[HN Gopher] What every IT person needs to know about OpenBSD (2021)
___________________________________________________________________
What every IT person needs to know about OpenBSD (2021)
Author : todsacerdoti
Score : 160 points
Date : 2023-07-23 07:51 UTC (15 hours ago)
(HTM) web link (nxdomain.no)
(TXT) w3m dump (nxdomain.no)
| ceeam wrote:
| Hopefully HAMMER2 is ported to it soon. No hope for ZFS. Having
| old school UFS is a deal breaker, even though most Linux users
| still live with a comparably old Ext4, but once you get used to
| ZFS you don't want to go back. -- FreeBSD user
| anthk wrote:
| Hammer2 might be a bit intrusive in the FS subsystem. Less than
| ZFS, for sure, but is not a trivial task.
| ninkendo wrote:
| I put OpenBSD on my router earlier this year to get in-kernel
| NAT64 support and to learn pf, among other things.
|
| I'm massively regretting that choice due to the UFS root
| filesystem. Power outage? Hope you weren't planning on your
| internet coming back up without manual intervention. Get ready
| to plug that keyboard in and type "fsck" manually at boot, and
| press "y" a few dozen times while it asks you questions about
| what to do with corrupted inodes. I hope none of that data is
| important to the correct operation of the system!
|
| A filesystem lacking journaling support in 2023 is an absolute
| travesty given that the rest of the world has had this problem
| solved for 25 years or so.
| kstrauser wrote:
| OpenBSD has soft updates as an option. I don't recall ever
| having to manually fsck a FreeBSD system with soft updates
| enabled.
| binkHN wrote:
| softdep is gone:
|
| https://marc.info/?l=openbsd-cvs&m=168856997929968
| olgeni wrote:
| What happened to fsck_options in rc.conf?
| rollcat wrote:
| It wouldn't solve an actually corrupted filesystem.
|
| For network appliances, read-only root FS is probably the
| way to go anyway. (I'd say it's also worth doing it in
| general.)
|
| (Disclaimer: avid fan of everything BSD, OpenBSD in
| particular.)
| ninkendo wrote:
| Ok say my root file system is read only, and say,
| /var/log is writable. The power goes out. Then what? Does
| /var/log just not mount until i type fsck? Aren't i back
| to the same issue?
| fuzzy2 wrote:
| Could you perhaps run it with a read-only root filesystem
| (only mounting r/w for changes/upgrades)?
| ninkendo wrote:
| I'd have to put /etc on another partition, which really
| means I'd have to up front plan to put every damned
| writable thing on its own partition, which OpenBSD
| encourages specifically because it allows you to mount more
| stuff as r/o. And even then, any partitions which are
| writable would not be able to be mounted after boot until I
| do the same ridiculous fsck dance.
|
| But that's, in my opinion, brain-dead stupid when it only
| exists to work around the idiocy of not having a journaled
| file system like ever other modern OS has had for the past
| 25 years. Having to up-front plan a size (and inevitably
| get it wrong) for half a dozen partitions, just to work
| around glaringly obvious weaknesses in the OS itself, is
| beyond stupid.
| binkHN wrote:
| You are on point. I still use OpenBSD where it makes
| sense though--in your case it does not. All my OpenBSD
| systems are backed by a UPS, but a crash, while rare,
| could still readily cause file system corruption.
| pacija wrote:
| Here's how I solved it:
|
| https://www.mimar.rs/blog/how-to-increase-openbsds-
| resilienc...
| binkHN wrote:
| I know of the non-standard workarounds, I'm just not
| interested in doing them unless it's for a very specific
| deployment and needs to be repeatable across a large
| number of systems.
| tiffanyh wrote:
| Agreed and someone is working on the port.
|
| Really hope this lands in -current.
|
| It was updated just last month (June).
|
| https://github.com/kusumi/openbsd_hammer2
| ilyt wrote:
| [flagged]
| NoZebra120vClip wrote:
| This appears to have been published in the second half of 2021.
|
| I recall some heady weeks in 1998, attempting to enable IPSEC
| between my twin OpenBSD Apollo 425t systems. "hard and near
| impossible to debug from an almost-working to a fully working
| setup" is an understatement! I never got it to the almost-working
| stage!
| peter_hansteen wrote:
| For those looking for nicer formatting, the article is also
| available as a three part APNIC guest blog post
| https://blog.apnic.net/2021/10/28/openbsd-part-1-how-it-all-...
| (links to the other two articles should be very easy to find from
| there) or the original blogspot version
| https://bsdly.blogspot.com/2021/09/what-every-it-person-need...
| (and yes, the article was originally published in September
| 2021).
|
| The nxdomain.no version is tracker-free other than my rather
| short lived nginx log.
| gglitch wrote:
| Looks great in reader mode too. Thanks for your attention to
| structure and formatting :)
| kristiandupont wrote:
| I have never tried any *BSD systems. What are they best suited
| for? Dev environments? Servers?
| jamal-kumar wrote:
| With OpenBSD in particular I like it because from the default
| install it's got a built in web server [1] which can handle
| most use cases. I can pretty much just put it anywhere and
| trust in the secure defaults that it provides, throw my own
| software on that server, and then have a pretty good standard
| from OS level to my own software on how secure that's going to
| be. It doesn't change much [2].
|
| Linux doesn't really offer that. Yeah it's got PACKAGES that
| offer web server solutions (apache, nginx, whatever else) but
| then I gotta maintain those. I find myself having to patch
| everything on my OpenBSD boxes way less if I stick to how it
| seems to be intended to be used - When all I've got to maintain
| are my own secure os installation + configuration, and my own
| software that I wrote myself, literally no packages, it's
| really cool.
|
| [1] https://man.openbsd.org/httpd.8
|
| [2] https://www.openbsd.org/errata73.html
| detourdog wrote:
| The documentation and the source code is all you need to do
| anything with an OpenBSD system. There is no need to track
| down anything the OpenBSD doesn't explicitly provide or
| document.
|
| Sometimes you have to think real simple.
| loeg wrote:
| They're best suited for people who had a good experience with a
| BSD in the 90s and are sentimental about that. Otherwise,
| there's really no reason to go with them over a Linux system.
| detourdog wrote:
| Or people that enjoy a consistent environment without
| mindless churn.
| loeg wrote:
| No, I actually meant what I wrote the first time.
| ChoHag wrote:
| [dead]
| NexRebular wrote:
| For me there's really no reason to go with linux over BSD (or
| illumos). For the occasional linux-locked software one can
| always run lx-zones or full bhyve HVMs anyway.
| jjav wrote:
| BSDs (FreeBSD in this case) are used in production today, a
| notable example is Netflix:
|
| https://people.freebsd.org/~gallatin/talks/euro2021.pdf
| rrdharan wrote:
| Some would say the only notable example is Netflix and it's
| likely because of the aforementioned warm fuzzies which
| align with the ages of people who made the decision to go
| with it.
|
| WhatsApp also used a BSD IIRC but I imagine they've
| transitioned to Meta's standard stack by this point.
| toast0 wrote:
| > WhatsApp also used a BSD IIRC but I imagine they've
| transitioned to Meta's standard stack by this point.
|
| Yes, that happened. I was there. FreeBSD is great and we
| would have continued to use it, but as an aquisition, you
| can only push back on so much of the incumbent tech
| stack. Much of the team had experience at Yahoo and saw
| how hard it is for acquisitions to run in the same
| infrastructure if they're running a different OS, so we
| spent zero time asking to run FreeBSD at Facebook.
|
| The hardware at Facebook was quite a bit different, so
| there was never an apples to apples comparison to say
| whether one OS (as tuned) was better than the other at
| the use case. They clearly both work, and I've got my
| opinions and other people have theirs, and that's fine.
| nottoplan39231 wrote:
| > What every IT person needs to know about OpenBSD
|
| First thing that we need to know - what is it? I had to look up
| on Wikipedia for information on what this is and what it's trying
| to solve.
|
| So my takeaway is that not every IT person needs to know this
| since I've been in the field for over 20 years and worked at a
| wide range of tech companies (from Unicorns to academia to
| fortune 100 companies to FAANG or whatever the name is now)?
|
| It's a shame when articles like this make so many assumptions
| about their audience. It reminds me of the RTFM days of tech that
| was dismissive, arrogant, and not all that helpful.
| system2 wrote:
| It is just a linux distro. Not a handsome one either. "Every"
| IT person needs to learn how to use Windows Server first before
| jumping onto these things because 90%+ companies are using
| Windows Server.
| the_only_law wrote:
| > It is just a linux distro.
|
| No it's a BSD.
| system2 wrote:
| Linux, Unix. For someone who is asking what it is, simpler
| response is "just a distro".
| godber wrote:
| I used to use OpenBSD about a decade ago, I liked it quite a bit.
