Star OpenBSD's Network Stack
Linked by Thom Holwerda on Thu 13th Oct 2005 15:56 UTC, submitted by anonymous
OpenBSD SecurityFocus interviews three OpenBSD developers about their network stack protection against DoS ICMP attacks, a short comparison with Linux' stack, and some thoughts on OpenBGPD.
E-mail Print r 0   38 Comment(s) http://osne.ws/9g0
Thread beginning with comment 44617
To read all comments associated with this story, please click here.
RE: From TFA
by on Thu 13th Oct 2005 18:56 UTC

Member since:

"This guy is a first class troll."

... and he's also a first class developer. For example, he was mainly involved in developing CARP - and it's just great.

I think his argument isn't trolling at all. It's just a description of the way it is in Linux, i.e, you have to, explicitely, configure every peace of shit in the Linux kernel in order to make it work (modules, ...). In contrast, OpenBSD takes this burden from the user by encouraging him to use the GENERIC kernel, which has enabled everything you need (at least for 99% of the user base). There's just no need to tweak the kernel in order to break something.

Another example: you don't have to enable W^X, propolice and alle the other stack/heap protecting features in OpenBSD, because they all work out-of-the-box. Which Linux distro does enable so many user-transparent security features by default?

Reply Bookmark Score: 2

RE[2]: From TFA
by on Thu 13th Oct 2005 19:01 in reply to "RE: From TFA"
Member since:

Ever heard of flexibility?

Reply Parent Bookmark Score: 0

RE[3]: From TFA
by on Fri 14th Oct 2005 08:40 in reply to "RE[2]: From TFA"
Member since:

Flexibility to be vulnerable?

Reply Parent Bookmark Score: 1

RE[2]: From TFA
by Rahul on Thu 13th Oct 2005 20:21 in reply to "RE: From TFA"
Rahul Member since:
2005-07-06

It's just a description of the way it is in Linux, i.e, you have to, explicitely, configure every peace of shit in the Linux kernel in order to make it work (modules, ...). In contrast, OpenBSD takes this burden from the user by encouraging him to use the GENERIC kernel, which has enabled everything you need (at least for 99% of the user base). There's just no need to tweak the kernel in order to break something.


Far from the truth, Linux kernel also includes a default configuration that is modular and works in a much more wider range of hardware. Distributions also integrate hotplug, hardware detection and configuration tools that makes it all work together. If there is a need to tweak the kernel its generally consider a bug and should be fixed.

Reply Parent Bookmark Score: 2