# What are your thoughts on this article?



## stratacast1 (Jan 27, 2018)

My friend shared an article with me on "Are the BSDs dying?" I'd like your opinions on this

https://www.csoonline.com/article/3...dying-some-security-researchers-think-so.html

Maybe it's because I switched my personal servers to FreeBSD, but I see there is growing interest in the BSDs. I'm still a newcomer to the BSD world so I don't see much of what more of the veteran users see


----------



## Criosphinx (Jan 27, 2018)

Apply Betteridge's law of headlines.


----------



## stratacast1 (Jan 27, 2018)

Criosphinx said:


> Apply Betteridge's law of headlines



LOL! That's funny, never heard of that before. I would like to see this thread turn into a bit of a discussion on security. I don't know much about the development cycle of the BSDs, how bugs are handled n such. What I do know, however, is I did report a ZFS bug (dry run is broken in some cases) myself and the response was essentially "no one really uses dry run for that case". So then, is there truth to potentially serious bugs/security holes just being deferred in FreeBSD when it really shouldn't be?


----------



## Deleted member 9563 (Jan 27, 2018)

As far as security is concerned, I think one would do better to compare users and use cases, rather then operating systems. We've all been living with lots of "low hanging fruit" vulnerabilities in hardware, operating systems, and users, for very many years. It would therefore seem that, historically anyway, it doesn't matter as much as people tend to think. I'm not sure this article serves any practical purpose.


----------



## Deleted member 30996 (Jan 27, 2018)

Some people think the Earth is flat, too.

Win10Pro came loaded on my W520 and I felt vulnerable to exploit the whole time I was online, which wasn't long, and I know how to lock it down..

I don't have that feeling at all on my BSD boxen.


----------



## Preetpal (Jan 27, 2018)

There is an associated video which is a lot better than the clickbait article.

https://media.ccc.de/v/34c3-8968-are_all_bsds_created_equally


----------



## drhowarddrfine (Jan 27, 2018)

There is already a thread on this BS article by a clueless reporter writing click bait about the same thing brought up every few years. In the meantime,  Netflix picks up FreeBSD as their video content server of choice making up almost 40% of all internet traffic.


----------



## ShelLuser (Jan 27, 2018)

My honest thoughts about that article? "_Totally not worth my time_". It's plain out nonsense that "_many eyes provide better security_" because even "many eyes" can easily overlook the obvious. And that's not just me venting a loaded opinion, that's my opinion based on numerous of example situations which have occurred in the past, where the Debian OpenSSL disaster is simply the most obvious one.

The main reason why I deem this unworthy of my time is this:



> van Sprundel says he easily found around 115 kernel bugs across the three BSDs, including 30 for FreeBSD, 25 for OpenBSD, and 60 for NetBSD. Many of these bugs he called "low-hanging fruit." He promptly reported all the bugs, but six months later, at the time of his talk, many remained unpatched.


I'm not claiming that this isn't true (I can't make those kind of claims) but I _do_ think that comments like these would have much more value to them if they were also specifically sharing the made reports. Give me PR numbers so that I can form my own opinion on this. Yet that important detail is carefully left out. "Convenient".

Then there's the rather obnoxious headline with "Dying". Seriously: the use of 'dying' has only one effect on me: It makes me believe up front that: "_They can't give a good solid opinion based on (proven!) arguments and therefor need a catchy catchphrase to draw more attention to it_".

So how does an open source project "die" exactly? One good way is when no one is using it anymore, but the statistics on BSD usage proof otherwise. BSD is used in tons of environments, from the PS4 to that unknown machine which no one has heard off. Of course quantity doesn't make quality, but even so...

My problem with that is that you can read panic stories like these within all areas. Heck, I'm a big Minecraft fan and a pretty dedicated player. Guess what? "_Is Minecraft dying? Researchers believe that to be the case_" (I kid you not!) yet here we are, 2 years later and in anticipation of the latest upcoming update: 1.13, now dubbed "Project Aquatica". Dying indeed...

Modeling languages (such as UML, SysML) anyone? "Is UML obsolete?", same deal. Yet the whole thing is still being actively used today.

