DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD General

OpenBSD General Other questions regarding OpenBSD which do not fit in any of the categories below.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 16th October 2008
JavaUser JavaUser is offline
New User
 
Join Date: Oct 2008
Posts: 5
Default Qs for switching from Ubuntu to OpenBSD

I'm about to reinstall our main server here and I'm thinking of switching from Linux (which we've been using for years) to OpenBSD.

I like the stability and security of OpenBSD. Here are my questions:

1. All of our apps are in Java, running under Tomcat etc. I know that with the new IcedTea project we may have a way of running Java stuff directly on OpenBSD. Any experience with this? Is this a good way to go?

2. Encryption: This is a trickier question. I want to have the entire disk encrypted, so it would even boot from an encrypted FS. On Linux it's easy to install on an encrypted partition, using DM-crypt. I did find an article about using the loopback FS with OpenBSD but somehow it didn't give me much confidence in the system. Is OpenBSD ever going to get more stable FS encryption option, like dm-crypt or GEOM-based disk encryption? It's weird that a security-focused OS like OpenBSD would be so far behind in this area.

I'm ready to switch but I really want #2, a very solid and reliable way of running off an encrypted disk, and I'm not feeling like OpenBSD has it. Comments?

I did pre-order the 4.4 disks so I expect them any day now, and I'm looking forward to trying it out at least on a test machine.

(I posted this before on some other BSD forum but it was a non-functional forum so I found this forum which seems to be better)
Reply With Quote
  #2   (View Single Post)  
Old 17th October 2008
ocicat ocicat is offline
Administrator
 
Join Date: Apr 2008
Posts: 3,319
Default

Quote:
Originally Posted by JavaUser View Post
I know that with the new IcedTea project we may have a way of running Java stuff directly on OpenBSD.
IcedTea is not been officially introduced into the packages/ports system yet, however, Tomcat has been in the packages/ports system for some time now. More information on the packages/ports system can be found at the following:

http://openbsd.org/faq/faq15.html
Quote:
Is this a good way to go?
If you have the skill set to port IcedTea to OpenBSD, this is a question only you can answer, but if you run into problems, you will not be able to get a lot of help from the project proper. OpenBSD is a small project; there isn't a lot of infrastructure set up to answer questions.
Quote:
I want to have the entire disk encrypted, so it would even boot from an encrypted FS.
You will want to study vnconfig(8). Data can be encrypted, but the system itself will have to remain unencrypted.
Reply With Quote
  #3   (View Single Post)  
Old 17th October 2008
JavaUser JavaUser is offline
New User
 
Join Date: Oct 2008
Posts: 5
Default

Thanks for the info. It sounds like I should stick to Ubuntu for now, until IcedTea and disk encryption can become more mature. I realize Tomcat is in the ports but actually I'll be using JBoss and other things. I don't want to have to roll my own IcedTea or work on it.

I assume that IcedTea will be in ports sooner or later, and then I can reconsider going to OpenBSD.

Also for disk encryption... I know OpenBSD created OpenSSH and has done a lot of work in security, but if the disk is not encrypted, the easiest attack is to just grab the machine. The vnconfig stuff seems like a total kludge. It's unfortunate that both Linux and FreeBSD have better-integrated disk encryption than security-focused OpenBSD.
Reply With Quote
  #4   (View Single Post)  
Old 17th October 2008
drhowarddrfine drhowarddrfine is offline
VPN Cryptographer
 
Join Date: May 2008
Posts: 377
Default

Then why not use FreeBSD?
Reply With Quote
  #5   (View Single Post)  
Old 17th October 2008
JavaUser JavaUser is offline
New User
 
Join Date: Oct 2008
Posts: 5
Default

Because, I used to use OpenBSD and I liked it. I'll either stick with Linux, or switch to OpenBSD.

Right now, Linux has great Java support out of the box and it's easy to use and it has well-integrated disk encryption, so I'll stick with it.

It would be great to have the most stable and secure platform (OpenBSD) able to run the current leading web technology (Java) but it's not yet 100% ready for prime time, it seems like.
Reply With Quote
  #6   (View Single Post)  
Old 17th October 2008
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 8,057
Default

I carry an OpenBSD laptop with an encrypted filesystem for private information. I do not have a need for a completely encrypted hard drive; only a user directory hierarchy requires protection.

Both the encrypted filesystem and the passwords in /etc/master.passwd are protected by Bruce Schneier's well-respected Blowfish cipher.

Other OpenBSD platforms I manage have physical security.
Reply With Quote
Reply

Tags
encryption, linux, security

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Any Solution for Xorg high CPU usage in Ubuntu 9.04? Mantazz Other BSD and UNIX/UNIX-like 11 14th July 2009 06:10 AM
Lost FreeBSD boot record (when installing Ubuntu) TomAmundsen FreeBSD General 6 19th January 2009 09:41 PM
How to view & open DOCX files in Ubuntu/OpenOffice. unixdude Other BSD and UNIX/UNIX-like 0 11th July 2008 08:38 AM
How to install vmware player in Ubuntu 7.10 or 8.04 tutorial. unixdude Other BSD and UNIX/UNIX-like 0 18th June 2008 10:23 PM
Convertin A Ubuntu ssh/ Samba server to NetBSd FloridaBSD FreeBSD General 6 24th May 2008 09:35 AM


All times are GMT. The time now is 05:20 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick