On Jan 6, 2008 12:52 PM, Karthik Kumar <[EMAIL PROTECTED]> wrote: > > Secure by default. Ship with nothing and call it secure. Wow! Maybe it > shouldn't start the network by default, huh? Then that's secure, isn't > it? Start no daemons, start no shells: ZOMG!!! it's secure :P >
So which all daemons should be started in your opinion? Apache? NTPD? ( you have an option for that during install ) named? ftp-proxy? or any other? But some one else may have a different list :-( And some one like me may want to use it as desktop and may not want to start any of these daemons so it is just wasting my memory and needlessly causing pain for a new user to find out what to stop and how to stop them!!!! > OpenBSD got pwned a year ago with another remote hole. I hope they > find enough so they can stop bragging about 'Secure by default'. > It is said openly in the main page itself http://www.openbsd.org/ "Only two remote holes in the default install, in more than 10 years!" No hiding the truth, Which other OS can brag like that? Please let us know! Do you have any Idea about the auditing of code that takes place in OpenBSD compared to other OSes? Do you know what is the difference between the gcc in OpenBSD and others. http://www.openbsd.org/papers/asiabsdcon07-development/mgp00006.html Please read the full presentation to see how OpenBSD is a better OS as a software development environment than others. And how free it is. http://www.openbsd.org/papers/asiabsdcon07-development/mgp00006.html And all the fault you could find in all these 10 years was one another remote hole ( of a total of only two ) inorder to say that they are inconsistent to their stand? > Do you realize that many people just can not live with 'default'? > yes that is why you are given a website with FAQ, a mailing list like this where developers take time to answer some times in a detailed way on how to handle things. One example is what I can never forget is How Daniel Hartmeir helped me in detail with the tread shown below. http://marc.info/?l=openbsd-pf&m=110690953100933&w=2 And that is also why you are told to read #man man and #man afterboot once you install. Which OS installation does provide all the variety of their users the luxury of start using it in any way they want without any configuration after install? Come on Don't be silly!!! Well If you expect **spoon feeding** then go to http://mailman.theapt.org/listinfo/openbsd-newbies http://www.bsd-india.org/mailman/listinfo/bsd-india http://www.bsdforums.org/ Thats where I got my spoon feedings from when I first started using it from 3.4 or 3.5 in production. For somebody new to BSD it is going to take some amount of reading and experimentation and asking and learning but that is not just for OpenBSD it is for any OS including Linux and MS Windows(es) > Look: people do "use" OpenBSD for things other than plain old fvwm > with xterm. And keeping security as a goal is not just for a stupid > dubious marketing campaign. > Yes of course! not every one uses plain old fvwm with xterm. Especially if it is a sever then they don't install the X*.tgz packages at all!! so it does not matter what in in the X*.tgz sets. It is irrelevent!!! It is true they would need other software without X from the packages if they are not explictly using OpenBSD as a firewall. For a Desktop it is necessary to add more programs. For example I use fvwm2 from packages. The guy sitting next to me used flux box from packages and recently changed to cwm. A girl I know uses kde. I think my brother some time uses gnome on OpenBSD. Another one I know uses windowmaker. Still another uses afterstep. I have used them all and stuck to fvwm2 from packages and all you need to install those new software is mentioned clearly and precisely in the FAQ. http://www.openbsd.org/faq/faq15.html When you come to use anything new you should first read the manual to get an Idea. The FAQ was written by Nick Holland just for that. Do you expect to install an OS and some how magically get all the right daemons and programs you want to be started? Isn't that insane? Now the OpenBSD team has even tried to improve the quality of some of the other softwares as well by giving them bug reports and diffs which were not accepted by them. http://marc.info/?l=openbsd-misc&m=110026474109499&w=2 you know why they did not care about those fixes? because then apache would not be compatible with Netware OS. and there is a limit to going about auditing the code of all the software in packages/ports when they don't have enough developers to code and do the more ambitious things they would like to do in the Base itself. But you still have a disciplined time frame for the next release after every 6 months. Which other project can boast of that kind of precise delivery ? And still the Base distribution after install is free of holes for the last 10 years except for 2. Please read. http://openbsd-osnew.blogspot.com/2007/08/bind-9-cache-poisoning-vulnerability.html http://openbsd-os.blogspot.com/2005/11/examples-of-securing-software-much.html What do you think is better for security? 1) Provide a base distribution with the minimum needed things to run as a **complete Operating System** and allowing the users to add their own fancy collection of software after finding out its consequences OR 2) Start an array of daemons with the firewall also on/off and let the guy figure out which are the un needed ones and try to stop them and in the process stop some necessary ones and fiddle with the firewall rules and make it more insecure? I see that you are a programmer. Why don't you quit talking and take some problem in any area of this Operating system be it base or ports and submit diffs? You were telling earlier that everyone here is bitching. Now see you are the on who is bitching. That too beyond limits! Count the no. of developers who contributed to this thread and you will find that they were busy coding so that 4.3 will be a better OS even more secure. I know very little to code. I am learning C and wrote my first "Hello World" program but now I am afraid to compile it because according to RMS's standard I cannot use GCC because it is not free ;-) So you try the coding way rather than bitching unless you also feel that RMS syndrome is keeping you from GCC. LOL!!!!! Hope you will appreciate my advice :-)))))))))))))))
