
Falling in love with OpenBSD again - lelf
https://functionallyparanoid.com/2019/03/13/well-its-been-a-while-falling-in-love-with-openbsd-again/
======
anyfoo
I use OpenBSD on both my remote (VPS) and home (a tiny pcengine box with 3
NICs) servers. Naturally, they do some IPv6/IPsec/tunneling and other
shenanigans with each other, and the home server is the router and firewall
for probably overly complex home network.

It is an absolute joy, and often I just mess around with the system for the
fun of it. One of the compelling factors is that, unlike with a modern Linux
distribution, I practically always have the impression of having full reach
and understanding of the whole system, mainly because of OpenBSD's impressive
consistency and documentation through man-pages.

~~~
snazz
Have you tried it on a desktop yet? I’ve talked about my experiences a couple
of times
([https://news.ycombinator.com/item?id=19280736](https://news.ycombinator.com/item?id=19280736)),
and I like it so much that it’s now the only OS on my primary desktop and
laptop.

~~~
jplayer01
Man, I'd love to run a BSD, but I'm so spoiled by the convenience of the AUR
and immediate access to the latest packages and any packages I could ever
possibly want or need, that I don't think I'd last a week.

------
JdeBP
For the record: 16-bit OS/2 version 1.x never ran Windows programs. That only
came about with 32-bit OS/2 version 2.x.

------
eljimmy
Nice read. It’s always enjoyable setting up a new machine, regardless of the
OS or platform you’re using.

I’ve never used BSD or any of its derivatives - is the main difference between
OpenBSD and FreeBSD just the focus on security?

~~~
notaplumber
A lot more than just security-- albeit that is one of the primary focuses of
OpenBSD, encompassing everything from researching new mitigations to secure
coding practices.

[https://www.openbsd.org/innovations.html](https://www.openbsd.org/innovations.html)

If it helps to put things into perspective, NetBSD is closest relative to
OpenBSD, the latter having forked over 23 years ago. The last time FreeBSD and
OpenBSD shared the same tree was at Berkeley. In fact, NetBSD, FreeBSD and
OpenBSD independently merged the final release from Berkeley, 4.4BSD-Lite2 in
1995.

Linux users generally don't understand what it means for each major BSD being
fundamentally distinct operating systems, including separately developed
kernels, drivers, userland utilities, with their own developer/user
communities.

~~~
asveikau
> fundamentally distinct operating systems, including separately developed
> kernels, drivers, userland utilities, with their own developer/user
> communities.

A lot of stuff does get ported between them though, and many people use
multiple of them.

~~~
notaplumber
Of course there is some overlap.

------
meruru
Some genius HN person reading this please port ZFS!

~~~
notaplumber
That's not likely to happen for both licensing and technical reasons. CDDL is
not an acceptable license. And OpenBSD also has no extant framework for
loadable kernel modules, nor any desire to add one (increasing attack
surface).

~~~
meruru
I understand the CDDL is not GPL-compatible, but why is it not acceptable for
OpenBSD?

~~~
int_19h
It's still copyleft, so including it into the base system would require
licensing those parts as CDDL, so the system as a whole would no longer be
BSD-licensed.

~~~
AndrewDavis
Only the files pulled in would fall under the cddl. The cddl is unlike the GPL
in that it is file based copyleft. It doesn't force any other part it is
combined with to be any license. Ie you could combine it with anything that is
ISC or BSD licensed without issues.

~~~
int_19h
What files _wouldn 't_ be pulled in in an implementation that doesn't support
dynamically loaded kernel modules?

But anyway, even one file is enough. The aggregate would no longer be clean
BSDL.

------
bummer904
The main thing keeping me from using OpenBSD is that TCP transfers seem to
take at least twice as long (testing both small and large files over plain
HTTP) as Linux. Has anyone else seen this?

~~~
switch007
Twice as long! Have you found an existing bug report? Did you remove every
difference in your testing except for the OS?

~~~
bummer904
Yes. I'm just wondering if anyone has actually compared side by side and can
either corroberate or contradict my findings.

~~~
anyfoo
I'm not sure what you mean. Certainly many people would have noticed if
OpenBSD's networking was generally half as fast as it's supposed to be. It
must be something related to your specific configuration (not necessarily just
software).

~~~
ggm
Actually I think very few OpenBSD people would notice if under load OpenBSD
was significantly slower than Linux because very few OpenBSD people deploy in
situation where they can do sustained parallel load tests.

Linux has BBR. OpenBSD doesn't have BBR. The difference between BBR and Cubic
or classic TCP is immense.

~~~
anyfoo
That's a good point. I read the comment such as that every transfer over TCP
would be twice as slow, which would be pretty absurd, but the poster probably
meant high load/bandwidth situations. It would not surprise me at all if
OpenBSD fared way worse, there.

~~~
ggm
It should be said that OpenBSD is a fine system, and this specific (BBR)
difference would only show up if you had significantly large amounts of data
to transfer in flows. I suspect normal use of OpenBSD as most people deploy it
(which is not streaming data at high speed) wouldn't care.

I have nothing against OpenBSD. If the developers don't want to implement BBR
right now because of more important stuff on their backlog, thats fine with
me.

------
sverige
The most interesting paragraph was that the author is thinking about porting
the Kali pentesting suite to OpenBSD. That would be awesome.

~~~
pizzazzaro
That's... Gonna take some kernel work - maybe just some wifi drivers, maybe
more of the network stack.

And if there is one thing that's less "open" than on Linux, its the OpenBSD
kernel.

Dont get me wrong, the source is out there. But you're not gonna find anyone
forking it, running patchsets (like almost any linux main-distro does) or the
like. Compiling your own kernel isnt even supported.

------
whalesalad
To think... all this could have been avoided by remapping capslock to escape
=)

I kid... but it’s definitely changed my life.

~~~
bitminer
ESC key? My fingers are trained to use ctrl-[ since it's quicker than moving a
hand.

Except some keyboards have different locations for ctrl-....

------
fxfan
Should I run OpenBSD or Debian on my VPS, with arguments about security and
(some) ease of usability?

~~~
yjftsjthsd-h
Is there a good option for VPS hosting with OpenBSD? It receives minimal
support from major providers which I'm aware. Which is unfortunate, since I
personally find it to be a much nicer system to work with than the more
popular operating systems.

~~~
pimeys
[https://console.hetzner.cloud/](https://console.hetzner.cloud/) has OpenBSD
6.4. You must purchase a server with one of the four official Linux images
first, then go server settings and from the iso images you can mount the
OpenBSD install ISO and reboot. Use the server console to continue the
installation.

~~~
cyberpunk
As someone who was a heavy OVH user -- well, 100 or so dedicated servers --
and who just abandoned an attempt to migrate them to hetzner (who were
slightly cheaper and offered NVME) -- let me suggest that you avoid Hetzner.

They blocked several critial IPs of mine without any warning, their support
had absolutely no idea what the problem was and refused to unblock my IPs
until I could convince them I'd solved the "problem" (which was an extra mac
address appearing on one of my router addresses -- not an actual problem) and
cost my business about 10k in the process. The email chain was... painful.

I've never had such a bad experience with a host before. YMMV of course, but
I'm back on OVH and life is easy again...

------
gcb0
it looks much easier to de-solder the BIOS than to use the Pamona Clip...
unless you are doing a dozen of those.

~~~
bmer
Why must one do this step? I didn't quite understand it.

