I know more places with “outdated” (i.e. > 6 months) openbsd installs, than up-to-date ones. One of the biggest issue is that there is no salvation once you’re running an unsupported setup since you can’t skip any version and manual tweaks when upgrading.
I was running an OpenBSD e-mail server for myself and ran into this. 6.3->6.4 had some MASSIVE changed to opensmtpd, resulting in needing an entirely different configuration file format. I just kept the old one running, but after a while, certbot stopped working (ACMEv1 support ended) and the new version of certbot wasn’t in the 6.3 ports tree. I tried to install it manually with pip, but it depended on cryptography, which now requires Rust, and the version of rust on that system was too old to build it. I then switched from certbot to dehydrate, a fully bash implementation of ACMEv2, but it spit out ECDSA certs which dovecot could read, but not opensmtpd.
I’m sure I could have just edited dehydrate, but at that point I finally started looking at 6.3->6.4 migration guides (there were none when it came out. There are a couple now. I’m currently writing one myself) and got updated to the latest opensmtpd .. now running in an Alpine container, on my big dedicated server. I then deleted my openbsd VM.
I liked OpenBSD, and still like the simplicity of their SMTP server, but I’ll run it on Linux for now.
Quite frankly quite sick of these ‘what every programmer/IT person needs to know about X’ posts. I’ve never encountered OpenBSD, possibly never need to learn about it.
I’ve always been much more interested in ideas and techniques than in “some guy wrote some program, and you need to know about it because well you’re a programmer and you’re supposed to be passionate about this stuff”.
That said, despite my hate against the title, the article is actually not bad. The principles of secure by default and fail early are very valuable.
I guess you’re right that no one really needs to know more than the Wikipedia page has (with an implied: I can look that up), but I think as an IT person it won’t hurt to be able to explain the difference between Linux and a BSD in one sentence. That sentence will not be complete, but just knowing it’s not a Linux distro is already something.
I don’t think this is objective at all. With such a title, the article should definitely mention that releases are supported for only six months. See https://utcc.utoronto.ca/~cks/space/blog/unix/OpenBSDSupportPolicyResults .
I know more places with “outdated” (i.e. > 6 months) openbsd installs, than up-to-date ones. One of the biggest issue is that there is no salvation once you’re running an unsupported setup since you can’t skip any version and manual tweaks when upgrading.
I was running an OpenBSD e-mail server for myself and ran into this. 6.3->6.4 had some MASSIVE changed to opensmtpd, resulting in needing an entirely different configuration file format. I just kept the old one running, but after a while, certbot stopped working (ACMEv1 support ended) and the new version of certbot wasn’t in the 6.3 ports tree. I tried to install it manually with pip, but it depended on cryptography, which now requires Rust, and the version of rust on that system was too old to build it. I then switched from certbot to dehydrate, a fully bash implementation of ACMEv2, but it spit out ECDSA certs which dovecot could read, but not opensmtpd.
I’m sure I could have just edited dehydrate, but at that point I finally started looking at 6.3->6.4 migration guides (there were none when it came out. There are a couple now. I’m currently writing one myself) and got updated to the latest opensmtpd .. now running in an Alpine container, on my big dedicated server. I then deleted my openbsd VM.
I liked OpenBSD, and still like the simplicity of their SMTP server, but I’ll run it on Linux for now.
Quite frankly quite sick of these ‘what every programmer/IT person needs to know about X’ posts. I’ve never encountered OpenBSD, possibly never need to learn about it.
I’ve always been much more interested in ideas and techniques than in “some guy wrote some program, and you need to know about it because well you’re a programmer and you’re supposed to be passionate about this stuff”.
That said, despite my hate against the title, the article is actually not bad. The principles of secure by default and fail early are very valuable.
I guess you’re right that no one really needs to know more than the Wikipedia page has (with an implied: I can look that up), but I think as an IT person it won’t hurt to be able to explain the difference between Linux and a BSD in one sentence. That sentence will not be complete, but just knowing it’s not a Linux distro is already something.
“the world’s most important free software project” LOL