http://www.osnews.com/story/14510/Review_OpenBSD_3_9 Exploring the Future of Computing en-us Copyright 2001-2013, David Adams adam+nospam@osnews.com Mon, 20 May 2013 21:19:02 GMT http://www.osnews.com/images/osnews.gif http://www.osnews.com http://www.osnews.com/thread?120716 http://www.osnews.com/thread?120716 What the hell is that? A review is not a place to tell people what you wish would happen in OpenBSD - because unless you have the patch it's not happening.

The guy that did the review obviously didn't understand OpenBSD enough to know the simple standard, "shut up and hack." Wed, 03 May 2006 21:21:00 GMT donotreply@osnews.com (Janizary) Comments http://www.osnews.com/thread?120725 http://www.osnews.com/thread?120725 The guy agrees completely with OpenBSD's "no blobs" policy, then suggests that Java be included as a binary blob? And then he goes on to call WPA a "lousy" encryption method?

The reviewer does not seem to have much of an idea of what he's talking about. Wed, 03 May 2006 21:38:00 GMT donotreply@osnews.com (MrDomino) Comments http://www.osnews.com/thread?120735 http://www.osnews.com/thread?120735 What the hell is that? A review is not a place to tell people what you wish would happen in OpenBSD - because unless you have the patch it's not happening.

The guy that did the review obviously didn't understand OpenBSD enough to know the simple standard, "shut up and hack."

Thank you for bringing this regulation to our attention! Yes, it says right here in the OpenBSD license, rule No. 47:

47) It is forbidden to criticize OpenBSD or to suggest improvements. OpenBSD is flawless and does not need improvements. The OpenBSD team does not want feedback from its users. Just buy a set of CDs every six months, shut up and hack.

As always, the penalty for violating these rules is to be publicly flamed to a crisp.Edited 2006-05-03 22:14 Wed, 03 May 2006 22:09:00 GMT donotreply@osnews.com (ozonehole) Comments http://www.osnews.com/thread?120747 http://www.osnews.com/thread?120747 I'm sorry delusional whiner, I didn' mean to upset you, wouldn't want a random whiner upset. That would be a shame.

OpenBSD is for the people who give a damn and contribute, whiners and wishlists aren't wanted. Anyone that knows anything about OpenBSD knows that if you want something done, you better shut up and do it. Wed, 03 May 2006 22:40:00 GMT donotreply@osnews.com (Janizary) Comments http://www.osnews.com/thread?120785 http://www.osnews.com/thread?120785 Actually, users are going to post their wishes on the products they use, and I'm not just talking about computers here. It's normal human behaviour.

If you don't like that you can "shut up and hack". Thu, 04 May 2006 01:47:00 GMT donotreply@osnews.com (thebluesgnr) Comments http://www.osnews.com/thread?120788 http://www.osnews.com/thread?120788 You're going to go real far in life with that attitude....

|---| Thu, 04 May 2006 02:06:00 GMT donotreply@osnews.com (ormandj) Comments http://www.osnews.com/thread?120789 http://www.osnews.com/thread?120789 BSD has security because of bounds checking and memory checking.

Why does Jnode os http://www.jnode.org/ not getting any publicity as a secure os since it is written in java ?

Why don't more servers use it ? Is it just a hobby os ? Thu, 04 May 2006 02:21:00 GMT donotreply@osnews.com (Eric Martin) Comments http://www.osnews.com/thread?120809 http://www.osnews.com/thread?120809 How is this a review of anything? It is basicly some general OpenBSD information, a small list of what's new, an even smaller wishlist and "the new package tools are good".
By no stretch of the imagination does this constitute a "review" of any kind. Thu, 04 May 2006 05:07:00 GMT donotreply@osnews.com (Soulbender) Comments http://www.osnews.com/thread?120818 http://www.osnews.com/thread?120818 1 CD, 11 tees, 1 polo, 250 $, and 5 dmesgs.

Use is one thing, anyone is free to use OpenBSD, whining is an entirely different thing, noone is entitled to being a whiney bitch, that's not useful.

Someone being stupid is reason to react, were they not stupid my comment would be out of place. I was not defensive, I was dismissive.

The review was air, nothing tangible. Thu, 04 May 2006 06:41:00 GMT donotreply@osnews.com (Janizary) Comments http://www.osnews.com/thread?120821 http://www.osnews.com/thread?120821 Well, Java is proprietary, it is controlled by a company which will not release control over it. Since it is mid-high level, it is also slow. It is not as powerful as a lower-level, faster language. And it is not as popular with the more talented programmers, who generally stick to C and it's dialects.

