Is OpenBSD the most secure "by default" operative system available to the public ?

>kms-drm
openbsd does the same thing...
github.com/openbsd/src/tree/master/sys/dev/pci/drm/i915

FreeBSD is pointless. Everything has already been done in OpenBSD.

OpenBSD is a meme
>Filesystem
default FS doesn't even support SSD TRIM, and I don't think OpenBSD supports anything modern like ZFS or BTRFS.
>Security
"Only two remote holes in the default install!!!!!!!"
Yay!
I hope you realize that this literally only applies to a base system install with absolutely no packages added. In other words, not exactly representative or meaningful towards... anything really
>Sustainability
A few years ago, OpenBSD was actually in danger of shutting down because they couldn't keep the fucking lights on. How could anyone see this as a system they could rely on, when it could be in danger of ending at any time?
>Standards-compliance
"B-But OpenBSD is written in strictly standards-compliant C! Clearly that's better than muh GNU virus!"
So you're not allowed to create extensions to the standard? You should only implement the standard and nothing more? Keep in mind that this is nothing like EEE, as the GNU extensions are Free Software, with freely available source code, as opposed to proprietary shite. People should be allowed to innovate and improve things.
If you're gonna be anal about standards-compliance, then why let people make their own implementations anyway? Why not have the standards organizations make one C implementation and force everyone to use it?

>FreeBSD is pointless
>at least 10x more successful than OpenBSD

STOP SHILLING THIS SHIT!

Are you the meme guy that gets butt mad every time an OpenBSD thread appears on Jow Forums and regurgitates the same old horse shit?

He is, just look at the reply/unique IP counter before this guy replied it was 10/10. After he streak of samefag posts it was 14/11.

The faggot who complains about "shilling" (people discussin software he doesn't like) IS the one who acts like shill posting the same garbage every time.

Attached: 54354353434.png (844x846, 122K)

dunno what you mean
pic related is not me.

>A few years ago, OpenBSD was actually in danger of shutting down because they couldn't keep the fucking lights on. How could anyone see this as a system they could rely on, when it could be in danger of ending at any time?
they seem to have resolved that by now
openbsdfoundation.org/campaign2014.html
openbsdfoundation.org/campaign2015.html
openbsdfoundation.org/campaign2016.html
openbsdfoundation.org/campaign2017.html

Ubuntu has excellent security. Look it up.

>A few years ago, OpenBSD was actually in danger of shutting down because they couldn't keep the fucking lights on. How could anyone see this as a system they could rely on, when it could be in danger of ending at any time?

they've had 6 month releases since 1996 fag

>It runs better on my Thinkpad X260 than FreeBSD does.
That's not saying much is it.

>i also recall openbsd didn't enable aslr by default until recently
u recall retardedly. OpenBSD was one of the first OSes to even implement ASLR, and they've long moved beyond that:
openbsd.org/papers/ru13-deraadt/

openbsd.org/security.html

openbsd.org/papers/pruning.html

I agree Ubuntu has done a lot for Linux security in a real, practical sense. Things like enforcing sudo, putting bounties on privsep services taking a cue from OpenBSD, apparmoring common applications, and testing integration interactions. Also UFW made it a lot easier to manage iptables. Ubuntu doesn't get the credit they deserve.

Often see buttranged tryhards try and pick holes in OpenBSD but I've yet to see any real proofs that could be considered more than errata.

Qubes 4.0 better solution.

Just like everything else - by isolation. Even if you have the most
vulnerable init system in the world, Qubes it trying to not let any
untrusted data reach it. Of course if you have buggy software in a VM,
it increase the risk for this VM for being attacked, but only that VM.
In case of systemd you'll say that every VM have it, right. But it isn't
directly exposed to the external world (perhaps with an exception for
netvm). And if someone will manage to run a command in your VM, it is
already game over - for that VM, only! Regardless you have systemd or
not.

>t. FeministBSD core team
give it up benno, just admit that stupid CoC killed your project.

Attached: file.png (603x619, 75K)

How can you be successful without virtual hugs?

Overly complex theatrics which can be attained by running certain apps in a VM. You can largely achieve the same just by running as a different user.

>entire security model BTFO'd by meltdown+specter

Attached: file.jpg (480x473, 18K)

>base system install

Base includes a lot of services which you would put on the raw internet and even if you didn't use them directly, you could justify putting in as a bastion or proxy. CARP, relayd/httpd makes for a secure and powerful webhead.

Yes I trust Theo, he has shown to be a man of good morals and judgement, just like RMS. These two men have made the world a much better place and if you don't agree, it's because you're either a wincuck pajeet or a spoiled kid who doesn't remember how things were.

>>t. FeministBSD core team
>give it up benno, just admit that stupid CoC killed your project.
FreeBSD project was doomed from v5.0, core elections are just for the looks. Now be a good boy and contribute your free time so that selective few could get a nice bonus this year again.

Sure its secure, but has no support for, you know, pretty much anything which isn't Intel or Nvidia.

> MRW I tried to install OpenBSD on my entirely AMD system...

TRIM is placebo you fucking retard.