"Has Ableton died in favor of Bitwig?" (audio / DAW software comment). Gee, where did I hear those "dying" comments before? Oh wait, I know!

*Summing up*

To me every article which starts with "catchy" headlines such as the one in the OP is plain out unworthy of my time. "Is it dying?!" to me equals: "I need you to read this!!!!!!", usually while making assumptions and vague arguments which over the years will be easily debunked. Only problem is that by that time no one cares anymore.

Which brings me to another point: AdBlock plus tells me that it has blocked 12 (that's kind of high) sources of advertisements on that website. So... is this really about spreading a well meant warning or could this also be about generating more revenue for oneselves?

Same with that speaker I quoted...  What better way to draw attention to yourself then by sharing a rather outspoken opinion. Wouldn't you agree that this is a solid way to raise your chances of getting invited to more seminars (which will also ensure you'll be receiving more paychecks)?

And the reason I'm starting to theorize in this direction is this:



> The FreeBSD project pushed back on van Sprundel's findings, however. "One of the issues we have is there's a large variety of issues that are being found but there are some issues that have no practical exploit," Ed Maste, director of project development at the FreeBSD Foundation, and member of the elected FreeBSD core team, says. "We've started treating some of these as just bugs and not as security issues."


And this is _exactly_ the reason why I consider the given arguments about "problems" extremely hollow if those aren't backed up by facts, such as shared PR numbers.

Considering the whole context I shared above (about a possible conflict of interest) I'm definitely more tempted to side with the FreeBSD foundation over this than the researcher who - in my opinion - is first and foremost more busy with selling his story. Note: even though I realize all too well that I'm basically not able to make those claims because.. Let's be honest: no one knows exactly what kind of bugs or issues we're talking about. Convenient indeed.

So yah...


----------



## CraigHB (Jan 27, 2018)

Ublock Origin on my browser tallied 34 blocks on that article.  I think the article is more about getting people to click in for ad revenue.


----------



## stratacast1 (Jan 27, 2018)

Thank you all for the very good input on this! CraigHB, I got 55 with Ublock Origin on the website

The second I saw the article I thought it was clickbait myself, but sometimes I take time to read them just to consider a rebuttle. I'd like to be able to make a case for something if it ever comes up in conversation. I think one thing FreeBSD offers is a simple system to understand. It took coming from Linux to realize how much more straightforward FreeBSD is. I think that easy to understand software is a huge player in a secure system, because if the user doesn't know how to make it secure, then you already lost. I trust my Linux systems too because I've learned how to make them secure over the years, but I trust the foundation and its ability to make a good codebase, and it shows in how reliable the system is, where my Linux boxes would start to have problems in this time


----------



## Deleted member 30996 (Jan 28, 2018)

Heh, NoScript blocked 98 scripts and 1 object.


----------



## Datapanic (Jan 28, 2018)

It was slash-dot'ed Friday.  I read it and thought about posting it here, but seriously, it's not an article worth reading.


----------



## stratacast1 (Jan 28, 2018)

I thought the video that Preetpal posted was somewhat useful though. The video is the same guy but more of a presentation of his findings. However, I still found the conclusion pretty lackluster. Yeah yeah, you found vulnerabilities, good job. What was somewhat interesting though was how Linux (kernel) had 346 security flaws reported from January 1 to July 2017, but all of FreeBSD, NetBSD, and OpenBSD had 377 combined from 1999 to 2017. Hence his hypothesis of "are there just not enough devs looking over this stuff?"  well....considering FreeBSD was far more popular in the early 2000s than Linux I think bunks his thesis. I just see Linux having the marketing edge


----------



## Deleted member 9563 (Jan 28, 2018)

ShelLuser said:


> My honest thoughts about that article? "_Totally not worth my time_".


You read the whole thing? That was nice of you.


----------



## CraigHB (Jan 28, 2018)

stratacast1 said:


> It took coming from Linux to realize how much more straightforward FreeBSD is. I think that easy to understand software is a huge player in a secure system, because if the user doesn't know how to make it secure, then you already lost.



