Linked by Eugenia Loli on Sat 12th Aug 2006 19:07 UTC
OpenBSD OpenBSD strives to be the most secure UNIX derivation. Design principles, such as code auditing, extensive use of encryption, and careful configuration choices, combine to ensure OpenBSD's secure by default philosophy holds true. This article gives you a close look at the operating system so secure that it was once banned for use in a DEF CON competition, where crackers go after each other's systems.
Thread beginning with comment 152039
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[3]: Correctness matters
by binarycrusader on Sun 13th Aug 2006 22:12 UTC in reply to "RE[2]: Correctness matters"
Member since:

Since my original comment was unfairly moderated, and people may want to know what this is in response to. Here is the original comment the poster responded to:

Agreed. However, in the spirit of "correctness matters," it's important to note that OpenBSD cannot rightfully be called the "Most Secure Unix OS." Notably because it is not UNIX. It is UNIX-like, and provides many of the features that UNIX provides, but it does not comply with the Single UNIX Specification standards.

So, arguably, with only a handful of true UNIX operating systems left, such as: Mac OS X (which as of Leopard will be certified -- see Apple website), Solaris, HP-UX, AIX, SCO UNIX, and maybe one or two others I can't think of at the moment -- which of those is the most secure? That would be a very interesting thing to find out.

While OpenBSD isn't really UNIX, its contributions are certainly invaluable and its work should not be ignored .

Here's his response, and mine:

The "Single Unix Specification" has become about as relevent nowadays as the Common Desktop Environment (CDE)... Very few people care anymore. And really, the only reason OpenBSD and the other BSDs are not already certified is:

That is far from true. The developers of OS' like Linux in many cases have purposefully deviated from the standard. It may not matter to you, but whenever developers from *real* UNIX platforms try to compile and run their application, they discover that other OS' such as OpenBSD, are not real UNIX because they do not provide completely compatible API implementations, or do not even implement specific parts of the standard!

a. It costs ALOT of money.
b. The developers dont really care.


a) Yes, it costs a lot of money, but that's not why they're not compliant. Money is only needed for official certification, not for compliance.

b) This has become obvious, and is why it's a lie to call them UNIX.

Posix compliance is much more important and pretty much all the BSDs and Linux manage to be pretty good about that.

That's where they fall flat though. Linux, for example, is purposefully not fully POSIX compliant. Read discussions on the Linux kernel where Linus decided the standard was dumb and they decided to do their own thing. FreeBSD, etc. are *mostly* POSIX compliant, but partial compliance is only "good enough" -- it isn't enough to call them "compliant."

This is a myth that needs to be busted. Linux and many other alternative OS' are NOT fully POSIX compliant, are NOT UNIX, and likely will never be. There's nothing wrong with that, but people need to stop spreading the myth that they are something that they are not.

Edited 2006-08-13 22:24

Reply Parent Score: 2