Unnamed Fossil Project: Having a Secure Setup with Suckless and OpenBSD

The Ideal Setup?

Jan 25, 2020

Computers are getting more and more powerful each day. We went from bricks with buttons to supercomputers with screens in less than a decade. Hardware gets better and software gets bigger, but bigger is not always better. A problem with growing software is growing source code.

You need more lines of code to do all these haptic conveniences in software. More lines of code unquestionably leads to more chances for bugs. Then it gets harder to understand or contribute to a project. It's no wonder that OSX and Windows10 are glorified betaware with a debatably pretty UI.

Bugs don't just lead to crashes or slower programs, they also lead to exploits. It's far easier to exploit a program with 100 million lines of code than 100 lines. There's just more of a chance for things to go wrong. Any sysadmin will note that more software is like more lines of code: just another attack vector waiting to be exploited.

Linux, though with a reputation for far fewer vunerabilities than OSX or Windows, is not an exception to any rule. In fact, the open-source world is built upon borrowing other libraries and projects, mashing everything together into a gigantic blob of diverse source code. You want to install one program and you need 30+ libraries, many bloated because of lazy developers wanting a one-liner. Problem is, many libraries and projects might not make it 5 years down the road. Excuses are given for the big ones, that there's countless eyes on the code and that it is naturally more secure.

What's better, to have 20,000 infants or 200 English PHDs check your spelling?

BSD is not an exception either. However, there is a version of BSD focused on reducing code and having as few remote holes and exploits as possible: OpenBSD. While not as functional as Linux in many regards, OpenBSD sacrifices devices support and functionality for a concise codebase. It's even abandoned functionality that is still alive in FreeBSD and NetBSD. OpenBSD is moot if you just start installing packages like you would on Linux.

If only there was software that did the same with a GUI, web-browser, and terminal like OpenBSD did with the OS and kernel. As it turns out, there is: Suckless! Suckless is all about having minimalist, clean software through minimalist, clean code. Code reduction is a thing of beauty to them and it shows. They have dwm, a versitaile window manager much like i3wm. They have surf, a web browser that doesn't have tabs! (Great to cut back on the ailment of many) They have their own terminal, st.

Just using these apps is all you really need: a window manager, web browser, and terminal! You have the foundations for most tasks right there, but with a focus on clean and concise code. This simplicity aids with security. While you can use a more secured Linux kernel, with OpenBSD you are fairly assured of having a secure operating system. Mix the suckless tools with OpenBSD, and you should have a fairly clean setup to not only use and stay secure, but to even modify and contribute to!