I'm fresh off the boat from Linux with FreeBSD.  I tell you, it's amazing to me how much cleaner and more organized things are with FreeBSD.  Much more straightforward.  I was getting frustrated with how convoluted everything is getting on Linux.  It's like security through obscurity.  There are some things I'm missing about the old Linux system, right now I'm having a little trouble getting used to the disk partitioning tools, but nothing I can't get a handle on.


----------



## -Snake- (Jan 28, 2018)

CraigHB said:


> I'm fresh off the boat from Linux with FreeBSD.  I tell you, it's amazing to me how much cleaner and more organized things are with FreeBSD.  Much more straightforward.  I was getting frustrated with how convoluted everything is getting on Linux.  It's like security through obscurity.  There are some things I'm missing about the old Linux system, right now I'm having a little trouble getting used to the disk partitioning tools, but nothing I can't get a handle on.



Completely agree, I also come from gnu/linux and it's amazing how clean and clear the FreeBSD base system is compared to the "chaos" in gnu/linux.


----------



## herrbischoff (Jan 29, 2018)

I had opened a post (now deleted) on this without realizing it's already discussed here.



Criosphinx said:


> Apply Betteridge's law of headlines.



This is the feeling I had about it. The article itself appears to be pretty much in the realm of clickbait. Yet, if you take away all the urgent language and hyperbole ("dying"), what I'm most interested in is the way how security vulnerabilities and bugs are addressed by FreeBSD developers. From what I can gather it appears to be a rather practical approach, vetting the potential vulnerabilities for possible real-world exploitability, leaving less critical bugs in place until later. While this is a common approach to security, it would help to know a little about the reasoning behind the patching of some bugs and the leaving of others without being a fully trained security engineer. Is there information regarding this I could use to educate me?


----------



## sidetone (Feb 7, 2018)

https://www.csoonline.com/article/3...dying-some-security-researchers-think-so.html

Its points are: less developers than Linux, and differences in amounts of code among different BSD kernels. Knowing about problems of mainstream Linuxes, I take this with a grain of salt.

BSD's are less bloated than most Linuxes. Anything with SystemD automatically negates any possible benefits of a kernel. GCC being or already removed from BSD's is another strong point of BSD's compared to most Linuxes. OSS (soon to be version 4 on FreeBSD) and Sndio outperform ALSA, PulseAudio, etc... In Linux/GNU, code is just piled on redundantly, to where when that code is ported here and fixed, 14 hours of bloat compile time has been done away with.

One area where other BSD's outperform FreeBSD is the simplicity of their ports in terms of cleaner dependencies, but this deficiency actually comes from porting from Linuxes with few improvements over how they were there. Another issue specific to FreeBSD is, while FreeBSD has a good reputation for documentation, there are a lack of committers or interest in updating it.

When FreeBSD 12 (at this time Current) comes out with Elf or Clang compiling utilities, maybe OSSv4 [audio/oss as ignored] and maybe Bluetooth LE (Low Energy) [https://github.com/takawata/FreeBSD-BLE] improvements, I think that will free up a lot of resources and be a catalyst for further improvements.

Come to think of it, there is a strong point in the BSD community with plenty of active members, FreeNAS.


----------



## SirDice (Feb 7, 2018)

Threads merged.


----------



## sidetone (Feb 7, 2018)

ShelLuser said:


> It's plain out nonsense that "_many eyes provide better security_" because even "many eyes" can easily overlook the obvious.


In GCC, ALSA, Pulseaudio, GTK, Docbook, SystemD and Ubuntu, all they've done is overlooked the obvious and piled on 20 different dependencies for 1 need, 20 different times.

Then a flaw in Linux software is pointed out in FreeBSD, and they take it back to the Linux community. After that I wonder, if some Linux fanatics are in awe of the Linux community for thinking they discovered it, after that problem was unnoticed for 10 years by those many eyes, whose only solution was to pile on.

I even notice when trying to figure out how to de-clutter a port. Someone reports a bug for a GNU related program in an attempt to clean it up, then they use that report to find a way to re-clutter it in such a way that, they've found a way to make it so that a program's purpose that is only for audio finally appears logically inseparable from graphics gtk code.

Linux is aggressive regression, if I ever saw it.

I haven't used NetBSD or OpenBSD yet, but those have to have the most efficient, and least bloated ports than anything else.


----------



## CraigHB (Feb 7, 2018)

sidetone said:


> Linux is aggressive regression, if I ever saw it.



It's amazing to me the damage done to all of Linux/GNU by one large organization upstream.  It illustrates a fault in the development model there.  I think FreeBSD being more structured is not vulnerable to this failing, at least I hope it's not.


----------



## ronaldlees (Feb 7, 2018)

Trihexagonal said:


> Some people think the Earth is flat, too.
> 
> Win10Pro came loaded on my W520 and I felt vulnerable to exploit the whole time I was online, which wasn't long, and I know how to lock it down..
> 
> I don't have that feeling at all on my BSD boxen.




HaHa - have you visited https://www.theflatearthsociety.org/forum?  Over a million posts there are arguing over whether the earth is round or flat, but it is really a debaters club for 3/4 of them.  Might be a few true believers tho   

I feel that Windows is probably less good for me given the possible and suspected corporate data collection potentials that grow out of proprietary software,  but it's probably more secure than OSS on a first visit to my bank, when I've used the browser for nothing else from the time of the installation of the OS.  After the OS has been exposed to other sites, I'd feel some vulnerability on Windows thereafter.  This gut feeling comes from reading headline results of penetration competitions conducted at some of the white/gray/black/hat infosec conferences.  This isn't advice, and I'm not an expert. You seem to be one of those (Win Sec expert), so I'd *really* be interested in your opinion.  That said, I still don't use Windows.

Due to the blueprint that's available via any open source, I feel that targeted efforts against my OSS system and browser are more likely to be successful on that first trip to the bank, even when I've used the setup for nothing else.  For non-targeted efforts I'd lean towards OSS, and feel more comfortable about it, and that is at least partially based on obscurity.  That said, I use OSS for *everything*.

Forum activity is up, so the trolls are wrong.


----------



## k.jacker (Feb 7, 2018)

I mostly read the news on fb because people there know what they are talking about!
I didn't know the world was flat, but I believe it since now. My teachers at school were wrong. Those stupid idiots!!!
And if you didn't know allready... everybody who can write is right. That's why they write!!
They want to help us and teach us the truth, so that we can relax and see the world how it really is.
That's the reason for all those funny blinking adds. They should attract us, so that we don't let breaking news and revealed secrets pass by unread.

It's way too easy. Every click is another sheep on the pasture....


----------



## Deleted member 30996 (Feb 7, 2018)

ronaldlees said:


> HaHa - have you visited https://www.theflatearthsociety.org/forum?  Over a million posts there are arguing over whether the earth is round or flat, but it is really a debaters club for 3/4 of them.  Might be a few true believers tho



There are, check youtube. 



ronaldlees said:


> This isn't advice, and I'm not an expert. You seem to be one of those (Win Sec expert), so I'd *really* be interested in your opinion.  That said, I still don't use Windows.



Aside from a short run on Win7 to play Oblivion, Win10Pro was the first Windows I'd used since Vista. I had already read a lot of it on how it phoned home and such, some of it I knew from experience. I go through each firewall rule and set as I please and make my own as I go to enforce it. By blocking TCP port 0 on Win10 it prevented it from doing something I didn't expect, I can't remember exactly what. It couldn't update itself or something with port 0 blocked. It's a rule I had always used before and I still block port 0 with my pf ruleset from my old Windows days

I spent one whole day locking it down before ever going online. The time I spent online was to find more apps to lock it down further due to the "layered security" idea they adhere to, where you have to pile app upon app to do a job. The only sites I went to were Microsoft related and I still felt like the Sword of Damocles was hanging over my head the whole time.

I don't do online banking but I do use ebay a lot and on the same machines I use daily with the same browser. I know what scripts I'm allowing, type the URL by hand, have puny code disabled in my browser, etc. They might ask me to identify my 2 step authentication when I log in or my password again if I start to make a transaction. The first time I spoofed my useragent from FreeBSD they messaged "Something doesn't look right..."

So I am fairly confident in my BSD setup, and I do still have that Win10Pro HDD to play Oblivion, but I never connect it to the net anymore and still have the version before Creators Update.


