bugs... deal with it.

Reply Score: 3

SEJeff Member since:
2005-11-05

Dude seriously, you are completely ignorant. Note in ignorant I am meaning you have no clue whatsoever what you are talking about.

The OpenBSD team wrote and *STILL* maintains OpenSSH. From http://openssh.org :
This site Copyright 1999-2006 OpenBSD. $OpenBSD: index.html,v 1.258 2007/03/09 19:25:09 deraadt Exp $
I would consider writing software justifies the word "Built" as you like to say even thought the proper term would be "developed". The fact is that the OpenBSD project wrote OpenSSH for their own bsd derivative and have a version called "Portable OpenSSH" that has been ported to other posix environments such as Linux.

Sure some Linux distributions that USE OpenSSH might have been the very first to patch it (Like that link you stated). That does not in any what mean that openssh was built or funded by Linux. It just means that Linux distributions might have fixed some issues or added patches to improve it.

Get a clue what you are talking about please. I am not bashing Linux because Linux Systems Administration happens to be my day job and passion. You are trolling about something you have proven you don't understand. Stop.

Reply Score: 3

sbergman27 Member since:
2005-07-24

Time out!

There is something very, very, wrong here.

I'm usually mildly critical of the mod system here on OSNews. But in Moulineuf's case it has become positively pathogenic.

I've just had a look over his recent posting history. He has regularly gotten modded to -4 and -5. And it is absolutely not deserved.

Read the posts.

Moulineuf makes some good points. I agree with much of what he says. I disagree with other points that he makes.

I do not want to go into particulars because that is not what is important right now.

Even the OSNews staff has taken some rather unbecoming, and undeserved, potshots at him at times. (That's you, Thom.)

I get the impression that it has become a pastime for some.

This is an example of what a minority with an itchy trigger finger can do to abuse an otherwise "sort of OK" mod system.

OSNews is a better forum than that. I *know* we are... for the most part.

We're *supposed* to be a celebration of diversity, right?

Where we agree we agree. Where we disagree, we can learn to agree to disagree... and probably learn more in that process than when we do happen to agree.

Sorry for venting like this, but I have watched this travesty continue for *far* too long.

Next time you feel like modding someone down for expressing their opinions... get a life instead.

Yeah, I'll probably regret this in the morning. ;-)

-Steve

Edited 2007-03-15 01:08

Reply Score: 3

Babi Asu Member since:
2006-02-11

BSD don't Bash GNU/Linux ... Wait your offering the proof to the contrary needed to show I was right ... What can I say ? Tanks , but It was not need.

http://www.frsirt.com/english/advisories/2005/1979

You where saying ...

BTW that's Exploit 3 and 4 for remote exploit ... If one is to believe BSD lies ... Witch I don't ...

like I said Built , funded , developed by GNU/Linux


With very small contribution like that, "observe" is much more suitable word.

Reply Score: 1

Soulbender Member since:
2005-08-18

"The OpenBSD team wrote openssh and the openssl libraries."

They didnt write OpenSSL.

"They wrote openssh because the gnu ssh server, lsh, really sucks."

That's not why they wrote OpenSSH. OpenSSH was started because Tatu Ylonen, the original author of SSH, decided to make his implementation proprietary.

Edited 2007-03-15 03:53

Reply Score: 5

libray Member since:
2005-08-27

He has a positive score because when he says things like this in a Linux based article, the Linux zealot buddies all give him propers.

Reply Score: 2

Babi Asu Member since:
2006-02-11

Wow, the linux zealot geezer is still alive! Please say again "I'm not a zealot because I'm not killing people because of GNU/Linux"

Reply Score: 1

v Man oh man.
by dhardison on Wed 14th Mar 2007 20:18 UTC
Oh oh *BSD isn't perfect
by ronaldst on Wed 14th Mar 2007 21:37 UTC
ronaldst
Member since:
2005-06-29

News at 11.

Seriously, why don't they use a better language that is more efficient for security purposes?

Reply Score: 1

RE: Oh oh *BSD isn't perfect
by ThawkTH on Wed 14th Mar 2007 22:04 UTC in reply to "Oh oh *BSD isn't perfect"
ThawkTH Member since:
2005-07-06

A valid point.

Counterpoint:

Only 2? In 10 years?

They seem to be doing just fine on their own ;)

The user's/developer's senses of success might be quite different from somebody elses. Anyway, it's impossible for most reasonable folk to be less than astounded at what I consider to be a true accomplishment

Reply Score: 2

RE: Oh oh *BSD isn't perfect
by Samhain on Wed 14th Mar 2007 22:28 UTC in reply to "Oh oh *BSD isn't perfect"
Samhain Member since:
2005-07-06

Like what?

How many OSes do you know that do not have the majority written in C? There is a reason for this.

Also they are adding things to the core libraries and such to specifically make them less vulnerable, and they are utilizing new functionality found in newer chips.

I believe there are some people who are indeed working on changing the fact that OSes are written in C, but so far that is very much work-in-progress.

Reply Score: 2

RE[2]: Oh oh *BSD isn't perfect
by twenex on Wed 14th Mar 2007 23:07 UTC in reply to "RE: Oh oh *BSD isn't perfect"
twenex Member since:
2006-04-21

How many OSes do you know that do not have the majority written in C? There is a reason for this.