| I haven't paid attention for over a decade though. Does anyone
| know how the maintainer base has evolved? I guess my main
| question is will OpenBSD survive Theo's death?
| inparen wrote:
| Is there something in OpenBSD, which I cannot do in other
| bsds/*nixes ? Or, I can do something significantly better than
| other oses ?
| owenmarshall wrote:
| Is it better than sliced bread, no. But it does some things
| better than other systems.
|
| First, it feels small enough that I understand what's going on
| while still providing valuable services out of the box - a web
| server, load balancer/proxy, etc.
|
| But more importantly the pieces all play together to make a
| unified system: the load balancer can do layer 3 by interacting
| with the system firewall, httpd works with the built in ACME
| client for TLS. All those pieces benefit from being part of the
| system as a whole, by having very consistent tooling and
| support - things are named very consistently and share flags
| across the system, and are backed by very high quality
| manpages.
|
| Simply put it's not perfect, nor revolutionary, but it gets a
| lot of things right.
| prettyStandard wrote:
| Are any of the developers asking to switch to Rust?
| prettyStandard wrote:
| Wow, down votes for a question. As a non rust developer, and
| non BSD user, but tangently aware of these things I am just
| trying to understand the energy of these communities. Guess I
| got my answer.
| inferiorhuman wrote:
| OpenBSD is a tier 3 platform for Rust because of their
| release policy (frequent releases, no guaranteed backwards
| compatibility). Unless that changes it's unlikely that you'll
| see OpenBSD promoted beyond tier 3. From the OpenBSD side
| it's unlikely they'd adopt a language that's relegated them
| to the lowest priority.
| irdc wrote:
| Considering OpenBSD still supports some fairly old platforms[0]
| (for fairly good reasons, mainly that it helps catch bugs and
| keep the source tree portable) I don't see that happening soon.
|
| 0. https://www.openbsd.org/plat.html
| inferiorhuman wrote:
| As an aside, github's issue search has really gone to shit.
|
| On that list, I think only the Loongson and Landisk
| architectures are in the not likely to ever be supported. The
| rest are all supported by LLVM and/or GCC with various
| efforts to support them in rust.
| 634636346 wrote:
| Theo isn't a "Code of Conduct" type of guy. Not a good fit.
| Though the license of the Rust compiler (MIT/Apache) does at
| least make it a possibility.
| [deleted]
| BaculumMeumEst wrote:
| There is nothing that every IT person _needs_ to know about
| OpenBSD. Most probably do not know it exists, and there is no
| consequence.
| aleph_minus_one wrote:
| > There is nothing that every IT person _needs_ to know about
| OpenBSD.
|
| I absolutely agree. Such clickbait headlines are often strange.
| For a more macabre example, consider the headline "10 [things]
| you can't live without". This means that if you don't own these
| ten things, you will die.
| ladyanita22 wrote:
| Every single time I see something related to BSDs, I think the
| same. How tiring...
|
| For more than a decade, every single thing related to BSDs has
| been largely irrelevant. Every. Single. Thing.
|
| Nobody cares about that, the only thing BSDs had was their
| license (vs. the GPL), and that's not entirely clear to have
| been good at all for the ecosystem (because, clearly, Linux has
| enjoyed a much greater development). Nowadays, even in embedded
| it's either Linux or RTOS, nothing like BSDs at all, so the GPL
| is clearly a non-issue.
| saagarjha wrote:
| Just because the BSDs see low use doesn't mean the ideas they
| have have similarly low influence.
| sturob wrote:
| Do you use openssh?
| jamal-kumar wrote:
| It is a little weird seeing Peter N. M. Hansteen of all people
| use a clickbaity headline, but it's still not a bad thing to be
| aware of at least. The man will evangelize his favorite thing,
| he's a nice fellow.
|
| I think OpenBSD will still be relevant outside of its own OS
| realm as long as people are still using software that comes
| from the project (openssh, tmux etc).
| rewmie wrote:
| I agree. To underline the futility of this article, the factoid
| it leads with was how many years OpenBSD has been around. That
| bit of trivia is completely irrelevant and has no technical
| meaning or direct implication. No one ever asked during
| unscheduled downtime "quick, does anyone know how many years
| OpenBSD has been around for?"
| mmmrk wrote:
| It does carry meaning, see
| https://en.wikipedia.org/wiki/Lindy_effect. It's not
| something to know during downtimes, but at the point in time
| where you decide which technology to use going forward.
