Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Theo De Raadt Says FreeBSD Is Just Catching Up On Security

timothy posted about 9 months ago | from the diplomatic-mission dept.

Unix 280

An anonymous reader writes "The OpenBSD project has no reason to follow the steps taken by FreeBSD with regard to hardware-based cryptography because it has already been doing this for a decade, according to Theo de Raadt. 'FreeBSD has caught up to what OpenBSD has been doing for over 10 years,' the OpenBSD founder told iTWire. 'I see nothing new in their changes. Basically, it is 10 years of FreeBSD stupidity. They don't know a thing about security. They even ignore relevant research in all fields, not just from us, but from everyone.'"

cancel ×

280 comments

Sorry! There are no comments related to the filter you selected.

first (-1)

Anonymous Coward | about 9 months ago | (#45700413)

first!

Now, if... (5, Funny)

Dahamma (304068) | about 9 months ago | (#45700421)

...only OpenBSD would catch up in every OTHER category...

OpenBSD is better than the Slashdot Beta. (-1, Offtopic)

Anonymous Coward | about 9 months ago | (#45700517)

Guys, something is seriously wrong with my Slashdot. It's showing some "Beta" banner by the logo and now the site is basically unusable. It took me a good 10 minutes to even find where this comment box is located!

The text looks really fucking bad now. Almost all of the text is really small, the fonts render very poorly, and a lot of the text is gray on slightly darker gray. It is extraordinarily hard to read. Even the text in this comment box is very small, and its in italics and it's just so hard to read.

There's a lot of wasted space now, too. I've got a 28" monitor and probably 80% of the screen is empty gray areas. The rest is tiny, tiny text that's goddamn unreadable.

When I look at the main story list I can't tell where one story ends and another begins. Some of them have huge images, but others have huge blank gray areas. And I have to scroll so much now just to see all of the stories! I used to be able to read like 6 at a time on my screen. Now I can barely fit in even just two!

The comment threads are even worse. The whole lack of contrast means it's so hard now to figure out what is a comment and what isn't. For crying out loud, everything here is now gray-on-gray-on-gray-on-gray, with some teal on the buttons just to make them very distracting.

I thought that the last design was horrible compared to the one before it, but my god, this new "Beta" Slashdot is virtually unusable. I literally won't be able to continue using this. I can't even read the fucking story or comment text here any longer, and now it's nearly impossible to post comments. There's no reason for me to stay if I can't even just read the content here passively!

Re:OpenBSD is better than the Slashdot Beta. (2)

roman_mir (125474) | about 9 months ago | (#45700641)

It's the fucking NSA, man, they can't even intercept comments here without screwing up the site! Oh, I wonder just how many NSA man hours are wasted moderating every single one of my comments...

Re:OpenBSD is better than the Slashdot Beta. (0)

Dahamma (304068) | about 9 months ago | (#45700721)

You'd think /. would at least be able to auto-reject recurring spam posts that are 100% identical.
(though I do have to admit beta.slashdot.org is pretty awful...)

Re:OpenBSD is better than the Slashdot Beta. (0, Insightful)

Anonymous Coward | about 9 months ago | (#45700741)

How the fuck is it spam? There's no commercial content in it. The only thing that may be slightly interpreted as "commercial" in nature is perhaps the continued existence of /. as a site that gets any visitors. But that's a real stretch.

Besides, the message is 100% valid and correct regardless of whether it has or has not been posted before. Hell, it's a damn good message, and one we need to hear more and more often if /. has any hope of not becoming the next Digg.

Re:OpenBSD is better than the Slashdot Beta. (1)

Dahamma (304068) | about 9 months ago | (#45700779)

Because the SAME message has been randomly posted a bunch of times as replies to completely unrelated topics. I guess you are confirming that you at least spent the effort to copy and paste it? Bravo for you. But it's still spam.

Re:OpenBSD is better than the Slashdot Beta. (1)

Anonymous Coward | about 9 months ago | (#45701273)

How the fuck is it spam? There's no commercial content in it.

There are three definitions for the term "spam" which are used.
1. Originally, it was used to indicate a flood of data with no actual meaningful content.
2. At some point some politician passed a law defining it as "commercial solicitation".
3. Most laymen use the definition of "anything I don't want to see".

On slashdot, you usually see definitions 1 and 3 used.

Re:OpenBSD is better than the Slashdot Beta. (0)

Anonymous Coward | about 9 months ago | (#45700813)

If you delete the "beta" part of beta.slashdot.org/sdfsdsdfsdfsdf, the page will reload as the old style.

I had pretty much the same reaction when I saw that horrible new layout, but noticed beta in the address bar, and took it out, and got back to the old usable site. A page reload sometimes brings back the broken new layout, but deleting beta will bring back the old again.

