Re: BSD derivatives

[Manolis Kiagias]

Chad Perrin wrote:
 I'm not saying that's what the OpenBSD project does.  I'm just saying
 that, for instance, the availability of the ath driver contradicts a
 claim that security is a top priority of the FreeBSD project.  Only if
 it was installed and operational by default would that really be the
 case.

 Obviously, I'm assuming it's not installed by default.  From what I've
 read so far, it's not -- please correct me if I'm wrong.

   
Actually to set the record straight, the ath driver is installed by
default in 6.2 RELEASE.
Installed by default meaning the card is recognized during FreeBSD setup
and the user is able to configure it immediately from sysinstall.
The ath driver was also present in 6.1 RELEASE (and maybe earlier?)
although it had to be manually activated as a kernel module and it was
not immediately obvious it was supported since it was not present in
sysinstall during setup.
Although the whole security issue is of course highly debatable, don't
forget how much more secure FreeBSD (or other open source OSes) are
compared to proprietary systems. I've been (and still am) a competent
Windows 200X server admin for years and have seen oh so many holes. Mind
you, most of them actually get exploited. It is nowhere near this in
FreeBSD.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: BSD derivatives

[Chad Perrin]

On Sun, Jun 03, 2007 at 09:15:22AM +0300, Manolis Kiagias wrote:
 Chad Perrin wrote:
  I'm not saying that's what the OpenBSD project does.  I'm just saying
  that, for instance, the availability of the ath driver contradicts a
  claim that security is a top priority of the FreeBSD project.  Only if
  it was installed and operational by default would that really be the
  case.
 
  Obviously, I'm assuming it's not installed by default.  From what I've
  read so far, it's not -- please correct me if I'm wrong.
 

 Actually to set the record straight, the ath driver is installed by
 default in 6.2 RELEASE.
 Installed by default meaning the card is recognized during FreeBSD setup
 and the user is able to configure it immediately from sysinstall.
 The ath driver was also present in 6.1 RELEASE (and maybe earlier?)
 although it had to be manually activated as a kernel module and it was
 not immediately obvious it was supported since it was not present in
 sysinstall during setup.

That still sounds like it's not installed by default in the sense that
I meant it.  By installed by default, I mean you install the system
and, without even knowing it (or making a decision), you discover you
have a closed-source driver in your system.

 Although the whole security issue is of course highly debatable, don't
 forget how much more secure FreeBSD (or other open source OSes) are
 compared to proprietary systems. I've been (and still am) a competent
 Windows 200X server admin for years and have seen oh so many holes. Mind
 you, most of them actually get exploited. It is nowhere near this in
 FreeBSD.

One of the keys for this is the fact that they're open source software,
of course.  To the extent that something like the ath driver is part of
your system whether you want it or not, that additional security benefit
is reduced.  I'm just trying to differentiate between closed source
software that affects system security and closed source software that
doesn't -- because anything that isn't actually running doesn't affect
security (all else being equal).

-- 
CCD CopyWrite Chad Perrin [ http://ccd.apotheon.org ]
Leon Festinger: A man with a conviction is a hard man to change. Tell him
you disagree and he turns away. Show him facts and figures and he questions
your sources. Appeal to logic and he fails to see your point.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: BSD derivatives

[Manolis Kiagias]

Chad Perrin wrote:
 On Sun, Jun 03, 2007 at 09:15:22AM +0300, Manolis Kiagias wrote:
   
 Chad Perrin wrote:
 
 I'm not saying that's what the OpenBSD project does.  I'm just saying
 that, for instance, the availability of the ath driver contradicts a
 claim that security is a top priority of the FreeBSD project.  Only if
 it was installed and operational by default would that really be the
 case.

 Obviously, I'm assuming it's not installed by default.  From what I've
 read so far, it's not -- please correct me if I'm wrong.

   
   
 Actually to set the record straight, the ath driver is installed by
 default in 6.2 RELEASE.
 Installed by default meaning the card is recognized during FreeBSD setup
 and the user is able to configure it immediately from sysinstall.
 The ath driver was also present in 6.1 RELEASE (and maybe earlier?)
 although it had to be manually activated as a kernel module and it was
 not immediately obvious it was supported since it was not present in
 sysinstall during setup.
 