| Contrast this with the lifetimes of popular Javascript
| frameworks.
| csydas wrote:
| maturity of a project definitely matters; in larger
| businesses, the maturity of a product and how long it's had
| to "get past the teething stage" is very important, and for
| projects with public repos/issue trackers, you can get a nice
| feel for how the devs handle critical bugs going into it, or
| check if a major pain point for you has come up before and
| how they handled it.
|
| the article is a call to get you comfortable picking/using
| BSD, and from my point of view it's reasonable to advertise
| its maturity.
| paulnpace wrote:
| I'm not a professional in any of this, but just from
| reading comments it appears that devs seem to prefer the
| latest, greatest, coolest thing while admins seem to prefer
| the oldest, robustest, boringest thing.
| sbuk wrote:
| _Devs on Hacker News_. You 'll find many outside of this
| bubble that either don't care, don't know about it or are
| happy with their tools.
| dale_glass wrote:
| Code is maintenance heavy and tends to have
| interdependencies on other related code. Eg, I wouldn't
| use qt4 today because it's dead, so if something is wrong
| with it it's now my problem to figure out how to fix it.
|
| Meanwhile qt6 is under active use and development, so I'm
| much more likely to find help and bug fixes, and
| developer interest. And it's less likely to say, stop
| building because cmake deprecated some ancient feature,
| or uses some ancient and now incompatible library.
| csydas wrote:
| I can completely get that understanding; I'm not enough
| of a programmer to really make sense of a lot of low
| level code, but enough that I can understand the type of
| issues they've solved and how they did it.
|
| I suspect you are correct because newest and greatest
| typically solve a problem, and that's the focus for the
| devs. the more senior devs I know take an "optimistic but
| cautious" approach, while less experienced devs/non-devs
| typically just see an answer to their particular problem
| and want to use it, as defending the use and the few
| broken instances is typically easier than solving the
| issue without the latest and greatest. and I can get that
| easily
|
| admins probably like old and trusted because boring is
| exciting for them; for a few of the systems I admin, it's
| great to have a few on debian/bsd where they've proven
| that I don't need to babysit these systems; they're never
| fully out of the equation when troubleshooting, but it
| comes up rarely, and if worst comes to worst, a reboot on
| these systems is typically so fast and non-disruptive
| that it's an easy decision, which often helps and then
| the issue never returns. sure it's not good that I had to
| reboot, but a down time of 10 seconds while I boot and it
| never comes up again is appealing.
| abwizz wrote:
| > Most probably do not know it exists, and there is no
| consequence.
|
| i can relate with the first part, but the second seems rather
| far fetched
| rs_rs_rs_rs_rs wrote:
| That obsd fanboys can't code mobile friendly sites.
| blactuary wrote:
| Looks perfect for me on Android Firefox. Not only looks
| perfect, loaded really fast. Plain Jane HTML is great and more
| people should use it.
| Sunspark wrote:
| I can't use that browser. The scrolling inertia is horrible.
| Samsung Internet Browser is so much more pleasant to scroll
| about in.
| whartung wrote:
| Looks fine on my iPhone. Font is a bit small for me, but
| turning the phone sideways fixes that, or using the Reader
| mode.
|
| This is in stark contrast to sites that use the PRE tag and
| don't wrap. Notably things like their mailing list archives.
| simondotau wrote:
| I think if a web page formatted with nothing more than <h1>,
| <h2> and <p> tags isn't displayed well on your phone, the
| failing is with your browser, not the page.
|
| Surely a web page with utterly default style and zero layout
| should be a minimally cromulent experience on any device. It's
| just headings and paragraphs, with the occasional bullet point
| and indent. There's no stylesheet. There's no reference to
| millimetres, pixels or point sizes. Everything is defaults.
| rs_rs_rs_rs_rs wrote:
| The website from your HN profile works fine on mobile. Why
| did you put in the work for that and not rely on the
| "defaults"?
| simondotau wrote:
| Is that a serious question? I'll offer a serious answer if
| so, even though it's an absolute _non sequitur._
| rs_rs_rs_rs_rs wrote:
| It is absolutely a serious question.
| simondotau wrote:
| Information density, feature density, and
| distinctiveness. Also it's fun.
| rs_rs_rs_rs_rs wrote:
| > Information density, feature density, and brand
| association.
|
| Nice things I want from a page that talk at length about
| obsd too but it seems I am wrong for wanting them.