Because of this, there's not as big of an interest in a Java operating systems, hell, Java's big selling point is supposed to be it's platform independance, not it's security.Edited 2006-05-04 06:55 Thu, 04 May 2006 06:47:00 GMT donotreply@osnews.com (Janizary) Comments http://www.osnews.com/thread?120832 http://www.osnews.com/thread?120832 Is it Gnome that is the default desktop in OpenBSD also or? Thu, 04 May 2006 09:06:00 GMT donotreply@osnews.com (Andre4s) Comments http://www.osnews.com/thread?120846 http://www.osnews.com/thread?120846 "Is it Gnome that is the default desktop in OpenBSD also or?"

There is no default desktop. Thu, 04 May 2006 10:29:00 GMT donotreply@osnews.com (Soulbender) Comments http://www.osnews.com/thread?120881 http://www.osnews.com/thread?120881 BSD has security because of bounds checking and memory checking.

Every operating system does memory checking (hence "memory management"). No operating system does bounds checking. Your comment makes no sense.

OpenBSD is secure because
1) The OpenBSD team created an extension to C (strlcpy and strlcat) that helped developers do safe text manipulation in C. They then audited a huge amount of user-space code to use these functions to replace strcpy() and strcat()

2) With regard to memory usage:

i) OpenBSD randomises the stack so that buffer overflow attacks can't execute malicious code (buffer overflow attacks work on the assumption that the stack will be in a certain state).

ii) OpenBSD uses a special version of malloc() to randomise allocations

3) OpenBSD supports the "no-execute bit", even in software, so that code in an application's data-segment cannot be executed (another componenent of buffer overflow attacks)

4) The OpenBSD team manually audits every program in the core distribution to ensure it is correct. They are still using gcc 2.95 in part because they can be certain it is bug-free.


In short, OpenBSD's success is due to building security concepts into the operating system, and auditing all the software that they provide.

JNode has not done any of these audits, and while it doesn't have to worry about buffer overflows, there is no guarantee (as it has not been auditted) that other attacks may not be possible. Further, JNode can not yet match the performance of OpenBSD for file-serving, web-serving and other common server-based tasks. It has potential, but it is nowhere near there yet.Edited 2006-05-04 12:39 Thu, 04 May 2006 12:37:00 GMT donotreply@osnews.com (BryanFeeney) Comments http://www.osnews.com/thread?120891 http://www.osnews.com/thread?120891 No, FVWM is actually the default, it comes setup when you install X on OpenBSD. Thu, 04 May 2006 13:44:00 GMT donotreply@osnews.com (Janizary) Comments http://www.osnews.com/thread?120894 http://www.osnews.com/thread?120894 Actually, gcc 2.95 is still used on a few platforms in order to still have a system which can compile itself, gcc 3 dropped platforms that OpenBSD supports. Thu, 04 May 2006 13:51:00 GMT donotreply@osnews.com (Janizary) Comments http://www.osnews.com/thread?120895 http://www.osnews.com/thread?120895 I presumed the OP ment "Desktop Environment", such as GNOME or KDE, but yes the default is FVWM. Thu, 04 May 2006 13:54:00 GMT donotreply@osnews.com (Soulbender) Comments http://www.osnews.com/thread?121132 http://www.osnews.com/thread?121132 http://www.freebsd.org/doc/en_US.ISO8859-1/books/developers-handboo...
http://en.wikipedia.org/wiki/Buffer_overflow

Most of your replies revolve security of the language used to build openbsd. It's repetitive. - 1.Use of special malloc 2. Moving the stack because of overflows.



Jnode has security built into it by the computer language /virtual machine. Thu, 04 May 2006 22:10:00 GMT donotreply@osnews.com (Eric Martin) Comments http://www.osnews.com/thread?121154 http://www.osnews.com/thread?121154 Okay, I have used OpenBSD on Intel machines in the past but this is the first time that I'm actually going ot try it on a Mac. I had aquired an old iMac from a co-worker so I thought, "Great! I'll install BSD on it."

I first tried NetBSD, but the install documents left me with alot of questions and there seemed to have beem some holes in the docs (i.e. how so I get the blah.xcf file into the HFS partition?). As a result of my confusion, I thought I'd look into OpenBSD. I downloaded the macppc boot ISO, followed the booting instructions (i.e. stick in the disc, hold down 'C' while booting) and I got it to boot OpenBSD.

From there, I followed the easy to follow prompts (prompts that any bonehead idiot like me can follow) and within a few minutes I had everything configured to go and had the install sets downloading from the ftp site.

Now I sit here waiting for it to finish downloading. I guess I'll post back any comments to how it runs once it's installed.

OpenBSD is great!Edited 2006-05-05 00:15 Fri, 05 May 2006 00:07:00 GMT donotreply@osnews.com (bsd_geek) Comments