In fairness to FreeBSD, it has a lot of security features that OpenBSD does not, including jails, multiple firewall options, capsicum, and soon veriexec.
But I guess that’s also an illustration of the FreeBSD approach. Build stuff. Rather than code audit.
Even people who do not use openbsd have a lot to thank them for. They’re responsible for finding and fixing so many bugs in other projects. Or starting their own project if the code base is too far gone. Eg. Libressl
While OpenBSD deserves every bit of credit for their hard work, that shouldn’t be twisted to somehow suggest that other projects don’t put a lot of effort into security too. Let’s not start bashing on differences.
Oh, agreed. That’s not what i’m trying to get at, at all.
Just that the OpenBSD team make very real trade-offs. Functionality comes very much SECOND, as opposed to virtually every other platform where development is a balance of actually having a functional platform for getting shit done, rather than “we refuse to implement X because it isn’t secure”.
That’s the point i was originally trying to make. OpenBSD can be a bitch of a platform at times because functionality (and performance) comes second. SMP for example was totally useless for ages. I’m still not sure if it even has an SMP aware scheduler (And if it does, you can guarantee it isn’t as performant as FreeBSD or Linux) because for me, i’d never bother to deploy it (and haven’t bothered to keep up to the minute on it). I consider FreeBSD to be “secure enough”.
Another strong point of OpenBSD is actually the desktop installation and laptop/nic drivers, surprisingly. The OpenBSD developers are good at dogfooding and so it is a pretty good experience on commodity laptop hardware.
OpenBSD on public frontend servers (which can usually be scaled horizontally) with FreeBSD on the backend for databases and stuff that’s private but needs to be high performance and reliable, sounds like a good combo
I was thinking about going FreeBSD for storage and OpenBSD for other server.
That’s another good use case.
OpenBSD is security focused above all else. It belongs on the edge. Where performance or functionality or vendor support is more important (i.e., internal/back end application servers) you’ll likely have an easier time with FreeBSD.
Also, and this is something that many don’t consider that i think is relevant - having a heterogeneous compute environment does make life slightly more difficult for an adversary.
If you’re Open/Free/NetBSD everywhere or Windows everywhere then one kernel exploit possibly fucks your entire fleet. If you have a mix of platforms (and in particular a different edge to internal platform) you’ve at least raised the bar slightly for an attacker (in my view, anyway).
I got banned from the openbsd IRC like 7 years ago so I am going to say FreeBSD.
FreeBSD … Also since ghostBSD is its base … And that’s great for new users I’d definitely give the plus to freeBSD
Did you say Nvidia or TCP?
They told me to look something up on the mailing list. I said that is retarded.
I prefer neitherBSD.
Mostly because I don’t want to relearn grep and enjoy extended regex.