I really enjoy how simple the system is after all these years with Linux. I will always continue using Linux in my main computers, but for surfing, some hobby programming and as a travel OS OpenBSD definitely won me over.

And I guess it runs quite nicely in the X250 and T450 tier already, maybe even newer ThinkPads. And when I say runs, I mean runs much nicer than many Linux distributions with their default installation.

I still shake my head when I think back to the 90s and how Linux managed to overtake the BSDs. Good to see they are still very much alive and moving forward.

For those who don't know what I am talking about, see https://en.wikipedia.org/wiki/UNIX_System_Laboratories,_Inc..... For what this has to do with Linux adoption, read http://www.softpanorama.org/People/Torvalds/Finland_period/a... about how the uncertainty around all of the BSD distributions lead to people jumping onto the Linux bandwagon. This got Linux ahead and it never looked back.

Remember when SCO was trying to sue everybody over Linux? Why didn't the *BSDs become more popular then?

Linux being more popular then the BSDs had nothing to do with anything Legal outside of Linux being GPL.

During the BSD lawsuit, free software was not widely understood, the company doing the suing (AT&T) was one of the biggest in the world, and the one being sued (BSDI) was a nobody by comparison. It was clear that AT&T had grounds for a real case. Everyone I know that was there says that there was real fear of the outcome. And I've known a lot who were there.

By contrast when the SCO lawsuit happened, open source was far better understood, it was a small company (SCO) doing the suing, and the companies being sued were the biggest in the world (starting with IBM). This threat was far less credible, and if it failed, everyone assumed that they would get lost in the shuffle.

It didn't hurt for the latter case that groklaw stepped up and there were endless well-informed people who said that the case was groundless. And no, I don't just mean nerds who read slashdot. But also most of the tech media, various interested lawyers, and so on.

Maybe this is a complaint about Ubuntu, or gnome, or systemd.

All other servers are using OpenBSD so it looks like I've got some upgrades to get to!

But "optimized for desktop usage" is a very vague term with different meanings for everybody. My tastes are geared towards a light X workstation that doesn't add any extra whistles unless you ask for them. In the Linux world the closest I've seen to this is Arch. I also used debian for a long time (starting with netinst and no GUI, and adding things only as I need them).

Driver support is great, I agree. And the network management is far simpler. It just felt slow.

In the 90's Linux was pretty well aimed at the techy crowd. you were expected to know or learn administration (including the location of and editing of etc files) and not be afraid of './configure && make && make install'

Then the focus changed and while your Gentoos and Arches never went away, a larger portion of the focus was on either being user friendly and/or providing an enterprise desktop experience.

This is something the BSDs (with the exception of TrueOS) never did -and certainly not OpenBSD.

It's worth pointing out (and folks in this thread already have) that if you want the hacker's experience, it's still out there. It just has almost nothing to do with mainstream Linux (which is a shame).

Looks like it. I'm running Void Linux without all these, and it feels simple and lightweight. Also fast.

(OTOH when I have to work with BSD userland utilities that are part of macOS, I often miss the GNU extensions, e.g. to `date` or to `awk`.)

OpenBSD has hard time using even 4 gigabytes of RAM with Firefox having multiple tabs open. My Arch installations easily take over 8 gigabytes, if I'm not compiling anything.

If I need a backup machine for work, I kind of want a Linux with all the Docker, Spotify, Signal etc. easily available.

Do you use the same window manager across both linux and openbsd?

Also what's the "much nicer" you refer to.. Please sell me

>I imagine [..] its the inverse for things like battery life, touchpad drivers, webcam driver.

Battery life is as good as linux, much better than FreeBSD. FreeBSD was idling hard on my laptop (load average of 1.00, 2hrs of battery when OpenBSD was giving me 4. Windows gave me 2.5) Touchpad is "fine" but I was using an X201s mainly which has a teeny tiny touchpad. Webcam... I don't use webcams.. you'd understand if you saw me :p

> Am curious why not make the switch on desktop? Same semantics? Same dotfiles?

