OSNews

I don't think you will ever see something like that. Microsoft doesn't have a hate relationship with the BSDs like they do with linux. The problem is linux users are always touting how wonderful linux is and sooooo much better than Windows. You don't see BSD people doing that and they are a lot more tolerable of Microsoft than linux users are. Additionally Microsoft has used BSD code in the past, not sure if they still do or not.

That is why Microsoft is tolerant of BSD... they like to go in, take what they like and not have to listen to the whining afterwards.

If the BSD guys do not mind others using their work, so what ?

Feeding a troll is something stupid, but I cannot resist - real freedom is something other than RMS GPL dictatorship. Most Linux zealots will never understand this, because real freedom needs courage. And guess what? Real freedom is based on respect and common sense too. They're "whining" about this lack of respect. But apart from that most *BSD guys just code and tell people one or two times in the year about their "problems". Linux guys are whining every hour, every single day in year. Linux users are at "war" against Windows and other Linux distros. "Hating" Windows is the common denominator in Linux communities, without it you would have the essence of it - able people who build Linux instead of spreading hype and FUD altogether.

... and thanks for all the fish.

I've always liked the tagline (no idea where/when it originated):

Linux is for people who hate Windows,
*BSD is for people who like Unix.

You know why most OSS developers prefer the GPL and _not_ the BSD license? Well, I'll tell you: It's exeactly that: They don't want the company of a closed source OS to take away their code and lock it away.

"You know why most OSS developers prefer the GPL and _not_ the BSD license?"

What's your definition of "most"?
None of the below projects are GPL:
Apache
Sendmail
BIND
Perl
Python
OpenSSH
X.org
XFree86
PHP
Mozilla/Firefox/Thunderbird

"No , you are perfect in the eyes of your mommy with glass that can beat the hubble telescope range vision of space will being on earth..."

Huh?

Microsoft doesn't have a hate relationship with the BSDs like they do with linux. The problem is linux users are always touting how wonderful linux is and sooooo much better than Windows.

You make it sound like one has to do with the other; it doesn't.

The reason why Microsoft like BSD and not Linux is that they can (and already have) taken code from BSD and incorporate it in Windows without releasing the source code, but they can't do it with Linux. Also, BSD just isn't as big a threat as Linux at the moment.

And sure, a lot of Linux people hate Microsoft and Windows but given that this is based on a lot of people's experience of Windows as a buggy, crappy product, and of Microsoft as a predatory, dishonest organisation, that attitude need not be, and indeed, isn't limited to Linux users but also extends to BSD users, BeOS/Haiku users, OS/2 users...

Equally, there are Linux people who do not like slagging off MS or Win.

"""
The reason why Microsoft like BSD and not Linux is that they can (and already have) taken code from BSD and incorporate it in Windows without releasing the source code, but they can't do it with Linux. Also, BSD just isn't as big a threat as Linux at the moment.
"""

I would reverse the priorities of those two factors.

I think it has everything to do with the level of threat.

I don't see code swiping as being all that major a factor.

Differences in internals limit the value of literal copying of code even between Posix compatible OSes. (Which is why I'm not too overly concerned about Sun's choice of licenses for Solaris.)

Linux and Windows are far more distant from each other.

True enough, but then BSD developers don't deny the validity of the IDEA of proprietarizing open source code, Linux developers do. That's probably closer to what I was trying to get at.

OpenBSD already is the second most popular BSD after FreeBSD (I don't count MacOSX as a BSD) and that's a lot considering that you have to buy the OpenBSD CDs vs. just download FreeBSD.

I don't run OpenBSD but a am aware of it, I just don't need that type of security on my home machine. GNU/Linux trumps in convenience. But let me tell you I have a lot of respect for OpenBSD and should I ever need that type of security I know where to find it.

You can, "just download," OpenBSD. Netinstall is the most common method of installation for me and many other people, despite owning CDs. What you cannot, "just download," are ISOs, those are sold as CDs as an attempt to recoupe some development costs.

That Linux convenience that trumps OpenBSD tends to be bought at the cost of the source itself, the freedom that the GPL attempts to force on people. In fact, many of OpenBSD's release songs and art have been focused on that, "Open Source-AMI," for 4.1 being the most recent.

Edited 2007-03-14 19:10

Netinstall is the most common method of installation for me and many other people, despite owning CDs

I bought a 3.9 CD, but I tend to do net-install anyway. The CD's are mostly a fund-raiser. I, too, like doing a base install and using ports to setup my system.

Certainly it is great as a server, but I also like to use OpenBSD on some of my older laptops. OpenBSD has great wireless support. When 4.1 comes out shortly (you can already pre-order CD's), it will have ACPI support, which will help immensely on newer laptops.

iirc you can download isos of OpenBSD, but from third parties... as long as they have put them together in a way that doesn't copy the layout of original purchased OBSD isos, as the original ISO layout is copyrighted.

Then you just do it?

Install a server, open the port. What would you prefer - everything open by default and you shut off what you don't need. This is PRECISELY the way a server should be.


