I don't consider myself a beginner to Unix or computers (I even have a PhD in the damn things), but I do consider myself a fairly inept and inexperienced systems administrator, with no great desire to spend the time to become better, and my needs are fairly basic - just the usual web/shell/IRC/mail server stuff, and other random infrastructure needs that come along for my work. Incidentally, this is exactly why I prefer OpenBSD. Everything is so minimalist, the defaults so sensible, and the documentation so good, that I trust the machines I set up. I have great confidence that I did not overlook something crucial. The OpenBSD http daemon is beautifully simple - too simple for many uses, but perfect for mine. The OpenBSD mail daemon is the only mail daemon I have ever been able to set up from scratch, just from reading the man pages.
I run Linux (NixOS and RHEL) on my desktop and some servers respectively, because of needs that OpenBSD simply does not support (mostly GPU computing). Linux is fine and certainly runs very fast, but OpenBSD is the only operating system I honestly like.
I wouldn't even agree that it's not for beginners. The spirit behind openbsd and it's wonderful man pages makes it simply one of the best platform to learn about anything I'd like to do on a computer, it's correct and consistant. Be it sys admin or other. My main problem is that docker is not easily available on it : /
Yes those words are too strong, but NixOS has certainly halted my Linux learning over the last few years :) In terms of configuration it's usually just "some.feature = true". Whereas with Debian, I'd go read a blog and cut'n'paste commands out of it and cross my fingers that they'd perform the correct mutations of my own OS.
Maybe true, but it's not just for experts either. OpenBSD's unfriendly reputation ensured that I languished in Linux land way longer than I should have, convinced that I was too dumb for anything else.
If you can navigate directory structure, use a package manager, and uncomment lines in config files, you can use OpenBSD. Try it already. It's good.
This is often presented as one of the strengths of OpenBSD. I find it hard to believe that Linux man pages are so far behind (why would they not be copied from BSD?), but do of course not claim that it would be impossible.
Could someone please point to an example, so that the difference in quality becomes apparent?
The Linux one doesn't have an example anywhere of how to assign an IP address to an interface. Which is probably the most basic thing that you would be looking for.
which says "This program is obsolete! For replacement check ip addr and ip link" and references ip(8) in the See Also section. Neither page refers to ip-address. In fact that entry doesn't exist on die.net which seems to be what Google considers to be the authoritative source for Linux man pages.
I know these are dist-specific issues, but it seems far easier on linux dists to end up with an installed program (from rmp/debs) and still don't have the manpages, OR, getting a dud manpage that tells you to run "info gnufrotzomatic" and then you run that and since there were no info pages, info will very helpfully tell you to run itself again, since it shows a manpage if the info page is missing.
Semi-recent Centos7:
$ which find
/usr/bin/find
$ rpm -q --whatprovides '/usr/bin/find'
findutils-4.5.11-6.el7.x86_64
$ man find
No manual entry for find
$ more /etc/redhat-release
CentOS Linux release 7.7.1908 (Core)
So it claims to have the findutils rpm installed, which comes with manpages (especially since there is no find-man rpm) but I didn't get them for reasons. You just don't get that kind of experience on BSDs unless you very deliberately unmark manpages for installations. (which could be some kind of usecase, sure)
That's very strange. Probably centos is stripping "docfiles" from the installation (maybe a "container-optimized" install?). You can see which files are marked as documentation with "rpm -qd findutils". On my rhel 7, the man page is packaged along with findutils and I do see it.
One thing that annoys me is excess verbosity (that doesn't make the manual any more readable or easier to skim through). Man page for find(1) is a typical example.
I usually read man pages on OpenBSD, even when I'm working on Linux. I also often link people on IRC OpenBSD man pages when they're struggling with their tools (or their manuals) on Linux. The reception is generally positive.
Yeah, the difference here is very stark. I do sometimes wish that info had won as I always found it more accessible (compared to Linux man pages at least), but I suppose the vast majority of people just google now and almost all of these things are redundant.
