l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
August 5: Social gathering
Next Installfest:
TBD
Latest News:
Jul. 4: July, August and September: Security, Photography and Programming for Kids
Page last updated:
2001 Dec 30 17:03

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] Re: OpenBSD and Security
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] Re: OpenBSD and Security



On Thu 12 Apr 01,  6:21 PM, Adam Getchell said: 

(big snip)
> 
> Anyways, to each their own.
 
adam, i have left in the only part of your email that makes any sense.

you seem to be fond of saying "linux".  but frankly, all your examples
seem to be redhat.  and i think we all agree that redhat is not the poster
child for rigid security.  and i hope you know the difference between
distro and a kernel.


some distros are into giving you bells and whistles and are probably more
suited for a home desktop.  you seem to be more familiar with them.

some distros place more of an emphasis on security and are probably more
suited for a critical system.  you seem to be less familiar with them.


and something CAN be said for the number of vulnerabilities that will be
found on an OS that has 10^6 users vs an OS that has 10^5 users.  your point
which makes use of the number of vulnerabilities simply isn't convincing.
and again, _redhat_ isn't the posterchild of security.  couple that with the
largest userbase of any linux of *bsd OS, and you have a lot of microscopes
looking at the OS.   redhat may be getting a bad rap.

in any event, my position on this debate (which i've pretty much kept out of
until now) is that it was pointless from the start.  there are smarter people,
way smarter than you and i, who argue both sides of the fence.  considering
that these people can't reach a definitive decision, who are we to claim there
is an answer?

i see this debate as being isomorphic to the "vim vs emacs" argument.  there
simply is no answer.

==============================================================================
start personal bias

now let me throw in my own (biased) thoughts, since i haven't done so yet.
i think perhaps there is some merit to openbsd being more secure.  but i'm
certain that its advocates overstate the issue.  frankly, openbsd is a sad
operating system in the sense that it's a very high quality OS which simply
isn't getting the attention or the user base it deserves.

and you can see that this irks the openbsd developers to no end because they
say the most stupid and moronic things that i've ever heard in my life.
does anyone here remember the "taking over microsoft in a year" quote on
slashdot a few months ago?

so take away openbsd's "superior" security, and you don't have much left to
make the OS outshine other operating systems.  you have what physicists call,
a vacuum state.  it's nothingness.  i think it's perfectly normal for
openbsd, its developers and its user base to try to overstate the security
case.  nobody like to feel "unspecial".  bsd doesn't even have it's own
category in securityfocus.com.  it's lumped in under the "linux" heading.

so i think perhaps there may be some merit to your argument.  but then again,
i wouldn't go around saying that a 233 MHz PII will blow away a 200 MHz PII.
even to make such a claim is an embarrasment.

ALMOST as embarrasing as the recent buffer overflow in openssh, which was
affected, yes you know it, the "most secure operating system in the world". 

or the recent vulnerability in ntpd.
or the last vulnerability in sendmail.
...
you get the picture.


end personal bias
==============================================================================


p

-- 
"Coffee... I've conquered the Borg on coffee!"               p@dirac.org
       -- Kathryn Janeway on the virtues of coffee           www.dirac.org/p


LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
Sunset Systems
Who graciously hosts our website & mailing lists!