| simondotau wrote:
| > Nice things I want from a page
|
| Unlike my website, the page here is a static document. I
| see no information density issue showing a static
| document with generic mark-up. The page has no features
| at all, dense or otherwise. The page has no need for
| brand, it's just a document written by someone, and that
| person probably doesn't have a personal logo or corporate
| colours.
|
| > it seems I am wrong for wanting them.
|
| I never said that. What I said is that the browser is
| wrong for giving you an unsatisfactory experience with a
| generic web page.
| bjelkeman-again wrote:
| Look perfectly fine on iOS and iPadOS, for me.
| jmclnx wrote:
| And looks good to me on android via Firefox and Chrome.
| gkbrk wrote:
| Renders just fine on Firefox on Android as well.
|
| Doesn't have a weird zoom or scrolling on the horizontal axis
| like some "mobile friendly" websites either.
| rs_rs_rs_rs_rs wrote:
| No it does not, you're lying.
| doublerabbit wrote:
| Loads and renders fine here too, iPhone.
| mvanbaak wrote:
| And another 'works for me on iPhone and iPad default safari
| browsers'
| carlosjobim wrote:
| Looks perfect on iPhone, I can confirm. To browse the web
| with a mobile device you should set it to open every site
| in reader view as default.
| xo5vik wrote:
| Get a random fact about OpenBSD https://why-openbsd.rocks/
| bfrog wrote:
| It's too bad certain games don't use this idea of random load
| locations to avoid injections. Seems like most game hacks
| basically work by reading/manipulating certain memory offsets
| which contain useful data. Unless I misunderstand them.
| saagarjha wrote:
| Most games already use this (not as a security feature, but
| because the OS applies ASLR to them).
| blibble wrote:
| this works against exploits that need that offset pointer to to
| run any code at all
|
| but doesn't work against something the user is voluntarily
| injecting as the user is quite happy to run the offset pointer
| locating code
| deadletters wrote:
| You're right! Moreover that's sort of how all exploits work if
| you really zoom out.
| jmclnx wrote:
| >which means that poorly written software will crash a lot more
| often on OpenBSD than elsewhere.
|
| And this is why I test everything I write for use at work on
| OpenBSD, it has helped me find some issues with items I have
| written for use on an application hosted on AIX
| pjmlp wrote:
| Naturally it only works, because I assume it doesn't take
| advantage of Aix features.
| jmclnx wrote:
| These uses no OS specific calls because of on-going rumors
| for a while of a move to Linux.
|
| But by testing on OpenBSD, issues have been found that AIX
| and Linux would happily ignore.
| binkHN wrote:
| I assume this is related to the very robust malloc
| implementation in OpenBSD.
| o11c wrote:
| A more significant issue, in my experience, is that a lot of
| useful nonstandard APIs simply _do not exist_ on the BSDs,
| under any name - or worse, exist with unstable names, so you
| have to #ifdef your source code to make it work with more than
| one release. There is no equivalent to Linux 's "we do not
| break userland".
|
| FreeBSD is generally assumed to be the least painful, but I
| usually don't even bother with that these days. If someone
| cares they can do the work.
| rollcat wrote:
| And vice versa, I dearly miss pledge, unveil, pf, doas, ksh,
| rcctl, arc4random, bioctl, and a dozen other smaller (or
| bigger) things on other OS's.
|
| (Yes I know some of these things have been ported, but aren't
| exactly as nice when "out of context".)
| SoftTalker wrote:
| Yes, an OpenBSD release is a full system: kernel + userland.
| Running anything from a different release might work, but
| isn't supported and you won't get any help if something
| breaks as a result.
|
| Also there is no "LTS" release. The prior release gets
| updates until the next release drops. So you need to plan on
| release updates every 6 months. Luckily "sysupgrade" is
| usually painless but you need to check the release notes and
| packages you have installed for potential extra work (e.g. if
| you're running Postgres and it got a major version bump,
| you'll probably need to upgrade your database).
| detourdog wrote:
| The downside to OpenBSD to understand what you are using
| and monitor how to keep it going from release to release.
| SoftTalker wrote:
| I guess you're being ironic but I didn't mean to say it
| was a "downside" just that it is different from what one
| may be used to with Linux distros.
|
| I actually think it's good that you're sort of forced to
| keep up, but it's something you need to be aware of in
| case that isn't practical for your planned use.
