I want to like OpenBSD. I'm so happy about openssh and like the whole mindset, philosophy. Or so I thought.
Recently (like, weeks ago) I investigated the big three BSDs for a small mail server project. OpenBSD was the first thing I looked at, I was especially interested in opensmtpd. Looking for documentation I stumbled upon [1] (note: Same aggregator, same domain. I consider that 'The canonical source for OpenBSD').
So that article praises the features of opensmtpd and then shows how to implement a filter. With this:
/* block idiots */
if (! strcmp(p->domain, "0pointer.net")) {
filter_api_reject(id, 530, "You're not welcome, go away !");
return;
}
At that point I shook my head in disbelief, labeled the author as person I don't want to read from again and moved on to NetBSD (and FreeBSD, still not sure with which one I'll go). OpenBSD's obviously for more elite persons and ad hominem attacks in random samples are .. I don't know. Funny? Cool with the users/the project? The Right Way™?
"This person said something I don't agree with[1], therefore they're an idiot." isn't nice, but it's also not ad hominem. Ad hominem is the other way around: "This person is an idiot, therefore I don't agree with them."
I've known Gilles (opensmtpd author) personally for close to 10 years. This is just his kind of humour.
That you might not find it funny, I get. But dismissing all the work that has been put on this project because of what your perceive as attitude is like you not using OpenSSH because you don't like Theo de Raadt.
I believe you have the attitude problem. How did you survive reading Phrack, early 2600, Linux kernel mailing lists or IRC if this tiny example of "block idiots" offends you. It wasn't even directed at you, it's just an example in a dev journal. This undeadly post is internal dev stuff on the mailing list, not the actual end user documentation which is the official man pages, that's where all the up to date and complete documentation is. Most of the humor is also European, so some Germans joking around on the pf or SMTPD mailing list may also offend you with their weird humor.
OpenSMTPD also works on Linux/MacOSX but I imagine the emails and actions of Steve Jobs or Torvalds might also offend you so better steer clear of both those projects. Better avoid GrSec/Pax twitter account too. Stallman has also said some pretty inflammatory things so the whole Gnu platform is off limits. I recommend installing MS Feelings 2.0
It's funny you mention this. On the actual OpenBSD installation, if a non-privileged user tries to login and fails (bad password etc..), the error message is "Are you on drugs?"
No, seriously, that's the actual error message. I just double-checked in 5.4 and it's still there.
OpenBSD, for many reasons, is definitely an acquired taste in both configuration and documentation for said configuration. There are a lots of technical points that make it a great OS.
I'm quite confused, you read a joke, which apparently you didn't like, on an unofficial (albeit heavily OpenBSD focused) blog, and that's a reason not to use OpenBSD? Isn't this almost the definition of an ad hominem argument towards OpenBSD? "I don't like something this person says so I won't use something he uses".
I used OpenBSD for years as a router on a Pentium with 32MB of RAM I got for free somewhere, and it was fantastic. It filtered all my traffic and ran Irssi with 8MB RAM to spare. It's an awesome operating system that I wish I had a good use for at the moment. PF was wonderful to work with. This seems like an absolutely ludacris reason to dismiss the system and I have no idea why it's the top comment on a thread about a interesting technical innovation. What is wrong with you people.
Well, when the owner of 0pointer.net steamrolls across the land with a new init system that takes over every aspect of the userland, and is Linux exclusive, I wouldn't be surprised to find OpenBSD developers a bit upset.
This is a common problem that people have; they read what's easy, rather than what's relevant. If you really want to learn about the BSDs, you have to read through the source code. If you go by what people write in blogs, all you're getting is someone's opinion, not what will actually run on your machine.
Finally, an OpenBSD tutorial using strcmp? I believe they spell it strlcmp.
How possible is it that this is sarcasm or just a joke?
I know HN likes to pretend it can't ever read between the lines, but, seriously, are there even remote odds that that snippet you quoted is actually expressing deep feelings of superiority?
> moved on to NetBSD (and FreeBSD, still not sure with which one I'll go)
Generally, FreeBSD will perform better for servers and offers a larger feature set than the other two. NetBSD aims for maximum portability, and OpenBSD for security. Therefore I typically recommend FreeBSD for servers, OpenBSD for routers and NetBSD for playing around on oddball hardware.
