|
|
|
|
|
|
by DyslexicAtheist
844 days ago
|
|
|
not sure if it's possible to make a comparison between Linux / OpenBSD. Maybe only time this problem presents itself is when one is asked to design the hardware+OS for a network appliance. Linux, as it stands in terms of security, is an absolute joke. Historically we have Torvalds calling every security conscious user a master-debating monkey. And even more recently (few days ago) we got the LKML / CVE process debate - under which logic anything could technically become a security bug so we should drown ourselves in CVE because it isn't our job to think about whether something might be security relevant. This seems like a bad-faith argument from the Linux community - and I hope they lose it. Docker ... is really just a bit of glorified buggy networking around namespaces/cgroups. I still remember the days when the docker documentation asked users to curl random sh&it into | sudo bash while talking about the security-benefits totally without blushing. Dockerhub has always been the petridish of choice for malware across critical infra and supply-chain attackers. Yet the community pretends Linux security is great while Windows security is terrible. That old meme was true 20 years ago. Today even Microsoft as shit as they are are miles ahead in terms of Linux security. Linux is great in embedded domains because here nobody cares about security. What is left then is cloud infra which security-wise is a joke as we all know. BSD understands that complexity is the enemy of security. And Linux essentially offloads any responsibility for the mess they create to the users. This is also because Linux still considers itself as just the Kernel. BSD has more control and is able to keep the entire system logically coherent (and secure). Linux security in comparison is best described by Grugq's slide nr. #35 of his "COMSEC beyond encryption" talk: https://grugq.github.io/presentations/COMSEC%20beyond%20encr... |
|
|