RIP slashdot, when they make the above no longer work.

Re:Now, if... (-1)

Anonymous Coward | about 9 months ago | (#45700735)

Theo De Ego spouting off his garbage again...

Re:Now, if... (-1)

Anonymous Coward | about 9 months ago | (#45700829)

Especially security. Still storing personal SSH keys in plain text, by default, and providing no tools for *removing* expired or mismatched hostkeys from authorized_keys, or anything other than manual editiing for clearing access keys, always was and always has been butt stupid user interface management.

Hey, Theo! I hear the 90's calling! They want their installer back!

Re:Now, if... (1)

Anonymous Coward | about 9 months ago | (#45700903)

"Manual editing"? The format is one fucking key in ASCII per line, there's absolutely nothing that can't be done just as easily as some 'management tool' by a straight-up text editor.

Re: Now, if... (3, Informative)

Anonymous Coward | about 9 months ago | (#45701063)

The openbsd installer is one of the fastest and easiest installers I have seen. I prefer the developers work on developing a secure and functional system then waste time making a pretty GUI for the people who have phobias of text interfaces, or can't be bothered to learn how to edit a text file.

Re: Now, if... (-1)

Anonymous Coward | about 9 months ago | (#45701357)

The openbsd installer is one of the fastest and easiest installers I have seen. I prefer the developers work on developing a secure and functional system then waste time making a pretty GUI for the people who have phobias of text interfaces, or can't be bothered to learn how to edit a text file.

I have no phobia of text interfaces, and editing a text file is pretty easy. Assuming the editor wasn't written by some Aspie with a lust for completely re-inventing the fucking wheel and a complete aversion to any sort of documentation. Which is NOT a safe assumption to make when dealing with Unix/Linux type systems. In fact, it seems like a lot of basic tools are intentionally overly cryptic or deviate from obvious norms just to be different. And it's annoying as fuck.

Shit man, my fucking BIOS has a goddamn GUI these days, so don't give me a bunch of lame excuses about how you can't make your text editor simple and effective.

Re: Now, if... (2, Insightful)

Anonymous Coward | about 9 months ago | (#45701363)

Complete aversion to documentation? Are you sure you're thinking of the OpenBSD folks? I think you might be confusing them with the Linux crowd.

Re:Now, if... (5, Insightful)

Arker (91948) | about 9 months ago | (#45701101)

What method could possibly be more convenient, simple, and appropriate than opening the file with your text editor of choice and deleting the line?

What do you expect? Some bulky "management interface" to hold your hand while you take 10 times as long as necessary to do the simple task of *removing an entry from a text file*? What is wrong with you?

Re:Now, if... (5, Insightful)

cold fjord (826450) | about 9 months ago | (#45700901)

...only OpenBSD would catch up in every OTHER category...

You can always port or build other software on OpenBSD.

You can't really bring other operating systems up to OpenBSD security standards with just a compile or two.

Make your pick: secure, or convenient.

Re:Now, if... (-1, Troll)

Anonymous Coward | about 9 months ago | (#45701097)

And how great is OpenBSD's security in practice? What does it have or do that's better that would save a user from a web browser drive-by exploit? Or from a user opening/running an email attachment with an exploit? Compared to Linux with apparmor or SE Linux? Or FreeBSD's jail? Or even Windows 7?

Fact is OpenBSD is overrated as an OS and as a secure OS: http://allthatiswrong.wordpress.com/2010/01/20/the-insecurity-of-openbsd/ [wordpress.com]

They being able to claim they are "Secure by Default" because they don't have much running/enabled by default is as silly as claiming MSDOS being secure by default because it doesn't have TCP/IP by default.

Re:Now, if... (4, Interesting)

Anonymous Coward | about 9 months ago | (#45701247)

Secure By Default only seems obvious in retrospect. Remember when OSes like RedHat 5 and Windows 2000 automatically started a shitload of network services? No I don't need to run Finger or share my printers over HTTP. Predictably, they got owned before you could download the patches.

Re:Now, if... (0)

Anonymous Coward | about 9 months ago | (#45701407)

That was how many years ago? These days even Windows XP SP3 is harder to pwn by default (firewall enabled) if you just leave it powered on and don't go browsing random sites.

And if you do use an exploitable browser (firefox, chrome etc) you'd be pwned whether you're on XP or OpenBSD. There is no real difference in security.

Re:Now, if... (3, Funny)

shutdown -p now (807394) | about 9 months ago | (#45701333)

It's like saying "you can always port or build other software on GNU/Hurd". It's a broadly true statement, but a surprisingly meaningless one.

