/g/ - Technology

install openbsd

[Make a Post]
[X]





Security OS general Nanonymous No.1983 [D][U][F][S][L][A][C] >>2082
File: 1d15c340a2ff70b9fb51b9ca95f24c2a83f2ab53434958ecd1bfbd19d5aa33df.png (dl) (181.11 KiB)

>get Qubes for convenient online identity separation and sane attitude to security
[one imageboard later]
>realize Fedora (dom0) is bloated fuck with strong commercial influence
>realize Linux is just a hobbyist kernel with poor overall design partly due to being so old
>[spoiler]realize OpenBSD is probably just as vulnerable as Linux kernel due to lack of devs, and the other alternatives are even more dead and with less creator integrity[/spoiler].

Nanonymous No.1984 [D]

1984 GET, for all computers on the Internet

Nanonymous No.1987 [D]

@BO
Merge this into OS general?

Nanonymous No.1988 [D] >>1990

>Durr hurr less devs means less secure
More devs = easier to (((compromise)))

Nanonymous No.1989 [D]

>Qubes requires a modern Intel or AMD processor

Nanonymous No.1990 [D][U][F] >>1998
File: 9714de09e89cba5aea3591aaca478ea370c4607edd11584463603a8f874b5d8c.png (dl) (2.12 MiB)

>>1988
less devs = easier to find vulns
Since when is compromise something to be called out?
also openbsd is literally unusable if you do anything else other than browse web, code having it as router - alpine is good if not better anyway
Just stick to whatever you find most secure and harden it even more.
The main and most important problem is hardware anyway. It's kind of pointless to have ultra-minimal/hard-as-cock software when the me/psp can change what you see etc.
Also minimal meme is fuckin bullshit. The en.wikipedia.org/wiki/Big_Design_Up_Front is the way to go. Shame that for marketing purposes it's better to add features to constantly stream toxic waste into "tech" media than having developed quality software that ages like wine no one talks about.

Nanonymous No.1998 [D] >>2082

>>1990
only thing I need to do is code, shitpost on nanochan, and watch anime. certainly suits me very well.

Nanonymous No.2002 [D]

>just a hobbyist kernel
>commercial influence


Nanonymous No.2035 [D]

just like, switch to Macs
they never get viruses :^)
I'd rather stick with Linux for now. It's secure enough and supports enough software for reasonable use. It's not like there's anything better.

Nanonymous No.2082 [D] >>2099

>>1998
was an excellent year
This is true of the vast majority of people.

>>1983
Realize and come to believe are two different things. I think you mean the latter.

Nanonymous No.2099 [D] >>2142

>>2082
1998 and 2003 were two of humanities peaks. Would have been nice to bail back then.

Nanonymous No.2142 [D] >>2150

>>2099
Those years sucked.

Nanonymous No.2150 [D] >>2354 >>2355

>>2142
It's all been downhill since personal computing caught on.

Nanonymous No.2354 [D] >>2355

>>2150
"Computers went to shit when they started making them for niggers."
FTFY friend.

Nanonymous No.2355 [D] >>2368

>>2354
He was blaming GUIs while using Ubuntu to screen-record his running TempleOS in a VM ...
>>2150
It's just that the first adopters where smarter than those that followed.

Nanonymous No.2368 [D]

>>2355
I mean, yeah, I understand that. I just love the way Terry talked and the bluntness and edginess of the statement. I understand that the real issue is just that the internet stopped being only for enthusiasts and techies.

It's like Skyrim, really. It caught on with normies, so they fell for the GUI meme and got hand-held for over two decades of computer science progress. Just like normies would never bother writing notes and learning how to traverse the worlds of TES without a stupid compass telling you exactly where to go no matter how outlandish.

Nanonymous No.2370 [D] >>2371

For what it's worth, using an up-to-date GNU/Linux OS will be sufficient for most attacks. For the NSA, it's easier to bypass rather than exploit. For prevention of zero-days, use the 'need-to-know' model that governments use. Use text-based browsers like links2 (has a graphical mode as well) for general browsing. If you need javascript, then and only then open firefox. The idea is to start with the most minimal and simple solution and work up to unsafe solutions as necessary.

