Ask HN: I am seriously worried about security in FreeBSD
11 comments
Yes. I‘ve migrated over all of our servers to Debian recently.
I don’t believe in waiting until the general hivemind consensus catches up with reality and I like not having problems down the road..
I don’t believe in waiting until the general hivemind consensus catches up with reality and I like not having problems down the road..
+1 for Debian. More significant community - faster fixes.
There are also serious concerns over security practices at Debian. Or at Linux at all, though Redhat is a bit better than Debian re security.
For proper security only small microkernel's are acceptable.
For proper security only small microkernel's are acceptable.
As someone who is not really into Debian, how different it is from Ubuntu? Would you use Ubuntu for production servers?
Could you give some examples of "no one cares"? Besides the URL to the 2018 proposal, you didn't give much to work with it.
It's publicly available. Look through the bug reports, its easy to find. So many goes unattended for a very long time. Often it takes a long time for someone to get assigned. Then often NOTHING happens. No answers, nothing - often for years.
Hmm. Isn't there something to be said about running a less popular stack so the drive-by zero days won't affect you as much? Sure there are slower fixes, but also fewer people hunting for exploits. You're a less juicy target.
I think it depends upon your threat model. If you are considering people scanning the Internet for servers vulnerable to the latest security bug then yes, if you're considering targeted attacks then slower fixes are worse.
Ah, the old "limit popularity by having unmanaged exploits" anti-exploit.
I think being used by any high value targets (like a notable FAANG org) would preclude FreeBSD from this technique.
I think being used by any high value targets (like a notable FAANG org) would preclude FreeBSD from this technique.
It's like no one "cares", or the few that does is simply overburden.
This proposal from 2018, with the problems it lists, still seems very valid: https://web.archive.org/web/20210401214138/https://lists.freebsd.org/pipermail/freebsd-arch/2018-March/018892.html
Are any of you - who runs FreeBSD in serious production (please home labs, desktop/laptop use, don't reply) - not worried about the current state of affairs?