
OpenBSD 6.0: why and how - sivers
https://sivers.org/openbsd
======
notalaser
This point is one that cannot be overstated:

> Great documentation is a top priority. The built-in man pages are amazing.
> So if you're stuck on anything, searching the man pages on your own computer
> is going to give you a better answer than searching Google. (This makes it
> nicer to work offline, too.)

The OpenBSD documentation is absolutely stellar. It's well-structured, always
up to date, has useful pointers and examples. If something is in base, then
it's documented and you can use it _today_.

I still use Linux a lot (especially at work, I basically write Linux software
for a living) and I've used it for a really long time (15 years, if not more),
but I still regularly find myself reaching for a bookmark, or for Google, or
for a bunch of notes I kept around because it took me hours to find out how to
do <something> and never again.

In contrast, you can comfortably use and administer an OpenBSD box without
needing anything but the man pages that ship with it. They're amazing.

It's not a "Linux is for plebs and it sucks" thing, it's just that serious
documentation takes a back seat in its community (there are exceptions, but
they're few and distro-specific). In contrast, the OpenBSD community
encourages a culture where "good documentation" is part of "good software",
not just something you get bonus points for.

In fact, despite how the media portrays it (usually through random quotes from
Theo), the OpenBSD community is a refreshing island of sanity in today's
computing field.

~~~
davidcollantes
Do you know how to add coloring to the man pages? I have tried:
[https://gist.github.com/boredzo/06271944983864da495d30363835...](https://gist.github.com/boredzo/06271944983864da495d303638351ca8)
to no avail. I have played with all terminals, with more, with less, nothing
affects the results.

~~~
groovy2shoes
OpenBSD switched to its own version of man(1) a while back (it's called
"mandoc", previously "mdocml" [0]). mandoc's own documentation is excellent
and, if it supports color at all, it's likely documented in its own manpage
(and also probably on its homepage).

Note that if you're using the OpenBSD vtty (via wscons(4), at least), the
default $TERM is `vt100`, which does not support color (beyond the cyan used
to render italic text). I've had some luck setting $TERM to `vt220` to get
more colors. In an xterm or something, this shouldn't be an issue.

An alternative would be to install some other version of `man` (you'll
probably also need `groff` from ports, though some other implementation of
troff/nroff _might_ also work).

Frankly, though, I haven't seen colorized manpages before, so I'm not sure
what else to tell you.

[0]: [http://mdocml.bsd.lv/](http://mdocml.bsd.lv/)

------
ghshephard
OpenBSD is the one operating system I purchase on every release, going back at
least five or six years. There is a certain elegance to the release that just
makes me feel good about using it, even though my day job has me at a Linux
prompt 10+ hours a day.

Unlike other operating system/environments, where any hope of comprehending
what/how they work after a few iterations is progressively more difficult, and
significant architectural changes hose you for hours/days on end (on even
simple things like assigning an address to an interface), the slow methodical
evolution of OpenBSD stays true to its roots. And tools like signify and doas,
new additions to the fold, are almost instantly comprehensible, and never
annoy like some of the Linux architectural changes of recent years.

Highly recommended for people who want a reliable, predictable, full featured,
and comprehensible Un*x class operating system.

------
trolleibusov
Ever wanted to try some BSD system in my daily usage and this post is a great
motivation to actually try. Although there are still some questions:

1) what is the main difference between FreeBSD and OpenBSD? I see, that
OpenBSD provides a very minimalistic environment, which still, I think, will
perfectly serve my daily workflow based on StumpWM+Emacs+Firefox. Does FreeBSD
provide some more "cookies" in aspect of daily usage?

2) What is the state of RaspberryPi support in OpenBSD?

