/tech/ - Technology★

We literally just had a conversation about this in >>>/tech/1048332

>Xorg is insecure

You're wrong here kid. If they used the vanilla Xorg known from Linux, it'd be true, but in case of OpenBSD you have Xenocara, that is a lot more secure solution that doesn't exactly require you to run it as root. Moreover, pledge(2) allows for further isolation of the system, so the so called "hundred apps" are going to be properly isolated, unlike on Linux or FreeBSD where you have to explicitely create a chroot for every single one of them.

>supports all your devices

Actually, no. OpenBSD is known for better support hardware because, well, unlike FreeBSD, its developers actually develop it on their own hardware, while most FreeBSD devs prefer to emulate it.

>more performant

In some cases, yeah. Although for most use cases, it reaches the same level of performance (except syscall-intensive tasks, mostly due to the Big Kernel Lock, which hopefully is going to be fully eliminated soon).

Also, one thing I forgot to write about. It's starting to gain proper GPU support recently, eg. they've got full support for AMD GPUs thanks to the new amdgpu driver.

>>1076517

>pledge

A meme, nobody is forced to support it. And who audits the usage anyway?

>on their own hardware

The devs support special snowflake hardware at best. For instance, my intel hd is not supported, neither are my sound cards (incl realtek).

>same level of performance

Nope HT is off by default and no nvidia drivers.

>>1076518

>Thinks disabling HT is a bad thing

>>1076518

There's no required "support" for pledge/unveil outside of OpenBSD. It's just a couple system calls the ports maintainers add. Anyway OpenBSD has little to do with FreeBSD, since it's a fork of NetBSD. Even DragonflyBSD is very different from FreeBSD, despite being a fork thereof.

>>1076517

> same level of performance

I'm a OpenBSD supporter and I'll admit this is just plain untrue. You must live in a separate reality to everyone else if you think that it's true. Many provisions are taken to boost "security" at the expensive of performance on OpenBSD and that's a good thing.

>>1076528

Yes losing up to 50% performance for some imaginary scenarios.

>>1076540

Most provisions taken for security are done to protect against hypothetical situations. Some are more conservative about it than others.

>>1076518

>And who audits the usage anyway?

from https://www.openbsd.org/security.html

>Our security auditing team typically has between six and twelve members who continue to search for and fix new security holes. We have been auditing since the summer of 1996. The process we follow to increase security is simply a comprehensive file-by-file analysis of every critical software component. We are not so much looking for security holes, as we are looking for basic software bugs, and if years later someone discovers the problem used to be a security issue, and we fixed it because it was just a bug, well, all the better. Flaws have been found in just about every area of the system. Entire new classes of security problems have been found during our audit, and often source code which had been audited earlier needs re-auditing with these new flaws in mind. Code often gets audited multiple times, and by multiple people with different auditing skills.

>Some members of our security auditing team worked for Secure Networks, the company that made the industry's premier network security scanning software package Ballista (Secure Networks got purchased by Network Associates, Ballista got renamed to Cybercop Scanner, and well...) That company did a lot of security research, and thus fit in well with the OpenBSD stance. OpenBSD passed Ballista's tests with flying colours since day 1.

>Another facet of our security auditing process is its proactiveness. In most cases we have found that the determination of exploitability is not an issue. During our ongoing auditing process we find many bugs, and endeavor to fix them even though exploitability is not proven. We fix the bug, and we move on to find other bugs to fix. We have fixed many simple and obvious careless programming errors in code and only months later discovered that the problems were in fact exploitable. (Or, more likely someone on BUGTRAQ would report that other operating systems were vulnerable to a `newly discovered problem', and then it would be discovered that OpenBSD had been fixed in a previous release). In other cases we have been saved from full exploitability of complex step-by-step attacks because we had fixed one of the intermediate steps. An example of where we managed such a success is the lpd advisory that Secure Networks put out.

even ports/packages are patched for pledge and unveil. things like ssh, arc4random, ASLR, W^X, and libressl were also introduced on an optional basis like this, and the wider world eventually adopted them to varying degrees because it just made sense and the code was free to study and reuse.

>>1076539

>and that's a good thing.

>>1076540

I think openbsd is the best os on the planet. I've used it since forever. That said, it is a dog for many non-imaginary scenarios. I run old hardware for my workstation (Core2, 4GB) and there is no comparison between obsd and say dfly or gentoo or even netbsd. It is slower at basically everything. Certain X apps are barely usable on obsd and totally fine on the other platforms (heavy browsers, as an example.)

The earlier comment about big kernel lock is exciting; a performance boost would be a real treat. It is rather annoying to have to use anything but obsd but on low end hardware it does not cut it.

>>1076620

openbsd is really inconsistent. There are like 10 people working on it so your system-to-system experience varies.

>>1076518

>pledge

<meme

heh, she doesn't know what it even does.

>>1076512 (OP)

>FreeBSD

<A 100% CoC'd OS project that tries to be GNU/Linux but it fails miserably.

If you like (((FreeBSD))), you should just install DragonFly BSD since it's just a better version of FreeBSD (also, Dfly doesn't have a humongous CoC). Literally all other *BSDs have a reason for their existence, except for FreeBSD.

>>1076745

CoC's are not a problem unless you're an angsty teen. Dragonfly seems to consistently score worst of all BSDs and laughably below ubuntu in benchmarks.

>>1076745

kys faggot

>>1076745

I tried dragonfly and couldn't follow the desktop environment instructions since pkg radd (pkg_radd ?) does not exist, nor can be installed.

e.g. pkg radd xfce4

>>1076745

>Politics and software shouldn't mix. That's why I always choose my OS based on politics

This is why almost everyone thinks right-wingers are retarded.