Buy a CD from them. They are the reason we all have OpenSSH. Without that, Unix/Linux/BSD (as we know it today) would be much less secure. 4.9 CDs may be pre-ordered now: http://openbsd.org/orders.html
Indeed. Even if you don't use OpenBSD, or dislike some of their team members, they do develop great software and documentation which is used in a lot more systems than just OpenBSD itself.
The fact that the project is more known for the abrasive nature of its team members than for its great software (like OpenSSH or OpenBGPD or PF) pretty much sums up the sad sad state of affairs.
It's their project and they can do as they damn well please, but really, a little kindness would go a long way. The software may be open, but the project is not.
I purchased my first CD set yesterday. They provide great tools (OpenSSH, tmux, and of course OpenBSD) which save me time and money and make my life easier.
Neat and quite impressive, given how exotic OpenBSD seems to most people. One thing that bothers me though: why? I mean, why wouldn't they do it with any linux distribution? It would probably require less work, less custom tools (like these apps for automatic network configuration or scripts for automounting usb drives they mention), and with some security patches/kernel configurations it should give a similar security level OpenBSD does.
BIAS: I drank the OpenBSD kool-aid a dozen years ago and have no
regrets. I run OpenBSD everywhere and I try to help out as time and
health allow, including on undeadly, but I'm not a commiter, major contributor or
anyone special.
OpenBSD is a bit like Jazz music. When someone asked Louis Armstrong,
"What is jazz?" his reply was, "If ya gots to ask, ya'll never know."
Though it will most definitely seem elitist, there's some subtle wisdom
there; You need to experience it for yourself to learn the what's and
why's. Similar is true for all of the BSD's. If you're just looking for
a fast bullet point list and "executive overview" (a.k.a. "buzzword
bingo decision support"), you'll never find a reason to run any of the
BSD's, and worse, you'll never learn on your own why zealots like me
exist.
The thing you're missing is the experience of learning it for yourself.
You might come to a different conclusion than me, and that's fine, but
you would still benefit from the experience.
I used OpenBSD for some years, and NetBSD for many years. And really, 'kool-aid' is all there's to it. You get miserable hardware support, basic features that other operating systems have for ages (unified buffer cache, journaling filesystems, anyone?) are missing, a packaging system that was nice in 2000, no decent virtualization support, and the security features are fairly arcane (no mandatory access control).
Unfortunately, this is all concealed by a veil of elitism (see parent). Expect many replies on how mandatory access control does not improve real security, virtualization is a flawed idea, and soft updates are superior to journaling[1].
All in all, it's more religion than science.
[1] NetBSD removed soft updates because it was, well, unmaintainable:
Well, I'm sure that from your perspective the subtleties can't possibly be boiled down without missing the essence of OpenBSD.
But there's got to be a way of summarizing its appeal. We are talking about an operating system, and not Kafka short stories or Haydn string quartets, after all. Otherwise I'll have to go with elitism as the most likely explanation. A common sentiment among jazz enthusiasts, by the way.
I'm a huge fan of OpenBSD, having tried freebsd and most of the major Linux distress before settling on it. If I had to identify the why, i'd have to agree with the jazz reference. I seriously started comparing the various distros around 2003, and OpenBSD just gave a more consistent, well documented and clean experience. It is a very conservative distro, and has a pristine configuration and network stack. It's reliable, and trustworthy. On the downside, it's not particularly performant, nor is it well supported by enterprise Applications - you won't be running oracle 10g on OpenBSD.
Its upgrades are rolled out like clockwork, and are always evolutionary improvements on the previous version.
Asking for a "summary of its appeal" is essentially asking for a whole lot
of subjective hand waiving. Worse yet, when one appreciates many aspects
and each is appealing in some way, short listing favorites is like naming
your favorite child -- it's not nice and not fair. Since I've known and
met a number of the OpenBSD developers, I won't put the work of one over
the work of another. I appreciate all of their efforts.
The very best advice I can give you is try it yourself, and keep at it
for a while. It will take some time, but you'll get the chance to form
your own opinions through experience. You may or may not have the
required time, effort or curiosity to get into any of the BSD's, and
that's perfectly fine if you're perfectly content with what you're
running. On the other hand, you might wonder why HN is running on a BSD
(FreeBSD). Maybe PG and RTM know something?
> On the other hand, you might wonder why HN is running
> on a BSD (FreeBSD). Maybe PG and RTM know something?
I suspect they know BSD quite well, which doesn't say much about BSD's aptness for anything. PG and RTM are also using table-based layouts -- you reckon they know something? You also don't want me to name 1000 gurus that prefer Linux, do you? Appeal to some arbitrarily selected authority doesn't tell us much.
Moreover, they're using FreeBSD. I kind of understand why someone would prefer BSD over Linux -- we're talking about OpenBSD, though, and specifically about OpenBSD whose adherents rarely articulate why their chosen system is superior. That's all I wanted to know.
For myself, some of the main reasons I like OpenBSD:
* Secure and functional out of the box. The base install comes with many common services ready to go, and I don't have to worry if I turn them on.
* Simple, understandable. With a little learning, I understand how my systems will behave. I love it that the man pages are present, current and thorough.
Are there downsides? Yes, of course there are. Hardware support is often lagging, and some OS features are still missing that have been in other OSs for years. OpenBSD is a smallish project, and a few dozen part-time devs can only do so much.
So do I recommend that everyone use OpenBSD for everything? No. But I think it's worth learning and adding to your list of options. There are roles where OpenBSD is simply the best choice available, and roles where it's either poor or plain unworkable. To discount it for anything because it isn't best for everything is a limiting viewpoint.
Lastly, anecdotal... of the people I know who are really actually familiar with many OSs (Windows, Mac, various Linux, various BSD), all of them like and use OpenBSD to some extent. These are people who know their options and will choose what they need to get the job done well.
OS Features: Bigmem support has been missing. This seems to be about ready for prime time. Really good SMP, which just gets more irritating as more cores become commonplace. Really good threading, which hampers porting and/or running some ported software on OpenBSD.
Hardware support: mostly cards from various vendors who won't release open specs. Like Adaptec, nVidia, et al. For Linux you get vendor blob drivers or quote open source unquote drivers written under NDA in which the actual functionality is obscured. Or various things on laptops don't work, or whatever. These limitations are not much problem for me, but they bother some people. If I build a server I spec it out with compatible hardware. No big deal.
For many applications none of the above matters, or matters a lot less than the benefits gained. I like OpenBSD and use it for servers and workstations. OpenBSD has pros and cons, like any OS. For my usage, the pros are a long list and the cons don't matter much. But if I were tasked with building a processing farm with tons of cores and memory to run a massively threaded crunching program then I'd pick something else. But I'd still keep the farm walled off behind OpenBSD.
An automated installer comparable with anaconda - the one used by Fedora and RHEL. There seems to be a couple of projects or hacks for this, but nothing in the official (upstream) installer.
OpenBSD security is more than few security patches and kernel configuration. Check out their web site for more information.
Most Linux distributions I've played with (CentOS, Redhat, Ubuntu Server, Debian) are pretty mediocre when it comes to security. I've actually stopped using Debian since this incident :
They have clearly stated why they do not support those technologies multiple times, but it continually comes up.
OpenBSD always goes with simple, easy to understand solutions that "just work out of the box" and can be easily configured and maintained. They build those simple solutions into the OS, they do not (and will not) bolt on complexity.
OpenBSD always goes with simple, easy to understand solutions that "just work out of the box" and can be easily configured and maintained.
Yes, we hear this every time. But this is the same project that advocated systrace, which provided access control with respect to syscalls. I do not see much of a difference between systrace and a mandatory access control framework, except that the implementation of systrace was flawed, it didn't support file labels, and SELinux has a more sophisticated policy language.
The OpenBSD Project has a very narrow view of security, and do little to improve attack mitigation for software that is not in the base system (ports).
I don't know about now, but ~4 years ago installing from scratch I tried SELinux and after hours of configuring it still wasn't recognizing some hardware. Then I tried OpenBSD or FreeBSD, and it was up and running with minimal configuration. YMMV.
I've worked with SELinux in the past, it works but it can be a real pain to get up and running and there's a bit of a learning curve associated with it.
All these locations are fully running under OpenBSD
vs
OpenNX for accessing Windows Remote Desktop or Terminal services (that is needed because companies use internally developed applications running on Windows only)
If they're fully OpenBSD, why do they need Windows Remote Desktop for access to internally developed software? Why are internal devs making Windows software? It doesn't seem to be a typo given the way the comment is structured.
I mean, good on 'em for reducing their OS management overhead, but this just seems weird.
Separate to that, out of curiosity, which brand name laptop supports OpenBSD well enough to supply Fortune 500 companies?
gah, sorry, running on empty at the moment. I should have twigged to lenovo as I have a new laptop of theirs... but it's got a damn realtek wifi card that doesn't have stable linux drivers.
1) A particular location is running BSD - a branch office or the like. The whole company isn't migrated.
2) Migration doesn't extend to rebuilding the legacy internal software built over the last ten years, which is Windows based and still needs to be supported so that the current business processes run uninterrupted.
I have to say that OpenBSD is my favorite of the *BSDs. The only thing that it lacks, that I wish it had, is a journaling file system (fsck takes forever on today's large hard drives).
EDIT: And whole disk encryption. I am really surprised, given OpenBSD's security goals, that no one has implemented this.
openbsd has a software raid mechanism to encrypt partitions. it is not yet bootable, so there must still be a small boot partition, but everything else can live on an encrypted raid set. bootable support is coming very soon so the entire disk can be encrypted (or be on any other raid configuration).
i've been using encrypted softraid for a long time on my laptops and on a central backup server (which has a raid 1 mirrored set across 2 disks, then an encrypted volume on top of that).
I've read lots of good things about Hammer. I've been wanting to give DragonFly a try because of it but it doesn't like my computer (the install CD freezes at startup).
Whole disk encryption is built-in all you have to do is enable it during install... here's a how-to... OpenBSD frowns upon howtos, but here it is anyway: http://16s.us/OpenBSD/softraid.txt
Depends on entirely the gadget. Some phones show up as one of a dozen different serial devices and work with ppp. Others will work as cdce, which is very nice.
OpenBSD is an awesome piece of software. One OS that, to my limited understanding, clearly demarcates userland and kernel boundaries. And if I recall correctly, a critical X related bug was patched in OpenBSD during a regular code audit. Clearly, they have very good security and audit practices in places.
However, there was this one incident when Theo trained all his salvos on this one kid who had the audacity to email the list about his pet project which was an extension of OpenBSD of some sort (open source of course). Technically, Theo was right. But his style rubbed me the wrong way. I have since then discontinued using OpenBSD.
You won't find a simpler, cleaner Unix anywhere.