 That still sounds like it's not installed by default in the sense that
 I meant it.  By installed by default, I mean you install the system
 and, without even knowing it (or making a decision), you discover you
 have a closed-source driver in your system.

   
I see your point, bear in mind however that someone who is installing a
system that he believes consist of only free software may easily
overlook the fact one of the drivers is not, esp. if it is silently
recognized and configured with little intervention during setup. A
security-conscious admin would of course research both the OS and the
market and choose his hardware wisely. This leaves this kind of
vulnerability to smaller systems (maybe home systems) where the OS is
installed to existing hardware that was previously used with proprietary
OSes and where the user / admin is not experienced or knowledgeable
enough to care.
In fact it would be better if proprietary drivers were clearly marked as
such (or a relevant message shown in FreeBSD setup). It's been quite
some time since I setup my atheros in FreeBSD but I cannot recall seeing
any warning or indication about the ath driver.
 Although the whole security issue is of course highly debatable, don't
 forget how much more secure FreeBSD (or other open source OSes) are
 compared to proprietary systems. I've been (and still am) a competent
 Windows 200X server admin for years and have seen oh so many holes. Mind
 you, most of them actually get exploited. It is nowhere near this in
 FreeBSD.
 

 One of the keys for this is the fact that they're open source software,
 of course.  To the extent that something like the ath driver is part of
 your system whether you want it or not, that additional security benefit
 is reduced.  I'm just trying to differentiate between closed source
 software that affects system security and closed source software that
 doesn't -- because anything that isn't actually running doesn't affect
 security (all else being equal).

   
Agree with you completely on this, binary-only drivers can cause trouble
even if well written. If nothing else, the company which writes them has
limited resources or even incentive to support them and had they been
open source fixes - security or other - would be implemented in a timely
manner.  I do prefer total open source on my server for security and
peace of mind. The desktop is however a different thing, I can live with
the occasional atheros or nvidia driver.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: BSD derivatives

[Spiros Papadopoulos]

Hi Blake,

On 02/06/07, Blake Finley, MA, ABD-2 [EMAIL PROTECTED] wrote:


I am primarily concerned about security from internet hacking, and am
therefore considering setting up a separate internet computer with BSD.



Are you trying to secure a network with a secure gateway? To have a secure
PC?
What is your goal exactly?

What is your association with Open BSD?  with Linux?


They are both BSDs...I am not developing any of both, but i don't see any
reason why not adding a very good piece of code from the Free to the Open
BSD or the opposite. I am 99.9% sure that the association between them
is not competition.

What do you mean by Linux? Do you have any distro in mind? anyway...

FreeBSD is what it claims to be *clearly* on top of the page:
http://www.freebsd.org
and Linux is what it claims to be on http://www.linux.org (you need to read
a little
more than the top of the page here though, to see what it is).

Also check this link: http://www.linux.org/dist/list.html  (*press go*)

Are there copyright or other related issues involved?


It appears that FreeBSD is the most closely associated with the original

Berkeley programmers. (1)



I was told that OpenBSD provided the best security.  But I also note

that changes have occurred at OBSD, and wonder if this is still true.



It would have been better if the above questions were posted in
other, separate posts... :) These are irrelevant ((1) - see below) to
security
from internet hacking

Are you trying to decide if BSD is more secure than a Linux distro?

It seems to me that you place random questions/information here and
this way you can only get random replies and information that will
remain information and won't help you being secured
(considering that you said that primarily you are concerned about security)

If you know/learn how to setup a system and keep it up to date and monitor
it appropriately and spend a lot of time on it and many other things,
then it will be as much secured as possible from attacks.

...Supposedly, you decide that any of the OSs in question is
the most secure:
You spend 3 days setting it up and you do nothing else for the next 2 years.
Your system won't be secure, no programmers will be responsible for this
and the copyrights usually claim/provide the software AS IS, whatever its
name is.

(1)Programmers try to give you as much functionality and options ( obviously

along with security) possible. You are responsible to disable functionality
that you
don't need, to install the patches/updates they implement when
vulnerabilities are found, etc.
If for example they exclude things (i.e a driver) from the OS, for security,
you would
have an OS with limitations. Their goal is to write nice, neat, secure code.
Not preventing
people from attacking you nor you from not installing security updates to
your computer.
It would be like asking the hardware vendor not to put a network card in
your computer,
for security from internet hacking.