Indeed. The advantages are so great that I can even name at least one that was actually rewritten in C, and I don't mean Unix (AmigaOS).

Reply Score: 2

Telnet
by DominoTree on Wed 14th Mar 2007 23:05 UTC
DominoTree
Member since:
2007-03-14

Just to let everyone know, telnetd is UNAVAILABLE in OpenBSD since release 4.0

Reply Score: 2

RE: Telnet
by DevL on Thu 15th Mar 2007 07:53 UTC in reply to "Telnet"
DevL Member since:
2005-07-06

Thank <insert deity of choice here> for that!

Reply Score: 2

Re: Ridiculous BSD claims as usual ...
by BSDfan on Wed 14th Mar 2007 23:18 UTC
BSDfan
Member since:
2007-03-14

@SEJeff:

You might want to get your facts strait too..
The OpenBSD team did write OpenSSH, But they didn't write OpenSSL..

@Everyone else:
I've been a long time user of OpenBSD and OpenSSH.. "Only two remote holes in the default install, in more than 10 years!" is more then any OS can currently claim.. higher quality of code.. frequent audits.. several kernel security features.. and very skilled developers.

The Linux kernel on the other hand is a little messy..

Edited 2007-03-14 23:21

Reply Score: 1

Doc Pain Member since:
2006-10-08

"The Linux kernel on the other hand is a little messy.. "

I found the Linux kernel and the core libraries could have a higher standard for documentation. In BSD (at least in FreeBSD), all kernel interfaces, drivers, modules system files, library functions and system utilities have their own manpage, so you just can "man fork", "man xl" or "man stat". In the Linux kernel you sometimes have to search a while to find the documentation somewhere enclosed in /* ... */. I don't know if that's true at present time, but I hope the situation has improved in the last years of Linux development.

(Now as I'm talking about Linux, I refer to the Linux kernel itself, not the GNU world around it.)

I won't enter a discussion if BSD "is better than" Linux or if everyone should avoid using BSD. Every OS family has its right to exist, its fields where it is perfect for, and its users who are happy with it.

Reply Score: 2

Which Os is more secure ?
by Eric Martin on Thu 15th Mar 2007 07:10 UTC
Eric Martin
Member since:
2005-11-11

http://www.jnode.org/

jnode doesn't use any unsafe functions. Built with java. No buffer overflows.

Any idea if it is the most secure OS now?

Reply Score: 1

Web altered
by sithgunner on Thu 15th Mar 2007 11:16 UTC
sithgunner
Member since:
2006-02-16

Good thing is that they already altered their front page to say 'Only two'.

Very honest people. This rather increases their trust when companies are all about hiding things which sounds any bit worse to them.

Reply Score: 1

Ekhm
by Nicram on Thu 15th Mar 2007 12:41 UTC
Nicram
Member since:
2006-01-31

Me & my friend are joking that it only means that OpenBSD fix only two holes in last 10 years ;)
I'm using OpenBSD from few years. I'm helping develop some security features that are not included in OpenBSD (Zophie). I even made own OBSD distro with Zophie & other tweaks. & i must say that for _me_ it is best router/server OS out there ;) The holes in OS are not important. The mechanism that is used to make OpenBSD secure OS is the key here. & this is what makes it so secure in real production work.

Moulinneuf: Please stop trolling. your last few post are replies or arguments that are completely out of topic. I don't care what is Your drama. I don't wanna read what you think about BSD licenses & Your point of view in this topic (licenses, developing software, contribution etc.), that is ABOUT OpenBSD second remotely hole & not YOUR preferences, Your reality or anything about You. So if You don't have anything to say about TOPIC, then just shut up.

Edited 2007-03-15 12:42

Reply Score: 4

v RE: Ekhm
by Moulinneuf on Thu 15th Mar 2007 15:19 UTC in reply to "Ekhm "
Ok
by openwookie on Thu 15th Mar 2007 17:02 UTC
openwookie
Member since:
2006-04-25

Every single BSD related thread on osnews is pretty much unreadable due to a certain troll whose name starts with 'M'. I'm sick and tired of this bulls**t. So PLEASE, I beg every reader of this site to stop replying to him despite how ridiculous his claims are. Maybe then he'll get bored and go back to post insightful comments in Mandriva related threads.

Case in point, I don't recall seeing a single comment in this entire thread discussing exactly *what* the security problem was, and if it's a problem that should be investigated in other OS's. For the record the problem is basically an IPv6 version of the 'ping of death'. It only affects machines than are able to receive an IPv6 packet, which generally limits it to local networks.

So could other OS's (I'm looking at you FreeBSD & Linux) be vulnerable to something similar? IPv6 support is still rather young and not widely deployed, so it is possible, no? In any case, I think that it would be prudent to block all IPv6 access to boxes that do not require IPv6 connectivity, just as a precaution.

Reply Score: 5

v Second exploit in 10 years?
by tomcat on Thu 15th Mar 2007 22:37 UTC
RE[14]: Now... this is serious!
by BSDfan on Fri 16th Mar 2007 12:11 UTC
BSDfan
Member since:
2007-03-14

Thanks for all the support everyone.. thought I was going a little insane.

You're all good people ;)

Reply Score: 1