Hum. Looks like I'll have to play with some BSD now.
That's random: OpenBSD adds more kernel security
OpenBSD has a new security feature designed to harden it against kernel-level buffer overruns, the "KARL" (kernel address randomised link). The changes are described in this note to an OpenBSD developer list penned by founder and lead developer Theo de Raadt. The idea is to randomise how the kernel loads, so that kernel …
-
Monday 19th June 2017 09:59 GMT Christian Berger
It's amazing where you can go when you have only completent people
I mean OpenBSD just ads sensible security feature after sensible security feature, while the GNU/Linux community is overrun by the Freedesktop/Pulseaudio/SystemD people which try to turn the Linux userspace into a bad copy of Windows.
-
-
Monday 19th June 2017 13:21 GMT Christian Berger
Re: A bad copy of Windows
"It could be worse. Think how awful it would be if GNU/Linux devs turned Linux into a good copy of Windows."
Well Microsoft has a head start on it, as they are working hard on abandoning many of their problems. Virtually no modern software uses OLE. VBA, once an essential feature, is now seen as an evil. Software which needs logs typically writes them by itself, ignoring the Windows logging system. Essentially many Windows developers are now old enough to understand why the nifty features they have heared of in the 1990s and 2000s are utter shit.
-
-
Monday 19th June 2017 11:52 GMT pitrh
Reasons to use OpenBSD incremented by one
Yes, one more reason to at least start considering OpenBSD as part of your portfolio.
If you need a not-too-many-minutes rundown of other good reasons, my "OpenBSD and you" propaganda slides are up at https://home.nuug.no/~peter/openbsd_and_you/ (freshly updated in spots for some reason)
-
Monday 19th June 2017 15:18 GMT Anonymous Coward
OpenBSD good. "Community" not so.
OpenBSD is great. Very useful for applications where even a minimal install of Linux would bring too much to the party.
However the "community" is not so good.
At the top, you have they have their very own Linus. Much like Linus, Theo de Raadt tends to be rather forthright in his opinions, and similar to Linux the whole OpenBSD project appears to run on a "if Theo says no, its a no go" basis.
The "community" (a.k.a the openbsd-misc mailing list) is also a rather interesting experience. More often than not you are spoken down to, told to RTFM, given terse answers, or if you're really lucky Theo will come along to make sure you're put in your place.
Plus every time a new OpenBSD release comes out the whole openbsd-misc list turns into a Donald Trump meeting where everyone is expected to praise the great one in how fabulous OpenBSD is and thank them for this latest release.
In that respect, OpenBSD is no different to any other open source project. Great whilst it works, but when it boils down to getting help, the whole experience can be just as frustrating the worst of the tier 1 call centres in the commercial world. They're both as bad as each other really.
-
Tuesday 20th June 2017 05:02 GMT Christian Berger
Well, you should always read documentation first
The documentation seems to be rather decent, and you should read it first, before asking your questions.
The reason is the same as with tier 1 call centres. Most people in IT have no f*cking clue what they are doing. They could get some clue by reading the documentation, and apparently they put lots of effort into the documentation.
So they provide a way to get your question answered, but you choose the most annoying way to do it they provide for only serious questions not answered by the documentation.
-
Tuesday 20th June 2017 10:12 GMT Anonymous Coward
Re: Well, you should always read documentation first
"The documentation seems to be rather decent, and you should read it first, before asking your questions."
"You choose the most annoying way to do it they provide for only serious questions not answered by the documentation."
Are you sure your name isn't Theo ? ;-)
Seriously !
I know how to read documentation, but trust me, OpenBSD documentation is not the panacea. Often it is obscurely worded or too terse, sometimes it doesn't mention rather important limitations (e.g. PF table counters or IPSec limitations).
And the OpenBSD documentation, whilst (generally) good for configuration work, is, lets face it, as useless as anyone else's documentation when it comes to troubleshooting....
Trust me, as someone who has done their fair share of OpenBSD troubleshooting, it can fast turn into an obscure rabbit-warren of a process. Yes you can turn on all the verbose logging you like in OpenBSD, but interpreting it, and interpreting it correctly is another matter, the messages don't always mean what they appear, hence it is the sort of time when you could do with a more experienced pair of hands to help you.
But instead, posting to the misc mailing list normally ends up in you getting shot down in one of the ways previously highlighted.
-
Tuesday 20th June 2017 18:39 GMT Anonymous Coward
Re: Well, you should always read documentation first
Yes the manuals/FAQs are okay. But they only hint at the use cases for OpenBSD.!!!
The calomel.org guys tried to expand upon that and were also targeted by OpenBSD purists.
They are largely correct (the purists) in that one does have to dive in with OpenBSD. I've been using it for firewalls/routers/secure web host/VPN gateways (IPsec then SSL) for 20+ years. The knowledge is hard won and often you have to create it yourself via experimentation.
It is interesting to note how widespread the pf firewall has become: OS X, QNX, .... the rule syntax is very approachable and has improved over time (OpenBSD 4.7 was a nice step improvement).
The same group is also behind OpenSSH and it will soon be key to the whole IT ecosystem when Microsoft finishes its port to Win32.
-
Wednesday 21st June 2017 07:58 GMT Anonymous Coward
Re: Well, you should always read documentation first
"The calomel.org guys tried to expand upon that and were also targeted by OpenBSD purists."
Yeah... Theo has remained strangely silent on calomel, but his very close colleagues, the senior devs. have not been afraid to hold back !
Many of the comments about calomel on the openbsd-misc list are, well, "less than flattering" shall we say.
-
-
-
-
Biting the hand that feeds IT
