As recently reported on OpenBSD’s errata page, a problem in the mbuf handling of IPv6 has been elevated to a security issue. This means that OpenBSD now has two remote exploits in 10 years, as already reflected on the OpenBSD Homepage. Theo advises to to update the system (or to block IPv6 using PF as a workaround).
It’s a shame Microsoft is not after BSD on its “Get the facts” campaign…. I’d LOVE to see ___ (any Microsoft puppy goes in the blank… Paul Thurrot comes to mind first hand, of course) trumpeting that “OpenBSD has doubled its exploits over the last year, it has being acknowledged… and Windows OSs only increased 10%”, or Billy say that “you can take over a openBSD computer anytime anywhere by just looking at it from as far as 300 feet away….. Does anybody care about the truth these days?” or whatever comes up their mind. 😀
Edited 2007-03-14 18:34
I don’t think you will ever see something like that. Microsoft doesn’t have a hate relationship with the BSDs like they do with linux. The problem is linux users are always touting how wonderful linux is and sooooo much better than Windows. You don’t see BSD people doing that and they are a lot more tolerable of Microsoft than linux users are. Additionally Microsoft has used BSD code in the past, not sure if they still do or not.
That is why Microsoft is tolerant of BSD… they like to go in, take what they like and not have to listen to the whining afterwards.
If the BSD guys do not mind others using their work, so what ?
Feeding a troll is something stupid, but I cannot resist – real freedom is something other than RMS GPL dictatorship. Most Linux zealots will never understand this, because real freedom needs courage. And guess what? Real freedom is based on respect and common sense too. They’re “whining” about this lack of respect. But apart from that most *BSD guys just code and tell people one or two times in the year about their “problems”. Linux guys are whining every hour, every single day in year. Linux users are at “war” against Windows and other Linux distros. “Hating” Windows is the common denominator in Linux communities, without it you would have the essence of it – able people who build Linux instead of spreading hype and FUD altogether.
… and thanks for all the fish.
I’ve always liked the tagline (no idea where/when it originated):
Linux is for people who hate Windows,
*BSD is for people who like Unix.
Mine is:
Linux is only free if your time is worthless
You know why most OSS developers prefer the GPL and _not_ the BSD license? Well, I’ll tell you: It’s exeactly that: They don’t want the company of a closed source OS to take away their code and lock it away.
“You know why most OSS developers prefer the GPL and _not_ the BSD license?”
What’s your definition of “most”?
None of the below projects are GPL:
Apache
Sendmail
BIND
Perl
Python
OpenSSH
X.org
XFree86
PHP
Mozilla/Firefox/Thunderbird
All the application you are wrong about in your listing , all the other not included who are GPL make most.
– Apache is not BSD.
http://www.apache.org/licenses/
– Sendmail is BSD based :
SENDMAIL LICENSE
– BIND is BSD licensed.
– Perl is GPL ( its dual licensed ) NOT BSD
http://dev.perl.org/licenses/
– Python is not BSD :
Python Software Foundation License
http://www.python.org/psf/license/
– OpenSSH is BSD
– X11 is not BSD
License: X11 License
– XFree86 is not BSD
XFree86 is XFree86 1.1 copyright/license
http://www.xfree86.org/current/LICENSE1.html
– PHP is not BSD
PHP license
http://www.php.net/license/
Mozilla/Firefox/Thunderbird is not BSD and is GPL.
MPL/GPL/LGPL tri-license
http://www.answers.com/topic/firefox
—–
YOU ARE WRONG , some of those you listed are GPL , most of them are NOT BSD.
Edited 2007-03-15 07:50
“YOU ARE WRONG , some of those you listed are GPL , most of them are NOT BSD.”
So? I never said they’re BSD, I said they’re not GPL and that’s true in every one of the cases (and more) except for the tri-licensed Moz/FF/TB. and dual-licensed Perl (which still supports my point, they’re not GPL only).
Edited 2007-03-15 08:07
“I never said they’re BSD”
It was implied , sorry.
“I said they’re not GPL and that’s true in every one of the cases”
that’s where you are wrong and have been proved false by me.
“which still proves my point”
No , it prove that some software who are in high usage do not use the GPL or are GPL and licensed with something else , The point you where refuting is that the majority is not GPL , you failed to achieve it by offering false information and being wrong.
” they’re not GPL only).”
Your false point was , they are not GPL. You just added only now. You still fail to prove majority to other license or something else then GPL.
“Your false point was , they are not GPL. You just added only now.”
Really now, shall we see what I actually did say:
“None of the below projects are GPL:”
And that is true, they aren’t. They are either not GPL or multi-licensed where *one* license is GPL and thus you arent coding for a GPL project since your code can (and will) be licensed under some non-GPL license.
I don’t mind the GPL but with so many cornerstone projects NOT being GPL saying that “most OSS developers prefer GPL” is a far stretch. No doubt many do but many != most.
What you actually did say , Is not what you copy pasted , and is not what you thought you said , I showed that in your list that you have forgotten to include this time around , there are GPL projects in that list , that you keep saying are NOT GPL , witch still make you false and I also pointed out that most of them are not BSD either. You corrected by saying you meant not Only , witch is correct but , you still haven’t addressed or refuted the majority fact and keep denying the existence of GPL project in your list so , now your false , lying and delusionnal.
” They are either not GPL or multi-licensed where *one* license is GPL and thus you arent coding for a GPL project since your code can (and will) be licensed under some non-GPL license. ”
You need to join reality here , there are multi licensed project that don’t include the GPL at all those are project who are NOT GPL , if the GPL is used its a GPL project. You seem to be mixing GNU and GPL too , I could be wrong on that , just your scripted answers give me that impression.
” and thus you aren’t coding for a GPL project since your code can (and will) be licensed under some non-GPL license. ”
If the code goes in the GPL version , you are coding GPL code and are coding for a GPL project , regardless if that Project use multi license to maximize its profits and fulfill the demand of its clients.
You can be a client who paid a company to make yourself a BSD software , if that company Dual license with the GPL its projects and you are not opposing it , its guaranteed that your software made by other that you paid for as now a GPL version and is a GPL project. Not your copy do.
“I don’t mind the GPL”
You cant even identify what is GPL from what is not.
“but with so many cornerstone projects NOT being GPL”
We are discussing the *majority* , it means the one who as the most software , not the self decided value you decided to put on the software , its a number thing.
“saying that “most OSS developers prefer GPL” is a far stretch. No doubt many do but many != most.”
No , its called a fact and reality , GNU/Linux as the most software and most developer of all the OSS projects and the majority use the GPL.
“What you actually did say , Is not what you copy pasted , and is not what you thought you said”
Thanks for explaining what I thought I said because obviously I didn’t say what I actually said…
“if the GPL is used its a GPL project.”
Not if it’s a multi-license project.
“If the code goes in the GPL version , you are coding GPL code and are coding for a GPL project ,”
Thats not how the multi-license project works. The code you write can be used with any of the licenses or perhaps you can provide any proof of, say, Perl code that is in the “GPL-version” and not the “Artistic-version”.
“You cant even identify what is GPL from what is not. ”
Sure I can, it’s the code with the GPL attached.
“We are discussing the *majority* , it means the one who as the most software”
That’s not at all what we are discussing, we are discussing what license developers prefer. This has nothing to do with “who as the most software”.
“No , its called a fact and reality , GNU/Linux as the most software and most developer of all the OSS projects and the majority use the GPL.”
That does not mean all those developers *prefer* the GPL to other licenses. Contributing code to a project with a certain license does not mean that’s the license you prefer, be it BSD,GPL or what-have-you.
“Thanks for explaining what I thought I said because obviously I didn’t say what I actually said… ”
If you had actually said Not GPL only , I know I would have not bothered to reply to it.
“Not if it’s a multi-license project. ”
That’s where you are wrong , for it to be not GPL it as to not use the GPL at all. example MIT/BSD/CDDL.
“Thats not how the multi-license project works. ”
Wrong , you submit code to a real multi license project the code gets included in all the license used by the project.
“The code you write can be used with any of the licenses”
That the project use , yes … thats my point.
“or perhaps you can provide any proof of, say, Perl code that is in the “GPL-version” and not the “Artistic-version”. ”
You like twisting things , if its mult-licensed with GPL , making it a GPL project , the license in use normally as the same code. I guess I specifically need to say its also an Artistic project for you to see how wrong you are ? I never implied otherwise , you on the other hand have repetitively claimed it not to be a GPL project.
“Sure I can, it’s the code with the GPL attached. ”
No , its all of it under the GPL. The software is GPL all of its code is GPL , the same code can have another license , but its not always the case.
“That’s not at all what we are discussing”
Yes.
“we are discussing what license developers prefer. This has nothing to do with “who as the most software”. ”
You try and introduce *preference* as the determining factor , but if they don’t like it , they don’t use the GPL. The GPL is not forced on anyone.
“That does not mean all those developers *prefer* the GPL”
Yes , otherwise they would use something else. Most of them are self employed or consultant or developing there own patch and version.
“Contributing code to a project with a certain license does not mean that’s the license you prefer, be it BSD,GPL or what-have-you.”