3) Is there some known big issues with video/wifi hardware in OpenBSD?

~~~
notalaser
> 1) what is the main difference between FreeBSD and OpenBSD?

"Security" is the often-stated end goal, but in practice, it boils down to an
emphasis on code correctness, maintenance, reliability, portability and sane
defaults. Realistically, it's sometimes done at the cost of functionality, but
I think it's a smart approach.

This isn't to say that FreeBSD emphasizes _incorrect_ code, just that the
OpenBSD team seems to be more inclined to not include (or yank out) code
that's unmaintained or is of questionable quality, even if it does useful
stuff.

Some of their ideas seems utopic at first (like the insistence of native,
instead of cross-compiling), but they turn out to be annoyingly right in the
end. My own attitude towards OpenBSD drifted from "what a bunch of loons" back
when I was a Linux teenage fan, to "this is how you do computer stuff
properly" as I grew up.

> perfectly serve my daily workflow based on StumpWM+Emacs+Firefox

My stack is pretty much similar, except I'm back to WindowMaker (me and tiling
WMs had a fight and it didn't end well and we're not speaking anymore).

I don't write much Lisp anymore so I'm not up-to-date on what happened with
the OpenBSD ports, but I think all major Common Lisp implementations run well
on it (but if you want to run SBCL on 6.0, you'll have to watch out for the
mandatory W^X). I don't know if it interests you, I figured you'd want to know
if you also hack on StumpWM.

> 2) What is the state of RaspberryPi support in OpenBSD?

Nope.

> 3) Is there some known big issues with video/wifi hardware in OpenBSD?

Basically, if it says nVidia on it, it doesn't work. If it says ATI on it and
it's not too bleeding-edge, it works great. I heard good things about Intel
GPUs, but I haven't tried it.

~~~
groovy2shoes
My nVidia cards have always "worked" totally fine with OpenBSD. There isn't
any 3D acceleration or anything like that, but running X has always worked
fine for me with the open-source nv driver. Obviously it's not ideal, but I
wouldn't call it a showstopper except for a small handful of potential use
cases.

------
doozy
> The installers are amazing. The initial installation takes like five
> minutes. Hit [Enter] to the defaults, make your username and password, and
> it's ready to go.

I love OpenBSD, but this is blatantly false. The installer is 20 years behind
any other major OS. The only installation that is really supported is on a
dedicated machine, overwriting everything in the drive. And in true OpenBSD
fashion, it'll do it without prompting you twice. OpenBSD's fdisk is spartan
at best.

Also for ideological reasons (that I share) the installation media does not
include firmware. Lots of video and network cards needs firmware to work, so
make sure you download a copy of any required firmware to a USB stick
beforehand.

------
pvdebbe
Question that may be obvious for those who have experience on the matter: is
OpenBSD for server use a nobrainer? It's not that popular on that section even
though everything looks so good, so well suited for serving.

~~~
blue1
It's good, but in my opinion, the fact that patches are not distributed in
binary form is a bit of a problem. (Yes, I understand the reasons). With
debian, I type "apt-get upgrade" and that's it. With openbsd it's more
complicated.

~~~
4ad
OpenBSD binary patches: [https://stable.mtier.org](https://stable.mtier.org)

~~~
blue1
Yes, but isn't it a bad idea to install binary patches from a third party?

~~~
4ad
This 3rd party is comprised by OpenBSD developers though. While not an
official OpenBSD project, the people that provide these patches are the same
people that have built OpenBSD packages in the first place. So if you trust
those binaries, you should trust these binaries too.

~~~
TechoHall
This is simply outdated and wrong information. M:Tier does not employ "the
same people that have built OpenBSD packages in the first place." Last I
checked, naddy@ built the AMD64 packages. He does not work there. In fact, I
don't know if any OpenBSD developers still work there. Maybe one (jasper@) but
you'd need to ask them.

~~~
4ad
Thanks for the important correction. It would be great if this were documented
somewhere.

------
shoover
Gotta love how easy the "how" part is. Just a 226MB installer and a tiny
README, script, and config packaged by the author. I was wishing for something
like this for FreeBSD while reading the desktop tutorial [1] last week (2.6GB
installer and a whole lot of manual config).

The fact that at least a firewall comes preconfigured seems like a big deal
for people who just want to get a basic system going and not mess that part
up.

[1] -
[https://news.ycombinator.com/item?id=12371688](https://news.ycombinator.com/item?id=12371688)

------
openfuture
Can someone please tell me which laptop runs openbsd flawlessly and is fairly
new?

