Subj : Re: Slackware 15.0
To   : Dan Clough
From : Richard Falken
Date : Tue Sep 15 2020 07:12:57

  Re: Re: Slackware 15.0
  By: Dan Clough to Richard Falken on Mon Sep 14 2020 09:53 pm

 > I may give it (Devuan) another look one of these days.  I do like
 > Debian and it's offspring fairly well.  Never cared much for the
 > BSD's, although only ever tried the FreeBSD variant and that was
 > long ago.  Never really saw the point of it - what does it do any
 > better than Linux...?

FreeBSD used to have proper jails and great ZFS integration, but I don't know how
great of an advantage it has on those fields these days.

What OpenBSD does is to feel less insane than the others. To begin with, it has less
cruft going on. If you don'tknow how something works, it is easier to figure it out
form the source code than it is from the source code of some of the alternatives. Not
that you are likely to need it since everything is well documented.

Traditionally risky daemons are chrooted and subject to privilege deprivation. BSD
Auth is easier to understand and work with than something like PAM. The TCP stack you
would have to harden after every Linux install is set with sane defaults in OpenBSD.

Also, it comes with software enough to build your own packaging compiling cluster. The
port system is so fun to break havoc with :-)

Cherry on the top: the OpenBSD comunity has a reputation of being composed of
unfriendly bastards. I think that reputation is overblown, but they really have an
Iron Fist of Death when dealing with drama. Anybody strong enough to remain active in
the community is granted to really care for the OS - ie. if you pop up in the IRC
channel you are likely to find people who LIVES OpenBSD, as opposed to self-entitled
brats you often find in some forums.

Oh, and OpenBSD has PF. Some people prefers it over Linux packet filtering interfaces.
It is a matter of taste, really. Same with the default smtp daemon or httpd. Those are
a delight to work with and are so much logical and preasurable to configure than the
minastream ones you'd find in the Linux world.

IMO you could do what you do with an OpenBSD with a Linux, but when deploying some
paket forwarder or small server, or a small web service, OpenBSD gives you less
post-instll work to do and the whole thing seems more logical in general. I mean, the
Filesystem Hierarchy the Linux world routinely rapes.... you suggest putting the wrong
file in the worng place in the OpenBSD world and they will send Skynet for you.

That said, OpenBSD has its own bunch of problems, like lacking proper cow for the
filesystem. They also lack a MAC framework - they have other ways to mitigate
break-ins, exploits, and what a program may access, but you won't find SElinux
or AppArmor capabilities at kernel level.

I think that pretty much sums it up.


--
gopher://gopher.operationalsecurity.es
--- SBBSecho 3.11-Linux
 * Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (1:123/115)

.