I love it how neat config files generally are on the BSD's. It's all so transparent and easy to tinker with. Sadly I have not used OpenBSD in probably 2 decades, but I fondly remember using it for my first office job in around 2000. I used it as my desktop OS while the servers all ran Solaris.
Linux doesn't have to be complicated, even today. Slackware and Void are BSD-like in their configuration simplicity. But I appreciate the BSDs being there... especially since they have code bases that are squeaky clean and thoroughly documented, at least by Linux and GNU standards.
I've been meaning to look into non-systemd distros -- assuming you're putting Slackware and Void up as examples of that -- how do things like Docker or others that seem to require systemd cope?
Docker runs just fine on my Alpine box. You just have to ensure dockerd is started upon startup.
I don't faff about with GNOME or any of that, so if you want to run GNOME you may be out of luck. GNOME can be built without systemd dependencies, but it's probably a PITA, especially on Linux.
well there was that one big black eye with FBSD code quality with that whole wireguard fiasco... something about a rush job paid for by the Netgate folks
There's two main answers. The first one is that CloudFlare reduces overall security by acting as a universal Man-in-the-Middle that terminates TLS connections to inspect all trafic, so for any website using CloudFlare, CloudFlare will be able to see all your trafic.
The second problem is that they use their privileged position to actively block privacy-conscious users/networks as well as homegrown scrapers. Being able to browse and archive the web freely is a fundamental property of the WWW, and a single corporation deciding who gets in (Google & friends) and who doesn't (the rest of us) is a huge problem, whether you approach it from a "human rights" perspective, or a "free competition" perspective.
Website owners who go through CloudFlare are asking a private corporation to strip search anyone who wants to reach their doorbell/mailbox. Would you accept that in your neighborhood? If not, why do we accept it online?
CloudFlare forces people to enable JavaScript, or you just can't get in. This means that people who don't use a modern reputable browser (based on Firefox or Chrome) are often left out (CLI browsers, homegrown browsers, etc). While people who are conscious about security who disable JS for this reason (see for example rowhammer.js as one of the many reasons why running untrusted code from the internet is the worst idea ever) are also left out. While users who have JS but in a privacy-friendly browser which prevents fingerprinting, such as the Tor Browser, will be placed on infinite CAPTCHA loops. I've personally spent over an hour once stuck on a CAPTCHA that i really needed to go through.
Their argument for treating Tor users (and VPN users, etc) badly is that there is a lot of malicious traffic coming from there. However such arguments don't hold scrutiny as most attackers have resources a lot of IP addresses, and there's an entire gray/black hat industry of "residential VPNs" to acquire more for a few bucks. Moreover, as they are already terminating the TLS connection on their side to inspect the traffic, it would be rather straightforward (given a few false positives that could be reported) to block out known attacks and suspicious traffic, while letting obviously-innocent request passing through.
All in all, CloudFlare is not 100% empire of evil and there's a lot of good folks "just doing their job" there who even like privacy in theory. But in practice, they are reinforcing what we privacy activists fight against: centralized surveillance infrastructure and privatization of public information.