For example what do the openbsd devs use?

I'm pretty much just going to buy whatever is suggested if I can verify that
it's at least a half decent laptop.

Thanks

~~~
jlgaddis
> _The 2015 X1 Carbon Thinkpad works really well._

\-- [http://www.tedunangst.com/flak/post/openbsd-
laptops](http://www.tedunangst.com/flak/post/openbsd-laptops)

------
Bino
Their biggest problem may be the size of their user/usage community, it may
not be so "Everything is rock-solid and just works" for you and you should
probably expect that some features may not be so tested or used outside of the
developer using the code for their own purpose. On the plus side, it allows
them to fast move forward and break backward compatibility for the greater
good, however keep in mind to follow their mailing list and read the change
log very carefully to avoid surprises.

------
d_theorist
I love OpenBSD, but one reason I don't use it for my day-to-day work is that
it lacks some tools that I now find indispensable. For example, LXC containers
are incredibly useful for creating isolated, lightweight, development
environments. I don't know of anything similar for OBSD.

~~~
ams6110
chroot for isolated environments, but it's not as easy to set up as lxc from
what I recall. You could automate setup with ansible or scripts if it's
something you do a lot.

You can run VMs in qemu, but the one time I tried it it was painfully slow.

There's also work on vmm introduced in 5.9 but I'm not sure how close it is to
something that is really is complete and usable.

[http://man.openbsd.org/vmctl.8](http://man.openbsd.org/vmctl.8)

[http://man.openbsd.org/vmd.8](http://man.openbsd.org/vmd.8)

[http://man.openbsd.org/amd64/vmm.4](http://man.openbsd.org/amd64/vmm.4)

~~~
d_theorist
Thanks. I'll take another look at chroot jails when I do my next periodic
"Install OpenBSD and see if I can use it as a day-to-day work OS" experiment
:)

------
j_m_b
Does OpenBSD have an encrypted filesystem that is comparable to Mac OS X
FileVault? I like knowing that when I put my Mac to sleep, no one will ever be
able to access the contents of my disc without my password.

~~~
rmusial
OpenBSD supports encrypted user mounts and full disk encryption

------
rwmj
Does OpenBSD have real package management yet and a clean story for upgrading
from one release to the next?

~~~
ghshephard
I guess the response would be, what is it about OpenBSD package management
haven't you liked in the past, and what difficulty have you had upgrading from
one release to the next?

For example - here are the instructions for upgrading from 5.9 to 6.0:
[http://www.openbsd.org/faq/upgrade60.html](http://www.openbsd.org/faq/upgrade60.html)

Once you are done upgrading the operating system, you upgrade your packages
with the command:

    
    
      o pkg_add -u

~~~
rwmj
A package manager should know about all the files installed on the system.
Previously (and it has been many years) *BSD just splatted files into the
filesystem and didn't keep track of them.

~~~
brynet
OpenBSD's pkg_add/* tools are related to the old FreeBSD utilities only by
name, Marc Espie rewrote OpenBSD's package tools in Perl many years ago. It is
a modern packaging system with proper dependency tracking, per-file checksum
verification, privsep and cryptographic signatures (signify/ed25519)

------
akerro
> It's not for beginners. Beginners should use Ubuntu.

Please change it to PC-BSD

------
galfarragem
A bit of topic: I'm sure that most (if not all) OpenBSD visitors are pro users
but a website redesign would make the 'conversion' more friendly for newbies.

~~~
fnj
I find the openbsd.org site to be excellently laid out and presented. Most
sites on the web would do well to take lessons.

~~~
riffraff
I like that the site has been about the same for 15 years[0] but using a
slightly larger or more readable font, or increasing space between menu items
wouldn't hurt.

(Although maybe the current page works as a "ah, turned off by the looks,
effin' hipsters" kind of filter)

[0] the homepage has actually gotten slightly worse compared to around 2001
when I first saw it,
[https://web.archive.org/web/20010302003922/http://www.openbs...](https://web.archive.org/web/20010302003922/http://www.openbsd.org)
as the list below "About OpenBSD" now is messed up with one or two elements
per line for unexplicable reasons