Attached: LIBERATORS.jpg (906x1330, 817K)

OpenBSD has absolutely no Nvidia support. AMD, on the other hand, is supported. I use it on my ThinkPad with an APU

Is there one of these for Linus? Preferably also in JSON format.

another retard mistaking FreeBSD for OpenBSD
anyway, any other distro then Ubuntu that ships ASLR? I haven't checked for some time.

Yeah FBSD5 really put me off the project. That release was a real piece of shit.

are there spectre patches yet?

>anyway, any other distro then Ubuntu that ships ASLR
the absolute state of openbsd fanboys

Fedora is probably better though

Anyone here still uses a freeBSD?

Yes, for my desktop.

Except for scalable SMP or any kind of sensible security that isn't trivially broken by any motivated attacker :)

>Yes, for my desktop.
You must have missed the DEPRECATION warning. Replace with OpenBSD.

WHY DOES NOBODY MENTION ME???

Attached: NetBSD_Logo.png (1200x932, 67K)

Yes, purely for ZFS on a server.

to be honest freebsd stopped being usable as soon as they switched to bsdinstall, which i believe was 8

>Yes, purely for ZFS on a server.
zfs is such a meme fs, that crashes whole system if you ran out of ram for its poorly implemented caches, even linus doesn't want to merge its support, so that leaves BSDs w/o any proper modern fs apart cross incompatible legacy ffs one.
also desktop != server, freebsd lacks even basic drivers support for server hardware unless you try to run it virtualbox or qemu

2 NetBSD users walk into a bar. They're both surprised that someone else exists.

>even linus doesn't want to merge its support
That's because of some licensing autism, not the quality of the FS.
CDDL is GPL-incompatible

Works fine on my t470

Actually, where is dragonflyBSD?

I guess it's secure. Nothing works.

Attached: 1452738464082.jpg (768x1024, 266K)

>That's because of some licensing autism, not the quality of the FS.
>CDDL is GPL-incompatible
Licensing has nothing to do with this. If ZFS was any good or even worth it, then Linux kernel hackers would have already written their own implementation.
ZFS is no more than a poor man's attempt to work around lack of proper support for raid cards drivers that BSD-like OS do not have enough manpower to implement properly or even test the controllers. It is simple as that.

How does btrfs compare against zfs?

>How does btrfs compare against zfs?
Never tried btrfs, but XFS is rock solid.

"Most secure" would be having no electronic device at all.

Buy stuff offline, talk about interests with real-life friends, watch linear TV, play board games.

Fuck you niggers

>ZFS is no more than a poor man's attempt to work around lack of proper support for raid cards drivers that BSD-like OS do not have enough manpower to implement properly or even test the controllers. It is simple as that.
Incorrect. ZFS has a variety of other reliability features
>Designed for long term storage of data, and indefinitely scaled datastore sizes with zero data loss, and high configurability.
>Hierarchical checksumming of all data and metadata, ensuring that the entire storage system can be verified on use, and confirmed to be correctly stored, or remedied if corrupt. Checksums are stored with a block's parent block, rather than with the block itself. This contrasts with many file systems where checksums (if held) are stored with the data so that if the data is lost or corrupt, the checksum is also likely to be lost or incorrect.
>Can store a user-specified number of copies of data or metadata, or selected types of data, to improve the ability to recover from data corruption of important files and structures.
>Automatic rollback of recent changes to the file system and data, in some circumstances, in the event of an error or inconsistency.
>Automated and (usually) silent self-healing of data inconsistencies and write failure when detected, for all errors where the data is capable of reconstruction. Data can be reconstructed using all of the following: error detection and correction checksums stored in each block's parent block; multiple copies of data (including checksums) held on the disk; write intentions logged on the SLOG (ZIL) for writes that should have occurred but did not occur (after a power failure); parity data from RAID/RAIDZ disks and volumes; copies of data from mirrored disks and volumes.
ZFS is not simply the BSD software RAID solution. There's graid or other solutions if that's all you want.

Yes, a lot of words. You might as well have posted the direct link: en.wikipedia.org/wiki/ZFS
You likely meant OpenZFS? specifically for FreeBSD that has lots of reliability issues and lacks a lot of features of original Oracle ZFS. Call it what you want but software raid is just a software raid.

Please use a secure by default web framework for web development on your secure by default operating system.

Attached: sqlite guy.jpg (225x225, 6K)

>then Linux kernel hackers would have already written their own implementation.
lmao, like they haven't tried and failed miserably already

it's literally the worst of the 'modern' filesystems. The devs think it's completely ok for it to lose data randomly, and it's such a mess that nobody can debug that shit to make it work right even if they wanted to. Even Linus hates it. It's been in development longer and had significantly more manpower put into it than DragonflyBSD's HAMMER (a 1 man show basically), and it's /still/ less stable. Just search around for all the horror stories about it, it's a hopeless meme filesystem.

IT'S NOT JUST A SOFTWARE RAID REEEEEEEEEEEEEEEEE

Attached: angry_pepe.jpg (900x900, 65K)

>The devs think it's completely ok for it to lose data randomly

lets see a source for this hot claim of pure fud faggot.

