Neat and quite impressive, given how exotic OpenBSD seems to most people. One thing that bothers me though: why? I mean, why wouldn't they do it with any linux distribution? It would probably require less work, less custom tools (like these apps for automatic network configuration or scripts for automounting usb drives they mention), and with some security patches/kernel configurations it should give a similar security level OpenBSD does.
BIAS: I drank the OpenBSD kool-aid a dozen years ago and have no
regrets. I run OpenBSD everywhere and I try to help out as time and
health allow, including on undeadly, but I'm not a commiter, major contributor or
anyone special.
OpenBSD is a bit like Jazz music. When someone asked Louis Armstrong,
"What is jazz?" his reply was, "If ya gots to ask, ya'll never know."
Though it will most definitely seem elitist, there's some subtle wisdom
there; You need to experience it for yourself to learn the what's and
why's. Similar is true for all of the BSD's. If you're just looking for
a fast bullet point list and "executive overview" (a.k.a. "buzzword
bingo decision support"), you'll never find a reason to run any of the
BSD's, and worse, you'll never learn on your own why zealots like me
exist.
The thing you're missing is the experience of learning it for yourself.
You might come to a different conclusion than me, and that's fine, but
you would still benefit from the experience.
I used OpenBSD for some years, and NetBSD for many years. And really, 'kool-aid' is all there's to it. You get miserable hardware support, basic features that other operating systems have for ages (unified buffer cache, journaling filesystems, anyone?) are missing, a packaging system that was nice in 2000, no decent virtualization support, and the security features are fairly arcane (no mandatory access control).
Unfortunately, this is all concealed by a veil of elitism (see parent). Expect many replies on how mandatory access control does not improve real security, virtualization is a flawed idea, and soft updates are superior to journaling[1].
All in all, it's more religion than science.
[1] NetBSD removed soft updates because it was, well, unmaintainable:
Well, I'm sure that from your perspective the subtleties can't possibly be boiled down without missing the essence of OpenBSD.
But there's got to be a way of summarizing its appeal. We are talking about an operating system, and not Kafka short stories or Haydn string quartets, after all. Otherwise I'll have to go with elitism as the most likely explanation. A common sentiment among jazz enthusiasts, by the way.
I'm a huge fan of OpenBSD, having tried freebsd and most of the major Linux distress before settling on it. If I had to identify the why, i'd have to agree with the jazz reference. I seriously started comparing the various distros around 2003, and OpenBSD just gave a more consistent, well documented and clean experience. It is a very conservative distro, and has a pristine configuration and network stack. It's reliable, and trustworthy. On the downside, it's not particularly performant, nor is it well supported by enterprise Applications - you won't be running oracle 10g on OpenBSD.
Its upgrades are rolled out like clockwork, and are always evolutionary improvements on the previous version.
Asking for a "summary of its appeal" is essentially asking for a whole lot
of subjective hand waiving. Worse yet, when one appreciates many aspects
and each is appealing in some way, short listing favorites is like naming
your favorite child -- it's not nice and not fair. Since I've known and
met a number of the OpenBSD developers, I won't put the work of one over
the work of another. I appreciate all of their efforts.
The very best advice I can give you is try it yourself, and keep at it
for a while. It will take some time, but you'll get the chance to form
your own opinions through experience. You may or may not have the
required time, effort or curiosity to get into any of the BSD's, and
that's perfectly fine if you're perfectly content with what you're
running. On the other hand, you might wonder why HN is running on a BSD
(FreeBSD). Maybe PG and RTM know something?
> On the other hand, you might wonder why HN is running
> on a BSD (FreeBSD). Maybe PG and RTM know something?
I suspect they know BSD quite well, which doesn't say much about BSD's aptness for anything. PG and RTM are also using table-based layouts -- you reckon they know something? You also don't want me to name 1000 gurus that prefer Linux, do you? Appeal to some arbitrarily selected authority doesn't tell us much.
Moreover, they're using FreeBSD. I kind of understand why someone would prefer BSD over Linux -- we're talking about OpenBSD, though, and specifically about OpenBSD whose adherents rarely articulate why their chosen system is superior. That's all I wanted to know.
For myself, some of the main reasons I like OpenBSD:
* Secure and functional out of the box. The base install comes with many common services ready to go, and I don't have to worry if I turn them on.
* Simple, understandable. With a little learning, I understand how my systems will behave. I love it that the man pages are present, current and thorough.
Are there downsides? Yes, of course there are. Hardware support is often lagging, and some OS features are still missing that have been in other OSs for years. OpenBSD is a smallish project, and a few dozen part-time devs can only do so much.
So do I recommend that everyone use OpenBSD for everything? No. But I think it's worth learning and adding to your list of options. There are roles where OpenBSD is simply the best choice available, and roles where it's either poor or plain unworkable. To discount it for anything because it isn't best for everything is a limiting viewpoint.
Lastly, anecdotal... of the people I know who are really actually familiar with many OSs (Windows, Mac, various Linux, various BSD), all of them like and use OpenBSD to some extent. These are people who know their options and will choose what they need to get the job done well.
OS Features: Bigmem support has been missing. This seems to be about ready for prime time. Really good SMP, which just gets more irritating as more cores become commonplace. Really good threading, which hampers porting and/or running some ported software on OpenBSD.
Hardware support: mostly cards from various vendors who won't release open specs. Like Adaptec, nVidia, et al. For Linux you get vendor blob drivers or quote open source unquote drivers written under NDA in which the actual functionality is obscured. Or various things on laptops don't work, or whatever. These limitations are not much problem for me, but they bother some people. If I build a server I spec it out with compatible hardware. No big deal.
For many applications none of the above matters, or matters a lot less than the benefits gained. I like OpenBSD and use it for servers and workstations. OpenBSD has pros and cons, like any OS. For my usage, the pros are a long list and the cons don't matter much. But if I were tasked with building a processing farm with tons of cores and memory to run a massively threaded crunching program then I'd pick something else. But I'd still keep the farm walled off behind OpenBSD.
An automated installer comparable with anaconda - the one used by Fedora and RHEL. There seems to be a couple of projects or hacks for this, but nothing in the official (upstream) installer.
OpenBSD security is more than few security patches and kernel configuration. Check out their web site for more information.
Most Linux distributions I've played with (CentOS, Redhat, Ubuntu Server, Debian) are pretty mediocre when it comes to security. I've actually stopped using Debian since this incident :
They have clearly stated why they do not support those technologies multiple times, but it continually comes up.
OpenBSD always goes with simple, easy to understand solutions that "just work out of the box" and can be easily configured and maintained. They build those simple solutions into the OS, they do not (and will not) bolt on complexity.
OpenBSD always goes with simple, easy to understand solutions that "just work out of the box" and can be easily configured and maintained.
Yes, we hear this every time. But this is the same project that advocated systrace, which provided access control with respect to syscalls. I do not see much of a difference between systrace and a mandatory access control framework, except that the implementation of systrace was flawed, it didn't support file labels, and SELinux has a more sophisticated policy language.
The OpenBSD Project has a very narrow view of security, and do little to improve attack mitigation for software that is not in the base system (ports).
I don't know about now, but ~4 years ago installing from scratch I tried SELinux and after hours of configuring it still wasn't recognizing some hardware. Then I tried OpenBSD or FreeBSD, and it was up and running with minimal configuration. YMMV.
I've worked with SELinux in the past, it works but it can be a real pain to get up and running and there's a bit of a learning curve associated with it.
Or am I missing something?