Heap Protection Mechanism

An anonymous reader writes "There's an article by Jason Miller on innovation in Unix that talks about OpenBSD's new heap protection mechanism as a major boon for security. Sounds like OpenBSD is going to be the first to support this new security method."

This is why I couldn't use OpenBSD exclusively...

[ArbitraryConstant]

They're willing to break things in order to improve security. That's commendable, and I can't see myself using anything else for the firewall, but I simply cannot do without some software and some of it is binary-only. Does it break for me? I don't know, but from what Theo has said breakage isn't uncommon for large applications. I haven't checked because Java is poorly supported for unrelated reasons, and this rules out OpenBSD without me having to validate all my other software.

Also, the OpenBSD crowd is very quick to say that performance should be good enough for most purposes, but that's a copout. They have no idea what any particular person needs to do. The double-halt bug is a good example of how this is an issue. If they don't pay enough attention to performance to catch such a major issue quickly, they aren't going to be catching up to Linux or FreeBSD anytime soon.