Re:Now, if... (-1)

Anonymous Coward | about 9 months ago | (#45700987)

can anyone ever hope to be a bigger dick than Theo? Guess that means two categories.

Re:Now, if... (1)

austinhook (656358) | about 9 months ago | (#45701313)

Darn that "Security First" hangup...

Insecurity (-1)

Anonymous Coward | about 9 months ago | (#45700425)

Damn Jesus freaks stop singing your fairy tales every night!!!

so letting the nsa hire someone (1)

Anonymous Coward | about 9 months ago | (#45700431)

to write your ipsec, thats the definition of security.

Re:so letting the nsa hire someone (4, Insightful)

EdIII (1114411) | about 9 months ago | (#45700583)

to write your ipsec, thats the definition of security.

Exactly.

The NSA is the one you are protecting yourself against . Why would you EVER trust any cryptographic primitives designed by them at all?

Being able to fully trust the cryptographic primitives on a system is not a new thing though... those NSA guys have tainted so much everywhere simply because it is their job description to decrypt sensitive communications for the intelligence community.

Microsoft anyone?

Re:so letting the nsa hire someone (2, Interesting)

Anonymous Coward | about 9 months ago | (#45700783)

First thing I do with security is look at who I am protecting against, and throw resources at the most common things first:

1: Web browser and add-on compromise is an issue... thus AdBlock, NoScript, and other things, not to mention running all Web browsers in a VM, jail, or sandbox.

2: Theft is common, so I encrypt all my HDDs. That way, Jack Meth-head who grabs a computer will get... hardware. No data is on the black market for blackmail or extortion.

3: Backups are protected on the cloud, because even though so far, there has not been a single intrusion with a cloud provider, it is only a matter of time. When it does happen, I want encryption that uses no passwords, so brute-forcing has to be done against the entire AES-256 keyspace, not just the limited space from a passphrase. Thus, TrueCrypt with keyfiles, or storing data with private keys stashed in secure locations.

4: Legal security. Using NIST/FIPS approved stuff gets me past the auditors at work, and those guys need to be happy or else I'm out of a job, or perhaps facing criminal charges due to Sarbox, FERPA, HIPAA, or civil charges for pissing on PCI-DSS3.

5: Privacy. VPN services, running different Web browsers for different tasks, blocking beacons, all help here. I might be as Draconian as to say to ditch your iDevice if you value privacy since one can use Android to further block beacons, cookie sites and such on the device.

6: Foreign intel divisions. They get in, company gets shut down, just like the US solar industry got "mugged" and solar panels sold for cheaper than rare earths exported from China.

Then there is a lot of other stuff, internal things, APTs... in the entire scheme of things. NSA spying is not on my list to worry about.

Lets be real folks. Focus on the real threats, not boogeymen. Of course, this reasoning is different if not in the US, so substitute NSA for one's domestic intel crew.

Re: so letting the nsa hire someone (0)

Anonymous Coward | about 9 months ago | (#45701045)

Jack MethHead is my second cousin you insensitive clod !

Re:so letting the nsa hire someone (5, Insightful)

EvanED (569694) | about 9 months ago | (#45700809)

...those NSA guys have tainted so much everywhere simply because it is their job description to decrypt sensitive communications for the intelligence community.

To play devil's advocate for a second (and from someone who is as opposed to the NSA's spying as anyone), they job is also to prevent adversarial spying on us. That presumably applies much more to government functions than day-to-day ones, but if, say, the military or state department actually follows the NSA's suggestions, there's a decent chance that those suggestions are pretty close to as good as it gets.

Say what ?! (1)

Taco Cowboy (5327) | about 9 months ago | (#45701243)

... if, say, the military or state department actually follows the NSA's suggestions, there's a decent chance that those suggestions are pretty close to as good as it gets ...

Are you saying that NSA hasn't yet created enough havoc, that you wish the State Department and the Military to join NSA in making even more violations to our Constitutions ??

Re:Say what ?! (1)

Maow (620678) | about 9 months ago | (#45701447)

... if, say, the military or state department actually follows the NSA's suggestions, there's a decent chance that those suggestions are pretty close to as good as it gets ...

Are you saying that NSA hasn't yet created enough havoc, that you wish the State Department and the Military to join NSA in making even more violations to our Constitutions ??

When he said suggestions (not examples), I think he meant something like the NSA's Information Assurance [nsa.gov] recommendations.

Check it out, it's quite informative (+5 Informative).

Re:so letting the nsa hire someone (1)

DMUTPeregrine (612791) | about 9 months ago | (#45701347)

You assume that the people running the NSA care about anything but their own power. This seems silly. For example, look at the inter-branch rivalry within the US military. The Air Force hates the A-10 because it's slow, the Marines love it because it works well to keep them alive. The Air Force won't let the Marines fly the thing, because planes are for the Air Force (unless they land on a ship). There are hundreds of other petty disputes like that, many of which have cost the lives of US servicemen. Why would you expect the NSA to look out for anyone other than the NSA?

Re:so letting the nsa hire someone (1)

Nutria (679911) | about 9 months ago | (#45701463)

The Air Force won't let the Marines fly the thing, because planes are for the Air Force (unless they land on a ship).

I've often wondered why the USMC never let out an RFP to make a carrier-worthy A-10.

Re:so letting the nsa hire someone (1)

EdIII (1114411) | about 9 months ago | (#45701375)

I don't doubt that the NSA is highly skilled and that one would be wise to follow their suggestions for best practices. Certainly pay attention the NSA suite B.

That being said, why on Earth would one trust a cryptographic primitive that the NSA was involved in creating?

It reminds me of the scorpion and the frog crossing the river. The NSA is strongly compelled to compromise as much of the US communications infrastructure that they can, as well as the rest of the world. Those activities are in the furtherance of their reason d'etre.

You know this. You know who they Are. They will act in accordance with their nature, just like the scorpion.

So as much as they want to protect the US infrastructure from external and internal threats, that needs a balance with their need to compromise it. After all, unless you can completely, utterly, and with unprecedented skill, annihilate the citizens privacy, how do you protect them?

The NSA needs this information for Big Data Fuckfest where those dreams they had while jerking off to Minority Report finally come true. It will be them that can identify a subversive and stop him before he even has a chance to buy parts for his doomsday weapon.

So take their suggestions with a grain of salt, be suspicious and mindful about their algorithm designs, and strongly on guard for any programming primitives that you know they have influenced.

They are protecting you on their own terms, not yours.

Re:so letting the nsa hire someone (0)

Anonymous Coward | about 9 months ago | (#45701307)

ipsec sucks dick... openvpn all the way bitches!

Re:so letting the nsa hire someone (1)

smash (1351) | about 9 months ago | (#45701381)

Says the guy who can't configure IPSEC.

Yeah (5, Funny)

Anonymous Coward | about 9 months ago | (#45700451)

Good old Theo De Raadt.

Half human, half cunt.

Re:Yeah (1)

smash (1351) | about 9 months ago | (#45700541)

Ahaha. I'm sure he's at least somewhat misunderstood as text does not convey tone very well. But yes, description seems accurate.

Re:Yeah (5, Insightful)

ArchieBunker (132337) | about 9 months ago | (#45700751)

And usually right.

Re:Yeah (0)

Anonymous Coward | about 9 months ago | (#45701091)

People wouldn't call him an asshole if he isn't usually right. Troll, shrill, etc.

Not really (3, Informative)

Sycraft-fu (314770) | about 9 months ago | (#45701207)

He's often "technically correct". What I mean is that OpenBSD is really secure in its default setup... because it doesn't do fuck-all. Security via turning off everything isn't really that impressive. When something is supposedly so much superior on a security front, yet seems to get very little usage, well, there's a reason.

Also, even if you are right, you shouldn't be a dick about it. Perception matters in the world and if you want to persuade people to your position, you need some empathy. If you act like a jerk all the time, it puts people off and makes them dislike you, and thus not consider the content of your claims.

Re:Not really (5, Funny)

Architect_sasyr (938685) | about 9 months ago | (#45701267)

Pretty sure whoever wrote "House" was looking at Theo and thinking "You know... that fucker could make a great TV show character". Of course it was probably followed by "but screw that IT crap" but whatever.

Re:Yeah (0)

Anonymous Coward | about 9 months ago | (#45701269)

And usually right.

It's a typical geek fallacy to assume that being right trumps being nice, when it's possible to be both.

Being right doesn't excuse not bothering to be decent.

Re:Yeah (0)

Anonymous Coward | about 9 months ago | (#45701367)

Good old Theo De Raadt.

Half human, half cunt.

Same breed as Linus, it appears then.

Re:Yeah (0)

Anonymous Coward | about 9 months ago | (#45701421)

Don't forget Stallman!

Quick Wiki Summary (5, Insightful)

fustakrakich (1673220) | about 9 months ago | (#45700475)

"De Raadt has been criticized for having a somewhat abrasive personality..."

