| ▲ | znpy 2 hours ago | |||||||
I think de Raadt and OpenBSD are hugely overrated and some takes are as dumb as the one in the post. OpenBSD is only secure because because it does pretty much nothing and does it very slowly (its firewall just recently broke the 4gbps firewalling capabilty, for example) but somehow a cult has formed around it ¯\_(ツ)_/¯ | ||||||||
| ▲ | hylaride 32 minutes ago | parent | next [-] | |||||||
Counter-take: Linux is only secure because of OpenSSH. In all seriousness, the OpenBSD guys are very conservative with technology. The OpenBSD pf stack (as well as much of the kernel) isn't heavily threaded due to the risk of race conditions. They also (correctly) predicted a lot of the speculative CPU attacks by not supporting it by default. They've done a lot of security research and pioneered a lot of open source work around OS-level stack smashing technologies, like memory executable-space protection (W^X), early process privilege separation, memory space randomization, etc. Some of these features are not great for performance, but do help and have been adopted by other systems. You're basically arguing that an armoured car sucks because a Ferrari can smoke it on a race track. There are times you want a Ferrari and there are times you want a Brinks truck. | ||||||||
| ▲ | bawolff 2 hours ago | parent | prev [-] | |||||||
In fairness, minimizing surface area (doing nothing unless you need to) is security 101, so i hardly think that is a criticism. | ||||||||
| ||||||||