
Why OpenBSD Is Important to Me - quisquous
http://ggr.com/why-openbsd-is-important-to-me.html
======
cisstrd
I am an OpenBSD user, there is no OS I'd rather use currently (obviously) and
I am sure there is no OS with a greater focus on security and clean code, the
project as a whole deserves a great deal of respect and admiration for setting
the bar when it comes to security, and for being the originator of great
products that are used outside the boundaries of OpenBSD itself, however (with
all due respect) what the author portrays here is paranoid philosophical
mumbo-jumbo I'm normally used to from radical FSF-devotees.

Yes, there are NSA scandals, yes, the US government has repeatedly overstepped
boundaries, yes, caution and scepticism is a very healthy and good thing, but
on the other hand there are GNU/Linux distributions taking security somewhat
seriously, they have to, they too work with open source code, have a lot of
users, and review said code, I doubt someone is interested in your specific
data, I doubt using a GNU/Linux distribution or some other BSD OS is some risk
one shouldn't take, I doubt we should all have to automatically strive for an
"ethical" all Free Software life or otherwise we are in risk of somehow being
under totalitarian control, I doubt Apple and Microsoft are totally out to get
you and by definition filled with evil backdoors the NSA uses to spy on
_everyone_... I doubt they only do malicious things,... and talking about
security, it's not all in the Software, a lot is in users' behaviour... not
talking about him specifically, but "We are all spied on by the NSA, please
like me on Instagram and follow me on Facebook for hourly updates on my life
so we can join in the fight against totalitarian control"...

As you have guessed by now I am some kind of allergic to this... those
idealistic over-simplifications... drawing everything in black and white...

Some of the OS X users I know are incredible technology-orientated and privacy
concerned people, should I draw the conclusion they are being overly naive by
not using OpenBSD for everything? I don't think so, they are just not
suffering from paranoia, are pragmatic and living in the real world...

~~~
nickpsecurity
"As you have guessed by now I am some kind of allergic to this... those
idealistic over-simplifications... drawing everything in black and white..."

I avoid oversimplifications, too. Yet, most of what the author wrote was
proven by precedent. Only grip I have is calling Linux anti-security and anti-
privacy given how much good work in those used the platform. Gotta be a kernel
by kernel and distro by distro judgment on that. Rest seems accurate.

"Some of the OS X users I know are incredible technology-orientated and
privacy concerned people, should I draw the conclusion they are being overly
naive by not using OpenBSD for everything?"

The conclusion is that they prefer to use OS X. That simple. Far as its
security, it's made by a company that spent a long time lying to its users
that they were immune to malware because Mac's were just inherently secure.
They added lots of mitigations sometimes 10 years behind Windows and UNIX per
one firm. I recall one vulnerability where an administrative service required
a username and password for log-in but _didn 't check it against database_. If
you entered _any password_ , you got in.

Such a history of absolutely, terrible security plus deception of customers
means Apple products shouldn't be trusted for security by default. Any
"privacy concerned people" using it are making a foolish mistake or
intentionally trading away privacy for some other benefit.

Now, what you just saw me do was the evidence-based approach to these things.
Helps cut through the noise nicely.

~~~
cisstrd
And I appreciate it, I don't doubt that OS X isn't the best choice, and for
sure there is some kind of trade-off going on, most likely, yet I assume a lot
of it also has to do with how those products are used, meaning an
inexperienced users fall into the pitfalls of maybe any system, while an
experienced user will use the product rather differently?

Since you are a security researcher, aren't a lot of people of "your breed"
using Macs as well?

As for the OS X security track record I don't claim to be incredibly well
versed in that regard, thank you for the insight. But the piece doesn't
primarily talk about security flaws, rather about systemic risks in using any
sort of proprietary software whatsoever, especially by "evil" corporations
like Microsoft and Apple (it might not say that directly, but that's how I
conceived it) which I think is far over-emphasized.

~~~
nickpsecurity
"Since you are a security researcher, aren't a lot of people of "your breed"
using Macs as well?"

I use Linux, BSD's, and custom systems. From what I've gathered, the people
using Mac's do it for usability and apps more than anything. The Mac OS is
pretty, well-designed components for GUI/desktop on top of a hybrid between a
microkernel and UNIX (BSD). Let's ignore their bad choice of microkernel. The
real benefit is you get a desktop with comparable usability to Windows, you
can pull out command line for full power of the UNIX underneath, it's overall
more reliable/consistent than Linux on desktop side, and there's plenty of
apps from vendors who target Windows + Mac but not Linux.

So, that's the overall value equation. A UNIXy OS with many apps and nice
interface. I considered attempting to secure its foundation, Darwin, at one
point but it's a hodgepodge of crap thrown together. Clever way to get a
system out the door for Jobs back in the NEXT days. Not so good later on when
one is improving foundations. :)

Note: Addressing your other point in a new comment as I can never remember
length restriction.