|
| For example if you get too far behind you'll find that
| sysupgrade doesn't work anymore, because it will only
| upgrade from one release to the next, and if you're more
| than two releases behind the "next" release might not be
| on the mirrors anymore. In that case you'll have to go
| hunting for it or just do a new install of the current
| release and then copy/update all your local config.
|
| That can happen with Linux too, but typically not as
| quickly. With OpenBSD, if you're much more than a year
| behind, upgrading will become increasingly problematic.
| anthk wrote:
| No. You can always find mirrors. A friend upgraded from
| 7.0 to 7.3 with no issues.
| st3fan wrote:
| My experience is that OpenBSD works best if you don't go
| too much outside of what comes with the distribution.
|
| As soon as you install packages you are going to be dealing
| with incompatibilities between OpenBSD releases and dealing
| with a lot of recompilation.
|
| As an example I had installed fish from the packages as my
| default shell and after upgrading from 6.X to 6.x+1 I could
| not log in anymore because the compiled fish binary simply
| was not compatible anymore.
|
| It is all by design and once you know these people things
| you can work around "quirks" like this.
| SoftTalker wrote:
| I would say packages mostly work well and are not as bad
| as you make them sound. Yes, after upgrading the OS
| release you need to run "pkg_add -u" to upgrade all your
| installed packages. This is normally pretty easy.
|
| There are a few potential "gotchas" and changing your
| login shell (or especially root's login shell) or any
| other defaults in the login or other base configurations
| are things that you learn to to do very deliberately
| after getting burned a few times.
| anthk wrote:
| Never touch your root login shell. Ever.
| doingtheiroming wrote:
| Worth noting that because the man pages are so good, GPT4 is a
| rather good OpenBSD sysadmin. If you get stuck on anything these
| days, you can ask it.
| snvzz wrote:
| I am most sad about libressl, which is highly compatible with
| openssl yet profoundly better.
|
| Portable version exists and the Linux world should have replaced
| openssl by now, but for unknown reasons this is yet to happen.
|
| I am hopeful someday one of the larger distributions such as
| Debian will have the courage to step forward.
| devmunchies wrote:
| > profoundly better
|
| How? Better/newer algorithms? Faster? Cleaner code? Better
| APIs?
| jiggawatts wrote:
| After Heartbleed, BSD developers forked OpenSSL and
| "cleansed" it. They removed ridiculous amounts of
| unmaintained legacy code, rewrote much of the rest, and
| tightened the security.
|
| The old code was littered with conditional compilation macros
| that made it virtually impossible to reason about or test.
| There are just too many forks in the tree of possible compile
| flags.
|
| The style of "make this code work against every possible
| standard library" is _broken_ and results in insane spaghetti
| code. Instead, the BSD team rewrote OpenSSL in terms of a
| modern, complete C standard library. Then instead of making
| their LibreSSL cryptography code have conditional flags in
| it, they wrote _shims_ for the standard library so that it
| would work on platforms where there are missing functions.
|
| This results in far cleaner code that can be reviewed and
| tested with much greater confidence.
|
| I dug up a couple of presentations by the LibreSSL team 9
| years ago. It's full of "Wat!?" moments, such as discovering
| the OpenSSL has its _own implementation of malloc & free!_
| Why? Because on one platform they nobody uses any longer,
| those functions were "slow"! So now they have a custom-
| developed poorly maintained heap full of security issues.
| Worse still, that custom heap does not benefit from the
| security features of modern allocators or analysis tools like
| valgrind.
|
| Watch: https://www.youtube.com/watch?v=-4psTQ1sX7s
|
| I love the bullet point list of insanity they cut out:
| - Ebcdidc support - DOS support - MacOS
| Classic support (pre OS 10) - Win16 support -
| VM Support - Big-endian AMD64 support (!?)
|
| That last one is a story in and of itself...
| Arnavion wrote:
| >I am most sad about libressl, which is highly compatible with
| openssl yet profoundly better.
|
| >but for unknown reasons this is yet to happen.
|
| The reasons are very known. It's because libressl is not in
| fact "highly compatible with openssl."
|
| Alpine:
| https://lists.alpinelinux.org/~alpine/devel/%3CCA%2BT2pCGFeh...
| (read the whole thread)
|
| Gentoo: https://wiki.gentoo.org/wiki/LibreSSL
|
| OPNsense:
| https://old.reddit.com/r/OPNsenseFirewall/comments/t4e5cp/op...