----------



## sidetone (Feb 7, 2018)

CraigHB said:


> It's amazing to me the damage done to all of Linux/GNU by one large organization upstream.  It illustrates a fault in the development model there.  I think FreeBSD being more structured is not vulnerable to this failing, at least I hope it's not.


It's more of a mindset. To a smaller extent, FreeBSD is vulnerable in ports, because some source code is brought over like so. In FreeBSD, it's not intentional. FreeBSD also relied on GCC for too long, so now more bugs inherent in ported code can be found and corrected. Ports is structured, but there is room for improvement by standardization.


----------



## ronaldlees (Feb 7, 2018)

Trihexagonal said:


> By blocking TCP port 0 on Win10 it prevented it from doing something I didn't expect, I can't remember exactly what. It couldn't update itself or something with port 0 blocked. It's a rule I had always used before and I still block port 0 with my pf ruleset from my old Windows days


So, Windows has a special stack or bypass or packet handler that's used only for company related communication, since zero is normally non-valid (reserved for ephemeral port gen).  I guess you can use raw sockets for making packets that use port zero.  That seems like an obvious thing a company would do (for that kind of communication) after you read it.  Out of sight - out of mind.  Don't have a copy of Windows here, or else maybe I'd have a look.  Interesting.

Read that some firewalls are configured to let port zero thru because the config tools assume there will be no port zero TCP traffic.  Probably some monitors and net utils don't show TCP port0 either.    Apparently pf blocks zero, but now it seems like a thing to verify.


----------



## cynwulf (Feb 7, 2018)

More "eyeballs" doesn't automatically work - the eyeballs need to be looking and in the right places and know what they're looking for, the sheer numbers become irrelevant if they're not.  If the codebase becomes so large and complex that it's no longer easy for humans to check, then one can only assume what happens.

http://www.linux.com/news/software/...report-dirk-hohndel-chats-with-linus-torvalds



CraigHB said:


> It's amazing to me the damage done to all of Linux/GNU by one large organization upstream.  It illustrates a fault in the development model there.  I think FreeBSD being more structured is not vulnerable to this failing, at least I hope it's not.


Not just one big organisation.  Lots of fingers in that particular pie.

https://www.linuxfoundation.org/about/board-members/
https://www.linuxfoundation.org/membership/members/

None of these are sitting on the board or "paying the bills" just for the hell of it.

The kernel is just one piece of course...


----------



## ronaldlees (Feb 8, 2018)

I don't know if it's fair to compare Linux to any other operating systems with the exception of MS or Apple.  Linux has gotten to be much bigger than operating systems such as FreeBSD and OpenBSD, in terms of people.

https://arstechnica.com/information...pers-and-gets-10000-patches-for-each-version/

The link is three years old and puts the number of developers of Linux at around 4500.  More recently, I've seen 7000 developers listed in a quote from somewhere else.   FreeBSD has what ... around 200? 300? 400 developers? FreeBSD is not in the same league as Linux, Windows, or Apple, when it comes to the total number of developers.

Has FreeBSD ever had significantly more than the current number of developers?  I suspect the numbers haven't changed so much as to be able to say the BSDs are "dying" - that doesn't seem right.  As far as the "many eyeballs" thing goes, can we really say that Linux is 20x more secure, since it has 20x more developers, relative to FreeBSD?  Nah.  No way. The reason is that many of those Linux devs are not doing security fixes, or even checking security issues.  They're building the stuff into Linux that is of interest to them (Microsoft's agenda, for instance) - or creating new product drivers for the new gear they want to sell.  

The FreeBSD guys are probably limiting their efforts to what really is needed, and don't try to cover so much hardware.


----------



## Deleted member 9563 (Feb 8, 2018)

ronaldlees said:


> The FreeBSD guys are probably limiting their efforts to what really is needed, . . .



That in itself has actual advantages. There not so much development of stuff that is not really needed. Which, as we've seen, is a problem with Linux.


----------



## Deleted member 30996 (Feb 8, 2018)

ronaldlees said:


> So, Windows has a special stack or bypass or packet handler that's used only for company related communication, since zero is normally non-valid (reserved for ephemeral port gen)...



