> This has nothing to do with OpenBSD.
If OpenBSD would have a switch to disable usage of all BLOBs provided by OBSD
at once on an user desire.
Does OpenBSD have any other BLOBs except firmwares which can be
> Please read your own statement. You aren't qualified to assert your
opinion in this group, humble or not.
He does not assert, but rather trying to find a truth which is very difficult
in a security area because
most agencies trying to hide such info and even often promote intentional
misleading false on this topic.
> It's not our job to turn you into a security expert.
Nobody's trying to force you to share knowledge, it is on your own will, up to
If someone else would ask that questions would you take it easier?
> If you value the work that OpenBSD does to protect your security, use it.
> If you don't, use something else.
As it is obvious from a discussion he still evaluating OpenBSD, that is the
reason of his many questions.
> Please. We aren't here to win you over.
Actually it does not matter for him win you him or not, he just wants to make a
good choice, though it seems there is no other variants for him except paid
grsec + his time spent on hardening the whole installation with grsec.
Btw, an idea of hardening processes by their own declaration like unveil,
pledge, etc. looks very nice.
>Some of us are kinda tired of your flood of queries asking for yet another
>opinion on often and widely discussed topics.
It is very hard times now when shameless corporations attack single persons,
thanks for understanding, he is his line of defense.
> ...and you won't find much modern hardware that it works on.
He does NOT need much hardware also he does NOT need modern hardware and he
does NOT need a shiny superfast desktop.
Very slow secure OS on a very slow ancient hardware which can protect him is
many many times better than any modern super expensive server if it would be
even a free gift.
> Oh, btw...if I recall properly, a lot of CPU security fixes are
> distributed as firmware microcode updates that have to be loaded by the
> OS. So... being inappropriately paranoid about firmware could compromise
> your security.
Especially if new backdoors (e.g. for rooting CPUs) are added in new microcode
He does not trust any modern X86 CPUs with a firmware update or not. May be
using a full software emulator can improve security? Say if running a very slow
full software emulation of a rare CPU like Motorolla or MIPS on Librebooted X86
CPU host like Core2 QUAD 9500 or something like it, would it be more secure
inside a emulated MIPS guest to run OpenBSD than on a bare metal X86?