I can't answer the OP, but openbsd is actually super slick on laptops, it's good on a desktop too, but compared to FreeBSD (and wpasupplicant to connect to shit ++ bad battery life, and a bad security record) or Linux (where connecting to wifi basically requires use of a GUI) I think it's an acceptable choice. As for dotfiles, you'd be surprised how little changes to third party software there are.. I was running the same dots on my archlinux machine as I was on my FreeBSD and OpenBSD machines (with relatively minor tweaking of which programs control the up/down volume keys for i3)

> Do you use the same window manager across both linux and openbsd?

Yeah, i3.

> Also what's the "much nicer" you refer to.. Please sell me

No pulseaudio (the mixer in openbsd is kinda good, not as many features but that's not needed imo), no wpasupplicant - WPA is built in to ifconfig, really, astonishingly clear man pages. (for the first time in my life I was reading about how the OS was even built through man pages).

Oh and I don't want to start a fight, but I didn't miss systemd (even though I generally think the concept fits a desktop use-case quite well).

I mean, you have to try openbsd to understand really. Although, personally, the input latency and sluggish feeling really got me down, especially when web browsing.

Also stuff like Signal, Spotify etc. I still haven't been able to get running on OpenBSD, maybe some day...

Nicer in a way that setting up the wifi, suspend et. al. just works. And is very easy.

Doesn't help with the desktop OS part though.

It will definitely perform better. But that doesn't mean you shouldn't experiment and see if the performance hit is something you can accept.

Try it on an old laptop and maybe you’ll like it.

Mac OS X has won me (and many others) over when it comes to these topics. I'm curious why BSD would be your choice. It sounds painful?

The base packages get upgraded on a timescale approaching lolnever. They should be ashamed of themselves for shipping machines with Bash 3 still and that's just the tip of the iceberg.

OpenBSD is so simple for me and it takes me a fraction of the time to configure a new OpenBSD system than a new Mac.

For programming, yes, although I don't know if brew would be called "herculean". For battery life and ease of use, no.

I've setup BSD on linux on personally modded thinkpads (putting in faster cpus, new wifi cards, etc), and you have got to be joking when you say it's simpler or faster than turning on a new mac and installing brew. It's infinitely more customizable for sure, but it's not simpler or easier. Especially when it comes to tuning battery life.

And for highly used programs like adobe photoshop, illustrator/affinity design, premiere, etc, forget it. Even Sketch isn't available on linux.

And this doesn't account for physical clunkiness either. My t430 was so bulky. The x220 was nice but the display wasn't that good, nor the cpu.

Yes No multimedia programs, cause I am a mathematician and for pdf I use pdftools; so no Adobe also; started with Slackware in 2007 after an abysmal windows period from 1991 till 2007; now I use openbsd and emacs simply rocks and is rock solid on openbsd.

I also think they're vastly underestimating the amount of stuff that needs to be configured on a new mac host.

My office workstation (Arch Linux) and home desktops/servers (all OpenBSD) can be installed and configured repeatably in ~5 minutes flat.

I literally have an ansible playbook that pulls in my dotfiles and installs a list of the packages that I want. That's a hundred times simpler than setting up my work laptop (Mac) for development, where not only do I have to install xcode dev tools and homebrew and the packages that I want, but most of the packages that I install need additional configuration applied to work correctly.

How is your R setup in OpenBSD? Like what software do you use in tandem when coding R?

This is not an apples-to-apples comparison. You're comparing highly modified laptops with questionably supported mods to a stock Mac. Of course the highly modified laptop isn't going to install BSD smoothly. It's unlikely to install anything smoothly, at least compared to a Mac where the hardware configuration is locked down.

The only thing that makes macos at all usable for me is Nix.

That is not what matters to developers invested into Apple's ecosystem.

I've tried using Amethyst or whatever the tiling window manager is, but I found it crashed a lot and the keybindings weren't great.

Overall I think MacOS is a great OS, I just feel like I need a real tiling manager that I can't get without Linux.

The first thing I do when setting up a new Mac is swap the option and command keys.

Using Mac OS X or Windows will give me a headache. I just don't like their user interface. And I've used both of them a lot; I had my G4 iMac with 10.0.0 back in the days, and kind of liked 10.3.0 until Linux won me over again.

