Annotation of www/testimonials.html, Revision 1.7
1.1 ian 1: <!doctype html public "-//W3C//DTD HTML 4.0 Transitional//EN"
2: "http://www.w3.org/TR/REC-html40/loose.dtd">
3: <html>
4: <head>
5: <title>OpenBSD: Users' Views</title>
6: <meta name="resource-type" content="document">
7: <meta name="description" content="Users talk about OpenBSD">
8: <meta name="keywords" content="openbsd,users">
9: <meta name="distribution" content="global">
10: <meta name="copyright" content="This document copyright 2000 by OpenBSD.">
11: </head>
1.5 ian 12: <BODY BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#23238E">
13: <img alt="[OpenBSD]" height=30 width=141 SRC="images/smalltitle.gif">
14: <p>
1.7 ! ian 15: <h2><font color=#e00000>OpenBSD: Users' View</font></h2>
1.1 ian 16: <p>Many users have commented on their use of OpenBSD.
17: The following are all extracts from our public mailing lists or,
1.3 ian 18: occasionally, other mailing lists (these have links to the original articles).
1.6 ian 19: Postings have been shortened, and edited slightly for spelling and grammar,
1.1 ian 20: but are otherwise unchanged.
21:
22: <h2>Matthew Haas says this:</h2>
23: <p>
24: I've been very impressed with OpenBSD since my decision to install it.
25: Definitely a great system, reminds me of my Slackware days, but better.
26: <p>
27: Thanks.
28:
1.7 ! ian 29: <h2>
! 30: <a href="mailto:webmaster@2600.org.au">Grant Bayley</a>,
! 31: an IT Manager from Australia, writes:</h2>
1.1 ian 32: <p>
33: By way of success stories, since a few of us at 2600 Australia started
34: using OpenBSD about 12 months ago now in some form or another, we've seen...
35: friends load it onto their machines and been simply amazed
36: at the quality of it, in particular the forethought that goes into
37: securing things out of the box.
38: <p>
39: We've also had one of our guys working at an ISP go head-to-head with an
40: in-house SuSE zealot of sorts on a compatibility, stability and security
41: test in advance of them selecting an operating system for their servers
42: (which, while using RedHat, had been rooted at least once). OpenBSD passed
1.6 ian 43: with flying colors and as of today, they're beginning a roll-out of 2.6
1.1 ian 44: onto their servers, mostly using stock components and software from the
45: ports tree (qmail, cucipop etc).
46:
47: <h2>System and Network Administrator Jeff Schneiter offers this:</h2>
48: <p> With a frozen budget it sure makes one squeeze every last
49: bit of power out of whatever hardware one can lay his hands
50: on... and thanks to OpenBSD, I have been doing just that.
51:
1.2 ian 52: <h2><a name=sarendal href="mailto:tony@polarcap.org">Tony Sarendal</a> says this:</h2>
1.1 ian 53: <p>I tried OpenBSD because of the IPsec support.
54: The reason I stick with it is because it really is nice to use
55: and it gives a feeling of quality which no other OS can match.
56: <p>
57: I did some programming on an OpenBSD machine, after this I really
58: appreciated the man pages. Other Unices I used had man pages that
59: simply weren't any good.
60: <p>
61: Keep up the good work guys.
62:
63: <h2>Security Engineer Tyler Allison writes:</h2>
64: <p>
1.6 ian 65: I have installed, secured, and maintained Linux, Windows NT and OpenBSD in
66: highly secure environments. (yes you can secure Linux and Windows NT in
1.1 ian 67: this environment :) ). Having said that I have to point out that if you
68: want a minimum administration to keep up with security issues option you
69: need to pick OpenBSD by far. It is not uncommon for people to go years without
70: updating their production OpenBSD machines because they are just rock solid
71: and there are no known "remote" vulnerabilities. Thus no good reason to
72: upgrade...
73: <p>
74: I would feel perfectly happy to have one of my [novice] interns do a basic
75: OpenBSD install on a PC (no extra security work after the install) and then put
76: the companies crown jewels on that machine and then walk away for a year.
77: Knowing full well that machine hasn't crashed, been broken into or in need
78: of an OS upgrade. You can't say that about NT or Linux.
79: Or if you do you obviously havent ever used the product that way :)
80: <p>
81: Another thing that I hear people point out is go check your local exploit
82: site or vulnerability alert mailing list and see if you can find a "remote"
83: root level exploit that works on OpenBSD. I dare say you won't find any that
84: are less than 12 months old.
85:
1.2 ian 86: <h2>Jan Johansson gave this reply to a "how do I build a cheap web server?" query:</h2>
1.1 ian 87: <p>
88: I work today with Solaris, OpenBSD, NT Server, NT Workstation and Win 95.
89: <p>
90: After reading Bugtraq for some weeks I will say that I will never put
91: any (important) machine on the Internet if there is not a firewall in
92: front and for packet filtering I go for OpenBSD...
93: <p>
1.6 ian 94: For a cheap web server I say hardware from a known vendor, an ordered
1.1 ian 95: OpenBSD CD-ROM and Apache...
