Back

OpenBSD 7.0

161 points5 hoursopenbsd.org
mirekrusin21 minutes ago

I'd love to try but I'm experiencing hardcore option paralysis every time I start thinking about it.

FreeBSD, OpenBSD or NetBSD – _that_ is the question.

Wait, maybe DragonFly actually? illumos? ...wait, I mean OpenIndiana, I think... wait, what's OmniOS? Is Darwin a thing, like I could just have BSD and macOS for free or something?

thuccess12912 minutes ago

Next level-up cornucopia of options for postunix wannabe irckidz is 9P: 9legacy, 9front, 9fans. That is the cool as quantumcomputing question.

ink_1315 minutes ago

IME it depends on your use case.

If you want something you can use as a border router/firewall, OpenBSD.

If you want something for more general-purpose computing (like a desktop or home server), FreeBSD.

If you want something you can install on your toaster, NetBSD.

nanna5 hours ago

Any BSD fans out there wish to persuade a happy Debian desktop user to take a BSD for a spin?

yabones3 hours ago

Linux systems are made by dozens of disparate teams, and it shows. Every command has a different syntax - just think about how "help" could be -h, --help, -help, -? etc

BSDs are very tightly integrated. The entire OS is very consistent and 'correct', down to the tiny and pedantic details like putting things under /usr that are usually installed in /bin, because that's the way it's supposed to be. (Ex. `/usr/local/bin/bash`)

Think of it like reading Wikipedia, no matter which page you read it seems like it was written by the same person. That's the kind of consistency that OpenBSD intends to create.

adamrt2 hours ago

Just to clarify, Bash is installed under /usr/local because it’s from packages and not part of the base system.

The base shell, ksh, is at /bin/ksh.

You probably know that but I just felt like being pedantic this morning :).

yabones56 minutes ago

Yes, absolutely true. The idea is that `ksh` is good enough, and the extra features of bash are extraneous or unnecessary, making it an add-on rather than a core feature.

It's an interesting idea, and while I feel bash is absolutely 'good enough' to be part of the base system, I wouldn't want zsh or fish part of my base system - so it's then a matter of opinion whose shell is bloat and whose is essential. So I respect their decision to not include bash in the base image - it's meant to be uncompromisingly lean and simple.

chasil19 minutes ago

Another issue is size. This is what I see on CentOS:

    $ ls -l /bin/bash /bin/dash /bin/mksh
    -rwxr-xr-x. 1 root root 964536 Nov 22  2019 /bin/bash
    -rwxr-xr-x. 1 root root 113536 Nov  5  2018 /bin/dash
    -rwxr-xr-x. 1 root root 296192 Jan 27  2018 /bin/mksh
The Debian Almquist shell has nearly nothing beyond POSIX (I believe that local function variables are the only extension). This is the Ubuntu system shell, and it tolerates no bashisms. Alternate POSIX shell implementations in OCaml (and somewhat ADA) accuse Almquist of not using formal grammars and imply that dash is not a safe implementation.

I would say that mksh implements 80% of bash functionality in much less space, and closely follows ksh88; mksh is also licensed such that Android uses it as /bin/sh.

Apple has switched from bash to zsh. I don't know the motivations for this, but preferences for shells wax and wane. BSD doesn't include bash more because of license than code quality.

POSIX seems to be all that we can agree on, but I do wish that standard could grow; it's stuck in the '70s.

chasil2 hours ago

...and that ksh descended from pdksh, and is distributed as the oksh portable project here:

https://github.com/ibara/oksh

The MirBSD Korn Shell also descended from pdksh, and it can be found here:

http://www.mirbsd.org/mksh.htm

I don't know about the feature differences and code quality between these two; they both implement most of ksh88, and a small amount of ksh93.

I prefer mksh when I need something more than a POSIX shell.

gtirloni2 hours ago

And that would make me switch from Linux why exactly?

Don't get me wrong, I was a BSD user for many years (FreeBSD 3.5-5.0) but I don't think that's enough reason to switch.

stiray24 minutes ago

Reason for my switch was that some key things (for me) were designed in a way that seemed more right that on linux and this is totally subjective opinion.