And why I said the thing about Apple originally is that it seems to be almost a meme that every single thread about Linux or *BSD gets a discussion about Apple products. It's so weird :)

Anyway, there's all kinds of people, everywhere, and I don't think those two characters are representative of Texas as a whole. Texas has a lot of diversity, a lot of good work comes out of there, and people are generally decent and not like the extremes that sometimes percolate to the TV news.

Also, to the extent that Texans overall might tend to have qualities like, e.g., valuing principles and individual responsibility, I think that's good input to have, in a diverse marketplace of ideas (even though it might not be quite my own current thinking).

(Please pardon the straight response, on a humor tangent, but I felt a little bad when I realized I'd invoked a stereotype, and I felt I should clarify.)

The buzz around OpenBSD always led me to believe it's developed by mole people who subsist on cryptographically secure random donations of soda crackers and water.

Yet here on their release page is a big beautiful image that precedes technical release desiderata.

Can more projects do more beautiful artwork like this?

Also, can I support OpenBSD by buying a tshirt with this artwork on it?

Edit: Just noticed that the stem of the "p" in "OpenBSD" is not obscured by the underline (at least in Chrome). That, along with the italic "Open" with non-italic "BSD" is quite aesthetically pleasing. Is this due to a design whiz who got interested in BSD, or is this just HTML5 doing its thing?

This is just Chrome's default rendering of underlines, which occurs even with no explicit styling:

    data:text/html,<u>upu

When systemd-resolvd was first released it was the biggest mistake ever to write a new recursive resolver instead of using unbound or dnsmasq. Also since DNS ".. wasn't broken, so it did not need fixing".

I wonder if unwind will be received with the same hostility.

It's not very much like systemd.

I'm of the opinion that using C and C++ for future major work where there's not good reasons forcing you to is more trouble than it's worth, but I wouldn't mind if it was all done with the care and attention the OpenBSD developers put into their projects.

I think that’s expected, and cool, given that C is a general purpose language and very flexible.

And also in general, I'm far less concerned about software released by a well-established security-minded team than I am about whatever Lennart wants to ship...

DNS software in general has left behind a trail of security vulnerabilities. The systemd team has also left behind a trail of security vulnerabilities. I don't want a team who isn't focused on security to replace something security critical when the existing software seemed fine enough.

On the other hand, the OpenBSD team consistently delivers on small, focused utilities, built with security in mind that usually reduce the scope of the utility to the minimum required.

OpenBSD also still includes Unbound (/usr/sbin/unbound) as the standard local recursive resolver, and NSD (/usr/sbin/nsd) as the standard authoritative server.

I think it is more accurate to say that the (supposed) problem with systemd's approach is actually tight coupling as opposed to a single repo.

OpenSSH, OpenSMTP, OpenBGPD, LibreSSL, Mandoc, the recent Unwind, etc, may all be in the same repo, but none depending on each other. Try taking systemd-resolved (or journald) and running it on its own.

If the various systemd "components" were actual components that could be swapped out for something else there would be fewer complains IMHO.

systemd-as-init-replacement is/was fine. systemd-as-kitchen-sink is where things went sideways.

One of my main gripes about resolved is the D-Bus interface. Lennart needs to remove his lips from that protocol's ass.

And replace it with what? I genuinely don't know anything that exists right now that could replace it. Linux and ecosystem have a lot of IPC primitives but very few usable systems: I know of dbus and ip.

This makes it very hard to tweak a system, and I would again bring up the logging issue. Systemd-journald stores files in binary format, which is a pain. I was working on something where I accidentally bricked the system (VM, thankfully) due to configuring some in-depth security stuff. I mounted the disk and tried to read off the log, but couldn't. It's also a pain to replace it, and non-systemd alternatives are becoming increasingly poorly supported.

Systemd wants to take over temporary files, journaling, and much, much more. Many of the implementations are imperfect. That's fine; I understand it's hard to get that much right. Which is why I wish they made it easier to replace systemd components or didn't use it.

The init itself (units etc.) is good, and I actually like it. I just wish they got that polished, then made another, separate project if they thought they could do another piece better.

I mean yes, you need something to parse the logs and turn them into human readable text, but the logs are perfectly readable.

journalctl --file /mnt/var/log/journal/`</mnt/etc/machine-id`/system.journal | my-favorite-log-reader

A lot, dare I say most, of the parts of systemd actually are optional or do nothing until you use them like systemd-machined.

