If I'm explaining security or lack of security, or saying things like "this
is not enough", it's not as part of a speech that's meant to whine. I'll
explain: I could've just asked, in my first message, whether OpenBSD has a
mechanism like Ctrl-Alt-Delete on Windows, and whether it has sandboxing
for desktop apps, without explaining the rationale of having such security
features. Then, someone could've come and tell me that these security
features aren't necessary, or that I'm focusing on a minor security aspect.
I wanted an informed discussion, so I was explaining the rationale behind
these to make readers understand why I was asking about them. Furthermore,
in my recent message about the faking of a doas/sudo prompt and User
Account Control (UAC) on Windows, there was a part where I said that the
sandboxing that OpenBSD provides for certain apps "[that alone] is not
enough"; I said that in the context of explaining the security that UAC
provides on Windows compared to what there seems to be with the default
installation of OpenBSD, notice the rest of the message and how that
comment of mine was in parantheses. It may sound like I'm completely
knowledgeable about OpenBSD, but I'm not. I understand certain
generally-applying concepts, but I don't know if, for example, there's a
sysctl(2) or something that can optionally toggle into that. (As an
example, until recently, I didn't know there was an optional sysctl(2) that
can enable extra hardening for malloc.) I hope this clears up why I'm
writing things the way I do.