I am still running ubuntu on laptop and will switch when the next install is a thing, but I am running freebsd on server for years now and while i tremble on each update for the laptop, I dont for freebsd, even when updating from 12.x to 13.x.

Based on years of experience on both operating systems. I was surprised only once when freebsd made change where the base network settings weren't by default copied into fibs (you wont encounter this... probably ever) and even then I needed an hour to figure what the change was.

On the other side, I no longer count the nasty surprises the linux distributions played on me (like /etc/resolv.conf being overwritten by systemd resolv, just as trivial change). My laptop is unbootable for a year as they messed something regarding the order of zpool import (bpool being imported before rpool - probably a race condition) so i have to import it manually or it doesnt boot, while I have freebsd zfs root for ~10 years and it never failed me.

Details like that made me insecure about linux. And on the other side, made me highly secure about freebsd.

I think that (again, this is subjective, speaking only for myself)...

I... trust... BSD... guys. Based on experience.

I... dont trust linux... distributions. Based on experience.

But it might just be me.

blacktriangle2 hours ago

It made me switch from Linux.

If it doesn't sound compelling to you, that's okay too, Linux is great. But I do think focusing on the consistency of design really is the best high-level summary of the difference between Linux and OpenBSD.

+2
Filligree55 minutes ago
space_ghost1 hour ago

Why is that "the way it's supposed to be," and how is it going to improve my user experience? It just seems like unnecessary complexity to me.

yung_steezy4 hours ago

I would recommend FreeBSD if you were going to try one of them. The BSD experience a bit like using linux was like 15 years ago. Online DRM for sites like Netflix will not work for example. Specifically in the case of FreeBSD the filesystem is well curated and cohesive, if you feel a file ought to be in a certain location it is usually there. Additionally the manpages and docs are a joy to read.

I'm less familiar with OpenBSD but it is similar in terms of prioritising being a cohesive operating system and docs. Some design choices the team have made for reasons such as security make the system feel sluggish by modern standards, even compared to other BSDs. You might get a lot of mileage out of it if you enjoy old school C programming and reading the source code for coreutils libraries.

deltarholamda19 minutes ago

>prioritising being a cohesive operating system and docs

This is one of the areas where OpenBSD really shines. Their documentation is really good. FreeBSD is also quite good, but I've been consistently impressed with OpenBSD's docs since 2.5.

Linux distros can't reach the same level of quality due to being less cohesive at the base, though they do make up for it with quantity. You can search for most Linux issues and find an answer.

ToddWBurgess2 hours ago

I got FreeBSD running on a Raspberry PI. It isn't too hard to install and get up and running. I primarily use FreeBSD on the Pi for ARM assembly programming. All BSDs are great for devs.

blacktriangle2 hours ago

ooc why didn't you try NetBSD? Isn't running on every little device kinda their wheelhouse?

ToddWBurgess2 hours ago

I did try NetBSD first on the Pi but the install wasn't working for me. Getting FreeBSD up and running on the Raspberry Pi was a lot less painful. If I really want to kick around NetBSD I can run an instance of it in GNU Boxes on one of my Linux boxes.

2pEXgD0fZ5cF4 hours ago

I love OpenBSD because it is as close to "just works" as it gets in an ideal world. I love using it for my personal website because it is very easy to get a proper overview over the OS as a whole and because it comes with some of my favourite pieces of software and all I need for a personal website is part of the system: httpd, pf etc. Also OpenBSD has some of the best docs out there, I rarely need to websearch anything.

Unfortunately, we don't live in an ideal world, so I rarely get to spin up OpenBSD outside of that due to a number of reasons like a lack of filesystems for interoperability (USB media) and firmware drivers (got to be specific in the hardware you buy for it).

umanwizard3 hours ago

You’re obviously curious and want to try it, or you wouldn’t have posted that, so why not go for it? You have nothing to lose.