Info is even worse IMHO. Navigating a hierarchy makes it harder to skim and search through, as well as easier to get lost. And when you have such hierarchy, manual writers can use that as an excuse to write even longer (sigh) manuals.
To me, much like code and math, the art of writing good documentation is all about finding a way to make it short and simple (but still correct and complete).
You can search a whole info file just as quickly as a man page, and using the index you can jump to the canonical docs for any argument or command in one go (ever spent time trying to find the hyphen-character section of a man page but struggled because it's referenced in 10 places?). I'll admit that whenever in man or info, I will generally go straight to the examples section because that's just how my brain works, but at that point I appreciate that info files aren't stingy with detail.
> You can search a whole info file just as quickly as a man page
It's possible that I just don't know how to use info. I always end up in the wrong place. That does not happen with man.
> and using the index you can jump to the canonical docs for any argument or command in one go
How?
> (ever spent time trying to find the hyphen-character section of a man page but struggled because it's referenced in 10 places?)
No, because the options are indented and inserting a few spaces before the hyphen in search string eliminates virtually all in-text references. Conventionally, the options are alpha-sorted too. In info pages, I end up wondering which section the option I want might be covered in.
Info is great for people who live and breathe Emacs, and terrible for non-Emacs users who are just trying to figure out how to get something done. If it's been a while since you last used it, you probably have to refresh yourself on the navigation commands, and the really useful features (the index[1] and incremental search[2]) are buried in different sub-nodes of the Info info manual.
As sibling commenters have mentioned, the Info tooling and format encourages people to split up their content into a bunch of nodes. In my experience, ~80% of Info manuals would be better if they were just concatenated into a single node, which the user could quickly Ctrl-F through with the tool of their choice.
You can use arrow keys and enter to navigate if you want, or tab like in every other hypertext system in the world. The search key is exactly the same as man, as well as supporting the same ones as readline, and they work across the whole file. I mean, it's 2019, it's a lost argument, but it'd be a shame to think it was lost on this basis.
Fwiw I used Emacs as my go-to editor & IRC client for a few years but I just could not bring myself to like info much at all. The format feels more suitable for something that wants to be a book. I don't want manuals to read like books.
Info is kind of cool but as others have stated requires learning yet another command line user interface. It's nice to hear that in recent years it's been made more user friendly by respecting arrow keys, etc but IMHO nothing can touch man foo | col -b > /tmp/foo.1 && vi /tmp/foo.1 for simplicity. It's not a vi vs emacs thing as much as I just want to get to the data and get the tool out of my way kind of thing.
Particularly when taking a certain vendor's certification tests, it was the work of seconds to write a man page example to disk and turn that into a script.
For GNU tools such as find (part of GNU Findutils), the official documentation is almost always not the man pages (which are therefore not as good as they could be), but the Info documentation. In this case:
For a different take, consider audio APIs. I've yet to find a man page that tells me how to use ALSA. There's a clutterfuck of doxygen docs if you want to get lost.. https://www.alsa-project.org/alsa-doc/alsa-lib/
Or you can buy a nice little library from OpenBSD where the PCM part is sufficiently described in one short man page: http://man.openbsd.org/sio_open.3
(With enough detail so that you can use it to write e.g. a latency-aware rhythm game that manages to keep audio and video in sync...)
I love sndio. I was able to write a little synthesizer for it using nothing more than the man pages. It's weird to think that I'm using OpenBSD rather than macOS for music-making, but the latter is just too complex and unpleasant to work with.
GNU long ago decided man pages were bad and quit writing good ones, preferring to use their info system instead. Debian has been trying to get good man pages with some success. BSD never agreed with GNU on this and so they tended to write good documentation in man pages.
Well.. Debian was pretty straightforward to install and i've learned a lot from it. But OpenBSD was not. I don't know if the current OpenBSD installer has made it a lot easier. I just want a secure easy desktop with a frequently updated browser. I'd love to try OpenBSD again, but it scares me.
Eh, it takes 5-10 minutes to install OpenBSD, it's very straightforward. The installer requires little more than tapping return a few times and entering a root password & optional user at some point. I've yet to see a Linux distro that is so fast and simple to install.
This depends on what you need out of it. I found it difficult to install despite being somewhat technical at the time. My goal was a secure desktop install.
Probably Slackware. Quite similar to OpenBSD although I did have a hard time with driver support. But if I remember correctly, installation was blazing fast and you'd get a barebone system up and running in no time.
Totally agree. I recently moved away from Debian after using it and OpenBSD for various things both at home and work. After trying a few different distros I gave Slackware a try because I had used it years and years ago. I bought a book, think around 1995, that came with Slackware on a CDROM so it was my first experience with Linux.
I was pleasantly reminded how much Slackware still resembles BSD in how it configures things and it's emphasis on a minimal install that can be added to as needed. Other than new apps, a few improvements and, of course, updated hardware support Slackware has changed surprisingly little since I used it in 1995!
Patrick Volkerding is a great maintainer and I really appreciate his efforts over the past few decades!
Slackware's certainly fast to install once you've gotten past partitioning, but partitioning is one of the things Slackware intentionally does not do for you in the installer. OpenBSD's a bit easier in that regard.
> OpenBSD's unfriendly reputation ensured that I languished in Linux land way longer than I should have
Funny enough, OpenBSD's unfriendly behavior just had me go back to Linux land after running a FreeNAS server for two years. I got tired of every single help thread I was reading start with "Well you're stupid and you shouldn't do that" in one form or another.
Once Ubuntu got mature ZFS support in mainline, I was out.
What does OpenBSD have to do with FreeNAS? Or did you just mean unfriendly behaviour in general.
What I've noticed about the OpenBSD mailing lists is that while people are generally decent and helpful if you show that you put at least some effort into your question, I also see negative responses to the less good questions that are just not needed, and without value.
I still like OpenBSD because it's just a good OS, but I think some people could stand to tune up their filters a bit.
> Funny enough, OpenBSD's unfriendly behavior just had me go back to Linux land after running a FreeNAS server for two years. I got tired of every single help thread I was reading start with "Well you're stupid and you shouldn't do that" in one form or another.
In fairness to the people who called you stupid, you have some pretty glaring misunderstandings about whichever product you were using. (FreeNAS? OpenBSD?)
>I got tired of every single help thread I was reading start with "Well you're stupid and you shouldn't do that" in one form or another.
This is why I jokingly call OpenBSD a full contact operating system; interacting with the community can feel like being at the bottom of a rubgy scrum. Still, the hardware requirements are so low and configuration and management easy enough I use it on old refurbished PCs as a firewall. Any refurbished $100 PC from microcenter and a couple of Intel gigabit ethernet cards is enough to make a decent firewall as long as you don't have gigabit ethernet to your ISP. OpenBSD really shines on legacy hardware.
I also enjoyed the fact it was the work of a few minutes to cut certificates for all my wifi devices and switch to certificate-based authentication instead of password-based. Unfortunately IOT vendors don't support that so you end up with a separate network just for semi-trusted devices.
I use IntelliJ on OpenBSD no problems (had to google some env var to set to make it render properly as I use a tiling window manager, apart from that it "just works").
One thing I do notice is OpenBSD's malloc implementation is much more serious about killing misbehaving apps so occasionally a process which does something it would get away with on linux/other will be taken out the back and lined up against the wall -- that's a feature and not a bug though (and configurable)
Actually, my first UNIX experience was OpenBSD. I must have been around 14 years old or so when I ran an OpenBSD server at home, and use it as a NAT router with PF.
Whenever I couldn't figure something out I'd just read the manpage and go from there. Needless to say I also did a lot of trial and error, but that was mostly due to my own lack of knowledge at the time.
Fast forward to 2019, and at Mailhardener we run a couple OpenBSD instances, mostly because we really like OpenSMTPd. We also run Debian based servers for convenience reasons.
I still wouldn't recommend OpenBSD though, for almost all situations it would make more sense to run a Linux based OS. Whether it being on the desktop or on a server.
> if you’re experienced, like to “look under the hood”, and prefer software that does the minimum necessary, OpenBSD is for you.
