I use OpenBSD on both my remote (VPS) and home (a tiny pcengine box with 3 NICs) servers. Naturally, they do some IPv6/IPsec/tunneling and other shenanigans with each other, and the home server is the router and firewall for probably overly complex home network.
It is an absolute joy, and often I just mess around with the system for the fun of it. One of the compelling factors is that, unlike with a modern Linux distribution, I practically always have the impression of having full reach and understanding of the whole system, mainly because of OpenBSD's impressive consistency and documentation through man-pages.
Have you tried it on a desktop yet? I’ve talked about my experiences a couple of times (https://news.ycombinator.com/item?id=19280736), and I like it so much that it’s now the only OS on my primary desktop and laptop.
Man, I'd love to run a BSD, but I'm so spoiled by the convenience of the AUR and immediate access to the latest packages and any packages I could ever possibly want or need, that I don't think I'd last a week.
I love OpenBSD, I used to run it as my primary computer. The only problem is that the performance is pretty terrible, and they are only just now getting rid of the global spinlock that kills SMP performance for a lot of workloads.
I too have a 3-nic pcengine running OpenBSD. DHCP, DNS, routing, firewall, and VPN. It just does it’s thing, no fuss no muss that it’s quite boring (everything you want in your head end device). I’m very pleased.
A lot more than just security-- albeit that is one of the primary focuses of OpenBSD, encompassing everything from researching new mitigations to secure coding practices.
If it helps to put things into perspective, NetBSD is closest relative to OpenBSD, the latter having forked over 23 years ago. The last time FreeBSD and OpenBSD shared the same tree was at Berkeley. In fact, NetBSD, FreeBSD and OpenBSD independently merged the final release from Berkeley, 4.4BSD-Lite2 in 1995.
Linux users generally don't understand what it means for each major BSD being fundamentally distinct operating systems, including separately developed kernels, drivers, userland utilities, with their own developer/user communities.
> fundamentally distinct operating systems, including separately developed kernels, drivers, userland utilities, with their own developer/user communities.
A lot of stuff does get ported between them though, and many people use multiple of them.
For me, OpenBSD is easier to deal with. I use FreeBSD for boxes where we need larger storage, and FreeBSD is just harder. I've had problems with upgrades and FreeBSD really doesn't document some stuff thoroughly (zfs upgrade for instance).
OpenBSD does almost require you do the every 6 month upgrade, but it really isn't that much of a bother. The syspatch utility has made patches a lot easier. Packages are often delayed, but if it has what you need its pretty simple.
Otoh, I've never had a problem with FreeBSD upgrades and doing an upgrade is only 'freebsd-update upgrade -r [version]' followed by 'freebsd-update install', reboot and it can't get much easier than that.
OpenBSD is about that easy. Download the new version install image, boot into it, select Upgrade, and let it go.
I typically upgrade a couple of months after a new release comes out. That way there's been time for any post-release issues to be shaken out and patched. (There rarely are any, but I'm usually not waiting on any new features, and prefer to be a little conservative).
The project supports the current release, and the prior release, so you're not at risk of missing any critical updates with that strategy.
Yeah, that doesn't always go so great, but I have most of my problems once you do the pkg steps. Plus zfs upgrade needs a bit of documentation on boot code.
The amount of users really makes a difference. While I'd like to use OpenBSD on my hobby server, tools just don't work like they used to on Linux or that prebuilt binaries aren't available and you have to complile from sources but since the author hasn't tested on OpenBSD, you can get errors and without decent patience, you may need to give up on a few things you used to have.
FreeBSD, I feel it mostly works like Linux if you can absorb some minor differences.
I wish OpenBSD drop supporting desktop and focus on stuff that matters that are server based usage to fix all the little edge cases.
Choice between Open, and FreeBSD is mostly a matter of personal preferences. In principle, O. invests more into security, while F. tries to be more inventive, but when used as a desktop you won't feel much practical difference. It's about small things like how uprgrades are done, what packages available etc. After using both in parallel I settled with FreeBSD mostly due to ZFS, and the fact that I prefer some of my software compiled with very specific settings (OpenBSD discourages compiling ports), but OpenBSD is fine too. I'd like to note that all of BSDs have less money, manpower, and visibility, and it means producers of software, and hardware care about them even less then about Linux. E.g. there's no official Electron for *BSD. I heard some people succeded in building it with some hacks on FreeBSD, but anyway nothing Electron-based is available for quick and easy installation.
