OpenBSD gets a "poor score" in security.

Someone has written an article under "Information
Security News",
entitled "Linux patch problems: Your distro may
vary". As if 
OpenBSD
were a "Linux distro".

In this article, he compares response times to
vulnerabilities and 
then
gives various Linux distros and OpenBSD a
"score". OpenBSD came 2nd
last, but get this, Ubuntu, the Linux which had the root
password 
logged
to disk in the plain from the installer, complete with a
community 
which
did not notice this until almost the next release was out...
came 
first!

Good job Edmund! This is one of the worst articles on
security I 
have
ever read. Talk about missing the point.

http://searchsecurity.techtarget.com/originalContent/0
,289142,sid14_
gci1202417,00.html




Concerned about your privacy? Instantly send FREE secure
email, no account required
http://www.hushmai
l.com/send?l=480

Get the best prices on SSL certificates from Hushmail
https://www.hushssl.com
?l=485

On Thu, 27 Jul 2006, jlr0i6sg3thushmail.com wrote:

> Someone has written an article under "Information
Security News",
> entitled "Linux patch problems: Your distro may
vary". As if
> OpenBSD
> were a "Linux distro".
>
> In this article, he compares response times to
vulnerabilities and
> then
> gives various Linux distros and OpenBSD a
"score". OpenBSD came 2nd
> last, but get this, Ubuntu, the Linux which had the
root password
> logged
> to disk in the plain from the installer, complete with
a community
> which
> did not notice this until almost the next release was
out... came
> first!
>
> Good job Edmund! This is one of the worst articles on
security I
> have
> ever read. Talk about missing the point.
>
> http://searchsecurity.techtarget.com/originalContent/0
,289142,sid14_
> gci1202417,00.html
>

I filled in some comments in the "Contact Us"
page, under the
category "Contact the editors". I'm going to
call them and see
what it takes to become a contributor (apparently not much)
and
submit a review of OpenBSD's security stance.

If you do send something in, be polite. We're not a bunch
of 
raving loonies.

Ciao
  --Louis

Hi jlr0i6sg3t,

On 2006-07-27T19:17, jlr0i6sg3thushmail.com wrote:
> Someone has written an article under "Information
Security News",
> entitled "Linux patch problems: Your distro may
vary". As if 
> OpenBSD were a "Linux distro".
Ok, thats wrong.

> In this article, he compares response times to
vulnerabilities and 
> then
> gives various Linux distros and OpenBSD a
"score". OpenBSD came 2nd
> last, but get this, Ubuntu, the Linux which had the
root password 
> logged to disk in the plain from the installer,
complete with a community 
> which did not notice this until almost the next release
was out... came 
> first!

so what? They are damn fast in response time of broken
'packages'.
Don't get me wrong, I really like OpenBSD and I use it
frequently, but
if I would want an up2date system (including security
patches)
I choose (Xu|Ku|U)buntu.
The article is not about the OS, it's about the
applications you run.
And it's a fact that OpenBSD is not the fastest delivering
updates for broken packages.
But who care, you still have a secure OS. 

so long,

Marcus.

On 7/27/06, jlr0i6sg3thushmail.com <jlr0i6sg3thushmail.com> wrote:
> Someone has written an article under "Information
Security News",
> entitled "Linux patch problems: Your distro may
vary". As if
> OpenBSD
> were a "Linux distro".
>
> In this article, he compares response times to
vulnerabilities and
> then
> gives various Linux distros and OpenBSD a
"score". OpenBSD came 2nd
> last, but get this, Ubuntu, the Linux which had the
root password
> logged
> to disk in the plain from the installer, complete with
a community
> which
> did not notice this until almost the next release was
out... came
> first!
>
> Good job Edmund! This is one of the worst articles on
security I
> have
> ever read. Talk about missing the point.
>
> http://searchsecurity.techtarget.com/originalContent/0
,289142,sid14_
> gci1202417,00.html

i'd ask to see the actual data used.  the text says
"For example, if
we look at the July update for the highly critical libmms
vulnerability, we see that all the announced updates
occurred within
one day."  But if you follow the link, only two
distros are listed.
So does not fixing something at all also result in a score
of 100?

On 07/27/06 11:17, jlr0i6sg3thushmail.com wrote:
> Someone has written an article under "Information
Security News",
> entitled "Linux patch problems: Your distro may
vary". As if 
> OpenBSD were a "Linux distro".

Well, OpenBSD gets mentioned, that's the most important.

..

> Good job Edmund! This is one of the worst articles on
security I 
> have ever read. Talk about missing the point.

Yep, let's do talk about it since I see you as a blind
horse that 
misses the point because you cannot read. The title contains
the two 
words "patch problems" and that isn't a very
strong point of OpenBSD. 
(Obviously because there are not as many developers as other

distributions have.)


The article is not about the strong points of OpenBSD,
pro-active and 
integrated security, it's about patching and updates, a
weak point of 
OpenBSD.

And it's not at all about stupidities like the one you
mentioned of 
Ubuntu, you provide chaos without a reason.