Nanonymous No.2371 [D]

>>2370
That's a good point. I may be a feeble weakling who can't compile or use a terminal whatsoever, but I can appreciate minimalist browsers. Thanks for namedropping links2, I'll give it a shot sometime.

Nanonymous No.2656 [D] >>2835

>tfw your hardware is not compatible with qubesos
Fuck me, I was looking forward to it

Nanonymous No.2835 [D]

>>2656
Your hardware doesn't have to be on the HCL, as long as it supports VT-d/IOMMU (check bios settings, mine was off by default). Try installing anyway, I was surprised when my cheap obscure mobo worked.

Nanomyous No.3706 [D]

Linux isn't hobbyist kernel for a long time, I'd say it's less secure because of that since such huge torrent of new code each merge window is a great way to introduce vulnerabilities.

OpenBSD on the other hand while has small amount of devs has much smaller codebase. Adding careful coding and ROP mitigations to the equation and we get pretty much the best we can get for no money.

As alternatives to OpenBSD you have Grsecurity which closed their sources. Unless you're ready to promote yourself as a security expert and pick up last public grsec patches and forward port them on modern kernels, you're out of luck. Yes, there was a leak for not so old grsec on github: https://github.com/jameshilliard/linux-grsec.git . At least it's post meltdown and you won't have to adapt grsec patch for PTI. But also you'd have to audit the leaked kernel for any possible backdoors.

The main thought: unless you have a company which can become a grsecurity client - OpenBSD is your best bet nowdays.

Nanomyous No.3707 [D] >>3709

Self-correction:
Grsec didn't close their source strictly speaking, they just hand it out only to their clients. And stop giving it to the client if client publishes it.

Nanonymous No.3708 [D]

Is Qubes worth giving a chance?

Nanonymous No.3709 [D] >>3712 >>3746

>>3707
why would they do something so gay? and how could they possibly tell which one of their clients leaked the code?

Nanonymous No.3711 [D] >>3713 >>3746

Opinions differ. As grsec themselves put it they do it because some vendors just use their patch without any thought.

Some think this is because of advent of KSPP (Kernel Self Protection Project) which started effort to upstream grsecurity features to mainline kernel. And grsec doesn't pass any opportunity to snark on KSPP. You can find that in their twitter feed.

As for locating source leak, one might imagine that grsec can hand out slightly modified versions of the same patch (whitespaces, or some other technique) to each client so if the patch then appears in the wild grsec could deduce which client received it. But that's my speculation.

Nanonymous No.3712 [D]

>>3709

It is, you'd need about 8 GiBs of RAM for comfortable use though. Like to start 3 workspaces and to have spare resources for disposable VM.

Nanonymous No.3713 [D]

>>3711
>whitespaces, or some other technique
then they could just use a source code formatter to rewrite the code into a standard form.

Nanonymous No.3746 [D]

>>3709
https://en.wikipedia.org/wiki/Digital_watermark
https://en.wikipedia.org/wiki/Canary_trap

There are multiple ways that it can be done. As mentioned in >>3711 formatting can be modified, but other changes can be done such as adding benign functions that just act as a wrapper to some actual function. That would survive any sort of automated attempt to just rename all the variables and change whitespacing.

If you had two copies of the patches, you could probably figure out the difference. However, even then, they may make an effort to ensure each released copy shares unique watermark pairings with all other released copies.

On a related note, I'm certain that paid shills create certain memes and URLs for this purpose so if you use them IRL or non-anonymized, you get flagged and/or traced.

Nanonymous No.3748 [D] >>3775

I realized this this other day and deleted all my memes.

Nanonymous No.3749 [D] >>3751

Could /g/ become a gresecurity client? How much do they charge?

Nanonymous No.3751 [D]

>>3749
No, because /g/ is a public board and couldn't keep the source code hidden.
>How much do they charge?
Idk but I wouldn't pay any money to that bunch of wiggers and jews.

Nanonymous No.3775 [D]

>>3748
Probably a case of "If you have to ask, you can't afford it".

Nanonymous No.3777 [D]

>hurr durr Lincucks actually isn't that great goysss!1!!1! OpenBSD isn't eitherrrr!!1!!!
You do realize the best isn't always good, right? I'm getting really tired of these blackpill smallbrain shill threads.