Poettering praises FreeBSD Capsicum

cracauer@ said:
Well, Linux has quite a few mitigation mechanisms in the kernel, many more than FreeBSD (without capsicum).
Click to expand...

They're not particularly easy to use and they're all optional, so they turn to external sandboxing mechanisms like container runtimes.
 
RetroComputingCollector said:
Linux is just a mess in general. GNU/Linux feels like a hobby OS/proof-of-concept that someone posted on github.
Click to expand...
I dont want to defend it. I escaped that mess long time ago. However, for those that need to remain in that messy pile, there is a very simple solution. Use non-systemd based distros that you can build or install from chroot environment. Void, Artix, or Gentoo. Keep the number of packages at minimum and stay in official non user repos. Use doas instead of sudo. Stay away from containerized garbage like snap/flatpak/appimage. Build from source and you can have somewhat decent expirience.
 
RussellASC said:
I like the analogy that Linux evolved, but FreeBSD was designed.
Click to expand...
There is a lot to that observation. FreeBSD was indeed designed, by a relatively small group of people at CSRG, who stayed together after that department disbanded. You can notice that there is a coherent application of good taste to all parts of the system. But I'm not sure that this is still true today; I don't see a "chief architect" that's very active today. My hope is that the good taste has permeated the core group.

And Linux indeed evolved, in a very organic process. There is one decision making authority, but he's opinionated (and often wrong), hard to work with, and highly focused on the kernel. But at least his direction has kept the kernel functioning well. Alas, for user-space design it has been a free-for-all. And that chaos is what Lennart and systemd tried to clean up and organize, at least for the init and configuration area. Sadly, Lennart has no good taste at all. And retrofitting a clean solution to a messy base is somewhere between hard and impossible.

Honestly, I like the fact that someone somewhere is thinking about how to improve security within Linux. And that someone has lots of experience writing code and pushing it into the system. It will probably help a lot in the long run, except that many people will get pissed off in the process.
 
ralphbsz said:
And Linux indeed evolved, in a very organic process. There is one decision making authority, but he's opinionated (and often wrong), hard to work with, and highly focused on the kernel. But at least his direction has kept the kernel functioning well. Alas, for user-space design it has been a free-for-all. And that chaos is what Lennart and systemd tried to clean up and organize, at least for the init and configuration area. Sadly, Lennart has no good taste at all. And retrofitting a clean solution to a messy base is somewhere between hard and impossible.
Click to expand...
I would say the only OS worse in design than Linux is Windows. Windows is a rotting mess of legacy code. 32-bit Windows even has code that dates back to the 80's! FreeBSD does too, but it is not x86-16 ASM. I decompiled and dumped a bunch of DLLs (as well as other stuff like the Windows NT kernel), and it is a mess. At least Linux usually sheds its old crap when it reinvents itself. Windows still has the old NT3.1 stacking WM buried in there. Microsoft thinks it is good as a "fallback", or more precisely, too much would break if they removed it. Same thing with the old Win2k design language elements being scattered across various DLLs, or the remains of Internet Explorer, still integrated too deeply to remove. At this point "Windows" should just be a BSD-derivative based on a forked version of X11. The NT codebase is too crufty.
 
You must log in or register to reply here.
Back
Top