Re:Quick Wiki Summary (5, Funny)

chill (34294) | about 9 months ago | (#45700489)

Note: That wiki summary was from the entry on "Understatement of the Year, 1996-2013 inclusive"

Re:Quick Wiki Summary (5, Funny)

TheRealMindChild (743925) | about 9 months ago | (#45700659)

We just need a flame war between him and Linus. Nerdwar will never be the same

Re:Quick Wiki Summary (3, Informative)

broken_chaos (1188549) | about 9 months ago | (#45700909)

Linus is a bit more restrained in his flaming. Typically he only does it when the person on the receiving end has done something dumb-to-monumentally-dumb and is someone Linus trusted to not do such things.

Re:Quick Wiki Summary (1)

fahrbot-bot (874524) | about 9 months ago | (#45700759)

"De Raadt has been criticized for having a somewhat abrasive personality..."

Or... Theo has been praised for occasionally not being a (total) dick - especially when he's right.

[ You say tomato... Perspective is everything. ]

constructive criticism (1)

Gravis Zero (934156) | about 9 months ago | (#45700485)

you're doing it wrong.

Re:constructive criticism (3, Insightful)

Trepidity (597) | about 9 months ago | (#45700887)

Well, he did produce OpenBSD, which could be seen as constructive criticism in a sense (instead of just complaining, build something). But yeah, if you mean constructively criticizing things in text, that's not really his strong point.

Framing the debate (4, Informative)

Anonymous Coward | about 9 months ago | (#45700491)

As usual:

- Theo is a complete asshole, but also quite correct about most things. OpenBSD is rather behind the
times in general, but very good at what it does do. And their stance on BSD license and making BSD tools is great.

- FreeBSD really is stupid about some things.
Let's take for instance their complete refusal to implement any strong security in their distribution chain.
You can't verify their ISO's or packages back to their source in any way. Their repo is ancient svn, not
git or monotone, so they have no signable hashes in their repos. There's no deterministic builds. etc.
And when you bring it up, they just handwave about process and workflow as reasons to continue
doing the same. FreeBSD is pretty damn good as an OS, but their standing on these things is BULLSHIT.

Re:Framing the debate (5, Interesting)

Anonymous Coward | about 9 months ago | (#45700633)

How is OpenBSD any different in that regard? They rewrote CVS (OpenCVS) for heaven's sake, so they didn't have to move to SVN, let alone Git.

And Git's hashes are not for the sake of security. Linus made that abundantly clear when he refused to allow SHA-2 to be used, even after people were able to manufacture a Git collision using SHA-1.

People misunderstand what makes OpenBSD secure. OpenBSD is about being conservative and simple. Lots of the things they do seem backwards or antiquated. In this case, XORing your random bit streams is as conservative as you can get. And when Theo talks about following the research, it's not to jump on fancy new technology, but in tracking the evolution of software and cryptographic exploits and trying to preemptively get out of those paths. That's opposite of Linux and FreeBSD, where they're constantly chasing new features, new optimizations, and new technologies.

Re:Framing the debate (3, Informative)

Phs2501 (559902) | about 9 months ago | (#45700861)

And Git's hashes are not for the sake of security. Linus made that abundantly clear when he refused to allow SHA-2 to be used, even after people were able to manufacture a Git collision using SHA-1.

Citation needed. I can't find a published example of any actual SHA-1 collision, much less one from a Git repo.

Re:Framing the debate (1)

phantomfive (622387) | about 9 months ago | (#45701067)

You can try a google search on site:lkml.org sha collision.

The GP might be talking about this [lkml.org] .

Re:Framing the debate (2)

broken_chaos (1188549) | about 9 months ago | (#45700991)

git does include support for gpg signing of commits and tags, which I think is what the GP was talking about (though wrapping one's head around the cryptographic security of how git does it is a bit difficult).

SHA1 in git isn't really used as a cryptographic security measure, but git's structure does allow for some innate security because, if a colliding SHA1 hash is to show up... git looks at the new object, says "Huh, I already have that one." and just uses a reference to the original object instead. I'm not sure just how much git protects against an attack targeted against a single copy of the repo as, like I mentioned earlier, it's pretty difficult to wrap one's head around git's security due to how everything interacts.

Or at least that's the case for me. Maybe someone else has a quick explanation for how it all fits together.

Re:Framing the debate (1)

buchner.johannes (1139593) | about 9 months ago | (#45701071)

git does include support for gpg signing of commits and tags, which I think is what the GP was talking about (though wrapping one's head around the cryptographic security of how git does it is a bit difficult).

SHA1 in git isn't really used as a cryptographic security measure

All you sign is the commit, i.e. a SHA1 hash.

