What is Digg?86 Comments
- ropers, on 10/12/2007, -1/+46see this notification:
http://article.gmane.org/gmane.os.openbsd.misc/119638
FTA:
" However, in order to exploit a vulnerable system an attacker needs to
be able to inject fragmented IPv6 packets on the target system's local
network. This requires direct physical/logical access to the target's
local network -in which case the attacking system does not need to have
a working IPv6 stack- or the ability to route or tunnel IPv6 packets to
the target from a remote network."
Given that it's this hard to exploit, that a fix is already out, that there also is a workaround for those unwilling to apply the patch, and that a new version of OpenBSD will be out in May ( http://www.openbsd.org/41.html ), the impact should be very limited, if not zero. - pickypg, on 10/12/2007, -4/+29@ransomowris
Was that just a bad joke? - Niten, on 10/12/2007, -3/+28"Newsflash, almost nobody cares about freebsd, and ABSOLUTELY nobody cares about openbsd."
My router would beg to differ. - Takuto, on 10/12/2007, -3/+28So, What you're saying is that everybody but America will adopt IPv6? And that half of America will use it anyway?
- Urusai, on 10/12/2007, -4/+29I foresee a mass migration to NetBSD, what with OpenBSD being so insecure. Not one, but two holes, it's open for business like your mother.
- theworldisround, on 10/12/2007, -2/+25I care about FreeBSD and OpenBSD. They're perfect for servers because the only security you'll ever need is pre-packaged. Plus, if you're a geek that loves a challenge getting something to work, they'll keep you busy for a while.
- gnuvince, on 10/12/2007, -3/+24pitlord: you are so off. This is the second remotely exploitable hole found in the default installation of OpenBSD. Not the second whole found in all BSDs ever.
- TenebrousX, on 10/12/2007, -4/+24@trghpy -
Yes, considering that almost the entire world uses the metric system - nailz420, on 10/12/2007, -2/+19OpenBSD team should really get their act together. 2 holes in 10 years is worse than pathetic! Hopefully if they get paid they'll be able to fix some every Tuesday for example.
- drlha, on 10/12/2007, -4/+21How many Paris Hiltons are there? Are Paris Hiltons now an entire sub-species of the human race or something?
- rofecture, on 10/12/2007, -1/+16@widman:
Yep, sounds like a troll to me. *gets out the fire torch* Back off!
Since you didn't understand his joke, you prolly won't get that one either. - megari, on 10/12/2007, -5/+20trghpy: in the way of the metric system, as in, being adopted by the whole world except for a few backward countries?
- beetjebrak, on 10/12/2007, -2/+17Umm, correction. FreeBSD and OpenBSD alike are what I would call software the way it was meant to be. These OS'es offer so much raw power and control unlike anything else I've seen out there in the real world. FreeBSD serves my team at work excellently as the backbone of our entire network infrastructure (university). This means over 10k regular desktops, a notebook for every student (an estimated 5k notebooks), ubiquitous wireless connectivity cross-campus, a crowded VPN, a whole lot of weird experimental research LAN setups that get hooked up to our stuff freely and often without asking, and a pretty busy website. The suits sadly insisted on bringing in MS Exchange. Ironic how the Exchange cluster accounts for over 90% of unplanned downtime across all servers and infrastructure components. I have yet to see FreeBSD do anything unexpected except when due to obvious human error like crossing quota limits or hardware failure (in which case it's expected to fail so does that count at all?). Oh and it NEVER got hacked yet, which is pretty good in my book knowing the environment Beastie's employed in here. Needless to say my home file/web/routing box runs excellently on FreeBSD as well. Knowing what you're doing is very helpful in most endeavours in life, same goes for UNIX system administration.
- johnwyles, on 10/12/2007, -4/+17A second kernel level bug in 10 years; it brings a tear to my eye :~)
- sashomasho, on 10/12/2007, -6/+19ignorance is bliss...
