Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://mastodon.bsd.cafe/users/zirias/statuses/114448136741372916">Felix Palmen :freebsd: :c64: (zirias@mastodon.bsd.cafe)'s status on Sunday, 04-May-2025 17:49:41 JST</a><a href="https://mastodon.bsd.cafe/@zirias" title="zirias@mastodon.bsd.cafe"><img src="https://gnusocial.jp/avatar/284150-48-20241024072604.webp" width="48" height="48" alt="Felix Palmen :freebsd: :c64:" style="position: absolute; left: 0; top: 0;">Felix Palmen :freebsd: :c64:</a><div><a href="https://mastodon.bsd.cafe/@jadi/114447242861243314" rel="in-reply-to">in reply to</a><ul><li></ul></div></section><article><p><a href="https://mastodon.bsd.cafe/@jadi">@jadi</a> This "<a href="https://mastodon.bsd.cafe/tags/OpenBSD" rel="tag">#OpenBSD</a> is secure!" claim always annoyed me a lot, mainly because it doesn't tell anything: <a href="https://mastodon.bsd.cafe/tags/Security" rel="tag">#Security</a> in IT can only ever be defined in a context of <a href="https://mastodon.bsd.cafe/tags/threat" rel="tag">#threat</a> models. Without that, it's meaningless. Somewhat recently, I discovered this:</p><p><a href="https://isopenbsdsecu.re/" rel="nofollow noreferrer">https://isopenbsdsecu.re/</a></p><p>I should warn it uses some sarcasm and other confrontative language in some parts, unfortunately. But it seems to be a pretty professional analysis and assessment of (mostly) the "mitigations" OpenBSD provides in an attempt to counter "typical" attacks by at least making them harder.</p><p>I should also add that I consider this a very interesting and helpful read, and still consider OpenBSD a great project that came up with lots of great stuff (I recently used their <a href="https://mastodon.bsd.cafe/tags/bcrypt" rel="tag">#bcrypt</a> code after doing some research on password hashing, for example). And I don't agree with every single criticism on that page either. I just think it's important to build assessments whether something "is secure" on a serious analytical foundation.</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/5001162#notice-9801955">In conversation</a><time datetime="2025-05-04T17:49:41+09:00" title="Sunday, 04-May-2025 17:49:41 JST">about 15 days ago</time> <span>from <span><a href="https://mastodon.bsd.cafe/@zirias/114448136741372916" rel="external" title="Sent from mastodon.bsd.cafe via ActivityPub">mastodon.bsd.cafe</a></span></span><a href="https://mastodon.bsd.cafe/@zirias/114448136741372916">permalink</a></footer></blockquote>

Corresponding Notice

Embed this notice
Felix Palmen :freebsd: :c64: (zirias@mastodon.bsd.cafe)'s status on Sunday, 04-May-2025 17:49:41 JSTFelix Palmen :freebsd: :c64:
in reply to
- Jadi
@jadi This "#OpenBSD is secure!" claim always annoyed me a lot, mainly because it doesn't tell anything: #Security in IT can only ever be defined in a context of #threat models. Without that, it's meaningless. Somewhat recently, I discovered this:
https://isopenbsdsecu.re/
I should warn it uses some sarcasm and other confrontative language in some parts, unfortunately. But it seems to be a pretty professional analysis and assessment of (mostly) the "mitigations" OpenBSD provides in an attempt to counter "typical" attacks by at least making them harder.
I should also add that I consider this a very interesting and helpful read, and still consider OpenBSD a great project that came up with lots of great stuff (I recently used their #bcrypt code after doing some research on password hashing, for example). And I don't agree with every single criticism on that page either. I just think it's important to build assessments whether something "is secure" on a serious analytical foundation.
In conversationabout 15 days ago from mastodon.bsd.cafepermalink

Public

Embed Notice

HTML Code

Corresponding Notice