The point is that it's not secure because of its internal architecture - it's secure because the doors and windows are closed.


You open telnet and you're as vulnerable as Windows.

You can lay claim to the title as MOST SECURE OS only if you can throw open all the ports and remain secure against attacks.

Edited 2007-03-14 20:05

You open telnet and you're as vulnerable as Windows.

Vulnerable to what? A brute force attack? Who cares? The point is that the default install is secure instead of wide open. I don't see the point you're trying to make.

Let me illustrate: would you rather stay in a house with open doors and windows or one with closed and locked doors and windows? Isn't it really pointless to say "Leave the door open and your house invites theives just like the no door house"? Because the answer is: "Well, it's a good thing I DIDN'T leave the door open!"

OpenBSD is intended to be secure, and you must manually open the ports and run services. To imagine security any other way is just silly.

Let me illustrate: would you rather stay in a house with open doors and windows or one with closed and locked doors and windows? Isn't it really pointless to say "Leave the door open and your house invites theives just like the no door house"? Because the answer is: "Well, it's a good thing I DIDN'T leave the door open!"



You can keep the house doors/windows wide open (ie having all the sockets/ports wide open) and if you can nail/bolt every single item in the house down to the floor/table (securing every single service and program) then thieves can walk in all they want but they can't walk out with anything. Think of it like Disneyland - anybody can walk in and use the rides and do whatever they want but nobody can walk out with Space Mountain in the back pockets.

Edited 2007-03-14 21:28

No, OpenBSD is still more secure because of their constant audit of the entire code base and the protective countermeasures that they have put in place such as using the NX bit on newer processors, emulating this on older processors and randomizing the stack (Yes I know that this is possible on Linux but AFAIK it was in OpenBSD first and it is in there by default).

>Install a server, open the port.What would you prefer-
>everything open by default and you shut off what you
>don't need.
>This is PRECISELY the way a server should be.

Philosophically WRONG. Human nature will leave a few extras open because "hey it's working and the boss wants other stuff done" or because the sysadmin isn't totally expert.

On todays internet that philosophy increases your risks many times over.


>The point is that it's not secure because of its
>internal architecture - it's secure because the
>doors and windows are closed.

Yes doors and windows are closed but actually the OpenBSD team are close to being obsessed with security to an extent you have not comprehended. They see security partly as a by-product of quality and are totally serious about it.


>You open telnet and you're as vulnerable as Windows.

Firstly, with ssh to hand why would anyone use telnet.
(ssh being their own OpenSSH...)

Secondly, I cannot find an ordinary telnet daemon for OpenBSD (among the 4000 packages) though there is an encrypted version called "stel".

Get a hint: telnet is not a relevant issue.


>You can lay claim to the title as MOST SECURE OS only
>if you can throw open all the ports and remain secure
>against attacks.

You have missed the turn. Software security is still in the dark ages and nobody with sense offers the black hats more of a target than they have to.

And, why degrade the performance and responsiveness of a system with unnecessary stuff running in the background?

You are applying logic from the desktop domain to the server and router domain and as result you are just wrong.

The OpenBSD guys are far from arrogant about security: I would say its the MOST SECURE OS but that isn't how they describe it on their homepage.


You also didn't bother to check your assertions.

"You can lay claim to the title as MOST SECURE OS only if you can throw open all the ports and remain secure against attacks."

That doesn't make any sense to me. You cannot open all ports and hope to remain secure. You secure your home by closing and locking the door. You can't expect a whole lot of securety if you leave that door wide open.

"You can lay claim to the title as MOST SECURE OS only if you can throw open all the ports and remain secure against attacks."

By default all ports ARE open in OpenBSD (pf isn't enabled by default) although there isn't anything listening on most of them. The only ports that has anything listening on them by default are ident, daytime and time.
So by your own definition it IS the most secure OS.

No, it's only PRECISELY showing that you have no clue about software security.

With OpenBSD, you can have a secure system *and* leave the cable attached.

Seriously though, they have a fairly sound way to secure a system. By forcing the sysadmin to enable services that they need, they make it easier for the sysadmin to track security issues because they automatically know what is running.

They also avoid security issues popping up from services that are enabled by default, but they don't use or don't really need to use.

Off by default is exactly what I like. It is far easier to go and turn on what I need than to go and shut everything I don't need off.

As for Windows being made secure by yanking the ethernet cables. Well, at that point, you don't need very many Windows servces do you? So you're left with a bunch of services that are completely useless. You don't need much on OpenBSD at that point either. But since everything is off, they won't get in your way.

Ok, I admit. I'm running a linux box. I used to run a OpenBSD box while back and I'm seriously considering switching back.

"Nothing is opened by default - well exactly how the hell does that help me if I want to run services, install modules?."

I'll go out an a limb here and guess; you enable the services you want?

"Windows can also be made ultra secure if you just yank the ethernet cable."

That's an entirely different matter.

Why are people so stupid? Seriously, what kind of a question is that? Was it supposed to make me want to claw my eyes out?

Because GNU/Linux system are more secure , so there is less chance of a payout

When was the last time that a linux distro made the claim of "Only two remote holes in the default install, in more than 10 years!" for security? I think we would all love to hear you explain to us how linux is more secure.

Why are Servers and workstation and desktop and laptop not shipping in majority with OpenBSD as default ?

Because OpenBSD is a server OS meant for server hardware. That is why you don't see it on too many desktops or latpops. It can be used for such purposes as desktop/laptop, but not too many people do.

"Because OpenBSD is a server OS meant for server hardware. That is why you don't see it on too many desktops or latpops. It can be used for such purposes as desktop/laptop, but not too many people do."

A friend of mine actually uses OpenBSD on his workstation, a machine you cannot definitely identify as being a workstation or a server, it serves both purposes. Some things require basic knowledge to do (installing, configuring etc.), but that's obvious. People installing OpenBSD first read, then think, then do. "I just deleted my files, how do I get them back?" :-)

OpenBSD is even getting secure implementations to use with ACPI and other "modern" stuff. So the situation is constantly improving.

OpenBSD depends on 100 % functioning hardware. While "Windows" ignores hardware defects and just plays on, missing some bits here and bytes there, OpenBSD refuses to use hardware that is in unstable condition.

As it has been mentioned before, the people using OpenBSD know what they're doing. Nobody is that stupid to install a root account without password and having telnet enabled. So the concept of "open the ports that you need, the rest keeps closed" is very secure. As you surely know, the most security problems reside between keyboard and chair. :-)

Moulinneuf, I am suprised you still have a positive score with the way you comment on things, why do you even come here?

Default install is a key word, that means the software that OpenBSD is responsible for, including OpenSSH, Sendmail, Apache and BIND. Remote exploits in other software has nothing to do with OpenBSD, I'd don't think Microsoft is claiming bugs in QuickTime, so why would OpenBSD claim bugs in other people's software?

It's no lie that when OpenBSD says, this is how OpenBSD does things, if you don't do it the OpenBSD way you're on your own. That how everyone does things. Using Ubuntu? Do things the Ubuntu way or you're on your own.

The next two paragraphs, if they should be called that, make no sense what so ever, so consider this a response to them: "Snapple grasps tangos in the midmorning sun as the eagle flies over the trickling stream." It makes just as much sense.

BSD isn't dead, what pride OpenBSD has is based in it's track record, one that is reasonably proven, and I don't recall many fables being created by OpenBSD users, maybe you could tell as a yarn or two?

A majority of servers, workstations, desktop computers and laptops ship with Windows, is this because of the false claims of Redhat, SuSE and OS/2?

I don't recall anyone blaming GNU/Linux for anything, what on earth are you on about this time?

Notice how once Linux started winning he switched his trolling from Linux to BSD? I guess at least that shows he's got one more brain cell than tomcat; forsoever the dog developeth with digger on a wobbly Netware morn (that's Moullineuf-speak for "However, I DO wish they would both go away").

> OpenSSH, Built , funded , developed by GNU/Linux.

Catch a clue: OpenSSH is from the OpenBSD team.

And BIND predates Linux by 5 years, and Sendmail by 10.

Do you realize that half of the problem people have with you is the way you present your arguments?

The fact that few can understand you without rereading your post several times does not help matters.

"Just talking reality..."

Everyone speaks from their own reality. That's no excuse. If you want people to get ANYTHING out of what you're saying, please please please PLEASE rethink how you present yourself! How you present arguments!

Oh, and try backing up what you say with some facts. Or else you are indeed trolling. Period. If someone sticks to a pov that's unpopular they will likely be labeled a troll, this is true. A good way to guard against it is to present FACTS, preferably as unbiased a source as possible, and present your arguments clearly and concisely.

Then at the very least most people would disagree with you...You'd maintain some dignity however.

The OpenBSD team wrote openssh and the openssl libraries. They wrote openssh because the gnu ssh server, lsh, really sucks.
http://www.lysator.liu.se/~nisse/lsh/

If you think that Linux built and developed openssh, you need to get your facts straight before speaking again.

BSD don't Bash GNU/Linux ... Wait your offering the proof to the contrary needed to show I was right ... What can I say ? Tanks , but It was not need.

http://www.frsirt.com/english/advisories/2005/1979

You where saying ...

BTW that's Exploit 3 and 4 for remote exploit ... If one is to believe BSD lies ... Witch I don't ...

like I said Built , funded , developed by GNU/Linux

With very small contribution like that, "observe" is much more suitable word.

"The OpenBSD team wrote openssh and the openssl libraries."

They didnt write OpenSSL.

"They wrote openssh because the gnu ssh server, lsh, really sucks."

That's not why they wrote OpenSSH. OpenSSH was started because Tatu Ylonen, the original author of SSH, decided to make his implementation proprietary.

Edited 2007-03-15 03:53

He has a positive score because when he says things like this in a Linux based article, the Linux zealot buddies all give him propers.

Wow, the linux zealot geezer is still alive! Please say again "I'm not a zealot because I'm not killing people because of GNU/Linux"