Only in your made up world are people forced to do anything with the GPL or in Free Software , they do it by choice and preference. Seriously , I want your recipe to force a developer to do work under a license he don’t prefer. I got all of BSD to test it on.
Apache is neither BSD or GPL..
http://www.apache.org/licenses/LICENSE-2.0 – Although it’s compatible with the GPL..
BIND does use a modified BSD-like licence!!
Permission to use, copy, modify, and distribute this software for any purpose with or without fee is hereby granted, provided that the above copyright notice and this permission notice appear in all copies.
Perl is GPL, but is also under an Artistic License…
Python is under a BSD-like licence!!
(1) GPL-compatible doesn’t mean that we’re distributing Python under the GPL. All Python licenses, unlike the GPL, let you distribute a modified version without making your changes open source. The GPL-compatible licenses make it possible to combine Python with other software that is released under the GPL; the others don’t.
http://en.wikipedia.org/wiki/Python_Software_Foundation_License
X.Org‘s licence is a MIT (“X”) License, Which again.. Is a Modified BSD Licence!!
http://en.wikipedia.org/wiki/MIT_License
XFree86 is under a BSD-like licence also.. With various incompatibilities in specific versions.
And PHP.. The licence is almost absolutely a Modified BSD licence..
http://www.php.net/license/3_01.txt
Each have various clauses you have to agree with, But there not too extreme.
(PHP’s for example looks generic.. You could make a proprietary version called TIN-PEE-H-PEE This is not PHP.. if you wanted!!)
Truly Mozilla/Apache/Perl are the only ones on there that have licences that are not modified BSD licences..
Maybe your just uneducated, But if you didn’t know this already.. The BSD licence TEXT is public domain, You’re free to modify it accordingly for use in your code/project..
(Not the licence on someone else’s project/code though..).
http://en.wikipedia.org/wiki/BSD_licence
So stop trolling Moulinneuf!!
Edited 2007-03-15 08:54
” Apache is neither BSD or GPL”
Thats what I said … I did not imply it was GPL that your own twisting of relaity.
“BIND does use a modified BSD-like licence!! ”
That’s what I said.
“Perl is GPL, but is also under an Artistic License…”
That’s what I said.
“Python is under a BSD-like licence!! ”
No , its under the Python Software Foundation License like I said.
“X.Org’s licence is a MIT (“X”) License, Which again.. Is a Modified BSD Licence!! ”
No , its the MIT license …
“XFree86 is under a BSD-like licence also..”
No , its under XFree86 is XFree86 1.1 copyright/license
“And PHP.. The licence is almost absolutely a Modified BSD licence”
No its , PHP license
“Maybe your just uneducated”
No , I am educated , and right , I just don’t rewrite reality and everything as GPL to fit my points and facts as you do with everything BSD. ” BSDfan ”
I never introduced a comparison with the GPL or suggested that license that are not GPL are GPL , but you did rewrite me as suggesting I did so, I was right and factual , you on the other end as long as it look like BSD it must be based of BSD …
I never troll *BSDfan*.
Ok, you showed many major projects that are infected by GPL, and now what? Have you ever contributed any code to one of them? If not, you’re just like other GNU/Linux/GPL zealots that only know “./configure && make && make install” (or worst, only know click-click-click via synaptic).
“you showed many major projects that are *infected* by GPL”
No , I showed the license used by the project in the list offered. The GPL don’t infect anything as its not viral or a virus. You have to specifically choose to interact with it and choose to use it.
“Have you ever contributed any code to one of them?”
Yes , indirectly , I am not that good with server , or with any programming.
“If not, you’re just like other GNU/Linux/GPL zealots that only know “./configure && make && make install” (or worst, only know click-click-click via synaptic).”
I ain’t a zealot , that’s not all I know , I don’t refuse work based on license or OS , I will work on all OS if the client agree to my terms and fee.
You seem to like painting others in group you wrongly define because you disagree with them , all with the same ridicule and demeaning brush.
I think it’s pretty clear that the bad blood created by licensing flame wars far outweighs the relative differences in benefits of the GPL and BSD licenses.
As I’ve said in previous posts, I’m partial to the GPL. But BSD is OK, too. In fact, depending upon the situation, BSD is sometimes the better choice.
The ogg codecs are BSD licensed. And even RMS agrees that BSD was the proper choice of license for that purpose, and has gone on record saying so.
I sometimes, and probably unfairly, call the BSD license the “Rape Me” license.
But I must admit that its freedoms are not abused as much as one might expect.
On the other hand, the GPL’s uncompromising nature causes rather more collateral damage than one might expect.
I still am partial to it. But it is not the silver bullet I once, naively, thought it was.
Don’t worry. Be happy. 😉
Thank you mith
Again Moulinneuf, If you read my post..
I said that BIND/Python/X.Org/XFree86 & PHP use a Modified BSD-like licence, Most containing text like:
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
{Their clauses.. etc..}
THIS SOFTWARE IS PROVIDED BY <copyright holder> “AS IS” AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL <copyright holder> BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
Most have this text or something similar..
They’re BSD-like, If you actually read the licences or any Wiki articles on each licence (MIT/X/ISC/PHP..etc) they are all BSD-like licences.
Again the BSD licence text is PUBLIC DOMAIN thus when you are licencing your project/code you’re totally free to Add/Remove and Modify the text in your licence.
You’re starting to annoy people Moulinneuf….
Edited 2007-03-15 13:26
I read your post , I already answered it and corrected any miss-conception and error you might have had. I see no new point , or accurate addition at all from you in this new comment.
I don’t stop to ask myself will I annoy your “people” by giving fact and telling the truth.
Moulinneuf… you should learn to read and interpret english (yes, yes… i know my english is far from perfect)
“BSD-Like” means that the license is not a BSD license (and probably has a completely diferent name) but most of the license is similar to BSD
When Soulbender said “None of the below projects are GPL:” he didn’t said that it was BSD, he said it *WAS NOT* GPL, although not completely correct (because perl). Once again you misinterpreted someone and said he implied that all that projects where BSD License.
I will not comment all the others mistakes you made in all yours posts here. But you should read things carefully and try to not troll so much
By the way… i am not a OpenBSD user (I use Mac OS X as Desktop/Development and Solaris 10/OpenSuse for 2 servers) but its common sense that OpenBSD is probably the most secure for a server… and again… if you do some googling about openbsd, the way their developers work and their goals, you will understand why probably OpenBSD is the most secure OS.
Mith , my writing skil maybe poor but , don’t be fooled into thinking my reading skills and interpretation is flaud and broken because of it.
I get BSD-Like , If you read closely I said its wrong. BSD contrary to some lies told and repeated is not a great license at all and people have been trying to improve its concept for decades. Yes similarity exist , but its in the difference that license take there sense and meaning.
“he didn’t said that it was BSD”
Miss-interpretation on my part witch he corrected.
“he said it *WAS NOT* GPL, although not completely correct (because perl). Once again you misinterpreted someone and said he implied that all that projects where BSD License. ”
No , I corrected the information he gave , based on my miss interpreation , I commented on it being BSD or not accurately.
I don’t troll , I made no mistake , My commenting on it not being BSD was right. I did miss-interpret is lack of precision , but thats not really important to is answer.
Its common sense ? No , its propaganda based on lies and ommission. You see some people need there server to be secure , for much more then just data , they don’t use OpenBSD , That’s all I need to know , Beside first hand testing.
The way there developer work ? Is highly laughable , there goals ? Goal imply something to achieve , they don’t achieve any solution worth supporting otherwise they would do so them self.
Its time to grow up its not 1995 anymore.
They are the best at making excuses and blaming other’s principally GNU/Linux.
Mith , my writing skil maybe poor but”
Your writing skill is ok… the problem is not that
I get BSD-Like[…]BSD contrary to some lies told and repeated is not a great license at all
Im a developer, and a BSD license is great for me because i can use their code in some closed source projects… (i use PostgreSQL and some minor BSD license based code) but that means that if i do some improvements to the base code i will submit the code to the developer(and yes… i already submited some code)… sorry but GPL does not suit my needs… but hey… its just my opinion and im not asking all of you to agree with me.
Miss-interpretation on my part witch he corrected.
sorry
Its common sense ? No , its propaganda based on lies and ommission. You see some people need there server to be secure , for much more then just data , they don’t use OpenBSD , That’s all I need to know , Beside first hand testing.
Just prove that with numbers and facts
The way there developer work ? Is highly laughable , there goals ? Goal imply something to achieve , they don’t achieve any solution worth supporting otherwise they would do so them self.
Are you serious???
This discussion is pointless… you only see the Linux way… i love Linux, but that don’t means that i will only use it. Linux has some strong points and some weak points like almost every operating system in the wild. So… Just open your mind a little more…
PS.: Once again… just compare the %$.”!/#@ licenses and dont say again they are not BSD Like (like you replied to the BSDFan post) … read things before spreading lies and misinformation.
Edited 2007-03-15 20:50
“””
They are the best at making excuses and blaming other’s principally GNU/Linux.
“””
I don’t really want to join this particular fray.
However, I’m just presumptuous enough to offer an unsolicited recommendation or two. 😉
Presentation is every bit as important as substance.