A lot of the annoyance that some people have with the systemd crowd is that these kind of assumptions are made all over the place. The actual software is not bad (I really do prefer dealing with systemd units than writing shell scripts for each service) but it can be hard to get past.

I agree as well with the unit comment; they're great. But I just can't get past the plans for world domination.

As far as I know, it is an explicitly stated goal of the systemd project to provide an integrated (compared to whatever each distribution assembled together to provide one) base system on top of the Linux kernel with the intent of making the best use of the features provided by the kernel.

It seems to me that Lennart looked at the tightly integrated base system + kernel approach of the BSDs and decided he wanted that for Linux too (in addition to whatever other influences he had), and then he made it happen.

systemd-resolved is a non-recursive resolver. so is dnsmasq.

This terminology is tricky, and the fact that toast0 incorrectly thinks that this is a "stub resolver" is indicative of how people get this stuff wildly wrong. A "stub resolver" is in fact the client that makes requests of the server that you are asking about.

I use terminology borrowed from HTTP when explaining this to people. A DNS server that listens on a local IP address and makes back-end queries to another DNS server is a proxy DNS server, and the fact that it hands off all of the grunt work (of stitching together the back-end partial answers to make the front-end complete answers) to another proxy DNS server makes it a forwarding proxy DNS server. If it didn't hand off the grunt work and did all of the query resolution itself, talking directly to content DNS servers, it would be a resolving proxy DNS server.

And the software that is in applications, that formulates requests and sends them over to a proxy DNS server, is a DNS client library.

8.8.8.8 is a resolving proxy.

* http://jdebp.eu./FGA/dns-server-roles.html

* http://jdebp.eu./FGA/dns-query-resolution.html

* https://unix.stackexchange.com/a/500565/5132

   Stub resolver:  A resolver that cannot perform all resolution itself.
      Stub resolvers generally depend on a recursive resolver to
      undertake the actual resolution function.  Stub resolvers are
      discussed but never fully defined in Section 5.3.1 of [RFC1034].
      They are fully defined in Section 6.1.3.1 of [RFC1123].

Systemd is not.

That is really great!

From a security standpoint this makes sense, of course, but how are you supposed to deal with a half-desktop-half-server system?

(quoting the faq page for upgrade65):

Xorg(1). The Xorg binary is no longer installed setuid, so startx(1) can no longer be used by non-root users. The xenodm(1) display manager has to be used instead.

Woah, it's from the future!

> [...] This artwork emblazoned CDs and posters up until version 6.0, after which we stopped producing product and only release software on the internet.

See also [0]; you should be able to make your own t-shirt with official logos, and donate as usual [1,2,3]

[0] https://marc.info/?l=openbsd-misc&m=155439809001096&w=2

[1] https://www.openbsd.org/donations.html

[2] https://www.openbsdfoundation.org/campaign2019.html

[3] https://www.openbsdfoundation.org/donations.html

It just worked out of the box on that generic unbranded laptop I retrieved (no touchpad though). I use Xfce wich is well integrated, and the package manager is plain simple and easy.

Definately better experience than my previous Linux ones. Some penalty on performance though.

PS : I've put it on my Raspberry Pi too.

(same question about Linux distros in general, FWIW... i just do not see the point of packaging so much stuff for a single OS version, it is like if Windows did the same thing - ignoring licensing - Windows 10 would include Photoshop, Steam, DOOM, Visual Studio, Maya, 3ds max and pretty much every other program with a bit of popularity ever made)

Well, at least a single arch version still fits on a single disk medium, last time i checked Debian needed several DL BDs (although perhaps a single BDXL disk, once they become available, will work... assuming we also ever burners for those).

NetBSD supports all architectures as part of itself as a whole, no need for distro searching.

One of the cool things about BSD is that kernel and userland are bundled/tightly-coupled together as one single unit. With Linux, you need to find the appropriate distro to help you outside of the few major platforms.