~~~
bch
> The Mac OS is pretty, well-designed components for GUI/desktop on top of a
> hybrid between a microkernel and UNIX (BSD). Let's ignore their bad choice
> of microkernel.

Is it necessary to ignore the microkernel choice? Isn't MacOS X -not-
microkernel, even though (or "because") it uses an old version of Mach?
[0][1][2]

[0]
[https://en.wikipedia.org/wiki/Mach_%28kernel%29](https://en.wikipedia.org/wiki/Mach_%28kernel%29)

[1]
[http://www.roughlydrafted.com/0506.mk1.html](http://www.roughlydrafted.com/0506.mk1.html)

[2]
[https://www.youtube.com/watch?v=8RwlEZ88rKM&t=445](https://www.youtube.com/watch?v=8RwlEZ88rKM&t=445)

~~~
nickpsecurity
Mach was a terrible microkernel because it tried to do too much. Good examples
for you to look up are QNX, L4 (esp OKL4), EROS, and Minix 3. These all get
stuff done more reliably, securely, and _faster_ than Mach. That they've built
so much into the Mach model means anything you do to improve security or
performance has to fight with its inherent weaknesses.

So, Mach is its own discussion of failure in and of itself. There was also a
history... Trusted Mach, Distributed TMach, DTOS... of trying and failing to
secure Mach using high-assurance methods. The security improvements in new Mac
OS's, esp sandboxing and such, were actually recommended with that old
research in mind. They realized the foundation wasn't going to be secured as
it never worked in the past. So, they went for decomposition and isolation
schemes for apps themselves plus IIRC integration of TrustedBSD mechanisms.

~~~
bch
I appreciate the links. I'm still perplexed though -- isn't the Mach component
of MacOS X not at all a microkerel? Are you saying "it sort of is", or "it
certainly is" ?

The promises of microkernels seem extremely attractive to me, but we know that
the promise of simplicity doesn't come for free (witness Hurd[0]). There were
versions of Mach that were high-profile (i.e.: media/developer attention)
microkernels, but I thought the Mach in MacOS X really was simply "not a
microkernel". Interested to hear more about this if you've got illuminating
info.

[0]
[https://www.gnu.org/software/hurd/hurd.html](https://www.gnu.org/software/hurd/hurd.html)

~~~
nickpsecurity
Mach _is_ a microkernel but Darwin _is not._ This is what Mac OS X runs on:

[https://en.wikipedia.org/wiki/XNU](https://en.wikipedia.org/wiki/XNU)

[https://en.wikipedia.org/wiki/Darwin_%28operating_system%29](https://en.wikipedia.org/wiki/Darwin_%28operating_system%29)

XNU is monolothic software since it (a) merges code like BSD in with the
microkernel and (b) has a ton of kernel-mode code in violation of microkernel
principles. It can be said that microkernels can still benefit monolithic
heaps of kernel code by providing a consistent, simple way for pieces to
internally communicate. Windows has a microkernel inside of it for that reason
IIRC.

"witness Hurd[0]"

Hurd is another failure. So many microkernels, including commercial
deployments, have happened during the lifetime of that project not achieving
its goals. Situations like Mach and Hurd are why people think microkernels
suck. You have to see good examples. Did you ever use a Windows 95/98 box back
in the day? Remember how it would choke trying to do anything intensive or
concurrent? Check out what microkernel-based BeOS does on older hardware in my
UNIX alternatives list:

[https://news.ycombinator.com/item?id=10957020](https://news.ycombinator.com/item?id=10957020)

Tannenbaum has a nice paper describing the two biggest problems plus different
styles of handling them. It includes the microkernel techniques that are
reason we like them for robustness.

[http://www.minix3.org/docs/jorrit-herder/computer-
may06.pdf](http://www.minix3.org/docs/jorrit-herder/computer-may06.pdf)

On capability-security site, KeyKOS had fine-grained isolation, protected
communication, and checkpointing of app's state in case of failures. Shapiro's
successor, EROS, is described in this document along with many key principles
to high-assurance reliability and security that good work must leverage:

[http://flint.cs.yale.edu/cs428/doc/eros-
ieee.pdf](http://flint.cs.yale.edu/cs428/doc/eros-ieee.pdf)

Note: Unfortunately, project is dead as FOSS contributors had little interest
and he got poached by Microsoft. Did deliver a more secure networking stack
and GUI system on top of a prototype kernel. COYOTOS project papers have some
lessons learned, too.

------
pyritschard
We also owe the OpenBSD team OpenSSH, which greatly benefits from their
attention to detail and commitment to small improvements towards better
security.

Of course software is never perfect, but it's nice to know the (small) subset
of OpenBSD developers working on OpenSSH are still working on keeping the
proverbial doors locked.

