What are some advantages for me to migrate a Linux server to *BSD?
Charles Perez
First for HardenedBSD
Luke Perez
Lipstick on a pig. Adding ASLR doesn't make up for 25 years of ignoring good coding practices in favor of muh performance and muh enterprise.
Liam Campbell
A lot of it will be similar, just a different firewall/package manager/etc.
OpenBSD really cares about security, FreeBSD has ZFS.
Linux (the kernel devs especially) don't really care about security. A security bug is just a regular bug to them.
GNU's code is usually bloated in comparison to BSDs' versions. Check the examples online for the "echo" and "yes" commands for a pretty realistic view of what I mean.
Joseph Baker
FreeBSD ASLR doesn't even work on x64.
Tyler Morgan
bsd is good
Julian Bennett
I like DragonflyBSD because the devs dont seem stuck in the past
Lincoln Hill
I just installed freebsd in my laptop to see if it werks.
>openbsd >lack of MAC because NIH, and if you really think it's a bad thing, you're fucking retarded >awful randomization of memory, but look, muh aslr >non strict w^x >pledge is a system call wrapper vulnerable to many exploits (and no, i am not referring to the fact that it's not an actual sandbox) >ancient filesystem >tweaks in the kernel to starve a NIC that's too fast of buffers >wat is SMP >wat is NUMA >wat is observability >wat is auditing
If you unironically use OpenBSD because it's "secure" or somehow "good", I'm really worried for the world. Mind you, there is no OS that gets everything right, but OpenBSD gets far too much wrong
Jack Cruz
i don't understand, wasn't openbsd the first to fully implement ipv6?
>literally none of it is backed as expected, i like how you think the guy who posted this uses openbsd though, proves how insecure freebsdfags are
Dylan Cooper
Literally proofs of this are in various scientific papers, also nice job assuming I'm using FreeBSD and that the person who wrote this isn't blackflow who doesn't do jack shit other than sit on his OpenBSD machine, watch anime and shitpost here
Aiden Moore
>the .txt file literally shits on freebsd's security and has actual PROOF and was influential enough to get the freebsd team to put some shit in their installers >gets buttmad about it >n-no! i don't use freebsd! also >scientific papers literally where you dumb nigger
Easton Rivera
Then what do you suggest?
Noah Thomas
Exploiting concurrency vulnerabilities in system call wrappers. Broke OpenBSD once, still breaks it since pledge is the same dogshit. But hey, I'm sure that access control is insecure ;).
As I said, not a single OS gets everything right, and FreeBSD definitely isn't one, it lacks just about every exploit mitigation out there, which is terrible. But hey, just thought you should know that OpenBSD is not any better, and in fact, I'd argue worse when a port is installed since you can't confine it.
Evan Gray
I honestly suggest running what fits your usecase best and ignore the fanboys spreading shit everywhere while being uninformed. If that's OpenBSD, run OpenBSD, that kind of thing.
Carson Murphy
yeah, ok so that's one and without evidence again
and i'm sure you create jails for every single program you install, that's practical and can't go wrong in any way
Colton Murphy
Is BSD viable as a desktop OS?
Isaiah Gonzalez
Add to the fact that literally nobody uses any of the OpenBSD forks of software, all maintained by them (because they're obviously smarter than everyone else). Of course, you're told it's more secure... By them. In reality, nobody gives a shit about OpenBSD and nobody uses that software except for OpenSSH, which, i have to say, is good. But hey, the OpenBSD folks are the first to jump to other people's problems, without addressing their own
Ayden Moore
yeah i guess i'll just go back to using screen then
Mason Green
Jesus fucking Christ why are you such a fanboy? FreeBSD isn't secure. Linux isn't secure, neither is OpenBSD. Stop fucking shilling like a braindead hamster and help improve the security of today's systems instead of giving people the illusion that everything is okay.
Adam Bailey
lol where did i claim that openbsd was flawless
>Only two remote holes in the default install, in a heck of a long time!
that's their slogan for fuck's sake, even they know it's not perfect
Cooper Phillips
Oh they do, I know them personally, but they do give out the illusion to everyone else that they're somehow superior. That's the fucking problem. It spreads through the internet with random fanboys and ends up hurting security overall. I'm gonna pop off here because it's really fucking late where I'm at though.
Dominic Davis
>stop liking what i done like just shut up already you double faggot ass nigger
Ayden Turner
...
Isaiah Morris
>If you unironically use OpenBSD because it's "secure" or somehow "good" It does what I want it to better than the rest and what it doesn't do or doesn't do well I couldn't give less of a shit about.
Yes
>tmux >OpenSSH >pf >mg >OpenNTPD >OpenIKED >sudo All OpenBSD projects or at least projects by OpenBSD devs.
