OpenBSD - For Your Eyes Only

Contributed by dhartmei on 2004-07-07 from the favorable-reviews dept.

Robert Storey writes on distrowatch.com:

Not a week goes by without a new computer security bulletin being issued. The problem is particularly acute on servers, and diligent system administrators face an endless (and often thankless) task watching for security alerts and downloading the relevant patches as soon as these become available. Not surprisingly, a lot of sysadmins would kill for an operating system in which the code was carefully audited in advance so that vulnerabilities were squashed before they could be exploited. In the following article, we explore OpenBSD, an operating system built from the ground up with security in mind. Though not suitable for every taste, OpenBSD will no doubt save many system administrators gray hairs. Even for those not running a server, this is a very stable and powerful OS and you don't necessarily need to be paranoid (though it helps) to enjoy using it.

(Comments are closed)

Comments

By Anonymous Coward (208.252.48.163) on 2004-07-07 12:38

Not a week goes by without a new computer security bulletin being issued. The problem is particularly acute on servers, and diligent system administrators face an endless (and often thankless) task watching for security alerts and downloading the relevant patches as soon as these become available.

I'm all for praising OpenBSD for what it's good at, but this is the case with any operating system, OpenBSD included: http://www.openbsd.org/errata.html
By James Nobis (64.244.122.155) on 2004-07-07 14:41 http://www.quelrod.net

As much as I love openbsd (it runs on my 4 systems at home) it still gets a decent number of patches. I currently have one box set and use binpatch and distribute the patches to my other systems at home and remote. An easy to way to update ala apt-get update && apt-get upgrade would be quite useful. We use debian linux on the work servers because we're given minimal amounts of time to admin the systems and we do not have time to deal with compiling to patch. Seeing binpatch adopted by the openbsd team or some similar system would remove another barrier to wider use of my favorite os.
By Dunceor (130.243.30.36) on 2004-07-07 14:57

nice error on the side "FreeBSD Specifications".
By Anonymous Coward (142.166.105.70) on 2004-07-07 16:10

For the most part a very good -- and better than that, useful, overview of OpenBSD installation and setup. A few warts: the chap, as seems to be typical in these reviews, did not realise that ksh is a perfectly good, friendly, and configurable shell. He really didn't need to install bash or zsh to get a usable environment, since ksh works almost exactly the same.
He got a few details in X installation a little muddled. He forgot 'X -configure' as a means to set up X, and you really don't need to add 'nolisten tcp' to anything since this is the default when X is launched from xdm (which he seems to have missed entirely).
Personally I don't find fdisk and disklabel all that confusing -- but in fairness I can barely remember when OBSD installs seemed new and strange.
I'd love to see somebody cover a 'simple' printer setup for your typical inkjet user using lpd, ghostscript, and a couple of script filters. Somehow this has never found it's way into the FAQ or as an example setup in printcap. It probably belongs there.
Comments
1. By SH (82.182.103.172) on 2004-07-07 17:08
  
  Coming from Linux on i386, the concept "partition" has changed meaning, but is still used in the same context. The first few times, this can be pretty confusing.
  Comments
  1. By Chris (139.142.208.98) on 2004-07-12 21:01
    
    The article uses the term "partition" incorrectly, along with the rest of the disk terminology. The partitions are always the same on i386, the internal sections that BSD uses are called "slices".
    
    Comments
    
    By SH (82.182.103.172) on 2004-07-12 22:27
    
    The article uses the term "partition" incorrectly, along with the rest of the disk terminology. The partitions are always the same on i386, the internal sections that BSD uses are called "slices".
    Nope, you are wrong about this for i386. From OpenBSD FAQ Install section 4.5.2 we have
    "Setting up disks in OpenBSD varies a bit between platforms. For i386 and macppc, disk setup is done in two stages. First, the OpenBSD slice of the hard disk is defined using fdisk(8), then that slice is subdivided into OpenBSD partitions using disklabel(8)."
    Add to this that both of the man pages for fdisk and disklabel talks alot about partitions and how to edit them. Same goes for the output of the programs when installing OpenBSD. So, partitioning can be confusing the first few times.
    /SH
By Anthony (192.208.10.217) on 2004-07-07 18:18

The term "user hostile" implies no thought is given to the needs of the user, but on OpenBSD the user is the main focus after security. It's just that the user is assumed to be an admin/developer, because that's what everyone involved wants. That means first rate documentation, consistent layout of the filesystem, clean solutions to problems, etc. The burden of knowledge is higher, yes, but that's why the docs are so good.
By Peter Hessler (208.201.244.164) spambox@theapt.org on 2004-07-08 00:47

The solution to being "user hostile": openbsd-newbies.

Subscribe at http://mailman.theapt.org/listinfo/sfobug
Archives at http://marc.theaimsgroup.com/?l=openbsd-newbies&r=1&w=2

(Not sponsered by the OpenBSD project, just by the San Francisco OpenBSD Users Group)
By goon (220.253.49.128) goonmailALPHATANGOnetspaceDELTAnetDELTAau on 2004-07-12 02:58 http://slashdot.org/~goon

got a few minor quips ...
in *Obtaining OpenBSD* and installing there's no mention made of just downloading a base install and burning it to CD. While it is desirable to buy the official release there's nothing stopping you grabbing what you need and delaying the purchase
there is some emphasis in using obsd as a desktop and the lack of GUI pf tools ~ but nothing about how using the system in cli mode is pretty easy.
a useful inclusion might be the obsd package distro watch link, which I use to see what the focus of an OS really is.

Latest Articles

Tue, Apr 23
- 05:25 pfctl(8) and systat(8) to display fragment reassembly statistics (0)
Thu, Apr 18
- 05:05 Coming soon to a -current system near you: parallel raw IP input (0)
Wed, Apr 17
- 05:33 In -current, default write format for tar(1) changed to "pax" (11)
Wed, Apr 10
- 18:50 OpenSMTPD 7.5.0p0 Released (2)
Tue, Apr 09
- 04:49 20 years since "and we're just starting": undeadly.org turns 20 (2024-04-09) (13)
Fri, Apr 05
- 06:16 OpenBSD 7.5 released (3)
Thu, Mar 28
- 18:18 LibreSSL 3.8.4 and 3.9.1 released (0)
Tue, Mar 12
- 06:53 OpenSSH 9.7/9.7p1 released! (0)
Mon, Mar 11
- 11:28 Game of Trees 0.97 released (0)

Credits

Copyright © 2004-2008 Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to April 2nd 2004 as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]