Contributed by jose on from the everyday-use dept.
"Only one remote hole in the default install, in more than 7 years!"SuSE (& other Linux products) are still showing lengthy streams of [repaired] vulnerabilities, every month.
So, why hasn't the penny dropped & folks [re-]start dev't of an Open Source op sys for the User / Desktop on a base of OpenBSD?
Links to debate(s) on this issue or spin-off's of OpenBSD that are attempting this welcome.
TIA"
(Comments are closed)
By Alexander Guy () alexander.guy@andern.org on mailto:alexander.guy@andern.org
By Alexander Guy () alexander.guy@andern.org on mailto:alexander.guy@andern.org
On the hardware front, OpenBSD (and the BSDes in general) usually have more full-featured implementations, but the breadth of device support is smaller than Linux (go buy a random USB->RS232C adapter, and I'm sure it'll have Linux support while BSD support is almost non-existent).
As far as software goes, Linux tends to be the platform people are writing it for, so things get skewed in that direction, usually by sloppy or inexperienced programmers (overuse of /proc for instance) or by people who just don't care.
I think it just boils down to a path of least resistance problem.
Comments
By Aernoudt () aernoudt at bottemanne . net on www.bottemanne.net
But I dot agree on your fingerpoint that every linux developer is a bad one; come on we're past that !
Extending our ports collection with some more tools for the desktop user would help, just as much as having java (like it or not) on our desktop.
You may not agree with me here, but I think that what we (*BSD and linux) lack most is a decent browser to compete IE, and not having to move to Apple's hardware + OS ... With most webpages being compiled for IE, bringing lot's of annoyance to non-IE users, this is the number 1 issue for big-time desktop usage (followed by Office interoperability)
Comments
By Josh () selerius@codefusion.org on codefusion.org
ports/www/mozilla-firebird
ports/www/opera
ports/www/dillo
ports/www/netscape
a) openbsd is not competing with any OS other than itself
b) read the list above, and then tell me that openbsd doesn't have a decent browser.
c) what tools on the desktop do you mean? we have KDE/GNOME/XMMS/INSERT_WINDOW_MANAGER_HERE/GAIM/XCHAT/ETC. and the list goes on...
d) if there is something we don't have, why not write a port for it? see http://www.openbsd.org/porting.html
Comments
By Anonymous Coward () on
Comments
By Josh () selerius@codefusion.org on http://codefusion.org
the problem with that statement is I don't see "performance" anywhere mentioned at http://www.openbsd.org/goals.html
You can also look at http://www.schubert.cx/openbsd/scale-tests/
Comments
By Anthony () on
Linux or FreeBSD (or whatever) on the desktop, OpenBSD on the firewall. Where's the problem?
Comments
By tedu () on
a more accurate assessment would be "nobody has written a new better scheduler for openbsd". and personally, i haven't noticed a problem with the scheduler, so i'm not likely to write a new one.
Comments
By Bruno Rohée () bruno@rohee.com on mailto:bruno@rohee.com
By Anonymous Coward () on
By Anonymous Coward () on
Honestly i prefer a server that is secure and slower than a high performance server which is exploited each month ...
By Peter Hessler () spambox@theapt.org on http://www.theapt.org
The world is not i386
ports/www/mozilla-firebird
The world is not i386
ports/www/opera
The world is not i386
ports/www/dillo
doesn't do frames, tables (very well), animated gifs, etc, etc
ports/www/netscape
The world is not i386
Comments
By Anonymous Coward () on
By Anonymous Coward () on
By Anonymous Coward () on
By Aernoudt () aernoudt at bottemanne . net on www.bottemanne.net
Dillo and others are not even near the stage of being usable except for some specific sites.