| dang wrote:
| Related:
|
| _What every IT person needs to know about OpenBSD Part 3: That
| packet filter_ - https://news.ycombinator.com/item?id=29290663 -
| Nov 2021 (48 comments)
|
| _What every IT person needs to know about OpenBSD Part 3: That
| packet filter_ - https://news.ycombinator.com/item?id=29186042 -
| Nov 2021 (1 comment)
|
| _What every IT person needs to know about OpenBSD_ -
| https://news.ycombinator.com/item?id=28709505 - Sept 2021 (12
| comments)
| 1vuio0pswjnm7 wrote:
| According to the Addendum NetBSD is older than FreeBSD.
| Sunspark wrote:
| From the chronological perspective of a few months! Not even a
| year.
|
| FreeBSD has certainly received a lot more development hours
| compared to NetBSD.
|
| It would be interesting to read a write-up one day where all
| the BSDs say what they grew since their initial releases.
| uwagar wrote:
| is openbsd good for graphics and sound work/programming?
| toast0 wrote:
| Latency sensitive? I'd guess you'd have some issues, because
| I've read that OpenBSD doesn't have syscalls to set cpu
| affinity for userspace threads/processes, which means you're
| subject to the kernel scheduler and might have tasks move in
| less than ideal ways.
| pseudostem wrote:
| Vulkan seems to be incomplete. Graphics drivers for Nvidia are
| a problem due to the project not accepting blobs, not signing
| NDAs. And today I had a problem installing matplotlib (ninja
| gave some error). AFAIK, tensorflow and/or python libs are a
| problem with *nix as well.
|
| On the good side, the system is VERY predictable.
| jzb wrote:
| I tinkered with OpenBSD a long time ago and found installing was
| more of a headache than I cared for - specifically disk
| partitioning was a chore. I wonder if that's gotten much better?
|
| Can't see myself switching to OpenBSD at this point, but I'd try
| it just for fun if the installation has improved enough.
| jamal-kumar wrote:
| The auto partitioning is a bit of a mess for sure.
|
| Really no idea why it insists on splitting it into 5 partitions
| when just a seperate /usr/local mounted with the wxallowed flag
| is mostly fine.
|
| Other than that though it's mostly just hitting enter a bunch
| of times if you ever want to give it a shot again.
| vogon_laureate wrote:
| They explain the reasoning thus[1]:
|
| _Unlike some other operating systems, OpenBSD encourages
| users to split their disk into a number of partitions, rather
| than just one or two large ones. Some of the reasons for
| doing so are:_ * *Security: Some of OpenBSD's
| default security features rely on filesystem mount options
| such as nosuid, nodev, noexec or wxallowed.* *
| *Stability: A user or a misbehaved program can fill a
| filesystem with garbage if they have write permissions for
| it. Your critical programs, which hopefully run on a
| different filesystem, do not get interrupted.* *
| *fsck(8): You can mount partitions that you never or rarely
| need to write to as readonly most of the time, which will
| eliminate the need for a filesystem check after a crash or
| power interruption.* [1]:
| https://www.openbsd.org/faq/faq4.html#Partitioning
| daneel_w wrote:
| _> "Really no idea why it insists on splitting it into 5
| partitions when just a seperate /usr/local mounted with the
| wxallowed flag is mostly fine."_
|
| Because OpenBSD recommends having nosuid on everything that
| isn't /, /usr and /usr/local, and nodev on everything that
| isn't / (where /dev lives).
| detourdog wrote:
| Each of the BSD's have their own personality and group of
| adherents. There is a secondary circle that may love all
| BSDs. Long ago there was east coast unix and west coast
| unix. The BSDs represent the West Coast thread.
|
| I just like the BSDs because they all maintain a single
| document that can get you from a single system host install
| to a supporting network installs DHCP->TFTP install.
|
| I always go for either NetBSD "We install on anything" or
| OpenBSD "We are still just trying to get secure
| implementation of the 4.4 spec"
| dmvdoug wrote:
| I'd love to read more about the differences in
| "personality" among the BSDs. Any suggestions on material
| to look at?
| sgt wrote:
| It's like an filter to determine whether the user is worthy
| enough to use OpenBSD. Last time I used OpenBSD must have been
| back in 2000, 2001. Extremely well built system and the impact
| it has had on the world is mind blowing. I later changed to
| FreeBSD which had a bigger community and better support for
| graphics drivers, etc.
| detourdog wrote:
| I think you might be right. The partitioning is very old
| school but if you need old school partition it's right there.