You don't need to run OpenSMTPD in order to get Xorg to work, of course. Also, OpenBSD is just the operating system. You can run whatever MTA you want.
Just a reminder, this thread is about Xorg running without privileges on OpenBSD -- an amazing feat!
Choose OpenBSD for your Unix needs. OpenBSD -- the world's simplest and most secure Unix-like OS. Creator of the world's most used SSH implementation OpenSSH, the world's most elegant firewall PF, and the world's most elegant mail server OpenSMTPD. OpenBSD -- the cleanest kernel, the cleanest userland and the cleanest configuration syntax.
In 2006 one of my teachers, Mr Etiemble, told us about a paper he's participated in to illustrate that no matter how good the security models can be at each level of abstraction, it only needs one piece of code that uses a vertical design to make the overall layers of security models worthless…
And then, as one could have expected at the time, TdR had a really strong reaction on the matter (can't find the e-mail for reference), saying that OpenBSD is anyway secure, except if you want to have "modern accelerated graphics" (or something less subjective, that's iirc)…
…and here we are eight years later, to finally have the OpenBSD guys show off they've done it. I don't know if that should bug me they needed 8 years to patch that bug that was not really one (as per Theo) or if I should be amazed by the work done to secure that incredible mess that is Xorg :-)
Presumably there's still some portion of the graphics driver that has to live in the kernel, or otherwise use privileged operations to talk to the hardware. But that driver is a lot smaller of a surface to secure than Xorg, which is a much larger codebase with many complicated moving parts.
Users of a video card should be able to do so securely: Look at something like WebGL, where many of a graphics card's features are exposed to the web, which is very much untrusted code.
FYI - the systemd project got a similar thing working on Linux a couple of weeks back.
I think Wayland/Weston already leverages systemd to run without privileges.
Part of the whole discussion on why systemd was much more forward looking than anything else on Linux.
[+] [-] darklajid|12 years ago|reply
Recently (like, weeks ago) I investigated the big three BSDs for a small mail server project. OpenBSD was the first thing I looked at, I was especially interested in opensmtpd. Looking for documentation I stumbled upon [1] (note: Same aggregator, same domain. I consider that 'The canonical source for OpenBSD').
So that article praises the features of opensmtpd and then shows how to implement a filter. With this:
/* block idiots */ if (! strcmp(p->domain, "0pointer.net")) { filter_api_reject(id, 530, "You're not welcome, go away !"); return; }
At that point I shook my head in disbelief, labeled the author as person I don't want to read from again and moved on to NetBSD (and FreeBSD, still not sure with which one I'll go). OpenBSD's obviously for more elite persons and ad hominem attacks in random samples are .. I don't know. Funny? Cool with the users/the project? The Right Way™?
That project has lots of attitude problems.
1: http://undeadly.org/cgi?action=article&sid=20130130081741
[+] [-] eurleif|12 years ago|reply
[1] http://bsd.slashdot.org/story/11/07/16/0020243/lennart-poett...
[+] [-] steeve|12 years ago|reply
That you might not find it funny, I get. But dismissing all the work that has been put on this project because of what your perceive as attitude is like you not using OpenSSH because you don't like Theo de Raadt.
[+] [-] dobbsbob|12 years ago|reply
I believe you have the attitude problem. How did you survive reading Phrack, early 2600, Linux kernel mailing lists or IRC if this tiny example of "block idiots" offends you. It wasn't even directed at you, it's just an example in a dev journal. This undeadly post is internal dev stuff on the mailing list, not the actual end user documentation which is the official man pages, that's where all the up to date and complete documentation is. Most of the humor is also European, so some Germans joking around on the pf or SMTPD mailing list may also offend you with their weird humor.
OpenSMTPD also works on Linux/MacOSX but I imagine the emails and actions of Steve Jobs or Torvalds might also offend you so better steer clear of both those projects. Better avoid GrSec/Pax twitter account too. Stallman has also said some pretty inflammatory things so the whole Gnu platform is off limits. I recommend installing MS Feelings 2.0
[+] [-] eksith|12 years ago|reply
No, seriously, that's the actual error message. I just double-checked in 5.4 and it's still there.
OpenBSD, for many reasons, is definitely an acquired taste in both configuration and documentation for said configuration. There are a lots of technical points that make it a great OS.
They're still only technical points, though.
Edit: Correction, it's not on initial login. Only on sudo. The rest of the list : https://github.com/toddfries/OpenBSD-usr.bin-patches/blob/ma...
[+] [-] axman6|12 years ago|reply
I used OpenBSD for years as a router on a Pentium with 32MB of RAM I got for free somewhere, and it was fantastic. It filtered all my traffic and ran Irssi with 8MB RAM to spare. It's an awesome operating system that I wish I had a good use for at the moment. PF was wonderful to work with. This seems like an absolutely ludacris reason to dismiss the system and I have no idea why it's the top comment on a thread about a interesting technical innovation. What is wrong with you people.
[+] [-] nitrogen|12 years ago|reply
[+] [-] jrockway|12 years ago|reply
This is a common problem that people have; they read what's easy, rather than what's relevant. If you really want to learn about the BSDs, you have to read through the source code. If you go by what people write in blogs, all you're getting is someone's opinion, not what will actually run on your machine.
Finally, an OpenBSD tutorial using strcmp? I believe they spell it strlcmp.
[+] [-] B-Con|12 years ago|reply
I know HN likes to pretend it can't ever read between the lines, but, seriously, are there even remote odds that that snippet you quoted is actually expressing deep feelings of superiority?
[+] [-] Spittie|12 years ago|reply
I don't know (and doubt) if it got merged into FreeBSD, but it shows that lots of people just hate him.
[+] [-] kylebgorman|12 years ago|reply
(As it turns out, this doesn't meet the definition of an ad hominem since there is no attempt to invalidate any arguments from "0pointer.net".)
[+] [-] sdfjkl|12 years ago|reply
Generally, FreeBSD will perform better for servers and offers a larger feature set than the other two. NetBSD aims for maximum portability, and OpenBSD for security. Therefore I typically recommend FreeBSD for servers, OpenBSD for routers and NetBSD for playing around on oddball hardware.
[+] [-] octo_t|12 years ago|reply
[+] [-] borando|12 years ago|reply
Just a reminder, this thread is about Xorg running without privileges on OpenBSD -- an amazing feat!
[+] [-] unknown|12 years ago|reply
[deleted]
[+] [-] ajasmin|12 years ago|reply
Is there a more troubling reference in here that I just don't get?
[+] [-] dmm|12 years ago|reply
http://www.opensmtpd.org/smtpd.conf.5.html
[+] [-] FeeTinesAMady|12 years ago|reply
[+] [-] poolpOrg|12 years ago|reply
[+] [-] nousernamesleft|12 years ago|reply
[deleted]
[+] [-] raverbashing|12 years ago|reply
[+] [-] hiphopyo|12 years ago|reply
[+] [-] jrockway|12 years ago|reply
[+] [-] ams6110|12 years ago|reply
[+] [-] guyzmo|12 years ago|reply
http://scholar.google.fr/citations?view_op=view_citation&hl=...
N.B.: That article is really worth a read!
And then, as one could have expected at the time, TdR had a really strong reaction on the matter (can't find the e-mail for reference), saying that OpenBSD is anyway secure, except if you want to have "modern accelerated graphics" (or something less subjective, that's iirc)…
…and here we are eight years later, to finally have the OpenBSD guys show off they've done it. I don't know if that should bug me they needed 8 years to patch that bug that was not really one (as per Theo) or if I should be amazed by the work done to secure that incredible mess that is Xorg :-)
cheers and gg, guys!
[+] [-] stass|12 years ago|reply
[+] [-] ars|12 years ago|reply
Can't a video card DRM read any memory on the system?
[+] [-] mcpherrinm|12 years ago|reply
Users of a video card should be able to do so securely: Look at something like WebGL, where many of a graphics card's features are exposed to the web, which is very much untrusted code.
[+] [-] nitrogen|12 years ago|reply
[+] [-] mikeash|12 years ago|reply
[+] [-] openbsddesktop|12 years ago|reply
http://www.openbsdfoundation.org/campaign2014.html
Thanks! :)
[+] [-] dbolgheroni|12 years ago|reply
[+] [-] sandGorgon|12 years ago|reply
Part of the whole discussion on why systemd was much more forward looking than anything else on Linux.
[1] https://plus.google.com/+DavidHerrmann/posts/ggK1tStCvJH
[+] [-] unknown|12 years ago|reply
[deleted]