FreeBSD 10.3 vs OpenBSD 6.0

Status
Not open for further replies.
This apple is clearly not an orange. I don't think it's fair to either project. While it's correct that quantity does not equal quality, scarcity does not equal quality, either. If OpenBSD's documentation or goals or attitude appeals to you, great! If you find the similar goals but different scope of FreeBSD more to your liking, welcome here, too. Some people run both. If you like either one, help it by getting involved. For example, we need lots of help with docs...
 
Just a wild idea for the OP: why not run both and see for yourself?

There will be differences, obviously, and it'll start with the installer. But when getting your hands on some other software you'll quickly spot certain similarities again (such as a ports collection).

The problem is that you'll always get biased comments, no matter who you speak to. So if your intent is to learn then I'd say start up a virtual machine such as VirtualBox and then simply try it out. Hands on experience is the best way to get to know something better.
 
  • Thanks
Reactions: a6h
Certainly this "once you install anything outside of the base system, all is lost" mantra is false.
If that was in reply to what I said, I was not, and would never claim "all is lost". I stand by what I said, that a secure OS can easily be compromised through either bad admin or bad services/applications.

Theo can put all the mitigations he wants into the OS, he can make it the world's most secure OS, but that will not completely prevent a compromise if the admin (possibly unknowingly) creates a hole, or a service with dubious code quality is listening to the net. The compromise might end up limited to less than the entire system, but any case where an attacker can get beyond normal/good/safe functionality is a compromise even when limited/mitigated. If we're talking only about entire system compromises, then FreeBSD's jails go a long way towards preventing those.

OS design, quality, mitigations, etc only go so far.

It is great that we have Theo and the other OpenBSD developers focussing hard on security. They are doing a good thing for the world, and the entire BSD ecosystem benefits from it. It's just wrong to infer that you can't also deploy a secure FreeBSD system which will withstand sustained attack from the worst the net throws at it. In specific cases, you may well appreciate some of the OpenBSD security features and benefit from them; but otherwise FreeBSD works just as well, in practical terms, for many cases.

In general, and in modern times, the external compromises don't tend to come from the OS itself, they almost always come from the services and applications. Much of the Windows malware finds its way in through applications, often with the user actively giving it permission (or at least creating the opportunity) to take over their system!
 
----snip----
The reason why I asked my question in the first place, was to understand what OBSD has that FBSD doesn't - regarding security - and I got the answer. Thank you :)
----snip----

One interesting technical piece that OBSD has that, to my knowledge, is rather novel is pledge(). There are some decent talks about it on youtube for a quick introduction to the concept.
 
Status
Not open for further replies.
Back
Top