Or for those whose tastes run more toward a “down home” style: “You catch more flies with honey than with vinegar”.
If your goal is merely to state your case, then that’s all you really have to do.
But if your goal is to *persuade*, then you have to start thinking in terms of optimizing your strategy.
Once a thread has become polarized, it is highly unlikely that anyone will be persuaded to see the other side’s point of view.
Just about the only way that I know of to persuade (And its *far* from a sure fire approach; You just have to take your chances.) is to seek out a common ground, something that both sides can agree upon, and carefully work from there.
It can be tedious. It can be frustrating. But it can sometimes be educational, as well.
And it stands a lot better chance than any sort of frontal assault would.
Actually, there is one other way that I can think of to persuade. It’s more circuitous and generalized, and not the sort of technique that you can really “point” at someone. And that is persuasion by setting a good example.
But I don’t feel adequate to write that one up today. 😉
Well, one last thought. Since persuasion can be a difficult activity, it pays to seriously consider exactly which points are actually worth applying one’s efforts to.
Moulinneuf, You just said the following are not BSD-like licences.. They Are.. How am I wrong?
Python Software Foundation License
MIT (“X”) License
XFree86 1.1 copyright/license
PHP license
http://en.wikipedia.org/wiki/Python_Software_Foundation_License
http://en.wikipedia.org/wiki/MIT_License
http://www.xfree86.org/legal/licenses.html
http://en.wikipedia.org/wiki/XFree86#Licensing_controversy
http://www.php.net/license/3_01.txt
How can you continue to claim that their licences are not BSD-like, It’s clearly said in almost each topic and site (Several large sections of the licences are identical..)
How can you claim you’re educated? Do you understand the word like when I say BSD-like licence? Or Modified BSD licence?
And you Are trolling.. look at all your blatant lies..
Me:”Python is under a BSD-like licence!!”
You:”No , its under the Python Software Foundation License like I said. ”
Me:”X.Org’s licence is a MIT (“X”) License, Which again.. Is a Modified BSD Licence!!”
You:”No , its the MIT license …”
Me:”XFree86 is under a BSD-like licence also..”
You:”No , its under XFree86 is XFree86 1.1 copyright/license”
Me:”And PHP.. The licence is almost absolutely a Modified BSD licence”
You:”No its , PHP license”
I’m not denying that they have their own licences..
But their licences are clearly Modified BSD-like.
Cut it out already.. you’re wrong..
Edited 2007-03-15 15:20
“Moulinneuf, You just said the following are not BSD-like licences..”
Yes.
“They Are.”
No.
“you’re wrong”
No.
have a nice day.
Moulinneuf, I just thought about modding your post down, but I didn’t, instead I just reply to it (because there’s no option “The post has been proved to be a lie” in the modding system).
As the one you’ve replied to has proved (by giving evidences directly from source) that the licenses that are not BSD licenses (as you had stated correctly) are at least BSD-like (what you denied), you’ve been proved to be wrong. You claim to be educated? Extend this to discussion culture, please. Don’t keep claiming the opposite.
Let me give you a simple example (fictional):
Doc Pain: 2 + 2 is smaller than or equal to 4.
Moulinneuf: No, it’s not.
Doc Pain: Let’s count: I I (2) plus I I (2) is I I I I (4), so it’s smaller than or equal to 4.
Moulinneuf: No, it’s not.
Doc Pain: 4 is equal to 4, so the above relation “is smaller than or equal” is fulfilled.
Moulinneuf: No, it’s not. I’m right and you’re wrong. Have a nice day.
🙂
So please do what even the famous NotParker did: Try to give a proof of what you’re claiming. Accept contraexamples. If you claim a license “not to be BSD-like” and someone posts the text from the license and underlines its similarity to the original BSD license, you’ve been proved to be wrong by contraexample. There’s just nothing you can do about it. Logic always relies on universal principles, not on individual sympathies, ideas or assumptions. If you are not willing to discuss, instead keep claiming, flaming and offending, you’ll risk to be modded down to minus infinity. 🙂
BTW, there are some points you made I can agree with, but they have nothing to do with the possible security problem in OpenBSD, so try to stay on topic.
“You don’t see BSD people doing that”
Your responding to a comment doing just that …
But that’s not all if one truly follow your nonsense , logically doing the opposite should be presenting better result against both Windows and GNU/Linux.
But don’t ask yourself what your doing wrong and why GNU/Linux and Windows make your funding and marketing and market share look like dwarfs … No , you are perfect in the eyes of your mommy with glass that can beat the hubble telescope range vision of space will being on earth …
Just so I am clear Microsoft being the only one making all the money from BSD work is Bad. Its really , really bad. Its a problem.
“No , you are perfect in the eyes of your mommy with glass that can beat the hubble telescope range vision of space will being on earth…”
Huh?
If your glasses give you better space clarity then the Hubble space telescope who is in space to avoid heart interference , you got huge thick glass that are out of this world. Meaning your mom is blind and telling you you are perfect because she love you , not because she can really see you.
Sometime people working on a project are too close to it to see its real relevance and problems , BSD people keep tapping them self on the back will never been truly recognized as #1 in anything.
In other word if BSD is the best why are people Buying and funding windows and GNU/Linux more ?
“In other word if BSD is the best why are people Buying and funding windows and GNU/Linux more ?”
Why are people buying and funding Windows more than Linux?
They are not , Most of Microsoft income is paid by company and corporation who make it default or use it as default.
GNU/Linux support more hardware and more language and as more developer and more software made by it.
Now that’s not to say that the Windows *market* is smaller or have less fund put in it , but with GNU/Linux , developer are paid by distribution to work on GIMP , where as Adobe photoshop is done by another company and you have to pay again for use and support …
If your glasses give you better space clarity then the Hubble space telescope who is in space to avoid heart interference , you got huge thick glass that are out of this world. Meaning your mom is blind and telling you you are perfect because she love you , not because she can really see you.
I can’t tell if you’re just mangling the concept of “ugly baby syndrome,” or if you’re also trying to suggest that the Hubble telescope has a heart condition…
I am not mangling anything , the concept is “to be blinded by feeling witch have no basis on reality”.
I am not suggesting that the Hubble telescope has a heart condition … to be in love as no relation with coronary problems.
Dude, you mangle the English language a wee bit often when you rant.
People don’t like to be told they are wrong, and people don’t like it when you dont conform to there way of doing things.
Mangling , English , ranting are not the problem at all.
The lyrics to a Frank Black song just popped into my head.
“My name is Chip,
I’m different.
I don’t conform,
I wear different uniforms.”
I am not mangling anything , the concept is “to be blinded by feeling witch have no basis on reality”.
Uh, yes. In other words, “ugly baby syndrome” – aka “Well, it may be ugly as sin, but it’s still our baby.” Despite your insistence on over-explaining, it’s not really a novel idea.
Now, I must be off – my latest issue of Tiresome Exposition Monthly has just arrived. It’s the journal of needless exposition and those who expound (naturally).
Microsoft doesn’t have a hate relationship with the BSDs like they do with linux. The problem is linux users are always touting how wonderful linux is and sooooo much better than Windows.
You make it sound like one has to do with the other; it doesn’t.
The reason why Microsoft like BSD and not Linux is that they can (and already have) taken code from BSD and incorporate it in Windows without releasing the source code, but they can’t do it with Linux. Also, BSD just isn’t as big a threat as Linux at the moment.
And sure, a lot of Linux people hate Microsoft and Windows but given that this is based on a lot of people’s experience of Windows as a buggy, crappy product, and of Microsoft as a predatory, dishonest organisation, that attitude need not be, and indeed, isn’t limited to Linux users but also extends to BSD users, BeOS/Haiku users, OS/2 users…
Equally, there are Linux people who do not like slagging off MS or Win.
“””
The reason why Microsoft like BSD and not Linux is that they can (and already have) taken code from BSD and incorporate it in Windows without releasing the source code, but they can’t do it with Linux. Also, BSD just isn’t as big a threat as Linux at the moment.
“””
I would reverse the priorities of those two factors.
I think it has everything to do with the level of threat.
I don’t see code swiping as being all that major a factor.
Differences in internals limit the value of literal copying of code even between Posix compatible OSes. (Which is why I’m not too overly concerned about Sun’s choice of licenses for Solaris.)
Linux and Windows are far more distant from each other.
True enough, but then BSD developers don’t deny the validity of the IDEA of proprietarizing open source code, Linux developers do. That’s probably closer to what I was trying to get at.
It’s pity OpenBSD doesn’t get more attention, compared to its not-so-safe sister FreeBSD (Darwin, MacOS X) and its illegitimate sibling GNU/Linux.
OpenBSD already is the second most popular BSD after FreeBSD (I don’t count MacOSX as a BSD) and that’s a lot considering that you have to buy the OpenBSD CDs vs. just download FreeBSD.
I don’t run OpenBSD but a am aware of it, I just don’t need that type of security on my home machine. GNU/Linux trumps in convenience. But let me tell you I have a lot of respect for OpenBSD and should I ever need that type of security I know where to find it.
