1. 61
    1. 14

      Of all the BSDs I’ve tried, OpenBSD is my favourite. I’ve even statically build a few portable programms (ksh, mg) to use on my university server.

      Nevertheless, my main annoyance has always been package managment. It just feels a lot less native and integrated, and far hacky-er than on most linux distributions. Every 5-6 months I have an urge to install OpenBSD on my laptop again, but package management always annoys me so much, that I switch back to Debian. I don’t think there’s any denying that the base system of (Open)BSD is a lot better integrated and cleaner than on the average linux distro (although systemd is trying to fix this), but this seems to come at the cost of making everything outside the base system seem more foreign.

      If I were to finally figure out how to do backwards http-proxies with httpd(8), I’d at least be using it on my server. But even though I’ve tried many times, I always fail ._.

      1. 4

        pkg management (pkg upgrades) is slow but reliable for me, do you have a particular pain point in mind?

        httpd is not a proxy but you should check out relayd. Fun fact httpd is basically a heavily modified relayd fork.

        1. 2

          pkg management (pkg upgrades) is slow but reliable for me, do you have a particular pain point in mind?

          I sadly can’t remember the specifics, and it was probably more of a feeling than something specific (one thing I remember finding wierd the first time was that I had to use pkg_add instead of pkg-add to install a package – until then I always thought of _ as designating “lower level” tools). When I used apt, dnf or xbps, I just have the feeling it’s better integrated and it more probable to warn me if something critical is going on.

          httpd is not a proxy but you should check out relayd.

          You’re right, I messed that up, but I also tried to figure that out without success.

          1. 7

            apt […] it’s better integrated

            huh, it’s a very dis-integrated system, with dpkg and apt being separate pieces, apt-get vs aptitude, a complex system for (re)configuring packages at runtime…

            1. 2

              Now they have apt as well as apt-get, just for extra confusion. Debian users kept telling me “just use apt now” but I find it screws with my scrollback history because of the way it uses curses or something.

              1. 1

                And apt is like a python wrapper around apt-get or something IIRC

            2. 1

              Structurally, yes, but when you just use apt, which is possible, it feels a lot better (more information, more intuitive, …), which is all I am saying.

      2. 1

        If I were to finally figure out how to do backwards http-proxies with httpd(8), I’d at least be using it on my server.

        AFAIK, this is not a function of httpd, you’re supposed to use relayd for this.

        This guide is specific to some software I develop at $work, but you should be able to pull out the good bits: https://github.com/workflowproducts/envelope/blob/master/INSTALL_RELAYD.md

    2. 8

      The lack of being able to use Netflix is why I don’t run OpenBSD on my laptop. DRM is stupid, but in the end I just want to watch the occasional TV without jumping through all sorts of hoops 🤷

      There are also other things, stuff like Docker doesn’t run on OpenBSD. This isn’t really OpenBSD’s fault of course (Docker is just a stupid project) and I don’t necessarily want to use Docker, but unfortunately it’s needed for some stuff, and mucking about trying to get stuff to work is just tiring.

      My laptop ran FreeBSD, OpenSolaris, and OpenBSD (in that order) for many years, but now I just use Linux. It’s the easiest Just Works™ solution that’s still mostly okay.

      I really like OpenBSD, but the more you go outside of the mainstream the higher the price becomes. I’m too old and got too much stuff going on to pay the price.

      1. 4

        The Pirate Bay YouTube doesn’t need DRM :D

        1. 3

          Yeah, but this is the sort of “jumping through all sorts of hoops” that I’d like to avoid. e.g. last night I couldn’t sleep so I turned on a random documentary on Netflix which helped me sleep. I’d really rather not muck about with torrents and such.

          1. 5

            I personally find the Netflix DRM far more annoying than torrents (can’t save the whole video to disk to quickly skip around with rebuffering, can’t pause and move one frame at a time), and the Netflix UI keeps getting more and more hostile with more auto-play and fewer config options to opt out.

            Plus, Netflix just never has the stuff I want to watch. They sure have a lot of stuff they want me to watch, but in the end, DRM is just not for me.

    3. 8

      One of my most beloved “features” of OpenBSD is that I am constantly not surprised by stuff that I do with it while linux just keeps on surprising me.

      As an admin I love that I can predict the outcome of my actions.

    4. 5

      Great website, it’s made me more curious about OpenBSD. A bit OT, but does OpenBSD support anything like Guix?

      1. 2

        Go to openbsd.org. Check out Project Goals and Innovations section.

    5. 5

      strlcpy(3), strlcat(3) aren’t “Kernel functions” AFAIK.

      Great website, very fun to read all these lesser known features.

      1. 3

        strlcpy is often just marginally less wrong than strncpy and less verbose than memcpy() + finishing with 0. But at least, whenever someone changes strncpy to strlcpy, it can prompt thinking about truncation errors.

    6. 5

      randomized at boot time to prevent “Return oriented programming”. … With randomized symbols, this is not an attack vector anymore.


      s/not an attack vector anymore/attack is harder to execute/

      Note also that RETGUARD goes yet further to mitigate ROP.

    7. 5

      While OpenBSD is nice, I always wonder why NetBSD doesn’t get more love. Surely because it’s more portable, it’s subsystems must be really clean? It might not be as secure, but doesn’t this mean things must be predictable as well?

      Sell me OpenBSD over NetBSD friends.

      1. 6

        At a certain point you basically achieve maximum portability for all the machine independent code. New CPU X comes along, and it’s got some new bit patterns for its instructions, but it’s otherwise just another model of something that already exists. The code for ls and tar and nfs is ready to run on any CPU that might possibly exist within the target space (so no 8 bit microcontrollers). The build system supports N different platforms, with N > whatever number you might manually hack around. N + 1 is just another name in an array.

      2. 6

        Portability has not been the main point of NetBSD for a long time. Now the OS is supposed to be correct, well structured, with sane architecture, etc. For example, the fuzzing/sanitizing work that is being done is not directly targeted at improving portability.

      3. 4

        NetBSD wants to run on everything, no matter the cost. OpenBSD wants to run well.

      4. [Comment removed by author]

      5. 2

        NetBSD has some cool features, but in my experience I’ve found OpenBSD to run on more hardware more easily than NetBSD.

        OpenBSD’s focus on simplicity and security, help make OpenBSD my preferred OS - but I’m biased - my personal desktop machine has been OpenBSD since 2001…

    8. 4

      I would really like to use OpenBSD in my netbook but I never got the Wireless to work.

      So far I’m enjoying Void Linux though, it feels slightly similar.

    9. 4

      I would be using OpenBSD I think if it supported the network adapter on the Surface Pro

      1. 4

        I tried writing a network driver once for Plan 9. Basically got no where but that was when I was a hardware noob.

        I wonder how it really is to write a simple, basic, shitty network driver. Someone should do a series.

    10. 4

      I think the big thing that would help FreeBSD/OpenBSD and other BSDs is if some was able to write a daemon with a Docker Engine compatible API, that would translate those images into zfs layers+jails. There was a FreeBSD version of Docker that did this and could run Linux apps via the FreeBSD native binary support, but it’s been unmaintained for years and not compatible with modern Docker clients.

      If I could run my Docker images on a BSD, I’d ditch all my personal Linux VMs overnight.

      1. 5

        zfs layers+jails

        ZFS and jails are FreeBSD features. OpenBSD has neither of those.

        ZFS is presumably missing because it’s incredibly complex to implement from scratch; OpenBSD seems to be conservative when it comes to touching the filesystem. The CDDL does not work with OpenBSD’s copyright policy (cf. discussion on the tech list).

        Jails also don’t seem to be planned anytime. I would assume that the idiomatic replacement for jails on OpenBSD would be chroot(2) + pledge(2) in a particular application or using vmm(4) to virtualize it.

      2. 4

        I think OpenBSD is very different from FreeBSD and Linux on this point. OpenBSD has a much stronger focus on simplicity and security over performance, so it’s extremely unlikely that complex beasts like ZFS and containers will be implemented in the next years. Currently, OpenBSD uses a filesystem much simpler than ext4 (without journaling) and encourages users to use chroots or virtual machines instead of containers or jails.

      3. 2

        I don’t think making zfs layers would help openbsd at all.

      4. 1

        So why not create that functionality? ;P

    11. 3

      unveil and pledge are pretty interesting. I guess they can be used for some specific use cases as an alternative to Docker.

      1. 3

        rdomains (routing domains) can be used to isolate networks even locally.