Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
Worf a day ago

There's almost nothing written about Haiku's security [0]. Am I missing something?

I also don't understand this:

> Our infrastructure contains sensitive personal user data, and we aggressively keep this information private on a need-to-know basis at all times.

What do they mean by "infrastructure" here? Do they mean each installation or their site, bug tracker and so on (the usual interpretation of "infrastructure")? Why would it contain sensitive personal data?

From the FAQ and about pages I gathered that Haiku is just supposed to be simpler, more uniform in design/vision and less bloated than Linux, but nothing specific about why anyone should choose it. If I'm happy with my Linux DE and so on, why would I choose Haiku?

[0] https://www.haiku-os.org/about/security

waddlesplash 21 hours ago | parent [-]

(Haiku developer here.)

> Am I missing something?

Haiku's not nearly as well-tested for security as most other OSes. We have a lot of the basic features (ASLR, NX bit, safety checks for kernel/userland data copies, some use-after-free detection in malloc, etc.) but things haven't been seriously audited or pentested the way other OSes are. We fix security bugs when they get found, but not too many people are looking for them that I know of.

> What do they mean by "infrastructure" here?

The web/internet infrastructure: software depot (has accounts for people to post ratings/reviews), forums, bug tracker, code review, etc. And it contains all the usual "sensitive personal data": IP addresses, email addresses, some private communications, and so on.

> If I'm happy with my Linux DE and so on, why would I choose Haiku?

Well, I guess the question is, are you really happy with your Linux DE? Because every time I've run desktop Linux, I have to spend what feels like 5-10% (or sometimes more) of my time fixing things that randomly break, or otherwise don't do or behave the way they're expected to, usually by finding some obscure configuration file and changing some random option.

On Haiku, since the system is designed and developed by one team, it all goes together in a way that Linux DEs can't really achieve. The downside is that, of course, we can't reuse much of the Linux's work (we have lots of Linux software ports, but the base system is all us), so we have a lot more to do than your average Linux distro, and so we're quite a ways from general feature parity with the Linux desktop (but the gap does decrease year over year, at least in some areas...)