TweetFollow Us on Twitter

Sep 00 Viewpoint

Volume Number: 16 (2000)
Issue Number: 9
Column Tag: Viewpoint

Viewpoint

By John C. "Hsoi" Daub, Contributing Editor. Austin, Texas USA

What We Can Learn From OpenBSD

Like the whole of the Mac community, I am eagerly awaiting the arrival of Mac OS X. Not only will we have the best user experience of any operating system available today, but we'll finally have the muscle under the hood to go places the Mac has never been before. Coupled with hardware like the dual processor Power Mac G4 and the Power Mac G4 Cube, we're now ready to tackle the big server and business markets, right? Well, almost.

During a particular daily pilgrimage to the Slashdot website, I happened upon a few articles about OpenBSD. From the OpenBSD.org web site: "The OpenBSD project produces a free, multi-platform, 4.4BSD-based Unix-like operating system. Our efforts emphasize portability, standardization, correctness, proactive security, and integrated cryptography." The security aspect of OpenBSD is what sets it apart from other operating systems; the OpenBSD project aspires to be number one in the industry for security, if they're not already.

Secure by Default

Mac users have long boasted about the Mac OS's "security by default". When the U.S. Army's websites were cracked June 28, 1999, the Army responded by switching to Macs. Events like these allow Mac users to put a feather in their cap. The Mac OS isn't uncrackable, but lacking a command line and not being Windows nor Unix-like, many of the potential vulnerabilities of an operating system simply don't exist. But wait a minute! Doesn't Mac OS X have a command line? And what about the BSD layer and other Unix-isms present in Mac OS X? Hrm. Perhaps it's time for the Mac community to pay more attention to security issues. A good place to start, especially for us developers, is to take a cue from the OpenBSD project.

One aspect of OpenBSD's security stances is to be "secure by default". That means the operating system is shipped with all non-essential services disabled. As a user becomes more familiar with the system and desires to utilize more services, he or she will have to learn about the process and what needs to be enabled. Hopefully by going through this process, the user is more likely to learn about security issues. By educating a user in a safe and forgiving environment, not only does it lead to a smarter user, but hopefully helps him or her avoid learning about security the hard way.

Granted OpenBSD's target audience is different than Mac OS's, so it's likely what services the two operating systems would provide by default would be different as well. But by the same token, the target audience for the Mac OS is more likely to be less computer savvy than your typical OpenBSD user. With broadband Internet access growing exponentially and more and more people getting online (recall those iMac sales numbers), it becomes even more critical to the Mac user experience to provide a safe and secure environment right out of the box. Remember, according to that iMac commercial there are only three (well, two) easy steps to get on the Internet: plug in, get connected; there's no step three. Being a security expert is not one of the steps.

Improve Code Quality

How many times in the past few years have you heard about security problems due to "buffer overflow?" Ultimately it's just a "simple coding error," but how many of these errors could have been caught and fixed if greater emphasis was placed on quality of code instead of hacking in twenty new features and shipping before the end of the quarter? The potential cost of that simple error could be far greater than the costs involved in having a solid code review and auditing process in place.

The proactive code auditing process utilized by the OpenBSD project isn't as much about looking for security holes as it is looking for coding bugs. They simply perform an extensive analysis of every source file. If new problems are found, then previously audited code gets reviewed again with the new problems in mind. Auditing the code multiple times by multiple people helps to improve not only the security of the code, but also the overall quality of the code. It's a nice double-benefit.

I understand the realities of software development: budgets, marketing requirements, schedules running over, being severely understaffed. Unfortunately due to these realities, quality of code is often sacrificed, which results in less than optimal product quality. And if you ship a shoddy product too many times, people will stop buying your products and lose faith in your company. The OpenBSD project's focus on quality allows them to proclaim at the top of their website that it's been three years without a remote hole and two years without a local hole in the default install. That's the sort of quality consumers are starting to expect these days. Instead of making a fuss over how Mac OS X won't crash if one application crashes, why don't we just have applications that don't crash in the first place? We won't be able to hide behind our disclaimers and licensing agreements forever.

So What Can We Learn?

The Mac OS X public beta should be released by the time you read this. If Apple has already taken steps towards being secure by default, all the better! If not, it is a beta, so that means there's time to fix it. But this isn't just a call for Apple to do something; this is a call to you to rethink your assumptions and consider the implications that come with our new OS paradigm. Every line of code needs to be written and reviewed with security and quality in mind.

If we want Apple, and hence our own businesses, to grow and flourish in the server and business markets, we need to think different from all the other players in that field. Except perhaps the OpenBSD project; their stance on security and quality is where we need to start thinking the same.

John C. Daub spends his days working as a developer for Aladdin Systems, Inc., currently working on the StuffIt Deluxe team. John spends his nights as he always does: playing with his wife and kids. You can contact John at hsoi@hsoi.com.

Thanx to James Chamberlain, Carl Constantine, Ron Davis, and Jim & Mary Ellen Lee for their input; and to Jessica for being such a sweetie. :-)

 

Community Search:
MacTech Search:

Software Updates via MacUpdate

Pinegrow 6.23 - Mockup and design web pa...
Pinegrow (was Pinegrow Web Designer) is desktop app that lets you mockup and design webpages faster with multi-page editing, CSS and LESS styling, and smart components for Bootstrap, Foundation,... Read more
WhatsApp 2.2149.4 - Desktop client for W...
WhatsApp is the desktop client for WhatsApp Messenger, a cross-platform mobile messaging app which allows you to exchange messages without having to pay for SMS. WhatsApp Messenger is available for... Read more
Microsoft Remote Desktop 10.7.4 - Connec...
Microsoft Remote Desktop for Mac is an application that allows connecting to virtual apps or another PC remotely. Discover the power of Windows with Remote Desktop designed to help you manage your... Read more
ffWorks 2.6.7 - Convert multimedia files...
ffWorks, focused on simplicity, brings a fresh approach to the use of FFmpeg, allowing you to create ultra-high-quality movies without the need to write a single line of code on the command-line.... Read more
Opera 82.0.4227.58 - High-performance We...
Opera is a fast and secure browser trusted by millions of users. With the intuitive interface, Speed Dial and visual bookmarks for organizing favorite sites, news feature with fresh, relevant content... Read more
Day One 6.15 - Maintain a daily journal.
Day One is an easy, great-looking way to use a journal / diary / text-logging application. Day One is well designed and extremely focused to encourage you to write more through quick Menu Bar entry,... Read more
Default Folder X 5.6.3 - Enhances Open a...
Default Folder X attaches a toolbar to the right side of the Open and Save dialogs in any OS X-native application. The toolbar gives you fast access to various folders and commands. You just click on... Read more
OmniOutliner Pro 5.9.2 - Pro version of...
OmniOutliner Pro is a flexible program for creating, collecting, and organizing information. Give your creativity a kick start by using an application that's actually designed to help you think. It's... Read more
OmniOutliner Essentials 5.9.2 - Organize...
OmniOutliner Essentials (was OmniOutliner) is a flexible program for creating, collecting, and organizing information. Give your creativity a kick start by using an application that's actually... Read more
QuickBooks 19.0.11.984 - Financial manag...
QuickBooks helps you manage your business easily and efficiently. Organize your finances all in one place, track money going in and out of your business, and spot areas where you can save. Built for... Read more
 

Latest Forum Discussions

See All

The Best Wordle Clone in Town – The Touc...
In this week’s episode of The TouchArcade Show we dig into the drama of the moment which is the cloning and subsequent gloating about the cloning of the lovely little free word game Wordle. This leads into some additional drama about how PUGB Mobile... | Read more »
TouchArcade Game of the Week: ‘Cards Inf...
There’s nothing I love more than a perfect mobile game. What do I mean by that? Well, no game is actually perfect, but there’s something special about a game you know you can just whip out at a moment’s notice and dive into, and you know it will... | Read more »
‘Micro RPG’ Bringing Streamlined RPG Goo...
Originally announced on our forums more than 3 years ago, Micro RPG is an upcoming mobile game from a two-person studio that goes by the name JoliYeti Games and, as the title implies, it looks to offer all the fun of an RPG but in a more condensed... | Read more »
SwitchArcade Round-Up: ‘Kensei: The Seco...
Hello gentle readers, and welcome to the SwitchArcade Round-Up for January 14th, 2022. Yesterday was a big day, but today shows that we’re still warming up the engines for this year. There are a handful of new releases, but nothing nearly as... | Read more »
Mobile MMORPG Shooter ‘Avatar: Reckoning...
Archosaur Games, Tencent, Lightstorm Entertainment, and Disney have just revealed a mobile MMORPG shooter Avatar: Reckoning. Avatar: Reckoning will be published by Level Infinite when it hits iOS and Android. It is an official Avatar game developed... | Read more »
‘Crashlands+’ Is Out Now on Apple Arcade...
The brilliant Crashlands from Butterscotch Shenanigans was confirmed to arrive on Apple Arcade as an App Store Great in the form of Crashlands+ () a little while ago and it has just released worldwide. If it isn’t live yet, it should roll out in... | Read more »
SwitchArcade Round-Up: ‘Eschatos’, ‘To B...
Hello gentle readers, and welcome to the SwitchArcade Round-Up for January 13th, 2022. It’s a Thursday, and we’ve got a pretty hefty bag of new releases to dig into. There are always some fun surprises, and this week that came in the form of SNK Vs... | Read more »
‘Crush the Castle Legacy Collection’ Lau...
Ever since Angry Birds broke into the mainstream and became a household name more than a decade ago, there’s always been a small niche of people on the sidelines who would pipe up to remind everybody that “Crush the Castle did it first!" Indeed, the... | Read more »
Non-Violent Stealth Game ‘El Hijo – A Wi...
Over a year ago, Handy Games brought the non-violent stealth game El Hijo – A Wild West Tale to Switch, PS4, Xbox, PC, and Stadia. El Hijo – A Wild West Tale has been developed by Honig Studios and Quantumfrog. You play as El Hijo, a six year old,... | Read more »
‘ZED BLADE’ from SNK and Hamster Is Out...
After a bit of a break likely due to the holiday season, we’ve gotten a new title in the ACA NeoGeo series on iOS and Android. SNK and Hamster originally brought the series to mobile with Samurai Shodown IV, Alpha Mission II, and Metal Slug 5.... | Read more »
See All

Price Scanner via MacPrices.net

Get an Apple Watch Series 7 for $50 off MSRP,...
Amazon has Apple Watch Series 7 models on sale for $50 off MSRP including free shipping. Their prices are the lowest available for Apple Watch Series 7 models today: – 41mm Apple Watch Series 7 GPS... Read more
Here are the details of Apple’s 2022 Educatio...
Need a new Apple Mac or iPad for school? Whether you’re a student, teacher, or staff member, you can use your .edu email address when ordering at Apple Education to take up to $400 off the price of a... Read more
Amazon is blowing out 2020 21″ iMacs for only...
Amazon has clearance 2020 21″ iMacs (2.3GHz Dual-Core i5, 8GB RAM, 256GB SSD) on sale right now for $599.99 including free shipping. Original MSRP for this model was $1099. Amazon expects delivery in... Read more
Find the best deal on an Apple MacBook using...
In the market for a new 13″ MacBook Air, 13″ MacBook Pro, 14″ MacBook Pro, or 16″ MacBook Pro with M1, M1 Pro, or M1 Max Apple Silicon? Use our Apple award-winning and exclusive price trackers to... Read more
Red Pocket Mobile is offering the Apple iPhon...
Switch to Red Pocket Mobile and get an Apple iPhone 13 Pro for $50 off MSRP, plus get free 6 months of Unlimited nationwide 5G service with the purchase of any iPhone 13. Red Pocket Mobile is a... Read more
24″ M1 iMacs on sale for $1249, $50 off Apple...
Amazon has base 24″ M1 iMacs (8-Core CPU/7-Core GPU/8GB RAM/256GB SSD) on sale today for $1249 shipped. Their price is $50 off Apple’s MSRP, and it’s the lowest price available for a new 24″ M1 iMac... Read more
Open-Box 16″ M1 Pro MacBook Pros available fo...
QuickShip Electronics has open-box return 16″ M1 Pro MacBook Pros in stock and on sale for $200-$300 off MSRP on their eBay store right now with free express delivery. According to QuickShip, “The... Read more
Stock Alert! Order a new 16″ M1 Pro MacBook P...
New 16″ MacBook Pros with Apple’s M1 Pro and M1 Max CPUs have been very hard to find, largely due to current global supply constraints. However, B&H Photo is reporting stock of Space Gray... Read more
Apple has maxed-out 13″ M1 MacBook Airs (16GB...
Save $250 on maxed-out 13″ M1 MacBook Airs today at Apple (16GB RAM/1TB SSD) with Certified Refurbished models available for $1399 in Space Gray and Gold colors. Regular price for this configuration... Read more
New promo at Xfinity Mobile: $400 off any App...
Xfinity Mobile is offering any new Apple iPhone for $400 off MSRP for new customers. This includes the iPhone 13. Price for the phone, including the discount, is spread monthly over a 24 month term... Read more
 

Jobs Board

Registered Nurse (RN) Employee Health PSJH -...
…is calling for a Registered Nurse (RN) Employee Health PSJH to our location in Apple Valley, CA.** We are seeking a Registered Nurse (RN) Employee Health PSJH to be Read more
Systems Administrator - Pearson (United State...
…and troubleshoot Windows operating systems (workstation and server), laptop computers, Apple iPads, Chromebooks and printers** + **Administer and troubleshoot all Read more
IT Assistant Level 1- IT Desktop Support Anal...
…providing tier-1 or better IT help desk support in a large Windows and Apple environment * Experience using IT Service Desk Management Software * Knowledge of IT Read more
Human Resources Business Partner PSJH - Provi...
…**is calling a** **Human Resources Business Partner, PSJH** **to our location in Apple Valley, CA.** **Applicants that meet qualifications will receive a text with Read more
Manager Community Health Investment Programs...
…is calling a Manager Community Health Investment Programs PSJH to our location in Apple Valley, CA.** **Qualified candidates will be invited to do a self-paced video Read more

  • Generate a short URL for this page:



All contents are Copyright 1984-2011 by Xplain Corporation. All rights reserved. Theme designed by Icreon.