"TH" <th_at_cogito.greatdanedk> wrote:

> Hi,
>
> Well, as subj. says...Anyone shifted from FBSD to OBSD on servers?

Yups.

> And
> why did you do that?

For fun. And additional security.

EJ
--
Remove the obvious part (including the dot) for my email address

erik wrote:

> For fun. And additional security.

Can u "feel" the extra security? Afaik its "only" the audit and extra
encryption that is the difference. Do you have less exploits to deal with
(fewer upgrades)? And what about the cost in management? (Im thinking here
of the overhead in updating OBSD - take apache for example...)?

Thanks for your thoughts...

--
TH
Pffmppppmppffpmmpp fmpmfpmpp mpmppfmfm
mmpmppmpfppfpffmpp pffmpppfmpmfffmmffpppmfm...
<http://www.namesuppressed.com/kenny/>

On Sat, 2 Aug 2003, it was written:

> Can u "feel" the extra security? Afaik its "only" the audit and extra
> encryption that is the difference. Do you have less exploits to deal with
> (fewer upgrades)? And what about the cost in management? (Im thinking here
> of the overhead in updating OBSD - take apache for example...)?

i'm still waiting for the never need to update OS to come out. just pick
one and accept that you have to maintain it. that's the best anyone can
offer.


--
"People have criticized me because my security detail is larger
than the president's. But you must ask yourself: are there more
people who want to kill me than who want to kill the president?
I can assure you there are."
- M. Barry, Mayor of Washington, DC

On Sat, 02 Aug 2003 17:27:20 -0700, Ted Unangst wrote:

> i'm still waiting for the never need to update OS to come out. just pick
> one and accept that you have to maintain it. that's the best anyone can
> offer.

VMS? The latest CERT advisory seems to have been published in 1996.

"TH" <th_at_cogito.greatdanedk> wrote:

> erik wrote:
>
>> For fun. And additional security.
>
> Can u "feel" the extra security? Afaik its "only" the audit and extra
> encryption that is the difference. Do you have less exploits to deal
> with (fewer upgrades)? And what about the cost in management? (Im
> thinking here of the overhead in updating OBSD - take apache for
> example...)?
>

I 'feel' that the overhead of updating is less with OpenBSD. The number
of exploits is not relevant, this can change any minute. To me relevant
is the maintenance. I like OpenBSD for its clean and clear wy of
maintaining. I like <whisper>debian gnu linux</whisper> for this as
well.

The overhead of updating OpenBSD is _very_ limited. I cannot see what
you mean with your example Apache.

EJ
--
Remove the obvious part (including the dot) for my email address

erik wrote:

> The overhead of updating OpenBSD is _very_ limited. I cannot see what
> you mean with your example Apache.

I just read that in order to update apache one has to recompile the whole
system.
Apache is part of the base-installation in OBSD whereas its in the ports in
FBSD.

--
TH
Pffmppppmppffpmmpp fmpmfpmpp mpmppfmfm
mmpmppmpfppfpffmpp pffmpppfmpmfffmmffpppmfm...
<http://www.namesuppressed.com/kenny/>

On Tue, 5 Aug 2003 00:05:19 +0200, "TH" <th_at_cogito.greatdanedk>'s
owl flew in through the window and dropped a message on which was
scribed:

>erik wrote:
>
>> The overhead of updating OpenBSD is _very_ limited. I cannot see what
>> you mean with your example Apache.
>
>I just read that in order to update apache one has to recompile the whole
>system.
>Apache is part of the base-installation in OBSD whereas its in the ports in
>FBSD.

In that case you read wrong. To update apache you download an updated
version and build and install it.

Rich
--
Richard Parker

"Baldrick. Are the words "I have a cunning plan" marching with
ill-deserved confidence towards this conversation?"
- Edmund Blackadder

On Tue, 05 Aug 2003 00:17:16 +0200, erik
<erik@geenspam.vanwesten.net>'s owl flew in through the window and
dropped a message on which was scribed:

>Richard Parker wrote:
>
>> On Tue, 5 Aug 2003 00:05:19 +0200, "TH" <th_at_cogito.greatdanedk>'s
>> owl flew in through the window and dropped a message on which was
>> scribed:
>>
>>>erik wrote:
>>>
>>>> The overhead of updating OpenBSD is _very_ limited. I cannot see
>>>> what you mean with your example Apache.
>>>
>>>I just read that in order to update apache one has to recompile the
>>>whole system.
>>>Apache is part of the base-installation in OBSD whereas its in the
>>>ports in FBSD.
>>
>> In that case you read wrong. To update apache you download an updated
>> version and build and install it.
>
>No, you download the _patches_ and then do your thing.

Either/or
--
Richard Parker

If I were you I'd dance naked in the middle of the street just to embarrass you.

On Tue, 05 Aug 2003 00:38:38 +0200, erik
<erik@geenspam.vanwesten.net>'s owl flew in through the window and
dropped a message on which was scribed:

>Richard Parker wrote:
>
>> On Tue, 05 Aug 2003 00:17:16 +0200, erik
>> <erik@geenspam.vanwesten.net>'s owl flew in through the window and
>> dropped a message on which was scribed:
>>
>>>Richard Parker wrote:
>>>
>>>> On Tue, 5 Aug 2003 00:05:19 +0200, "TH" <th_at_cogito.greatdanedk>'s
>>>> owl flew in through the window and dropped a message on which was
>>>> scribed:
>>>>
>>>>>erik wrote:
>>>>>
>>>>>> The overhead of updating OpenBSD is _very_ limited. I cannot see
>>>>>> what you mean with your example Apache.
>>>>>
>>>>>I just read that in order to update apache one has to recompile the
>>>>>whole system.
>>>>>Apache is part of the base-installation in OBSD whereas its in the
>>>>>ports in FBSD.
>>>>
>>>> In that case you read wrong. To update apache you download an
>>>> updated version and build and install it.
>>>
>>>No, you download the _patches_ and then do your thing.
>>
>> Either/or
>
>Nope. If you install a fresh apache, you _will_ miss the patches by the
>OpenBSD team. These patches are there for a reason. Usually a _very_
>good reason. Besides, you will miss the chroot facilities so carefully
>designed by the OpenBSD team.

I was under the impression that the Apache on OpenBSD was a vanilla
Apache. Also a --with-layout=OpenBSD should install all the necessary
bits in the right place as long as the Apache team have done a decent
job with configure. Chroot is after all nothing to do with Apache,
it's just a jail,

Rich
--
Richard Parker

Hmmm.. nice idea.. bury them up to their knees in mud, wrap them round with stiff wire, twist them into contorted shapes, chop bits off them at regular intervals, leave them where they are for forty years or so with minimal feeding, sell them for vast amounts of money.. there must be a snag in this somewhere.. why can't I see it?
- Gid Holyoake on bonsai style training for lusers on asr

On Mon, 4 Aug 2003, Richard Parker wrote:

> I was under the impression that the Apache on OpenBSD was a vanilla
> Apache. Also a --with-layout=OpenBSD should install all the necessary
> bits in the right place as long as the Apache team have done a decent
> job with configure. Chroot is after all nothing to do with Apache,
> it's just a jail,

no, it's more than just a few config options. apache 1 as distributed
does not chroot. there's some other things that were changed too. i
don't use apache, i don't care. not hard to run diff if you want the full
story.


--
"First, it was not a strip bar, it was an erotic club. And second,
what can I say? I'm a night owl."
- M. Barry, Mayor of Washington, DC