Code quality of FreeBSD compared to OpenBSD?

Status
Not open for further replies.

CoTones

Active Member

Reaction score: 11
Messages: 108

They want to use features that OpenBSD doesn't have either, like Bluetooth.
Poor OpenBSD devs, how they get electricity in their caves?

I doubt that that is true. Is there a survey or something to back that claim?
Great question. This is the FreeBSD forum so it should be quick and easy to get the answer, right? Honest too..?
 

vigole

Aspiring Daemon

Reaction score: 783
Messages: 770

majority of FreeBSD developers don't run FreeBSD as a desktop system.
[...]
Contrary, most OpenBSD developers run OpenBSD as a desktop daily.
Stats please.
Words like "majority", "most", etc are good enough for TV and their audience, but not for FreeBSD Forums.
 

Crivens

Moderator
Staff member
Moderator

Reaction score: 1,324
Messages: 2,284

Let's see:
  1. Company issued Laptop Win10.​
  2. Company issued Laptop Win10​
  3. Private Laptop running 12-Stable​
  4. Private Laptop running 10.4​
  5. Private Laptop running Haiku​
  6. Fileserver running 12-Stable​
Good enough?
 

vigole

Aspiring Daemon

Reaction score: 783
Messages: 770

I'm not a FreeBSD developer. Anyway!
  1. Work laptop: Win10
  2. Personal computer: base/releng/12.1 (no dual boot)
[EDIT]: There's also VMs:
  1. base/stable/11
  2. base/releng/11.4
  3. base/releng/12.1
  4. base/head
 

CoTones

Active Member

Reaction score: 11
Messages: 108

Great Statistics... You won!

Half a bee, philosophically, must ipso facto half not be.
But half the bee has got to be, vis-a-vis its entity. See?
But can a bee be said to be or not to be an entire bee,
When half the bee is not a bee, due to some ancient injury?
 

Jose

Well-Known Member

Reaction score: 337
Messages: 483

One of the things that was often mentioned in such discussions is sendmail. Do we need sendmail in base? It could be argued that it should be moved to the ports collection. On the other hand, we need at least some kind of mail delivery support in base, so things like cron jobs and the periodic script outputs work out of the box, which is essential. And sendmail is comparatively small – replacing it with a slimmer delivery agent won’t really save much space (DragonFly BSD did that, but for other reasons).
DMA looks awesome. I really wish it replaced Sendmail in base. I have anti-nostalgia for Sendmail. Too many hours trying to get it to, you know, send mail and then worrying about what security vulnerabilities I had exposed thanks to sendmail.cf's many, many gotchas.

Edit: and here are my BS stats. Two desktops duel-booting Windows 7 and Freebsd 12.1. Freebsd 12.1 server. Gentoo server. Openbsd firewall. Mac laptop. I iz not developr. Do I win something?
 

ekvz

Well-Known Member

Reaction score: 273
Messages: 431

I doubt that that is true. Is there a survey or something to back that claim?

FWIW, I run FreeBSD as a desktop for 25 years.

I think i've stumbled across the source of this claim some time ago. If i remember correctly this goes back to some guy supposedly making this observation at a conference and who knows maybe he was even right about it. Repeating this statement years later while leaving out the source to make it sound all inclusive is nothing but flame bait though. Even if not putting desktop usage in relation to code quality doesn't make any sense at all anyways.
 

sidetone

Daemon

Reaction score: 601
Messages: 1,402

What's the share of opensource users who use FreeBSD compared to OpenBSD overall? FreeBSD already has more desktop users from that alone.

Perhaps there's a comparable amount of developers who use a FreeBSD desktop as its primary OS to OpenBSD developers who use that as a primary desktop.
 

ekvz

Well-Known Member

Reaction score: 273
Messages: 431

DMA looks awesome. I really wish it replaced Sendmail in base. I have anti-nostalgia for Sendmail. Too many hours trying to get it to, you know, send mail and then worrying about what security vulnerabilities I had exposed thanks to sendmail.cf's many, many gotchas.

Seconded. While i don't have much of a relationship with sendmail at all i'd prefer DMA any just from looking at the configuration. To bad it doesn't support my edge case usecase but it would probably do just fine for most people.
 

drhowarddrfine

Son of Beastie

Reaction score: 1,703
Messages: 3,774

Nobody knows.
Really don't care.

When I ran my little web dev company, we rarely talked about Linux but we occasionally discussed OpenBSD. So there must be more OpenBSD users than Linux users.
End of discussion.
 

kpedersen

Daemon

Reaction score: 1,181
Messages: 2,153

I think i've stumbled across the source of this claim some time ago. If i remember correctly this goes back to some guy supposedly making this observation at a conference.

