> This has nothing to do with OpenBSD. If OpenBSD would have a switch to disable usage of all BLOBs provided by OBSD at once on an user desire. Does OpenBSD have any other BLOBs except firmwares which can be deleted/renamed/moved? > Please read your own statement. You aren't qualified to assert your opinion in this group, humble or not.
He does not assert, but rather trying to find a truth which is very difficult in a security area because most agencies trying to hide such info and even often promote intentional misleading false on this topic. > It's not our job to turn you into a security expert. Nobody's trying to force you to share knowledge, it is on your own will, up to you. If someone else would ask that questions would you take it easier? > If you value the work that OpenBSD does to protect your security, use it. > If you don't, use something else. As it is obvious from a discussion he still evaluating OpenBSD, that is the reason of his many questions. > Please. We aren't here to win you over. Actually it does not matter for him win you him or not, he just wants to make a good choice, though it seems there is no other variants for him except paid grsec + his time spent on hardening the whole installation with grsec. Btw, an idea of hardening processes by their own declaration like unveil, pledge, etc. looks very nice. >Some of us are kinda tired of your flood of queries asking for yet another >opinion on often and widely discussed topics. It is very hard times now when shameless corporations attack single persons, thanks for understanding, he is his line of defense. > ...and you won't find much modern hardware that it works on. He does NOT need much hardware also he does NOT need modern hardware and he does NOT need a shiny superfast desktop. Very slow secure OS on a very slow ancient hardware which can protect him is many many times better than any modern super expensive server if it would be even a free gift. > Oh, btw...if I recall properly, a lot of CPU security fixes are > distributed as firmware microcode updates that have to be loaded by the > OS. So... being inappropriately paranoid about firmware could compromise > your security. Especially if new backdoors (e.g. for rooting CPUs) are added in new microcode versions? He does not trust any modern X86 CPUs with a firmware update or not. May be using a full software emulator can improve security? Say if running a very slow full software emulation of a rare CPU like Motorolla or MIPS on Librebooted X86 CPU host like Core2 QUAD 9500 or something like it, would it be more secure inside a emulated MIPS guest to run OpenBSD than on a bare metal X86?
