I don't consider myself a beginner to Unix or computers (I even have a PhD in the damn things), but I do consider myself a fairly inept and inexperienced systems administrator, with no great desire to spend the time to become better, and my needs are fairly basic - just the usual web/shell/IRC/mail server stuff, and other random infrastructure needs that come along for my work. Incidentally, this is exactly why I prefer OpenBSD. Everything is so minimalist, the defaults so sensible, and the documentation so good, that I trust the machines I set up. I have great confidence that I did not overlook something crucial. The OpenBSD http daemon is beautifully simple - too simple for many uses, but perfect for mine. The OpenBSD mail daemon is the only mail daemon I have ever been able to set up from scratch, just from reading the man pages.
I run Linux (NixOS and RHEL) on my desktop and some servers respectively, because of needs that OpenBSD simply does not support (mostly GPU computing). Linux is fine and certainly runs very fast, but OpenBSD is the only operating system I honestly like.
I wouldn't even agree that it's not for beginners. The spirit behind openbsd and it's wonderful man pages makes it simply one of the best platform to learn about anything I'd like to do on a computer, it's correct and consistant. Be it sys admin or other. My main problem is that docker is not easily available on it : /
Maybe true, but it's not just for experts either. OpenBSD's unfriendly reputation ensured that I languished in Linux land way longer than I should have, convinced that I was too dumb for anything else.
If you can navigate directory structure, use a package manager, and uncomment lines in config files, you can use OpenBSD. Try it already. It's good.
Well.. Debian was pretty straightforward to install and i've learned a lot from it. But OpenBSD was not. I don't know if the current OpenBSD installer has made it a lot easier. I just want a secure easy desktop with a frequently updated browser. I'd love to try OpenBSD again, but it scares me.
> OpenBSD's unfriendly reputation ensured that I languished in Linux land way longer than I should have
Funny enough, OpenBSD's unfriendly behavior just had me go back to Linux land after running a FreeNAS server for two years. I got tired of every single help thread I was reading start with "Well you're stupid and you shouldn't do that" in one form or another.
Once Ubuntu got mature ZFS support in mainline, I was out.
Actually, my first UNIX experience was OpenBSD. I must have been around 14 years old or so when I ran an OpenBSD server at home, and use it as a NAT router with PF.
Whenever I couldn't figure something out I'd just read the manpage and go from there. Needless to say I also did a lot of trial and error, but that was mostly due to my own lack of knowledge at the time.
Fast forward to 2019, and at Mailhardener we run a couple OpenBSD instances, mostly because we really like OpenSMTPd. We also run Debian based servers for convenience reasons.
I still wouldn't recommend OpenBSD though, for almost all situations it would make more sense to run a Linux based OS. Whether it being on the desktop or on a server.
> if you’re experienced, like to “look under the hood”, and prefer software that does the minimum necessary, OpenBSD is for you.
I've been using Linux as my primary system for 10 years now.
Isn't it a bit exaggerated to group all Linux distributions together with ubuntu?
I think of myself as minimalist (arch linux / i3 / tmux / zsh / vim), thus fitting the description, but I'm not convinced by the argument to make the switch. On the contrary, the article feels like I better be ready to donate a lot of money if I want the system to run as I want it to.
> It’s uncompromising. It’s not a people-pleaser or vendor-pleaser. Linux is in everything from Android phones to massive supercomputers, so has to include features for all of them. The OpenBSD developers say no to most things.
I'm not sure if that's a good thing or not. Doesn't sound very community driven.
The security focus is probably the most interesting part here. I probably had the wrong assumption that most security-focused guys were on Kali linux.
I'll need a bit more nudging to make the jump over.
Nor does the article state what the intended target even is.
Typically, UNIX systems was for servers. And that is probably where security matters the most, too. Along with a conservative view on what hardware to support, it sounds an awful lot like a server operating system.
So does the article claim that it is good to run an operating system that targets servers on your desktop or laptop?
We use kali for pen testing, not as a daily driver. I work in infosec and use OpenBSD as a workstation, bootable kali on a thumb drive for when I need some bigger tools.
Does ZSH still contain a ftp client? If you like minimal you should check out OpenBSD's ksh (oksh on arch maybe?), it behaves exactly the same way bash does (for me) and things like dd if=/dev/mm<tab> actually work, which iirc still doesn't on zsh.. :}
As much as I love OpenBSD, it's one of those things that doesn't work for enterprise.
