"Smith and colleagues at Penn, the software development consortium OpenBSD, and the Apache Software Foundation and OpenSSL Group propose to use the open-source movement - where programmers openly share incremental advances - to try to engineer better security features into mainstream computers, not only those developed just for the military and other high-security organizations. The government then benefits by purchasing more affordable, standardized computers with security features."
vi
and a default C shell, he finds nice things to
say about OpenBSD's floppy + 'Net installation, the thorough system probe and
the IP filtering and address translation.
fuzz
, a tool that tests commands with randomly generated
command line arguments. Lead developer Theo de Raadt ran it against OpenBSD
and found routine coding errors in about a dozen commands, none security-related.
The article reprints de Raadt's posting and comments. Though the exercise was
worthwhile, the tool only points to the areas to check, and is no substitute for
careful code reviews, he concludes.
Connected to spanweb.glasgow-ky.com.
Escape character is '^]'.
OpenBSD/mac68k (spanweb.glasgow-ky.com) (ttyp0)
make
options and targets, and also notes OpenBSD's
"fake" installation used to create easily distributable binary
packages as an automatic by-product of building a port.