Annotation of www/testimonials.html, Revision 1.19
1.10 ian 1: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
1.1 ian 2: <html>
1.10 ian 3:
1.1 ian 4: <head>
1.11 ian 5: <title>OpenBSD: Users' Views</title>
1.1 ian 6: <meta name="resource-type" content="document">
7: <meta name="description" content="Users talk about OpenBSD">
8: <meta name="keywords" content="openbsd,users">
9: <meta name="distribution" content="global">
1.16 nick 10: <meta name="copyright" content="This document copyright 2000-2004 by OpenBSD.">
1.11 ian 11: <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
1.1 ian 12: </head>
1.10 ian 13:
14: <body bgcolor="#FFFFFF" text="#000000" link="#23238E">
1.12 jsyn 15: <a href="index.html"><img alt="[OpenBSD]" height="30" width="141" src="images/smalltitle.gif" border="0"></a>
1.5 ian 16: <p>
1.10 ian 17: <h2><font color="#e00000">OpenBSD: Users' View</font></h2>
1.1 ian 18: <p>Many users have commented on their use of OpenBSD.
1.10 ian 19: The following are unsolicited comments from our public mailing lists or,
1.3 ian 20: occasionally, other mailing lists (these have links to the original articles).
1.6 ian 21: Postings have been shortened, and edited slightly for spelling and grammar,
1.1 ian 22: but are otherwise unchanged.
23:
1.8 deraadt 24: <hr>
25:
1.19 ! sthen 26: <h3>Jules Desforges wrote this in an introduction to the
! 27: <a href="http://ukopenbsdusers.saneusergroup.org.uk/pipermail/uk-openbsd-users/2010-June/000022.html">ukopenbsdusers mailing list</a>:</h3>
! 28: <p>
! 29: My name is Jules and I live in Kent. I've been using OpenBSD since 2.9.
! 30: I have OpenBSD running on 6 x Nexcom NSA1086's to provide core routing
! 31: between our Data Centres. All the routes are running from read-only
! 32: Compact Flash. Largely runs untroubled, pushing ~ 400Mb/s.
! 33: Main motivation was the cost savings compared to equivalent
! 34: Junpier/Cisco kit.
! 35: I hope to be testing the new MPLS code soon.
! 36: <p>
! 37:
1.13 henning 38: <h3><a href="mailto:SKohrman@apu.edu">Shawn Kohrman</a> writes:</h3>
39: <p>
40: As a Security/Network Administrator for over ten years, I have to say
41: OpenBSD is hands down the best out-of-the-box OS I have seen yet. I
1.14 henning 42: have worked with MS NT/2000, Linux (from its humble beginnings),
1.13 henning 43: Solaris, etc. OpenBSD is simple, clean, secure and reliable. Many
44: thanks to the developers for an outstanding job.
45:
1.10 ian 46: <h3><a href="mailto:kristoff@phatness.net">Kris Wilkinson</a> writes:</h3>
47: <p>
48: I've been securing networks for quite some time now, and until recently
49: when I installed Open BSD 3.0 I never realized how easy my life could have
50: been had I tried it earlier.
51: After experiencing all the "other" operating systems available, 3.0 has to
52: be the most secure, easily managed and well organized package I have ever seen.
53: Not only is it completely cutting edge, it focuses on the smaller points of
54: security which I'm tired of having to manually tweak every time you setup a box.
55: <p>
56: I am securing networks all over Alberta using your fantastic
57: setup. Thank you so much! Keep up the incredible work.
58:
1.8 deraadt 59: <h3>Matthew Haas says this:</h3>
1.1 ian 60: <p>
61: I've been very impressed with OpenBSD since my decision to install it.
62: Definitely a great system, reminds me of my Slackware days, but better.
63: <p>
64: Thanks.
65:
1.8 deraadt 66: <h3>
1.7 ian 67: <a href="mailto:webmaster@2600.org.au">Grant Bayley</a>,
1.8 deraadt 68: an IT Manager from Australia, writes:</h3>
1.1 ian 69: <p>
70: By way of success stories, since a few of us at 2600 Australia started
71: using OpenBSD about 12 months ago now in some form or another, we've seen...
72: friends load it onto their machines and been simply amazed
73: at the quality of it, in particular the forethought that goes into
74: securing things out of the box.
