>    This has nothing to do with OpenBSD.
If OpenBSD would have a switch to disable usage of all BLOBs provided by OBSD 
at once on an user desire.
Does OpenBSD have any other BLOBs except firmwares which can be 
>     Please read your own statement. You aren't qualified to assert your
     opinion in this group, humble or not.

He does not assert, but rather trying to find a truth which is very difficult 
in a security area because
most agencies trying to hide such info and even often promote intentional 
misleading false on this topic.

>   It's not our job to turn you into a security expert.
Nobody's trying to force you to share knowledge, it is on your own will, up to 
If someone else would ask that questions would you take it easier?
>   If you value the work that OpenBSD does to protect your security, use it. 
> If you don't, use something else.

As it is obvious from a discussion he still evaluating OpenBSD, that is the 
reason of his many questions.

>    Please. We aren't here to win you over.
Actually it does not matter for him win you him or not, he just wants to make a 
good choice, though it seems there is no other variants for him except paid 
grsec + his time spent on hardening the whole installation with grsec.
Btw, an idea of hardening processes by their own declaration like unveil, 
pledge, etc. looks very nice.
>Some of us are kinda tired of your flood of queries asking for yet another 
>opinion on often and widely discussed topics.
It is very hard times now when shameless corporations attack single persons, 
thanks for understanding, he is his line of defense.

>     ...and you won't find much modern hardware that it works on.

He does NOT need much hardware also he does NOT need modern hardware and he 
does NOT need a shiny superfast desktop.
Very slow secure OS on a very slow ancient hardware which can protect him is 
many many times better than any modern super expensive server if it would be 
even a free gift.

>     Oh, btw...if I recall properly, a lot of CPU security fixes are     
> distributed as firmware microcode updates that have to be loaded by the      
> OS. So... being inappropriately paranoid about firmware could      compromise 
> your security.
Especially if new backdoors (e.g. for rooting CPUs) are added in new microcode 
He does not trust any modern X86 CPUs with a firmware update or not. May be 
using a full software emulator can improve security? Say if running a very slow 
full software emulation of a rare CPU like Motorolla or MIPS on Librebooted X86 
CPU host like Core2 QUAD 9500 or something like it, would it be more secure 
inside a emulated MIPS guest to run OpenBSD than on a bare metal X86?

Reply via email to