I've been using Linux as my primary system for 10 years now.
Isn't it a bit exaggerated to group all Linux distributions together with ubuntu?
I think of myself as minimalist (arch linux / i3 / tmux / zsh / vim), thus fitting the description, but I'm not convinced by the argument to make the switch. On the contrary, the article feels like I better be ready to donate a lot of money if I want the system to run as I want it to.
> It’s uncompromising. It’s not a people-pleaser or vendor-pleaser. Linux is in everything from Android phones to massive supercomputers, so has to include features for all of them. The OpenBSD developers say no to most things.
I'm not sure if that's a good thing or not. Doesn't sound very community driven.
The security focus is probably the most interesting part here. I probably had the wrong assumption that most security-focused guys were on Kali linux.
I'll need a bit more nudging to make the jump over.
Nor does the article state what the intended target even is.
Typically, UNIX systems was for servers. And that is probably where security matters the most, too. Along with a conservative view on what hardware to support, it sounds an awful lot like a server operating system.
So does the article claim that it is good to run an operating system that targets servers on your desktop or laptop?
Historically, I don’t think that’s the case. It was developed (after its computer game concept) to support online documentation production. Most of its installations were timesharing systems (e.g. Vax) until the workstation era when it developed the workstation/server split. Considering the proliferation of graphical interfaces on Unix in the 80s, it’s definitely a desktop OS.
We use kali for pen testing, not as a daily driver. I work in infosec and use OpenBSD as a workstation, bootable kali on a thumb drive for when I need some bigger tools.
Does ZSH still contain a ftp client? If you like minimal you should check out OpenBSD's ksh (oksh on arch maybe?), it behaves exactly the same way bash does (for me) and things like dd if=/dev/mm<tab> actually work, which iirc still doesn't on zsh.. :}
As much as I love OpenBSD, it's one of those things that doesn't work for enterprise.
1) Commands have different switches. This is really annoying since you're probably using GNU/Linux at your day job.
2) It doesn't support all the new and fancy container/automation stuff that your colleauge is super stoked about.
3) Most companies haven't even heard about it, which causes certain problems. Example: I was working for a company that had a collaboration with Cisco, and we needed some binary blob in order to provision networking equipment. Getting this to work on OpenBSD was ten times as much work as making it run on Linux.
4) If you share your laptop with anyone, e.g. your wife or your parents when you're on holiday, they'll be a lot happier with Ubuntu.
In a perfect world, everyone would be running OpenBSD, but in the world as it is now, Linux is "better".
This reads like a mid-2000's "BSD is dying" slashdot post...
1) GNU extensions aren't always well thought out or standardized. Assuming everywhere is a current GNU userland will break frequently on multiple non-Linux OS's - look up trying to use `awk` on MacOS, which has BSD derived version.
2) Trendy developer conveniences with half-assed security like containers aren't really in line with OpenBSD's goals. If you want isolation, look into chroot, pledge, and unveil.
3) I'd blame Cisco in this case, not OpenBSD.
4) Says who? If a browser works, most people will be happy. The main use case for OpenBSD is network appliances like routers and infrastructure serving.
You're right, it is a BSD is dying post, only a decade later.
I agree with everything that you said. In an ideal world, we could all convince our colleagues that Docker and SELinux and Apparmor and such things are crap, and that everyone should be using OpenBSD alternatives. This is nothing but wishful thinking, however.
I wish the industry (and Cisco) would know about OpenBSD and wish to use it, but alas, this is not the case.
Yes, the main use is a fairly narrow part of possible uses, and introducing a whole new OS, package system and command set just because you prefer pf over nftables seems like something most of your colleagues would be a little disgruntled with.
> 1) GNU extensions aren't always well thought out or standardized. Assuming everywhere is a current GNU userland will break frequently on multiple non-Linux OS's - look up trying to use `awk` on MacOS, which has BSD derived version.
Even Linux isn't as consistent as some would have you believe. I regularly find that builds or application breaks because Red Hat is different from Ubuntu. And then, busybox is different from RHEL and Ubuntu. Also, busybox is different from older version of busybox.