Apples and oranges comparison.

http://netbsd.org/about/portability.html

For my more basic needs which is development I chose OpenBSD based on their simple, pragmatic design coupled with tight security practices in coding. Their documentation is excellent and their man pages are easy to grok and can get you 80% of the way to your goal most of the time without resorting to a search engine for help. Their FAQ pages are also full of simple, straightforward information and how-to guides that are very newbie friendly. I'm not an IT expert or unix admin, I do this for fun and as a semi serious hobby. So it's really comforting when you can type 'man networking' and figure out how to assign a static ip to an ethernet interface without having to resort to a search engine.

Hardware support is pretty good and I have it running on an older athlon x4 system, IBM T40 laptop, and my APU2 board from PC Engines (No problem installing to the SD card). Everything just works and I've yet to find a machine that can't properly run OpenBSD.

The rub is the system is more old school unix than "modern" Linux desktop. So don't expect things to be "Linux Gnome desktop easy". But it is by no means difficult to install, configure and use if you are somewhat knowledgeable with the comand line. If this intimidates you, perhaps you could go with a more desktop oriented BSD like TrueOS, a FreeBSD fork and start there. That's how I got familiar with the unix world; start with a hand holding distro and work your way down to the engine rooms ;-)

* https://project-trident.org/

OpenBSD :)

> Hardware?

Most OpenBSD devs seem to do their development on OpenBSD-running ThinkPads, so I'd say that's a good choice.

I ran OpenBSD 6.something (wanna say 6.1?) on my work laptop (ThinkPad T470) for awhile. Only significant issue was that the keyboard would intermittently wig out when booted via UEFI (affected Linux, too; legacy booting was not affected). I ended up switching to Slackware (needed to be able to run Google Hangouts and Zoom, both of which require Linux), but I'm strongly considering switching back now that vmd is a thing (since it can theoretically satisfy my Linux-requiring needs via exposing an X server to the VM or using VNC or something).

One of the best things about OpenBSD is how connecting to the WiFi is done with ifconfig and how trivial it is compared to wpa_supplicant or NetworkManager.

For the typical workstation - being able to run Linux VMs, Docker/Containers are a blocker for me to use OpenBSD. The closest I have got to the OpenBSD experience is with Void linux. No Systemd, No frills minimal Linux. It is as safe/bloated/feature rich as you configure it to be.

Can anyone here share their "switch to BSD" story and what advantages it offered over their departing distro?

What is the problem with OpenBSD's plan for coherency? Why is the burden of explicitly calling msync(2) too much?

I don't see how it could. Kernel data structures don't go on pagecache pages.

> OpenBSD's choice is arguably reasonable

At a human level, the OpenBSD people have spent way too much time coming up with rationalizations for their obsolete VM design to back down now. Whether OpenBSD's VM subsystem is good or not, their pride will force them to keep claiming that it's good, practically forever.

Kernel data structures could end up on a pagecache page: all it takes is a reference counting bug and the page could be reallocated in the kernel heap, which is directly mapped by user space. Keeping user-mapped pages and pagecache pages distinct makes this less likely.

I am otherwise not convinced that there is an actual problem with OpenBSD's coherency plan.

sh: awk: not found

Maybe their live cd doesn't include the whole 'base' set?

I don't know of any up-to-date prebuilt live CD/USB images, but I do know of guides to create them from another OpenBSD install (e.g. one in a VM): https://www.alti.at/knowhow/obsdlivecd/

https://man.openbsd.org/awk

Does anybody know if there's a writeup somewhere? Or what are the commits to look at.

[1] https://www.openbsd.org/papers/eurobsdcon2018-rop.pdf

Slides: https://www.openbsd.org/papers/asiabsdcon2019-rop-slides.pdf

Paper: https://www.openbsd.org/papers/asiabsdcon2019-rop-paper.pdf

Thank you in advance.

Linux and FreeBSD are novels. OpenBSD strives to be a short poem.

Linux and FreeBSD push really hard to add cutting-edge features, but OpenBSD pushes hard to see what can be removed and still retain essential functionality. OpenBSD packs a remarkable amount of functionality into a code footprint that doesn’t feel like it has grown appreciably since I first ran it in the late 90s.

At the same time, this flensing process has allowed OpenBSD to move quickly on some innovations like “doas” instead of sudo. They also maintain cononical implementations of their other products like OpenSSH and were able to move quickly to their cleaned-up OpenSSL implementation LibreSSL.

