May 10, 2026
BSD: Boring Setup Drama
FreeBSD – A Lesson in Poor Defaults
FreeBSD gets dragged as fans revive an old fight over safety vs stubborn old habits
TLDR: The article says FreeBSD still ships with outdated default settings and makes admins do extra work to lock systems down properly. Community reaction is basically a weary eye-roll: critics say this proves the project resists change, while veterans treat it as the latest episode in a very old argument.
A spicy critique of FreeBSD — the long-running free operating system beloved by server tinkerers — has kicked off yet another round of "why are the defaults like this?" drama. The author argues that a fresh install ships with too many dated choices, especially around remote login tools and security settings, and says the project keeps clinging to old behavior for compatibility instead of making safer options the standard. In plain English: the complaint is that FreeBSD still asks ordinary admins to clean up a bunch of stuff by hand when safer defaults should already be there.
And the community reaction? Less "shocking new scandal," more "here we go again". The only linked comment, from bell-cot, basically frames this as a recurring soap opera, pointing out that this has been a regular item for years and nudging readers toward an earlier 91-comment pile-on from 2022. That tiny remark says a lot: to many onlookers, the real story is not just the article's complaints, but the fact that this argument keeps coming back like a reboot nobody asked for. The strongest vibe is fatigue mixed with fascination — FreeBSD critics say the project is too resistant to change, while defenders typically treat these posts as another ritualized dunk session. Even with just one fresh comment, the meme writes itself: same fight, new day, everyone already knows their lines.
Key Points
- •The article describes a set of post-install changes the author applies to a default FreeBSD system for security hardening and configuration tuning.
- •A central focus is FreeBSD’s historical practice of shipping a modified OpenSSH in the base system rather than following upstream defaults.
- •The article identifies the HPN-SSH patchset as a long-used FreeBSD addition and says it added maintenance complexity with limited benefit for most users.
- •The article states that FreeBSD re-enabled or retained features such as tcp_wrappers, DSA host keys, and insecure ciphers for compatibility reasons.
- •The article points readers to the FreeBSD ports version of OpenSSH, openssh-portable, as an alternative with configurable options and fewer FreeBSD-specific changes.