On 28 Mar 2024 06:16 +0100, from in...@dataswamp.org (Emanuel Berg): > "Secure by default" is an OpenBSD slogan BTW. Or they have > made it into one at least. But I'm not sure it is any more > secure than Debian - maybe. > > https://www.openbsd.org/security.html
If I'm not mistaken, OpenBSD is "secure by default" by being "extremely minimalistic by default". Last I looked, which in fairness was a while ago, a default installation of OpenBSD includes almost nothing that normal, present-day users would expect to find on their system. Once you go beyond the default installation by adding useful packages, you also go beyond at least a large part of the "secure by default" promise. And similarly that most network-enabled software installs by default with all network-related functionality turned off or heavily restricted, so the first thing you have to do after installing something is to turn on the functionality for which you installed it. But up until the point that you do that, the software you installed very likely is secure (because it's reachable at most by people you already trust at least to some degree). Which doesn't mean that Debian can't be "more secure by default" by installing services in a turned-off and locked-down manner and expecting the administrator to open them up and do so in a secure manner. But I rather suspect that most people who do install a package do so because they want to use it; so a reasonably secure but still useful setup out of the package manager would seem more practically useful to most people. Security and usability are often (but not always) at odds with each other. The most secure system possible generally won't be very usable. And for a real-world use case for wall, I have apcupsd set up to send notifications to everywhere if there's a power failure, and ahead of a power-failure system shutdown. Doesn't make much difference if I am at the console, but is very useful if I'm logged in remotely. -- Michael Kjörling 🔗 https://michael.kjorling.se “Remember when, on the Internet, nobody cared that you were a dog?”