I'm not clear on the details, it does seem like it was updating it blocked, but I am absolutely positive blocking port 0, and I blocked TCP and UDP, had an unexpected effect on its ability to function normally. And I've used that rule since Win98 without that ever happening before.

Here's my pf port 0 rule:


```
### Block to and from port 0
block quick proto { tcp, udp } from any port = 0 to any
block quick proto { tcp, udp } from any to any port = 0
```


----------



## ronaldlees (Feb 8, 2018)

Funny how I never really thought much about that.  I've always just played by the rules, and worked with TCP the way you're supposed to work with it.  So, when I see this, I feel a little dumb over not seeing things that are in plain sight.  Best place to hide tho ...


----------



## CraigHB (Feb 8, 2018)

There was an old television series called Outer Limits where the introduction to the show was a blurb about how they have control over all you see and hear over the course of the show.  It was amusing and I think it was intended to be, sort of a nod to The Brave New World.  Though I think the makers of proprietary software are making it their mission statement now.


----------



## Deleted member 30996 (Feb 9, 2018)

ronaldlees said:


> Funny how I never really thought much about that.  I've always just played by the rules, and worked with TCP the way you're supposed to work with it.  So, when I see this, I feel a little dumb over not seeing things that are in plain sight.  Best place to hide tho ...



After I think about it, maybe that's how they carry out using everybody's bandwdith to distribute their software and apps. You can opt out, but it's like a peer-to-peer scheme. 

I have my Win10 HDD in now and tomorrow will see if I can pick anything out of the logs. It was a year ago or more, but a couple weeks ago is the first time I've fired it up since and it's off now.

Win98 was a huge learning experience for me. I learned that if I was going to survive I had to know how to defend against exploit, and the best way to do that is know how they are carried out. It's something I picked up from way back then using Conseal PC Firewall, another packer filter.

I can't honestly remember if it's ever shown a block for port 0 in all the time I've used it up to now, and if it did was only once. But I feel better with it and I Admin my machines


----------



## sidetone (Feb 9, 2018)

ShelLuser said:


> I'm not claiming that this isn't true (I can't make those kind of claims) but I _do_ think that comments like these would have much more value to them if they were also specifically sharing the made reports. Give me PR numbers so that I can form my own opinion on this. Yet that important detail is carefully left out. "Convenient".



My instinct is that the author exaggerated, not about the duration of bugs, but the severity of mentioned bugs. There are a few bug reports and fixes in documentation, not severe and not in execution source code, that sit around for months. Also, it has to be considered, if there are bugs, perhaps they are not severe unless they are coupled with that cluttered GNU/Linux mess imported into ports.

I don't expect PR numbers, but the author could point to a more specific category or window of search within FreeBSD, NetBSD or OpenBSD Bugzilla.

It seems to me, this author was trying to get a reaction, or insert a heavy or ignorant bias.

FreeBSD has many strengths. While it may not have as many developers, companies dedicate resources to make sure that the base of FreeBSD and ethernet card drivers are professional.

Then to suggest that NetBSD is most terrible OS out there from a GNU/Linux perspective is ridiculous. Because where NetBSD beats GNU/Linux, no question, is it has a cleaner programs repository. NetBSD is ported on more systems, because of cleaner code, not in large part to more coding.


----------



## Datapanic (Feb 9, 2018)

Have you guys seen the bug on https://www.freshports.org/


----------



## ronaldlees (Feb 9, 2018)

You mean this one:

https://www.freshports.org/images/notbug.gif

Not sure what the message is.


----------



## Datapanic (Feb 10, 2018)

That's the bug   Not sure what it means either.  But it could be related.  Who knows!?


----------



## azathoth (Feb 13, 2018)

stratacast1 said:


> My friend shared an article with me on "Are the BSDs dying?" I'd like your opinions on this
> 
> https://www.csoonline.com/article/3...dying-some-security-researchers-think-so.html
> 
> Maybe it's because I switched my personal servers to FreeBSD, but I see there is growing interest in the BSDs. I'm still a newcomer to the BSD world so I don't see much of what more of the veteran users see



sounds like doomsaying like global warming which will long term be proven total bs


----------



## azathoth (Feb 13, 2018)

Criosphinx said:


> Apply Betteridge's law of headlines.


ha!
high hilarity


----------



## azathoth (Feb 13, 2018)

Trihexagonal said:


> There are, check youtube.
> 
> 
> 
> ...



of course the earth is flat
I mean just go outside an look!


