Linked by Eugenia Loli on Sat 12th Aug 2006 19:07 UTC
OpenBSD OpenBSD strives to be the most secure UNIX derivation. Design principles, such as code auditing, extensive use of encryption, and careful configuration choices, combine to ensure OpenBSD's secure by default philosophy holds true. This article gives you a close look at the operating system so secure that it was once banned for use in a DEF CON competition, where crackers go after each other's systems.
Thread beginning with comment 151935
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE: Correctness matters
by postmodern on Sun 13th Aug 2006 13:32 UTC in reply to "Correctness matters"
postmodern
Member since:
2006-01-27

Sadly in their obsession towards "correctness" the rest of their system has become static. Their installer has always been a spartan CUI, the ports system is a standard BSD setup and updating the entire system is a total pain. What should be noted is that one must balance correctness (read: rigidity) with expansion (read: flexibility). It is not a binary choice, both must be paid attention to.

Now I'm not complaining about lack of eye-candy or happy GUIs to hold my hand, I'm just noting a lack of progress in logical features which benefit both the user and the administrator. That said, their security is still very impressive.

Reply Parent Score: 2

RE[2]: Correctness matters
by Bink on Sun 13th Aug 2006 14:34 in reply to "RE: Correctness matters"
Bink Member since:
2006-02-19

Quick rebuttal…

FWIW, I, and others, am quite pleased the installer can still fit on a single floppy and, while more people might not take advantage of it, you can also do a headless installation via a serial console—and I hope this doesn’t change in the future just to appease the fashion gods. This is one of the quickest installers I’ve ever used and, to be quite honest, it does exactly what an installer is supposed to do—get the OS on the box, quickly. If I want pretty things or feel like making massive customizations, I can easily do so after the OS is installed. So, many actually consider this installer far ahead in terms of “progress in logical features which benefit … the administrator”—OpenBSD has never been geared towards the users of Windows-land.

As for the ports systems, what more do you really want than “pkg_add [enter name of software package here]” and quickly watching the software and all its dependencies get downloaded and properly installed? How much easier can they make it? Windows doesn’t even do this.

And as for updating the entire system, I’ll concur, but I don’t consider it a “total pain.” OpenBSD is somewhat known for its lack of hand holding, but you are still only a quick “cvs sync,” recompilation of the kernel and recompilation of userland away from updating. So, there are three simple steps—which can be readily automated with a little scripting.

For the tasks and user base that OpenBSD is best suited for, there is consistent progress and “it Just Works” features throughout the OS. My proverbial two cents…

Reply Parent Score: 5

RE[3]: Correctness matters
by ozonehole on Sun 13th Aug 2006 17:45 in reply to "RE[2]: Correctness matters"
ozonehole Member since:
2006-01-07

FWIW, I, and others, am quite pleased the installer can still fit on a single floppy and, while more people might not take advantage of it, you can also do a headless installation via a serial console—and I hope this doesn’t change in the future just to appease the fashion gods. This is one of the quickest installers I’ve ever used and, to be quite honest, it does exactly what an installer is supposed to do—get the OS on the box, quickly.

It's a fast installer if you've used it about 10 times and thus are intimately familiar with it. For a newbie, it takes a couple of hours to pour through the documentation to figure out how to use it. It gets mind-blowingly complicated if you want to install OpenBSD on a hard drive to multiboot with other OSs. If you are willing to give it the entire hard disk (and I guess that's what you do), then it isn't as bad, but it's hardly intuitive.

I see no reason why OpenBSD couldn't have both - an easy-to-use text-mode installer (such as Slackware's or Debian's) plus the esoteric command line installer that you know and love. Installers don't occupy that much disk space.

And OpenBSD does not fit on a single CD - last time I ordered it, I received three CDs, and needed two of them to get the apps installed, plus I had to download some more. But if fitting it on one disk is so important, why not consider making a DVD release? Then it wouldn't be necessary to download so many ports to get a working desktop system.

I firmly believe that the Spartan installer cuts OpenBSD's market share to about 1/10 of what it could be. A pity - it's a good OS in many ways.

Reply Parent Score: 2

RE[2]: Correctness matters
by psygbert on Sun 13th Aug 2006 16:11 in reply to "RE: Correctness matters"
psygbert Member since:
2006-05-29

and an addition to what Bink has said, i think a simple steps like these:

export PKG_PATH=/path/or/url/to/new/packages
pkg_add -u -F upgrade

is not a painful way to upgrade packages.

and i think the openbsd team should not change their installer either. its small and fast. its very rational and logical, a simple understanding of the english language is all it takes to install openbsd. ports install can always be done after the base installation.

rest of the system become static? how? there's many innovation happening in openbsd (e.g. pf, CARP, OpenBGPD, OpenVRRP, good wireless device support, etc.)

Reply Parent Score: 4