Originally posted here by Neptune0z
Anyway's...I know this was directed at someone else, but I feel compelled to respond...

I've been a big fan of OpenBSD for several years now (Since around version 2.3 or so I beleive) and it really does surprise me that more people aren't using it. **Because**

1).. Constant / Intense code audits -- Hands down, there is no argument among OSS's that OpenBSD has the best track record of pro-active security...The code is constantly being reviewed for bugs and vulnerabilities. This is something that has always impressed me about the developers, most distributions (gentoo, ubuntoo, red hat **cough cough **) spend way too much time adding new features and other misc bells and whistles without adequate review, when they should be focusing on strengthening what is already there. This in and of itself is a security risk, and is one of the reasons why you sometimes see such strange, inconsistant behavior on those platforms.


I mentioned already SUSE does this. SUSE has a whole team just for security and they do in fact go over SUSE, the core system and the rest of it, line by line, and this is one reason why they don't have as many security fixes issued as say, Mandriva.

SUSE also has a huge difference in that for over two years, by default, they have been using... Well, RXstack for example. SUSE also uses a lot of the security ideas in the default install. The Kernel for SUSE isn't the same as the Kernel in RedHat, or Slackware.

2).. PF -- OpenBSD's packet filter is in my opinion the best open source solution in existance.
It's a little tough to get your firewall rules right when first starting, but when you get the hang of it, you have more filtering options available then iptables. Also, the entire filtering mechanism is setup to run under restricted priviliges and this is a very good thing. The ability to tag layer 2 packets (When doing a bridge and using brconfig) and filter them according to complex rules in pf.conf is also very nice...
With what you said above, more options would equal less security. KISS.

3).. Integrated Cryptography -- With support for some of the longest key spaces publically used, lots of choices for algorithms (Also this part of OpenBSD is reviewed hard-core, all in the open)...
SUSE comes out of the box with up to 4096 bit. DES, Blowfish and others are also right on the install CDs.

4).. No blobs!-- Don't you just hate those closed source drivers...If they can't get the docs on it or reverse engineer it, it's not included...
Yea.... I'd MUCH rather have no games work because the project leader strokes his ego to much.... Hmm, let me see, Drivers written by the peopel who made the card, or drivers written by people that think it should work a certain way...

Lol, this is why OpenBSD has less share on the desktop than FreeBSD. Nvidia took the time to write drivers for FreeBSD and Linux that are as quality as those on Windows. What's it matter if you have access to the source? I'm not a programmer, why would I care even a little?

Of course there's other 'little' things to numberous to mention (buffer overflow safeguards included by default **cough linux**cough**GRE/PAX, a little memory mapping randomization makes certain kinds of hostile code trickier to write and execute)...There really is a lot more, these are just the highlights...im just getting tired now Maybe later...
Uhhh buffer overflow safegaurds ARE available in Linux. SUSE uses them.