undefined | Better HN

0 pointscountingteeth9y ago0 comments

>For 2, syspatch is a coming item

Oh yes, another hand-rolled "coming item," in the world's most secure operating system. Someday, someday OpenBSD will support critical security updates that don't involve recompiling by hand. After all, we finally got "signify" for the base system. That wasn't important at all.

> or you can use mtier.

Right. That's called "on your own." I was going to preemptively predict someone would mention that, but the fact that paid consultants provide a critical feature for security updates as a service that every single serious Linux distro built-in for free is not a point in OpenBSD's favor.

> What the heck? I just use cvs. Its really easy http://www.openbsd.org/stable.html

Ahahaha. NO ONE outside the OpenBSD bubble would say that other than as a joke.

And are you not forgetting that many of the critical security patches do in fact involve a series of additional steps that must be performed separately, manually? If you don't actually READ each patch, you can miss a necessary step.

And of course little things like restarting patched services automatically or knowing when a reboot is required, well, that's an exercise to the reader.

> The upgrading is not really that hard. I'm really at a loss given I find FreeBSD a pain in the butt to upgrade since it always breaks something but have had no problem with OpenBSD other than not reading their man hard link instructions which didn't kill anything but was annoying.

I'm not using FreeBSD as a point of comparison here. I love OpenBSD. I also am not going to wave off how crippled it is operationally out of the box and basically unusable for production in many nontrivial real-world settings.

There's also the little issue of getting your head bitten off and shit on for no good reason even when you're only being helpful in the meekest and most good-faith possible manner, but that's only a little worse than par for the open source world.

0 comments

protomyth9y ago

> but the fact that paid consultants provide a critical feature for security updates as a service that every single serious Linux distro built-in for free is not a point in OpenBSD's favor.

Red Hat's has free updates? I was unaware of that. Mtier is free for the current version.

> Ahahaha. NO ONE outside the OpenBSD bubble would say that other than as a joke.

I have to patch Windows, FreeBSD, OS X (excuse me Mac OS), Red Hat, and Windows for my current job. I really don't get the problem with OpenBSD. I'm no super system admin. You have to read the patch notes with all of them so I thought it was normal. If you don't read the patch notes, you will end up in a world of hurt. Red Hat had some serious issues with the stupid software vendor that requires me to have Red Hat.

I'm not saying OpenBSD is perfect or even great, I just don't think it's that bad when compared to what I have to do with other servers.

Now, if you want bad patches, deal with "enterprise educational software" that requires me to run an 762 megabyte SQL file against an Oracle database then move files to specific locations.

toyg9y ago

> Red Hat's has free updates?

CentOS has. RedHat is simply not free, so paid upgrades are par for the course. Any free distribution out there has free automatic updates - I think even Oracle came around.

> Mtier is free for the current version.

Yeah, for now (didn't use to be the case, might not be the case forever). Regardless, you're now trusting two entities, OpenBSD and MTier, rather than one. This second entity is not officially affiliated with OpenBSD, and they could shut down tomorrow. How do you trust someone like that with your most sensitive OS files?

I keep banging on about this, but it's the single item that prevents me from switching to OpenBSD as my "default deployed OS" for my generic web needs: the MTier situation is shady and undignified for a major project in 2016, let alone one built on security which requires trust; and my time is too valuable to waste it on reading release notes for banal patches and figure out what special-snowflake incantation I need this week. If OpenBSD does not have the capabilities to provide what MTier provides, they should broker an official agreement where MTier becomes the official channel for updates, with OpenBSD guaranteeing some quality control. If nobody wants to risk his reputation on this service, how can I ever trust it?

protomyth9y ago

Yeah, try to use CentOS when a vendor specifies Red Hat (all sorts of hell). So, I pay Red Hat. I did have a vendor that we didn't go with that specified Fedora but not Red Hat. The world is a bit weird, and I have no clue why that would make sense.

I haven't been screwed by MTier, but I would prefer a world where syspatch is done and working. So, I would guess the single item will fall away for you. Just a question of time I guess.

Although, if you don't read the patch notes for a lot of these OSes, you will get bitten in the butt. I got hosed by a combination of Microsoft and Oracle once. If I had read the notes I could have saved myself a weekend of WTF.

j / k navigate · click thread line to collapse

0 pointscountingteeth9y ago0 comments

>For 2, syspatch is a coming item

> or you can use mtier.

> What the heck? I just use cvs. Its really easy http://www.openbsd.org/stable.html

Ahahaha. NO ONE outside the OpenBSD bubble would say that other than as a joke.

And of course little things like restarting patched services automatically or knowing when a reboot is required, well, that's an exercise to the reader.

0 comments

protomyth9y ago

> but the fact that paid consultants provide a critical feature for security updates as a service that every single serious Linux distro built-in for free is not a point in OpenBSD's favor.

Red Hat's has free updates? I was unaware of that. Mtier is free for the current version.

> Ahahaha. NO ONE outside the OpenBSD bubble would say that other than as a joke.

I'm not saying OpenBSD is perfect or even great, I just don't think it's that bad when compared to what I have to do with other servers.

Now, if you want bad patches, deal with "enterprise educational software" that requires me to run an 762 megabyte SQL file against an Oracle database then move files to specific locations.

toyg9y ago

> Red Hat's has free updates?

CentOS has. RedHat is simply not free, so paid upgrades are par for the course. Any free distribution out there has free automatic updates - I think even Oracle came around.

> Mtier is free for the current version.

protomyth9y ago

I haven't been screwed by MTier, but I would prefer a world where syspatch is done and working. So, I would guess the single item will fall away for you. Just a question of time I guess.

j / k navigate · click thread line to collapse