Yes, I think I found similar a few years back. If I recall it was even said in jest from another FreeBSD developer in a semi self-deprecating / modest humor kind of way. And yet it seems at some point it was taken too literally at face value. Possibly because sarcasm doesn't really translate well to text transcripts. Who knows?

I have personally found FreeBSD to be equally as user-friendly as its competition... OpenBSD XD
 

ekvz

Well-Known Member

Reaction score: 273
Messages: 431

Namely, it launched shell -c commands with parameters like e-mail addresses taken directly from remote input without any escaping!! So much for code auditing :)

Ouch. If that's true it's pretty much </thread>. One would think this to be exactly the kind of code that's the first thing to get doublechecked up to the very last bit during audits. Also stuff like this is so extremely easy to avoid in 99% of all cases. Just limit the amount of accepted characters and forget about it. The other 1% that need escaping because some of the problematic characters have to be allowed might be a bit trickier but come on...
 

Jose

Well-Known Member

Reaction score: 337
Messages: 483

Ouch. If that's true it's pretty much </thread>. Stuff like this is so extremely easy to avoid in 99% of all cases. Just limit the amount of accepted characters and forget about it. The other 1% that need escaping because some of the problematic characters have to be allowed might be a bit trickier but come on...
Never been a fan of Opensmtpd, but maybe that's just because I'm a Postfix fanboi. I don't think it's fair to judge the whole Openbsd project based on just that part, though. They do have a pretty good track record.
 

kpedersen

Daemon

Reaction score: 1,181
Messages: 2,153

Ouch. If that's true it's pretty much </thread>. One would think this to be exactly the kind of code that's the first thing to get doublechecked up to the very last bit during audits. Also stuff like this is so extremely easy to avoid in 99% of all cases.

Unfortunately it is pretty close to that. It stems from the fact that using the shell and piping data, even though is convenient is not entirely designed for security.

A good breakdown of the issue from the developer.


I am also slightly surprised it happened but it can. But the error was owned up to, a quick fix was applied and now hopefully OpenSMTPD is bullet proof again ;)
 

Jose

Well-Known Member

Reaction score: 337
Messages: 483

I am also slightly surprised it happened but it can. But the error was owned up to, a quick fix was applied and now hopefully OpenSMTPD is bullet proof again ;)
Ahem, that was the third security vulnerability found in Opensmtpd in a month:
The others look pretty bad to me too.

Contrast with the entire history* of security vulnerabilities in Postfix:

The Opensmtpd author is right in that an SMTP MTA is kind of a worst possible case for writing a secure daemon. You have to parse all this user input text in a privileged process. What I take issue with, and what I think smacks of hubris in the entire Openbsd project, is the idea that there are structural changes you can make to prevent bad things from happening. Opensmtpd was already using privilege separation, and that wasn't enough. I'm now supposed to believe that the latest brainwaves, pledge and unveil, are going to make it impossible for bad things to happen. They may be right. I am skeptical.

* Postfix has been around since 1998. It's possible vulnerabilities were discovered in Postfix before 2008 that are not listed on this page. Please enlighten me if you find any.
 

scottro

Daemon

Reaction score: 597
Messages: 1,611

By the way [USER=63411]ekvz[/USER], you're right about the claim. A member who hasn't been around in awhile, and is missed, IMO, Oko mentioned that and then brought it up every time the subject came up, that FreeBSD devs used Mac and OpenBSD devs used OpenBSD.

But as I watch this thread go on for pages, I kind of think it comes down to what you want. I remember, and I've mentioned it before, how, in a discussion over mutt vs. pine, someone wrote, people pull out all sorts of technical reasons to justify what is, in the end, an emotional decision.
 

Jose

Well-Known Member

Reaction score: 337
Messages: 483

This machine has 16 cores and two threads per core. Freebsd's multiprocessing support is better than Openbsd. There's nothing emotional about that.
 

drhowarddrfine

Son of Beastie

Reaction score: 1,703
Messages: 3,774

Emotion?! Are you guys crazy??!!! You gotta be outta your mind!!!!!!!! SINCE WHEN DOES EMOTION PLAY INTO ANY OF THIS????????!!!!!!!!!!!!!!!!!!!!AAAAAAAHHHHHHHHHHHHH
 

kpedersen

Daemon

Reaction score: 1,181
Messages: 2,153

Ahem, that was the third security vulnerability found in Opensmtpd in a month:

Eeek.

Well... all fixed and now bullet proof again!!! XD...

(But just to be sure, I will keep mine to only listening on localhost for now)

Postfix looks to be doing quite well. I am actually surprised that it has so few CVEs, even since 2008. That daemon is hit fairly hard each day.
 
Status
Not open for further replies.
Top