I run into this often enough because customer runs stuff on RHEL while my company uses Ubuntu for development. And I happen to be working on an application that runs on different boards with different versions of busybox, as well as on mainstream x86-64 distros..
I've deployed quite a lot of OpenBSD at places you would certainly consider "enterprise", not sure I follow these points.
1) ??
2) Yes, this is fair -- but OpenBSD tends to fit more in the gateway/firewall/proxy/bastion space than running your microservices (although I've run plenty of node/etc apps on obsd hosts, IAAS and ansible is still a valid deployment path even after docker exists..)
3) Prop. vendor tools which require blobs should be run from whatever platforms they support. This is why you keep a windows laptop kicking around for flashing firmwares in the dc and so on
4) Family gets macs ;)
I don't think any of your points are enough to consider linux "better" than OpenBSD for any use case they're both capable of..
> es, this is fair -- but OpenBSD tends to fit more in the gateway/firewall/proxy/bastion space than running your microservices (although I've run plenty of node/etc apps on obsd hosts, IAAS and ansible is still a valid deployment path even after docker exists..)
I don't think that's the point. Nowadays, when somebody at works hits a bug and that ends up on my desk, I just tell them to setup a Docker container that reproduces the bug.
99% of the time the answer is, "oh, I had something misconfigured in my system, my fault". And I can close the bug without doing any actual work.
I can also develop on my laptop, desktop, etc. if all my environment is inside a docker container, without worrying that my workstation gets updated, some version of some library changes, and now I end up having multiple slightly different developer environments depending on the machine I use.
---
For me, the #1 reason not to use OpenBSD is lack of a good filesystem, and #2 lack of good drivers for modern hardware (e.g. I can't use a GPGPU from OpenBSD, or an Apple TV to stream my screen to do a presentation). Beyond that, lack of #3 docker prevents me from using it as a developing environment, and #4 lack of good cross-compilation toolchains from Linux to OpenBSD prevents me from trying to ship things from my development environment to OpenBSD systems.
2) Yes, I agree that OpenBSD exists in another space, which is fairly small. Is it worth introducing "unknown" tech to your team, though? I mean, is pf that much better than netfilter's nftables, to introduce something relatively unknown?
3) I agree. And "whatever platforms they support" means Linux nearly always, and very rarely OpenBSD. So you'll have to deal with Linux, but OpenBSD is optional and introduces additional complexity/stuff others on your team don't know about.
I think OpenBSD is better technology, but most of your colleagues will consider it unfamiliar territory, you'll miss out on new technology, etc.
Different than GNU, true. But at work I support a system on AIX and I find the commands almost an exact match to AIX user space. The only notable difference I found was ksh, but AIX has ksh88 which 'echo 1 2 3 | read a b c' works.
Possible tips, not openbsd specific:
1. Don't lend your corp laptop to your parents?
2. Don't try to solve all problems with one tool?
3. Accept that change requires efforts?
4. If you feel it's not worth it for you, don't assume it's not for others?
I find OpenBSD much easier to manage than most Linuxes, where everything changes every six months for no good reason. Then again, I have 30 years of UNIX experience.
The main reason to avoid it is the limited hardware support, specially for laptops. I wish there were an equivalent of System76 for OpenBSD.
Having a ThinkPad X230 in daily use with OpenBSD, have to say it's an excellent laptop and everything just works. Even the WAN, which can be turned on using `ifconfig` and is handy in places with no wifi, such as the country house.
OpenBSD is often described as "security focused", but this isn't really what its hat is. The key value of OpenBSD is good engineering practice, which ends up leading you to practices like privilege separation (and OS features to facilitate privilege separation) which aren't "security" so much as they are good defensive engineering - you write your software to be correct and not fail; you also write it so that when it fails it can't do much damage; you also write it so that faults crash loudly and hard rather than quietly doing damage, and so on.