- Niten, on 10/12/2007, -0/+13That's actually sort of the beauty of OpenBSD. They have enough developers to keep the operating system under development (as well as a number of auxiliary projects, such as OpenNTPD, OpenBGPD, and OpenSSH – yes, _the_ OpenSSH), but the organization isn't so big that it becomes an immobile bureaucracy (see: Debian).
OpenBSD has a very dedicated and talented group of developers who, by all accounts, seem to love what they do and appreciate the project's unique and focused environment. I doubt they'll disband any time soon, let alone merge into another BSD... - CalipsoII, on 10/12/2007, -0/+12He speaks math people, it HAS to be the truth
- pitlord, on 10/12/2007, -14/+25Funny, this article fails to mention that it's only the second security flaw to be found in BSD, EVER!
What's funny is that a much better article that was submitted before this one did NOT get dugg up, probably because it was more informative. Why do the lamest articles always get dugg up while the truly informative articles seem to disappear? - beetjebrak, on 10/12/2007, -0/+11Nothing lasts forever, no matter how many programmers you throw at it. However OpenBSD certainly does have a place in my server rack. It would be a truly sad day to see it go. My guess is that the BSD license makes it difficult to see just how many embedded or otherwise appliance-style firewall systems run OpenBSD inside. For generic file or web servers I tend to prefer FreeBSD because of its slightly easier management but nothing beats OpenBSD on the edge of a network.
- prockcore, on 10/12/2007, -2/+12No, because OSX doesn't use a BSD kernel. The only BSD that OSX even uses are userland tools from FreeBSD (not openBSD). So ps/grep/find etc.
- Niten, on 10/12/2007, -0/+10Speaking of OpenBSD, now is a good time to pre-order your copy of 4.1: http://www.openbsd.org/orders.html
The best part is that pre-orders get shipped as soon as the CDs are ready, which can be significantly sooner than the release becomes generally available via FTP. Plus, you get Puffy stickers, fancy artwork, and that warm fuzzy feeling from knowing you're supporting the continued development of one of the best operating systems around! - widman, on 10/12/2007, -1/+9More detailed info:
Securityfocus Vuln entry http://www.securityfocus.com/bid/22901
Bugtraq post from Core http://www.securityfocus.com/archive/1/462728/30/0/threaded - GMorgan, on 10/12/2007, -3/+10No what will happen is when we run out of space on the IPv4 system we will employ Ballmer to help. When he throws a chair it will signify a 1, when he doesn't it will mean 0. This is theory doubles the number of web addresses available in IPv4.
In reality we must use IPv6, no choice is involved unless you write a third standard. - beetjebrak, on 10/12/2007, -0/+7It's not really a question of competition between the two. I'm sure there could be a team that could fork the Linux kernel and do the kind of rigorous code auditing that went into OpenBSD. However I don't really see any kind of real need for that (and hence there's no such team around, at least to my knowledge). I think we can all agree that OpenBSD on the desktop is difficult at best and masochistic at worst. The desktop and MSCE-style server admins is where Linux is heading fast right now though, which includes all the "user friendly desktop cruft" we don't need on a server, like automounters for removable media, hotplug services and *shudder* a GUI. OpenBSD is the solid block of granite upon which you can build a server with mission critical security while Linux caters to the masses. They both have their place and the more Linux tends to lean MSCE administrator crowd, the less it will be like OpenBSD and the less likely the two are to compete head on. Open Source is an ecosystem, not a rat race.
- beetjebrak, on 10/12/2007, -3/+10I hear she has quite a security hole problem though.
- selrahc, on 10/12/2007, -1/+8"Why do the lamest articles always get dugg up while the truly informative articles seem to disappear?"
Short attention spans? - baalzebub, on 10/12/2007, -1/+6well it is "Open"BSD there should be a fork named "Closed"BSD...
just kidding, the BSDs are among the most secure OSs in the world that are available to the public... - uberchaoslord, on 10/12/2007, -1/+6OpenBSD is quite frankly the most secure thing you can put at the edge of your network. Pf is also incredibly easy to learn and configure - if you've edited a text file, and have any linear thinking ability, it will be cake.