The answer you want though is this: FreeBSD is derived from BSD, the
version of
UNIX(r) developed at the University of California, Berkeley which is BY FAR
more impressive
**in my opinion* *than this:
http://www.slackware.com/~msimons/slackware/grfx/ :P

Regards
Spiros
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: BSD derivatives

[Chad Perrin]

On Sun, Jun 03, 2007 at 10:42:33AM +0300, Manolis Kiagias wrote:
 Chad Perrin wrote:
  On Sun, Jun 03, 2007 at 09:15:22AM +0300, Manolis Kiagias wrote:

  Chad Perrin wrote:
  
  I'm not saying that's what the OpenBSD project does.  I'm just saying
  that, for instance, the availability of the ath driver contradicts a
  claim that security is a top priority of the FreeBSD project.  Only if
  it was installed and operational by default would that really be the
  case.
 
  Obviously, I'm assuming it's not installed by default.  From what I've
  read so far, it's not -- please correct me if I'm wrong.
 


  Actually to set the record straight, the ath driver is installed by
  default in 6.2 RELEASE.
  Installed by default meaning the card is recognized during FreeBSD setup
  and the user is able to configure it immediately from sysinstall.
  The ath driver was also present in 6.1 RELEASE (and maybe earlier?)
  although it had to be manually activated as a kernel module and it was
  not immediately obvious it was supported since it was not present in
  sysinstall during setup.
  
 
  That still sounds like it's not installed by default in the sense that
  I meant it.  By installed by default, I mean you install the system
  and, without even knowing it (or making a decision), you discover you
  have a closed-source driver in your system.
 

 I see your point, bear in mind however that someone who is installing a
 system that he believes consist of only free software may easily
 overlook the fact one of the drivers is not, esp. if it is silently
 recognized and configured with little intervention during setup. A
 security-conscious admin would of course research both the OS and the
 market and choose his hardware wisely. This leaves this kind of
 vulnerability to smaller systems (maybe home systems) where the OS is
 installed to existing hardware that was previously used with proprietary
 OSes and where the user / admin is not experienced or knowledgeable
 enough to care.
 In fact it would be better if proprietary drivers were clearly marked as
 such (or a relevant message shown in FreeBSD setup). It's been quite
 some time since I setup my atheros in FreeBSD but I cannot recall seeing
 any warning or indication about the ath driver.

I agree with that idea -- that any proprietary software should be
clearly and unavoidably marked as such.  In fact, I'd be happier if
every pkg-descr file in the ports tree included a mention of the license
terms under which the software is distributed.


  Although the whole security issue is of course highly debatable, don't
  forget how much more secure FreeBSD (or other open source OSes) are
  compared to proprietary systems. I've been (and still am) a competent
  Windows 200X server admin for years and have seen oh so many holes. Mind
  you, most of them actually get exploited. It is nowhere near this in
  FreeBSD.
 
  One of the keys for this is the fact that they're open source software,
  of course.  To the extent that something like the ath driver is part of
  your system whether you want it or not, that additional security benefit
  is reduced.  I'm just trying to differentiate between closed source
  software that affects system security and closed source software that
  doesn't -- because anything that isn't actually running doesn't affect
  security (all else being equal).
 

 Agree with you completely on this, binary-only drivers can cause trouble
 even if well written. If nothing else, the company which writes them has
 limited resources or even incentive to support them and had they been
 open source fixes - security or other - would be implemented in a timely
 manner.  I do prefer total open source on my server for security and
 peace of mind. The desktop is however a different thing, I can live with
 the occasional atheros or nvidia driver.

Until such time as there are high quality laptops that provide the
functionality I want/need and also do not use any hardware that requires
closed source drivers for full functionality, I'll be forced to use
closed source drivers for my primary system.

Actually, at present I'm not using any closed source drivers for my
primary system, but only because the closed source drivers don't bloody
well work.  Because of this, I have to maintain an entire closed source
operating system on another partition.  It may eventually be replaced
with a Linux partition so I can use the drivers I need, but something
seems strange and wrong about dual-booting Linux with FreeBSD.  It's a
personal hang-up, I guess.

