|
|
|
|
|
|
by crest
1406 days ago
|
|
|
Even as a FreeBSD "fan" I have to admit that there are some valid points in his rant e.g. the threaded AES-CTR did introduce a slightly larger attack surface to bugs hidden by OpenSSH opting to use only processes. I still preferred filling my multi-Gb/s pipes with backups for an hour or two every night instead of having replication take most of the day at ~300Mb/s. I need backups to be replicated nightly off-site before the start of business. The largest single backup job alone would have been too slow to finish in time after a busy day over unpatched SSH. I needed a tool that's fast enough to finish transfers in the available time window. Had FreeBSD shipped an unpatched SSH I would've had to implement most of its core features in something else instead of running a multi-threaded implementation of the same symmetric ciphers. |
|
|