96:
97:
1.4 ian 98: <h2><a href="mailto:wyodlows@nj.devry.edu">
99: William Yodlowsky</a> at Devry Institute wrote:</h2>
1.1 ian 100:
1.4 ian 101: <p>[A few] years ago I was just getting into system administration. I learned
1.1 ian 102: Linux first. Then one of our old (I mean *really* old) BSDi servers
103: crashed, and it was up to me to rebuild the system.
104: <p>
105: I looked at FreeBSD, NetBSD, OpenBSD and Linux. In the end, it came down
106: to "secure and stable" that took the prize. OpenBSD 2.1 was installed.
107: <p>
108: Since then, I've run 2.1-2.5 on everything from production servers to
109: laptops. We've never (repeat: NEVER) had a break-in.
110: <p>
111: A coworker setup a RedHat based box to test his skills at setting up SSL
112: and a secure web site.
113: It was hacked literally overnight, and by the next morning was attacking
114: other sites.
115: <p>
116: Our OpenBSD servers were probed and then left alone.
117: <p>
118: In the intervening two years, that original server got upgraded
119: and patched several
120: times and the OS never gave us reason to question the reliability or
121: security of OpenBSD.
122: <p>
123: We have another box, acting as a router for about 800 workstations doing
124: very basic filtering and NAT. It's on a P120 with 32MB RAM and typically
125: the uptime would look like this:
126: <pre>
127: % uptime
128: 9:05PM up 266 days, 4:23, 1 user, load averages: 0.06, 0.06, 0.06
129: %</pre>
130: <p>As well, OpenBSD runs on my laptop.
1.6 ian 131: A Gateway Solo 2500 with a Xircom modem, and a Linksys fast Ethernet NIC.
1.1 ian 132: <p>
133: And it never crashes :)
134: <p>
1.4 ian 135: One other incident that made me a believer... we were pingbombed
136: [perhaps a predecessor to the early2000 DDOS attacks?]. I mean,
1.1 ian 137: 900 different hosts on different networks floodpinging an OpenBSD 2.3 box
1.6 ian 138: simultaneously, while it was processing email and web pages for 3500 users.
1.1 ian 139: <p>
140: It was a P133 with 64MB ram. And it didn't go down. It got a bit slower,
141: but never crashed :-)
142:
1.3 ian 143: <h2>John J. Adelsberger III said this about us in Bruce Schneier's
1.1 ian 144: <a href="http://www.counterpane.com/crypto-gram-0004.html#CommentsfromReaders">
1.2 ian 145: Crypto-Gram</a>:</h2>
146: (the comments he is responding to are Schneier's)
1.1 ian 147: <br>
1.6 ian 148: <br>> Real systems show no signs of becoming less
149: <br>> complex. In fact, they are becoming more complex,
150: <br>> faster and faster. Microsoft Windows is a poster
151: <br>> child for this trend to complexity.
1.1 ian 152: <br>
153: <br>...
154: <br>
1.6 ian 155: <br>> The other choice is to slow down, to simplify,
156: <br>> and to try to add security.
1.1 ian 157: <p>
158: OpenBSD does this. <I>I am unaware of any other group whose workings
159: are publicly viewable that does so</I> [emphasis added], which is regrettable, because
160: I would prefer not to have this appear as an OpenBSD plug; rather,
161: my purpose is to point out that not only is this approach feasible,
162: but it is being done.
163:
164: <h2>Andrew Hermetz commented as follows:</h2>
165: <p>Hey all,
166: <p>Just wanted to drop a line and thank all who have worked to make OpenBSD
167: such a clean, cool, & efficient project.
168: <p>Major kudos to Theo for being a man ahead of his time! ;-)
169: <p>As I have to frequently explain to people *why* security is important at
170: all ("if you have nothing to hide...", "nothing you do is important enough to
1.6 ian 171: warrant encryption...", "only criminals and terrorists need to sneak around
1.1 ian 172: anonymously...", etc. ad nauseam), let alone *why* it's important in this day
173: and age of personal networks behind a DSL or even a full T1, I love being able
1.6 ian 174: to point them to a page which sets out a well-reasoned explanation for taking
1.1 ian 175: computer security seriously.
176: <p>[... OpenBSD installed]
177: effortlessly onto a Pentium 90 Compaq LTE 5100 laptop -- even the no-name
178: brand LAN card came right up and did a kickass install over a friend's office
179: T1. When I sing its praises, the thing that seems to get most people is its
180: spartan look & feel, but I like knowing where everything is and not having a
181: distro that shoves [stuff] into dark corners I'll never find...
182: <hr></hr>
183: <a href="index.html"><img height=24 width=24 src=back.gif border=0 alt=OpenBSD></a>
184: <a href=mailto:www@openbsd.org>www@openbsd.org</a>
1.7 ! ian 185: <br><small>$OpenBSD: testimonials.html,v 1.6 2000/04/21 19:59:23 ian Exp $</small>
1.1 ian 186: </body>
187: </html>