TweetFollow Us on Twitter

Sep 00 Viewpoint

Volume Number: 16 (2000)
Issue Number: 9
Column Tag: Viewpoint

Viewpoint

By John C. "Hsoi" Daub, Contributing Editor. Austin, Texas USA

What We Can Learn From OpenBSD

Like the whole of the Mac community, I am eagerly awaiting the arrival of Mac OS X. Not only will we have the best user experience of any operating system available today, but we'll finally have the muscle under the hood to go places the Mac has never been before. Coupled with hardware like the dual processor Power Mac G4 and the Power Mac G4 Cube, we're now ready to tackle the big server and business markets, right? Well, almost.

During a particular daily pilgrimage to the Slashdot website, I happened upon a few articles about OpenBSD. From the OpenBSD.org web site: "The OpenBSD project produces a free, multi-platform, 4.4BSD-based Unix-like operating system. Our efforts emphasize portability, standardization, correctness, proactive security, and integrated cryptography." The security aspect of OpenBSD is what sets it apart from other operating systems; the OpenBSD project aspires to be number one in the industry for security, if they're not already.

Secure by Default

Mac users have long boasted about the Mac OS's "security by default". When the U.S. Army's websites were cracked June 28, 1999, the Army responded by switching to Macs. Events like these allow Mac users to put a feather in their cap. The Mac OS isn't uncrackable, but lacking a command line and not being Windows nor Unix-like, many of the potential vulnerabilities of an operating system simply don't exist. But wait a minute! Doesn't Mac OS X have a command line? And what about the BSD layer and other Unix-isms present in Mac OS X? Hrm. Perhaps it's time for the Mac community to pay more attention to security issues. A good place to start, especially for us developers, is to take a cue from the OpenBSD project.

One aspect of OpenBSD's security stances is to be "secure by default". That means the operating system is shipped with all non-essential services disabled. As a user becomes more familiar with the system and desires to utilize more services, he or she will have to learn about the process and what needs to be enabled. Hopefully by going through this process, the user is more likely to learn about security issues. By educating a user in a safe and forgiving environment, not only does it lead to a smarter user, but hopefully helps him or her avoid learning about security the hard way.

Granted OpenBSD's target audience is different than Mac OS's, so it's likely what services the two operating systems would provide by default would be different as well. But by the same token, the target audience for the Mac OS is more likely to be less computer savvy than your typical OpenBSD user. With broadband Internet access growing exponentially and more and more people getting online (recall those iMac sales numbers), it becomes even more critical to the Mac user experience to provide a safe and secure environment right out of the box. Remember, according to that iMac commercial there are only three (well, two) easy steps to get on the Internet: plug in, get connected; there's no step three. Being a security expert is not one of the steps.

Improve Code Quality

How many times in the past few years have you heard about security problems due to "buffer overflow?" Ultimately it's just a "simple coding error," but how many of these errors could have been caught and fixed if greater emphasis was placed on quality of code instead of hacking in twenty new features and shipping before the end of the quarter? The potential cost of that simple error could be far greater than the costs involved in having a solid code review and auditing process in place.

The proactive code auditing process utilized by the OpenBSD project isn't as much about looking for security holes as it is looking for coding bugs. They simply perform an extensive analysis of every source file. If new problems are found, then previously audited code gets reviewed again with the new problems in mind. Auditing the code multiple times by multiple people helps to improve not only the security of the code, but also the overall quality of the code. It's a nice double-benefit.

I understand the realities of software development: budgets, marketing requirements, schedules running over, being severely understaffed. Unfortunately due to these realities, quality of code is often sacrificed, which results in less than optimal product quality. And if you ship a shoddy product too many times, people will stop buying your products and lose faith in your company. The OpenBSD project's focus on quality allows them to proclaim at the top of their website that it's been three years without a remote hole and two years without a local hole in the default install. That's the sort of quality consumers are starting to expect these days. Instead of making a fuss over how Mac OS X won't crash if one application crashes, why don't we just have applications that don't crash in the first place? We won't be able to hide behind our disclaimers and licensing agreements forever.

So What Can We Learn?

The Mac OS X public beta should be released by the time you read this. If Apple has already taken steps towards being secure by default, all the better! If not, it is a beta, so that means there's time to fix it. But this isn't just a call for Apple to do something; this is a call to you to rethink your assumptions and consider the implications that come with our new OS paradigm. Every line of code needs to be written and reviewed with security and quality in mind.

If we want Apple, and hence our own businesses, to grow and flourish in the server and business markets, we need to think different from all the other players in that field. Except perhaps the OpenBSD project; their stance on security and quality is where we need to start thinking the same.