----------



## azathoth (Feb 13, 2018)

Archlinux or alpine are competitors to bsd, not deadrat ur-bung-2 and dweebian.  pkg narrowed the pkg mgnt gap but freebsd ahead with ZFS and openbsd on security.....
-my 1 cents


----------



## Oko (Feb 14, 2018)

stratacast1 said:


> My friend shared an article with me on "Are the BSDs dying?" I'd like your opinions on this
> 
> https://www.csoonline.com/article/3...dying-some-security-researchers-think-so.html
> 
> Maybe it's because I switched my personal servers to FreeBSD, but I see there is growing interest in the BSDs. I'm still a newcomer to the BSD world so I don't see much of what more of the veteran users see


The article is not very deep but for what is worth it is fairly accurate. Last's year DEFCON 25 and 34c3 Ilja Van Sprundel security audits are well known across BSDs communities and they are taken very seriously. Some people who recognized themselves in the Ilja's valid critiques are still trying to defend themselves with BS blog posts as recent as few days ago

http://blog.netbsd.org/tnf/entry/recent_security_affairs

but the actions speak far louder than the words. I remember a day after the DEFCON 25 Ilya's presentation applying 30+ patches via syspatch on my OpenBSD machines.

I think that the article's assessment of  BSDs futures is also pretty accurate. From where I am sitting (school of computer science Carnegie Mellon University) BSDs are statistical error. I can't see nothing but Linux deployment with NAS storage being possible exceptions (many, many FreeNAS installations among big data guys). Sure people who are not using Cisco or Juniper network gear do heavily relay on OpenBSD but that is a very niche market segment.

I don't see any BSDs being used for general purpose or scientific computing. I have never seen a single NetBSD or DragonFly BSD server deployed in production (My own private file server runs DragonFly). Actually I have never seen or met a single NetBSD developer using NetBSD at work (I met few at various BSD conferences over the years but they used Linux for living). I have yet to come across a live human being who deployed DragonFly for real like me.


----------



## Deleted member 30996 (Feb 20, 2018)

ronaldlees said:


> Funny how I never really thought much about that.  I've always just played by the rules, and worked with TCP the way you're supposed to work with it.



ronaldlees, a guy is talking about having been hacked via port 0 in the LQ security forum right now.


----------



## vermaden (Feb 20, 2018)

@stratacast1

I would say currently BSDs have never been better, I would rather write _'Linux is dying ...'_, look what is happening because of systemd ... two Linux worlds co-exist today ...


----------



## giahung1997 (Feb 20, 2018)

vermaden said:


> @stratacast1
> 
> I would say currently BSDs have never been better, I would rather write _'Linux is dying ...'_, look what is happening because of systemd ... two Linux worlds co-exist today ...


Are you joking or just paranoid? Or trolling?


----------



## Oko (Feb 20, 2018)

vermaden said:


> @stratacast1
> 
> I would say currently BSDs have never been better, I would rather write _'Linux is dying ...'_, look what is happening because of systemd ... two Linux worlds co-exist today ...


vermaden I know you for many, may years as a very serious UNIX guy. Please tell me that I am hallucinating or that you have little bit too much to drink when you posted that BS.    



> Carl Sagan — 'Better the _hard truth_, I say, than the comforting fantasy.'


----------



## ronaldlees (Feb 20, 2018)

Trihexagonal said:


> ronaldlees, a guy is talking about having been hacked via port 0 in the LQ security forum right now.



Due to my weird operating system affiliations, and my cavorting with others of the same ilk, I don't have L or Q clearance, so probably they won't let me into that forum.


----------



## Deleted member 30996 (Feb 20, 2018)

ronaldlees said:


> Due to my weird operating system affiliations, and my cavorting with others of the same ilk, I don't have L or Q clearance, so probably they won't let me into that forum.



