You are not logged in.

#1 2018-01-26 05:27:59

johnraff
nullglob
From: Nagoya, Japan
Registered: 2015-09-09
Posts: 5,740
Website

Are the BSDs dying? Some security researchers think so


John
--------------------
( a boring Japan blog , Japan Links, idle twitterings  and GitStuff )
In case you forget, the rules.

Offline

#2 2018-01-26 06:52:21

Head_on_a_Stick
Member
From: London
Registered: 2015-09-29
Posts: 8,759
Website

Re: Are the BSDs dying? Some security researchers think so

Total troll click-bait — that meme has been around for several years and is on par with "2018 is the year of the Linux desktop" roll

OpenBSD patched all of the reported vulnerabilities within a few days, a fact that is curiously not mentioned at all by the LWN article:

LWN wrote:

He promptly reported all the bugs, but six months later, at the time of his talk, many remained unpatched.

LWN is a commercial organisation that exists to promote Linux.


“Et ignotas animum dimittit in artes.” — Ovid, Metamorphoses, VIII., 18.

Forum Rules   •   How to report a problem   •   Software that rocks

Offline

#3 2018-01-26 08:05:20

johnraff
nullglob
From: Nagoya, Japan
Registered: 2015-09-09
Posts: 5,740
Website

Re: Are the BSDs dying? Some security researchers think so

Thanks for clearing that up.
(The original article, on csoonline, seems a bit more balanced.)


John
--------------------
( a boring Japan blog , Japan Links, idle twitterings  and GitStuff )
In case you forget, the rules.

Offline

#4 2018-01-26 08:09:50

ohnonot
...again
Registered: 2015-09-29
Posts: 3,917
Website

Re: Are the BSDs dying? Some security researchers think so

Head_on_a_Stick wrote:

Total troll click-bait — that meme has been around for several years and is on par with "2018 is the year of the Linux desktop"

you're not doing "the BSDs" any favors by biting back like this.

i clicked through the articles and ultimately This seems to be the source.
while the first article maybe does, this certainly doesn't look like clickbait or sensationalism to me.

OpenBSD patched all of the reported vulnerabilities within a few days

"ALL vulnerabilities fixed" is a HUGE claim.
for the sake of this discussion, it would be nice if you could back it up with another article.

a fact that is curiously not mentioned at all by the LWN article

LWN wrote:

He promptly reported all the bugs, but six months later, at the time of his talk, many remained unpatched.

i think it's reasonable to assume that a lot of stuff got patched after Ilja von Sprundel dropped that bomb.
but frankly, i don't think even a commercial entity would plainly lie about this.
let's parse it:
- you say openbsd patched all.
- lwn says many remain unpatched (but doesn't limit this statement to openbsd)
what if you're both right?

Offline

#5 2018-01-26 12:49:41

BLizgreat!
Resident Babbler - vll!
Registered: 2015-10-03
Posts: 1,018

Re: Are the BSDs dying? Some security researchers think so

Think both are right. That being that no software will ever be bulletproof. Am sure the BSD crowd are no slouches regardless and considering all the effort, time, talent and tradition which must be involved in the platform can't see it being allowed to ever fade away.

Vll! and VlBsd! smile

Offline

#6 2018-01-26 19:26:07

Head_on_a_Stick
Member
From: London
Registered: 2015-09-29
Posts: 8,759
Website

Re: Are the BSDs dying? Some security researchers think so

ohnonot wrote:
Head_on_a_Stick wrote:

OpenBSD patched all of the reported vulnerabilities within a few days

"ALL vulnerabilities fixed" is a HUGE claim.
for the sake of this discussion, it would be nice if you could back it up with another article.

Well actually the csoonline article also states that, it just wasn't included in the overly sensationalist summary made by @corbet on lwn.net

For an absolute reference see 44:21 of Ilja von Sprundel's original presentation:

https://mirror.netcologne.de/CCC/congre … slides.mp4

I happen to remember when that video presentation originally came out and the openbsd-tech mailing list had the patches ready about a week later, I can't be bothered to search for that though.

