login
Search
"We are pleased to announce the official release of OpenBSD 4.2. This is our 22nd release on CD-ROM (and 23rd via FTP). We remain proud of OpenBSD's record of more than ten years with only two remote holes in the default install," Theo de Raadt announced. In addition to a lengthy list of new features and improvements, the release announcement includes a dedication:
"We dedicate this release to the memory of long-time developer Jun-ichiro 'itojun' Itoh Hagino, who focused his life on IPv6 deployment for everyone. Without his BSD and IETF participation, IPv6 would not be where it is today. Only now people are becoming aware of his numerous contributions because he took credit for much less than he accomplished. The developers in our project will all miss him."
Congratulations!
Congratulations on a new release! :)
Silly claim
I found the tagline
silly back in the day when there has never been a known remote hole in the default install. After all it's very easy to do: don't start any network interfaces in the default install.
Now that they had actually two remote holes in a barely useful system (just ssh), I think this claim is outright ridiculous.
And what does "default install" mean anyway? The OS should just ask me what kind of install I want (desktop, server, development, ...). No default.
So please OpenBSDers, stop flattering yourself. This is disgusting.
I'm sure someone has asked
I'm sure someone has asked you to stop trolling, but that hasn't stopped you, now has it?
Default Troll
This post managed twelve hours without a default troll.
default install means
default install means exactly that, "default install" - am I not understanding you or are you not understanding it? I really don't see how you cannot comprehend that. =)
So on a serious note, if you are indeed serious, then why don't you simply read up on it - and then later on, look at the code and compare it to other OS-OS's, including something limited to say, a 'kernel'. Then let's talk about clean, secure, standard, non-fragmented code. >=)
As for the tagline, personally speaking, I think it's not needed as OpenBSD speaks for itself now'a days. It has done the most for 'everyone' as a whole, and the best at it! We should all be giving more to OpenBSD and not just credit alone.
Then why don't they just
Then why don't they just turn TCP/IP off in the "default install" and claim "no remote holes evah!"? I guess because it would be just too damn obvious.
Maybe other OSs should start to do that just to make fun of OpenBSD. :D
Anyway, my point was that having a "default install" is silly. The OS installer should guide you through different choices without default. This is stone age.
And 2 remote holes in a install with just SSH enabled is *not* a good track record. It's downright embarrassing. So start thinking for yourself, people.
Default install
"Anyway, my point was that having a "default install" is silly. The OS installer should guide you through different choices without default. This is stone age."
That's the dumbest thing I've read in a while. What is "stone age" about having a functional and secure system after installation? You know exactly what you have, and what you don't have. It's not like it's hard to enable other features.
How many remote holes does Windows have in its default install? More than two, I can tell you that much. If the various GNU/Linux distributions kept track, I'm pretty sure the number would easily exceed two.
This whole thing is about "secure by default". You don't have to worry about "hardening" the system after installation, because it's pretty damn secure already and yet quite functional.
Sheeesh - is this really so
Sheeesh - is this really so hard to understand?
A minimum system with ssh should be one *option*.
Another option should be a no-network computer.
Another option should be a standard desktop.
Another option should be a developper machine.
And so on. You always know what you get and can decide for yourself. Everything else *is* stone-age.
If you get a hard-on from your ultra-secure-by-default machine, why not turn of TCP/IP and SSH in the default install?
This claim is silly and casts a bad light on the OpenBSD developpers. How can you trust the security work of people who are constantly praising themselves? I know that I don't.
Put down your crack pipe, please.
"A minimum system with ssh should be one *option*."
It _is_ one option.
"If you get a hard-on from your ultra-secure-by-default machine, why not turn of TCP/IP and SSH in the default install?"
Because it would affect the "functional" part in "Free, functional & secure". The system is functional, yet quite secure. By default. Why do you get so upset about that fact?
"This claim is silly and casts a bad light on the OpenBSD developpers. How can you trust the security work of people who are constantly praising themselves?"
Their track record should be enough. Apart from the "only two remote holes ..." thing you're making so much noise about, what about the BIND exploit discovered just recently? Guess which operating system was not vulnerable.
Now, I suggest you stop trolling and adjust your medication.
Because it would affect the
How is that? A desktop machine without internet access is definitely functional for many usecases and has per definition no remote holes. So Windows 3.1 beats OpenBSD: no remote holes in default install in over 15 years!
OTOH for many people a machine with just SSH installed is completely useless.
Conclusion: the default install is something completely arbitrary and irrelevant. OpenBSD's claim of fame is ridiculous - they should switch to another one.
Are you kidding me? Two remote holes in a machine with *nothing* installed? That's downright embarrassing.
What about that? I'm not running BIND on any of my machines and never had to remove it because it was installed "by default". Thank god in most OSes you can decide what to install.
Oh, please.
I think you meant to say "no remote access in over 15 years". Yes, quite impressive.
And for others, it's not. For example, it's nice to know that your firewall software has only had two remote holes in over 10 years, don't you think?
You can do a lot with the default install. Well, not you perhaps.
The point was not BIND, but I guess you just conveniently ignored that and made it into a "BIND sucks" issue instead.
what about the BIND exploit
what about the BIND exploit discovered just recently? Guess which operating system was not vulnerable
Heh. Mine. I wouldn't touch BIND with a ten-foot pole.
-M
SSH
Considering just about every Linux dist, commercial UNIX, BSD, and a load of routers and other network devices use OpenSSH, you'd be hard pressed to use anything but Windows if you don't want to use OpenBSD's code.
Of course, you don't want to install Services for UNIX either, since that's OpenBSD derived as well.
Oh and they aren't making themselves look bad, you however are making yourself look pretty stupid.
Lying is easy.
I'd seen that it has 3 remote holes but it says only 2 remote holes.
Later, i'd seen that it has 4 remote holes but it says only 2 remote holes.
Later, i'd seen that it has 5 remote holes but it says only 2 remote holes.
Why didn't they say the other 3 hidden remote holes?
Because of inexistent NDA (Non-Disclosure Agreement), it's highly secret for reasons of National Security and the F.B.I. (Federal Bureau Investigation) men need those remote holes to spy us.
trolling is easy
You just keep talking, why i'm not sure.. Trolling is easy, you just keep going around making up claims and trying to support them based on information your pull out of your ass on the fly. Are you also a pathological liar? Do your parents know your on the internet?