~~~
peatmoss
Yes, the OpenBSD team's willingness to roll up their sleeves for software that
I consider core to a functional Internet is pretty remarkable. Even though the
last OpenSSL vulnerability also affected LibreSSL, in the past others haven't.

EDIT: Morning brain made context shift unclear. They do OpenSSH _and now_
LibreSSL. Also pf and more too.

~~~
ben_bai
[http://www.openbsd.org/innovations.html](http://www.openbsd.org/innovations.html)
AnonCVS, OpenNTPd, OpenSMTPd, ...

------
drblast
I just want to shake the hand of the person who made the OpenBSD installer the
way it is.

In case you haven't used it, it's dead-simple, command-line based, and it may
take a few times to get it right if you don't know what you're doing. It's
nearly featureless.

But after you figure it out, you can automate installs, and roll your own
distro by changing the contents of tar files, or add your own software and
configuration the same way.

It's quite possibly the most satisfyingly transparent OS install method I've
ever used.

~~~
morganvachon
Indeed, the only distros in the Linux world with installers that even come
close are Alpine Linux (which is obviously heavily influenced by the OpenBSD
installer) and Slackware Linux, coincidentally two of the better Linux distros
for those who prefer a more BSD-style approach to managing the OS proper.

Alpine needs a little work in the desktop OS department, and is painfully
lacking in a few essential packages for daily computing, but it's come a long
way in a short time. Meanwhile, Slackware is due to drop 14.2 on us any day
now, and has seen vast improvements over the past few years. Both are worth a
look if OpenBSD for some reason doesn't work on one's system.

But having said that, OpenBSD is a cut above any other open source OS when it
comes to stability, clean code, and well written, complete, thorough
documentation.

------
leaveyou
I wanted multiple times to study the OpenBSD source code and I've downloaded
it but I never managed to navigate through it, to find the "head and the tail"
or to find a reasonable "map" of the source code. I would like for example to
follow the execution path in the source code, from the boot up to the login
prompt. Does any documentation like this exist or could anyone give me some
hints ? Thanks

~~~
deprave
There are three parts in this sequence:

1\. Boot up - this is very machine-dependent ("MD") so you'll find it in each
architecture's source code. Look for files named "locore.s" or "locore.S" in
places like src/sys/i386/i386.

2\. Kernel - the machine-independent ("MI") part, or where the fun begins...
this is in src/sys/kern/init_main.c, look for the function main(). You'll see
the different subsystems initialized, from the lowest level (auto
configuration of hardware devices and console initialization) through
fundamental subsystems (virtual memory, disk, network, processes, etc.), all
the way to the scheduler. The scheduler will only have one process to work
with (PID 1) which is init (src/sbin/init), so that's what gets executed.

3\. Userland - /sbin/init is the first process that runs, and it takes care of
running everything else, like daemons and eventually your login prompt. Your
points of interest in init.c are runetcrc(), read_ttys(), and multi_user().

~~~
tomcam
What a relief! Thanks for scratching that itch. Also turns out to be good code
organization, but I needed that post to boot me up.

~~~
mbrock
Someone should make a site for sharing little "guided tours" of open source
code bases...

~~~
Terribledactyl
While not a walk through the code base, there are these wonderful volumes:
[http://www.aosabook.org/en/index.html](http://www.aosabook.org/en/index.html)
that have creators/maintainers/contributors walk through at a higher level how
these amazing programs work.

