while I agree with you in this case, I don’t particularly like the “I speak for everyone” stance you seem to be taking here.

Do you think an additional CVE tag would make sense? Given there’s upvotes some people seem to be interested.

Yeah, I’d rather not have them at all. Maybe a detailed, tech write-up of discovery, implementation, and mitigation of new classes of vulnerability with wide impact. Meltdown/Spectre or Return-oriented Programming are examples. Then, we see only the deep stuff with vulnerability-listing sites having the regular stuff for people using that stuff.

seems like a CVE especially arbitrary code execution is worth posting. my 2 cents

The declarative units are definitely a plus. No question.

I was anti-systemd when it started gaining popularity, because of the approach (basically kitchen-sinking a lot of *NIX stuff into a single project) and the way the project leader(s) respond to criticism.

I’ve used it since it was default in Debian, and the technical benefits are very measurable.

That doesnt mean the complaints against it are irrelevant though - it does break the Unix philosophy I think most people are referring to:

Make each program do one thing well. To do a new job, build afresh rather than complicate old programs by adding new “features”.

If you believe composability (one program’s output is another program’s input) is an important part of The Unix Philosophy, then ls violates it all day long, always has, likely always will. ls also violates it by providing multiple ways to sort its output, when sort is right there, already doing that job. Arguably, ls formatting its output is a violation of Do One Thing, because awk and printf exist, all ready to turn neat columns into human-friendly text. My point is, The Unix Philosophy isn’t set in stone, and never has been.

With all due respect[1], did your own comment hit your fingerprint detector? Because it should. It’s extrapolating wildly from one personal anecdote[2], and insulting a broad category of people without showing any actual examples[3]. Calling people “markov chains” is fun in the instant you write it, but contributes to the general sludge of ad hominem dehumanization. All your upvoters should be ashamed.

[1] SystemD arouses strong passions, and I don’t want this thread to devolve. I’m pointing out that you’re starting it off on the wrong foot. But I’m done here and won’t be responding to any more name-calling.

[2] Because God knows, there’s tons of badly designed software out there that has given people great experiences in the short term. Design usually matters in the long term. Using something for the first time is unlikely to tell you anything beyond that somebody peephole-optimized the UX. UX is certainly important, rare and useful in its own right. But it’s a distinct activity.

[3] I’d particularly appreciate a link to NeoVim criticism for being anti-Unix. Were they similarly criticizing Vim?

What is FUD is this sort of comment: the classic combination of comparing systemd to the worst possible alternative instead of the best actual alternative with basically claiming everyone that disagrees with you is a ‘slashdot markov chain’ or similar idiotic crap.

On the first point, there are lots of alternatives to sysvinit that aren’t systemd. Lots and lots and lots. Some of them are crap, some are great. systemd doesn’t have a right to be compared only to what it replaced, but also all the other things that could have replaced sysvinit.

On the second point, it’s just bloody rude. But it also shows you don’t really understand what people are saying. ‘I think [xyz] violates the unix philosophy’ is not meaningless. People aren’t saying it for fun. They’re saying it because they think it’s true, and that it’s a bad thing. If you don’t have a good argument for the Unix philosophy not matter, or you think systemd doesn’t actually violate it, please go ahead and explain that. But I’ve never actually seen either of those arguments. The response to ‘it violates the Unix philosophy’ is always just ‘shut up slashdotter’. Same kind of comment you get when you say anything that goes against the proggit/hn hivemind that has now decided amongst other things that: microsoft is amazing, google is horrible, MIT-style licenses are perfect, GPL-style licenses are the devil-incarnate, statically typed languages are perfect, dynamically typed languages are evil, wayland is wonderful, x11 is terrible, etc.

I think that the problem is fanboyism, echo chambers and ideologies.

I might be wrong, so please don’t consider this an accusation. But you writing this sounds like someone hearing that systemd is bad, therefore never looking at it, yet copying it. Then one tries it and finding out that baseless prejudices were in fact baseless.

After that the assumption is that everyone else must have been doing the same and one is enlightened now to see it’s actually really cool.

I think that this group behavior and blindly copying opinions is one of the worst things in IT these days, even though of course it’s not limited to this field.

A lot of people criticizing systemd actually looked at systemd, really deep, maybe even built stuff on it, or at least worked with it in production as sysadmin/devop/sre/…

Yes, I have used systemd, yes I understand why decisions we’re taken, where authors if the software were going, read specs of the various parts (journald for example), etc.

I think I have a pretty good understanding compared to at least most people that only saw it from a users perspective (considering writing unit files to be users perspective as well).

So I could write about that in my CV and be happy that I can answer a lot of questions regarding systemd, advocate its usage to create more demand and be happy.

To sum it up: I still consider systemd to be bad on multiple layers, both implementation and some ideas that I considered great but then through using it seeing that it was a wrong assumption. By the way that’s the thing I would not blame anyone for. It’s good that stuff gets tried, that’s how research works. It’s not the first and not the last project that will come out sounding good, to only find out a lot of things either doesn’t make a difference or make it worse.

I am a critic of systemd but I agree that there’s a lot of FUD as well. Especially when there’s people that blame everything, including own incompetence on systemd. Nobody should ever expect a new project to be a magic bullet. That’s just dumb and I would never blame systemd for trying a different approach or for not being perfect. However I think it has problems on many levels. While I think the implementation isn’t really good that’s something that can be fixed. However I think some parts of the concept level are either pretty bad or have turned out to be bad decisions.

I was very aware that especially in the beginning the implementation was bad. A lot got better. That’s to be expected. However next to various design decisions I consider bad I think many more were based on ideas that I think to most people in IT sound good and reasonable but in the specific scenarios that systemd is used it at least in my experience do not work out at all or only work well in very basic cases.

In other words the cases where other solutions are working maybe not optimal, but that aren’t considered a problem worth fixing because the added complexity isn’t worth it systemd really shines. However when something is more complex I think using systemd frequently turns out to be an even worse solution.

While I don’t wanna go into detail because I don’t think this is the right format for an actual analysis I think systemd in this field a lot in common with both configuration management and JavaScript frameworks. They tend to be amazing for use cases that are simple (todo applications for example), but together with various other complexities often make stuff unnecessarily complicated.

And just like with JavaScript frameworks and configuration management there’s a lot of FUD, ideologies, echochambers, following the opinion of some thought leaders, and very little building your own solid opinion.

Long story short. If you criticize something without knowing what it is about then yes that’s dumb and likely FUD. However assuming that’s the only possible reason for someone criticizing software is similarly dumb and often FUD regarding this opinion.

This by the way also works the reverse. I frequently see people liking software and echoing favorable statements for the same reasons. Not understanding what they say, just copying sentences of opinion leaders, etc.

It’s the same pattern, just the reversal, positive instead of negative.

The problem isn’t someone disliking or liking something, but that opinions and thoughts are repeated without understanding which makes it hard to have discussions and arguments that give both sides any valuable insides or learnings

Then things also get personal. People hate on Poetteing and think he is dumb and Poetteing thinks every critic is dumb. Just because that’s a lot of what you see when every statement is blindly echoed.

It violates unix philosohpy

That accusation was also made against neovim. The people muttering this stuff are slashdot markov chains, they don’t have any idea what they’re talking about.

i don’t follow your reasoning. why is it relevant that people also think neovim violates the unix philosophy? are you saying that neovim conforms to the unix philosophy, and therefore people who say it doesn’t must not know what they’re talking about?

The people muttering this stuff are slashdot markov chains, they don’t have any idea what they’re talking about

I’ll bookmark this comment just for this description.

“the local ISP has monitoring installed by the local equivalent of the NSA”

You should assume Cloudfare does, too. They are a venture-funded, for-profit company operating in a surveillance state in ideal position to do surveillance. The NSA/FBI also pays or coerces compliance per Core Secrets leaks. The real question to determine if they won’t cooperate with the NSA is: “Will they turn down $30-$100+ million, go bankrupt, and/or go to prison for me?” If not, then they’ll likely cooperate. The cooperation also always mandates they lie about cooperating. They can promise government-proof anything while relaying data to the government.

That’s true. However, your local ISP will still know where you connect. It will still see how much and if it’s unencrypted what you send/receive.

CloudFlare being a big target has to comply with some other country’s laws, as a US company it has to comply with NSLs, which might or might not exist in your local country. CloudFlare being a big company might also comply with other country’s laws - maybe not small ones, bug look at the list of companies that comply with China, etc.

Also this is actually not about your ISP vs CloudFlare. It’s about whatever you have configured vs ClfoudFlare. If Firefox starts making HTTPS requests to CF as a system administrator, when you expect DNS requests you might even miss them.

I think the problem is not that Firefox allows this, but that it’s skipping your system-wide configuration, without asking. After all I can already use CloudFlare’s DNS servers if I want to do so.

And then: CloudFlare makes its money by selling CDN features (including analytics, etc.) to companies, while my ISP makes money by selling internet to me. If your ISP doesn’t promise any privacy (or has no privacy policy, as you make it sound like) maybe consider switching your ISP.

The main point however is: I don’t think “overwriting” things like resolving hostnames is something an application should do, unless it’s asking or by design made to do so. In this case it’s not.

It will per default skip what you, your system administrator, etc. might have done to secure you.

It’s totally fine you trust CloudFlare more than your ISP/your local setup, but I don’t think it’s fine if a piece of software dictates and overwrites whom you trust silently, when you might already have consciously chosen someone else you trust.

It makes me really appreciate the projects that require only a c89/c99 compliant compiler, like sqlite and lua. Admittedly their dependencies are also minimal, only require the c standard library iirc, but it sure is nice.

I know where the author is heading, but some browsers building with one compiler doesn’t strike me as a monoculutre.

So, even for a “toy” project, we used to build again:

• MSVC on Windows 7, x32, x64
• GCC on Linux, x32, x64, Itanium
• Clang on Linux (iirc), x32, x64
• GCC on Irix, MIPS

And we would’ve built on an Alpha if we had one lying around–helps reveal the really thorny issues.

The thing is, not using multiple compilers (and architectures!) helps hide bugs.

It’s just a guess, but I also think that it will not suddenly become a huge undertaking to try to compile Firefox with another compiler.

Suddenly? No, but I’m afraid that sooner or later having both clang and rust will become required for any platform that wants to ship firefox. Which is a shame, since Mozilla mission is:

Our mission is to ensure the Internet is a global public resource, open and accessible to all.

So it’s more like things became a lot less of a monoculture and probably mostly for the effort of BSD and MacOS users and developers making sure that software doesn’t only work with GCC.

Not to belittle works of BSD people, a lot of Clang portability work was done by Debian before BSD decided on Clang. https://clang.debian.net/ goes back to Clang 2.9.

Something to consider is that JavaScript has an extreme audience. People who barely consider themselves programmers, because they mostly do design use it, or people just doing tiny modifications. Nearly everyone building a web application in any kind of language, framework, etc. uses it.

I think the reason there is so much bad stuff in JavaScript is not only something rooted in language design. JavaScript isn’t so much worse than other popular bad languages, it just has a larger base having even more horrible programmers and a lot of them also build some form of frameworks.

Don’t get me wrong, JavaScript is not a great language by any stretch, but blaming the ecosystem of a language who certainly has at least a few of the bright minds designing and implementing (working at/with Google, Mozilla and Joyent for example) it should not result in something so much more unstable.

Of course this doesn’t mean that it’s not about the language at all either. It’s just that I have yet to see a language where there isn’t a group writing micro-libraries, doing bad infrastructure, doing mostly worst-practice, finding ways, to work around protections to not shoot yourself in the foot, etc. Yes, even in Python, Rust, Go, Haskell and LISP that exists.

Maybe it’s just that JavaScript has been around for ages, many learned it do so some animated text, they wrote how they did it, there is a ton of bad resources and people that didn’t really learn the language and there is a lot of users/developers that also don’t care enough, after all it’s just front-end. Validation happens on the server and one wants to do the same sending off some form and loading something with a button, updating some semi-global state anyway.

JavaScript is used from people programming services and systems with it (Joyent, et al.) to a hobby web designer. I think that different approaches also lead to very different views on what is right and what isn’t. Looking at how it started and how the standards-committee has to react to it going into backend, application and even systems programming direction probably is a hard task and it’s probably a great example of how things get (even) worse when trying to be the perfect thing for everything, resulting in the worst.

On a related note: I think the issue the community, if you even can call it like that (there are more communities around frameworks rather than the language itself, which is different from many other scripting languages) doesn’t seem to look at their own history too much, resulting in mistakes to be repeated, often “fixing” a thing by destroying another, sometimes even in different framework-layers. For example some things that people learned to be bad in plain JavaScript and HTML get repeated and later learned to be bad using some framework. So one starts over and builds a new framework working around exactly that problem, overlooking other - or intentionally leaving them out, because it wasn’t part of the use case.

A lot of Java frameworks predate maven - e.g. Spring was distributed as a single enormous jar up until version 3 or so, partly because they didn’t expect everyone to be using maven. I think there’s still a cultural hangover from that today, with Java libraries ending up much bigger than those in newer languages that have had good package management from early on (e.g. Rust).

Even including all transitive libraries, my (quite large) Android app Quasseldroid has 21 real dependencies. That’s for a ~65kLOC project.

In JS land, even my smallest projects have over 300 transitive dependencies.

It’s absolutely not the same.

In technical terms, npm does not differ much from how python does package management. Culturally, however, there are a big difference in how package development is approached. Javascript has the famous left-pad package (story). It provided a single function to left-pad a string with spaces or zeroes. Lots of javascript libraries are like it, providing a single use case.

Python packages on the other hand usually handle a series of cases or technical area - HTTP requests, cryptography or, in the case of left-pad, string manipulation in general. Python also has PEP8 and other community standards that mean code is (likely to be) more homogeneous. I am using python here as that is what I know best.

Because npn micro-libraries tends to be much worse than most other languages.

It’s a problem there too.

This is more true than one might think. There are a couple of projects on GitHub with thousands of stars, some more than all the BSDs source codes combined, with the promise to bring something amazing, while not even having a working proof of concept, and being completely abandoned.

However, since it is true (to some degree) that having a larger user base in programming historically means that you won’t have to maintain a project on your own in the end it’s easy to be fooled by anything that appears to indicate a large userbase, like GitHub stars.

Many people use GitHub more like a “might be interesting, let’s bookmark it” or “Wow, so many buzzwords”, etc.

On the other hand there is quite a few projects that do one thing and do it well. Programmed to solve a problem, with 0-10 stars.

One might think that are extreme cases, they are only in the sense that 0 stars is the extreme of not being able to have fewer. They are not rare cases.

Another thing to consider is that GitHub is built a lot like a social network, so you have network effects, where people follow other people and one person liking something results in timelines, causing others to like it to remember to look at it, or “in case I need this some day”, and so one ends up having these explosions. Hackernews, Lobsters, reddit, etc. and in general having someone mention it to a bigger audience can help a lot too - and be it just “I have heard about this, but not looked at it yet”. It appears to be similar to the same story having zero upvotes on one day, and hundreds or thousands on another.

The rest is probably rooted in human psychology.

Spot on. On top of the detrimental “programmers-masquerarding-as-brands”, many GH repos are heavily marketed by the companies behind the projects. Covert marketing might be more popular than what people think.

