-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
You're wrong, OpenBSD's documentation (and other BSDs' too) is awesome. I learn to use Unix systems with OpenBSD.
I never said the docs are bad - one of my previous emails mentioned how great the man pages are. What I meant was that there are less wizards, tutorials, guides, and autoconfigs - you're responsible for actually editing raw /etc config files and understanding what you're doing.
You have to find OS vulnerabilities when the sysadmin does the job correctly. You think that all the relays have their (for instance) sshd configured correctly? (like PermitRootLogin set to no, no password and so on). And that's only one daemon.
This is indeed a problem. I'm actually working on a website to identify these vulnerabilities, warn operators of them, and show people how to fix them. OpenBSD does come with more sane default options for these kinds of things, though. For example, PermitRootLogin is set to no by default if you add a user during install.
What? One of the point of OpenBSD is to provide a correct documentation. The only problem is people asking for stuff which is already written down in the FAQ or in the man page.
Ad hoc guides aren't documentation, though. Everything is already in the FAQ and man pages. What we're discussing is a more specific and user-friendly guide.
Libertas
On 11/05/2014 12:28 PM, Daniel Jakots wrote:
On Wed, 05 Nov 2014 10:35:01 -0500, Libertas libertas@mykolab.com wrote:
Agreed. Thanks for pulling together the statistics, too. However, I'd like to make an argument for OpenBSD specifically.
It isn't very inviting for people that don't know at least intermediate Unix.
You're wrong, OpenBSD's documentation (and other BSDs' too) is awesome. I learn to use Unix systems with OpenBSD.
It's possible that governments like China's are trying to hack Tor relays in an attempt to deanonymize users. It's almost definite that malicious hackers try to break into exit nodes to troll traffic. Even an up-to-date, hardened Linux or FreeBSD system probably can't weather all such attacks. For such a simple, single-use, security-critical application, something as sturdy and impenetrable as OpenBSD is the best option.
You have to find OS vulnerabilities when the sysadmin does the job correctly. You think that all the relays have their (for instance) sshd configured correctly? (like PermitRootLogin set to no, no password and so on). And that's only one daemon.
I would love to start a larger conversation about running Tor on OpenBSD. I've been considering making a guide describing the process. However, that violates the OpenBSD philosophy to some extent.
What? One of the point of OpenBSD is to provide a correct documentation. The only problem is people asking for stuff which is already written down in the FAQ or in the man page.
Just write the guide, I'd be happy to review it. You can even ask for help on the Tor-BSD mailing list[1].
Cheers, Vigdis _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays