DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD General

OpenBSD General Other questions regarding OpenBSD which do not fit in any of the categories below.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 8th January 2009
knasbas knasbas is offline
Port Guard
 
Join Date: May 2008
Posts: 25
Thanked 0 Times in 0 Posts
Default is openbsd really for me?

Ive been using openbsd since 3.3 but i admit that it doesnt mean that I know much about it at all. Basically what I do is that install latest version, update it to stable and install the packages that is needed, which so far has been a few imageconversions,archivers, sambaprograms,web and after that I never touch it cause I want stability and its been stable as rock. After 1-3 years i buy new hardware and do a complete install from scratch and move the needed. Ive jumped from 3.3->3.6->4.0

I havent kept on updating nor upgraded to latest version, which is a securityrisk, i know, but the thing is if i upgrade (and how) and something doesnt works like a charm im in a world of pain, because my lack of knowledge. I do not intend to learn every bit and pieces of how the system works, i dont care and is honestly not intrested.. I just feel safe with openbsd.

Would I be better off with a linuxdist that has automatic updates? will be in same world of pain if it crashes. And now I need to add a torrentclient, which has to be updated to latest version or it wont work with a tracker im using. I also need to install a Direct Connect hub for me and my closest friends, which im not sure there is any packages at all for?

About updates, i understand the securityrisk but at the same time, if you dont mess with a working system, that system can keep running forever.
What do you think is better if you look at the security, openbsd not updated after inital install or linuxdist with automatic upgrades? and what do you think will be most stable system?

Last edited by knasbas; 8th January 2009 at 03:31 PM.
Reply With Quote
  #2   (View Single Post)  
Old 8th January 2009
snes-addict's Avatar
snes-addict snes-addict is offline
Real Name: Ken
BSD gamer
 
Join Date: Oct 2008
Location: Minnesota, USA
Posts: 34
Thanked 0 Times in 0 Posts
Default

In terms of doing binary upgrades from one release to another, you shouldn't have any problems as long as you upgrade to the release which comes right after yours (e.g. 4.0 -> 4.1, NOT 4.0 -> 4.4).
Quote:
Originally Posted by OpenBSD FAQ
Note: Upgrades are only supported from one release to the release immediately following it. Do not skip releases.
Keeping this in mind, the only thing you should have to worry about is properly merging in the new /etc files with your own installed /etc files.

In your case, having missed several releases, I'd probably just backup all important data and install 4.4-release from scratch; it's the easiest solution.

As per your other question, I cannot really say much about GNU/Linux security updates because I don't follow any distros (I wouldn't be surprised, however, if OpenBSD is still more secure).
__________________
"Experience is what you get when you were expecting something else." - /usr/games/fortune
Reply With Quote
  #3   (View Single Post)  
Old 8th January 2009
Oko's Avatar
Oko Oko is offline
Fsck Surgeon
 
Join Date: May 2008
Location: Kosovo, Serbia
Posts: 733
Thanked 36 Times in 32 Posts
Default

I think that OpenBSD is probably not good choice for you right now since you are seeking some excitement.

OpenBSD is one of the most boring OS in existence. For the most part it just works rock stable and it is too safe so people can actually do their work instead of playing with OS. Occasional hick ups have been observed on
OpenBSD running systems deployed by less than perfect users.

We are currently having a pledge week at undeadly.org trying to rise some money which will help developers introduce some bugs and instabilities into the system. If you think you have a good idea about new bug you want to see in OpenBSD this is the time come out publicly with some money which will help developers implement your ideas.
Reply With Quote
  #4   (View Single Post)  
Old 8th January 2009
KlaymenDK KlaymenDK is offline
New User
 
Join Date: Jan 2009
Posts: 8
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by knasbas View Post
About updates, i understand the securityrisk but at the same time, if you dont mess with a working system, that system can keep running forever.
What do you think is better if you look at the security, openbsd not updated after inital install or linuxdist with automatic upgrades? and what do you think will be most stable system?
For a fresh install with nothing further done, I'd bet on OpenBSD against anything.
If you look at any system that is being actively kept up to date then at any one point in time, I would say that OpenBSD might be no better than <anything else>. BUT I would like to further qualify that statement by saying that it only applies to the basic install -- anything else you add (say, a torrent client) might not be as actively maintained -- it's a matter of upstream quality, no matter how actively you keep your system up to date -- and in that perspective I think it's safe to assume that OpenBSD trumps anything. (Isn't that why OpenBSD is slow to include all the latest bells and whistles, that they need to ensure it's up to par first, which takes time?)

Sorry for the rant.

You need to consider if you're focusing on security, stability, or features.
__________________
KlaymenDK
-- 010\001\111 --

Last edited by KlaymenDK; 8th January 2009 at 05:33 PM.
Reply With Quote
  #5   (View Single Post)  
Old 8th January 2009
ocicat ocicat is offline
Administrator
 
Join Date: Apr 2008
Posts: 2,834
Thanked 190 Times in 160 Posts
Default

Quote:
Originally Posted by knasbas View Post
And now I need to add a torrentclient, which has to be updated to latest version or it wont work with a tracker im using. I also need to install a Direct Connect hub for me and my closest friends, which im not sure there is any packages at all for?
Loyalty aside, what operating system supports the applications you need should be your central question. Everything else is secondary.
  • dctc may satisfy your needs, but you should test it to verify.
  • As for torrents, you should check the following list to see if any meets your needs:

    http://openports.se/search.php?so=torrent

    Since you mention that you need the latest version, it is unclear as to whether you are saying that you know exactly what client you want or whether any client which supports some unstated feature will suffice. Again, testing will provide you an answer.
Reply With Quote
  #6   (View Single Post)  
Old 8th January 2009
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 3,435
Thanked 214 Times in 189 Posts
Default

Quote:
Originally Posted by knasbas View Post
Basically what I do is that install latest version, update it to stable...
Once? Or regularly throughout the life of the release you've installed? Of course, the life of any release is only one year. Support:
  • accepting problem reports
  • publishing patches
  • updating the -stable branch
cease when the release reaches end-of-life.
Quote:
...I havent kept on updating nor upgraded to latest version, which is a securityrisk, i know...
When did you last build 4.0-stable? A remote attack vector was announced and a patch published in March, 2007.
Quote:
...I just feel safe with openbsd.
I don't understand why you might feel "safe" when you acknowledge an unsupported release is risky. There are many security and reliability fixes to the OS which are never backported to unsupported releases, such as yours.
Quote:
About updates, i understand the securityrisk but at the same time, if you dont mess with a working system, that system can keep running forever.
Your definition of the word security must not be the same as mine, then.

Security is not something you buy, download, or install. Security is a process. A continuous process.
Using the example I cited above, OpenBSD may be "secure by default" but has had two remote attack vectors exposed in its lifetime. How many unexposed ones exist now? No one knows about the third (or fourth..) until it is discovered, analyzed, and published. Is one there? No one knows for sure, but I'll guess that more will be uncovered over time.
That's it for remote security issues. What about internal problems that affect security?
From the beginning of the Project to present day, internal attack vectors are discovered, analyzed, published, and patched. For example, since support ceased for 4.0, there have been six serious security patches published.
More security flaws will be found, and that continuous process to improve security will continue, through the life of the Project.
Quote:
Originally Posted by snes-addict View Post
...the only thing you should have to worry about is properly merging in the new /etc files with your own installed /etc files.
And some files in /var, as well. Each upgrade guide describes the affected changes that require manual effort. For older releases, the mergemaster package can automate much of the effort of making these changes; in newer releases, the sysmerge(8) built-in tool replaces mergemaster.
Quote:
Originally Posted by KlaymenDK View Post
...Isn't that why OpenBSD is slow to include all the latest bells and whistles
Is that in references to ports/packages? If so, that's because the kernel, userland, and ports trees are synchronized. See FAQ 15.4.2 for details.
Quote:
You need to consider if you're focusing on security, stability, or features.
Exactly. It is possible that knasbas has confused security with stability.
Reply With Quote
  #7   (View Single Post)  
Old 8th January 2009
knasbas knasbas is offline
Port Guard
 
Join Date: May 2008
Posts: 25
Thanked 0 Times in 0 Posts
Default

I am so dissapointed that im almost speechless. Either my english is so bad that almost none understood what i wrote or asked or noone just cared cause it was more entertaining to explain to me about security and updates.

Do you think i do not know its meant to upgrade 3.6-3.7-3.8 and to keep all patches up to date? Why doesnt some understand "I do not intend to learn every bit and pieces of how the system works, i dont care and is honestly not intrested.."?
I do understand that some people is spending alot of time and energy and is very dedicated to learn about their system and the flaws, but isnt it possible to keep openbsd safe without rtfm of every possible little command there is in unix?

Why cant i have stability, security and features? and to tell me im confused, gees man thats really so low i wont even comment.
Reply With Quote
  #8   (View Single Post)  
Old 8th January 2009
BSDfan666 BSDfan666 is offline
Real Name: N/A, this is the interweb.
Helpful companion
 
Join Date: Apr 2008
Location: Ontario, Canada
Posts: 2,223
Thanked 193 Times in 184 Posts
Default

We understand, but it's simple.. if you do not care, why should we?

If you do not care about the systems you maintain, you probably shouldn't be maintaining anything.

Quote:
Originally Posted by Oko
OpenBSD is one of the most boring OS in existence.
I must be weird, because I think it's the most exciting OS on earth.
Reply With Quote
  #9   (View Single Post)  
Old 8th January 2009
ninjatux's Avatar
ninjatux ninjatux is offline
Real Name: Baqir Majlisi
Spam Deminer
 
Join Date: May 2008
Location: Antarctica
Posts: 293
Thanked 15 Times in 15 Posts
Default

In terms of maintenance, you're going to get a lot more pain out of GNU/Linux than you would out of any BSD or SVRX Unix. I wouldn't migrate to GNU/Linux.

If you don't tinker, then a system can run infinitely, but you might be at a disadvantage running an older build. For example, a new version may have performance enhancements that may improve your productivity. To keep system up-to-date, you don't need to learn every single element of the Unix command line. You only need to know a few commands. On FreeBSD, you need to know five variations of the same command to update the system. I'm sure it's even simpler if you use binary updates.

http://quickdc.sourceforge.net/

Check that link out for your dc needs.
__________________
"UNIX is basically a simple operating system, but you have to be a genius to understand the simplicity."
MacBook Pro (Darwin 9), iMac (Darwin 9), iPod Touch (Darwin 9), Dell Optiplex GX620 (FreeBSD 7.1-STABLE)
Reply With Quote
Old 8th January 2009
wimwauters wimwauters is offline
Port Guard
 
Join Date: Aug 2008
Posts: 36
Thanked 1 Time in 1 Post
Default

Hi there,

people usually post for technical assistance, hence the nature of the replies you got.

I will attempt a more holistic answer

Are you sure what you want can be achieved in a single OS or single box (given that we are not programmers with loads of time on our hands)?

As a sysadmin, I use OpenBSD for its exceptional security, stability and quality control (I use it for servers, firewalls and my workstations). For family & friends I have to use PC-BSD because I don't have the time to make a consumer-friendly environment out of OpenBSD.

If I need the latest apps, gizmo, hardware or features, I find myself using Windows (client servers and desktop). But as you know, Windows security is an illusion (check f-secure's frontpage...), and stability & quality is compromised by the rapid pace of development and diversity of 3rd party apps.

