I certainly don't mean to imply that OpenBSD is a horribly insecure operating system - it isn't. I do however need to highlight that OpenBSD is quite far removed from a secure operating system, and will attempt to justify this position below.
Full story »
Read contents from Free Software Magazine
Anybody up to writing good directory software?
Tue, 2007-02-20 11:17 — David JonathanSince the very beginning, directories (of any kind) have had a very central role in the internet. (I have recently grown fond of Free Web Directory. Even Slashdot can be considered a directory: a collection of great news and invaluable user-generated comments. As far as software is concerned, doing a quick search on Google about software directories will return the free (as in freedom) software directories like Savannah, SourceForge, Freshmeat and so on, followed by shareware and freeware sites such as FileBuzz, PCWin Download Center and All Freeware (great if you're looking for shareware and freeware, but definitely less comprehensive than their free-as-in-freedom counterparts).
Is better education the key to finding better software?
Sat, 2007-03-03 03:25 — Edward RusselI read David Jonathon's article Anybody Up To Writing Good Directory Software? the other day, which got me thinking about software directories in general. As David mentioned, many of the software directories one finds when doing a quick google search are free as in beer, not as in freedom. But what interests me is the software directories that already exist, providing a combination of both free as in beer software, and open source software. Sites such as Freeware Downloads and Shareware Download don't advertise themselves as providing free as in liberty software, but each of them have a good selection of open source software available... if you know where to look.
Categories
Best karma users
From the staff of FSDaily: Comedians in Perth, Magicians in Perth, Bands in Perth
irbis
2 years 12 weeks 5 days 6 hours ago
Problems in the article
The article is an interesting read, but it over emphasizes some things while neglecting many others, and I'm not sure how valid many of the points actually are?
The main point of the article is that OpenBSD doesn't have a MAC (mandatory acces control) system. However, there are various ways of improving application level security, and MAC is only one of them.
MAC is an extra layer that you put on top of the operating system when you assume that the applications in themselves are not secure enough (which ideally should first be fixed in those apps themselves). It greatly increases complexity and possibility for bugs too. All the headaches of those administering, for example, SELinux systems like Fedora Linux have had because of the complexities of MAC, are a good example of that. Besides, MAC is no magical bullet that automatically secures everything once you've installed it. It has its boundaries and it usually needs a lot of management too. Besides, if your kernel is compromised, a MAC system is good for nothing as the attacker could then simply turn the MAC off from the kernel.
However, OpenBSD takes another kind of approach to increasing application level security: they try to enforce similar kind of security measures in the programs and software itself, by tweaking and patching programs, fixing potential security bugs etc. Many essential parts and packages in OpenBSD already achieve similar kind of security and access restrictions (to a MAC based system), and with much less complexity too. Although there could always be more that OpenBSD - or any other system - could do to improve security, the OpenBSD way of doing it seems basically the right way to do it, instead of extra layers and adding complexity you try to fix the actual problems. As far as that is not enough, maybe a MAC on top of the system could help too - if it won't make the system so complicated that only an IT professional with a doctoral university degree in IT can administer it properly.