1) Commands have different switches. This is really annoying since you're probably using GNU/Linux at your day job.
2) It doesn't support all the new and fancy container/automation stuff that your colleauge is super stoked about.
3) Most companies haven't even heard about it, which causes certain problems. Example: I was working for a company that had a collaboration with Cisco, and we needed some binary blob in order to provision networking equipment. Getting this to work on OpenBSD was ten times as much work as making it run on Linux.
4) If you share your laptop with anyone, e.g. your wife or your parents when you're on holiday, they'll be a lot happier with Ubuntu.
In a perfect world, everyone would be running OpenBSD, but in the world as it is now, Linux is "better".
This reads like a mid-2000's "BSD is dying" slashdot post...
1) GNU extensions aren't always well thought out or standardized. Assuming everywhere is a current GNU userland will break frequently on multiple non-Linux OS's - look up trying to use `awk` on MacOS, which has BSD derived version.
2) Trendy developer conveniences with half-assed security like containers aren't really in line with OpenBSD's goals. If you want isolation, look into chroot, pledge, and unveil.
3) I'd blame Cisco in this case, not OpenBSD.
4) Says who? If a browser works, most people will be happy. The main use case for OpenBSD is network appliances like routers and infrastructure serving.
I've deployed quite a lot of OpenBSD at places you would certainly consider "enterprise", not sure I follow these points.
1) ??
2) Yes, this is fair -- but OpenBSD tends to fit more in the gateway/firewall/proxy/bastion space than running your microservices (although I've run plenty of node/etc apps on obsd hosts, IAAS and ansible is still a valid deployment path even after docker exists..)
3) Prop. vendor tools which require blobs should be run from whatever platforms they support. This is why you keep a windows laptop kicking around for flashing firmwares in the dc and so on
4) Family gets macs ;)
I don't think any of your points are enough to consider linux "better" than OpenBSD for any use case they're both capable of..
Different than GNU, true. But at work I support a system on AIX and I find the commands almost an exact match to AIX user space. The only notable difference I found was ksh, but AIX has ksh88 which 'echo 1 2 3 | read a b c' works.
Possible tips, not openbsd specific:
1. Don't lend your corp laptop to your parents?
2. Don't try to solve all problems with one tool?
3. Accept that change requires efforts?
4. If you feel it's not worth it for you, don't assume it's not for others?
I find OpenBSD much easier to manage than most Linuxes, where everything changes every six months for no good reason. Then again, I have 30 years of UNIX experience.
The main reason to avoid it is the limited hardware support, specially for laptops. I wish there were an equivalent of System76 for OpenBSD.
OpenBSD is often described as "security focused", but this isn't really what its hat is. The key value of OpenBSD is good engineering practice, which ends up leading you to practices like privilege separation (and OS features to facilitate privilege separation) which aren't "security" so much as they are good defensive engineering - you write your software to be correct and not fail; you also write it so that when it fails it can't do much damage; you also write it so that faults crash loudly and hard rather than quietly doing damage, and so on.
I like the solidity of openbsd, but I'll defend linux here in two ways. First, the gpl2 license. There was a time when linux was way way ahead in terms of functionality, and in my estimation it was due to the copyleft licensing. It opened a floodgate of pent up demand to establish an open platform on which companies could standardize. Some have said that linux's success was an accident of timing, as the bsd's were hampered by lawsuits at the time, but to my mind the lawsuits made copyleft that much more attractive.
Second, the incredible flexibility of linux allows it to work in so many wildly different applications. It's a monolithic design, but it's so flexible you don't need to worry about it; it can be as narrow or as broad as you want it to be.
OpenBSD is very well documented. The kernel and software stack is integrated. They care about security and write a lot of secure stuff used in other systems. There is usually one way of doing things. You do not need StackExchange.
Here's the thing though: I use sites like SE a _lot_, primarily because I can usually type my thought into a search engine and then expect a question with hopefully more than one answer. Would the answers be as succinct and accurate as the OpenBSD manpages? Probably not, but at least it gives me an idea and hints as to where I can find more accurate information if I were so inclined (which I'm sometimes not! Sometimes quick & dirty just works)
Among the reasons I like OpenBSD is that it tries (hard) to be "secure by default", meaning, that the initial install has had "only 2 remote holes in the default install" since about 1996. Then as I make changes from that default I can consider the implications of each one.