I think the combination you want can only be achieved by spending loads of time on compiling your own distribution

It is a well known trade-of for design engineers and programmers that out of the triangle of quality, features & time-to-market, you can only have 2 at the same time

Maybe there is a linux distro out there that fits your needs (Debian is most closely aligned to OpenBSD's ethos of quality control and security), but I won't spend time on Linux as I see it as being as much of a convoluted mess as windows is and it will be the next target for the malware industry (26,500 unique windows virus signatures per hour in November 2008...)
Reply With Quote
Old 8th January 2009
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 3,435
Thanked 214 Times in 189 Posts
Default

Quote:
Originally Posted by knasbas View Post
I am so dissapointed that im almost speechless. Either my english is so bad that almost none understood what i wrote or asked or noone just cared cause it was more entertaining to explain to me about security and updates.
There were no huge errors in your English, or in your grammer. Your content was typed lazily, but it was readable. However it looked to me like you needed to replace your keyboard, and find one with a functioning spacebar.
Quote:
Do you think i do not know its meant to upgrade 3.6-3.7-3.8 and to keep all patches up to date?
Since your systems spent years out of maintenance, I had no idea if you had rebuilt -stable systems during release lifetimes. You said you "updated to stable". You didn't say when, or how often. That's why I asked.
Quote:
Why doesnt some understand "I do not intend to learn every bit and pieces of how the system works, i dont care and is honestly not intrested.."?
You don't have to know how the system works. You just have to know the minimum to maintain it, and care to do so.
Quote:
...isnt it possible to keep openbsd safe without rtfm of every possible little command there is in unix?
Yes. Just upgrade it before end-of-life. You've been able to boot the ramdisk kernel and use the install scripts. The upgrade script is very much like the install script, except it doesn't install etc* or xetc* filesets. Then all you need to do is read the appropriate upgrade FAQ, understand the impact, and then either manually update files accordingly or use mergemaster or sysmerge.

If this is too much for you, choose a different OS.
Quote:
Why cant i have stability, security and features? and to tell me im confused, gees man thats really so low i wont even comment.
Is it? I think I used the word "possible." All I have to go on is what you type.
Quote:
...Would I be better off with a linuxdist that has automatic updates?
I don't know if you'd be better off, since I don't know what that phrase means to you. More stable? That depends entirely on use. But I will guess that you might be happier, since you wouldn't have to self-maintain anything. As I've stated above, a well-maintained system will be more secure than an unmaintained one.
Reply With Quote
Old 9th January 2009
ai-danno's Avatar
ai-danno ai-danno is offline
Spam Deminer
 
Join Date: May 2008
Location: Boca Raton, Florida
Posts: 284
Thanked 35 Times in 31 Posts
Default

Quote:
Originally Posted by knasbas View Post
but isnt it possible to keep openbsd safe without rtfm of every possible little command there is in unix?
You are exaggerating in order to make your point- to answer your point, I would say "no". You are asking if it's possible for an individual to keep openbsd safe without being on top of the OS and the applications they run on it. Of course not. No combination of operating system and set of applications can be kept safe when the person maintaining that combination has little more than cursory knowledge of it.

And that's not OpenBSD's fault- that's true for any operating system, any set of applications.

Quote:
Originally Posted by knasbas View Post
Why cant i have stability, security and features? and to tell me im confused, gees man thats really so low i wont even comment.
I think that it's not insulting to say that you are confused- everyone here is actually trying to help. But I would say that you are confusing your role as a user and your role as a system administrator. This whole line of questioning seems to be from the perspective of a user, which is completely justifiable.

But it's also quite clear that you are also the system administrator of the machine, and system administrators must have a thorough understanding of what they are administrating, or pay someone else to.

The prime example of this is any normal residential user's home system. They have absolutely zero knowledge of their operating system or applications, but they don't have anyone even semi-professional looking after their system. And so it gets hacked. If you take the same approach, you'll eventually have the same level of risk, regardless of what you use.
__________________
Network Firefighter
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 05:09 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick