Like, duh. The answer is that the movie studios can't STOP netflix from renting DVDs through the court system. First sale doctrine and move rental industry has paved the way. Doesn't take a genius to figure this one out.

Gee, you're right. Everyone in the world is so black and white, so easy to understand, how could anyone not ever realize this before!?!

sshd is "used by over 50% of its users without passphrases" ?

You mean it is used with public keys INSTEAD of passphrases.

By your own statement, you're apparently smarter than the 50% of ssh users who rely on public key authentication. Obviously, they all missed the huge, gaping security hole exposing their hosts and source code repositories to attack. That's why ssh remains the #1 attack vector to this day across the internet. Right?

At least -e is in the man page, plainly documented.

Your diatribe is severely misleading at best. If you aren't trolling, then it's no wonder why nobody takes your advice seriously. And if you are, I just typed all this crap in response to, essentially, a Rush Limbaugh cartoon.

The fact that station mode is more reliable for most wifi drivers reflects how the developers actually use them. It's a volunteer project. Someone has to have the time, skill and motivation to do the work. A roadmap is for the person doing the work to develop their own direction. Wireless networking hardware is a particularly poorly documented, secretive, painful place to work and that is reflected in what you experience. While the general situation has vastly improved for some chipsets in the past several years, someone needs to step in and figure out these and other issues in the wifi area. The situation isn't terribly different for other free OSes, often times only the vendor provided and updated drivers tend to be reliable for AP mode (or other less common features) and only relatively recently have vendors agreed to redistributable, BSD compatible licenses for some of their source code, long after people like Damien Bergamini spent huge amounts of effort reverse engineering binary-only drivers from vendors. Painful indeed. It really shouldn't come as a shock to people that most don't want to spend their time in this area due to the sordid history.

He generously donated $20K out of over $100K sent in during this last go. Not quite what you think.

They actually do use two factor authentication. These stories are considered unlikely at best by people who actually use these networks.

Open source intelligence is big in the NSA world. Just see http://das.doit.wisc.edu/

And put up wireless gear. Ubiquiti AirFiber gives you 774Mbps FULL DUPLEX transport at 4 miles LINE OF SIGHT for $3000. Rocket M5 Titanium and NanoBeam M5 give you an easy 150Mbps half-duplex.

OpenBSD has kept the Intel hardware RNG at play to increase entropy, yet at bay as a primary entropy source, for years since RDRNG was introduced. It takes a similar approach throughout the system.

Binary firmware blobs, OpenBSD allows. You would run them anyways on your hardware, no matter what software you choose.

Binary kernel blobs, OpenBSD eschews. Example - While FreeBSD is basically happy to suck the dick of Nvidia, running proven crap, OpenBSD will wait for a Nouveau port coming in perhaps the near future.

OpenBSD has usability as a very high goal. I'd say it's more usable out of the box than FreeBSD, but that depends on what makes it usable for you...

OpenBSD turns on a number of security features by default that FreeBSD avoids for really early backward binary compatibility (or just plain laziness). The newest feature in OpenBSD 5.5 is PIE-by-default executables on major platforms. Even Microsoft Windows implements more than FreeBSD! See Theo deRaadt's talk slides http://tech.yandex.com/events/ruBSD/2013/talks/103 for some more examples.

Capsicum, POSIX and NFS4 ACLs are all about adding complexity to allow for greater administrative policy enforcement. To put the OpenBSD point of view into perspective with a modern example, this is exactly the kind of policy that makes NSA admins rest easy at night and exactly the kind of security that allows Edward Snowden to secretly make out with 200,000 top secret documents. Real security means the software *does*what*it*promises* which a large and complex administrative policy enforcement system can almost never do.

In OpenBSD, security means that you eliminate bugs so that the most basic promise is held true. Adding complexity almost always does the opposite. We are talking about two completely different ideas of "security" here. This is not to say that ACL systems have no place, but rather, the systems that are smaller, easier to audit and easier to implement are going to find a place in OpenBSD long before the large and unwieldy systems could ever be incorporated.

That being said, FreeBSD 10 was the first FreeBSD system to distribute signed packages. OpenBSD 5.5 will be the first version of OpenBSD that distributes a signed base, signed firmware and signed packages. The code is small, the benefit is clear, and the implementation (at least in OpenBSD) is obvious.

It's already part of the -current snapshots. It will be a feature in 5.5 for base, packages and firmware.

Slow and secure are not necessarily related. There are cases where OpenBSD is 1-2% slower because of some specific security feature, such as 100% PIE executables, but the real slow downs are from old BSD code which is slowly being reworked to be fast and efficient. There are only so many people and so many minutes in a day to make these improvements.

The general idea on Slashdot that OpenBSD is slow because it's secure is just plain WRONG. It's slow (less and less so, I might add) because it takes time to speed it up and that is a priority for some, not all, developers.