That's not likely to happen for both licensing and technical reasons. CDDL is not an acceptable license. And OpenBSD also has no extant framework for loadable kernel modules, nor any desire to add one (increasing attack surface).
It's still copyleft, so including it into the base system would require licensing those parts as CDDL, so the system as a whole would no longer be BSD-licensed.
Only the files pulled in would fall under the cddl. The cddl is unlike the GPL in that it is file based copyleft. It doesn't force any other part it is combined with to be any license. Ie you could combine it with anything that is ISC or BSD licensed without issues.
I don't think it's production ready and I also don't think it's a research file system?
It seems like a passion project from Matthew Dillon who seem to be crazy smart. I mean he fork and created his own BSD and then decided let's do HAMMER2 while we're at it.
My exposure to ZFS was a nightmare. it was being used for user home directories on a HPC cluster. Frequent outages, storage offline for days for recovery. I wasn't involved on the administrative side, just saw it from the user side. It was also many years ago, no doubt it has improved.
ZFS does seem to be miserable if you're installing it for the first time. I set my antergos installer last night to use ZFS for the root partition. Did not work once I rebooted. As much as I want to like ZFS, I don't think the tooling is there. My filesystem choice should be completely transparent.
I run a HPC cluster. I’m pretty bad at it so outages do happen but not like that. There are an infinite ways to fail at storage, nothing specific to ZFS.
The main thing keeping me from using OpenBSD is that TCP transfers seem to take at least twice as long (testing both small and large files over plain HTTP) as Linux. Has anyone else seen this?
I'm not sure what you mean. Certainly many people would have noticed if OpenBSD's networking was generally half as fast as it's supposed to be. It must be something related to your specific configuration (not necessarily just software).
Actually I think very few OpenBSD people would notice if under load OpenBSD was significantly slower than Linux because very few OpenBSD people deploy in situation where they can do sustained parallel load tests.
Linux has BBR. OpenBSD doesn't have BBR. The difference between BBR and Cubic or classic TCP is immense.
That's a good point. I read the comment such as that every transfer over TCP would be twice as slow, which would be pretty absurd, but the poster probably meant high load/bandwidth situations. It would not surprise me at all if OpenBSD fared way worse, there.
It should be said that OpenBSD is a fine system, and this specific (BBR) difference would only show up if you had significantly large amounts of data to transfer in flows. I suspect normal use of OpenBSD as most people deploy it (which is not streaming data at high speed) wouldn't care.
I have nothing against OpenBSD. If the developers don't want to implement BBR right now because of more important stuff on their backlog, thats fine with me.
It's not exactly the same thing, but I've read posts where people are saying that pfSense (FreeBSD) can't route at gigabit speeds on a PCEngines APU2, while a similar Linux-based routing distribution can on the same hardware.
That's... Gonna take some kernel work - maybe just some wifi drivers, maybe more of the network stack.
And if there is one thing that's less "open" than on Linux, its the OpenBSD kernel.
Dont get me wrong, the source is out there. But you're not gonna find anyone forking it, running patchsets (like almost any linux main-distro does) or the like. Compiling your own kernel isnt even supported.
You should run what you are familiar with as security is an ongoing process of updating, applying patches, so familiarity will make these chores easier.
Is there a good option for VPS hosting with OpenBSD? It receives minimal support from major providers which I'm aware. Which is unfortunate, since I personally find it to be a much nicer system to work with than the more popular operating systems.
https://console.hetzner.cloud/ has OpenBSD 6.4. You must purchase a server with one of the four official Linux images first, then go server settings and from the iso images you can mount the OpenBSD install ISO and reboot. Use the server console to continue the installation.
As someone who was a heavy OVH user -- well, 100 or so dedicated servers -- and who just abandoned an attempt to migrate them to hetzner (who were slightly cheaper and offered NVME) -- let me suggest that you avoid Hetzner.