The point I was trying to make was that the phrase "BSD is dying" has been touted around by Linux trolls for _many_ years and this seems to be another pathetic attempt.

Here is an article about it, please take note of the date:

https://everything2.com/title/BSD+is+dying

Last edited by Head_on_a_Stick (2018-01-26 19:28:07)


“Et ignotas animum dimittit in artes.” — Ovid, Metamorphoses, VIII., 18.

Forum Rules   •   How to report a problem   •   Software that rocks

Offline

#7 2018-01-27 10:57:10

ohnonot
...again
Registered: 2015-09-29
Posts: 3,917
Website

Re: Are the BSDs dying? Some security researchers think so

Head_on_a_Stick wrote:

Here is an article about it, please take note of the date:
https://everything2.com/title/BSD+is+dying

a classic since 2002!!! yikes

that puts your reaction in a much milder light.

Last edited by ohnonot (2018-01-27 10:58:57)

Offline

#8 2018-01-27 19:11:23

cog
Member
From: New Mexico, USA
Registered: 2015-10-27
Posts: 182

Re: Are the BSDs dying? Some security researchers think so

As a heavy former freebsd user I'd disagree with LWN's sources.  When all those NSA toolkits surfaced the BSD's were like the only OS's not vulnerable.  As to the Intel & processor related stuff this year, the BSD guys were only given a couple weeks notice to start working on the patches.  Had they been given several months like Cannonical and RedHat I'd assume they'd already had patches.  Also, as HOAS noted OpenBSD promptly got patches for meltdown in order as did dragonfly.  I'd say these two did because the development pipeline is tighter for those two.  Matthew Dillon has a unique design and tighter control on the dragonfly kernel as does Theo and his boys over at openbsd.  All the BSD's are different OS's too so you can't really say "BSD" because their not all built with the similar components like linux distros.  They're fundamentaly different.  That's just my two cents.

Also, I don't know what the overall BSD ecosystem looks like with Intel firmware, but Linus said himself the updates were pretty bad.  If they're at all removed from that, they might be in a good position to get some more solid fixes in place.

Last edited by cog (2018-01-27 19:14:00)


10% of The Fishermen Catch 90% of The Fish

Offline

#9 2018-01-28 04:42:17

martix
Kim Jong-un Stunt Double
Registered: 2016-02-19
Posts: 1,267

Re: Are the BSDs dying? Some security researchers think so

cog wrote:

the BSD's were like the only OS's not vulnerable.  ....  All the BSD's are different OS's too so you can't really say "BSD" because their not all built with the similar components like linux distros.

As I recall BSDs were affected too. I'd have to search a bit to find the appropriate info, but in some of those papers and later when there were news about different tools, there was also BSD mentioned. I cannot tell which was it exactly (and there are different ones as stated, so probebly some of them were not affected), but those systems have vulnerabilities too, which an organisation with basically unlimited resources exploits just like any other system (but it looks it's getting harder - at least there were news about it - as many bright minds left for private enterprises recently).

Offline

#10 2018-01-28 13:26:23

Head_on_a_Stick
Member
From: London
Registered: 2015-09-29
Posts: 8,759
Website

Re: Are the BSDs dying? Some security researchers think so

Given that Microsoft now back OpenBSD finacially (so they can use their LibreSSL tool in Windows) and NetFlix proudly boast of their FreeBSD server I/O capabilities that outperform anything Linux can manage, any claims that "BSD is dying" do appear to be fairly ridiculous, not to mention completely unfounded.


“Et ignotas animum dimittit in artes.” — Ovid, Metamorphoses, VIII., 18.

Forum Rules   •   How to report a problem   •   Software that rocks

Offline

Board footer

Powered by FluxBB