version 1.5, 2000/04/21 19:38:12 |
version 1.6, 2000/04/21 19:59:23 |
|
|
<p>Many users have commented on their use of OpenBSD. |
<p>Many users have commented on their use of OpenBSD. |
The following are all extracts from our public mailing lists or, |
The following are all extracts from our public mailing lists or, |
occasionally, other mailing lists (these have links to the original articles). |
occasionally, other mailing lists (these have links to the original articles). |
Postings have been shortened, and edited slighly for spelling and grammar, |
Postings have been shortened, and edited slightly for spelling and grammar, |
but are otherwise unchanged. |
but are otherwise unchanged. |
|
|
<h2>Matthew Haas says this:</h2> |
<h2>Matthew Haas says this:</h2> |
|
|
in-house SuSE zealot of sorts on a compatibility, stability and security |
in-house SuSE zealot of sorts on a compatibility, stability and security |
test in advance of them selecting an operating system for their servers |
test in advance of them selecting an operating system for their servers |
(which, while using RedHat, had been rooted at least once). OpenBSD passed |
(which, while using RedHat, had been rooted at least once). OpenBSD passed |
with flying colours and as of today, they're beginning a rollout of 2.6 |
with flying colors and as of today, they're beginning a roll-out of 2.6 |
onto their servers, mostly using stock components and software from the |
onto their servers, mostly using stock components and software from the |
ports tree (qmail, cucipop etc). |
ports tree (qmail, cucipop etc). |
|
|
|
|
|
|
<h2>Security Engineer Tyler Allison writes:</h2> |
<h2>Security Engineer Tyler Allison writes:</h2> |
<p> |
<p> |
I have installed, secured, and maintained Linux, WindowsNT and OpenBSD in |
I have installed, secured, and maintained Linux, Windows NT and OpenBSD in |
highly secure environments. (yes you can secure Linux and WindowsNT in |
highly secure environments. (yes you can secure Linux and Windows NT in |
this environment :) ). Having said that I have to point out that if you |
this environment :) ). Having said that I have to point out that if you |
want a minimum administration to keep up with security issues option you |
want a minimum administration to keep up with security issues option you |
need to pick OpenBSD by far. It is not uncommon for people to go years without |
need to pick OpenBSD by far. It is not uncommon for people to go years without |
|
|
any (important) machine on the Internet if there is not a firewall in |
any (important) machine on the Internet if there is not a firewall in |
front and for packet filtering I go for OpenBSD... |
front and for packet filtering I go for OpenBSD... |
<p> |
<p> |
For a cheap webserver I say hardware from a known vendor, an ordered |
For a cheap web server I say hardware from a known vendor, an ordered |
OpenBSD CD-ROM and Apache... |
OpenBSD CD-ROM and Apache... |
|
|
|
|
|
|
9:05PM up 266 days, 4:23, 1 user, load averages: 0.06, 0.06, 0.06 |
9:05PM up 266 days, 4:23, 1 user, load averages: 0.06, 0.06, 0.06 |
%</pre> |
%</pre> |
<p>As well, OpenBSD runs on my laptop. |
<p>As well, OpenBSD runs on my laptop. |
A Gateway Solo 2500 with a Xircom modem, and a Linksys fast ethernet NIC. |
A Gateway Solo 2500 with a Xircom modem, and a Linksys fast Ethernet NIC. |
<p> |
<p> |
And it never crashes :) |
And it never crashes :) |
<p> |
<p> |
One other incident that made me a believer... we were pingbombed |
One other incident that made me a believer... we were pingbombed |
[perhaps a predecessor to the early2000 DDOS attacks?]. I mean, |
[perhaps a predecessor to the early2000 DDOS attacks?]. I mean, |
900 different hosts on different networks floodpinging an OpenBSD 2.3 box |
900 different hosts on different networks floodpinging an OpenBSD 2.3 box |
simultaneously, while it was processing email and webpages for 3500 users. |
simultaneously, while it was processing email and web pages for 3500 users. |
<p> |
<p> |
It was a P133 with 64MB ram. And it didn't go down. It got a bit slower, |
It was a P133 with 64MB ram. And it didn't go down. It got a bit slower, |
but never crashed :-) |
but never crashed :-) |
|
|
Crypto-Gram</a>:</h2> |
Crypto-Gram</a>:</h2> |
(the comments he is responding to are Schneier's) |
(the comments he is responding to are Schneier's) |
<br> |
<br> |
<br>< Real systems show no signs of becoming less |
<br>> Real systems show no signs of becoming less |
<br>< complex. In fact, they are becoming more complex, |
<br>> complex. In fact, they are becoming more complex, |
<br>< faster and faster. Microsoft Windows is a poster |
<br>> faster and faster. Microsoft Windows is a poster |
<br>< child for this trend to complexity. |
<br>> child for this trend to complexity. |
<br> |
<br> |
<br>... |
<br>... |
<br> |
<br> |
<br>< The other choice is to slow down, to simplify, |
<br>> The other choice is to slow down, to simplify, |
<br>< and to try to add security. |
<br>> and to try to add security. |
<p> |
<p> |
OpenBSD does this. <I>I am unaware of any other group whose workings |
OpenBSD does this. <I>I am unaware of any other group whose workings |
are publicly viewable that does so</I> [emphasis added], which is regrettable, because |
are publicly viewable that does so</I> [emphasis added], which is regrettable, because |
|
|
<p>Major kudos to Theo for being a man ahead of his time! ;-) |
<p>Major kudos to Theo for being a man ahead of his time! ;-) |
<p>As I have to frequently explain to people *why* security is important at |
<p>As I have to frequently explain to people *why* security is important at |
all ("if you have nothing to hide...", "nothing you do is important enough to |
all ("if you have nothing to hide...", "nothing you do is important enough to |
warrent encryption...", "only criminals and terrorists need to sneak around |
warrant encryption...", "only criminals and terrorists need to sneak around |
anonymously...", etc. ad nauseam), let alone *why* it's important in this day |
anonymously...", etc. ad nauseam), let alone *why* it's important in this day |
and age of personal networks behind a DSL or even a full T1, I love being able |
and age of personal networks behind a DSL or even a full T1, I love being able |
to point them to a page which sets out a well-reasoned explaination for taking |
to point them to a page which sets out a well-reasoned explanation for taking |
computer security seriously. |
computer security seriously. |
<p>[... OpenBSD installed] |
<p>[... OpenBSD installed] |
effortlessly onto a Pentium 90 Compaq LTE 5100 laptop -- even the no-name |
effortlessly onto a Pentium 90 Compaq LTE 5100 laptop -- even the no-name |