- It's the applications, stupid
- Will a whitelist save personal computing?
- Thousands of Web sites under attack
- To solve the unsolvable problem
- Re-thinking the security of virtual machines
- Security Development Lifecycle trumps code complexity
- Is your Web site FIPS compliant?
- Computer security: Why have least privilege?
- Strategic security: Get a handle on authentication
- Control user installs of software
January 01, 2007 | Comments: (0)
OpenBSD column corrections
Here are some factual corrections to my OpenBSD column.
My recent OpenBSD column is generating lots of online press in some of the OpenBSD forums. As expected, I'm portrayed as an idiot who has never installed or used anything but Windows.
You can read one of the forum comments here.
Geez, I wonder why more people don't use OpenBSD? Could it be the overly friendly community?
[Actually, with that said, some of the comments were supportive. In any online community you get all kinds, helpful and not so helpful.]
With that said, I want to make sure that I correct anything I said incorrectly in the column. Here are some corrections/additions I agree with:
I said OpenBSD has only had one remote exploit in the kernel. That was incorrect. It has only had one remote exploit in the default install, which includes a lot more than the OpenBSD kernel (bsd). That's a big oversight and needs to be corrected.
\bin and \sbin should be /bin and /sbin, of course.
I said that OpenBSD is shipped with all non-essential services disabled by default. There are some services enabled by default (i.e. sendmail, cron, time, sshd (if you choose to accept the default)...but again these are essential or else the OpenBSD team would not turn them on.
I said that OpenBSD was harder to install and configure than most Linux distros. That's still true, but it isn't much harder, and there are many, many tools (pkg_add, ports, etc.) that make it a piece of cake compared to how tough it used to be years ago.
I said, "They worked hard to scrub every proprietary and non-open piece of source code out of the kernel." That should be applied to all of the default install.
I said FTP supports HTTPS. It should be clarified that OpenBSD's ftp command supports it, but not the FTP protocol. You should be using something else to transfer files anyway, like scp.
I'll print more clarifications in this space as I get them.
Notice that I didn't correct that I'm an idiot.
Posted by Roger Grimes on January 1, 2007 04:05 AM
RATE THIS ARTICLE:
-
- COMMENTS
TOP STORIES
Top 10 stories of the weekA new place to hide rootkits
Sun exec on OpenSolaris, Linux
AT&T: No free iPhone Wi-Fi info
MS to appeal E.U. fine
XP SP3 causes endless reboots
Vista as insecure as Win 2000
Google grilled on human rights
Java ubiquity an edge in RIA battle
The InfoWorld news quiz
ADDITIONAL RESOURCES
- Application Security: Threats and How to Counter Them
- Why Linux Threats Mean Business
- Minding the Machines: PC Disaster Recovery for the Enterprise
- Protect Your Data with SSL
- Prevent Your Next Microsoft Exchange Outage
- 11 Myths About Microsoft Exchange Backup & Recovery