Levi Howard
if you don't see the value in unix you're not going to appreciate OpenBSD.
Nathan Hall
It's mine. I mostly program, listen to music, etcetera, though. Depends on what you want a desktop for.
Caleb Sanders
...
Joseph Butler
I have it on my older desktop. Works pretty good with Linux compat and WINE for nonfree games. It can be a chore to setup akin to Linux before Ubuntu came along but I'm kind of annoyed with Linux systems being such bitches for syndromeD.
Grayson Peterson
OpenBSD's own team highlight most of their flaws and thanks to the system design most flaws are academic at best. If you want to moan about NIH how about how glibc refuses to pick up strlcpy, or how everyone dragged their feet with NX and ASLR, still a broken mess on FreeBSD.. How about how it took Ubuntu to bring privsep to Linux years after OpenBSD lead the way? How about how a simple, portable, real-world mitigation like pledge gets shouted down by autistic neckbeards and their simpleton understanding of defence-in-depth? Fuck you cancer.
Cameron Morris
Is ksh good enough? I'm not too concerned about scripting--I know that it shares a lot of the same functionality as bash--but I'd like to know if it be modified so as to display the path I'm in, as well as display directories, executable files, & c. in different colors so that it's easier to tell what's what.
Aiden Allen
Colorisation is a ls thing, not a shell thing. But yes, any shell can tell you what directory you're in.
Overwrought theatrics, lot of good it did for Windaids. The only thing that makes a difference is fixing the source. strlcat is cheap, and now so is pledge.
Evan Clark
The main problem still stands, userland is insecure on *nix. As with software even the forks that are ought to be more secure still has new vulns like LibreSSL. Pledge is nice but still gonna take you years to fix important software. For OpenBSD it would be good to switch to Clang and use safestack & cfi and a RBAC would be gold to have.
Josiah Richardson
Insecure userland? I challenge you to gain root from user on OpenBSD. I posit you'll get a core dump at best.
Kayden Thompson
yes userland that runs all shitty software. There are tons of vulns in software to find unless there is cfi you can use ROP to do pretty much what you want.
Jacob Flores
and i don't say default installation, let's say libreoffice, some music player, web browsers, pdf software, email client and so on.
Joshua Wood
If you have dbus or consolekit on your system it's already insecure because it can do all sorts of weird stuff.
Ian Evans
Sure whatever bud, let's see you elevate to root with libreoffice on OBSD.
Benjamin Adams
It isn't all that different from any other OS, that is how exploitation works. Sure you have ASLR but you can still bruteforce or use ROP. I wonder if anyone is fuzzing openbsd syscalls since there are always bugs there in any OS.
Luis Rivera
>bloated Wouldn't really use that word there. Gnu yes is really faster than the OpenBSD one and about the same size. It's harder to read and absurdly optimized (when do you need 10 GiB/s yes?) and those are legit criticisms, but let's try and have "bloat" actually mean something.
Other GNU tools are often also bloated, though.
Ryan Stewart
>rbac >safestack
I don't believe you understand the OpenBSD methodology: KISS. Adding complexity just makes configuration harder leading to errors and then exploits.
I can fire up a browser as a different user what difference would RBAC make? Safestack? You fucking idiot you don't know what you're talking about do you?
Justin Rodriguez
Talk is cheap, let's see you do it.
Brayden Harris
>overwrought theatrics please tell me how to defeat grsecurity's RAP, enlightened memelord
Hunter Gonzalez
Does anyone know how to put an autoinstall file in a obsd cd.iso without compiling the entire thing from source?
RBAC basically would prevent that browser or user to even escalate to root or do other nasty stuff. Sure you need to configure it but it isn't that hard.
Vulns are common in operating systems, there are many ways to do things with them.
Henry Howard
Spoonfeed me on PF.
Mason Smith
Could you eloborate?
I'd preferably deploy to vultr. They have ipxe support through their API so that could work. But I don't have DHCP access so I don't see how I can "host" an autoinstall file
Nicholas Gomez
(you)
Joshua Fisher
>can't find better arguments than shitty memes.
Michael Lewis
Awesome. I used a Carp HA PF setup for a production firewall at a medium site. It was simple to build very complex rulesets that were readable. Table files make life easy and source tagging allows for some strong failsafes. Overall less prone to human error, would recommend over any other.
I have run very large sites with Linux Netfilter, and smaller sites with Solaris IPF. There's no comparison for ease of use.
Isaiah Lewis
> GNU's code is usually bloated That's a strange way to say "has more features and performs better".
Nathan Perry
Oh VPS? Dunno dude more trouble than it's worth just build your own iso, I think it's that big a deal.