Re:Framing the debate (1)

Anonymous Coward | about 9 months ago | (#45701235)

opencvs is nothing new, only the license is, it's same old cvs. and it does not support hashes that you can sign like git does... on init, on commit, whenever, etc. hashes can in fact be used for security, particularly the initial one. further, monotone has even better integration of crypto keying into the repository than git does.
but whatever neither obsd or fbsd use it, and it's completely to their loss. right now, neither of them provide any cryptographic assurance that what you are running traces back to their repository. and that's a VERY BAD THING.

there is a break in sha1, no collision yet. md5 is both broken and collided.

Re:Framing the debate (0)

Anonymous Coward | about 9 months ago | (#45701287)

I cannot find a reference for your paraphrase of Linus, but if true that means that Linus doesn't understand defence-in-depth.

Re:Framing the debate (5, Informative)

styrotech (136124) | about 9 months ago | (#45700811)

- Theo is a complete asshole, but also quite correct about most things. OpenBSD is rather behind the times in general, but very good at what it does do. And their stance on BSD license and making BSD tools is great.

Yeah the bit that struck me here was that Theo was relatively complimentary about Linux and Linux devs. eg mentioning Linux also did this stuff ages ago and that OpenBSD used some research from Ted Ts'o (and others) in their implementation.

So the complaint wasn't about credit for who was first, just about how FreeBSD got a bunch of Snowden related media coverage for something practically everyone else did ages ago as if it was something new to worry about.

Re:Framing the debate (2)

bill_mcgonigle (4333) | about 9 months ago | (#45701109)

So the complaint wasn't about credit for who was first, just about how FreeBSD got a bunch of Snowden related media coverage for something practically everyone else did ages ago as if it was something new to worry about.

FreeBSD may have a better marketing department than OpenBSD, but not as good as Ted Tso's, because Ted Tso is just awesome.

Re:Framing the debate (0)

Anonymous Coward | about 9 months ago | (#45701249)

it's also classic theo... fuck you bsd forebears, i'm better and forking it. so complimenting linux, while probably quite sickening to do, is much better than ever recognizing where he split from. that's PR for ya.

The usual. (0)

ngc5194 (847747) | about 9 months ago | (#45700495)

Stay classy, Theo!

God (0, Offtopic)

TempleOS (3394245) | about 9 months ago | (#45700499)

The lot is cast into the lap, but its every decision is from the LORD. God says, "do_you_get_a_cookie I_quit Venus application bring_it_on how's_the_weather."

Re:God (2)

EdIII (1114411) | about 9 months ago | (#45700597)

The lot is cast into the lap, but its every decision is from the LORD.

God says, "do_you_get_a_cookie I_quit Venus application bring_it_on
how's_the_weather."

I don't know why people downvote you. We should just use your posts as a form of high entropy communication and use it for cryptography.

No one can predict what you will say....

Always Humble (0)

Anonymous Coward | about 9 months ago | (#45700537)

Always the humble one, Theo!

Do these projects OpenBSD, FreeBSD matter anyway? (-1, Flamebait)

bogaboga (793279) | about 9 months ago | (#45700563)

...Why should I care? Where in the world is serious stuff being done on any of these platforms? Just asking...

Re:Do these projects OpenBSD, FreeBSD matter anywa (0)

Anonymous Coward | about 9 months ago | (#45700609)

...Why should I care? Where in the world is serious stuff being done on any of these platforms? Just asking...

You know, the internet and stuff.

Re:Do these projects OpenBSD, FreeBSD matter anywa (1)

jones_supa (887896) | about 9 months ago | (#45701057)

Yeah, but working as an Internet server is easy. What do you need, a network card driver and some server software? That problem has been solved a long time ago and almost any OS can be used for the purpose.

Now, give me a cool, fast, usable and bug-free desktop and we will start talking.

Re:Do these projects OpenBSD, FreeBSD matter anywa (1)

Architect_sasyr (938685) | about 9 months ago | (#45701295)

If I put wheels on your metal office desk you can have a cool (temperature), fast (relative to otherwise stationary), usable (it's the top of a desk), and it will be bug (termite) free. That's all you get.

Working as an internet server is easy, sure, we've had Microsoft's IIS and Raspberry Pi's doing it. Working as a safe, stable, secure one is hard, and for that we have the BSD's.

Re:Do these projects OpenBSD, FreeBSD matter anywa (2, Informative)

Anonymous Coward | about 9 months ago | (#45700615)

aaa.... everywhere? just cause you are living under a rock, doesnt mean that everybody else is. dunno what os you're using right now, but chances are pretty high you're using a tool/technology/library developed by one of these bsd's.

windows - shitton of tools are taken verbatim from freebsd (network related)
mac - is a freebsd 5 clone, with improvements made to it (plus a ui) and backported from the main release. they have on payroll a fair few of the freebsd folks.
all of them (linux included): anything security related, that's openbsd. when they dont take from openbsd they do it wrong and they have holes.
 