John C. Daub spends his days working as a developer for Aladdin Systems, Inc., currently working on the StuffIt Deluxe team. John spends his nights as he always does: playing with his wife and kids. You can contact John at hsoi@hsoi.com.

Thanx to James Chamberlain, Carl Constantine, Ron Davis, and Jim & Mary Ellen Lee for their input; and to Jessica for being such a sweetie. :-)

 

Community Search:
MacTech Search:

Software Updates via MacUpdate

VirtualBox 5.0.2 - x86 virtualization so...
VirtualBox is a family of powerful x86 virtualization products for enterprise as well as home use. Not only is VirtualBox an extremely feature rich, high performance product for enterprise customers... Read more
djay Pro 1.2 - Transform your Mac into a...
djay Pro provides a complete toolkit for performing DJs. Its unique modern interface is built around a sophisticated integration with iTunes and Spotify, giving you instant access to millions of... Read more
Stacks 2.7.2 - New way to create pages i...
Stacks is a new way to create pages in RapidWeaver. It's a plugin designed to combine drag-and-drop simplicity with the power of fluid layout. Features Fluid Layout: Stacks lets you build pages... Read more
Vitamin-R 2.30 - Personal productivity t...
Vitamin-R creates the optimal conditions for your brain to work at its best by structuring your work into short bursts of distraction-free, highly focused activity alternating with opportunities for... Read more
HoudahSpot 4.0.10 - Advanced file-search...
HoudahSpot is a powerful yet accessible desktop search software. Use HoudahSpot to locate hard-to-find files and keep frequently used files within reach. HoudahSpot builds upon Spotlight, which comes... Read more
Mac DVDRipper Pro 5.0.6 - Copy, backup,...
Mac DVDRipper Pro is the DVD backup solution that lets you protect your DVDs from scratches, save your batteries by reading your movies from your hard disk, manage your collection with just a few... Read more
Logic Pro X 10.2 - Music creation and au...
Logic Pro X is the most advanced version of Logic ever. Sophisticated new tools for professional songwriting, editing, and mixing are built around a modern interface that's designed to get creative... Read more
VMware Fusion 8.0.0 - Run Windows apps a...
VMware Fusion 8 and Fusion 8 Pro--the latest versions of its virtualization software for running Windows on a Mac without rebooting--include full support for Windows 10, OS X El Capitan, and the... Read more
MYStuff Pro 2.0.21 - Create inventories...
MYStuff Pro is the most flexible way to create detail-rich inventories for your home or small business. Add items to MYStuff by dragging and dropping existing information, uploading new images, or... Read more
VueScan 9.5.23 - Scanner software with a...
VueScan is a scanning program that works with most high-quality flatbed and film scanners to produce scans that have excellent color fidelity and color balance. VueScan is easy to use, and has... Read more

Tiny Empire (Games)
Tiny Empire 1.1.3 Device: iOS Universal Category: Games Price: $2.99, Version: 1.1.3 (iTunes) Description: Launch cannonballs and blow tiny orcs into thousands of pieces in this intuitive fantasy-themed puzzle shooter! Embark on an... | Read more »
Astropad Mini (Productivity)
Astropad Mini 1.0 Device: iOS iPhone Category: Productivity Price: $4.99, Version: 1.0 (iTunes) Description: *** 50% off introductory price! ​*** Get the high-end experience of a Wacom tablet at a fraction of the price with Astropad... | Read more »
Emo Chorus (Music)
Emo Chorus 1.0.0 Device: iOS Universal Category: Music Price: $1.99, Version: 1.0.0 (iTunes) Description: Realistic Choir simulator ranging from simple Chorus emulation to full ensemble Choir with 128 members. ### introductory offer... | Read more »
Forest Spirit (Games)
Forest Spirit 1.0.5 Device: iOS Universal Category: Games Price: $2.99, Version: 1.0.5 (iTunes) Description: | Read more »
Ski Safari 2 (Games)
Ski Safari 2 1.0 Device: iOS Universal Category: Games Price: $1.99, Version: 1.0 (iTunes) Description: The world's most fantastical, fun, family-friendly skiing game is back and better than ever! Play as Sven's sister Evana, share... | Read more »
Lara Croft GO (Games)
Lara Croft GO 1.0.47768 Device: iOS Universal Category: Games Price: $4.99, Version: 1.0.47768 (iTunes) Description: Lara Croft GO is a turn based puzzle-adventure set in a long-forgotten world. Explore the ruins of an ancient... | Read more »
Whispering Willows (Games)
Whispering Willows 1.23 Device: iOS Universal Category: Games Price: $4.99, Version: 1.23 (iTunes) Description: **LAUNCH SALE 50% OFF** - Whispering Willows is on sale for 50% off ($4.99) until September 9th. | Read more »
Calvino Noir (Games)
Calvino Noir 1.1 Device: iOS iPhone Category: Games Price: $3.99, Version: 1.1 (iTunes) Description: The film noir stealth game. Calvino Noir is the exploratory, sneaking adventure through the 1930s European criminal underworld.... | Read more »
Angel Sword (Games)
Angel Sword 1.0 Device: iOS Universal Category: Games Price: $6.99, Version: 1.0 (iTunes) Description: Prepare to adventure in the most epic full scale multiplayer 3D RPG for mobile! Experience amazing detailed graphics in full HD.... | Read more »
infltr - Infinite Filters (Photography)
infltr - Infinite Filters 1.0 Device: iOS Universal Category: Photography Price: $1.99, Version: 1.0 (iTunes) Description: Say goodbye to the same old boring filters and filter life as you live it - in the moment. With infltr, you... | Read more »

Price Scanner via MacPrices.net

Worldwide Tablet Shipments Expected to Declin...
Does Apple badly need a touchscreen convertible/hybrid laptop MacBook? Yes, judging from a new market forecast from the International Data Corporation (IDC) Worldwide Quarterly Tablet Tracker, which... Read more
Continued PC Shipment Shrinkage Expected Thro...
Worldwide PC shipments are expected to fall by -8.7 percent in 2015 and not stabilize until 2017, according to the latest International Data Corporation (IDC) Worldwide Quarterly PC Tracker data. The... Read more
Imminent iPhone 6s Announcement Leads To 103%...
NextWorth Solutions, with its online and in-store electronics trade-in programs including http://NextWorth.com, reports that it has experienced a 103 percent surge in quoted trade-in values over the... Read more
Weekend Deal: 13-inch Retina MacBook Pros for...
Save up to $100 on the purchase of a new 2015 13″ Retina MacBook Pro at the following resellers this weekend. Shipping is free with each model: 2.7GHz/128GB MSRP $1299 2.7GHz/... Read more
The ‘Book Mystique Still Magic After All Thes...
This column has been called The ‘Book Mystique for what has been a 15 year run so far, and I have no interest in changing the name. The reference is to what I’ve observed is a the near magical... Read more
15-inch Retina MacBook Pros on sale for up to...
B&H Photo has 2015 15″ Retina MacBook Pros on sale for up to $184 off MSRP including free shipping plus NY sales tax only: - 15″ 2.2GHz Retina MacBook Pro: $1815 $184 off - 15″ 2.5GHz Retina... Read more
11-inch 128GB MacBook Air on sale for $799, s...
Adorama has the 11″ 1.6GHz/128GB MacBook Air on sale for $799.99 including free shipping plus NY & NJ sales tax only. Their price is $100 off MSRP, and it’s the lowest price available for this... Read more
Apple Unlikely To Gain Market Share From Andr...
According to a new mobile phone forecast from the International Data Corporation (IDC) Worldwide Quarterly Mobile Phone Tracker, smartphone shipments are expected to grow 10.4% in 2015 to 1.44... Read more
Save up to $600 with Apple refurbished Mac Pr...
The Apple Store has Apple Certified Refurbished Mac Pros available for up to $600 off the cost of new models. An Apple one-year warranty is included with each Mac Pro, and shipping is free. The... Read more
Kainos Platform Helps Healthcare Organization...
UK-based provider of IT services Kainos Group plc (Kainos) has announced the launch of its Kainos Evolve Mobile-Enabled Healthcare platform, which is designed to give healthcare providers and... Read more

Jobs Board

*Apple* Retail - Multiple Positions (US) - A...
Sales Specialist - Retail Customer Service and Sales Transform Apple Store visitors into loyal Apple customers. When customers enter the store, you're also the Read more
Software QA Engineer, *Apple* Pay Security...
Changing the world is all in a day039s work at Apple . If you love innovation, here039s your chance to make a career of it. You039ll work hard. But the job comes with Read more
*Apple* Retail - Multiple Positions (US) - A...
Sales Specialist - Retail Customer Service and Sales Transform Apple Store visitors into loyal Apple customers. When customers enter the store, you're also the Read more
*Apple* Solutions Consultant - Retail Sales...
**Job Summary** As an Apple Solutions Consultant (ASC) you are the link between our customers and our products. Your role is to drive the Apple business in a retail Read more
*Apple* Solutions Consultant - Retail Sales...
**Job Summary** As an Apple Solutions Consultant (ASC) you are the link between our customers and our products. Your role is to drive the Apple business in a retail Read more
All contents are Copyright 1984-2011 by Xplain Corporation. All rights reserved. Theme designed by Icreon.