You can, “just download,” OpenBSD. Netinstall is the most common method of installation for me and many other people, despite owning CDs. What you cannot, “just download,” are ISOs, those are sold as CDs as an attempt to recoupe some development costs.
That Linux convenience that trumps OpenBSD tends to be bought at the cost of the source itself, the freedom that the GPL attempts to force on people. In fact, many of OpenBSD’s release songs and art have been focused on that, “Open Source-AMI,” for 4.1 being the most recent.
Edited 2007-03-14 19:10
Netinstall is the most common method of installation for me and many other people, despite owning CDs
I bought a 3.9 CD, but I tend to do net-install anyway. The CD’s are mostly a fund-raiser. I, too, like doing a base install and using ports to setup my system.
Certainly it is great as a server, but I also like to use OpenBSD on some of my older laptops. OpenBSD has great wireless support. When 4.1 comes out shortly (you can already pre-order CD’s), it will have ACPI support, which will help immensely on newer laptops.
iirc you can download isos of OpenBSD, but from third parties… as long as they have put them together in a way that doesn’t copy the layout of original purchased OBSD isos, as the original ISO layout is copyrighted.
And openbsd.org has now been updated to read: “Only two remote holes in the default install, in more than 10 years!”
They owned up to it and took care of it quickly. Great work as usual.
Not sure I’d characterize FreeBSD as a “not-so-safe sister” (I don’t understand that comment).
I have been using OpenBSD for about 4 years now, and it truly is an awesome OS. I think the statement saying that FreeBSD is the “not-so-safe sister” is partially true though. Not saying that FreeBSD is not secure, it very much is, just not as much so as OpenBSD. FreeBSD seems to be trying very hard to work themselves onto the desktop; whereas, OpenBSD is staying right where it belongs as one KICK-ASS secure server platform. Good job Theo and company.
As an OpenBSD fan for about 7 years now, I always thought it should have changed after the first one was discovered. Each time that number increases (not that it happens often), it loses a lot of its weight.
As for OpenBSD not being convenient (in response to a previous comment), I personally think it is, compared to all the work it takes to customize a Linux box. I guess if you don’t really care as much about your system’s setup, and just want something that will work, most any Linux distro will do. If you have very particular tastes and preferences, however, doing a base install of OpenBSD, getting the ports tree, then building your system from there is quite convenient and less work in the long run than trying to make a stock distro install what you want it to be.
Nothing is opened by default – well exactly how the hell does that help me if I want to run services, install modules?.
Windows can also be made ultra secure if you just yank the ethernet cable.
Then you just do it?
Install a server, open the port. What would you prefer – everything open by default and you shut off what you don’t need. This is PRECISELY the way a server should be.
Install a server, open the port. What would you prefer – everything open by default and you shut off what you don’t need. This is PRECISELY the way a server should be.
The point is that it’s not secure because of its internal architecture – it’s secure because the doors and windows are closed.
You open telnet and you’re as vulnerable as Windows.
You can lay claim to the title as MOST SECURE OS only if you can throw open all the ports and remain secure against attacks.
Edited 2007-03-14 20:05
You open telnet and you’re as vulnerable as Windows.
Vulnerable to what? A brute force attack? Who cares? The point is that the default install is secure instead of wide open. I don’t see the point you’re trying to make.
Let me illustrate: would you rather stay in a house with open doors and windows or one with closed and locked doors and windows? Isn’t it really pointless to say “Leave the door open and your house invites theives just like the no door house”? Because the answer is: “Well, it’s a good thing I DIDN’T leave the door open!”
OpenBSD is intended to be secure, and you must manually open the ports and run services. To imagine security any other way is just silly.
Let me illustrate: would you rather stay in a house with open doors and windows or one with closed and locked doors and windows? Isn’t it really pointless to say “Leave the door open and your house invites theives just like the no door house”? Because the answer is: “Well, it’s a good thing I DIDN’T leave the door open!”
You can keep the house doors/windows wide open (ie having all the sockets/ports wide open) and if you can nail/bolt every single item in the house down to the floor/table (securing every single service and program) then thieves can walk in all they want but they can’t walk out with anything. Think of it like Disneyland – anybody can walk in and use the rides and do whatever they want but nobody can walk out with Space Mountain in the back pockets.
Edited 2007-03-14 21:28
http://www.geetarz.org/funniez/pics/head-up-ass.jpg
…
No, OpenBSD is still more secure because of their constant audit of the entire code base and the protective countermeasures that they have put in place such as using the NX bit on newer processors, emulating this on older processors and randomizing the stack (Yes I know that this is possible on Linux but AFAIK it was in OpenBSD first and it is in there by default).
>Install a server, open the port.What would you prefer-
>everything open by default and you shut off what you
>don’t need.
>This is PRECISELY the way a server should be.
Philosophically WRONG. Human nature will leave a few extras open because “hey it’s working and the boss wants other stuff done” or because the sysadmin isn’t totally expert.
On todays internet that philosophy increases your risks many times over.
>The point is that it’s not secure because of its
>internal architecture – it’s secure because the
>doors and windows are closed.
Yes doors and windows are closed but actually the OpenBSD team are close to being obsessed with security to an extent you have not comprehended. They see security partly as a by-product of quality and are totally serious about it.
>You open telnet and you’re as vulnerable as Windows.
Firstly, with ssh to hand why would anyone use telnet.
(ssh being their own OpenSSH…)
Secondly, I cannot find an ordinary telnet daemon for OpenBSD (among the 4000 packages) though there is an encrypted version called “stel”.
Get a hint: telnet is not a relevant issue.
>You can lay claim to the title as MOST SECURE OS only
>if you can throw open all the ports and remain secure
>against attacks.
You have missed the turn. Software security is still in the dark ages and nobody with sense offers the black hats more of a target than they have to.
And, why degrade the performance and responsiveness of a system with unnecessary stuff running in the background?
You are applying logic from the desktop domain to the server and router domain and as result you are just wrong.
The OpenBSD guys are far from arrogant about security: I would say its the MOST SECURE OS but that isn’t how they describe it on their homepage.
You also didn’t bother to check your assertions.
“You can lay claim to the title as MOST SECURE OS only if you can throw open all the ports and remain secure against attacks.”
That doesn’t make any sense to me. You cannot open all ports and hope to remain secure. You secure your home by closing and locking the door. You can’t expect a whole lot of securety if you leave that door wide open.
“You can lay claim to the title as MOST SECURE OS only if you can throw open all the ports and remain secure against attacks.”
By default all ports ARE open in OpenBSD (pf isn’t enabled by default) although there isn’t anything listening on most of them. The only ports that has anything listening on them by default are ident, daytime and time.
So by your own definition it IS the most secure OS.
No, it’s only PRECISELY showing that you have no clue about software security.
With OpenBSD, you can have a secure system *and* leave the cable attached.
Seriously though, they have a fairly sound way to secure a system. By forcing the sysadmin to enable services that they need, they make it easier for the sysadmin to track security issues because they automatically know what is running.
They also avoid security issues popping up from services that are enabled by default, but they don’t use or don’t really need to use.
Off by default is exactly what I like. It is far easier to go and turn on what I need than to go and shut everything I don’t need off.
As for Windows being made secure by yanking the ethernet cables. Well, at that point, you don’t need very many Windows servces do you? So you’re left with a bunch of services that are completely useless. You don’t need much on OpenBSD at that point either. But since everything is off, they won’t get in your way.
Ok, I admit. I’m running a linux box. I used to run a OpenBSD box while back and I’m seriously considering switching back.
“Nothing is opened by default – well exactly how the hell does that help me if I want to run services, install modules?.”
I’ll go out an a limb here and guess; you enable the services you want?
“Windows can also be made ultra secure if you just yank the ethernet cable.”
That’s an entirely different matter.
Why are people so stupid? Seriously, what kind of a question is that? Was it supposed to make me want to claw my eyes out?
“Only two remote holes in the default install, in more than 10 years!”
That is an excellent track record for an operating system. I’ve always been impressed by the security that Theo and his gang put into openbsd. Sometimes I think they go a little too far, but in the end it always seems to be the right decision. This exploit won’t stop me from ever using or reconsidering openbsd.
Over 4200 ports, 4000 pre-built packages (for i386), minor robustness improvements in package tools. Some highlights:
gstreamer-0.10 tools.
OpenOffice.org package, available through ftp for size reasons.
KDE 3.5.6 and koffice 1.6.2.
a large (> 500) number of new/updated perl modules, from CPAN, including most of the catalyst web framework.
NetBeans 5.5 Java IDE.
updated Linux emulation support by using Fedora Core libraries.
Mozilla Firefox 2.0.0.2 (with translations).
PostgreSQL 8.2.3.
openbsd is an excellent os. i should try it too.
read this article…….
http://www.munts.com/openbsd/papers/InTheJungle.html
-2501
“OpenBSD Gets Its Second Remote Exploit in 10 Years”
Right and all those other remote exploit are not for or in OpenBSD , they are in other people applications and other people third party solution , that nobody should be using anyway if one is to listen to BSD FUD and lies …
Here is the catch , it cost less to insure a GNU/Linux system then to insure a OpenBSD system , why ? Because GNU/Linux system are more secure , so there is less chance of a payout.