+++chefren

On Thu, 27 Jul 2006, Ted Unangst wrote:

> On 7/27/06, jlr0i6sg3thushmail.com
<jlr0i6sg3thushmail.com> wrote:
>> Someone has written an article under
"Information Security News",
>> entitled "Linux patch problems: Your distro
may vary". As if
>> OpenBSD
>> were a "Linux distro".
>> 
>> In this article, he compares response times to
vulnerabilities and
>> then
>> gives various Linux distros and OpenBSD a
"score". OpenBSD came 2nd
>> last, but get this, Ubuntu, the Linux which had the
root password
>> logged
>> to disk in the plain from the installer, complete
with a community
>> which
>> did not notice this until almost the next release
was out... came
>> first!
>> 
>> Good job Edmund! This is one of the worst articles
on security I
>> have
>> ever read. Talk about missing the point.
>> 
>> http://searchsecurity.techtarget.com/originalContent/0
,289142,sid14_
>> gci1202417,00.html
>
> i'd ask to see the actual data used.  the text says
"For example, if
> we look at the July update for the highly critical
libmms
> vulnerability, we see that all the announced updates
occurred within
> one day."  But if you follow the link, only two
distros are listed.
> So does not fixing something at all also result in a
score of 100?
>
>
The source data is suspect because they only count the
announcements
of fixes, hence those projects that are prolific at issuing
security
announcements get a better score. It's a paper exercise,
nothing more.

Ciao
  --Louis

Ahmmm. Openbsd gets bad score in patching ?
Well that maybe becuase the os is so good that doesnt need
30 patches a day
like the linux distros.
I have heard the linux 'fans' saying amazing crap about
their os'es...

Thank god in this world there are people that know that
openbsd rules.
We must all also help the openbsd community with donations
for the amazing
work that all the guys in the obsd team do.
I did a donation 3-4 months ago to the obsd and if I had
more i'd send out
more.

Let the linux guys talk. All the can do is talk ... Their
os's suck....

bsd for life ;)

On 7/27/06, chefren <chefrenpi.net> wrote:
>
> On 07/27/06 11:17, jlr0i6sg3thushmail.com wrote:
> > Someone has written an article under
"Information Security News",
> > entitled "Linux patch problems: Your distro
may vary". As if
> > OpenBSD were a "Linux distro".
>
> Well, OpenBSD gets mentioned, that's the most
important.
>
> ..
>
> > Good job Edmund! This is one of the worst articles
on security I
> > have ever read. Talk about missing the point.
>
> Yep, let's do talk about it since I see you as a blind
horse that
> misses the point because you cannot read. The title
contains the two
> words "patch problems" and that isn't a
very strong point of OpenBSD.
> (Obviously because there are not as many developers as
other
> distributions have.)
>
>
> The article is not about the strong points of OpenBSD,
pro-active and
> integrated security, it's about patching and updates,
a weak point of
> OpenBSD.
>
> And it's not at all about stupidities like the one you
mentioned of
> Ubuntu, you provide chaos without a reason.
>
> +++chefren

Alex Stamatis wrote:
> Ahmmm. Openbsd gets bad score in patching ?
> Well that maybe becuase the os is so good that doesnt
need 30 patches a day
> like the linux distros.
> I have heard the linux 'fans' saying amazing crap
about their os'es...
>
> Thank god in this world there are people that know that
openbsd rules.
> We must all also help the openbsd community with
donations for the amazing
> work that all the guys in the obsd team do.
> I did a donation 3-4 months ago to the obsd and if I
had more i'd send out
> more.
>
> Let the linux guys talk. All the can do is talk ...
Their os's suck....
>
> bsd for life ;)
>
> On 7/27/06, chefren <chefrenpi.net> wrote:
>   
>> On 07/27/06 11:17, jlr0i6sg3thushmail.com wrote:
>>     
>>> Someone has written an article under
"Information Security News",
>>> entitled "Linux patch problems: Your
distro may vary". As if
>>> OpenBSD were a "Linux distro".
>>>       
>> Well, OpenBSD gets mentioned, that's the most
important.
>>
>> ..
>>
>>     
>>> Good job Edmund! This is one of the worst
articles on security I
>>> have ever read. Talk about missing the point.
>>>       
>> Yep, let's do talk about it since I see you as a
blind horse that
>> misses the point because you cannot read. The title
contains the two
>> words "patch problems" and that isn't
a very strong point of OpenBSD.
>> (Obviously because there are not as many developers
as other
>> distributions have.)
>>
>>
>> The article is not about the strong points of
OpenBSD, pro-active and
>> integrated security, it's about patching and
updates, a weak point of
>> OpenBSD.
>>
>> And it's not at all about stupidities like the one
you mentioned of
>> Ubuntu, you provide chaos without a reason.
>>
>> +++chefren
>>     
>
>   
Poor score in security? Hmmm... In which config? Default
install? Or 3rd 
party apps? If the apps are to blame, then, to some extent,
isn't that a 
ding to the developer, and not the OS itself? Almost like
saying OpenBSD 
sucks because there was an exploit in an Excel document
opened with 
OpenOffice.

As for Linux sucking, well, I use OpenBSD on anything 
public, but for 
client deployments (or non-technical people that want to try

linux/unix/bsd) I use ubuntu. Both have their strengths,
both have their 
weeknesses...
 Nick

On Thu, Jul 27, 2006 at 09:24:54PM +0100, Alex Stamatis
wrote:
> [...] Their os's suck....

http://f
un.drno.de/sounds/Every_OS_sucks.mp3

On 7/27/06, Louis Bertrand <louisbertrandtech.ca> wrote:
> If you do send something in, be polite. We're not a
bunch of
> raving loonies.

We're not? Damn!

Carlos.
-- 
<nick> grah windows just crashed again, unstable crap.
<yukito> Windows isn't unstable, it's just
spontaneous.