Spoof your way in.


----------



## CraigHB (Feb 20, 2018)

vermaden said:


> I would say currently BSDs have never been better, I would rather write _'Linux is dying ...'_, look what is happening because of systemd ... two Linux worlds co-exist today ...



I don't know, I would sooner agree.  I'm pretty mad at Debian Linux right now.  FreeBSD saved me from being stuck with it and grumbling about it.


----------



## vermaden (Feb 20, 2018)

Too much sarcasm in one sentence I suppose


----------



## sidetone (Feb 20, 2018)

vermaden said:


> I would say currently BSDs have never been better,


In terms of users getting better at configuring their systems, code that is in the works (drivers for instance, oss, sndio, less dependence on binutils), and information being shared.



> I would rather write _'Linux is dying ...'_, look what is happening because of systemd ... two Linux worlds co-exist today ...


Linux that uses systemd is harming it enough.


----------



## dclau (Feb 21, 2018)

Hume The only "thing" too niche and irrelevant here is you, and you're about to vanish sooner than FreeBSD. Enjoy your dinner, don't choke today


----------



## Maxnix (Feb 22, 2018)

dclau said:


> Hume The only "thing" too niche and irrelevant here is you, and you're about to vanish sooner than FreeBSD. Enjoy your dinner, don't choke today


He's not that wrong. FreeBSD is not dying, of course, but Linux dominates the server market and can be used for scientific computing thanks to CUDA being supported. FreeBSD had the advantage of ZFS, (DTrace seem to be considered irrilevant...) but now that Linux is getting a better and better support for it how could you convince someone that already made some investments to change? No one has doubts (at least here ) about FreeBSD's advantages (coherecnce, organization...), but history teach us that too often is averageness that goes on...
Now, if we add the still unpatched Meltdown and Spectre flaws how do you think that FreeBSD will be perceived? And ASLR? All others security enhancements added in HardenedBSD?


----------



## drhowarddrfine (Feb 22, 2018)

Hume said:


> It has been a MASSIVE struggle to use FreeBSD for the projects I have setup over the past few years.


When you don't know what you're doing I would think so. This isn't an issue for the rest of us.

Let's not feed the trolls.


Maxnix said:


> Linux dominates the server market and can be used for scientific computing thanks to CUDA being supported.


One has never needed CUDA to do scientific computing. CUDA is just another tool to use.


Maxnix said:


> if we add the still unpatched Meltdown and Spectre flaws how do you think that FreeBSD will be perceived?


Committed yesterday.


----------



## DutchDaemon (Feb 22, 2018)

We are actively deleting troll accounts from the same IP address, so there may be some holes in threads. Sorry. Not sorry.


----------



## giahung1997 (Feb 22, 2018)

DutchDaemon said:


> We are actively deleting troll accounts from the same IP address, so there may be some holes in threads. Sorry. Not sorry.


I hope you don't consider me as troll because of my terrible english (I remember a time you edit any post on this forum to correct thing like freebsd to FreeBSD ). For my surprise, I don't think people even making clones to feed each other, trolling, spamming... on a technical forum like yours.


----------



## DutchDaemon (Feb 22, 2018)

giahung1997 said:


> I hope you don't consider me as troll



You're here. So no.


----------



## Spartrekus (Jul 17, 2019)

> Struck by the small number of reported BSD kernel vulnerabilities compared to Linux, van Sprundel sat down last summer and reviewed BSD source code in his spare time. "How come there are only a handful of BSD security kernel bugs advisories released every year?" he wanted to know. Is it because the BSDs are so much more secure? Or is it because no one is looking?
> 
> van Sprundel says he easily found around 115 kernel bugs across the three BSDs, including 30 for FreeBSD, 25 for OpenBSD, and 60 for NetBSD. Many of these bugs he called "low-hanging fruit." He promptly reported all the bugs, but six months later, at the time of his talk, many remained unpatched.


What he wrote, in the link, there are always bugs anywhere - maybe many more in the larger other OSes.


----------



## SirDice (Jul 17, 2019)

It's like playing whack-a-mole. 

Enough's been said already on the subject.


----------