Otherwise OpenBSD would have zero problem insuring its user against remote exploit to the tune of million against it and advertise this on there website and making sure there vendor do the same and mention that detail all the time.
BSD is killed by its own hubris … And its users fabulations.
Why are Servers and workstation and desktop and laptop not shipping in majority with OpenBSD as default ? Because reality disagree with all BSD false claims.
Keep on blaming GNU/Linux , it certainly seem to work , no wait it don’t …
Because GNU/Linux system are more secure , so there is less chance of a payout
When was the last time that a linux distro made the claim of “Only two remote holes in the default install, in more than 10 years!” for security? I think we would all love to hear you explain to us how linux is more secure.
Why are Servers and workstation and desktop and laptop not shipping in majority with OpenBSD as default ?
Because OpenBSD is a server OS meant for server hardware. That is why you don’t see it on too many desktops or latpops. It can be used for such purposes as desktop/laptop, but not too many people do.
GNU/Linux don’t make claim … Claim is for people who don’t have hardcore data to back them up.
It’s simple more software , less hole and security breach , recognized , certified and used by military and *independant* security expert globally , where no BSD as passed the test with success.
“Because OpenBSD is a server OS meant for server hardware.”
You don’t get it , why is it then that less hardware maker ship , certify and guarantee OpenBSD as there default on servers , it snot like Desktop where Microsoft dominate everything , they are a small player on servers…
“That is why you don’t see it on too many desktops or latpops.”
No , its because will you falsely claim superiority , GNU/Linux actually fund , manage , develop and distribute its solutions there too … If you need someone to challenge you to make an OpenBSD version on Laptop and desktop consider it done.
“It can be used for such purposes as desktop/laptop, but not too many people do.”
Add every existing and known hardware solutions and you got reality. I know , I know you have been told and believe your the best , Its simply just a lie.
“Because OpenBSD is a server OS meant for server hardware. That is why you don’t see it on too many desktops or latpops. It can be used for such purposes as desktop/laptop, but not too many people do.”
A friend of mine actually uses OpenBSD on his workstation, a machine you cannot definitely identify as being a workstation or a server, it serves both purposes. Some things require basic knowledge to do (installing, configuring etc.), but that’s obvious. People installing OpenBSD first read, then think, then do. “I just deleted my files, how do I get them back?” 🙂
OpenBSD is even getting secure implementations to use with ACPI and other “modern” stuff. So the situation is constantly improving.
OpenBSD depends on 100 % functioning hardware. While “Windows” ignores hardware defects and just plays on, missing some bits here and bytes there, OpenBSD refuses to use hardware that is in unstable condition.
As it has been mentioned before, the people using OpenBSD know what they’re doing. Nobody is that stupid to install a root account without password and having telnet enabled. So the concept of “open the ports that you need, the rest keeps closed” is very secure. As you surely know, the most security problems reside between keyboard and chair. 🙂
Moulinneuf, I am suprised you still have a positive score with the way you comment on things, why do you even come here?
Default install is a key word, that means the software that OpenBSD is responsible for, including OpenSSH, Sendmail, Apache and BIND. Remote exploits in other software has nothing to do with OpenBSD, I’d don’t think Microsoft is claiming bugs in QuickTime, so why would OpenBSD claim bugs in other people’s software?
It’s no lie that when OpenBSD says, this is how OpenBSD does things, if you don’t do it the OpenBSD way you’re on your own. That how everyone does things. Using Ubuntu? Do things the Ubuntu way or you’re on your own.
The next two paragraphs, if they should be called that, make no sense what so ever, so consider this a response to them: “Snapple grasps tangos in the midmorning sun as the eagle flies over the trickling stream.” It makes just as much sense.
BSD isn’t dead, what pride OpenBSD has is based in it’s track record, one that is reasonably proven, and I don’t recall many fables being created by OpenBSD users, maybe you could tell as a yarn or two?
A majority of servers, workstations, desktop computers and laptops ship with Windows, is this because of the false claims of Redhat, SuSE and OS/2?
I don’t recall anyone blaming GNU/Linux for anything, what on earth are you on about this time?
Notice how once Linux started winning he switched his trolling from Linux to BSD? I guess at least that shows he’s got one more brain cell than tomcat; forsoever the dog developeth with digger on a wobbly Netware morn (that’s Moullineuf-speak for “However, I DO wish they would both go away”).
Tweenex I never troll and I never switched from Linux to BSD…
I switched from BSD to GNU/Linux. about 15 years ago.
“that’s Moullineuf-speak for “However, I DO wish they would both go away””
No , that’s your own gibberish … but then English UK as always been somewhat different then English CA , not that I ever said that I am an expert in any of them or representative of the language.
Janizary , Score is meaningless …
OpenSSH, Built , funded , developed by GNU/Linux.
Sendmail Built , funded , developed by GNU/Linux.
Apache Built , funded , developed by GNU/Linux.
BIND Built , funded , developed by GNU/Linux.
Any other questions ?
“so why would OpenBSD claim bugs in other people’s software? ”
I don’t know if you use it might be wise to fixes its flaws , its a logical and intelligent thing to do , well if your not BSD related that is.
“It’s no lie that when OpenBSD says, this is how OpenBSD does things, if you don’t do it the OpenBSD way you’re on your own. ”
Yes , because GNU/Linux and Windows vendor are more hard to find then OpenBSD ones …
“Do things the Ubuntu way or you’re on your own. ”
Yes because Ubuntu is not based on Debian , wait they are … not really a bright example.
“It makes just as much sense”
No , but then sense is not use with BSD.
“BSD isn’t dead, ”
Thats why its called Windows , MAc OS X , FreeBSD and OpenBSD this days …
“what pride OpenBSD has is based in it’s track record,”
What track record …
“one that is reasonably proven, and I don’t recall many fables being created by OpenBSD users, maybe you could tell as a yarn or two?”
Type OpenBSD in Google or any News search …
“is this because of the false claims of Redhat, SuSE and OS/2? ”
Yes … It don’t go too well when you tell people its good for server use something else for Dekstop or when you tell people to use Windows on your own hardware when you have OS/2 …
“I don’t recall anyone blaming GNU/Linux for anything”
http://www.forbes.com/intelligentinfrastructure/2005/06/16/linux-bs…
http://kerneltrap.org/node/6550
http://os.newsforge.com/os/05/06/09/2132233.shtml?tid=8&tid=2
http://www.openssh.com/donations.html
“what on earth are you on about this time?”
Nothing as usual just talking reality.
Not BSD made up stuff …
> OpenSSH, Built , funded , developed by GNU/Linux.
Catch a clue: OpenSSH is from the OpenBSD team.
“Catch a clue”
I got clue , you just don’t like BSD , dead in own pool , by itself. ( reference game of clue )
“OpenSSH is from the OpenBSD team”
Yes …
“Built”
Can you certify and testify no GNU/Linux built patch was offered and included ? You certainly will claim otherwise , but that just not the reality.
“Funded”
All BSD have GNU/Linux donators , funders , contributors.
“Developed.”
Yes , GNU/Linux developer can and have contributed to other projects.
“by GNU/Linux.”
Read not exclusive to , but worthy majority.
And BIND predates Linux by 5 years, and Sendmail by 10.
I never said was created , founded , co-founded I said :
Built , funded , developed by GNU/Linux.
But if someone develops something it normally means they did most of the work. I think the word you’re looking for is “contributed”. After all, many organisations contributed to Linux (for example, SGI ported XFS), but people don’t say that SGI developed Linux.
Edited 2007-03-14 21:48
“But if someone develops something it normally means they did most of the work.”
Yes.
“I think the word you’re looking for is “contributed”. ”
No , I know the difference on that one and it does not have a similar meaning , that can be seen as something else.
“After all, many organisations contributed to Linux (for example, SGI ported XFS), but people don’t say that SGI developed Linux. ”
GNU/Linux work on SGI hardware how according to people ? …
“GNU/Linux work on SGI hardware how according to people ? …”
It works because SGI contributed code to Linux (at least I assume they did). Anyway, it’s not worth arguing about the meaning of words.
Edited 2007-03-14 22:14
“It works because SGI contributed code to Linux”
No , it work because SGI paid developer to work full time to make the OS work with the hardware , see a contributor is normally someone who just offer a patch or contribution , not someone who is paid to do it full time and who develop it entirely.
“it’s not worth arguing about the meaning of words.”
Its you who is arguing , I use the correct word and I pointed out some facts people don’t like to be reminded of.
But the developer didn’t develop Linux. He developed some code and then contributed it to Linux. See the difference? Anyway, I’ll shut up now.
Edited 2007-03-14 22:43
“But the developer didn’t develop Linux. ”
I guess me , reality and the result disagree with you …
You want to put down others work , fine , you wont get me to agree to your revised , rewritten , reworded to your specific lie ( something that is not true , not implying your a pathologic liar ).
“He developed some code and then contributed it to Linux.”
Is job was to develop GNU/Linux on SGI hardware. He did not build is code on GNU/Linux , because he/they supported the platform from scratch.
” See the difference? ”
Yes , as to do wit me being a contributor and not a developer.
“Anyway, I’ll shut up now.”
Dont , If you got something to say do it , or go do something else , no need to shut up.
Do you realize that half of the problem people have with you is the way you present your arguments?
The fact that few can understand you without rereading your post several times does not help matters.
“Just talking reality…”
Everyone speaks from their own reality. That’s no excuse. If you want people to get ANYTHING out of what you’re saying, please please please PLEASE rethink how you present yourself! How you present arguments!
Oh, and try backing up what you say with some facts. Or else you are indeed trolling. Period. If someone sticks to a pov that’s unpopular they will likely be labeled a troll, this is true. A good way to guard against it is to present FACTS, preferably as unbiased a source as possible, and present your arguments clearly and concisely.
Then at the very least most people would disagree with you…You’d maintain some dignity however.
“is the way you present your arguments?”
I present fact people don’t like to hear or be reminded of. Yes , I am aware that some people don’t like to be reminded of them.
“The fact that few can understand you”
Is because not many people know what I am talking about. People see Moulinneuf , they assume its badly written and wrong , its usually right and written without errors in basic english.
” That’s no excuse”
Look reality is the same for everyone , own world and view of the world can be different , but reality is always the same.
“rethink how you present yourself! How you present arguments! ”
I use my real name , I present facts , I try and explain them as best as I can , if its not sufficient for you , then sorry I am not up to your standards of presentations.
“try backing up what you say with some facts. ”
I always do. I only use facts.
“Or else you are indeed trolling.”
No , Troll are never on subject and don’t offer facts like I do. They usually attack the people and there presentations and what they try to discuss.
“if someone sticks to a pov that’s unpopular they will likely be labeled a troll”
Yes , but then I am not making my pov known. I offer facts.
” good way to guard against it is to present FACTS”
Like I always do.
“preferably as unbiased a source as possible”
preferably , or you offer all side , so that people can make up there own mind.
“and present your arguments clearly and concisely. ”
Thats what I always do.
“Then at the very least most people would disagree with you.”
That’s assuming people are wrong or right most of the time , even the most clueless of people sometime are right and even the brightest of the few are wrong.
“You’d maintain some dignity however.”
I have honor , dignity and respect for myself and my ancestry and family.
You do know , your post was off-topic and an insult disguised as some help that most people believed as true and sincere …
The OpenBSD team wrote openssh and the openssl libraries. They wrote openssh because the gnu ssh server, lsh, really sucks.
http://www.lysator.liu.se/~nisse/lsh/
If you think that Linux built and developed openssh, you need to get your facts straight before speaking again.
BSD don’t Bash GNU/Linux … Wait your offering the proof to the contrary needed to show I was right … What can I say ? Tanks , but It was not need.
http://www.frsirt.com/english/advisories/2005/1979
You where saying …
BTW that’s Exploit 3 and 4 for remote exploit … If one is to believe BSD lies … Witch I don’t …
like I said Built , funded , developed by GNU/Linux
That is MANDRIVA, which is not OpenBSD. Their implementation of OpenSSH had bugs… deal with it.
Yes , its Mandriva who did the work and have a paid developer who fixed OpenSSH a BSD project.
Yes it had bugs , in all OpenSSH , yes that bug was fixed.
it was dealt with by expert who know what they are talking about and doing.
Dude seriously, you are completely ignorant. Note in ignorant I am meaning you have no clue whatsoever what you are talking about.
The OpenBSD team wrote and *STILL* maintains OpenSSH. From http://openssh.org :
This site Copyright © 1999-2006 OpenBSD. $OpenBSD: index.html,v 1.258 2007/03/09 19:25:09 deraadt Exp $
I would consider writing software justifies the word “Built” as you like to say even thought the proper term would be “developed”. The fact is that the OpenBSD project wrote OpenSSH for their own bsd derivative and have a version called “Portable OpenSSH” that has been ported to other posix environments such as Linux.
Sure some Linux distributions that USE OpenSSH might have been the very first to patch it (Like that link you stated). That does not in any what mean that openssh was built or funded by Linux. It just means that Linux distributions might have fixed some issues or added patches to improve it.
Get a clue what you are talking about please. I am not bashing Linux because Linux Systems Administration happens to be my day job and passion. You are trolling about something you have proven you don’t understand. Stop.
“seriously”
Sadly , the one who is serious is me.
“you are completely ignorant.”
Not at all.
“Note in ignorant I am meaning you have no clue whatsoever what you are talking about. ”
No , but I guess it give people like you comfort to think the opposite.
“The OpenBSD team wrote and *STILL* maintains OpenSSH.”
Yes.
“I would consider writing software justifies the word “Built” as you like to say even thought the proper term would be “developed”. ”
I am not the one who is denying BSD involvement … Just there miss-representation of other’s work.
“That does not in any what mean that openssh was built or funded by Linux. ”
No , for me to say such a thing there should be a trail of donator , funder , money contributor who are know GNU/Linux advocate , user , contributor , developer. Also GNU/Linux company who donated money , developer , ressource.
But then , no , in your own bubble that can never happen.
“It just means that Linux distributions might have fixed some issues or added patches to improve it. ”
No , its what your trying to suggest , because , you cant admit or tolerate reality. Why don’t you audit the OpenSSH project completely , Logs since its start , financial since its creation , etc … you wont like what you discover.
“I am not bashing Linux because Linux Systems Administration happens to be my day job and passion.”
GNU/Linux suck , but since its my day job to fix its problem , its ok for SEJeff to lie about it … Question , why is it that BSD as so many GNU/Linux worker ?
“You are trolling about something you have proven you don’t understand.”
I ain’t trolling , I understand perfectly , unlike you , but I guess your a special case when you contribute to BSD , your not a GNU/Linux developer and contributer and user anymore , because you see you entire the SEJeff zone where you become the only one to do that and you become somebody else.
Sorry to disappoint but your not unique at all , GNU/Linux Developer work on all platform on all project they can contribute to , and they fund what they can.
If you are unhappy at a GNU/Linux company , find a job at a BSD one …
Time out!
There is something very, very, wrong here.
I’m usually mildly critical of the mod system here on OSNews. But in Moulineuf’s case it has become positively pathogenic.
I’ve just had a look over his recent posting history. He has regularly gotten modded to -4 and -5. And it is absolutely not deserved.
Read the posts.
Moulineuf makes some good points. I agree with much of what he says. I disagree with other points that he makes.
I do not want to go into particulars because that is not what is important right now.
Even the OSNews staff has taken some rather unbecoming, and undeserved, potshots at him at times. (That’s you, Thom.)
I get the impression that it has become a pastime for some.
This is an example of what a minority with an itchy trigger finger can do to abuse an otherwise “sort of OK” mod system.
OSNews is a better forum than that. I *know* we are… for the most part.
We’re *supposed* to be a celebration of diversity, right?
Where we agree we agree. Where we disagree, we can learn to agree to disagree… and probably learn more in that process than when we do happen to agree.
Sorry for venting like this, but I have watched this travesty continue for *far* too long.
Next time you feel like modding someone down for expressing their opinions… get a life instead.
Yeah, I’ll probably regret this in the morning. 😉
-Steve
Edited 2007-03-15 01:08
I modded you up and very much disagree with him. Actually, he seems an awful lot like NotParker, but I don’t think they are one and the same.
He has a few issues that he really passionately believes in and seems to either:
– Purposely troll and try to piss people off because he has nothing better to do
– Not fully understand what he is talking about.
I’m actually hoping it is the latter and not the former.
SEJeff,
I disagree. And I am very sincerely baffled by people’s reactions to him.
I respect you. And I am sincerely interested in just *why* you find his posts to be trollish and/or uninformed.
I find his opinions to be as worthwhile as anyone’s here in these forums.
Then again, Linux Freak that I am, I did defend NotParker, too. (Even when it hurt to do so!)
As I said in my previous post, we should be celebrating diversity.
Edited 2007-03-15 03:30
“Then again, Linux Freak that I am, I did defend NotParker, too. (Even when it hurt to do so!)”
I know your pain
“As I said in my previous post, we should be celebrating diversity.”
Indeed we should but constantly spouting nonsense like “BSD is dead”, “BSD is a traitor license”, “BSD isn’t the right solution for anything” etc and dragging every damn topic about BSD down to a pointless flamewar isn’t diversity, it’s off topic stupidity.
Well, I suppose it is time for me to review the evidence.
I thank you guys for your responses.
I think you are sincere.
I’m still a bit baffled, though; Perhaps Tomcat will lend me his clue phone again. 😉
BSD is good and still very much alive. I personally know several FreeBSD developers who couldn’t be happier with porting DTrace and ZFS to FreeBSD. Saying FreeBSD is dead is a slight misnomer…
Saying that Linux is overpowering all other posix operating systems is true to an extent. It seems like high end unix (HP-UX, AIX, Solaris, z/Os) are being hurt more than anything else by Linux. Linux is also hurting BSD marketshare ever since the Linux TCP/IP stack is as fast or faster than the FreeBSD one. (as of two or three years ago roughly).
Now, saying that Linux funds or builds core software that was written by BSD developers is VERY WRONG and probably angers developers like Theo De Raat who have worked so incredibly hard on things like OpenSSH. That is what pissed me off about his misinformed post, saying that Linux “Built and developed OpenSSH”.
