| version 1.5, 2000/04/21 19:38:12 |
version 1.6, 2000/04/21 19:59:23 |
|
|
| <p>Many users have commented on their use of OpenBSD. |
<p>Many users have commented on their use of OpenBSD. |
| The following are all extracts from our public mailing lists or, |
The following are all extracts from our public mailing lists or, |
| occasionally, other mailing lists (these have links to the original articles). |
occasionally, other mailing lists (these have links to the original articles). |
| Postings have been shortened, and edited slighly for spelling and grammar, |
Postings have been shortened, and edited slightly for spelling and grammar, |
| but are otherwise unchanged. |
but are otherwise unchanged. |
| |
|
| <h2>Matthew Haas says this:</h2> |
<h2>Matthew Haas says this:</h2> |
|
|
| in-house SuSE zealot of sorts on a compatibility, stability and security |
in-house SuSE zealot of sorts on a compatibility, stability and security |
| test in advance of them selecting an operating system for their servers |
test in advance of them selecting an operating system for their servers |
| (which, while using RedHat, had been rooted at least once). OpenBSD passed |
(which, while using RedHat, had been rooted at least once). OpenBSD passed |
| with flying colours and as of today, they're beginning a rollout of 2.6 |
with flying colors and as of today, they're beginning a roll-out of 2.6 |
| onto their servers, mostly using stock components and software from the |
onto their servers, mostly using stock components and software from the |
| ports tree (qmail, cucipop etc). |
ports tree (qmail, cucipop etc). |
| |
|
|
|
| |
|
| <h2>Security Engineer Tyler Allison writes:</h2> |
<h2>Security Engineer Tyler Allison writes:</h2> |
| <p> |
<p> |
| I have installed, secured, and maintained Linux, WindowsNT and OpenBSD in |
I have installed, secured, and maintained Linux, Windows NT and OpenBSD in |
| highly secure environments. (yes you can secure Linux and WindowsNT in |
highly secure environments. (yes you can secure Linux and Windows NT in |
| this environment :) ). Having said that I have to point out that if you |
this environment :) ). Having said that I have to point out that if you |
| want a minimum administration to keep up with security issues option you |
want a minimum administration to keep up with security issues option you |
| need to pick OpenBSD by far. It is not uncommon for people to go years without |
need to pick OpenBSD by far. It is not uncommon for people to go years without |
|
|
| any (important) machine on the Internet if there is not a firewall in |
any (important) machine on the Internet if there is not a firewall in |
| front and for packet filtering I go for OpenBSD... |
front and for packet filtering I go for OpenBSD... |
| <p> |
<p> |
| For a cheap webserver I say hardware from a known vendor, an ordered |
For a cheap web server I say hardware from a known vendor, an ordered |
| OpenBSD CD-ROM and Apache... |
OpenBSD CD-ROM and Apache... |
| |
|
| |
|
|
|
| 9:05PM up 266 days, 4:23, 1 user, load averages: 0.06, 0.06, 0.06 |
9:05PM up 266 days, 4:23, 1 user, load averages: 0.06, 0.06, 0.06 |
| %</pre> |
%</pre> |
| <p>As well, OpenBSD runs on my laptop. |
<p>As well, OpenBSD runs on my laptop. |
| A Gateway Solo 2500 with a Xircom modem, and a Linksys fast ethernet NIC. |
A Gateway Solo 2500 with a Xircom modem, and a Linksys fast Ethernet NIC. |
| <p> |
<p> |
| And it never crashes :) |
And it never crashes :) |
| <p> |
<p> |
| One other incident that made me a believer... we were pingbombed |
One other incident that made me a believer... we were pingbombed |
| [perhaps a predecessor to the early2000 DDOS attacks?]. I mean, |
[perhaps a predecessor to the early2000 DDOS attacks?]. I mean, |
| 900 different hosts on different networks floodpinging an OpenBSD 2.3 box |
900 different hosts on different networks floodpinging an OpenBSD 2.3 box |
| simultaneously, while it was processing email and webpages for 3500 users. |
simultaneously, while it was processing email and web pages for 3500 users. |
| <p> |
<p> |
| It was a P133 with 64MB ram. And it didn't go down. It got a bit slower, |
It was a P133 with 64MB ram. And it didn't go down. It got a bit slower, |
| but never crashed :-) |
but never crashed :-) |
|
|
| Crypto-Gram</a>:</h2> |
Crypto-Gram</a>:</h2> |
| (the comments he is responding to are Schneier's) |
(the comments he is responding to are Schneier's) |
| <br> |
<br> |
| <br>< Real systems show no signs of becoming less |
<br>> Real systems show no signs of becoming less |
| <br>< complex. In fact, they are becoming more complex, |
<br>> complex. In fact, they are becoming more complex, |
| <br>< faster and faster. Microsoft Windows is a poster |
<br>> faster and faster. Microsoft Windows is a poster |
| <br>< child for this trend to complexity. |
<br>> child for this trend to complexity. |
| <br> |
<br> |
| <br>... |
<br>... |
| <br> |
<br> |
| <br>< The other choice is to slow down, to simplify, |
<br>> The other choice is to slow down, to simplify, |
| <br>< and to try to add security. |
<br>> and to try to add security. |
| <p> |
<p> |
| OpenBSD does this. <I>I am unaware of any other group whose workings |
OpenBSD does this. <I>I am unaware of any other group whose workings |
| are publicly viewable that does so</I> [emphasis added], which is regrettable, because |
are publicly viewable that does so</I> [emphasis added], which is regrettable, because |
|
|
| <p>Major kudos to Theo for being a man ahead of his time! ;-) |
<p>Major kudos to Theo for being a man ahead of his time! ;-) |
| <p>As I have to frequently explain to people *why* security is important at |
<p>As I have to frequently explain to people *why* security is important at |
| all ("if you have nothing to hide...", "nothing you do is important enough to |
all ("if you have nothing to hide...", "nothing you do is important enough to |
| warrent encryption...", "only criminals and terrorists need to sneak around |
warrant encryption...", "only criminals and terrorists need to sneak around |
| anonymously...", etc. ad nauseam), let alone *why* it's important in this day |
anonymously...", etc. ad nauseam), let alone *why* it's important in this day |
| and age of personal networks behind a DSL or even a full T1, I love being able |
and age of personal networks behind a DSL or even a full T1, I love being able |
| to point them to a page which sets out a well-reasoned explaination for taking |
to point them to a page which sets out a well-reasoned explanation for taking |
| computer security seriously. |
computer security seriously. |
| <p>[... OpenBSD installed] |
<p>[... OpenBSD installed] |
| effortlessly onto a Pentium 90 Compaq LTE 5100 laptop -- even the no-name |
effortlessly onto a Pentium 90 Compaq LTE 5100 laptop -- even the no-name |
![[BACK]](/icons/back.gif){kind=icon}
Return to testimonials.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www