- 47f0, on 10/12/2007, -0/+5Yup. Nobody. Nobody, like, say Yahoo.com?
- mancat, on 10/12/2007, -0/+4The small number of remote holes is little more than a marketing ploy for OpenBSD. While its place as one of (if not the) most secure Unix distributions is unchalleneged, there are quite a few serious holes present in OpenBSD over recent years that are. Cross site scripting in the default Apache distribution, local kmem access, local privilege escalation, many DoS vulns, etc. Fortunately, they are all patched quickly, but there are surely more to be found in the future. Remote vulnerabilities are only a small snapshot of OpenBSD's security history.
- pinoyboy82, on 10/12/2007, -4/+8It looks like... *looks at dugg comment* hmm... 11 people care so far about freebsd or openbsd!
- dadrew1, on 10/12/2007, -4/+8THAT would be impossible. This obviously isn't impossible.
- MeltedUFO, on 10/12/2007, -1/+5I apologize, sir. It won't happen again.
- lbradeen, on 10/12/2007, -1/+5@theworldisround
I dugg you down because assuming something is secure right out of the box is not the right way to approach security. Sure obsd has only had 2 remote holes in the default install in 10 years but that's no reason not to audit your system, especially once you start installing software on it and configuring it. - bourneagain, on 10/12/2007, -0/+3Look guys, I'm not saying that FreeBSD and OpenBSD aren't GREAT operating systems. In fact quite the opposite. They're awesome. It's just that they're going the way of the dodo. Yes lots of people still use OpenBSD and FreeBSD. But if you think those numbers aren't shrinking, you're kidding yourself.
I love BSD. I use solaris. That doesn't mean people care about it, just because I do, or because it's a good OS. - ropers, on 10/12/2007, -0/+3The rumours of OpenBSD's imminent demise are greatly exaggerated:
http://en.wikipedia.org/wiki/Comparison_of_BSD_operating_systems#Popularity
And, to recap:
The OpenBSD project has brought the world:
- OpenBSD, without which a lot of security-conscious organizations would be up ***** creek.
- OpenSSH, which is feckin EVERYWHERE. Probably on your Windows and Linux box as well.
- PF (http://en.wikipedia.org/wiki/PF_%28firewall%29 ), which I dare say is the best packet filter in the world and OpenBSD + PF + basic admin competence = the best firewalls in the world. PF is now being used by FreeBSD, NetBSD and DragonFlyBSD as well. Oh, and Core, the very same guys who discovered this vulnerability, have made Core Force, a free firewall/security product for Windows, based on PF (http://en.wikipedia.org/wiki/Core_force ), so even Windows can be more secure because of the OpenBSD project.
- OpenNTPD
- OpenBGPD
- OpenOSPFD
- OpenBSD has lobbied a lot of vendors real hard to release HW documentation, without which your Linux box probably wouldn't have some of the drivers it's got.
And in addition to that, OpenBSD have led by example, and demonstrated best practices when it comes to security. Note that for OpenBSD to have a remotely exploitable vulnerability discovered is big news; other OSes often have many known unpatched vulnerabilities (sometimes remotely exploitable) for days, week or months on end: http://en.wikipedia.org/wiki/Comparison_of_operating_systems#Security - zecrose, on 10/12/2007, -1/+4"Remember remember the seventh of March
the hole Core Security caught.
I see no reason why mubfs and patch
Should ever be forgot..." - mancat, on 10/12/2007, -0/+2No. Please look at any Secunia, SecurityFocus, etc. listing of vulnerabilities. I am referring to the default install.
- robdazomba, on 10/12/2007, -1/+3The U.S. uses both.
- xchino, on 10/12/2007, -1/+3Wow, I'm going to assume English isn't your native language, because that was some of the worst English I've ever had the displeasure of reading. Apart from that, no BSD flavors "control the interweb", Cisco IOS does. Even Linux has far greater penetration in the server market, and BSD itself isn't inherently secure, only OpenBSD which has undergone rigorous auditing and selective package management for the default install.
