From owner-freebsd-questions Tue Apr 24 2:43:23 2001 Delivered-To: freebsd-questions@freebsd.org Received: from probity.mcc.ac.uk (probity.mcc.ac.uk [130.88.200.94]) by hub.freebsd.org (Postfix) with ESMTP id 02E6B37B422 for ; Tue, 24 Apr 2001 02:43:20 -0700 (PDT) (envelope-from rasputin@freebsd-uk.eu.org) Received: from dogma.freebsd-uk.eu.org ([130.88.200.97] ident=root) by probity.mcc.ac.uk with esmtp (Exim 2.05 #4) id 14rzLq-000FzY-00 for questions@freebsd.org; Tue, 24 Apr 2001 10:43:18 +0100 Received: (from rasputin@localhost) by dogma.freebsd-uk.eu.org (8.11.1/8.11.1) id f3O9hIl35228 for questions@freebsd.org; Tue, 24 Apr 2001 10:43:18 +0100 (BST) (envelope-from rasputin) Date: Tue, 24 Apr 2001 10:43:18 +0100 From: Rasputin To: questions@freebsd.org Subject: Re: firewall stuff Message-ID: <20010424104318.A35009@dogma.freebsd-uk.eu.org> Reply-To: Rasputin References: <00d301c0cb87$0dee2bf0$0400a8c0@oracle> <01042222580500.00281@mark9.vladsempire.net> <3AE386CC.608B59B4@ifour.com.br> <020d01c0cbba$e03047f0$0400a8c0@oracle> <3AE4A6C4.3B96B701@nisser.com> <04eb01c0cc43$b8b79cd0$0400a8c0@oracle> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0.1i In-Reply-To: <04eb01c0cc43$b8b79cd0$0400a8c0@oracle>; from dougy@bryden.apana.org.au on Tue, Apr 24, 2001 at 08:21:10AM +1000 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG * Doug Young [010423 23:23]: > > The reason I'd picked OpenBSD was indeed its focus on security. Whether > > or not that is such a big deal in reality was a moot point. It made > > for a great marketing USP ;). > Yeah ... thats what attracted me too, although general feedback on the > subject indicates that its possibly overrated. Its not that my systems hold > particularly valuable data, all I want to achieve is blocking as many evil types as > possible. What surprises me is that they push heavily on the 'secure by default' - as in 'we don't start anything by default'. Surely once you try to bring up a usable system, you've 'voided your warranty'? I notice the 'no local exploits in the default install' on the main website went to 'only 1 local exploit in the default install' until finally it vanished :) Don't get me wrong, OpenBSD has put some good technology into the public domain (bcrypt in particular is long overdue) but most of these advances get merged inot Free|Net BSD anyway. bcrypt is in freebsd-current at present I think. OpenBSd is certainly marketed as more secure, but I haven't seen a *huge* of innovations we don't have. bcrypt, password.conf etc not withstanding. I think the distinction comes from a: "What's the difference between Net / Free/Open BSD?" To which the answer is: NetBSD - runs on everything. Toasters, doorbells, the lot. OpenBSD - built like a tank. Sucky SMP support. FreeBSD - fastest i386 OS on the planet. Doesn't run on much else though. I just wish people didn't insist on using these one-liners as the basis for writing articles at places like ZDNet.... -- Any clod can have the facts, but having an opinion is an art. -- Charles McCabe Rasputin :: Jack of All Trades - Master of Nuns :: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message