

OpenBSD needs your help - call for donations - igorhvr
http://www.undeadly.org/cgi?action=article&sid=20090909074926

======
henryprecheur
Just to show how good OpenBSD's manuals are, look at those:

<http://www.openbsd.org/cgi-bin/man.cgi?query=strncpy>

<http://www.openbsd.org/cgi-bin/man.cgi?query=malloc>

They don't just explain what strncpy & malloc do. They also explain how to use
these functions correctly and securely. With examples.

Compare that to glibc's manuals (pretty typical of what you can find under
Linux):

<http://linux.die.net/man/3/malloc>

<http://linux.die.net/man/3/strncpy>

Clearly OpenBSD folks care.

~~~
Erwin
Hah, check out that malloc page for OpenBSD for how you configure malloc
globally (to e.g. enable debugging): you create a /etc/malloc.conf which is a
_symbolic link_ to a non-existant file the name of which determines options,
e.g. "G<" to enable extra malloc debugging and half the cache size!

~~~
rbanffy
This debugging method seems like an ugly hack. Why not use a plain text file
that could be read when the program (or the computer) starts with options
written in human-readable form?

Assuming it is a short file, it would require only one block read (the block
pointed to by the directory entry). The broken symlink method may be faster
(one less disk read, a lot less parsing overhead) but is much less human-
friendly. And the added speed would only be meaningful if the file got checked
more often than at program start.

~~~
cperciva
_Why not use a plain text file that could be read when the program (or the
computer) starts with options written in human-readable form?_

Reading a symlink is one system call. Reading a file is three or more system
calls. There is an overhead cost for each system call -- and if you're going
to be doing something for almost every process, you might as well be as
efficient as possible.

~~~
rbanffy
Except that if you were using a text file, you use different flags or turn it
on or off on a per executable file basis checked on process start and would
not have to re-parse the symlink every time you malloc something.

~~~
cperciva
The symlink is only checked when malloc is first called.

~~~
rbanffy
Then why parsing a human-readable file that could, conceivably, activate a
much richer debugging option-set is such a huge overhead as to make the
symlink way a better option? Is the setting system-wide or process-wide?

Sorry, but I just can't see why it would be a better option.

~~~
silentbicycle
It's checked when malloc initializes, so the startup cost for a more complex
method would have to be paid by _nearly every process system-wide_.

------
dylanz
My play machine runs OpenBSD. I can't say enough good things about it. If you
want a (very) secure machine which runs on a slew of different platforms, has
an awesome package tree, and a solid developer base of pragmatic and
opinionated unix nerds... look no further.

------
pingswept
OpenBSD is a fine operating system. In the words of Neal Stephenson: "Accept
one of our free tanks! It is invulnerable, and can drive across rocks and
swamps at ninety miles an hour while getting a hundred miles to the gallon!"

~~~
ciupicri
And just like a tank it has no ESP, ABS etc. OpenBSD forces you to do to many
things by hand, instead of automating them as much as possible (just like some
Linux distros).

------
westajay
Buy the CD, install it on an old machine and play with it over a weekend.
OpenBSD has some unique and fantastic features.. everything from PF (its
firewall) to spamd (Spam trapping daemon).

It's also nice to use a finely crafted piece of software that doesn't feel
like it has been bolted together haphazardly (like your typical Linux distro).

~~~
rbanffy
I am somewhat offended by that. I run Ubuntu on my really serious computers
and I hardly feel it was haphazardly bolted together.

~~~
thaumaturgy
I wouldn't take it personally. Ubuntu made a specific effort to improve the
Linux end-user experience, and they've pretty much succeeded. In the process,
their rapid rise to popularity has pushed a bunch of the other distributions
into making their systems more homogenized, so Linux has really gotten a lot
better for the end-user in the last decade.

That said, OpenBSD is probably the most organized project out of all open
source projects close to the same size and scope. They release like clockwork,
they do not (or try not to) rush new features out just so they can make the
next release, and there really is an uncompromising drive for perfection.

I would love to contribute code to the project, but I have to be honest:
though I'm by no means a slouch programmer, those guys seriously outclass me,
and I'd be completely out-of-my-league.

Having perused bits of Linux source from time to time, I don't feel that's so
much the case outside of OpenBSD.

~~~
silentbicycle
You can also contribute by donating, buying CDs, porting (or helping to test
ports), answering questions on the mailing lists or IRC, etc.

<http://openbsd.org/faq/faq1.html#Support>

------
dylanz
It's great to see this post on Hacker News by the way.

I think the OpenBSD project encompasses a lot of the values that a majority of
the users on this site would agree with.

------
igorhvr
I don't use OpenBSD - but I plan to some day, and I really like their
attitude. Specifically, it is very refreshing to see a piece of software where
"Quality is the #1 goal, it takes a back seat to NOTHING else."

~~~
henryprecheur
I use OpenBSD at home for my router and my desktop. I don't plan to go back to
Linux anytime soon. OpenBSD is robust, well documented, and simple.

On the other hand it lacks many _fancy_ features. For example it filesystem is
somewhat dated compared to ZFS or BFS. But that's the price to pay to get a
stable, secure, and well polished operating-system.

PS: OpenBSD's manuals are awesome.

~~~
nearestneighbor
OpenBSD might be doing better than some others, but it's not flawless in the
security arena:

<http://openbsd.org/security.html#43>

~~~
utnick
Most linuxes are pretty good these days about security, there was a time when
it seemed like every redhat version came out of the box with a remotely
exploitable hole.

But Ubuntu is locked down by default now. And their security responsiveness
seems pretty good.

~~~
ajross
Yeah. There were some bad days with default linux installs circa 1998 or so
(Red Hat 6.0 was a disaster, IIRC), but everyone learned their lesson and in
fact linux distros have been extraordinarily proactive about security since.
Witness Red Hat with SELinux, FORTIFY_SOURCE, ExecShield, etc...

One of the ironies is that the "only two remote holes in the default install"
bit, while impressive compared to, say, Microsoft, is still two more than Red
Hat and Ubuntu have shipped over the same period. (Disclosure: that's from
memory. I'd have to look up dates on remote exploits to be sure.)

~~~
there
_is still two more than Red Hat and Ubuntu have shipped over the same period._

it's 2 remote holes in 11 years. ubuntu wasn't even around 5 years ago.

~~~
ajross
I guess I was counting since the first hole in 2002. Have there been any in
common linux distros since then? OpenBSD got caught once.

But even so: Ubuntu has had zero remote holes in the default install in 5
years. I'm getting hung up on a divide by zero bug somewhere, but I _think_
that works out better if you want to be pedantic about this stuff, no? :)

Seriously: it's a dumb marketing slogan, and it means next to nothing. In
point of fact over the last 6-7 years OpenBSD doesn't have a particularly
distinguished security record according to their own metric. It's better than
Microsoft.

------
rbanffy
I don't want to be killed for asking this (I probably will get buried in
seconds), but it's a legitimate question: isn't this precisely the reason why
GPL is such a nice license for new projects?

If, say, vendor A, gave US$ 1 million to the OpenBSD project, vendor B could
pick the improvements and incorporate in their own proprietary products for no
cost, creating a competitive advantage unless the improvements are so narrow
they only apply to A's products. If, however, vendor A donated the same amount
to a GPL-licensed project, vendor B could not take unilateral benefit from the
money invested and would have to either use the improvements from within
another GPL-like product or not at all, effectively negating any competitive
advantage it could acquire from A's investment.

I think the AT&T legal imbroglio had little to do to the comparative success
of the GNU/Linux system.

------
nate_meurer
I've been procrastinating on my first OpenBSD install, and this pushed me over
the edge. I just bought the CD set, and I'll have a go at it this weekend (or
maybe next weekend).

~~~
JeremyChase
If you can dedicated an entire disk to OpenBSD the installation is amazingly
simple; I highly recommend going that route.

~~~
silentbicycle
The spartan text-based install is also remarkably fast. Once you've done the
installation a few times, it's possible to get the whole system up and running
in five minutes.

~~~
ciupicri
It doesn't have even half of anaconda's features and it installs only a few
packages. No wonder that it's so fast.

~~~
silentbicycle
> It doesn't have even half of anaconda's features and it installs only a few
> packages.

That's often a good thing. For headless installs, a Python and GTK-based
install doesn't cut it.

"pkg_add pkgname" fetches a package and its dependencies once you choose a
mirror, anyway, and using text files rather than menus to configure the system
means you can keep your configuration in VC, configure a typical system by
just applying patches, etc.

~~~
ciupicri
Anaconda has a text mode install, so GTK+ is not always used. But I do agree,
that it can't be used on resource constrained systems.

> using text files rather than menus to configure the system means you can
> keep your configuration in VC, configure a typical system What
> configuration? We were talking about installers and anaconda can use
> kickstart files to automate the installation. And of course they can be kept
> in a VCS.

------
newsdog
I think I worked with Theo in 1981. Smart, nasty.

~~~
bm98
When he was 13? <http://en.wikipedia.org/wiki/Theo_de_Raadt>

~~~
rbanffy
Last time I exchanged messages with him he certainly looked like 13.

The other day we were talking about the need for social skills in large
projects mostly because of CK's message exchange on LKML about BFS. Theo is a
very clever guy and does some truly outstanding work, but I would not like to
work with him on anything important. I love what I do and I have no need to
get burned.

------
hs
what's refreshing is that each OpenBSD release has its own theme, song and
artworks

it seems they really are having fun !!!