Opera same. What we need is either having all websites build decently after the W3C standards, but I'd rather not wait for that to happen, or have access to MSFT IE on OpenBSD
Comments
By Anonymous Coward () on
By Anonymous Coward () on
By vrtsdaemon () vrtsdaemon@yahoo.com on doibaothu.vze.com
By Wim Vandeputte () wim@kd85.com on http://soekris.kd85.com
And that includes random USB->RS232C adapters :-)
Jan 12 02:02:15 xatu /bsd: umass0: SCM Microsystems Inc. eUSB CompactFlash Adapter, rev 1.10/2.18, addr 2
Jan 12 02:02:15 xatu /bsd: umass0: using SCSI over Bulk-Only
Jan 12 02:02:17 xatu /bsd: scsibus0 at umass0: 2 targets
Jan 12 02:02:18 xatu /bsd: sd0 at scsibus0 targ 1 lun 0: SCSI2 0/direct removable
Jan 12 02:02:18 xatu /bsd: sd0: 31MB, 31 cyl, 64 head, 32 sec, 512 bytes/sec, 63488 sec total
Jan 12 02:03:40 xatu /bsd: umass0: at uhub0 port 2 (addr 2) disconnected
Jan 12 02:03:40 xatu /bsd: sd0 detached
Jan 12 02:03:40 xatu /bsd: scsibus0 detached
Jan 12 02:03:40 xatu /bsd: umass0 detached
Jan 12 02:03:58 xatu /bsd: uplcom0 at uhub0 port 2
Jan 12 02:03:58 xatu /bsd: uplcom0: Prolific Technology PL2303 Serial adapter, rev 1.10/2.02, addr 2
Jan 12 02:03:58 xatu /bsd: ucom0 at uplcom0
Comments
By Alexander Guy () alexander.guy@andern.org on mailto:alexander.guy@andern.org
I didn't put up a disclaimer on my first post,.. but I'm not knocking OpenBSD as a desktop OS. It's my first choice, but I'm not in denial over what isn't implemented/isn't a priority.
By Dale P. Smith () on
When I get a strange box with unknown hardware, I usually boot OpenBSD on it to see what is detected.
By Anonymous Coward () on
But I do _not_ want OpenBSD to become as Linux, with dozens of dummy-proof GUI tools that keep you away from what's really happening. The _lack_ of these mind-numbing things is one of the reasons I chose OpenBSD to begin with, so let's keep it that way.
Linux is a great desktop OS too, but it's just meant for another type of users.
Comments
By Anonymous Coward () on
By armus () armus@college.it on mailto:armus@college.it
Comments
By Josh () selerius@codefusion.org on codefusion.org
This will install KDE 3.1.3 (on the -stable branch) and 3.1.4 (on the -current branch).
see http://www.openbsd.org/ports.html for more information...you can also install KDE from the packages collection which is included on the CDROM or most any of the ftp/http/etc. mirror servers.
By Anonymous Coward () on
The developers just want to make a secure and stable system.
Comments
By Josh () selerius@codefusion.org on http://codefusion.org
I agree with your statement. However, it doesnt hurt to inform someone who has an incorrect perception (for example, KDE not working) of openbsd, that things are different than they percieve.
I am sure even a few of openbsd's developers didn't start out using OpenBSD, yet migrated from a different system...who know's they may even have had the same type of problem as the person above...until someone informed them otherwise that is.
By asdfg () on
- KDE 3.1.3
- Anti-aliased TrueType fonts (rendered with Freetype 2.1.6)
- Mozilla Firebird with XFT (from schubert.cx, thanks Schubert!)
- Mozilla Thunderbird with XFT (thanks again Schubert!)
- Acrobat Reader
- xmms
- gaim works too (from ports), but it's an old version (0.67) and I'm not using it actively.
- Other miscellaneous stuff, which don't really use a GUI, so it probably doesn't count as "desktop stuff") e.g. vim, irssi, LaTeX, etc.
At the same time, I have not totally switched over from Linux to OpenBSD yet. Why? I would do that, totally, if the following apps did run on OpenBSD (if you have information that they do, and/or have instructions, please let me know):
- Crossover Office.* (see note below)
- Crossover Plugin. This one gives you access to QuickTime, Shockwave, Windows Media Player, etc. on your browser.
- Flash plugin for Firebird.
- RealPlayer.
- Java 1.4.x and Java plugin.
* Sure, there's OpenOffice.org, Abiword, and KOffice. But if you have ever used Crossover Office on Linux, you'll wonder how you ever managed to survive without it. Opens Office docs, etc. without blinking an eye (after all, it's MSOffice emulated on Linux). Plus, you can run Photoshop, IE (for testing websites), Flash MX, Visio, and a whole bunch o' other things. Best of all, it's so easy to install any of these apps (no need to tinker with wine, etc.). Someone has got Crossover partially supported on NetBSD (http://www.duh.org/cxoffice/). I wonder how much effort it would take to replicate that on OpenBSD. Developers, any ideas? I might give it a shot, but knowing my coding skills, it'll probably take me a year. :)
Well those are my 2 cents.
Comments
By Anonymous Coward () on
What OpenBSd lacks also is Vmware. I would like to run WinXP in OpenBSD. Does anybody already has success stories ?
Comments
By Anonymous Coward () on
By mirabile () mirabile@bsdcow.net on http://mirbsd.de/
(working well) and vmware (seems to start, but
got no positive feedback yet), and also does
sunjdk-1.3.1 work in "classic" (green threads)
mode, and 1.4.1 would do that too if a green
threads VM would exist.
As for xover office, I've made a port myself,
looking over to NetBSD, but we are currently
lacking some linuxulator syscalls, so that it
fails.
Comments
By Anonymous Coward () on
Btw newer kaffe seems can run apps like tomcat and jboss, worth a look at.
By Anonymous Coward () on
Would be interested in both VMware and Realplayer too.
By Anonymous Coward () on
Install the redhat_base package, set
sysctl linux.compat to 1, grab realplayer 8,
and off it goes. Works just fine.
Additionnally, mplayer is able to play a lot
of realplayer videos too. Not realplayer 4, though.
By Anonymous Coward () on
At least one of Codeweavers' developers really wants to work on an OBSD version. Give them incentive, and they'll do it!
(www.codeweavers.com)
By Ian McWilliam () i dot mcwilliam at cit.uws.edu.au on mailto:i dot mcwilliam at cit.uws.edu.au
Comments
By djm () on
Better to be flamed that mediocre.
Comments
By Anonymous Coward () on
> Better to be flamed that mediocre
Yes, yes and yes. The two posts that are parents to this sum up the right way to deal with the disgusting flaming that happens when security issues are found.
By Anonymous Coward () on
*By well documented, I mean, for example the pf documentation at openbsd.org, or the vinum documentation in the FreeBSD manual. With BSD, I know exactly where the documentations is, and I can be sure it's correct for the current version.
Comments
By sandolo () sandman@mufhd0.net on http://autistici.org/sandolo/
Yes, in the perfect world, OpenBSD with only one bug (with security as a goal) in the DEFAULT install (do you use linux with a *default* installation for your desktop? I don't think so.) would be a secure desktop workstation, but... what about the performance? and what about hardware support? And licenses????
In the end... who care... we use what we like :)
By teemu () on
man;
I use OpenBSD for everything (coding, surfing, mailing, chatting, firewalling)..
By erik () on
Currently I miss smp ao and, frankly, does one really need the security of OpenBSD behind an OpenBSD firewall, without other users, or with very strict user policies in place?
Comments
By Josh () selerius@codefusion.org on http://codefusion.org
I personally will continue to wear my seat/safety belt.
By Anonymous Coward () on
These vulnerabilities apply to the same apps if they're installed in OpenBSD, too. Just because you installed it from ports doesn't mean it isn't vulnerable. If you compare kernel and base OS vulnerabilities, you'll find Linux has had far fewer than OpenBSD in the recent past.
Comments
By Anonymous Coward () on
And where did you learn math?
By my name here () on
As for apps, I totally agree with you. If you do the following to your Linux desktop:
1. Set up an iptables rulset to protect the OS
2. Disable or keep up with OpenSSH and patches
your desktop will be as secure from remote vulnerabilities as a similarly set up OpenBSD workstation
The remote vulnerabilities in OpenBSD all come from ports, except for the OpenSSH bug identified and fixed a long time ago.
By Anonymous Coward () on
As for the linux kernel, how long was 2.6 out before a local root vulnerability was discovered?
Just *look* at some of the kernel attention OpenBSD has gotten -- W^X for example. This is the sort of thing that a mass-market OS is absolutely begging for, but because of the comparatively ignorant user community, lacks. Thanks to this type of feature, there are entire classes of kernel vulnerability which Linux is doomed to suffer, and which OpenBSD on identical hardware either cannot possibly have (sparc) or is much much less likely to have (i386).
Linux...feh.
Comments
By Anonymous Coward () on
I'm definitely no expert at this, but AFAIR w^x protection and many other things were available for Linux long before OpenBSD adapted some of these techniques. They're just not part of the vanilla kernel but available as third party mega-patches, by the grsecurity and openwall projects for instance.
And I definitely remember that before w^x, OpenBSD advocation went along the lines that OpenBSD doesn't need these kind of things because it offers cleanly written code with strong emphasis on security and correctness. Advocators believed in code that is free of errors in the first place, rather than patching dubious code with even more dubious patches. And they also claimed that the mega-patches for Linux did nothing important other than making the kernel unstable.