And I appreciate the low likelihood of privilege escalation (I keep seeing those bugs come up for the linux kernel, not for OpenBSD), and pledge/unveil limiting what apps can do to what they normally should do, so that damage by compromised apps can be greatly limited to a given user account or less. And yes, the clarity of documentation (like the excellent FAQs) and predictability of the system.
So basically, I read news all the time about this or that exploit, and I am not in the vulnerable group. But I do think that it took me more work to get set up the way I want, than when I used Debian more, but that work was very well worth it, and even more so when I include my config customizations to various apps that now work just as I want.
One addition to the base system I always make is to change the /etc/profile to set the default umask to 0077 (and other changes for my own convenience etc). I've long wondered why umask 0077 is not the system default. Although after changing it I had to wrap pkg_add in a script ("pa") which sets it back to the original default so that some apps don't get broken during installation for some reason.
Also, it seems worthwhile to choose compatible hardware, or some things might not work.
The main issue I've had with any bsd system isn't the system itself but the settings and configurations of packages. Often defaults are different for no other reason than the package creator thought it might be a minor improvement in some way. I'd rather be using a more thoroughly used set of packages. The few times I've used non-Ubuntu based package sources I often find I'm contributing to make it just work. Now I'm not saying that Ubuntu packages are always right but I'd like the authors of the software choose defaults and if they get fixed/changed it happens in a given version on all systems.
I have been running OpenBSD and PF on a PC Engines APU[1] for my gateway router/firewall at home for about 5 years now and the thing is rock solid. I just love the minimalism and simplicity which is likely the source of the incredible stability of the platform. Besides updates or modifying PF rules I have never had to touch the box.
Same here, but I have found wireless performance to be subpar. Ended up double-NAT'ing a second APU with Debian to use 802.11. Still plenty happy with OpenBSD though.
Strace & procfs are some of my favorite Linux programs. OpenBSD's ktrace & kdump are much more limited in what they can do. Is there anything out there that can provide similar functionality for OpenBSD?
procfs isn't a program but a pseudo-filesystem. Are you just meaning to say that the info stored in /proc and displayed by strace is very useful to you? Or am I missing something else?
A colleague once told me, "My wife's laptop keeps breaking, but she won't get a new one unless it runs Unix." Over one year ago I installed OpenBSD on a X1 Carbon 5th Gen, installed some software and connected her to her backup disk and router. She has never had a problem and has never had to ask me about anything. OpenBSD is great for beginners to use.
I got stuck at finding a web browser that wasn't severely out last time that I tried OpenBSD as a daily driver workstation. This was about two years ago, and it wasn't a definite thing that it could even run Firefox.
Does anybody here know if this issue has been fixed? Having a reliable, up to date, secure web browser (well, as secure as a web browser can be - up to date with the browser's own security updates) was the only thing that was holding me back from using it as a workstation. I had no problem back then using it as a server, but I couldn't justify running OpenBSD on my servers and Debian unstable on my desktop.
I see firefox in the list of available packages (which list is something like 8000 long, last I recall). Iridium is also available (like Chrome but seems usually a slightly older version, with enhanced privacy like not sending info to Google). Iridium + pledge/unveil have been appealing to me, though I keep Chromium on hand in case something doesnt work right.
[+] [-] Athas|6 years ago|reply
I don't consider myself a beginner to Unix or computers (I even have a PhD in the damn things), but I do consider myself a fairly inept and inexperienced systems administrator, with no great desire to spend the time to become better, and my needs are fairly basic - just the usual web/shell/IRC/mail server stuff, and other random infrastructure needs that come along for my work. Incidentally, this is exactly why I prefer OpenBSD. Everything is so minimalist, the defaults so sensible, and the documentation so good, that I trust the machines I set up. I have great confidence that I did not overlook something crucial. The OpenBSD http daemon is beautifully simple - too simple for many uses, but perfect for mine. The OpenBSD mail daemon is the only mail daemon I have ever been able to set up from scratch, just from reading the man pages.
I run Linux (NixOS and RHEL) on my desktop and some servers respectively, because of needs that OpenBSD simply does not support (mostly GPU computing). Linux is fine and certainly runs very fast, but OpenBSD is the only operating system I honestly like.
[+] [-] azdacha|6 years ago|reply
[+] [-] rlander|6 years ago|reply
[+] [-] unknown|6 years ago|reply
[deleted]
[+] [-] jim-jim-jim|6 years ago|reply
Maybe true, but it's not just for experts either. OpenBSD's unfriendly reputation ensured that I languished in Linux land way longer than I should have, convinced that I was too dumb for anything else.
If you can navigate directory structure, use a package manager, and uncomment lines in config files, you can use OpenBSD. Try it already. It's good.
[+] [-] ainar-g|6 years ago|reply
[+] [-] b3lvedere|6 years ago|reply
[+] [-] vorpalhex|6 years ago|reply
Funny enough, OpenBSD's unfriendly behavior just had me go back to Linux land after running a FreeNAS server for two years. I got tired of every single help thread I was reading start with "Well you're stupid and you shouldn't do that" in one form or another.
Once Ubuntu got mature ZFS support in mainline, I was out.
[+] [-] fierarul|6 years ago|reply
Although I found that I barely have to touch my OpenBSD system...
I don't use BSD on the desktop though, still need Java.
[+] [-] LeonM|6 years ago|reply
Whenever I couldn't figure something out I'd just read the manpage and go from there. Needless to say I also did a lot of trial and error, but that was mostly due to my own lack of knowledge at the time.
Fast forward to 2019, and at Mailhardener we run a couple OpenBSD instances, mostly because we really like OpenSMTPd. We also run Debian based servers for convenience reasons.
I still wouldn't recommend OpenBSD though, for almost all situations it would make more sense to run a Linux based OS. Whether it being on the desktop or on a server.
[+] [-] degyves|6 years ago|reply
[+] [-] AdrienLemaire|6 years ago|reply
I've been using Linux as my primary system for 10 years now. Isn't it a bit exaggerated to group all Linux distributions together with ubuntu?
I think of myself as minimalist (arch linux / i3 / tmux / zsh / vim), thus fitting the description, but I'm not convinced by the argument to make the switch. On the contrary, the article feels like I better be ready to donate a lot of money if I want the system to run as I want it to.
> It’s uncompromising. It’s not a people-pleaser or vendor-pleaser. Linux is in everything from Android phones to massive supercomputers, so has to include features for all of them. The OpenBSD developers say no to most things.
I'm not sure if that's a good thing or not. Doesn't sound very community driven.
The security focus is probably the most interesting part here. I probably had the wrong assumption that most security-focused guys were on Kali linux.
I'll need a bit more nudging to make the jump over.
[+] [-] llarsson|6 years ago|reply
Typically, UNIX systems was for servers. And that is probably where security matters the most, too. Along with a conservative view on what hardware to support, it sounds an awful lot like a server operating system.
So does the article claim that it is good to run an operating system that targets servers on your desktop or laptop?
[+] [-] cyberpunk|6 years ago|reply
Does ZSH still contain a ftp client? If you like minimal you should check out OpenBSD's ksh (oksh on arch maybe?), it behaves exactly the same way bash does (for me) and things like dd if=/dev/mm<tab> actually work, which iirc still doesn't on zsh.. :}
[+] [-] infraredcabbage|6 years ago|reply
1) Commands have different switches. This is really annoying since you're probably using GNU/Linux at your day job.
2) It doesn't support all the new and fancy container/automation stuff that your colleauge is super stoked about.
3) Most companies haven't even heard about it, which causes certain problems. Example: I was working for a company that had a collaboration with Cisco, and we needed some binary blob in order to provision networking equipment. Getting this to work on OpenBSD was ten times as much work as making it run on Linux.
4) If you share your laptop with anyone, e.g. your wife or your parents when you're on holiday, they'll be a lot happier with Ubuntu.
In a perfect world, everyone would be running OpenBSD, but in the world as it is now, Linux is "better".
[+] [-] zdw|6 years ago|reply
1) GNU extensions aren't always well thought out or standardized. Assuming everywhere is a current GNU userland will break frequently on multiple non-Linux OS's - look up trying to use `awk` on MacOS, which has BSD derived version.