Re:Do these projects OpenBSD, FreeBSD matter anywa (1)

flyingfsck (986395) | about 9 months ago | (#45701345)

Oh really? Theo said they took something from Linux...

Re:Do these projects OpenBSD, FreeBSD matter anywa (4, Insightful)

Anonymous Coward | about 9 months ago | (#45700621)

...Why should I care? Where in the world is serious stuff being done on any of these platforms? Just asking...

When it comes to security, De Raadt is like House [wikipedia.org]

So I guess it matters if you care about security. Then again, since we don't really use secure software or systems, that point is kind of moot.

Re:Do these projects OpenBSD, FreeBSD matter anywa (1)

Anonymous Coward | about 9 months ago | (#45700629)

yeah, i know, right?! who cares about openssh and the likes.

Re:Do these projects OpenBSD, FreeBSD matter anywa (1)

Anonymous Coward | about 9 months ago | (#45700655)

If you don't know, then the rest of us would prefer you stay away. Our professional-to-fanboy ratio is fairly high, especially compared to Linux and Windows, and we'd like to keep it that way.

Re:Do these projects OpenBSD, FreeBSD matter anywa (4, Informative)

utkonos (2104836) | about 9 months ago | (#45700697)

You may want to pose that question to Netflix. They account for about 1/3 of the traffic on the internet [mashable.com] and all that traffic is served from FreeBSD servers [netflix.com] .

Also, Mac OS X is essentially a fork of FreeBSD.

The OS on all Juniper equipment is a modified version of FreeBSD.

The Playstation 3 and 4 OS are both modified FreeBSD.

Plus more [freebsd.org] .

Re:Do these projects OpenBSD, FreeBSD matter anywa (0)

Wookie Monster (605020) | about 9 months ago | (#45701039)

Yes, but why? Just because Netflix chose to use it doesn't in any way justify anything. http://www.logicalfallacies.info/relevance/appeals/appeal-to-popularity/ [logicalfallacies.info] BSD (2 flavors) vs. Linux: How should I decide? They're all Unix-like, open source, and supported. Which is faster? More stable? Reliable? Secure? In all cases, anecdotes are not useful. Where's the evidence? Is it the license that matters?

Re:Do these projects OpenBSD, FreeBSD matter anywa (1)

bill_mcgonigle (4333) | about 9 months ago | (#45701117)

More stable? Reliable? Secure? In all cases, anecdotes are not useful. Where's the evidence? Is it the license that matters?

The license, pf, and a reputation for networking speed.

Anecdotes do matter, though - Netflix works and is profitable, so if your use case is like Netflix's then FreeBSD probably will work for you.

Speaking of anecdotes, a trend that I've noticed is that linux fans will tend to use FreeBSD when it makes sense in a particular application, and FreeBSD fans will tend to use linux when hell freezes over.

Re:Do these projects OpenBSD, FreeBSD matter anywa (1)

odie5533 (989896) | about 9 months ago | (#45701481)

Anecdotes do matter, though - Netflix works and is profitable, so if your use case is like Netflix's then FreeBSD probably will work for you.

Sounds like cargo cult software engineering [wikipedia.org] .

Re:Do these projects OpenBSD, FreeBSD matter anywa (-1)

Anonymous Coward | about 9 months ago | (#45700739)

You shouldn't. If it is not endorsed by His Holiness Saint Steve Jobs you're better off staying away from it. Just to remind you, His Holiness Saint Jobs forbids reading about heretic technologies. Drop what you're doing right now and spend at least 1k in any Apple Store to cleanse yourself of your sins before it is too late. Pay no attention to the servers behind the curtain.

Re:Do these projects OpenBSD, FreeBSD matter anywa (1)

Guy Harris (3803) | about 9 months ago | (#45701379)

Just to remind you, His Holiness Saint Jobs forbids reading about heretic technologies.

Then maybe he should've fired the folks responsible for Apple's Internet connection, given that it was, at least as of 2011, quite possible to read, and post to, Slashdot from Apple's corporate network.

Re:Do these projects OpenBSD, FreeBSD matter anywa (5, Interesting)

Anonymous Coward | about 9 months ago | (#45700767)

A new 10x faster network stack is coming to Linux via FreeBSD, enjoy your 10gb routing speeds with a 1ghz cpu and in user mode, not kernel. Nginx, that's BSD, Varnish, that's BSD. Actually, most OS research is done on FreeBSD, then ported to Linux. Anecdotally, several large datacenters are claiming they're seeing a rise in BSD services and VMs and some major customers with millions invested, switching to BSD from Linux.