I find it kind of funny that now that OpenBSD finally has w^x many advocators seem to have changed their minds by 180 degress. :-)
Comments
By Anonymous Coward () on
references? URLs?
And I definitely remember that before w^x, OpenBSD advocation went along the lines that OpenBSD doesn't need these kind of things
Again, references? URLs?
I find it kind of funny that now that OpenBSD finally has w^x many advocators seem to have changed their minds by 180 degress.
Unless you can provide some kind of references, I am afraid not a lot of people will take your assertions seriously...
Comments
By Anonymous Coward () on
references? URLs?
There was an interesting discussion on the bugtraq mailing list that took place in 2003-08 titled "Buffer overflow prevention". The effectiveness of different techniques (and combination of techniques) including but not limited to the ones used in OpenBSD today are being discussed. And there is a little bit of information about the chronological order in which the projects started and evolved.
For example, Theo de Raadt said "I have made it clear many times that W^X inside OpenBSD came into being without me even being aware of PAX."
And I definitely remember that before w^x, OpenBSD advocation went along the lines that OpenBSD doesn't need these kind of things
Again, references? URLs?
No URLs here because I don't think there is something like an authorative voice in this case because its all about opinion.
By Anonymous Coward () on
By pravus () on
it if weren't for this and a couple of other minor factors i could probably live without, i'd be running OpenBSD on all my hardware. as it stands, i've only got Linux running on two of my nine machines.
i guess it all comes down to the right tool for the job. and right now, OpenBSD just doesn't quite fill all the gaps. of course, that's not necessarily a bad thing.
Comments
By Anonymous Coward () on
By Anonymous Coward () on
http://www.faumachine.org/
Hopefully the OpenBSD port of it is nearly complete.
Comments
By Anonymous Coward () on
By Anonymous Coward () on
Comments
By Wim Vandeputte () on
By disabling all listening ports, first thing people do after installing a system is enabling a whole lot of stuff themselves. I'm not claiming you should have the redhat approach by enabling *everything* by default, but having nothing switched on is a bit barebone.
it's not the first time I've installed a system and had no morre access after rebooting the first time (serial console comes to mind). Having SSH to log in is a bit of a minimum to bootstrap.
By Anonymous Coward () on
The claim is now irrelevant for the sole reason that OpenSSH should not be enabled by default, but an option to be enabled during installation; just like the option of enabling network connectivity. I can not think of why it should be the default and I welcome suggestions that hightlight the need to have OpenSSH enabled by default.
What was impressive by OpenBSD, and still relevant today, is 4 years(if I remember correctly) without a local hole in the default install. That stretch highlights the correctness and superiority of OpenBSD, or the lack of interest by the Open Source community in OpenBSD during that 4 year period.
Comments
By tedu () on
Comments
By Anonymous Coward () on
this is a nice piece of detail that I was very happy to see in the install.
and yes, I was installing a desktop machine, so I didn't want the daemon.
Something else I've noticed is that the afterboot manpage is maturing into a really nice document - just one more thing I really like about OpenBSD!
I must agree with other posters though - choosing OpenBSD really comes down to choosing a tool you are comfortable and happy with.
I'm really not overly concerned with the majority of issues raised in many of the posts in this discussion - for my needs, OpenBSD is perfect.
By Anonymous Coward () on
Thanks for the suggestion, but the topic was *default* behaviour, not random points in the operating systems life.
Comments
By tedu () on
By Anonymous Coward () on
Maybe i'm just paranoid...
By elaine () on
However.
from v 3.1 -> 3.2 cvs my preferred WM (enlightnement) *always* had problems with shared memory on obsd. I tried a fresh install of 3.4 recently and experienced the same damned problem. Window borders run out of color planes and eventually become unreadable. Never figured out what it was and never got a reply on the ML's when I asked what was up about it.
So I'm back to Linux. I don't like it as well for a number of reasons but being unable to read / see info on iconified windows just isn't tolerable. Stupid little thing but as E is what I've found I'm most productive with, it's a killer.
Comments
By djm () on
Comments
By elaine () on
By Marc Balmer () marc@msys.ch on http://www.msys.ch/
Comments
By Raymond Morsman () raymond@dyn.org on http://www.openminds.nl
KDE looked great though!
Have you've got a workaround to get Flash 6.0 working with Mozilla?