FreeBSD - a lesson in poor defaults
-
This page lists some of the changes I make to a vanilla install of FreeBSD for security hardening. Some changes to increase network performance or make things a bit more sane are also included. It only covers basic changes that a sysadmin can make to a running system.
It could also be considered a commentary piece on the state of security in FreeBSD's development ecosystem, highlighting their strong resistance to change and unwillingness to replace old cruft with modern alternatives.
The project's security page says the following:FreeBSD takes security very seriously and its developers are constantly working on making the operating system as secure as possible.
But is that really true? Let's find out.
ping: https://mastodon.social/@CuratedHackerNews/116549957974859573
-
https://mastodon.bsd.cafe/@grahamperrin/116564335700354892 "tired old crap" …
@ciotbsd a gentle hint: in the absence of quotation marks, casual readers who don't follow links might wrongly imagine that the words above are yours.
From the Senior Director of Technology at the FreeBSD Foundation in August 2022:
This link gets shared around every now and then, and my response is always the same: there is some useful insight, but there's also information that's so outdated it provides no value, outright misinformation, and self-contradiction. Some of the technical points are fair, and should be and are being addressed. But the commentary is often laughably wrong. The document seems more focused on advancing an agenda than a good-faith effort at improving security in FreeBSD.
-
https://mastodon.bsd.cafe/@grahamperrin/116564335700354892 "tired old crap" …
@ciotbsd a gentle hint: in the absence of quotation marks, casual readers who don't follow links might wrongly imagine that the words above are yours.
From the Senior Director of Technology at the FreeBSD Foundation in August 2022:
This link gets shared around every now and then, and my response is always the same: there is some useful insight, but there's also information that's so outdated it provides no value, outright misinformation, and self-contradiction. Some of the technical points are fair, and should be and are being addressed. But the commentary is often laughably wrong. The document seems more focused on advancing an agenda than a good-faith effort at improving security in FreeBSD.
a gentle hint: in the absence of quotation marks, casual readers who don't follow links might wrongly imagine that the words above are yours.
Thank for the remark!
In fact, as you’ve realised, they’re not mine, but the author’s; I’ve tweaked the first post slightly. -
In fact, as the subject line seems rather inappropriate, you can even delete it if you have the necessary permissions!
Hi, thanks.
The subject line here does match the title of the linked article. This is good practice, good netiquette
The downvote (from me) is because the value of the article is disupted; you could not have known this when you shared it. It's a downvote for the article, not for you personally
For what it's worth, I think: don't delete it from BSD Cafe Billboard. It's good to raise awareness of the reputation.
The recent Hacker News story that unearthed the article gained very few votes.
-
Hi, thanks.
The subject line here does match the title of the linked article. This is good practice, good netiquette
The downvote (from me) is because the value of the article is disupted; you could not have known this when you shared it. It's a downvote for the article, not for you personally
For what it's worth, I think: don't delete it from BSD Cafe Billboard. It's good to raise awareness of the reputation.
The recent Hacker News story that unearthed the article gained very few votes.
Hello! It looks like you're interested in this conversation, but you don't have an account yet.
Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.
With your input, this post could be even better 💗
Register Login