I've never understood why anyone wouldn't just use OpenBSD if you're going to use a BSD. I'm sure there are reasons, there must be, but OpenBSD has a long history of having really great source code that's useful just about everywhere (hint: you're using OpenSSH almost assuredly on every linux box ever, and it's fantastic). To me, as a developer I get the whole NIH thing. I really do. I just don't get why you'd choose "here" to be somewhere that doesn't include all the amenities in the first place.
- LLVM/Clang (it's a matter of taste, but it's also the feature :-) )
- FreeBSD Jails and Mac (These are extremely strong security features if implemented correctly. Especially jails are really undervalued/misunderstood IMHO.)
- State-of-art network stack (faster than any other BSD or Linux. Supports technologies like NetMap)
- ZFS support (important for both desktops/servers)
- PF version runs on multiple cpus (OpenBSD's version is more advanced though)
- DTrace (although not mature enough IMHO)
- Better hardware support (e.g. wifi cards)
- BHyve (virtualisation)
- Capsicum (security)
Other little things like:
- Unmapped VMIO buffers
- Variable symlinks (used under jails)
Now generally speaking, choosing an operating system due to bigotry and what-not is stupid. Most of the times, engineers go with what they need: If you need a secure bastion, OpenBSD gives you more although FreeBSD can be turned virtually impenetrable as can Linux. OpenBSD comes with more bells and whistles on this particular area though.
So all in all, it boils to what you need. The major reason why people choose FreeBSD over OpenBSD is because the 'security level' of the OS is more than acceptable while retaining a much better hardware support.
Don't forget that only FreeBSD has the nVidia binary drivers, too. (Neither have nouveau anymore.) So if you have such a card, OpenBSD defaults to the "nv" driver, which somehow manages to be about 20x slower than the VESA driver, before MTRR write-combine tweaking (side tangent: OpenBSD also lacks an MTRR tweaking tool, like memcontrol.) Moving a window literally locks up your desktop for 30-90 seconds as you see it slowly redrawing its way along. How they managed that one I will never know, but they did.
I'm all for open source all the way, especially on a secure system, but OpenBSD+nVidia is basically unusable on the desktop. And that's a huge class of systems. You can't buy Intel PCIe cards; and AMD drivers are always a buggy mess.
> PF version runs on multiple cpus (OpenBSD's version is more advanced though)
I really hate the trade-off of FreeBSD SMP support, or OpenBSD queuing support. (yes, you can compile a FreeBSD kernel with ALTQ, but it's said to be buggy with SMP.)
I will admit to not having tried it. This is what I read when I was researching why it wasn't enabled by default.
Any thoughts on why they leave it off out of the box, then? I know it's not crazy hard to build a kernel (used to have to do it to get sound support in the 4.x series), but I'd rather not build kernels if I don't have to =)
I'm glad they work for you. If you want to stop by my place and see the fun rendering bugs I get, like corrupted gibberish when menus first spawn, random artifacts being left on the screen, valid OpenGL shaders (that work on Windows/AMD) not running correctly, etc ... I'd be happy to show them to you.
I've tried this with both FreeBSD 10.1 and OpenBSD 5.6. Maybe I just have an unlucky video card. If you weren't being such a dick about it, I might ask which exact card you were using to give that a shot, but don't bother inconveniencing yourself I guess.
Second this. The AMD open source Linux drivers are better than the Nvidia ones. It's the proprietary where Nvidia wins. You don't really need those unless you want to run games, though.
If I call Bob a shit, that is personal abuse. I am saying he is garbage, and that is wrong.
If I say Bob is full of shit, that is saying he is wrong. If I am correct in my assessment of is incorrectness, that is right. If I am incorrect in my assessment, then I am full of shit.
If I say Bob took a shit, that is a factual observation. It can be right or wrong, depending on if Bob was actually the one who stunk up the bathroom.
In this case Bob was either lying or misguidedly saying stupid shit, which is why he was told he was spreading shit. Bob was wrong.
It was not an attack on Bob, it was a rebuke of Bob's incorrect statement. When you say stupid shit like that, you're spreading shit.
> - FreeBSD Jails and Mac (These are extremely strong security features if implemented correctly. Especially jails are really undervalued/misunderstood IMHO.)
Aren't these are only necessary if you let people you don't trust into your system?
> - PF version runs on multiple cpus (OpenBSD's version is more advanced though)
Personally I dislike running PF on FreeBSD as it requires me to resort to old docs and use old syntaxes.
Jails also have resource limits, so you can have a group of processes that are related, but not started from the same executable, be held to a certain amount of CPU, memory, etc usage. They're also useful in testing/debug situations; coupled with ZFS' copy on write features, they let you quickly create identical environments which can be real helpful in trouble isolation.
Jails provide some protection to the base OS even if the network exposed service running in the jail is compromised. It for much more than local exploits.
Also, and this is perhaps weird to non-users, but true, FreeBSD has a well supported base AMI in AWS EC2. It's an edge case, but it's a big reason I rely on FreeBSD over OpenBSD.
you're right on quite a few things, but bhyve is no where near production quality -- alpha at best. and openbsd has a wider and stronger support of wifi cards.
For me, not being able to run a current kernel-accelerated qemu is a real problem. Is there anything preventing this work from being done, or is it just a matter of bhyve having the momentum so nobody's bothering?
Because it's kernel-side SMP support is basically from the 80s
Because getting commercial support for it is hard
Because getting drivers for it is hard
Because ..
Lots of reasons, nothing to do with feel-good or whatever else. OpenBSD's focus on security is commendable, but it's not the only reason you'd pick an operating system.
