Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Most linuxes are pretty good these days about security, there was a time when it seemed like every redhat version came out of the box with a remotely exploitable hole.

But Ubuntu is locked down by default now. And their security responsiveness seems pretty good.



Security from external threats is what most people tend to look at, but OpenBSD takes security of local users just as seriously. Personally I would feel very uneasy about giving other users accounts on most *nix machines, but I wouldn't worry much about making an account on my OpenBSD box.


Yeah. There were some bad days with default linux installs circa 1998 or so (Red Hat 6.0 was a disaster, IIRC), but everyone learned their lesson and in fact linux distros have been extraordinarily proactive about security since. Witness Red Hat with SELinux, FORTIFY_SOURCE, ExecShield, etc...

One of the ironies is that the "only two remote holes in the default install" bit, while impressive compared to, say, Microsoft, is still two more than Red Hat and Ubuntu have shipped over the same period. (Disclosure: that's from memory. I'd have to look up dates on remote exploits to be sure.)


is still two more than Red Hat and Ubuntu have shipped over the same period.

it's 2 remote holes in 11 years. ubuntu wasn't even around 5 years ago.


I guess I was counting since the first hole in 2002. Have there been any in common linux distros since then? OpenBSD got caught once.

But even so: Ubuntu has had zero remote holes in the default install in 5 years. I'm getting hung up on a divide by zero bug somewhere, but I think that works out better if you want to be pedantic about this stuff, no? :)

Seriously: it's a dumb marketing slogan, and it means next to nothing. In point of fact over the last 6-7 years OpenBSD doesn't have a particularly distinguished security record according to their own metric. It's better than Microsoft.


2002 and 2007, according to Wikipedia. I'm skeptical about OpenBSD being more secure overall, in the real world (who has time to apply patches manually?!) But, to be fair, I'm pretty sure Debian and Ubuntu had a big OpenSSL-related fiasco just recently.


There have been lots of security bugs. But no "remote holes in the default install", which is OpenBSD's marketing slogan. That's the point that I was making. It's a dumb metric.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: