On Thu, Nov 19, 2009 at 5:40 PM, rhubbell <rhubb...@ihubbell.com> wrote: > On Wed, 18 Nov 2009 16:05:04 -0800 > Bryan wrote: > >> So glad we don't have these kinds of issues... > > New around here, but I'm noticing a lot of tooting of our own horn...so to > speak. With all the possible vectors for compromising a system that are > available it just sounds naive to keep touting how secure this or that is. > Do you own the physical network that your bits traverse? Do you guard your > computer 24-7? And on and on.
You miss the point - the reason we toot that particular horn is that you don't have to worry about those sorts of things (well, apart from 24-7 guarding, that's an entirely separate problem that has nothing to do with OpenBSD or any OS for that matter). People report that they can get a novice colleague to set up an OpenBSD box using just the CD, copy the company's crown jewels to it and leave it for a year, knowing that it has never been compromised. > > I will say the Fedora has bigger issues than allowing users to install > pkgs. I just went through trying out Fedora 11 and it was a nightmare to > me. Doing simple things with the network has been made so painful that > clawing out my eyes started to seem like relief. But maybe all flavors > are going this way. Part of the never ending bloat. > > OpenBSD is one of a few OSes that aren't taking this path. If you want the bloat, you add it yourself - it isn't included out of the box. I used to run Ubuntu on my firewall - I found it easier to edit /etc/network/interfaces manually than to use GNOME's retarded GUI network config tool. I fired up OpenBSD 4.5 and haven't looked back. @Ted: you could always write a wrapper script that runs firefox at nice -10 and tell sudo to let you run it (and only it) without a password. Sudo is nice when it's configured properly (using wrapper scripts and only allowing access to them). Any sysadmin who gives users full root access in any way (or gives access for ordinary users to make modifications to the system) should not be allowed near a computer IMHO. -- Aaron Mason - Programmer, open source addict I've taken my software vows - for beta or for worse
