On Fri, 20 Nov 2009 12:02:51 +1100 Aaron Mason wrote: > On Thu, Nov 19, 2009 at 5:40 PM, rhubbell <rhubb...@ihubbell.com> wrote: > > On Wed, 18 Nov 2009 16:05:04 -0800 > > Bryan wrote: > > > >> So glad we don't have these kinds of issues... > > > > New around here, but I'm noticing a lot of tooting of our own > > horn...so to speak. With all the possible vectors for compromising a > > system that are available it just sounds naive to keep touting how > > secure this or that is. Do you own the physical network that your bits > > traverse? Do you guard your computer 24-7? And on and on. > > You miss the point - the reason we toot that particular horn is that > you don't have to worry about those sorts of things (well, apart from
Definitely not missing the point. Maybe you missed mine. Not "worrying" because you trust everything about OpenBSD and everyone that's worked on it and every package you've installed and every piece of hardware you've installed, etc., etc. It's naive to point elsewhere and say "see, they're not secure". For example should I trust you and the other "tooters" just because you insist OpenBSD's secure? > 24-7 guarding, that's an entirely separate problem that has nothing to > do with OpenBSD or any OS for that matter). People report that they > can get a novice colleague to set up an OpenBSD box using just the CD, > copy the company's crown jewels to it and leave it for a year, knowing > that it has never been compromised. How would you know if you've been compromised? If it's the crown jewels it may be worth it to remain undetected, right? Saying it's not possible to avoid detection is naive. > > > > > I will say the Fedora has bigger issues than allowing users to install > > pkgs. I just went through trying out Fedora 11 and it was a nightmare > > to me. Doing simple things with the network has been made so painful > > that clawing out my eyes started to seem like relief. But maybe all > > flavors are going this way. Part of the never ending bloat. > > > > > > OpenBSD is one of a few OSes that aren't taking this path. If you > want the bloat, you add it yourself - it isn't included out of the > box. Right, it's why I am trying it out. > > I used to run Ubuntu on my firewall - I found it easier to edit > /etc/network/interfaces manually than to use GNOME's retarded GUI > network config tool. I fired up OpenBSD 4.5 and haven't looked back. Yep, been there, used ubuntu for a while, recently tried Fedora11 and now here I am.