For me the coolest thing about OpenBSD is it’s the simplest OS that is still of practical use (i.e., not counting ones that are purely for research or education). So if you’re curious about how any part of the system works, it’s easy to just dive into /usr/src and figure it out. It’s also entirely configured via simple text files rather than some opaque systemd monstrosity.

tazjin3 hours ago

systemd is configured via simple text files

umanwizard2 hours ago

What simple text file is, for example, the list of WiFi SSIDs to try to connect to stored in?

+1
nix232 hours ago
mistrial92 hours ago

How are remote updates in Ubuntu configured by text file under systemd?

tazjin2 hours ago

I don't know, I don't use distributions with imperative state management.

nix231 hour ago

Remote Updates..systemd? Do you mean apt?

/etc/apt/apt.conf.d/

https://wiki.debian.org/UnattendedUpgrades

tomc19851 hour ago

I recently built my latest server in FreeBSD just to get some hard experience with it...

...and I love it! Documentation is generally excellent, readable, and centralized. There are only a dozen or two processes running on a fresh system without much of anything installed, and idle CPU usage is the zeroyist zero I've ever seen for a server OS. The directory structure in `man hier` is actually used, and it feels like the surface area of what I have to learn to be proficient is sooooooooooo much smaller. It's not perfect (home and end keys don't work consistently) but definitely a breath of fresh air.

Plus, many programs (ezjail, for example) integrate tightly with ZFS, which is also awesome. I know linux finally got quality ZFS support but BSD (along with solaris) are OG

Plus, now I am learning a great deal about how MacOS is built.

Funny enough, I have a DJ controller (Pioneer XDJ-XZ) that uses BSD for its operating system. So it seems to be a great embedded audio OS as well!

upofadown3 hours ago

I don't care that much about the security claims but I have to acknowledge that they are probably true to some extent. I value OpenBSD most for its minimalism. The OpenBSD project seems to have managed to avoid the feature bloat that other systems are now suffering from. You have to learn it, but there is not a lot there to learn.

Once you figure out how to set it up then the audio just works. That is a killer feature compared to the situation I had to deal with when I was doing Debian on the desktop.

waynesonfire4 hours ago

Im a life long linux user and decided to use FreeBSD as a platform for my most recent hobby project. It was surpising how enlightening it was to use a different tool. It does somethings the same way, somethings different, what was most pleasant was discovering the things it did better. I don't think you can read about it, really worth experiencing this.

yrui4 hours ago

I've been running OpenBSD more than 15 years, and it does have a learning curve.

One area to consider as a happy Debian desktop user is using OpenBSD as a router OS. PC Engines (I have no affiliation to them) makes a very nice router called "Alix" and OpenBSD works well on it. Previously, people were installing it on Soekris routers before they went out of business.

OpenBSD's firewall pf is by far my favorite, and it and OpenBSD have a lot of nice networking features and tools to tinker with. It's free of blobs (in the default install), free of known bugs (in the default install--but generally your router will work well with only the default install), and configured to be reasonably secure by default. The documentation is also frequently praised.

How many other modern, full-fledged, well-maintained and open code OSes run in 32 Mb of RAM?

thijsvandien3 hours ago

ALIX is EOL. Nowadays you'll want to use their APU (excellent too).

tharne2 hours ago

I used open BSD for a little while. It's very simple, clean, and elegantly designed. If you're looking to learn more about Unix, then you'll have a lot of fun with OpenBSD.

If you want to use it as a daily driver, you're probably going to run into some headaches. That being said, if you're willing to put in some time, learn a little bit and forgo some software here and there, you certainly *could* use OpenBSD as a daily driver. One really cool thing about OpenBSD is that the OpenBSD devs use the OS as their daily driver.

You'll likely keep hearing about how good the OpenBSD man pages are. I always thought this was a weird thing to mention and make a big deal about. But holy crap, the OpenBSD documentation is amazing. Reading it has definitely made my own documentation at work significantly better.

The downside? There are a couple. The biggest two are that, 1) you're not going to find a lot of the software you might normally use; and 2) The performance is not great and battery life is not very good.

