undefined | Better HN

0 pointsruthmarx1y ago0 comments

> Some variants of Unix are designed for security; OpenBSD comes to mind.

This is fundamentally not true. Don't buy into the aggressive marketing. OpenBSD has a less secure design than pretty much any modern Linux. Their reputation for security is based on disabling things by default when it wasn't common 20 years ago, that's pretty much it.

0 comments

generalizations1y ago

I trust soft sells over hard sells. SELinux depends on hard sells, from what I've seen; and OpenBSD stands on the logic of its own merits.

ruthmarxOP1y ago

This doesn't even make sense. At all.

First of all "OpenBSD stands on the logic of its own merits" what in the actual heck?

OpenBSD has had two remote holes in it's default install and importantly, *no mechanisms in place or restrict what can then be done*. That's not in line with a secure system.

You're vastly overstating and assuming the merits OpenBSD has, and then even worse, assuming logic exists based on that to support your position. I would say it doesn't, and I challenge you to show your work and demonstrate otherwise.

SELinux is a mature product that has seen widespread use in enterprise deployment and has real world examples of stopping attacks that OpenBSD couldn't hope to on it's best day.

If you want to go by merit and logic and not assumption and marketing, then SELinux will come out on top every time. It's actual, provable, tested security, not dreams and half-measures.

j / k navigate · click thread line to collapse