OpenBSD is an operating system that prioritizes security, encryption, and free (as in free and open) software. It’s built in the open – anyone can see the code and discussions around it. That’s no accident – the earliest contributors recognized that transparency and public discussion are essential to effective security. If you follow the project and the email lists for any length of time, it becomes clear that the core contributors are passionate about security and quality. These are volunteers that spend their limited, precious spare time on building a great operating system that they give away for free because they want to see secure, high quality software thrive in the world. They’ve been doing it for 20 years.
What they’ve made works really well. While it’s not as easy for a consumer to use as Windows or OS X, to someone more technically inclined, it’s straightforward to use as a server or as a desktop for many use cases. And the big feature: it starts our very secure and if you’re careful you can keep it that way as you customize it to suit your purpose.
A heartfelt case for OpenBSD.
Nice. :>
drained by the successors of Server/Client architectures, Good to see a Distribution enforcing right disciplines on IT.
Always intrigued about this ‘Knight’ of the Blowfish Coat of Arms, and wishing the best on the Server [How do We call them now?] environment.
Short and to the point, I like it. There are other reasons to use OpenBSD (I for one enjoy the simplicity and “slow computing”[1] aspect of it), and hopefully it will continue to improve to the point where it’s on par with Linux in regard to performance and hardware support. In the mean time, I purposefully keep several computers and boards on hand that are fully supported by OpenBSD, so I’m never without it.
Bonus points to the author for the site layout and highly readable font; at first I thought I had left my browser zoomed in but it was at 100% and extremely readable to my tired old eyes.
[1] https://newrepublic.com/article/121832/pleasure-do-it-yourself-slow-…
Simplicity is probably the strongest reason why I use OpenBSD. It’s a system that is well thought out and still makes sense to me (as a kid I learned from FreeBSD and Slackware). Related operating systems seem over-engineered and are continuously changing their fundamentals, such that the documentation (if you can find any) is often outdated.
I recently took a couple of hours in the afternoon to change from a full-fledged desktop environment to cwm(1). In OpenBSD, there’s a man page for everything. Configuration files are simple to read and documented well. It’s been an easier transition than I expected. Like the rest of OpenBSD, it is minimalist, but works surprisingly well.
OpenBSD is not for everybody, but it works well for me.
I use a combination of Linux and Windows at work.
One of the frustrations is the constant need for googling when running into a problem on either system.
With OpenBSD I just look at the README or the man page and the information is just there. Their FAQ is also excellent.
Agreed. This is one of OpenBSD’s greatest strengths. It’s not just that the docs are amazing and complete, but that it’s obvious what doc to look at. Getting an error with the ucd driver? Just look up its man page (man ucd). Simple as that. Need to supply custom parameters to the kernel? Same deal.
It unfortunate that I can’t use it at work.
Here here! I have to deal with Windows servers there. I’ve ranted about that before. Suffice it to say that OpenBSD is simplicity itself by comparison.
I definitely appreciate the values expressed by the author. However it’s really quite a shame that for all the effort that open and free projects like openbsd put into transparency, that we are so heavily dependent on hardware that is becoming ever more closed. While consumer restrictions like secureboot obviously come to mind, even firmwares that don’t restrict a user’s choice of OS can still act against the user’s security interests.
libreboot is similar to the coreboot project with the difference that they won’t compromise on firmware transparency with binary blobs. They require that 100% of the code is able to be audited & protected against manufacturer and government backdoors, otherwise they don’t support the hardware. I feel these are the same values as those behind openbsd, logically extended beyond the OS to the whole system. It would probably be pretty popular…if it could be supported on our hardware.
Unfortunately deliberate hardware lockouts are rendering these whole-system-transparency projects non-viable. Intel has cut off transparent firmware alternatives for almost a decade now:
https://libreboot.org/faq/#intel
Clearly it’s extreme and non-pragmatic to suggest not using any modern desktop hardware, however it posses quite the conundrum that virtually all modern desktop computers have code running above the OS that we can’t see or trust. You want to build a secure OS using modern commodity hardware? That’s great but your hardware could be compromised before you’ve written a single line of OS code. You’d like to build a firewall to catch any attempts to take over your network, but regardless of what OS you choose, you can’t be positive that the firewall you are building isn’t already compromised by the ME/AMT running on the CPU. Without control over the bundled system firmware, there’s nothing you can do about this risk.
This is especially concerning given the motivation of certain governments to gain access to our technology by making secret deals or hacking proprietary code that’s already installed.
Dismaying issue, Alfman. Pure hubris. Totally blind to the upcoming Babylonic size diaspora.
Babylonic Size Diaspora [BSD]
Acknowledging issues like this close-ness of hardware made me realize that was spending my life on building SAND foundations. [Dreamers… all we are].