75: <p>
76: We've also had one of our guys working at an ISP go head-to-head with an
77: in-house SuSE zealot of sorts on a compatibility, stability and security
78: test in advance of them selecting an operating system for their servers
79: (which, while using RedHat, had been rooted at least once). OpenBSD passed
1.6 ian 80: with flying colors and as of today, they're beginning a roll-out of 2.6
1.1 ian 81: onto their servers, mostly using stock components and software from the
82: ports tree (qmail, cucipop etc).
83:
1.8 deraadt 84: <h3>System and Network Administrator Jeff Schneiter offers this:</h3>
1.1 ian 85: <p> With a frozen budget it sure makes one squeeze every last
86: bit of power out of whatever hardware one can lay his hands
87: on... and thanks to OpenBSD, I have been doing just that.
88:
1.8 deraadt 89: <h3><a name=sarendal href="mailto:tony@polarcap.org">Tony Sarendal</a> says this:</h3>
1.1 ian 90: <p>I tried OpenBSD because of the IPsec support.
91: The reason I stick with it is because it really is nice to use
92: and it gives a feeling of quality which no other OS can match.
93: <p>
94: I did some programming on an OpenBSD machine, after this I really
95: appreciated the man pages. Other Unices I used had man pages that
96: simply weren't any good.
97: <p>
98: Keep up the good work guys.
99:
1.8 deraadt 100: <h3>Security Engineer Tyler Allison writes:</h3>
1.1 ian 101: <p>
1.6 ian 102: I have installed, secured, and maintained Linux, Windows NT and OpenBSD in
103: highly secure environments. (yes you can secure Linux and Windows NT in
1.1 ian 104: this environment :) ). Having said that I have to point out that if you
105: want a minimum administration to keep up with security issues option you
106: need to pick OpenBSD by far. It is not uncommon for people to go years without
107: updating their production OpenBSD machines because they are just rock solid
108: and there are no known "remote" vulnerabilities. Thus no good reason to
109: upgrade...
110: <p>
111: I would feel perfectly happy to have one of my [novice] interns do a basic
112: OpenBSD install on a PC (no extra security work after the install) and then put
113: the companies crown jewels on that machine and then walk away for a year.
114: Knowing full well that machine hasn't crashed, been broken into or in need
115: of an OS upgrade. You can't say that about NT or Linux.
1.14 henning 116: Or if you do you obviously haven't ever used the product that way :)
1.1 ian 117: <p>
118: Another thing that I hear people point out is go check your local exploit
119: site or vulnerability alert mailing list and see if you can find a "remote"
120: root level exploit that works on OpenBSD. I dare say you won't find any that
121: are less than 12 months old.
122:
1.8 deraadt 123: <h3>Jan Johansson gave this reply to a "how do I build a cheap web server?" query:</h3>
1.1 ian 124: <p>
125: I work today with Solaris, OpenBSD, NT Server, NT Workstation and Win 95.
126: <p>
127: After reading Bugtraq for some weeks I will say that I will never put
128: any (important) machine on the Internet if there is not a firewall in
129: front and for packet filtering I go for OpenBSD...
130: <p>
1.6 ian 131: For a cheap web server I say hardware from a known vendor, an ordered
1.1 ian 132: OpenBSD CD-ROM and Apache...
133:
134:
1.8 deraadt 135: <h3><a href="mailto:wyodlows@nj.devry.edu">
136: William Yodlowsky</a> at Devry Institute wrote:</h3>
1.1 ian 137:
1.4 ian 138: <p>[A few] years ago I was just getting into system administration. I learned
1.1 ian 139: Linux first. Then one of our old (I mean *really* old) BSDi servers
140: crashed, and it was up to me to rebuild the system.
141: <p>
142: I looked at FreeBSD, NetBSD, OpenBSD and Linux. In the end, it came down
143: to "secure and stable" that took the prize. OpenBSD 2.1 was installed.
144: <p>
145: Since then, I've run 2.1-2.5 on everything from production servers to
146: laptops. We've never (repeat: NEVER) had a break-in.
147: <p>
148: A coworker setup a RedHat based box to test his skills at setting up SSL
149: and a secure web site.
150: It was hacked literally overnight, and by the next morning was attacking
151: other sites.
152: <p>
153: Our OpenBSD servers were probed and then left alone.
154: <p>
155: In the intervening two years, that original server got upgraded
156: and patched several
157: times and the OS never gave us reason to question the reliability or
158: security of OpenBSD.
159: <p>
160: We have another box, acting as a router for about 800 workstations doing
161: very basic filtering and NAT. It's on a P120 with 32MB RAM and typically
162: the uptime would look like this:
163: <pre>
164: % uptime
165: 9:05PM up 266 days, 4:23, 1 user, load averages: 0.06, 0.06, 0.06
166: %</pre>
167: <p>As well, OpenBSD runs on my laptop.
1.6 ian 168: A Gateway Solo 2500 with a Xircom modem, and a Linksys fast Ethernet NIC.
1.1 ian 169: <p>
170: And it never crashes :)
171: <p>
1.4 ian 172: One other incident that made me a believer... we were pingbombed
173: [perhaps a predecessor to the early2000 DDOS attacks?]. I mean,
1.1 ian 174: 900 different hosts on different networks floodpinging an OpenBSD 2.3 box
1.6 ian 175: simultaneously, while it was processing email and web pages for 3500 users.
1.1 ian 176: <p>
177: It was a P133 with 64MB ram. And it didn't go down. It got a bit slower,
178: but never crashed :-)
179:
1.8 deraadt 180: <h3>John J. Adelsberger III said this about us in Bruce Schneier's
1.1 ian 181: <a href="http://www.counterpane.com/crypto-gram-0004.html#CommentsfromReaders">
1.8 deraadt 182: Crypto-Gram</a>:</h3>
1.2 ian 183: (the comments he is responding to are Schneier's)
1.1 ian 184: <br>
1.6 ian 185: <br>> Real systems show no signs of becoming less
186: <br>> complex. In fact, they are becoming more complex,
187: <br>> faster and faster. Microsoft Windows is a poster
188: <br>> child for this trend to complexity.
1.1 ian 189: <br>...
1.6 ian 190: <br>> The other choice is to slow down, to simplify,
191: <br>> and to try to add security.
1.1 ian 192: <p>
1.15 david 193: OpenBSD does this. <i>I am unaware of any other group whose workings
194: are publicly viewable that does so</i> [emphasis added], which is regrettable, because
1.1 ian 195: I would prefer not to have this appear as an OpenBSD plug; rather,
196: my purpose is to point out that not only is this approach feasible,
197: but it is being done.
198:
1.8 deraadt 199: <h3>Andrew Hermetz commented as follows:</h3>
1.1 ian 200: <p>Hey all,
201: <p>Just wanted to drop a line and thank all who have worked to make OpenBSD
202: such a clean, cool, & efficient project.
203: <p>Major kudos to Theo for being a man ahead of his time! ;-)
204: <p>As I have to frequently explain to people *why* security is important at
205: all ("if you have nothing to hide...", "nothing you do is important enough to
1.6 ian 206: warrant encryption...", "only criminals and terrorists need to sneak around
1.1 ian 207: anonymously...", etc. ad nauseam), let alone *why* it's important in this day
208: and age of personal networks behind a DSL or even a full T1, I love being able
1.6 ian 209: to point them to a page which sets out a well-reasoned explanation for taking
1.1 ian 210: computer security seriously.
211: <p>[... OpenBSD installed]
212: effortlessly onto a Pentium 90 Compaq LTE 5100 laptop -- even the no-name
213: brand LAN card came right up and did a kickass install over a friend's office
214: T1. When I sing its praises, the thing that seems to get most people is its
1.10 ian 215: spartan look & feel, but I like knowing where everything is and not having a
1.1 ian 216: distro that shoves [stuff] into dark corners I'll never find...
1.17 grunk 217:
218: <h3><a href="mailto:ben@wbpsystems.com">Ben Smith</a>, president of
219: <a href="http://www.wbpsystems.com">wbp systems</a> says:</h3>
220: OpenBSD is the most secure operating system
1.18 grunk 221: <a href="http://www.wbpsystems.com">wbp systems</a> has ever used.
1.17 grunk 222: With all of our products, OpenBSD has allowed us to focus on our customers
223: instead of tweaking the OS to make it secure.
224: Internally we use OpenBSD for everything imaginable.
225: With its rock solid performance, we never have to worry about a file
226: server, proxy server or application server crashing.
227:
1.9 jufi 228: <hr>
1.1 ian 229: <a href="index.html"><img height=24 width=24 src=back.gif border=0 alt=OpenBSD></a>
1.10 ian 230: <a href="mailto:www@openbsd.org">www@openbsd.org</a>
1.19 ! sthen 231: <br><small>$OpenBSD: testimonials.html,v 1.18 2005/07/14 07:59:51 grunk Exp $</small>
1.1 ian 232: </body>
233: </html>