------
jayofdoom
Probably worth noting as well how many software products OpenBSD has
contributed back to the overall free software world; things like OpenSSH,
(edit: NOT OpenSSL), a more secure ntpd and inetd.

Even if you don't run OpenBSD, you benefit from it.

~~~
madars
> how many software products OpenBSD has contributed back to the overall free
> software world; things like OpenSSH, OpenSSL, a more secure ntpd and inetd

One of them is not like the others -- OpenSSL is not an OpenBSD project and
the code quality is markedly different :-)

~~~
protomyth
perhaps jayofdoom meant LibreSSL.

and yes, OpenSSL is a bit of a code quality difference than the OpenBSD norm.

~~~
nickpsecurity
Yall don't be too nice to them. The code quality is shit. My favorite quip of
all came from Ted Unagnst noticing they did endian-checks in one code that ran
very often during use of protocol. He said something along the lines that they
hadn't applied any sense to (important issue) but they had you covered if your
CPU's endianness changed in mid-operation. No words. :)

~~~
protomyth
I meant my comment in the same spirit as a Southerner means "Bless your
heart".

I do believe Ted Unagnt's comment is included in the
[https://www.youtube.com/watch?v=GnBbhXBDmwU](https://www.youtube.com/watch?v=GnBbhXBDmwU)
LibrSSL first 30 days along with quite a lot of other oddities.

~~~
nickpsecurity
Alright lol. I lost the video but it was definitely a LibreSSL presentation at
a conference. Thanks for the link in case it has it.

------
niroze
Great opinion piece. I think this is mostly the opinion of anyone that really
discovers OpenBSD and gets caught up in it. Security does matter, and the
developers accept nothing less than what they want.

My main problem with OpenBSD development is that all development is decided
solely by the developers and there doesn't seem to be much care for what
others want.. which is fine, they're doing all the work for peanuts.

Sometimes you just have to do things that aren't well suited for OpenBSD
(imagine updating and ensuring hundreds of OpenBSD machines are up-to-date,
and running high performant threaded applications). Many things work, but that
is all they do. Sure it may be much more secure than other unix or linux
offerings, it may be all there is. Much of the ports are just "get this to
compile and work". That isn't always good enough. Truly evaluate if it fits
your needs. If there is something you want on the platform, it may be up to
you to fix it.

\--

Unrelated, I find it interesting that NetBSD isn't mentioned once in this
entire thread.

~~~
4ad
I've seen this type of comments many times, in many different context, about
many different open source software projects, and I never understood them.

> all (OpenBSD) development is decided solely by the developers and there
> doesn't seem to be much care for what others want

This implies this is not the case for every other project.

To pick on your SMP performance example, Linux doesn't have better SMP because
"developer saw that people want SMP, and decided to implement it". Linux has
better SMP because some people came and implemented it. Not at other's people
request, that is never relevant.

Different open source projects attract different (developer) audiences, and
different project have different audience sizes, but don't make the fallacy
that some projects chose what to work on (architecturally speaking) because
user demanded it. That is _never_ the case. Everything big happens because
_developers_ want it.

~~~
niroze
It isn't a "fight" or a "Linux vs OpenBSD" thing. It is just how they approach
development. One could argue if it is "good" or "bad", but what matters is
knowing it exists.

Many projects have different approaches to development. Sure, many people work
on bugs most of the time, but there are big decisions about where the limited
resources are going to be spent on new features. Those are the ones that truly
matter.

There are examples of amazing things people have just done on a whim, but that
isn't truly a standard and much of those things are generally huge.

------
executesorder66
I'm curious why the author says Linux is "insecure, anti-secure, and anti-
privacy software" Can anyone explain this?

Also, why OpenBSD specifically, and not FreeBSD for example?

~~~
quisquous
I'm lumping Linux in that group because my impression is that Linus is
ambivalent about security--it seems to be just another feature to him (see
[http://www.washingtonpost.com/sf/business/2015/11/05/net-
of-...](http://www.washingtonpost.com/sf/business/2015/11/05/net-of-
insecurity-the-kernel-of-the-argument/)). Additionally, with most of the
popular distros, once I install the OS, I have to spend a bunch of time
locking things down before I do anything else, whereas OpenBSD has pretty good
defaults that I can build up from. Also, when Ubuntu, one of the most popular
Linux distros, started capturing searches by default, that got me questioning
their commitment to privacy.