35fbe7d3d5b91 hour ago

> If you want to use it as a daily driver, you're probably going to run into some headaches

This all depends on the hardware you bring to the table. A random Acer laptop with a questionable ACPI table is probably going to have problems, but a previous-gen Thinkpad X1 should be great because that's what the devs use.

> you're not going to find a lot of the software you might normally use

This really depends on your use cases – I can do most of the development I want on my OpenBSD laptop. But there are some gaps, absolutely.

> The performance is not great and battery life is not very good.

Harder to argue this one. It's getting better release by release, though :)

Koshkin4 hours ago

Coherency, security, stability, ZFS... Perfect on a server (e.g. a VPS), may not be as good as a desktop or as something to run on a laptop (depending on hardware).

mrweasel2 hours ago

> Coherency, security, stability, ZFS...

My only sort of complaint in regards to FreeBSD is actually ZFS. Not that it's not fantastic, or that it shouldn't be there. ZFS does however clearly comes from Solaris, and there have been no effort to make the ZFS command line tools feel more BSD like.

Changing the tooling around ZFS probably isn't a great idea, but coherency has clearly taken a backseat to features in this case.

MisterTea1 hour ago

> Changing the tooling around ZFS probably isn't a great idea, but coherency has clearly taken a backseat to features in this case.

Right, because ZFS is a foreign piece of software that runs on other operating systems. At that point you are better off keeping those tools coherent with other ZFS implementations. This is a good compromise.

gtirloni2 hours ago

It's coherent with the other ZFS implementations in Linux and Solaris.

umanwizard3 hours ago

> ZFS

NB: Not on OpenBSD.

pastrami_panda4 hours ago

> Coherency

What does this refer to in this context?

tbrock4 hours ago

Things are where you’d expect, patterns and conventions cary on throughout the system, etc… Vs the disjoint feeling linux has.

+1
JoshTriplett3 hours ago
zokula2 hours ago

I already have that with Linux.

drewpc2 hours ago

Be curious; learn it. Figure out pros/cons for yourself. You'll have more breadth of knowledge, more depth in specific areas, and will likely make better architecture choices in the future because of it.

fbhabbed2 hours ago

Definitely try it in a VM first or at least image your Debian drive before going at it. You are going to miss your perfectly working Debian install

UI_at_80x2458 minutes ago

Easy: text log files, text config files, no systemd.

gigatexal4 hours ago

This link is for OpenBSD but I have the most experience with FreeBSD. Reasons to try out a BSD, even FreeBSD:

1. ZFS -- by far and away the best filesystem there is. (A hella partisan take but try it out and you'll likely fall in love like the rest of us did)

2. The handbook. The handbook is gold. It's up there with some of the best documentation available.

3. Less fragmentation. The BSDs have 3 main derivatives: NetBSD, OpenBSD, and FreeBSD. (There are others but these are the main)

4. If you like LXD then you'll love Jails.

5. The BSD license. (If being the most free means something to you. I kind of like it but maybe this isn't a selling point.)

6. Can be rolling or used in an LTS fashion. It's rather easy to track -current all the time or just stick with a stable release and do periodic binary package updates.

m4r35n3574 hours ago

I use Debian and love OpenBSD.

nix234 hours ago

No why? If your happy an you know it, clap your hands.

But if you want to try out something else, clap your hand and start installing, why?

https://vermaden.wordpress.com/2020/09/07/quare-freebsd/

xbar23 minutes ago

OpenBSD WireGuard VPN servers make me happy.

brynet1 hour ago
jmclnx4 hours ago

Just see this:

https://www.openbsd.org/goals.html

But if your video is Nvidia, you are out of luck until they open their drivers.

ksec4 hours ago

From https://www.openbsd.org/goals.html

>Be as politics-free as possible; solutions should be decided on the basis of technical merit.

Someone has the wisdom to put this in nearly 20 years ago.

bluGill3 hours ago

OpenBSD split from NetBSD years ago for political reasons. So it isn't a surprise that 20 years ago politics and the issues thereof were high on everyone's mind.

ksec2 hours ago

>OpenBSD split from NetBSD years ago for political reasons.

