<![CDATA[FreeBSD - a lesson in poor defaults]]>

This page lists some of the changes I make to a vanilla install of FreeBSD for security hardening. Some changes to increase network performance or make things a bit more sane are also included. It only covers basic changes that a sysadmin can make to a running system.
It could also be considered a commentary piece on the state of security in FreeBSD's development ecosystem, highlighting their strong resistance to change and unwillingness to replace old cruft with modern alternatives.
The project's security page says the following:

FreeBSD takes security very seriously and its developers are constantly working on making the operating system as secure as possible.

But is that really true? Let's find out.

ping: https://mastodon.social/@CuratedHackerNews/116549957974859573

]]>https://billboard.bsd.cafe/topic/157/freebsd-a-lesson-in-poor-defaultsRSS for NodeSun, 17 May 2026 21:45:27 GMTSun, 10 May 2026 12:08:23 GMT60<![CDATA[Reply to FreeBSD - a lesson in poor defaults on Fri, 15 May 2026 13:01:55 GMT]]>No problem with the vote 😉

@grahamperrin said:

For what it's worth, I think: don't delete it from BSD Cafe Billboard. It's good to raise awareness of the reputation.

I hadn't thought of it that way. Interesting!

]]>https://billboard.bsd.cafe/post/462https://billboard.bsd.cafe/post/462Fri, 15 May 2026 13:01:55 GMT<![CDATA[Reply to FreeBSD - a lesson in poor defaults on Fri, 15 May 2026 11:27:26 GMT]]>Hi, thanks.

The subject line here does match the title of the linked article. This is good practice, good netiquette 👍

The downvote (from me) is because the value of the article is disupted; you could not have known this when you shared it. It's a downvote for the article, not for you personally 🙂

For what it's worth, I think: don't delete it from BSD Cafe Billboard. It's good to raise awareness of the reputation.

The recent Hacker News story that unearthed the article gained very few votes.

]]>https://billboard.bsd.cafe/post/461https://billboard.bsd.cafe/post/461Fri, 15 May 2026 11:27:26 GMT<![CDATA[Reply to FreeBSD - a lesson in poor defaults on Wed, 13 May 2026 07:50:20 GMT]]>In fact, as the subject line seems rather inappropriate, you can even delete it if you have the necessary permissions!

]]>https://billboard.bsd.cafe/post/448https://billboard.bsd.cafe/post/448Wed, 13 May 2026 07:50:20 GMT<![CDATA[Reply to FreeBSD - a lesson in poor defaults on Wed, 13 May 2026 07:30:03 GMT]]>

@grahamperrin said:

a gentle hint: in the absence of quotation marks, casual readers who don't follow links might wrongly imagine that the words above are yours.

Thank for the remark!
In fact, as you’ve realised, they’re not mine, but the author’s; I’ve tweaked the first post slightly.

]]>https://billboard.bsd.cafe/post/447https://billboard.bsd.cafe/post/447Wed, 13 May 2026 07:30:03 GMT<![CDATA[Reply to FreeBSD - a lesson in poor defaults on Wed, 13 May 2026 00:18:29 GMT]]>https://mastodon.bsd.cafe/@grahamperrin/116564335700354892 "tired old crap" …

@ciotbsd a gentle hint: in the absence of quotation marks, casual readers who don't follow links might wrongly imagine that the words above are yours.

From the Senior Director of Technology at the FreeBSD Foundation in August 2022:

This link gets shared around every now and then, and my response is always the same: there is some useful insight, but there's also information that's so outdated it provides no value, outright misinformation, and self-contradiction. Some of the technical points are fair, and should be and are being addressed. But the commentary is often laughably wrong. The document seems more focused on advancing an agenda than a good-faith effort at improving security in FreeBSD.

]]>https://billboard.bsd.cafe/post/445https://billboard.bsd.cafe/post/445Wed, 13 May 2026 00:18:29 GMT