I like the solidity of openbsd, but I'll defend linux here in two ways. First, the gpl2 license. There was a time when linux was way way ahead in terms of functionality, and in my estimation it was due to the copyleft licensing. It opened a floodgate of pent up demand to establish an open platform on which companies could standardize. Some have said that linux's success was an accident of timing, as the bsd's were hampered by lawsuits at the time, but to my mind the lawsuits made copyleft that much more attractive.
Second, the incredible flexibility of linux allows it to work in so many wildly different applications. It's a monolithic design, but it's so flexible you don't need to worry about it; it can be as narrow or as broad as you want it to be.
OpenBSD is very well documented. The kernel and software stack is integrated. They care about security and write a lot of secure stuff used in other systems. There is usually one way of doing things. You do not need StackExchange.
Here's the thing though: I use sites like SE a _lot_, primarily because I can usually type my thought into a search engine and then expect a question with hopefully more than one answer. Would the answers be as succinct and accurate as the OpenBSD manpages? Probably not, but at least it gives me an idea and hints as to where I can find more accurate information if I were so inclined (which I'm sometimes not! Sometimes quick & dirty just works)
Among the reasons I like OpenBSD is that it tries (hard) to be "secure by default", meaning, that the initial install has had "only 2 remote holes in the default install" since about 1996. Then as I make changes from that default I can consider the implications of each one.
And I appreciate the low likelihood of privilege escalation (I keep seeing those bugs come up for the linux kernel, not for OpenBSD), and pledge/unveil limiting what apps can do to what they normally should do, so that damage by compromised apps can be greatly limited to a given user account or less. And yes, the clarity of documentation (like the excellent FAQs) and predictability of the system.
So basically, I read news all the time about this or that exploit, and I am not in the vulnerable group. But I do think that it took me more work to get set up the way I want, than when I used Debian more, but that work was very well worth it, and even more so when I include my config customizations to various apps that now work just as I want.
One addition to the base system I always make is to change the /etc/profile to set the default umask to 0077 (and other changes for my own convenience etc). I've long wondered why umask 0077 is not the system default. Although after changing it I had to wrap pkg_add in a script ("pa") which sets it back to the original default so that some apps don't get broken during installation for some reason.
Also, it seems worthwhile to choose compatible hardware, or some things might not work.
The main issue I've had with any bsd system isn't the system itself but the settings and configurations of packages. Often defaults are different for no other reason than the package creator thought it might be a minor improvement in some way. I'd rather be using a more thoroughly used set of packages. The few times I've used non-Ubuntu based package sources I often find I'm contributing to make it just work. Now I'm not saying that Ubuntu packages are always right but I'd like the authors of the software choose defaults and if they get fixed/changed it happens in a given version on all systems.
Yes, there is a tradeoff sometimes between security and convenience, and OpenBSD chooses security by default, and things usually just work. But Ubuntu is probably more convenient/easy for some things (or debian or devuan anyway: I've been burned by ubuntu, and even debian, where devuan seemed to "just work" the most... more tradeoffs always.)
I have been running OpenBSD and PF on a PC Engines APU[1] for my gateway router/firewall at home for about 5 years now and the thing is rock solid. I just love the minimalism and simplicity which is likely the source of the incredible stability of the platform. Besides updates or modifying PF rules I have never had to touch the box.
Same here, but I have found wireless performance to be subpar. Ended up double-NAT'ing a second APU with Debian to use 802.11. Still plenty happy with OpenBSD though.
Strace & procfs are some of my favorite Linux programs. OpenBSD's ktrace & kdump are much more limited in what they can do. Is there anything out there that can provide similar functionality for OpenBSD?
procfs isn't a program but a pseudo-filesystem. Are you just meaning to say that the info stored in /proc and displayed by strace is very useful to you? Or am I missing something else?
A colleague once told me, "My wife's laptop keeps breaking, but she won't get a new one unless it runs Unix." Over one year ago I installed OpenBSD on a X1 Carbon 5th Gen, installed some software and connected her to her backup disk and router. She has never had a problem and has never had to ask me about anything. OpenBSD is great for beginners to use.
I got stuck at finding a web browser that wasn't severely out last time that I tried OpenBSD as a daily driver workstation. This was about two years ago, and it wasn't a definite thing that it could even run Firefox.
