
OpenBSD: a puffy in the aquarium - gbrindisi
http://undeadly.org/cgi?action=article&sid=20110420080633
======
16s
Buy a CD from them. They are the reason we all have OpenSSH. Without that,
Unix/Linux/BSD (as we know it today) would be much less secure. 4.9 CDs may be
pre-ordered now: <http://openbsd.org/orders.html>

You won't find a simpler, cleaner Unix anywhere.

~~~
jkossen
Indeed. Even if you don't use OpenBSD, or dislike some of their team members,
they do develop great software and documentation which is used in a lot more
systems than just OpenBSD itself.

~~~
Tharkun
The fact that the project is more known for the abrasive nature of its team
members than for its great software (like OpenSSH or OpenBGPD or PF) pretty
much sums up the sad sad state of affairs.

It's their project and they can do as they damn well please, but really, a
little kindness would go a long way. The software may be open, but the project
is not.

~~~
bioh42_2
You rarely get extreme excellence without things like mean leaders. Think of
Apple and Steve Jobs.

------
arespredator
Neat and quite impressive, given how exotic OpenBSD seems to most people. One
thing that bothers me though: why? I mean, why wouldn't they do it with any
linux distribution? It would probably require less work, less custom tools
(like these apps for automatic network configuration or scripts for
automounting usb drives they mention), and with some security patches/kernel
configurations it should give a similar security level OpenBSD does.

Or am I missing something?

~~~
jcr
BIAS: I drank the OpenBSD kool-aid a dozen years ago and have no regrets. I
run OpenBSD everywhere and I try to help out as time and health allow,
including on undeadly, but I'm not a commiter, major contributor or anyone
special.

OpenBSD is a bit like Jazz music. When someone asked Louis Armstrong, "What is
jazz?" his reply was, "If ya gots to ask, ya'll never know."

Though it will most definitely seem elitist, there's some subtle wisdom there;
You need to experience it for yourself to learn the what's and why's. Similar
is true for all of the BSD's. If you're just looking for a fast bullet point
list and "executive overview" (a.k.a. "buzzword bingo decision support"),
you'll never find a reason to run any of the BSD's, and worse, you'll never
learn on your own why zealots like me exist.

The thing you're missing is the experience of learning it for yourself. You
might come to a different conclusion than me, and that's fine, but you would
still benefit from the experience.

~~~
apl
Well, I'm sure that from your perspective the subtleties can't possibly be
boiled down without missing the _essence_ of OpenBSD.

But there's got to be a way of summarizing its appeal. We are talking about an
operating system, and not Kafka short stories or Haydn string quartets, after
all. Otherwise I'll have to go with elitism as the most likely explanation. A
common sentiment among jazz enthusiasts, by the way.

~~~
ghshephard
I'm a huge fan of OpenBSD, having tried freebsd and most of the major Linux
distress before settling on it. If I had to identify the why, i'd have to
agree with the jazz reference. I seriously started comparing the various
distros around 2003, and OpenBSD just gave a more consistent, well documented
and clean experience. It is a very conservative distro, and has a pristine
configuration and network stack. It's reliable, and trustworthy. On the
downside, it's not particularly performant, nor is it well supported by
enterprise Applications - you won't be running oracle 10g on OpenBSD.

Its upgrades are rolled out like clockwork, and are always evolutionary
improvements on the previous version.

~~~
bitwize
Not to mention documented out the wazoo.

I run a NetBSD box and got into kernel hacking just from reading man pages.

I suspect OpenBSD's documentation is even more comprehensive.

------
vacri
_All these locations are fully running under OpenBSD_

vs

 _OpenNX for accessing Windows Remote Desktop or Terminal services (that is
needed because companies use internally developed applications running on
Windows only)_

If they're _fully_ OpenBSD, why do they need Windows Remote Desktop for access
to _internally developed_ software? Why are internal devs making Windows
software? It doesn't seem to be a typo given the way the comment is
structured.

I mean, good on 'em for reducing their OS management overhead, but this just
seems weird.

Separate to that, out of curiosity, which brand name laptop supports OpenBSD
well enough to supply Fortune 500 companies?

~~~
jcr
You essentially have two questions there. The answers are:

#1 Legacy Software

#2 Lenovo

~~~
vacri
gah, sorry, running on empty at the moment. I should have twigged to lenovo as
I have a new laptop of theirs... but it's got a damn realtek wifi card that
doesn't have stable linux drivers.

that's my excuse and I'm sticking to it :)

------
RexRollman
I have to say that OpenBSD is my favorite of the *BSDs. The only thing that it
lacks, that I wish it had, is a journaling file system (fsck takes forever on
today's large hard drives).

EDIT: And whole disk encryption. I am really surprised, given OpenBSD's
security goals, that no one has implemented this.

~~~
there
openbsd has a software raid mechanism to encrypt partitions. it is not yet
bootable, so there must still be a small boot partition, but everything else
can live on an encrypted raid set. bootable support is coming very soon so the
entire disk can be encrypted (or be on any other raid configuration).

i've been using encrypted softraid for a long time on my laptops and on a
central backup server (which has a raid 1 mirrored set across 2 disks, then an
encrypted volume on top of that).

~~~
anonymous
> bootable support is coming very soon

What's your source for this?

~~~
anonymous
Oops, you're a developer. Never mind :)

------
keyle
I run openbsd on the servers, I run ubuntu on the desktops. Best of both
worlds really. The rest is chasing hair out of the soup.

------
plainOldText
speaking of openbsd. I didnt see any follow up on presumably fbi backdoor.
Does anyone know whats going on?

~~~
skymt
The OpenBSD IPsec stack was audited, a few notable bugs were fixed, but no
evidence of a backdoor was found.

[http://arstechnica.com/open-source/news/2010/12/openbsd-
code...](http://arstechnica.com/open-source/news/2010/12/openbsd-code-audit-
uncovers-bugs-but-no-evidence-of-backdoor.ars)

~~~
plainOldText
Great! Thanks

------
hs
Can OpenBSD use Android USB tether? (I use Android Wifi Tether but my
milestone battery runs too hot)

~~~
tedunangst
Depends on entirely the gadget. Some phones show up as one of a dozen
different serial devices and work with ppp. Others will work as cdce, which is
very nice.

------
hrasm
OpenBSD is an awesome piece of software. One OS that, to my limited
understanding, clearly demarcates userland and kernel boundaries. And if I
recall correctly, a critical X related bug was patched in OpenBSD during a
regular code audit. Clearly, they have very good security and audit practices
in places.

However, there was this one incident when Theo trained all his salvos on this
one kid who had the audacity to email the list about his pet project which was
an extension of OpenBSD of some sort (open source of course). Technically,
Theo was right. But his style rubbed me the wrong way. I have since then
discontinued using OpenBSD.

~~~
danieldk
Please give me one example how OpenBSD 'demarcates userland and kernel
boundaries' more clearly than any other modern Unix?

~~~
hrasm
Like I said, my understanding is very limited. I was parroting an informative
comment I read sometime atleast two years ago.

