I feel like #OpenBSD isn't better than Linux for this kind of security problem. The base OS would probably stay safe. But most ports don't have pledge and unveil applied. And I doubt ports committers read everything they package. A malicious port will pwn your data even if the OS is safe.
Sharing some technical details about how I'm setting up the hosted email service. It will not be a service of BSD Cafe but tied to my own business. It will run entirely on BSD systems and on bare metal, NOT on "cloud" VPS. It will use FreeBSD jails or OpenBSD or NetBSD VMs (but on bhyve, on a leased server - I do not want user data to be stored on disks managed by others). The services (opensmtpd and rspamd, dovecot, redis, mysql, etc.) will run on separate jails/VMs, so compromising one service will NOT put the others at risk. Emails will be stored on encrypted ZFS datasets - so all emails are encrypted at rest - and only dovecot will have access to the mail datasets. I'm also considering the possibility of encrypting individual emails with the user's login password - but I still have to thoroughly test this. The setup will be fully redundant (double mx for SMTP, a domain for external IMAP access that will be managed through smart DNS - which will distribute the connections on the DNS side and, in case of a server down, will stop resolving its IP, sending all the connections to the other. Obviously, everything will be accessible in both ipv4 and ipv6 and in two different European countries, on two different providers. Synchronization will occur through dovecot's native sync (extremely stable and tested). All technical choices will be clearly explained - the goal of this service is to provide maximum transparency to users on how things will be handled.
@stefano
It seems both #freebsd and #openbsd might have vulnerabilities in their NFS implementation according to the https://t2.fi/schedule/2024/
presentation from the guys from signedness.org. Just bringing this to your attention since you run public facing services. Now i'm patiently waiting till Apr 18 to learn more about it :)
So far, my 5 hours with #emacs on #OpenBSD be like... looks pretty well and I love it, but I still feel very lost and stupid with the binding :D :puffy:
I generally run #OpenBSD -stable on my workstation to try to dogfood what non-developers are likely running when developing/testing #MLVWM (#X11 Macintosh-like Virtual Window Manager) and my other utilities like #swupdate (https://github.com/morgant/swupdate-openbsd). One of this month's tasks is to dust off my WIP fixes to the #Keyspan#TrippLite#USA19HS USB serial driver, plus the 7.5 release is right around the corner, so I have updated my 2015 MacBook Air workstation to -current.
Nerd-Advice needed: Lots of software does not work on my old #MacBookPro (2011) anymore. Any Idea what to install? Simply #Debian? Or should I try #freebsd , #openbsd or #netbsd? Or something esoteric like Plan 9? The device in question is not in heavy use, rather a kitchen-computer for simple tasks.
"In retrospect, it seems clear that open source was not so much the goal itself as a means to an end, which is freedom: freedom to fix broken things, freedom from people who thought they could clutch the source code tightly and wield our ignorance of it as a weapon to force us all to pay for and run Windows Vista."
Am I right in thinking that, in the year 2024, the only file system that #Windows#MacOS#Linux#FreeBSD and #OpenBSD can all read and write on, without installing additional software is ExFAT? E.g. if I want to format a HDD to share large files with less technical relatives, that's my best choice?