Give credit where credit is due. Linux kicks ass, but it wouldn’t kick quite as much ass without some of the work done by BSD folks. Saying BSD is irrelevant is a good joke.
Also note I’m saying this from my Ubuntu work laptop.
“””
BSD is good and still very much alive. I personally know several FreeBSD developers who couldn’t be happier with porting DTrace and ZFS to FreeBSD. Saying FreeBSD is dead is a slight misnomer…
“””
I had a chat with Kreskin last night and he acknowledged that FreeBSD was alive and kicking.
We had a jolly-O time erasing a bunch of wall scrawls. You shoulda been there. 😉
“””
Saying that Linux is overpowering all other posix operating systems is true to an extent. It seems like high end unix (HP-UX, AIX, Solaris, z/Os) are being hurt more than anything else by Linux. Linux is also hurting BSD marketshare ever since the Linux TCP/IP stack is as fast or faster than the FreeBSD one. (as of two or three years ago roughly).
“””
You said that. I didn’t.
“””
Now, saying that Linux funds or builds core software that was written by BSD developers is VERY WRONG and probably angers developers like Theo De Raat who have worked so incredibly hard on things like OpenSSH. That is what pissed me off about his misinformed post, saying that Linux “Built and developed OpenSSH”.
Give credit where credit is due. Linux kicks ass, but it wouldn’t kick quite as much ass without some of the work done by BSD folks. Saying BSD is irrelevant is a good joke.
“””
I didn’t say any of that. I said that modding someone down to -4 and -5 on a regular basis for saying things that some do not agree with is wrong.
I actually agree with most of what you say in this post.
But the proper channel for dealing with these kinds of issues is face to face, with arguments. Not abuse of the mod system.
I’m not saying that you did that. You stand up and say what is on your mind and I respect that. I think that most of the modders down are likely quite anonymous about it.
But it happened… is an obvious abuse… got my dander up, and I said something about it.
So there! 😉
Edited 2007-03-15 18:31
I didn’t say any of that. I said that modding someone down to -4 and -5 on a regular basis for saying things that some do not agree with is wrong.
I actually agree with most of what you say in this post.
But the proper channel for dealing with these kinds of issues is face to face, with arguments. Not abuse of the mod system.
I agree with the idea, but in practice it does no good, and it floods every thread with useless posts.
Take a look at the many threads where myself, and others have confronted this troll. It’s pointless.
I would be extremely happy if osnews would implement a blacklist feature, so that users could choose to blacklist trolls, taking away the temptation of replying to their inane posts.
Edited 2007-03-15 19:15
Not really a blacklist feature but more of an ignore feature. Maybe we should ask Adam Scheinberg (http://osnews.com/staff/index.php/source/1) for this feature as he seems to be hacking on the code a lot.
It is the only feature that I really miss from OSNews, my favorite tech news website.
i to agree with your idea and i don’t mod him down even he is offtopic. But in this case your idea wont work. You cant have a debate with someone like this. Every fact he posts is only a fact in his own world. And when ever he seems something he doesnt agree with it’s just a lie or hate against linux. And it doesnt really matter if it has anything even remotely something to do with linux. if you don’t agree with his “arguments” your simply lieing.
“””
You cant have a debate with someone like this.
“””
You talk about him like he is some sort of subhuman creature.
I cannot go along with that.
I personally think that RMS is more deserving of the title of “subhuman creature”.
But I try not to discuss him like that either.
Edited 2007-03-15 20:32
That wasnt my intent. I don’t have any need to talk down to people even if i don’t agree with that they are saying or the way the act.
“””
That wasnt my intent.
“””
Hmmm. That was a bit nasty of me, wasn’t it?
Sorry. 😉
I can see that Moulineuf is not the easiest person to discuss things with.
I do think that his heart is in the right place, and that an alliance rather than an adversarial relationship would be preferable for all.
Edited 2007-03-15 20:53
“I do think that his heart is in the right place, and that an alliance rather than an adversarial relationship would be preferable for all. ”
Personally I think it’s better to continue to mod down all the inflammatory and stupid post and (unlike yours stupid truly) avoid getting into pissing contests with him.
On the other hand, what would the internet be without constant flamewars? It’s like porn, it powers the internet.
Edited 2007-03-16 03:23
No need to be sorry… If you think i went to far i would rather hear it then not hear it.
“You talk about him like he is some sort of subhuman creature.”
“I cannot go along with that.”
Hey, he’s french-canadian, isn’t he?
(Ok, that was very low
)
But seriously, I agree. It’s not a good thing to talk about someone else that way.
You asked why I was griping about the parent poster and I told you why he reminded me of NotParker. None of the complains were directed towards you.
If they were taken that way, I apologize.
“Saying that Linux is overpowering all other posix operating systems is true to an extent.”
It has taken a certain time for Linux gain POSIX compatibility. Because FreeBSD has been mentioned (and is a BSD as well), I’d like to give the following examples:
FreeBSD offers completely POSIX standardized thread control, while Linux had to use libpthread and fork(), which does not conform to POSIX.
FreeBSD is 64 bit for years. For example, fstat() is using off_t parameters which are 64, while Linux used size_t parameters at 32 bit, for 64 bit there was the fstat64() workaround. Every system calls are 64 bit in FreeBSD.
FFS / UFS uses soft updates instead of journaling. Metadata is written asynchronously in a defined order which keeps the file system (on disk status) in a consistent state between the writing calls. With journaling, metadata is written twice, to the journal and to the file system itself – asynchonously. They are erased from the journal after having been written to the file system. This may lead to data loss under certain circumstances.
BSD’s C library is smaller, while the funcionality is almost the same.
Linux does use long options for command line parameters, BSD doesn’t. (Attention, this is for the system utilities.)
GNU/Linux distributions have a file system layout that is sometimes a bit untidy. In BSD, all installed applications reside in /usr/X11R6/ and /usr/local/, and with the discussed possibility to abolish the first one, everything outside /usr/local/ does belong to the system.
Please note the excellent documentation: The handbook, the high quality manpages, which include entries for every file of the base system, as well as all kernel interfaces. No need to search around the kernel source.
These examples are no “versus” statements! Especially in the last point I made I would see an opportunity for Linux to improve.
“It seems like high end unix (HP-UX, AIX, Solaris, z/Os) are being hurt more than anything else by Linux. Linux is also hurting BSD marketshare ever since the Linux TCP/IP stack is as fast or faster than the FreeBSD one. (as of two or three years ago roughly).”
Oh how I love “market share”! 🙂 Now I’d like to mention what Moulinneuf constantly is complaining about: The BSD license. As it has been mentioned before, this is a kind of “rape me license”, so other projects can silently benefit from the work done in BSD. But that’s freedom, isn’t it? If I want to allow someone using making money and getting market share using the work I did, I may, and he may, too.
I see Linux developing into the right direction, it could “pull” BSDs into the circle of interest along with it so they get more “usage share”.
“Now, saying that Linux funds or builds core software that was written by BSD developers is VERY WRONG and probably angers developers like Theo De Raat who have worked so incredibly hard on things like OpenSSH.”
It could be proofed you’re correct (and Moulinneuf is wrong, allthough he constantly claims the opposite, same for licensing stuff “BSD-like”).
“Linux kicks ass, but it wouldn’t kick quite as much ass without some of the work done by BSD folks.”
I completely agree. Both Linux and BSD can improve, and they show their strength by doing this.
“Saying BSD is irrelevant is a good joke.”
Yes, a bad one. 🙂
“Also note I’m saying this from my Ubuntu work laptop.”
And I’m saying this from my FreeBSD system at home, just on my way to work where the Solaris system is waiting. 🙂
“I’m usually mildly critical of the mod system here on OSNews.”
I prefer expressing agreement, disagreement, judging or feeling about someone’s post by providing own text / content.
“I’ve just had a look over his recent posting history. He has regularly gotten modded to -4 and -5. And it is absolutely not deserved.”
I think he has, because most of his posts are offensive up to insulting, in my opinion.
“Read the posts.”
I don’t know about others, but personally I have some problems understanding what he’s talking about. English is not my native language and this seems to be right for him, too.
“Moulineuf makes some good points. I agree with much of what he says.”
Yes, I do the same, but I do this for very very few points he made.
“I disagree with other points that he makes.”
I feel this is right for most of the ones trying to discuss with him.
“We’re *supposed* to be a celebration of diversity, right?”
By definition, we are. But we should respect each other instead of shouting silly stuff like “Your OS is shit” or “Nobody should use this OS”.
“Sorry for venting like this, but I have watched this travesty continue for *far* too long.”
You’re welcome. 🙂
“Next time you feel like modding someone down for expressing their opinions… get a life instead.”
That’s why I usually don’t use the mod system (nearly only mod++) and express feelings, facts and other means of argumentation with an own post.
“Moulineuf makes some good points. I agree with much of what he says. I disagree with other points that he makes. ”
Even a blind chicken can find a seed. 99% of his posts are nothing but blatant attacks and misinformation against BSD and the BSD license (ok, maybe not 99% but still).
“I get the impression that it has become a pastime for some.”
That could be because it is his pastime to poison every topic involving BSD in any way with his nonsense and misinformation.
Of course, if we could just avoid getting dragged into his pointless flamewars it would be much less of a problem.
(Note: I *have* modded him up on some of those rare occasions where he actually makes a good point)
Edited 2007-03-15 03:52
BSD don’t Bash GNU/Linux … Wait your offering the proof to the contrary needed to show I was right … What can I say ? Tanks , but It was not need.
http://www.frsirt.com/english/advisories/2005/1979
You where saying …
BTW that’s Exploit 3 and 4 for remote exploit … If one is to believe BSD lies … Witch I don’t …
like I said Built , funded , developed by GNU/Linux
With very small contribution like that, “observe” is much more suitable word.
“With very small contribution like that”
Add them all up from all the participant and you have GNU/Linux , its not because you decide to deride , ridicule and put it down , ignore fact and hide information relating to its origins and work of other’s that it’s somehow accepted as irrelevant , if it truly where the code would not be used in BSD itself.
“”observe” is much more suitable word.”
No , its called one example and fact , of witch in this case there are many more. The observation that you lack knowledge of the subject of there existence and that you deny they exist and are contributing factor to the software working properly is just a proof that you should not be considered as accurate in this discussion.
“The OpenBSD team wrote openssh and the openssl libraries.”
They didnt write OpenSSL.
“They wrote openssh because the gnu ssh server, lsh, really sucks.”
That’s not why they wrote OpenSSH. OpenSSH was started because Tatu Ylonen, the original author of SSH, decided to make his implementation proprietary.
Edited 2007-03-15 03:53
He has a positive score because when he says things like this in a Linux based article, the Linux zealot buddies all give him propers.
Wow, the linux zealot geezer is still alive! Please say again “I’m not a zealot because I’m not killing people because of GNU/Linux“
“the linux zealot geezer is still alive! ”
Learned a new word … nice , your improving.
geezer : a man who is (usually) old and/or eccentric , somehow I doubt you where aiming for that.
I’m not a zealot because I’m not killing people because of GNU/Linux ( copy paste does wonder ).
I usually say :
I am not a zealot as zealot kill people who disagree with there idea , since I never killed anyone for any reasons and I don’t kill people who disagree with me or for opposing ideas , your usage of the word zealot does not apply , is incorrect and is clearly based on the association with terrorist and the word zealot you have heard and seen on TV recently.
Nice of you to notcie I stopped posting for a while , you see , you have only yourself to blame for my presence 😉
“the linux zealot geezer is still alive! ”
Learned a new word … nice , your improving.
geezer : a man who is (usually) old and/or eccentric , somehow I doubt you where aiming for that.
Quote: “I switched from BSD to GNU/Linux. about 15 years ago.”
And why should I care about English vocab, I’m not native and have no intention to be a living ispell.
I’m not a zealot because I’m not killing people because of GNU/Linux ( copy paste does wonder ).
I usually say :
I am not a zealot as zealot kill people who disagree with there idea , since I never killed anyone for any reasons and I don’t kill people who disagree with me or for opposing ideas , your usage of the word zealot does not apply , is incorrect and is clearly based on the association with terrorist and the word zealot you have heard and seen on TV recently.
Excessive trolling is enough to make you a zealot.
Nice of you to notcie I stopped posting for a while , you see , you have only yourself to blame for my presence 😉
I think everyone here knows that posts from user Moulinneuf are BSD trolls. So everyone must be aware of your presence.
“And why should I care about English vocab, I’m not native and have no intention to be a living ispell.”
Its your word , you introduced it.
“Excessive trolling is enough to make you a zealot.”
That would mean you would be dead , as I tend to almost always disagree with your nonsense and bashing of GNU/Linux. I also don’t extensively troll , I actually don’t troll at all , I am almost always on subject , the fact I offer and point I make are resonating with you because you don’t like to hear them or be reminded of them.
Troll , zealot are pathetic reply to another person point and fact that you can’t actually address or show as wrong.
“I think everyone here knows that posts from user Moulinneuf are BSD trolls. ”
You don’t read them and don’t understand them , but because I ain’t a coward or liar and use my real name to identify my post , in your own explanation , I am a BSD Troll every single time I post.
“So everyone must be aware of your presence.”
not everyone read the comments at minus 5 , change your setting in your preference panel :
“Comments scored below this number are hidden from your default view”
set it to +2 or + 3 and you probably wont see almost most of my posts.
Poor Theo. He must be crushed.
Will it take him a step or two down from his ivory tower?
Nah…
News at 11.
Seriously, why don’t they use a better language that is more efficient for security purposes?
A valid point.
Counterpoint:
Only 2? In 10 years?
They seem to be doing just fine on their own
The user’s/developer’s senses of success might be quite different from somebody elses. Anyway, it’s impossible for most reasonable folk to be less than astounded at what I consider to be a true accomplishment
Like what?
How many OSes do you know that do not have the majority written in C? There is a reason for this.
Also they are adding things to the core libraries and such to specifically make them less vulnerable, and they are utilizing new functionality found in newer chips.
I believe there are some people who are indeed working on changing the fact that OSes are written in C, but so far that is very much work-in-progress.
How many OSes do you know that do not have the majority written in C? There is a reason for this.
Indeed. The advantages are so great that I can even name at least one that was actually rewritten in C, and I don’t mean Unix (AmigaOS).
Just to let everyone know, telnetd is UNAVAILABLE in OpenBSD since release 4.0
Thank <insert deity of choice here> for that!
@SEJeff:
You might want to get your facts strait too..
The OpenBSD team did write OpenSSH, But they didn’t write OpenSSL..
@Everyone else:
I’ve been a long time user of OpenBSD and OpenSSH.. “Only two remote holes in the default install, in more than 10 years!” is more then any OS can currently claim.. higher quality of code.. frequent audits.. several kernel security features.. and very skilled developers.
The Linux kernel on the other hand is a little messy..
Edited 2007-03-14 23:21
“The Linux kernel on the other hand is a little messy.. “
I found the Linux kernel and the core libraries could have a higher standard for documentation. In BSD (at least in FreeBSD), all kernel interfaces, drivers, modules system files, library functions and system utilities have their own manpage, so you just can “man fork”, “man xl” or “man stat”. In the Linux kernel you sometimes have to search a while to find the documentation somewhere enclosed in /* … */. I don’t know if that’s true at present time, but I hope the situation has improved in the last years of Linux development.
(Now as I’m talking about Linux, I refer to the Linux kernel itself, not the GNU world around it.)
I won’t enter a discussion if BSD “is better than” Linux or if everyone should avoid using BSD. Every OS family has its right to exist, its fields where it is perfect for, and its users who are happy with it.
http://www.jnode.org/
jnode doesn’t use any unsafe functions. Built with java. No buffer overflows.
Any idea if it is the most secure OS now?
Good thing is that they already altered their front page to say ‘Only two’.
Very honest people. This rather increases their trust when companies are all about hiding things which sounds any bit worse to them.
Me & my friend are joking that it only means that OpenBSD fix only two holes in last 10 years
I’m using OpenBSD from few years. I’m helping develop some security features that are not included in OpenBSD (Zophie). I even made own OBSD distro with Zophie & other tweaks. & i must say that for _me_ it is best router/server OS out there
The holes in OS are not important. The mechanism that is used to make OpenBSD secure OS is the key here. & this is what makes it so secure in real production work.
Moulinneuf: Please stop trolling. your last few post are replies or arguments that are completely out of topic. I don’t care what is Your drama. I don’t wanna read what you think about BSD licenses & Your point of view in this topic (licenses, developing software, contribution etc.), that is ABOUT OpenBSD second remotely hole & not YOUR preferences, Your reality or anything about You. So if You don’t have anything to say about TOPIC, then just shut up.
Edited 2007-03-15 12:42
I don’t troll , I will be making accurate comment and pertinent observation on topic , like here in this thread in all the next , BSD topic related article , and other topic , you don’t like what I say , then , feel free to ignore me or reply back.
“The holes in OS are not important.”
Most secure OS … or its user are a wee bit not important.
Every single BSD related thread on osnews is pretty much unreadable due to a certain troll whose name starts with ‘M’. I’m sick and tired of this bulls**t. So PLEASE, I beg every reader of this site to stop replying to him despite how ridiculous his claims are. Maybe then he’ll get bored and go back to post insightful comments in Mandriva related threads.
Case in point, I don’t recall seeing a single comment in this entire thread discussing exactly *what* the security problem was, and if it’s a problem that should be investigated in other OS’s. For the record the problem is basically an IPv6 version of the ‘ping of death’. It only affects machines than are able to receive an IPv6 packet, which generally limits it to local networks.
So could other OS’s (I’m looking at you FreeBSD & Linux) be vulnerable to something similar? IPv6 support is still rather young and not widely deployed, so it is possible, no? In any case, I think that it would be prudent to block all IPv6 access to boxes that do not require IPv6 connectivity, just as a precaution.
Ugh, what garbage.
Thanks for all the support everyone.. thought I was going a little insane.
You’re all good people