-
The second slide bothers me:
WHY USE OPENBSD
- UNIX-like
- Get the latest version of OpenSSH, OpenSMTPD, OpenNTPD, OpenIKED, OpenBGPD, LibreSSL, mandoc
- Get the latest PF (Packet Filter) features
- Get carp(4), httpd(8), relayd(8)
- Security focused Operating System
- Thorough documentation
- Cryptography
These aren’t reasons to use OpenBSD. These are features of the OS, with the exception of “thorough documentation”
What are reasons derived from these features? Maybe these:
- Security first
- Consistent updates to remote access, mail transit, time synchronization
- Tight integration with modern cryptography library with the least number of CVEs in the industry
- Industry-leading performance of built-in firewall with extensive, easily managed packet filtering features
- Built-in, highly performant web server with fewer than X vulnerabilities in last Y years
- Lightweight default installation completed within five minutes
- Small footprint encourages addition of only the software necessary for intended purpose of system
- Large ecosystem available
- Thorough, centralized documentation for every step of setup and use
This gives me business reasons to continue paying attention.
-
-
You want to catch peoples’ attention by asserting that the thing you are supporting is better than the thing they’re using or better than the thing they are considering for task T. Don’t let advantages be self-evident: explain them! This is an introductory presentation.
I’d call it “notable packages” or “core software” and drop the one that aren’t software.
Some quick notes off the top of my head, n.b. that I am not an OpenBSD person and I know just enough to understand that I probably should be and probably would be if i had more time to devote to it.
Maybe some slides like these:
Why use OpenBSD?
Security first.
- Consistent updates to remote access, mail transit, time synchronization
- Tight integration with modern cryptography library with the least number of CVEs in the industry
- Industry-leading performance of built-in web server, load balancer, and firewall with extensive, easily managed packet filtering features
Other reasons to use OpenBSD
- Built-in, highly performant web server with fewer than X vulnerabilities in last Y years
- Lightweight default installation completed within five minutes
- Small footprint encourages addition of only the software necessary for intended purpose of system
- Large ecosystem available
- Thorough, centralized documentation for every step of setup and use
Notable software packages
- OpenSSH remote access
- OpenSMTPD mail server
- OpenNTPD time server
- OpenIKED keyserver
- OpenBGPD routing server
- LibreSSL for modern cryptography
All of these are maintained as separate packages but are core components of the OS.
Notable programs
- carp(4) - IP address sharing on the same network
- httpd(8) - web server optimized for the OS, top performance compared to other OS server packages
- relayd(8) - highly performant load balancer for IP traffic
- pf(4) - enterprise-quality packet filtering firewall
- mandoc(1) - extensive system-wide documentation in a variety of formats
Notable technology
- pledge(2) - whitelists required system calls at startup, limiting attack surface by restricting what a program can do to what it is intended to do
- zfs(8) - enterprise-grade expandable, recoverable, and snapshottable filesystem
Pick some other stuff from https://www.openbsd.org/innovations.html for it, too.
Quite frankly, I find the inclusion of the manual page section in the name to be confusing. I’d omit it if you don’t explain it at least non-exhaustively.
-
Uh, OpenBSD has ZFS? .. since when? I mean https://www.tedunangst.com/flak/post/ZFS-on-OpenBSD I mean I guess it’s sort of there, but I don’t think anyone suggests you actually USE it on OpenBSD. Regardless it’s not Notable technology from OpenBSD, they clearly don’t care for it, but like some of the features it has…
Otherwise I like this approach for “why OpenBSD” better than what is on the slides now.
-
-
-
Sorry,
n.b. that I am not an OpenBSD person and I know just enough to understand that I probably should be
This was in my browser history: https://man.openbsd.org/FreeBSD-11.0/zfs.8 but I see now that it’s from the FreeBSD section. That’s confusing.
-
-
-
-
Another small bug on http://www.openbsdjumpstart.org/#/24:
# For example, tune ntpd(8) to try to set the time immediately at startup: /usr/sbin/rcctl enable ntpd /usr/sbin/rcctl set apmd flags -s /usr/sbin/rcctl restart ntpdThat second rcctl should be for ntpd, not apmd.
-
-
Why did you decide to submit a goo.gl shortened URL instead of the direct link to the material?
for anyone interested, this is the information gathered on each click: https://goo.gl/#analytics/goo.gl/rAjwoi/all_time
I am about to go through the slides, will update the comment after I am done with them.I like the slides, very nice quick overview of key system areas, one tiny nit pick:
slide #21:
permit nopass marc as root cmd reboot
from doas.conf(5)
cmd command The command the user is allowed or denied to run. The default is all commands. Be advised that it is best to specify absolute paths. If a relative path is specified, only a restricted PATH will be searched.might want to change the example to
/sbin/reboot -
-
Updated!
-
Why this website? Iinformations related to the 4 BSD are really minimalistic.
Next step (Part 1: OpenSMTPD) : https://github.com/openbsdjumpstart/mailserver/issues/3