They blocked several critial IPs of mine without any warning, their support had absolutely no idea what the problem was and refused to unblock my IPs until I could convince them I'd solved the "problem" (which was an extra mac address appearing on one of my router addresses -- not an actual problem) and cost my business about 10k in the process. The email chain was... painful.
I've never had such a bad experience with a host before. YMMV of course, but I'm back on OVH and life is easy again...
You can install any Linux distro e.g. Centos with grub, copy OpenBSD install image to /boot and start it with grub. From now on you can just install it reformatting disk. You don’t need any particular support, standard KVM should be enough. Here’s guide I used recently and it worked just fine: https://archive.org/details/hpr2181
I actually have an OpenBSD instance with 512mb of ram that costs $2.50/mo on Vultr and their support has been amazing. A while after upgrading OpenBSD to a new version, I noticed IPV6 wasn't working anymore. I didn't initially think it was the upgrade that did it, because I rarely ever thing about IPV6, so I opened a support ticket. I got a response back by someone obviously very familiar with OpenBSD with step-by-step instructions on what I needed to do after the upgrade to get back IPV6. It was pretty amazing for $2.50/mo!
I got $10 in free credit at sign up too. Very impressed with their service so far and OpenBSD is equally well supported as Linux. In case someone is looking for the very cheap plans, make sure to select Atlanta as the data center because some other locations in the US don’t have the cheapest plans.
If I had colo space, why not just run OpenBSD on bare metal and optionally use vmm? I want this precisely because I'm not in a position to host stuff physically myself.
I mean (forgive my heresy) using kvm(-the-hypervisor) under GNU/Linux to run guest OpenBSD. That is at least a very fast way to get started, spin up €2 instance somewhere, qemu -cdrom openbsd.iso and that's it.
IMO not having Java should be considered a positive. Java is wonderful in theory, but in practice it's likely been one of the most common recurring headaches in my IT management career.
For a platform where one of the key marketing points has always been "write once, run anywhere" it sure is apparently not only easy but seemingly encouraged to write software that only runs on a specific version of the JVM, often with key security features disabled.
Either Java itself sucks or Java encourages its developers to suck. I'm not sure which.
Obviously not all Java applications nor all Java developers suck, but there is a larger than normal amount of suckage in the Java universe.
> "Either Java itself sucks or Java encourages its developers to suck. I'm not sure which."
Neither. Java makes it easy for developers that suck to contribute. (The subtle difference here being that it won't make a good developer lose his competency.)
Incidentally this is why companies love java so much. Hiring a java developer straight out of college is much easier than hiring a C++ developer straight out of college. Arguably in the last few years Java's niche has been encroached on by other accessible languages with mild learning curves (golang, javascript/node, etc) but for years Java was the obvious choice if you wanted to hire cheap developers that could at the bare minimum fullfil the design requirements.
> Neither. Java makes it easy for developers that suck to contribute.
So do PHP and Visual Basic. Both of those languages are very well known for having a larger than normal amount of developer suckage, but they don't seem to have the same sort of fragility as Java. There are a lot of shitty Wordpress plugins out there, but never have I ran in to one that only worked on a specific narrow window of PHP releases in the same way as many terrible Java apps are with the JVM.
More politely, it comes with non-removable training wheels, which makes it OK if you’re getting started as a developer, but a terrible choice for projects that will require experienced developers.
I've had the same experience. Whenever I have a misbehaving server, out of memory, slow performance, it almost always traces back to Java. However I don't think Java sucks necessarily. I think the sorts of software that people develop in Java, and the organizations that develop it, suck. In short, most Enterprise software sucks.
OpenBSD is great for a VPS, especially a small one. The minimal install has an incredibly short list of packages, which I like & feel helps keep everything working even over many years of following updates. It's just so much simpler than most Linux distros. But, familiarity or lack thereof can be very important- it's amazing how much is different about BSD, when we are used to thinking of it as a close cousin to Linux.
It is an absolute joy, and often I just mess around with the system for the fun of it. One of the compelling factors is that, unlike with a modern Linux distribution, I practically always have the impression of having full reach and understanding of the whole system, mainly because of OpenBSD's impressive consistency and documentation through man-pages.