As for laptop support, I wouldn’t say their hardware support compares to Linux. That is, they don’t support everything. Rather, for supported laptop (and desktop!) hardware, that suppport is excellent. Put another way: that which is supported is supported very well.

t's very compact and simple and you don't need Google to solve problems because the base system is thoroughly documented.

It has everything I need, and nothing more.

OpenBSD isn't suitable for every use case because rarely used features tend to get removed instead of falling into disrepair from lack of maintenance, but when it does work, it works predictably and reliably. I was able to run OpenBSD on my desktop and have everything work flawlessly out-of-the-box, whereas with FreeBSD I encountered frequent crashes when using dual monitors. I suppose my configuration isn't something that the FreeBSD developers use, so while it "works", it doesn't work.

In the end I returned to Linux because I sometimes play games using Steam and Wine, neither of which is likely to ever be supported on OpenBSD, but if OpenBSD provides everything you need, it's certainly worth trying it out.

FreeBSD is nice for a file server, OpenBSD for a laptop.

* security -- the code is audited and hardened to a greater degree than any other general purpose OS on the planet (embedded safety critical microkernel systems would be the exception)

* routing suite -- one of the most well integrated open source routing suites out there (alternatives include BIRD and free range routing / quagga)

* firewall -- their firewall is flexible, fully featured, and easy to configure. It has been adopted by other BSDs, but development and new features happen in OpenBSD first.

Weaknesses of OpenBSD:

performance -- security is valued over optimized code, so the OS will not be as efficient or handle as many connections as a Linux or FreeBSD server could

* lack of ZFS

Compared to OpenBSD, FreeBSD has a slightly worse firewall implementation (originally sourced from OpenBSD), better networking and computing performance, and ZFS.

What type of device are you considering using OpenBSD or FreeBSD for?

https://www.mail-archive.com/tech@openbsd.org/msg49128.html

Does anyone know if that driver eliminates the need for doing NTP sync in the guest VM?

* https://unix.stackexchange.com/a/467632/5132

I am impressed that OpenBSD comes with Go 1.12.

Can anyone share some insight why OpenBSD does not provide a more recent MariaDB Version ?

http://openbsd-archive.7691.n7.nabble.com/Update-MariaDB-fro...

10.2 is a no go for us as the new client library requires atomic ops killing the client library on a handful of archs.

The current approach, called KARL, relinks the kernel so that while it may load at the same address, symbols internally do not have the same offset. Learning the address of printf will not reveal the address of malloc and so forth. In the context of kernel defense, I would argue this is more effective.

Also, simply as a practical matter, the bootloader and kernel are tightly coupled in ways that make altering the load address a nontrivial endeavor.

    |---------------kernel-----------------|
    |-boot-|-rnd offset-|--running kernel--|

"The difference between the two is that KARL loads a different kernel binary in the same place, while KASLR loads the same binary in random locations. Same goal, different paths."

https://www.bleepingcomputer.com/news/security/openbsd-will-...

Idk if that's the case here but its been a big reason historically.

I know OpenBSD doesn't prioritize new features but KASLR is a pretty significant security improvement, right?

This just promoted it to a regular base utility, and also it was rewritten using libelf(3).

You don't have to remove those files, the upgrade guide simply indicates they're no longer required.

If you have console access to the machine, serial or glass. Things are far easier.

Thanks for your work on OpenBSD Ted.

You should have a disklabel with partitioning for at least /, /usr, /usr/lib, /var, and /home (with / fully behind cylinder 1024 for i386 Bios to be able to load the kernel via int13h )

I also don't understand the reasoning behind this.

Meanwhile dist-upgrade on my vanilla, boring Ubuntu MATE box rendered it unbootable just yesterday.

So for me, deleting a few files is as good as or better than asking a package manager to do it. It proves to me that the OS is simple.

I think we have become so accustomed to complexity that now we often seek it because the simple way “couldn’t possibly be right?”

Ah, beauty of unix =)

Using commands with terrible interfaces, lack of error messages and confirmation dialogs, which silently wipe your whole FS if you mistype them.

Yeah, I would like to upgrade using a bunch of these (no, not really).