I was naive in thinking it was always about the focus on priorities, as in Security vs NetBSD's portability. So I decided to read up on it [1]. Since Wiki seems to be purposely quiet / unclear on the incident.

Turns out Open Source Politics isn't that much different 25 years later.

[1] https://www.theos.com/deraadt/coremail.html

ToddWBurgess2 hours ago

Theo de Raadt wanted to make security the number one priority and the NetBSD team did not. So Theo de Raadt forked NetBSD in order to create OpenBSD which would become security first. It was a political decision. My source on that is a NetBSD kernel dev.

zokula2 hours ago

That would assume that OpenBSD is secure the first place.

ptidhomme5 hours ago

Not yet as it seems.

pwrplus13 hours ago

Exactly, everyone knows it's not official until the artwork is out.

nix233 hours ago

The song is the important stuff, if there is no song you should jump that release.

pwrplus12 hours ago

For generations the people of the artwork have been at war with the people of the song.

nix232 hours ago

Yes, since the "Shut up and Hack" release had some long lyrics. It's a cold war since then ;)

nix235 hours ago

Released Oct 14, 2021. (51st OpenBSD release)

https://cdn.openbsd.org/pub/OpenBSD/7.0/amd64/

ptidhomme5 hours ago

I'm well aware, but still not official (no artwork released for example)

nix235 hours ago

But the "Style Hymn" :)

https://www.openbsd.org/lyrics.html#70

But hey, if the Artwork is the release point for you, that's fine with me ;)

+1
pwrplus13 hours ago
user39393823 hours ago

My main use for OpenBSD is as a firewall/router, and they frequently make breaking changes to the pf rule syntax so I had to abandon it. Last breaking change when I checked was July, but it's been going on for many years. If you have one firewall no big deal, but if you set them up for customers all over the place it's a nightmare. They should take a page out of Microsoft's book here.

protomyth2 hours ago

"My main use for OpenBSD is as a firewall/router, and they frequently make breaking changes to the pf rule syntax so I had to abandon it."

Uhm... well, I've been using it since 3.0 (when pf was introduced) and its been very stable. You have at least 6 months to convert your pf and its never taken me more than a day to get it changed. Its well documented and frankly, even with all the horror stories, I've found friendly help each time I had a question (do read the manual before asking a question). Looking at your firewall rules every 6 months isn't exactly stressful.

lolpython53 minutes ago

I don’t think most people would agree that breaking changes every 6 months fits the definition of “stable” for a firewall.

protomyth23 minutes ago

They don't change it every six months. You look in the release notes and check if anything changed. Heck, there have been years where no changes were required.

nix233 hours ago

>They should take a page out of Microsoft's book here

Yeah NO.

OpenBSD is the opposite of backward compatibility by design.

You should have known that before installing at your customers site en masse.

That's probably one point why PFsense is based on freebsd and OPNsense on hardenedbsd.

noja3 hours ago

^^ The wording of this response represents exactly why many people don't choose OpenBSD.

ninjin2 hours ago

Yes, but you say that as if it was a universally bad thing. OpenBSD is largely made by its developers, for its developers. It has its own unique culture and does not seek mass appeal. To many – such as myself – this is refreshing, in particular when you contrast it to how poor open source developers are scolded on GitHub by entitled users for not putting in more of their free labour to satisfy their requirements. Is it for everyone? No and that is fine. You are always free to fork it or enjoy the fruits of their labour from a distance, such as with OpenSSH, tmux, etc. that work just as well for OSs which may have a culture closer to your taste (and that is also equally fine).

0xdeadb00f3 hours ago

They make a good point though. OpenBSD is not known for it's stability.

+1
noja2 hours ago
blacktriangle2 hours ago

Honestly that is a compliment. When it comes to evaluating tech, the best statements are those where you can walk away knowing very clearly that yes, this meets my needs, or no this absolutely does not meet my needs.

znpy1 hour ago

Indeed.

Last time I gave a look at OpenBSD I immediately noticed a huge courtain of gatekeeping around pretty much anything.

Meh.

nix233 hours ago

Let that not hear Linus and his wording.