On 2015-07-15 15:05, Theo de Raadt wrote:
PIE and ASLR other security features are either turned off on i386, in
compatibility modes, or are dialled down versions. It's not just about
a small speed difference, there are big security differences between
the architectures.
That is false.
OpenBSD adds most of the security features for amd64 first, or in its
strongest iteration for amd64 anyway. So, while i386 isn't poisonous,
you should really use amd64 if you are able to.
That is also false.
In fact, sparc64 has tended to be the leading architecture in the last
decade. amd64 only caught up with kernel-side W^X in the last year,
while sparc64 had all the machine-dependent management correct, and
was only missing some machine-independent tuning.
Since theo@ said I could, I think I'll continue to use my 32-bit-only
x86 CPUs until a compelling reason arises to replace them. Those are
likely to be network bandwidth requirements in the long term for my AMD
Geodes, and imminent non-CPU hardware failures on an old Intel Atom
netbook.
It won't be because of of something in another architecture that grabs
my attenti.....Ooh, Shiny!!!