- EvolvedFromApes, on 10/12/2007, -0/+2pf is still the only filtering software I understand. I haven't bothered to learn any others but I just haven't had a need. pf does what I require.
- nOOBert, on 10/12/2007, -2/+4For those that done understand the reason why this is imported done have a clue what BSD and its verints bring to the table. BSD's flavors pretty much control the interweb. They are the most most secure and stable OS out there. I know BSD boxs that have uptimes of well over 3 years probably much longer. I want to see you do that with windows. :)
BSD can normally be found in items that the general public never sees or thinks of. It is used is high quility servers, switches, routers, firewalls, basiclly any network appliances.
It does see its fair share of people trying to hack it for the fact that it is used so much in network tech. You never hear about it being hack because well it is pretty hard.
However the general public will probably never use BSD (mainly net or open) bsd because it is not ment for general use applications such as windows or OSX. Its focus is its security and its flexablity but has a high learning cost to it.
Take this for what its worth. this is just how i see bsd. :) /me goes back to installing a flavor of bsd as a file server. - kdrlx, on 10/12/2007, -2/+4@trghpy
Most countries, use metric system. I dont know why the US is stubborn about not using it. - psxman, on 10/12/2007, -0/+2http://en.wikipedia.org/w/index.php?title=ClosedBSD&oldid=86937552
- joflow, on 10/12/2007, -1/+3"No, because OSX doesn't use a BSD kernel. The only BSD that OSX even uses are userland tools from FreeBSD (not openBSD). So ps/grep/find etc."
Actually, XNU is a hybrid kernel .
http://en.wikipedia.org/wiki/Xnu
"With Mac OS X, the designers have attempted to streamline certain tasks and thus BSD functionalities were built into the core with Mach. The result is a combination of Mach and a classical BSD kernel, with some advantages and disadvantages of both." - knomevol, on 10/12/2007, -0/+2openbsd is the absolute best unix to run on perimeter, guard duty, and hosting applications that need to be kept very secure.
a second hole in ten years? a testament to theo de'raadt and his genius. - ropers, on 10/12/2007, -0/+2I see my link to the other earlier digg post got dugg down. I didn't post that link to be anal but simply to give people an opportunity to read the comments at that other thread (and also because I didn't feel like reposting my own comments to that thread here).
And now for something completely different:
To those of you complaining that this isn't front page material -- consider this:
- If something only happens once in a blue moon, then it's certainly news when it happens.
- I run OpenBSD machines. When a remotely exploitable hole in OpenBSD is discovered I want to know about it, even if the real risk is comparatively small. I suspect others who depend on OpenBSD to protect their Windows boxes or Intranet or what have you will probably feel the same way. Sure, most average Joes don't have OpenBSD firewalls at home (I do), but some diggers have fat jobs where they look after significant infrastructure assets and need to know to keep everything up to scratch. - jon314, on 10/12/2007, -0/+1Not enough to wipe the smug grin off Puffy's face, I'm afraid.
http://en.wikipedia.org/wiki/Image:Paintedpuffy1000X907px.gif - topicnation, on 10/10/2007, -0/+1Sounds interesting... I'm not impressed. Not even a bit. http://cakeguru.blogspot.com
- neuroticus, on 10/12/2007, -3/+4Interesting. Do you see the BSD kernel eventually replaced by the Linux kernel 10 years from now in ultra-secure/reliable servers? You mention nothing lasts forever, but somethings last for a long time and Linux is set to last for a long time... do you see them living side by side in the server scene, for instance healthy competitors? Or do you envision a day sometime soon when BSD will retire to its place in computing hall of fame?
-
Show 51 - 85 of 85 discussions
Digg is coming to a city (and computer) near you! Check out all the details on our 
© Digg Inc. 2009
— Content created and posted by Digg users is 