Hacker News new | ask | show | jobs
by chowells 304 days ago
Um... This conversation is about OpenBSD, making that objection incredibly funny. OpenBSD has a mostly-deserved reputation for doing the correct security thing first, in all cases.

But that's also why the rng stuff was so much faster. There was a long period of time where the Linux dev in charge of randomness believed a lot of voodoo instead of actual security practices, and chose nonsense slow systems instead of well-researched fast ones. Linux has finally moved into the modern era, but there was a long period where the randomness features were far inferior to systems built by people with a security background.
1 comments
tptacek 304 days ago
OpenBSD isn't meaningfully more secure than Linux. It probably was 20 years ago. Today it's more accurate to say that Linux and OpenBSD have pursued different security strategies --- there are meaningful differences, but they aren't on a simple one-dimensional spectrum of "good" to "bad".

(I was involved, somewhat peripherally, in OpenBSD security during the era of the big OpenBSD Security Audit).

link
sugarpimpdorsey 304 days ago
Haven't they had some embarrassing RCEs in the not too distant past? It kind of calls into question the significance of that claim about holes "in the default install" - even Windows ships without any services exposed these days.

Ultimately, they suffer from a lack of developer resources.

Which is a shame because it's a wonderfully integrated system (as opposed to the tattered quilt that is every Linux distro). But I suspect it's the project leadership that keeps more people away.

link
user3939382 304 days ago
I’ve found the OpenBSD community to have a bad/snobbish attitude which could just be a coincidence, no idea. I’ve always liked NetBSD which I never had that problem with.
link
extraisland 304 days ago
My experience is that they expect you to read the docs and ask smart questions. Most of everything is in the documentations, READMEs etc.
link
user3939382 303 days ago
Yeah read the docs like their years of invalidated articles, howtos, published books, and more when they decided to make bc breaks in pf.conf for anyone who trusted them to make a firewall that could be upgraded without a site visit.
link
sgarland 304 days ago
The horror.

/s

link
kaskjdhaas 304 days ago
I remember a discussion with an OpenBSD developer whose answer to the lack of a journaling file system was to simply have a UPS, like any normal computer user should have (there are hobby operating systems with journaling FS, but due to the antique development model, OpenBSD developers can't do significant work like a new file system).
link
anthk 304 days ago
They could port WAPBL from NetBSD in no time.
link