BSD Today

BSD Today

NetBSD Security Advisory 2003-004: Format string vulnerability in zlib gzprintf()
“The gzprintf function in zlib did not do bounds checking on user-supplied data. Depending on how the function is used in an application, malign source data can be designed to overflow a buffer and execute arbitrary code as the user of the application.”
March 26, 23:24:06

NetBSD Security Advisory 2003-007: (Another) Encryption weakness in OpenSSL code
“No services using SSL/TLS are enabled by default in NetBSD, however, by enabling services built with these libraries, a system could become vulnerable to the compromise.”
March 26, 23:21:58

NetBSD Security Advisory 2003-005: RSA timing attack in OpenSSL code
“A timing attack has been discovered, which can be used against OpenSSL. The attack allows remote recovery of private keys, from a host with low-latency access to the server – such as the local host, or a host on the LAN.”
March 26, 23:19:52

BSD Online Casino: Desktop and mobile expansion
“Great news for those who want to take their casino play on the go! BSD Online casinos have now expanded from desktop computers and laptops into mobile devices, such as smartphones. This means you can access the online casino bonus no matter where you are – at home or away-with just a few taps of your fingers. You’ll be able to find everything an online casino with a BSD system has to offer; all that’s left is deciding what game suits your mood best!…”
March 26, 23:53:12

NetBSD Security Advisory 2003-008: faulty length checks in xdrmem_getbytes
“The xdrmem_*() routines in libc are susceptible to integer overflows, that affect memory allocation in their local buffers. Processes that use these functions may be coerced to execute code, or to return private memory of the vulnerable process to the caller.”
March 26, 23:17:48

FreeBSD Basics: Checking System Integrity with tripwire
“The premise behind tripwire is that a database is ‘initialized’ using the parameters contained in a policy file. This initialization takes a snapshot or baseline of the files on the system. You then periodically do an ‘integrity check’ to see which files have changed…”
March 26, 12:23:12

BSD a better OS than Linux?

BSD is the software behind the world’s most popular Web site and the world’s most popular FTP site, but unless you’re a geek, you’ve never heard of it.

An open-source operating system like Linux, BSD was developed in the 1970s at the University of California-Berkeley, well before Linus Torvalds ever took a computer course. So why was it Linux that captured mindshare and public imagination? BSD’s obscurity is just part of the reason it is now considered cooler than Linux among the geekiest geeks. But the software some say is the most secure operating system in the world may be poised to make a Linux-like leap to the forefront.

The list of big-name companies and Web sites that use BSD is impressive. Yahoo, UUNet, Mindspring, and Compuserve are on the list – in fact, perhaps 70 percent of all Internet service providers use BSD. Microsoft’s free e-mail service Hotmail began its life on BSD servers, and Apple announced in June its next operating system will be based on BSD. (Microsoft is a partner in MSNBC.)

Enamored with Linux So why is Linux on everyone’s lips, and why are there about 10 times as many Linux users as BSD users? After all, they are both free operating systems that offer free source code – and BSD had quite a head start.

Legal troubles tell part of the story. Right as the Internal began to reach critical mass, the BSD movement was hit by a copyright lawsuit from AT&T;, which still owned the rights to Unix. At the same time, Torvalds was welcoming help from all comers, mainly young computer science students enamored of with the coming information explosion.

There are other reasons – much effort has been put into making Linux user-friendly enough for use as a desktop operating system. BSD groups have focused on servers, never putting much work into appealing to a mass market.

But that doesn’t mean there’s not some obvious jealousy that the new Unix on the block has gotten all the attention.

Class warfare? Talk to BSD users, and a quiet but clear sense of superiority comes through. BSD users, they say, tend to have computer science degrees, hold management positions and have 10 years or more experience in the field. Linux users, on the other hand, are young hackers doing impressive work but motivated in part by having too much free time.

Do you doubt that this has all the makings of a good old-fashioned computer science religious war? Ask Peters, who wrote an article for the online magazine daemonnews.com earlier this month. His even-tempered prose spurred a thread 600 messages long on geek news site Slashdot.org.

When the best, brightest and most suspicious minds from the computer industry gathered in Las Vegas for the DEF CON trade show earlier this month, Linux-taunting by BSD sophisticates wasn’t at all subtle. And when one speaker announced that BSD CD-ROMs were being given away at the show, but Red Hat had declined to give away Linux CDs, there was outright jeering. Has Linux has become too mainstream and lost its appeal among “Ubergeeks”?

BSD’s many flavors BSD was already a mature operating system with four different flavors when Linus Torvalds wrote the first line of Linux code. A direct descendant of the Unix operating system, BSD (which stands for Berkeley Software Design) dates back to work done by Sun Microsystems co-founder Bill Joy to create the first free version of Unix when he was at Berkeley in the late 1970s. Later a group of Berkeley computer scientists added to his work, eventually beginning a project called 386BSD designed to rewrite Unix so it could be used on a PC with Intel chips. After Berkeley stopped funding the effort, BSD split off in several directions.

Better than Linux? There is one significant difference between Linux and the flavors of BSD, according to BSDi spokesman Kevin Rose. Linux development is restrained by the so-called “copyleft” general public license (GPL). Any programmer who modifies the Linux kernel must make the source code available to the Linux community. BSD is not bound by the agreement – therefore, entrepreneurial-minded developers will stay away from Linux, he predicts.

Other BSD supporters make a quite different argument – it’s the frenetic pace of innovation by Linux developers that makes the OS hard to pin down and hard for companies to use on mission-critical hardware. BSD is a much more mature OS with far fewer updates, they say. All that makes FreeBSD user Matthew Fuller shrug at the religious argument.