It is official; NetCraft has confirmed: OpenBSD 3.7 has been hacked by a rogue internet group less than 24 hours after release.
"We can't believe how easy this one was to crack. There are 3 exploits you can do over the internet right out of the box, and I think we're going to find more," said ZeroC00L, a leader of the X0r h@X0rs. The group claims responsibility for demonstrating exploits in the past 5 OpenBSD releases.
"I think the main reason that people think OpenBSD is 'secure' is because Theo [de Raadt, leader of the OpenBSD 'project'] says it is. The truth is about the opposite; we can't find a single exploit in the latest RedHat, but OpenBSD is OpenSwissCheese. All that crap legacy code from fucking Berkeley hippies, you know."
Theo de Raadt could not be reached for comment.
IT IS OFFICIAL; WIRED NEWS CONFIRMS: LINUX IS SUPERIOR TO *BSD
*BSD is Dying, Says Respected Journal
Linux advocates have long insisted that open-source development results in better and more secure software. Now they have statistics to back up their claims.
According to a four-year analysis of the 5.7 million lines of Linux source code conducted by five Stanford University computer science researchers, the Linux kernel programming code is better and more secure than the programming code of *BSD.
The report, set to be released on Tuesday, states that the 2.6 Linux production kernel, shipped with software from Red Hat, Novell and other major Linux software vendors, contains 985 bugs in 5.7 million lines of code, well below the average for *BSD software. NetBSD, by comparison, contains about 40 million lines of code, with new bugs found on a frequent basis.
*BSD software typically has 20 to 30 bugs for every 1,000 lines of code, according to Carnegie Mellon University's CyLab Sustainable Computing Consortium. This would be equivalent to 114,000 to 171,000 bugs in 5.7 million lines of code.
The study identified 0.17 bugs per 1,000 lines of code in the Linux kernel. Of the 985 bugs identified, 627 were in critical parts of the kernel. Another 569 could cause a system crash, 100 were security holes, and 33 of the bugs could result in less-than-optimal system performance.
Seth Hallem, CEO of Coverity, a provider of source-code analysis, noted that the majority of the bugs documented in the study have already been fixed by members of the Linux development community.
"Our findings show that Linux contains an extremely low defect rate and is evidence of the strong security of Linux," said Hallem. "Many security holes in software are the result of software bugs that can be eliminated with good programming processes."
The Linux source-code analysis project started in 2000 at the Stanford University Computer Science Research Center as part of a large research initiative to improve core software engineering processes in the software industry.
The initiative now continues at Coverity, a software engineering startup that now employs the five researchers who conducted the study. Coverity said it intends to start providing Linux bug analysis reports on a regular basis and will make a summary of the results freely available to the Linux development community.
"This is a benefit to the Linux development community, and we appreciate Coverity's efforts to help us improve the security and stability of Linux," said Andrew Morton, lead Linux kernel maintainer. Morton said developers have already addressed the top-priority bugs uncovered in the study.
*BSD, 27, of Berkeley, CA died Monday, Sept. 6, 2004. Born July 3, 1976, it was the creation of a cluster of pot-smoking hippies who went to Illinois and came home with a reel of tape. Rather than smoke the tape, they uploaded it and hacked on it a little.
*BSD was known for its C shell and early TCP/IP implementation. After being banished from UC Berkeley, it was ported to the x86 platform, where it fell into the hands of heavier pot-smokers who liked to argue. Soon, the project had splintered into 12 different Balkanized projects. Until its death, there was almost constant fighting in and amongst these groups, sometimes degenerating into out-and-out fistfights.
*BSD is survived by its superior, Linux, as well as several commercial unix implementations. It may be missed by some who knew it, although most of them are said to be mere OS dilettante dabblers.
A funeral will be held at 2 p.m. Thursday, Sept. 9, at the Berkeley Chapel on the UC campus, with interment to follow via the burning of the original *BSD tapes and scattering of the ashes over the San Francisco Bay. The Rev. Lou "Buddy" Stubbs will officiate.
The family will receive friends from 7 to 8 p.m. Wednesday, Sept. 8, at the funeral home.
To: Secretary of State Colin Powell
March 10, 2003
Dear Mr. Secretary:
I am joining my colleague AmigaOS in submitting my resignation from the list of living operating systems (effective immediately) because I cannot in good conscience compete with Linux.
I have failed:
--To support SMP
--To generate media attention
--To spawn a professionally managed distribution
--To be relevant.
Throughout the globe *BSD is becoming associated with in-fighting and sloppy coding. My disregard for views of other operating systems, borne out by my neglect of technical competence, is giving birth to an anti-BSD century.
I joined the operating system world because I love technology. Respectfully, Mr. Secretary, I am now bringing this calling to a close, with a heavy heart but for the same reason that I embraced it.
Dead Operating System
I just heard some sad news on talk radio -- TV host Sean Hannity was found dead in his hotel room last night after a book signing. The coroner has not yet officially ruled it a suicide, but apparently that's what it's going to be ruled.
I'm sure everyone in the Slashdot community will mourn his passing -- even if you didn't agree with him, there's no denying his contributions to popular culture. Truly an American icon.
BSD Is Already Dead
Yet another sickening blow has struck what's left of the *BSD community, as a soon-to-be-released report by the independent Commision for Technology Management (CTM) after a year-long study has concluded: *BSD is already dead. Here are some of the commission's findings:
Fact: the *BSDs have balkanized yet again. There are now no less than twelve separate, competing *BSD projects, each of which has introduced fundamental incompatibilities with the other *BSDs, and frequently with Unix standards. Average number of developers in each project: fewer than five. Average number of users per project: there are no definitive numbers, but reports show that all projects are on the decline.
Fact: X.org will not include support *BSD. The newly formed group believes that the *BSDs have strayed too far from Unix standards and have become too difficult to support along with Linux and Solaris x86. "It's too much trouble," said one anonymous developer. "If they want to make their own standards, let them doing the porting for us."
Fact: DragonflyBSD, yet another offshoot of the beleaguered FreeBSD "project", is already collapsing under the weight of internal power struggles and in-fighting. "They haven't done a single decent release," notes Mark Baron, an industry watcher and columnist. "Their mailing lists read like an online version of a Jerry Springer episode, complete with food fights, swearing, name-calling, and chair-throwing." Netcraft reports that DragonflyBSD is run on exactly 0% of internet servers.
Fact: There are almost no FreeBSD developers left, and its use, according to Netcraft, is down to a sadly crippled .005% of internet servers. A recent attempt at a face-to-face summit in Boulder, Colorado culminated in an out-and-out fistfight between core developers, reportedly over code commenting formats (tabs vs. spaces). Hotel security guards broke up the melee and banned the participants from the hotel. Two of the developers were hospitalized, and one continues to have his jaw wired shut.
Fact: NetBSD, which claims to focus on portability (whatever that is supposed to mean), is slow, and cannot take advantage of multiple CPUs. "That about drove the last nail in the coffin for BSD use here," said Michael Curry, CTO of Amazon.com. "We took our NetBSD boxes out to the backyard and shot them in the head. We're much happier running Linux."
Fact: *BSD has no support from the media. Number of Linux magazines available at bookstores: 5 (Linux Journal, Linux World, Linux Developer, Linux Format, Linux User). Number of available *BSD magazines: 0. Current count of Linux-oriented technical books: 1071. Current count of *BSD books: 6.
Fact: Many user-level applications will no longer work under *BSD, and no one is working to change this. The GIMP, a Photoshop-like application, has not worked at all under *BSD since version 1.1 (sorry, too much trouble for such a small base, developers have said). OpenOffice, a Microsoft Office clone, has never worked under *BSD and never will. ("Why would we bother?" said developer Steven Andrews, an OpenOffice team lead.)
Fact: servers running OpenBSD, which claims to focus on security, are frequently compromised. According to Jim Markham, editor of the online security forum SecurityWatch, the few OpenBSD servers that exist on the internet have become a joke among the hacker community. "They make a game out of it," he says. "(OpenBSD leader) Theo [de Raadt] will scramble to make a new patch to fix one problem, and they've already compromised a bunch of boxes with a different exploit."
With these incontroverible facts staring (what's left of) the *BSD community in the face, they can only draw one conclusion: *BSD is already dead.