I use OpenBSD for most everything, but I do use FreeBSD for our file servers just because of ZFS. I will probably look at DragonFly BSD once HAMMER2 is done. If someone ports HAMMER2 over to OpenBSD (one can dream), then I am probably back to one chosen OS[1].
I have found OpenBSD to be pretty easy to install and I really prefer the hier over FreeBSD's.
1) This does not include the obvious "must run on" for certain software packages. We have Windows Server, OS X, Red Hat, and an AS/400 (iSeries) because of vendor / government requirements.
Can DragonflyBSD be good for using it as a desktop for programming and such? I've tried to google if BSD OSs are good for that purpose, but it seems like they might be better suited as servers and such, and you're better off using something like Linux for programming. Do you have an opinion on that?
The last time I saw FreeBSD used in a CTF, it was FreeBSD 6, back in the Kenshoto days. FreeBSD has come a long way since then.
Nowadays, other than the odd ARM problem, or esoteric reversing challenge, everything is Linux. It doesn't matter anyway, though, since CTFs are designed with the express purpose of being insecure.
I'm as big a fan of OpenBSD as anyone, but there's no reason someone couldn't intentionally cripple OpenBSD to use as a platform for CTFs.
I've only been playing CTFs for 2 years (iCTF 2013), but I don't think I've seen FreeBSD there once. In my experience, it's 99% Linux, with some occasional Windows and Android. Then there was last ruCTFe making a point of using some more obscure systems - Minix, OpenIndiana, etc.
I'd definitely be using it if there were a modern GHC port. Sticking with linux until I can see if I can get dragonfly working on my laptop. Man I want HAMMER.
1) Ports are difficult to come by. Furthermore, installing ports kind of destroys the black security box an openssl install implies.
2) Non-security updates are slow.
3) The mailing list is hostile.
Furthermore, netbsd and freebsd offer substantial improvements: netbsd will run on anything, freebsd will offer you some pretty ridiculous tools and a huge base of ports and support.
Running a FreeBSD machine for various services (otherwise I'm a Windows dev by day, Linux guy during the night). Why?
When I - not quite a year ago - looked into possible setups for this thing I found pkg-ng (and poudriere) both a lot more comfortable and familiar. More powerful. Sold.
If you need the ability to run 32-bit binaries on an amd64 install or have Linux binary compatibility, FreeBSD has options to provide these while OpenBSD does not.
I run OpenBSD on one of my laptops, but if performance or compatibility are important factors, you might look at other tools for the job -- the different BSDs have different strengths.
Having used both, I'd say the security focus of OpenBSD means it's often lacking consistency and "polish". NetBSD's focus on engineering means it's consistent, clean, etc.
Having once been a close follower of OpenBSD, I eventually just kind of lost interest because Linux (and other BSDs) were just moving so much faster on features that mattered more to me. Multiprocessor support was the big one for me at the time; I have no idea where that currently stands.
My recollection was that OpenBSD code was actually quite polished, and even elegant in lots of places. They also produced what I think were easily the best and most complete manpages out there. It was actually enjoyable to read both the code and manpages, and pretty easy to understand (assuming proficiency in C and basic machine architecture, of course).
What was not enjoyable, for me, was the constant hostility on the mailing list and frequent lashing out at others in various OSS communities (...as demonstrated in the OP). I know there there were others for whom that played no small part in their loss of interest in the project.
> Having used both, I'd say the security focus of OpenBSD means it's often lacking consistency and "polish".
I wonder why you think so. I've only ever used OpenBSD and NetBSD on PCs and Unix workstations. I have never, ever, in any domain found NetBSD to have more "polish" than OpenBSD.
From the initial installation where OpenBSD helps you with everything and NetBSD, well, doesn't, to reading and using documentation (OpenBSD's man pages are the best around, with the possible oddball exception of some old Open Group pages which include code examples), OpenBSD seems to be miles ahead.
So I just wonder what you're talking about specifically.
ssh has persistently gotten more and more annoying to use over the years especially with it's non-sensical error messages when it's checking file permissions.
It is simply bad design to keep adding un-toggleable "security" mechanisms, like being unable to directly script password logins and the like.
Someone hands me a list of servers, user accounts and passwords to get a bunch of files from.
This is a standard task which comes up all the damn time in any level of sysadmin work. I'm never going to connect to these machines again, and can't get anyone to cooperate about them. Which means, I'm going to need to feed that list to ssh or rsync with password authentication.
Your current options to do this are jump through ridiculous hoops with expect, or switch to something else entirely (like paramiko, which is awesome but doesn't solve the rsync case cleanly).
Yet all this could be solved by just having a damn --read-password-from prompt which would do it automatically. It would also be nice to have --skip-permissions-checks (and actual error messages which specified which permissions, on what file, are missing rather then current silent failure).
Which I think I'm going to code up for the next time I end up doing something like this (probably alongside "use JSON for remote rsync file specifications").
> Having used both, I'd say the security focus of OpenBSD means it's often lacking consistency and "polish". NetBSD's focus on engineering means it's consistent, clean, etc.
Having seen NetBSD's source code more than once, "clean" is not exactly the thought that always comes to mind. Au contraire, OpenBSD has a simplicity-driven approach that's one of the cornerstones of most of the awesome stuff that they achieved.
That being said, NetBSD's build system is very good. OpenBSD's doesn't help too much in the portability department.
Would you mind giving a few examples where OpenBSD is lacking consistency or polish?
I was a huge NetBSD fan for many years, but I moved to OpenBSD about 6-7 years ago because I felt it actually had more consistency and polish. It's been so long now though that I don't remember specifics.
