Re: [tlug] [OT] Intel core duo errata

["Stephen J. Turnbull" <stephen@example.com>]

Hm.  Looks like I have nothing to say about what Dan or Josh wrote,
but I did read their posts. :-)

 > > On Friday 06 July 2007 03:00, Nguyen Vu Hung wrote:
 > >
 > > >1. OpenBSD: Slow. Long release cycle. Security oriented. Stable.

This is what they say, but as Jonathan Byrne used to say (dunno if
it's still true, though) "the only system I've ever had pwnzrd ran
OpenBSD".

The problem is that (as in Dan Bernstein's qmail bet) "OpenBSD is
secure" means "Orange Book C2 secure".  Ie, the system itself as
delivered is secure -- but there's no provision in the definition for
adding features, or even tweaking configuration.  If you do that,
OpenBSD can no longer promise to be especially secure AFAIK.

 > > >2. Linux: Fast. Short release cycle. Feature oriented.

One thing that develops fast on Linux is "securability".  Of course,
you must *use* the securability features and most people don't.  Also,
OpenBSD is a full system distribution, while Linux is a kernel.  So
it's very hard to compare security levels of Linux with BSD.  Sure,
Linux is less stable (both any given instance and the devel process),
but on the other hand, do the BSDs have equivalents to the collection
of features called "SELinux"?  It's interesting that the NSA chose to
enhance Linux rather than OpenBSD in this way.  It's not like Linus is
any less a socialist radical from a country full of socialist radicals
than Theo is. ;-)