That's not to say there aren't distros and contributors to Linux that care
deeply about security--clearly there are. I just don't find the overall
ecosystem nor the most popular distros nearly as focused on or as trustworthy
on security and privacy. And as the stakes get higher with more of our lives
going digital and more companies, states, and criminals trying to take
advantage of that trend, I worry.

As for OpenBSD vs FreeBSD, I've had an easier time getting OpenBSD working on
my hardware and OpenBSD seems to me more concerned with, focused on, and
practically innovative on security--that is to say, they don't just introduce
new security features that can be configured and used by someone smarter than
me, the OpenBSD folks work hard to introduce new security tech that's on by
default with no special knowledge required by the end user, i.e. pledge, W^X.

~~~
nickpsecurity
Then modify the claim to say "some Linux kernels/distros" instead of Linux as
a whole. Meanwhile, thanks to CompSci, there's Linux's (eg Criswell's SVA-OS)
and FreeBSD's (eg CheriBSD on CHERI) that run with _way_ more security than
OpenBSD. They push the state of the art. So, it's a mixed bag.

OpenBSD is actually no different. The developers care a lot about security and
quality. Yet, the mere fact that I see OpenBSD desktops in Google images
running shoddy applications shows many OpenBSD users make similar tradeoffs to
what you described of Linux camp. It's just the kernel and select userland
that gets their attention to quality due to limited staff (and their
preferences).

~~~
neerdowell
_> Yet, the mere fact that I see OpenBSD desktops in Google images running
shoddy applications shows many OpenBSD users make similar tradeoffs to what
you described of Linux camp._

Are these "shoddy applications" not more secure on OpenBSD due to the various
mitigations applied to userland software?

~~~
nickpsecurity
We don't know. OpenBSD has so little market share that virtually nobody is
testing those mitigations. However, many are similar to mitigations developed
on other platforms and beaten. So, they'd probably be beaten with effort, too.

Don't you love reasoning by precedent? Makes these judgment calls so much
easier. :)

~~~
neerdowell
People are testing the mitigations. For example Qualsys' audit of OpenSMTPD[0]
noted that a buffer overflow they found was not exploitable on OpenBSD as even
a single byte overflow would smash the stack canary.

[0] [https://www.qualys.com/2015/10/02/opensmtpd-audit-
report.txt](https://www.qualys.com/2015/10/02/opensmtpd-audit-report.txt)

~~~
nickpsecurity
That's not trying to break the mitigations: it's simply testing if they stop
an exploit which isn't designed to bypass the mitigations. Really easy to pull
off. :) Below are examples of a clever scheme for stopping control flow
attacks and a successful attempt to breaking it. When I say testing the
mitigations, I mean work like what's in the second paper.

[https://www.usenix.org/system/files/conference/usenixsecurit...](https://www.usenix.org/system/files/conference/usenixsecurity13/sec13-paper_zhang.pdf)

[http://www.cs.berkeley.edu/~daw/papers/cfi-
sec15.pdf](http://www.cs.berkeley.edu/~daw/papers/cfi-sec15.pdf)

Note: Native Client, which protects Chrome, is a form of Control-flow
Integrity. Hence, me using it as an example.

~~~
neerdowell
I'm not seeing your point. A vulnerability was found in OpenSMTPD. That
vulnerability could not be exploited on OpenBSD because there was no way to
overflow the buffer without smashing the stack canary. If you had the same
version of OpenSMTPD running on a generic Linux kernel or on Mac OS X, it was
vulnerable. On OpenBSD it was not. Ergo, OpenSMTPD running on OpenBSD is more
secure than OpenSMTPD running on other platforms that do not provide the same
mitigations.

At least, that's the way I see it.

Now, are you saying that because it's possible to bypass the mitigations in
some other cases, preventing that vulnerability (and others) doesn't matter?

Or, are you saying that it would be possible to craft an exploit that bypassed
the stack protection for that particular vulnerability? In which case I would
love to see your PoC.

Or something else?

~~~
nickpsecurity
What I'm saying is simple: there's the security of the code and the mitigation
itself to consider. I know of no talented people interested in devrloping
bypasses for OpenBSD mitigations since nobody uses OpenBSD. So, they break
even more clever stuff in Chrome, Windows, etc. Given your example, lets
change the mitigation to make it more obvious, though.

OpenSMTPD (email for short) is the target. Default are Windows, Linux, and
OpenBSD on x86. OpenBSD devises a mitigation: use SPARC processor since x86
malware cant work. As you say, the malware works on everything but the SPARC
box. You and others claim it means the mitigation is secure and so is what
uses it.

Now, some guy named Nick claims it's no more secure than a BSD/Linux 0-day on
x86: they just didn't target exploit for that environment. Sure, they have to
learn SPARC ISA and how OBSD uses it. Sure there's work involved. Similar
mitigations were beaten in the past by first person willing to invest effort,
though. So, Nick posits reason SPARC is safe from x86 malware coders is that
they don't care enough to deal with SPARC boxes. Maybe no market share.

See how that works now?

~~~
digi_owl
Whats the term, security by obscurity?

~~~
nickpsecurity
Basically. Now, it's fine to throw in obscurity or unusual mechanisms on top
of good security practices. I used that to stop high-strength attackers
before. Yet, we must be careful to note the difference between these
mitigation results:

A. We stopped those vulnerabilities from working because nobody can bypass
this mitigation.

B. We stopped those vulnerabilities from working because very little talent is
working on beating our mitigation.

World of difference there as Chrome and SFI/CFI teams I linked up above found
out when smart hackers and braniacs from CompSci began convergjng on their
work. And shredding it.

Code-Pointer Integrity was last one standing after first round of peer review.
I'll use it for medium-assurance if it survives 2-3 more. Check it out.

------
Spooky23
End of the day, OpenBSD is a great example of the value of competition, and
the necessity to maintain market rules that encourage it.

How awesome is it that we have dedicated operation system geared towards the
niche of the market that cares deeply about security?

~~~
zxcvcxz
Just fyi we actually have multiple operating systems dedicated to security.

~~~
oarsinsync
Can you elaborate on what the alternatives are? The more we all know, the
better!

~~~
JoachimSchipper
For any Linux distro, applying the grsecurity patchset will make your box more
secure.

RHEL (and thus, CentOS) does a pretty good job of configuring and enabling
SELinux for packaged software.

There is a Hardened Gentoo. All the fun of normal Gentoo, but with fewer
companions to find the compiler bugs. ;-) Still, they've built quite a stack
of security patches, including grsecurity.

There is (used to be?) Hardened Linux From Scratch. Educational, but not
practical.

OpenWall Linux is dead-ish, but - as you'd expect from a Solar Designer
product - introduced several interesting patches (some backported from
OpenBSD). You may be interested in
[http://www.openwall.com/presentations/Owl/](http://www.openwall.com/presentations/Owl/).

I recommend - and use - OpenBSD, but there are definitely people interested in
security in the Linux world.

~~~
dpv
The bad thing is there's hardly a generic "more secure" switch.

> applying the grsecurity patchset will make your box more secure.

It also might not. Correct me if I'm wrong, but while grsecurity does a good
job in kernel hardening, it won't protect from attacks like recent imagemagick
system() injections, or from something like wordpress exploits, where you
don't necessary touch kernel space or even binaries at all -- so it might be
possible to have grsec enabled system and still be part of a botnet, or leak
user data.

> enabling SELinux for packaged software.

This is a double edged sword also. Good thing is that a lot of software does
have SELinux policies for it. Bad thing is that a lot of software runs in
_unconfined_ domain and that can give a false sense of security. For instance,
if I recall correctly, systemd runs unconfined, while being itself a a)
rapidly changing and b) half a million plus LOC software. And to err is human,
you know -- SELinux won't "contain the bomb as it goes off" in unconfined
domain.

Another example of bad approach with SELinux would be grepping for something
in the audit.log and making policy module, which is even recommended in the
official docs [1]. I do understand that its a major PITA to find good balance
between convenience and security, but this particular example trains users bad
practice from the start. Its worse than dismissing UACs -- its as bad as
grepping for dropped packets in firewall logs and autocreating permissive
firewall rules. Attacker calls her rootkit "yoursoftware.sh", tries needed
functionality so that denials appear in audit.log, waits until sysadmin greps
for "yoursoftware" and voila -- SELinux is perfectly ok and silent with
rootkit. Its simplified, but you get the idea.

> Hardened Linux From Scratch. Educational, but not practical.

If we disable unconfined domain -- and hence be forced to formalize literally
every syscall in our access matrix -- then any MAC system also can be called
unpractical.

I think every statement of a "Use X its more secure" kind is very dangerous,
unless you explicitly specify against _what kind of threats_ its more secure.
Otherwise, statement just adds false sense of security, and then human
laziness kicks in, and we end up with a mess. Like, if I harden the system
kernel, but fail to protect the user data -- or vice versa -- I simply end up
without any sensible result, while thinking otherwise. Or I can start with
perfectly reasonable defaults (same examples like OpenBSD or SELinux) and with
few "convenient" commands open up huge security holes, and again, end up with
not what I expect.

[1] [https://access.redhat.com/documentation/en-
US/Red_Hat_Enterp...](https://access.redhat.com/documentation/en-
US/Red_Hat_Enterprise_Linux/6/html/Security-Enhanced_Linux/sect-Security-
Enhanced_Linux-Fixing_Problems-Allowing_Access_audit2allow.html)

~~~
JoachimSchipper
You're right, but I just wanted to give some pointers, not write a novel on
software security (modelling). ;-)

With respect to SELinux: I'm not a fan in all regards, but if you want to use
SELinux, the fact that RHEL has pre-made policies for you _does_ help.

------
Sabon792
The biggest reason people don't use BSD of any type is that you can't go into
a store and buy a computer with BSD on it. At least not in any store an
"average" computer user would know where to look.

As for someone like me, I used to build computers (more than a couple hundred)
back in the 80s and 90s with alternate OSs to Mac (classic) and Windows but
never tried BSD. I did try BeOS and OS/2 and Corel and close to a dozen
different Linux distributions (I have the Penguins to prove it).

At the time I didn't know anyone else that used BeOS or OS/2 other than me.
Personally I mean. So that isn't my excuse for not using BSD. Mostly I rarely
heard about it. Now I'm old (laughing) at 55 and left BeOS and OS/2 behind
years ago and moved to Mac Classic and then Mac OS X which runs on top of BSD.
That's the closest I've gotten.

If you want more people to use BSD you really need to promote it more. Not
just in nerd magazines but put out flyers around companies (don't ask, just
leave them) with an explanation of what OpenBSD is and why they should be
using it instead of Mac or Windows.

It needs to be brief and clear and you need to make VERY clear how they find
and install OpenBSD and not just, "Go out and buy a computer and install it."
That's like telling most people, "Go out and buy a nuclear reactor and install
for the OS for it." It's not going to happen unless you are clear and you make
it as easy for them as possible. People like easy and they want to feel like
someone cares and that they will be taken care of if they have ANY questions.

Personally I feel that one of the biggest bad jokes is that "Microsoft cares".
Really? Would you like to buy the Brooklyn bridge? Because it's for sale for
$1.

If you get everyone you know to lay out flyers at businesses with what I
describe above then you may get a few more people to use OpenBSD. But be
prepared to support them in not nerd languages and without any attitude. If
you have emotional problems (low self esteem, and I'm not saying that YOU do,
well those people shouldn't be helping anyone else with anything) then I would
suggest leaving support to other people.

~~~
j_s
Do the downlable .ISOs boot these days? Back when I had time to check it out
nearly a decade ago, it cost real cash money to buy a bootable CD-ROM from
their store.

------
stcredzero
To paraphrase:

 _Speaking freely is essential to democracy. The more restricted your
conversations, the more careful you are about what you say. And being careful
leads to less candor, less criticism, and less innovation. Thought and free
speech are the breeding ground for new, sometimes controversial ideas. They
are how we prototype, think new ideas through, refine them, and get them ready
for wider distribution and discussion._

The actions of many 21st century activists seem to be diametrically opposed to
this ethos and designed create a social landscape of civic censorship and
extra-legal punishment for "thoughtcrime." I think a society with laws
supporting free speech on the books, but largely made of authoritarian and
censorial organizations is no more democratic in spirit than the Jim Crow
south was inclusive with its "technically" enfranchised non-white population.
(It doesn't so much matter what laws are on the books, if society at large
thinks something opposed.)

For democracy to work, there needs to be freedom to dissent. I think many
young people who grew up with web forums were exposed to so much draconian
censorship, they've come to unconsciously feel that censorship is a key means
of expressing power and "justice." I just hope that enough of them work out
how intellectually bankrupt such a society would be.

------
OneTwoFree
> Plenty of hardware in my life has backdoors (I'm looking at you Intel[1])

That same libreboot article[1] says that AMD is not any better. Is there any
alternative I'm not aware of? An ARM Chromebook is unfortunately not fast
enough for me.

[1] [https://libreboot.org/faq/#intel](https://libreboot.org/faq/#intel)

~~~
4ad
I hope this will be good:
[https://www.raptorengineering.com/TALOS/prerelease.php](https://www.raptorengineering.com/TALOS/prerelease.php)

------
zymhan
I'm just getting started on setting up an OpenBSD router that I want to be the
basis for making sure much of my data is secure. I figure I can start with the
edge of my network and work in. And for such an important device as an
internet gateway, I want to be able to trust it.

~~~
dwc
> I'm just getting started on setting up an OpenBSD router that I want to be
> the basis for making sure much of my data is secure.

A bit of warning... I've seen this go wrong when people who don't know OpenBSD
do this. Adding an additional OS means learning and "supporting" it.

* If learn your way around, get it set up well, keep your system updated the way you do for anything else, then you'll be in good shape.

* If you learn just enough to get it working and then set it on the back burner for when you can find the time to learn more, don't update it, etc., then you're better off going with an OS that you know and can keep secure.

I'm not trying to dissuade you, but I'd like you to evaluate if you will
devote the time to using a new OS on a border device that it deserves. If you
will then I think you'll be quite happy with your choice. :)

~~~
niroze
Indeed! Spoken by someone that seems to have experience maintaining many
machines.

As secure as the machine is, its security slowly degrades the longer it is
out-of-sync with updates (especially security ones) and/or admins
administering the machines aren't good enough.

System administration isn't a set-it-and-forget-it type of thing.

------
anthk
>Plenty of hardware in my life has backdoors (I'm looking at you Intel). But
I'm slowly replacing the bad stuff with the good stuff, as I'm able to find
OpenBSD (and open hardware) based solutions for my remaining use cases.

Use a blobless OS like Trisquel, Guix and get libre hardware from the FSF.

------
update
> I imagine the NSA has a bag full of OpenBSD exploits [...]. But OpenBSD has
> gifted to the world a fighting chance--

Doesn't the former sentence negate the latter?

At this point, it seems just about all systems are hackable, given enough
resources.

~~~
quisquous
Reading Bruce Schneier made me especially aware that security has a strong
economic component--its not that you can make your server secure against all
threats, but with the right tools you may be able to make it uneconomic for
the threats you are most worried about. There's probably not much you can do
to defend against an NSA-scale attacker that's targeting you individually. But
if you're more concerned about NSA-style dragnets or their corporate
equivalents, OpenBSD can help.

~~~
update
> There's probably not much you can do to defend against an NSA-scale attacker
> that's targeting you individually.

Hm. How is Phineas Fisher[1] is still on the loose then?

[1]
[https://news.ycombinator.com/item?id=11512845](https://news.ycombinator.com/item?id=11512845)

------
lasermike026
Carry on. I'm with you.

------
arjun1296
Does OpenBSD have good SMP support yet?

~~~
ben_bai
Be more specific with your question or give an example where it is too slow.

In general: In userland yes, in kernel yes and no and working on whatever
seems too slow.

------
zxcvcxz
I don't know how anyone can lump Linux in with Windows when it comes to
security from NSA spying and then say OpenBSD is a good alternative.

HN seems to love the anti-Linux FUD though. Anything that further fractures
the OSS community is upvoted fast.

I like the BSDs too, but there are a ton of reasons Linux is the most popular
kernel in the world, it's not just because the NSA makes it so.

~~~
dijit
it's not just that though, there's the push for systemd which was not welcomed
and alienated a lot of sysadmin folk who frequent hackernews.

personally I felt rather shafted by systemd, not because it's bad, but because
my arguments were never even met, it was just a brushing off from some of the
people who had already accepted it.

So I tried the BSD's and they were significantly better than I imagined they
would be, I would put money on this being the case for other people who are
upvoting these topics.

~~~
vox_mollis
Indeed. If systemd were just a parallelized init system with better unit
management, far more would be okay with this shift.

But that wasn't enough. They had to hijack bootloading, logging, device
management, network, etc. For reasons that nobody seems to be able to actually
explicate.

~~~
cm3
They want to control it all to give the best possible user experience but fail
short and introduce bugs I've never had since the first day I've installed
Linux in the 90s.

~~~
PhantomGremlin
_They want to control it all to give the best possible user experience_

Or perhaps, since Poettering et al. are Red Hat employees:

Red Hat want to control it all ... for reasons