One corp claimed to have over 10,000 VMs and paid RedHat for enterprise support for those VMs with a 5 year contract. They're still locked into contract, but they switched to FreeBSD because they can cut down their number of VMs by 30% and get the same performance. They also found it easier to manage FreeBSD. They're paying for that contract, but not using it. I bet that was a fun sell to management.

Re:Do these projects OpenBSD, FreeBSD matter anywa (1)

Anonymous Coward | about 9 months ago | (#45701305)

yeah, and netmap on freebsd is pretty damn cool (finally) compared to that similar stuff linux has been trying to do. not to mention what, like 5 or 6 different linux firewall implementations over time now, lol.

i totally agree, freebsd is much easier to manage than linux.
linux has got so damn bloated with all the distros, and trying to abstract any and all form of raw unix iron away from the user into purty little GUI's, that it's a freaking wonder anyone in linux land has any clue about anything other than where the power button is. seriously. all those layers are just that bad. and when they break and even start stepping on each other's toes, the only fix is to reinstall.

i'm sorry to say it but the bsd's are sexy.
i'm never going back to linux.

Re:Do these projects OpenBSD, FreeBSD matter anywa (2)

kry73n (2742191) | about 9 months ago | (#45700777)

Have a look at their donations page https://www.freebsdfoundation.org/donate/sponsors [freebsdfoundation.org]

Companies support this project because they are doing serious business with FreeBSD.

Re:Do these projects OpenBSD, FreeBSD matter anywa (0)

Anonymous Coward | about 9 months ago | (#45700855)

OpenBSD has exactly one use. They are the current maintainers of OpenSSH, and they pretend that it makes them competent overall in security.

FreeBSD, conversely, is at the core of MacOS and is a successful example of commercial use of open source software. Unfortunately, they're not making their resulting code open source, so the results are not ideal.

Re:Do these projects OpenBSD, FreeBSD matter anywa (1)

JDG1980 (2438906) | about 9 months ago | (#45700875)

Where in the world is serious stuff being done on any of these platforms? Just asking...

Firewall and NAS solutions are often based off of FreeBSD. See, for example, m0n0wall [m0n0.ch] and its derivatives, as well as the popular FreeNAS [freenas.org] .

One big advantage of BSD for NAS applications is that it can support ZFS. (Linux attempts have been half-assed, largely due to licensing conflicts.) You really want ZFS if you are building a robust, reliable NAS device.

Re:Do these projects OpenBSD, FreeBSD matter anywa (1)

smash (1351) | about 9 months ago | (#45701431)

Also Netapp, Juniper, Bluecoat...

Re:Do these projects OpenBSD, FreeBSD matter anywa (1)

smash (1351) | about 9 months ago | (#45701405)

Netapp, Juniper, Bluecoat, others.

Re:Do these projects OpenBSD, FreeBSD matter anywa (1)

smash (1351) | about 9 months ago | (#45701413)

Oh and of course. OS X, iOS.

And one more thing... (1)

rwyoder (759998) | about 9 months ago | (#45700565)

Stay off his lawn!

Theo just proving (0)

stox (131684) | about 9 months ago | (#45700585)

he is still a troll. I guess he is just upset that FreeBSD gets used more for secure applications more than OpenBSD. An awful lot of security and crypto work has come out of members of the FreeBSD community.

Re:Theo just proving (0)

Anonymous Coward | about 9 months ago | (#45700837)

actually...that's not correct. the secure stuff came from openbsd. freebsd is used for its great performance.

froSt pist (-1)

Anonymous Coward | about 9 months ago | (#45700635)

that has lost ~280MB MPEG oof ofN good to write you subscribers. Please

Re:froSt pist (0)

Anonymous Coward | about 9 months ago | (#45701107)

Fuck you, bitch.

My question to you... (-1)

Anonymous Coward | about 9 months ago | (#45700689)

Who pooped the bed?

I love the new layout! (-1, Offtopic)

Anonymous Coward | about 9 months ago | (#45700965)

This new layout is great!

I've been wanting to stop wasting my time coming to Slashdot for years. But when I'm not concentrating, my muscle memory kicks in and types Slashdot's URL.

The new layout helps me to remember that I'm pissing my life away reading this shitty site - and I can promptly gather my thoughts and do something useful/entertaining instead.

Thanks Dice!

Re:I love the new layout! (0)

Anonymous Coward | about 9 months ago | (#45701075)

seconded !!

WELP (0)

rhewt (649974) | about 9 months ago | (#45701419)

Gotta love having such a secure system, that can *now* print to my dot-matrix printer! Snowden, wouldn't be able to carry all these printouts in his suitcase!
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>