|
| If you don't need old school partition learn what you do need
| and move on. The documentation has always matched the
| experience with OpenBSD. I enjoy OpenBSD simply becuase I
| know where to find the documentation. Some OS's have so many
| variations that I'm overwhelmed.
|
| Considering the goals of OpenBSD the partitioning is a
| feature and structural.
| jmclnx wrote:
| One thing for people coming from Linux.
|
| If you decide to put everything in one large partition (not
| really recommended), always make sure /usr/local is on its
| own partition. If you do not do that, some ports will core
| dump. If you use one big partition, you will need to
| disable an important security feature to allow the ports to
| run.
| housemusicfan wrote:
| And yet the last time I accepted OpenBSD's partitioning
| defaults I ended up with "/usr: no space left on device"
| the first time I tried building something from ports.
| detourdog wrote:
| The defaults probably are probably close to the minimums
| required. Remember this is a conservative operating
| system. They will not look at your system and guess how
| you want to use it and make more guesses at your
| partition size should be.
|
| They assume since it's your disk you best know how to
| partition it. One is free to edit the default save them
| to file for next time.
|
| If one wants to manage the details of a computer system
| with documentation describing the implications of each
| decision OpenBSD is perfect.
|
| There are plenty of other operating systems that will
| most do the right thing. How many operating systems do
| exactly what you tell it to?
| hulitu wrote:
| > They will not look at your system and guess how you
| want to use it and make more guesses at your partition
| size should be.
|
| Then it shall have some documentation on system
| requirements.
|
| I tried to install Freebsd on a VM with UFS as a
| filesystem and the show ended with out of inodes when
| installing the ports system. This in 2020 is a bit sad.
| doublerabbit wrote:
| > If you do not do that, some ports will core dump.
|
| What ports are you talking about? I'm using FreeBSD as my
| daily driver, never had a port core-dump due to this.
| j_not_j wrote:
| wxallowed flag is required for some ports that write to
| pages that are also executable.
|
| OpenBSD prohibits this except when code is run from a
| partition that permits it by means of a mount flag.
| Otherwise you get a core dump.
|
| And all the partitions are largely an availability
| feature: if errant code fills up /var/log then /home is
| still usable.
| doublerabbit wrote:
| Oh right. I've just never encountered such issues in the
| years I've been using FreeBSD, with /usr/local being one
| big partition.
|
| I'm aware of that if no partitions are filled it causes
| an domino effect if not on its own partition. I have ZFS
| quotas configured so surely that mitigates the issue?
|
| Handy to know though.
| binkHN wrote:
| In contrast, I find the installer refreshing. Yes, it's text-
| based, but it's streamlined and for most use cases all you have
| to do is hit Enter at the prompts. As for the partitioning, I
| don't know when you last installed OpenBSD, but, with the auto
| partitioning, you just hit Enter as well. If you wanted to
| customize the partitioning, it is a bit daunting for the
| uninitiated, but after you do it a few times it really is just
| as streamlined as the rest of the installer.
| blibble wrote:
| the bit that resulted in me removing it from all my
| routers/firewalls was having to run "make world" and rebuild
| the entire OS to install security fixes
|
| not at all practical on a router with a underpowered cpu and
| little disk
|
| apparently the developers have had a change of heart here
| (previously they didn't believe in providing binaries for
| security fixes)
| rjsw wrote:
| I think the expectation is that you would cross-compile for
| your router on a faster machine. I have no idea whether you
| need to be running OpenBSD on the build machine.
| peter_hansteen wrote:
| That particular problem has been addressed in the more common
| architectures - syspatch was introduced in OpenBSD 6.1 (April
| 2017) https://man.openbsd.org/syspatch
| daneel_w wrote:
| For me it was the other way around. In 2000/2001 I had zero
| experience with anything *nix apart from a couple of failures
| to get anything Linux to run, but on the first try with OpenBSD
| I managed to get it up and running in no time. I've always
| considered their installer to be simple, explaining,
| understandable and straightforward.
| jaredhallen wrote:
| That's right around the same time I first started tinkering
| with Linux, and I had a similar experience. I didn't know
| about BSD at the time, but it took me weeks to get my first
| Gentoo install up and running. That being said, the amount I
| learned throughout the process made the experience absolutely
| worth the hassle. Then it was just a matter of getting the
| conexant chipped dial-up modem to work...
___________________________________________________________________
(page generated 2023-07-23 23:01 UTC)