>what would you consider more secure be default than OpenBSD ?
Qubes OS has a much better security model.

I think he's referring to the fact that parity RAID causes data corruption on btrfs. Or at least I think it still does. Some anons said they may have fixed it on very recent kernels.
also, that doesn't mean the devs think it's ok. Failure != malice

>I think he's referring to the fact that parity RAID causes data corruption on btrfs. Or at least I think it still does. Some anons said they may have fixed it on very recent kernels.

in all honesty. all RAID5|6 like parity systems have similar probable pitfalls. anyone saying their raid5+ system is immune to writehole are probably full of it.

Literally everything is insecure by default.
Don't ever assume anything about software or hardware, unless you have proven it, if you want to be secure.

see

Yeah apparently it's particularly bad on btrfs though.
But at least RAID10 just werks

OpenBSD is awesome for routers. Comes with reasonable default security settings. Very easy to configure and has very friendly community. Big thumbs up for developers.

I'm convinced most modern hate of btrfs stems from some shill campaign by redhat to discredit it because their engineers are working on competing products using xfs and linux lv/md/dm-- stratus or some retarded ass name like that, and most of btrfs is oracle and other competing vendors.

I just use the "Raid 1" profile on four disks. the raid names don't mean anything in btrfs anyhow. works great through. not sure why people would hate having basically free subvolumes, snapshots without autismo size management or experimental thin-provisioning.

What framework?

>most of btrfs is oracle
Why would they work on btrfs when they could push for zfs? Are they retarded? If anyone have the power to make zfs a first class citizen on linux, it would be oracle.

duckduckgo.com/?q=wapp web framework

ask oracle

oracle pretty much made and sponsered it and then completely dropped it like it was a hot turd. SUSE is shilling it hard now, a few companies are now claiming to be using it for medium term log storage and FB engineers are experimenting with it. some of the current maintainers of this product directly compete against Redhat's to be released software solution to the zfs/btrfs "problem"

>tcl
>literally just value add shell
>secure

the fuck?

>Standards-compliance
The standard doesn't matter as long as there's a standard.

What does the language have to do with it? Read security.md.

sounds like hot garbage like all ye olde cgi shit build on a language that's basically shell 2.0

apply yourself next time.

isn't openBSD responsible for the monster that is openssh?

what's wrong with openssh?

oh whoops, i meant openssl. openssl code is fucking horrible.

No, they forked OpenSSL into LibreSSL

You didn't answer my question.
>cgi shit
Nor did you read and understand the readme. It pretty clearly says "CGI, SCGI, or a built-in web server".

well you're still way off base. OpenSSL is a different project, and some time back (I think after heartbleed) OpenBSD forked it into LibreSSL, with the explicit goal of ripping out all the ancient cruft that was lurking around waiting to bite us - SSL2 and 3 support, old ciphers, the gorillion rarely-used options and extensions that accumulated over the years, etc.

>I just use the "Raid 1" profile on four disks
so you're just mirroring your disk with 3 others?
...I mean, I'm not saying you're wrong to do that, but that sounds inefficient as fuck

what question? because tcl is ye olde shell garbage that it depends on some framework doing string escaping for you and providing some --lint thing to point out your retardation? it's garbage, just stop shilling dead languages already.

>reply/unique IP counter
I didn't know this was a thing. Where do I find it?

btrfs.wiki.kernel.org/index.php/UseCases#How_do_I_create_a_RAID1_mirror_in_Btrfs.3F

NOTE This does not do the 'usual thing' for 3 or more drives. Until "N-Way" (traditional) RAID-1 is implemented: Loss of more than one drive might crash the array. For now, RAID-1 means 'one copy of what's important exists on two of the drives in the array no matter how many drives there may be in it'.

No I'm not comfortable with consenting to suck a woman's penis on demand.

meme distro

i dont get it

Attached: brainlet.jpg (645x968, 46K)

That will end up being the reference standard SSL as well, just like OpenSSH sent all prior implementations to hell.

>
> some framework doing string escaping for you
Isn't this just how all Web frameworks work? I know Flask does this with templates.

Do you use NetBSD, user?

Lets say you put three 1TB disks in RAID 1. With conventional RAID 1, that means you get 1TB of space. Each drive is identical and all have a copy of everything. Any two disks can die before you lose the data. With Btrfs RAID 1, you get 1.5TB of usable space. Two copies of the data are spread across the three disks. Each piece of data will be on two different disks. You can only lose one drive before you lose data.

Why they did it this way I have no idea, especially because "vanilla" RAID 1 is easier to implement.

so btrfs isn't that great then

It has its issues. So for Linuxm I think it is better to stick with md. Md seems like a better option and I think it might be easier to recover when drives fail. With btrfs, I've had the array stuck in read only mode. Once in read only mode, you cannot replace the failed drive. You must recreate the array and recover from backups. Since you would have to recover from backups anyways, I wonder why one would want to use a mirrored or mirrored+striped setup with btrfs at all. I don't know if t his always happens, but once is once too many.

A RAID1 or mirrored array should never fail from a single drive failure.