Does anybody here know if this issue has been fixed? Having a reliable, up to date, secure web browser (well, as secure as a web browser can be - up to date with the browser's own security updates) was the only thing that was holding me back from using it as a workstation. I had no problem back then using it as a server, but I couldn't justify running OpenBSD on my servers and Debian unstable on my desktop.
The latest obsd version (6.6, or the one just before, 6.5) makes package updates easier without running -current. So it probably depends on if that maintainer has kept them current during the release period. I haven't followed that closely to know how much that has been the case.
But see my comments elsewhere in this discussion page for why I value obsd's pledge/unveil browser mods and lack of privilege escalation more important than having the latest browser fixes (which I also value, but relatively less).
I see firefox in the list of available packages (which list is something like 8000 long, last I recall). Iridium is also available (like Chrome but seems usually a slightly older version, with enhanced privacy like not sending info to Google). Iridium + pledge/unveil have been appealing to me, though I keep Chromium on hand in case something doesnt work right.
Firefox may be there, but is it the ESR version and is that up to date? OpenBSD does not seem to update ports for the -release branch, so that doesn't really work for me as I want the latest security fixes from the browser vendor.
Same goes for Chromium. I don't mind missing features. What I do mind is being behind on security patches.
What's the point of using OpenBSD (which is security focused) as a workstation when I can just be pwned by the latest browser bug?
I'm not a firefox user (edit: currently anyway; more below on that), but the firefox version on openbsd 6.5 is 67.0.4, and firefox-esr 60.8.0 and 60.9.0, for what it's worth. I need to upgrade to obsd 6.6 sometime, and that probably has a later version (checking... I see on the obsd 6.6 packages lists both firefox 69.0.2 and firefox-esr 68.1.0 and 68.2.0. In the last release cycle, obsd has made package upgrades easier between the 6-monthly system releases, but I don't know if that would meet your needs exactly.
For me, the point is as described elsewhere on this discussion (search for "lcall"): obsd is really good at isolation of users, and limiting potential damage by processes within a user's space, which I think of (at least on obsd) much more reliable than what a browser would do alone. So, I do my browsing in a user account that doesn't have access to the most important other things. If I do something like banking, I do that in a separate user account that does only that or only things at that level of security, separately from general browsing. And I mostly have images/javascript turned off when I do general browsing.
In my comment history there is another about why I use Iridium (or chromium sometimes) instead of firefox, with a question where you might know more than I.
(At my site lukecall.net , in the page footer is my email address if you have questions later that I might be able to answer.)
edit: ps: the way I separate users does involve extra work though, but now that the work is done I like it.
It's easy to forget nowadays but OpenBSD was ahead of the pack in providing anonymous CVS access at a time when getting the source meant only getting tars of the source for a release.
The author of the BSD version, Game of Trees (got), recently did a presentation at EuroBSDCon, and that video is online[1]. It focuses on security and has quite a bit of functionality, including some new things like having multiple working directories from the same repository and even checking out subdirectories from the repository. Looks like progress is going well. It doesn't do network/remote actions, but you can use the normal git binary for pushing and pulling.
I don't consider myself a beginner to Unix or computers (I even have a PhD in the damn things), but I do consider myself a fairly inept and inexperienced systems administrator, with no great desire to spend the time to become better, and my needs are fairly basic - just the usual web/shell/IRC/mail server stuff, and other random infrastructure needs that come along for my work. Incidentally, this is exactly why I prefer OpenBSD. Everything is so minimalist, the defaults so sensible, and the documentation so good, that I trust the machines I set up. I have great confidence that I did not overlook something crucial. The OpenBSD http daemon is beautifully simple - too simple for many uses, but perfect for mine. The OpenBSD mail daemon is the only mail daemon I have ever been able to set up from scratch, just from reading the man pages.
I run Linux (NixOS and RHEL) on my desktop and some servers respectively, because of needs that OpenBSD simply does not support (mostly GPU computing). Linux is fine and certainly runs very fast, but OpenBSD is the only operating system I honestly like.