Uh . . . so my point is simply that I, too, prefer no closed source
software, but make exceptions for desktop systems sometimes.  I wish I
didn't have to.

-- 
CCD CopyWrite Chad Perrin [ http://ccd.apotheon.org ]
Dr. Ron Paul: Liberty has meaning only if we still believe in it when
terrible things happen and a false government security blanket beckons.
___

BSD derivatives

[Blake Finley, MA, ABD-2]

I am primarily concerned about security from internet hacking, and am 
therefore considering setting up a separate internet computer with BSD.

What is your association with Open BSD?  with Linux?
Are there copyright or other related issues involved?
It appears that FreeBSD is the most closely associated with the original 
Berkeley programmers.
I was told that OpenBSD provided the best security.  But I also note 
that changes have occurred at OBSD, and wonder if this is still true.


Blake Finley
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: BSD derivatives

[Bill Moran]

Blake Finley, MA, ABD-2 [EMAIL PROTECTED] wrote:

 I am primarily concerned about security from internet hacking, and am 
 therefore considering setting up a separate internet computer with BSD.

You shouldn't use FreeBSD, then.  It's written by hackers:
http://en.wikipedia.org/wiki/Hacker

If you're trying to protect yourself from Internet criminals, though,
you'll find FreeBSD very useful.

 What is your association with Open BSD?  with Linux?

There have got to be a jillion explanations of this on the WWW.  Are
you familiar with google?:
http://people.freebsd.org/~murray/bsd_flier.html
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/history.html

Those are just two that I found quickly.

 Are there copyright or other related issues involved?

Sure.

Although I don't really know what you mean by that.

 It appears that FreeBSD is the most closely associated with the original 
 Berkeley programmers.

Depends on who you ask.

 I was told that OpenBSD provided the best security.  But I also note 
 that changes have occurred at OBSD, and wonder if this is still true.

What changes are those?

OpenBSD puts security higher on its list of project goals and
motivating factors than any other OS I know.  Whether or not that
actually causes it to be more secure or not is a subject of some
debate, although the general consensus seems to be that they are
largely successful.

-- 
Bill Moran
http://www.potentialtech.com
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: BSD derivatives

[Colin Percival]

Bill Moran wrote:
 OpenBSD puts security higher on its list of project goals and
 motivating factors than any other OS I know.

I disagree.  I'd say that OpenBSD and FreeBSD put security in exactly
the same place -- at the top of the list.

I think the distinction to draw is that FreeBSD has a longer (albeit
unwritten) list of project goals, with the effect that a smaller
proportion of the development being done on FreeBSD is security-related;
this may make it look like we care less about security, but it's really
just a sign that FreeBSD is a larger project.

Colin Percival
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: BSD derivatives

[Kevin Kinsey]

Blake Finley, MA, ABD-2 wrote:

Hello.  Hope it's not too tongue-in-chic, but it's practically
irresistable.

I am primarily concerned about security from internet hacking, and am 
therefore considering setting up a separate internet computer with BSD.
What is your association with Open BSD?  


Hmm, three letters, and, long, long ago in a galaxy far away (1993, California),
the same codebase.  These days, it's possible that some developers work on
both the FreeBSD and OpenBSD projects (I don't know for sure), and, once in a
great while, when somebody over here says something, um, wrong(?), Theo
De Raadt drops by to Set Us Straight(TM).

[I can only assume that some of us go over there first to invite combat.
Indeed, I might be doing it now.  Generally, I respect the OpenBSD team's
outlook on life in general, etc., and I download _all_ the songs.]

You might wish to also read about and/or consider NetBSD and DragonFlyBSD.
Also, PCBSD and Desktop BSD are relatively new projects that are based
on the work of the FreeBSD Project, with an eye to being, maybe, more user
friendly in regard to installation in particular and configuration in general.

Lastly, you might want to consider obtaining FreesBIE, a Live CD system 
based
on FreeBSD.  You can boot a computer from CDROM into FreeBSD and 1 of a few 
different
types of user environments, maybe get a feel for it, test your hardware, read 
the manpages, read /COPYRIGHT, perhaps other read documentation, courtesy of some

hard-working Italian hackers (and some from some other places).


with Linux?


What's that?  /evil grin

If you are familiar with Linux, search at Google with the string BSD Linux
Matthew Fuller rant.  It's a fairly well thought-through tirade on some of the
differences Linux users perceive when they look at (Free)BSD.  If you _aren't_
familiar with Linux, let's just say that FreeBSD is to Linux as Ferrari is
to Pontiac (or, maybe vice-versa, depending on whom you read --- of course, many
people these days are pathological liars and can't be trusted, right?), and then 
leave it dead somewhere near there.  Both are computer operating systems 
with several similarities, enough that if you can drive one, you can probably

get around in the other.  They just aren't the *same*.


Are there copyright or other related issues involved?


You will need to be more specific.  *-BSD systems are under the BSD Copyright,
which I'm sure you can find with a web search.  Some software on FreeBSD (and
by extension PCBSD and 'Desktop BSD') may also be under the FSF's GPL.  The
compiler comes to mind, for starters.  I believe that one of the goals of many
BSD developers is to ultimately be rid of GPL'ed software; but, then again, one
of many humans' goals it to ultimately build a Utopian society without many of
the societal ills we face.  It's not so likely to happen very soon at all.

It appears that FreeBSD is the most closely associated with the original 
Berkeley programmers.


Maybe.  NetBSD and FreeBSD were both originally based heavily on UC Berkley
work, most notably 4.3BSD/Net 2, and then 4.4BSD after it became unencumbered.
Speaking of Copyright above, and, if you are referring to issues such as the
SCO/Linux court battle or the recent Microsoft claim that Linux infringes on
$n of their patents, as far as we know, no one has any commercial
copyright, per se, in the FreeBSD source code.  The lawsuit on that one
was settled in 1993, out of court IIRC.  The contestants were BSDI (and, to
some extent, by extension, U. Cal), and ATT's Unix Systems Laboratories.

I was told that OpenBSD provided the best security.  But I also note 
that changes have occurred at OBSD, and wonder if this is still true.


Actually, OpenBSD does have an excellent security track record.  They
might also welcome a large monetary donation, should you be so endowed and
inclined.

OTOH, it's totally Free, also, in rather the same way as FreeBSD. OpenBSD
forked from NetBSD many years ago for some reason or another that I'm
sure you can read up on with resources on the WWW (or, maybe the aforementioned
Mr. De Raadt will Set Me Straight(TM)).

Let me encourage you to read appropriate sections of, or even all of
the FreeBSD handbook (www.freebsd.org/handbook).  It is probably the best
open-source operating system documentation in existence (and perhaps better
than any proprietary OS docs, also).

Bah, too many words.  Good luck with your search for security!

Kevin Kinsey
--
The devil finds work for idle glands.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: BSD derivatives

[Jerry McAllister]

On Sat, Jun 02, 2007 at 04:18:33PM -0700, Blake Finley, MA, ABD-2 wrote:

 I am primarily concerned about security from internet hacking, and am 
 therefore considering setting up a separate internet computer with BSD.
 What is your association with Open BSD?  with Linux?
 Are there copyright or other related issues involved?

You can read the copyright information on the web site.   It will
give you better information than repeating it hear.

 It appears that FreeBSD is the most closely associated with the original 
 Berkeley programmers.

Essentially true.

 I was told that OpenBSD provided the best security.  But I also note 
 that changes have occurred at OBSD, and wonder if this is still true.

Well, OpenBSd has made a point of being security conscious, but FreeBSD
fixes any problems that come up in it as well.   For real work situations
I think the differences are quite small nowdays insofar as security is 
concerned.   But, I am sure someone would enjoy splitting bits over that.

jerry

 
 Blake Finley
 ___
 freebsd-questions@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/freebsd-questions
 To unsubscribe, send any mail to [EMAIL PROTECTED]
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: BSD derivatives

[Jona Joachim]

On Sat, 02 Jun 2007 18:10:27 -0700
Colin Percival [EMAIL PROTECTED] wrote:

 Bill Moran wrote:
  OpenBSD puts security higher on its list of project goals and
  motivating factors than any other OS I know.
 
 I disagree.  I'd say that OpenBSD and FreeBSD put security in exactly
 the same place -- at the top of the list.

Sorry but I have to disagree here.
FreeBSD ships with closed source software including following drivers:
ath, nve, oltr, rr232x, hptmv.
Closed source software implies potential insecurity. If security is at
the top of the list then I see a clear contradiction here.

Jona

-- 
I am chaos. I am the substance from which your artists and scientists
build rhythms. I am the spirit with which your children and clowns
laugh in happy anarchy. I am chaos. I am alive, and tell you that you
are free. Eris, Goddess Of Chaos, Discord  Confusion
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: BSD derivatives

[Paul Schmehl]

--On June 3, 2007 4:33:01 AM +0200 Jona Joachim [EMAIL PROTECTED] wrote:


On Sat, 02 Jun 2007 18:10:27 -0700
Colin Percival [EMAIL PROTECTED] wrote:


Bill Moran wrote:
 OpenBSD puts security higher on its list of project goals and
 motivating factors than any other OS I know.

I disagree.  I'd say that OpenBSD and FreeBSD put security in exactly
the same place -- at the top of the list.


Sorry but I have to disagree here.
FreeBSD ships with closed source software including following drivers:
ath, nve, oltr, rr232x, hptmv.
Closed source software implies potential insecurity. If security is at
the top of the list then I see a clear contradiction here.

Sorry, but that's an incredibly naive statement.  *All* software implies 
potential insecurity.  It's the nature of software.


If it were untrue, there would be no security patches for open source 
software.


Paul Schmehl ([EMAIL PROTECTED])
Senior Information Security Analyst
The University of Texas at Dallas
http://www.utdallas.edu/ir/security/

Re: BSD derivatives

[Chad Perrin]

On Sat, Jun 02, 2007 at 08:53:52PM -0500, Kevin Kinsey wrote:
 Blake Finley, MA, ABD-2 wrote:
 
 If you are familiar with Linux, search at Google with the string BSD Linux
 Matthew Fuller rant.  It's a fairly well thought-through tirade on some of 
 the
 differences Linux users perceive when they look at (Free)BSD.  If you 
 _aren't_
 familiar with Linux, let's just say that FreeBSD is to Linux as Ferrari is
 to Pontiac (or, maybe vice-versa, depending on whom you read --- of course, 
 many
 people these days are pathological liars and can't be trusted, right?), and 
 then leave it dead somewhere near there.  Both are computer operating 
 systems with several similarities, enough that if you can drive one, you 
 can probably
 get around in the other.  They just aren't the *same*.

I'd say it's probably more like Linux is a two-rail snow sled with an
Exocet rocket motor bolted to it while FreeBSD is a racing snowmobile.

At least, that's how they feel in comparison with one another, to
someone who made the switch from Debian to FreeBSD starting in November
of last year (that's me).  I prefer the snowmobile, but some people just
like an out-of-control ride at 315m/s.  Go figure.


 
 You will need to be more specific.  *-BSD systems are under the BSD 
 Copyright,
 which I'm sure you can find with a web search.  Some software on FreeBSD 
 (and
 by extension PCBSD and 'Desktop BSD') may also be under the FSF's GPL.  
 The
 compiler comes to mind, for starters.  I believe that one of the goals of 
 many
 BSD developers is to ultimately be rid of GPL'ed software; but, then again, 
 one
 of many humans' goals it to ultimately build a Utopian society without many 
 of
 the societal ills we face.  It's not so likely to happen very soon at all.

That's something I've been wondering about.  Do you (or anyone else
here) happen to know if there's an ongoing project/effort to replace gcc
for the *BSDs?


 
 Actually, OpenBSD does have an excellent security track record.  They
 might also welcome a large monetary donation, should you be so endowed and
 inclined.
 
 OTOH, it's totally Free, also, in rather the same way as FreeBSD. OpenBSD
 forked from NetBSD many years ago for some reason or another that I'm
 sure you can read up on with resources on the WWW (or, maybe the 
 aforementioned
 Mr. De Raadt will Set Me Straight(TM)).

Totally free except the format of the official installer, that is.  It
may seem like a minor matter, but for perfect accuracy it should
probably be mentioned at least in passing.


 
 Let me encourage you to read appropriate sections of, or even all of
 the FreeBSD handbook (www.freebsd.org/handbook).  It is probably the best
 open-source operating system documentation in existence (and perhaps better
 than any proprietary OS docs, also).

Judging by my experience with proprietary OSes, they tend to be worse
than pretty much all of the major Linux distros, which puts FreeBSD even
further ahead of proprietary OS documentation.  YMMV.

-- 
CCD CopyWrite Chad Perrin [ http://ccd.apotheon.org ]
Paul Graham: Real ugliness is not harsh-looking syntax, but having to
build programs out of the wrong concepts.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: BSD derivatives

[Chad Perrin]

On Sun, Jun 03, 2007 at 04:33:01AM +0200, Jona Joachim wrote:
 On Sat, 02 Jun 2007 18:10:27 -0700
 Colin Percival [EMAIL PROTECTED] wrote:
 
  Bill Moran wrote:
   OpenBSD puts security higher on its list of project goals and
   motivating factors than any other OS I know.
  
  I disagree.  I'd say that OpenBSD and FreeBSD put security in exactly
  the same place -- at the top of the list.
 
 Sorry but I have to disagree here.
 FreeBSD ships with closed source software including following drivers:
 ath, nve, oltr, rr232x, hptmv.
 Closed source software implies potential insecurity. If security is at
 the top of the list then I see a clear contradiction here.

More accurately, I'd say that the closed source drivers only imply
priorities contradictory to security if they're installed and active
in default configuration.  If it's just a binary lump that never
executes, on the other hand, or is on a server or CD somewhere waiting
to be installed if you want it, that doesn't imply insecurity in the
system -- only in the configuration of a system where someone chooses to
use the closed source software.

Hopefully that made some sense.

While I tend to agree with the OpenBSD approach to closed source
software in general, I don't think that specifically making it
effectively impossible to use without rewriting key parts of the OS
yourself is a security-oriented decision.  Security involves not using
closed source software, not telling everyone else that they can't use it
either.

I'm not saying that's what the OpenBSD project does.  I'm just saying
that, for instance, the availability of the ath driver contradicts a
claim that security is a top priority of the FreeBSD project.  Only if
it was installed and operational by default would that really be the
case.

Obviously, I'm assuming it's not installed by default.  From what I've
read so far, it's not -- please correct me if I'm wrong.

-- 
CCD CopyWrite Chad Perrin [ http://ccd.apotheon.org ]
Amazon.com interview candidate: When C++ is your hammer, everything starts
to look like your thumb.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: BSD derivatives

[Chad Perrin]

On Sat, Jun 02, 2007 at 10:10:08PM -0500, Paul Schmehl wrote:
 --On June 3, 2007 4:33:01 AM +0200 Jona Joachim [EMAIL PROTECTED] wrote:
 
 I disagree.  I'd say that OpenBSD and FreeBSD put security in exactly
 the same place -- at the top of the list.
 
 Sorry but I have to disagree here.
 FreeBSD ships with closed source software including following drivers:
 ath, nve, oltr, rr232x, hptmv.
 Closed source software implies potential insecurity. If security is at
 the top of the list then I see a clear contradiction here.
 
 Sorry, but that's an incredibly naive statement.  *All* software implies 
 potential insecurity.  It's the nature of software.
 
 If it were untrue, there would be no security patches for open source 
 software.

Discovery of vulnerabilities in need of patching is not the same as an
unsecured system.

The key to the above statement that closed source software implies a
lack of security is that with closed source software there is an
unavoidable and necessary assumption that the vendor has your best
security interests at heart and will achieve the same security success
that you would, in addition to any success it might itself achieve.

The facts have shown that not only are proprietary, closed source
software vendors prone to ignoring or hiding vulnerabilities dismayingly
often rather than fixing them, but they also (even more dismayingly, but
hopefully less often) intentionally include functionality that we the
end users would consider security vulnerabilities, and pretend such back
doors, rootkits, and spyware do not exist.

In short -- software is not trustworthy, which is why double-checking it
(in the form of peer review and personal source code access) is so
important to security.  When peer review and personal source code access
are not available, your only option is trust, which is a losing
proposition by definition when dealing with software.

-- 
CCD CopyWrite Chad Perrin [ http://ccd.apotheon.org ]
print substr(Just another Perl hacker, 0, -2);
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]