|
OpenBSD General Other questions regarding OpenBSD which do not fit in any of the categories below. |
|
Thread Tools | Display Modes |
|
|||
security VS reliability .. what implicature ?
Hi BDS Lovers !!
Security VS Reliability .. while reading the errata page a week ago , a question came into my mind concerning the dividing line between a security issue , and a reliability issue .. what does each involve ? what can a reliability fix be which a sec fix can't and vice versa ? I'm sure the OpenBSD Team does not swap the two terms , nor do they use them gratuitously.. Last edited by daemonfowl; 27th March 2012 at 03:51 PM. |
|
||||
Per the Computing Dictionary:
As for OpenBSD, let us look at this simple Venn Diagram, linked from Wikipedia for expediency: Assume that the set on the left is Reliability, and the set on the right is Security. The union of the two is where Reliability and Security are the same. In software terms, this is often areas where coding errors impact both. The effort to eliminate those problems is described as a drive for code correctness. OpenBSD's security goals are described in www.openbsd.org/security.html, where the Project's Audit program is described. The text discusses the effort to establish and maintain code correctness: "We are not so much looking for security holes, as we are looking for basic software bugs....During our ongoing auditing process we find many bugs, and endeavor to fix them even though exploitability is not proven. We fix the bug, and we move on to find other bugs to fix. We have fixed many simple and obvious careless programming errors in code and only months later discovered that the problems were in fact exploitable."In summary, then, while the size of the union of the two sets is non-deterministic, I believe it is quite large, and I appreciate the Project's effort to strive for correctness as a cornerstone of both proactive security and reliability. Last edited by jggimi; 27th March 2012 at 05:54 PM. Reason: clarity |
|
|||
Thanks very much Jgimmi !!
I bet the intersectional sphere is the outcome of the OpenBSD Team's strife to put coding parameters back on track .. so .. reliability is code correctness and security is system-wide correctness and both make up what might be technically labelled {a mature & stable OS} .. I am right here ? am I right to say that Tanenbaum diapproves of linux kernel because of this very issue ? code correctness .. while praising NetBSD .. the more one tries to patch and fix issues the more it gets worse until it reaches windows-like cases .. underneath .. I remember he used the word spaghetti .. as analogy .. In what way am I wrong to characterize MacOsX (for instance) as a {reliabe+insecure} OS ? Last edited by daemonfowl; 27th March 2012 at 08:36 PM. |
|
|||
Quote:
concerning Tanenbaum's statement , look here please : http://lwn.net/Articles/467852/ Quote:
http://newsgroups.derkeiler.com/Arch.../msg00778.html http://www.zdnet.com/blog/security/q...ie-miller/2941 People can easily get infatuated with Mac .. it's like Pandora's charm .. even Larry Wall courted the OS : "Apple has always been, tried to be, at least, the arbiter of good taste" . as far as usability is concerned .. I confess Mac is super-easy super-user-friendly (yet a GUI-jailed user-friendliness ) .. that it allows fast data transfer (usb , firewire .. ) .. that it offers a superfast (but also super-expolitable) Safari .. that it has a charming GUI .. Yet .. for some , an fvwm with an xsetroot -solid springgreen would outmatch all GUIs .. Diogenes once said : " What a lot of things I don't need .. " :-) |
|
|||
Quote:
http://en.wikipedia.org/wiki/Tanenba...orvalds_debate Much of their argument centered around Tanenbaum advocating microkernel design as being the next step in OS implementation while Torvalds advocated a simpler monolithic structure because it is easier to implement. Much of their debate was fueled by their respective egos, & because the feud was so public, this may have led to the rise of Linux because:
|
|
||||
"The spaghetti down there" I think may have been a reference to the scheduler. I'm getting that from the huge comments, I haven't started to read the interview... But from them, I can see that everyone responding appears to interprets the interview from their own history; and their own biases.
|
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
*AMP Security: suPHP and CGI | classicmanpro | NetBSD General | 1 | 14th February 2011 10:46 PM |
Hard disk reliability | ephemera | General Hardware | 32 | 20th April 2010 10:17 AM |
NetBSD New security advisories | J65nko | News | 0 | 16th January 2010 12:05 PM |
Browser Security | shep | OpenBSD Security | 4 | 4th January 2010 02:48 PM |
OpenBSD OpenBSD Reliability Fix: kernel NULL pointer dereference in getsockopt() | J65nko | News | 0 | 28th October 2009 11:56 PM |