2) Trendy developer conveniences with half-assed security like containers aren't really in line with OpenBSD's goals. If you want isolation, look into chroot, pledge, and unveil.
3) I'd blame Cisco in this case, not OpenBSD.
4) Says who? If a browser works, most people will be happy. The main use case for OpenBSD is network appliances like routers and infrastructure serving.
[+] [-] cyberpunk|6 years ago|reply
1) ??
2) Yes, this is fair -- but OpenBSD tends to fit more in the gateway/firewall/proxy/bastion space than running your microservices (although I've run plenty of node/etc apps on obsd hosts, IAAS and ansible is still a valid deployment path even after docker exists..)
3) Prop. vendor tools which require blobs should be run from whatever platforms they support. This is why you keep a windows laptop kicking around for flashing firmwares in the dc and so on
4) Family gets macs ;)
I don't think any of your points are enough to consider linux "better" than OpenBSD for any use case they're both capable of..
[+] [-] jmclnx|6 years ago|reply
Cannot get more enterprise that AIX :)
[+] [-] jeromenerf|6 years ago|reply
[+] [-] fmajid|6 years ago|reply
The main reason to avoid it is the limited hardware support, specially for laptops. I wish there were an equivalent of System76 for OpenBSD.
[+] [-] wowtip|6 years ago|reply
[+] [-] juped|6 years ago|reply
[+] [-] wwarner|6 years ago|reply
Second, the incredible flexibility of linux allows it to work in so many wildly different applications. It's a monolithic design, but it's so flexible you don't need to worry about it; it can be as narrow or as broad as you want it to be.
[+] [-] m4r35n357|6 years ago|reply
Just try it.
[+] [-] justaj|6 years ago|reply
[+] [-] lcall|6 years ago|reply
And I appreciate the low likelihood of privilege escalation (I keep seeing those bugs come up for the linux kernel, not for OpenBSD), and pledge/unveil limiting what apps can do to what they normally should do, so that damage by compromised apps can be greatly limited to a given user account or less. And yes, the clarity of documentation (like the excellent FAQs) and predictability of the system.
So basically, I read news all the time about this or that exploit, and I am not in the vulnerable group. But I do think that it took me more work to get set up the way I want, than when I used Debian more, but that work was very well worth it, and even more so when I include my config customizations to various apps that now work just as I want.
One addition to the base system I always make is to change the /etc/profile to set the default umask to 0077 (and other changes for my own convenience etc). I've long wondered why umask 0077 is not the system default. Although after changing it I had to wrap pkg_add in a script ("pa") which sets it back to the original default so that some apps don't get broken during installation for some reason.
Also, it seems worthwhile to choose compatible hardware, or some things might not work.
[+] [-] karmakaze|6 years ago|reply
[+] [-] Datenstrom|6 years ago|reply
[1] https://pcengines.ch/apu2.htm
[+] [-] oil25|6 years ago|reply
[+] [-] equalunique|6 years ago|reply
[+] [-] AdrienLemaire|6 years ago|reply
procfs isn't a program but a pseudo-filesystem. Are you just meaning to say that the info stored in /proc and displayed by strace is very useful to you? Or am I missing something else?
[+] [-] UptownMusic|6 years ago|reply
[+] [-] dang|6 years ago|reply
[+] [-] larme|6 years ago|reply
[+] [-] mattl|6 years ago|reply
[+] [-] ohithereyou|6 years ago|reply
Does anybody here know if this issue has been fixed? Having a reliable, up to date, secure web browser (well, as secure as a web browser can be - up to date with the browser's own security updates) was the only thing that was holding me back from using it as a workstation. I had no problem back then using it as a server, but I couldn't justify running OpenBSD on my servers and Debian unstable on my desktop.
[+] [-] JoachimSchipper|6 years ago|reply
Running -current does give you up-to-date Firefox and Chromium packages.
[+] [-] protomyth|6 years ago|reply
[+] [-] lcall|6 years ago|reply
[+] [-] unknown|6 years ago|reply
[deleted]
[+] [-] r3trohack3r|6 years ago|reply
[+] [-] Hitton|6 years ago|reply
I guess I live in different universe than the author.
[+] [-] gautamcgoel|6 years ago|reply