On Fri, Apr 4, 2014 at 1:15 PM, Aaron Poffenberger <a...@hypernote.com>wrote:
> On Apr 3, 2014, at 10:20 PM, Kenneth Westerback <kwesterb...@gmail.com> > wrote: > > > On 3 April 2014 22:04, Martin Braun <yellowgoldm...@gmail.com> wrote: > >> As we all know on the front page of OpenBSD it says "Only two remote > holes > >> in the default install, in a heck of a long time". > >> > >> I don't understand why this is "such a big deal". > >> > >> A part from the base system in xBSD, OpenBSD - so far - also contains a > >> chrooted web server, that can't be used for much else than serving > static > >> content, and then the X system, which also can't be used for anything > >> before installing some third party application. > >> > >> All in all the default install is pretty useless in itself and I am > going > >> to quote "Absolute OpenBSD" by Michael Lucas: > >> > >> «You're installed OpenBSD and rebooted into a bare-bones system. Of > >> course, a minimal Unix-like system is actually pretty boring. While it > >> makes a powerful foundation, it doesn't actually do much of anything.» > >> > >> So we need those third party applications to start the party, yet none > of > >> these applications receives the same code audit, security development > and > >> quality control as OpenBSD does. > >> > >> As soon as we install a single third party application our entire > operating > >> system is, in theory at least, compromised as these third party > >> applications gets installed as root. > >> > >> Maybe I am just plain stupid, but could someone explain to me the point > in > >> "bragging" about only two remote holes in the default install, when the > >> default install is useless before you add some content to the system, > >> unless you're running a web server serving static content only. > > > > Firewalls? BGP Routers? Email servers? Relayd load balancers? All > > base-only external facing devices that might be nice to not have > > exploits in by default. > > > > .... Ken > > > > > >> > >> Best regards. > >> > >> Martin > > > > Itâs also nice to know you can safely enable networking on your > computer to install software, whether connected directly or through a > firewall. In theory your own network should be a safe haven. In > practice we know that's not always the case. > > The current survival time for an unpatched Windows system when first > connected to the internet ranges from 66 minutes to 2,630 minutes.* > I've seen Windows computers take hours to fully patch after initial > install. > > Linux systems have much better ranges (95 minutes to 2,141) and > usually patch much quicker. > > Still, all else being equal, I choose the system that's not likely to > be compromised while I patch or install software. > > And that's worth bragging about. > > --Aaron > > * Data for 2014-01-01 through 2014-04-03: > <https://isc.sans.edu/survivaltime.html>. > > Bollocks The uptime depends of the user, ie the main source of problems Linux packages are full of ugly bugs that can be detected with classic dev tools. Microsoft drivers are fugly and nvidia is king in creating bloated computer. Let say this in a friday way: In the hand of the 6 years old with a hammer any computer uptime is low. The OP dont even know javascript why are we talking in this thread ? Oh, it is friday !!!! -- () ascii ribbon campaign - against html e-mail /\