Of course, the more interesting question is why Linux became more popular than FreeBSD, despite FreeBSD having a more friendly license for commercial/proprietary use.

I think there’s a better answer to that on Server Fault. UC Berkeley was fighting off a lawsuit from AT&T over BSD, and by the time all of that was resolved Linux had already gotten off the ground and achieved sufficient popularity that the SCO lawsuit couldn’t stop its momentum.

Citation needed. ;)

While I see where you are getting to I think those are at least partly myths. I have yet to see a person who can use Linux on the desktop on their own and cannot use FreeBSD or OpenBSD.

While I hear these arguments over and over I just don’t see them mapping to the real life. When people start using OpenBSD or FreeBSD they usually end up thinking it would be a lot harder, because of these myths.

Now I don’t wanna say they are easy to install, but if you want to use one of these systems for day to day life, they are certainly more friendly then Debian and Arch Linux for example. About others one might argue, but really, the first half of the Windows install was about as hard as installing either Linux (aside from Gentoo, Arch, etc.) until fairly recently. I really do thing that the effect of the initial installation is overrated.

What is a bigger problem of course is support for recent hardware. Looking at how far FreeBSD lags behind with Intel graphics (OpenBSD and DragonFly do way better here) or its sometimes desktop-unfriendly defaults (changing a sysctl to make Chrome run correctly) are bigger issues. One can be mitigated by using a recent Apple laptop or an older generation Thinkpad, the other by using a “distribution”.

I think a big reason is that all the commercial interest in something for end users was around Playstations. There is no SuSE, no RedHat, no Ubuntu, all having at least some money and grip to push their systems to the desktop, and be it just to get future sysadmins, selling their products for them.

Right now I think the comparison that would make more sense is Arch Linux vs FreeBSD, simply because these are a lot more similar, than Ubuntu which won by a huge initial investment in tech, branding and marketing, more than anything.

Arch Linux and FreeBSD have a lot more in common - speaking purely about desktop. They have a somewhat technical users in mind, they are not backed by some big organization, they value certain forms of simplicity (not exactly the one OpenBSD is thinking about, but still), they both have huge repositories of easy to install and very up to date software, that can be either taken from packages or source, they like to tune, configure and optimize, they enjoy having packages close to upstream, etc.

My best guess here would be stuff like steam and other things that became available as Linux blobs, that were “made possible” due to the investments from various other companies, which started out in the B2B field. Now one might ask why the BSDs don’t have strong companies in that sector, but at least to me it seems that the idea of using BSD outside of networks (routers, servers, etc.) infrastructure and the need of having something GPL-free (gaming consoles, etc.) just never occurred to people until Linux did lift off.

The reasons to use BSD often were a lot more more pragmatic and there weren’t really people with that dream of one day replacing Windows, in which Linux so far succeeded on the phone, but more in a way that one could say it’s Linux + lots of BSD code and macOS and iOS are BSD after all.

Even though BSD people often don’t want to hear that, but the license might be a part, especially on the hardware support side and you simply have code flowing in, for mostly legal reasons that one at least can look at.

I am sure that’s not the only reason and of course it will be a mixture, but the person running Linux on their own free will likely won’t decide against FreeBSD because it looks text based, especially not your average Arch Linux, Gentoo, Debian, Slackware. They might even find it more convenient.

Knowledge is especially historically a huge factor. I haven’t heard about BSD at all before the day I first installed it in 2005, which I think was because I read that Gentoo’s portage was inspired by it.

Extremely subjective, but Linux seems to really have a lot more missionary stuff going on. I have met more than one person who was about to duck and cover when I mentioned Linux, fearing a speech about moral and technical reasons on why they should switch. This used to be worse though. I think with the growth of the Linux community people feel a lot less like they have to defend their decision. There are barely any flame wars about Windows vs Linux vs macOS these days.

So I think marketing and in general network and social effects, as well as a hype and a nice story together with quite a bit of ideological undertone make up a large portion, of the history leading to status quo. I know a few people that tried BSD liked it and only switched back for ideological reasons.

While the BSDs are certainly not easy to use compared to macOS or Windows, I think argument is not holding true as big driving factor at all, when comparing to Linux in general and longer term desktop usage. Even holding on to Ubuntu for an extended period of time (upgrading from one release to another) will require a similar level of interest.

The XMPP community is asking these questions right now and it’s interesting how this would affect distributed systems like Mastadon.

I think this actually is possible to handle. If a third party gives you a statement about GDPR-compliance then that’s possible.

Also note that part of this actually isn’t a new legal problem in most European countries. Even though such topics come up again with GDPR. Informing people about collected data and in many countries the right to correction and deletion of data has been existing for decades. Also why not binding the EU in 1995 adopted the Data Protection Directive, which in large parts was implemented by various European countries.

I have a question on packages. Do you use the M:Tier ones? If so how up to date/stable are they? Eg. when something is in ports is it quickly available there? Do you know if it’s hours, days, weeks or more?

While it’s not generally recommended, depending on how adventurous you feel you might try your luck with FreeBSD 12, so the CURRENT/HEAD branch. It’s what TrueOS uses and while I am not a fan of it, looking at what revision they currently use might give you a reasonably stable system to play around with. While the latest revision of FreeBSD is usually pretty usable and people do use it, don’t use it for anything critical. You don’t want to find out that your RNG wasn’t actually secure or something.

For playing around and maybe seeing if you actually would enjoy running it in future it might be enough though.

There was an update to radeon drivers committed just in time for OpenBSD 6.3.

The main problem with the graphics stack is that we have too few people working on it, and Linux has too many. Keeping on top of a large code base with rapid upstream code churn and development is not easy if you don’t have enough people who will read all that code to screen it for potential holes, and to integrate and test it.

That’s also why the open source nvidia driver hasn’t been ported. Nobody wants to add the necessary hours required to their voluntary work schedule.

Are you only interested in OpenBSD or do you mean BSDs in general?

If you want NVIDIA binary drivers you can get them with FreeBSD. I know there have been efforts on Wayland as well. I have no clue on the status but there is a port/package you can install:

https://www.freshports.org/graphics/wayland/

objective superiority of the newer solution

Is that so? Even though it were somewhat different topics (Object Oriented Programming, Syntax Highlighting, etc.) a lot of things that people used to call objectively superior turn out to be “subjectively superior” at best if one actually bothers to look at it in an objective way.

Other than that I am inclined to claim that it’s really hard to define superiority of software or even techniques. Few people would argue about the superiority of an algorithm without a use case, yet people do the same thing with technologies and call them better, without mentioning the use case at all.

I think a problem of our times is that one loses track of complexities and anatomies of problems, seeing only a very small port of a problem. Then we try to fix it and on the way move the problem to another place. When that new problem bothers us enough we repeat the process.

This looks similar to looking for something like the perfect search or index algorithm for every use case, even disregarding limits such as available memory. It’s good that people love to go and build generic abstractions. It’s of extreme importance in IT, but it’s easy to end up in a state where progress kind of goes in a circle, when disregarding limitations and trying to find a “one size fits all”.

In web development this would be a framework for both real time, non real time, for rest based microservice architectures, but also supporting RPC, real time streaming, as well as being a blog engine and what not, while both being very low level, going down to the HTTP or even TCP level and a blog at the same time, making all of that equally easy.

This sounds great, and it’s certainly not impossible. However, it still might not be the right way to go and someone will always find some use case that they don’t see covered well enough. Something that isn’t easy enough for their use case out of the box and something that can be done in a more easy way by simply writing it from scratch, maybe just with some standard library.

I don’t say that projects like that are bad. However, since they get reinvented over and over I think it would make sense to instead of trying to invent tools for everything it might be worthwhile do strive for completing or extending the tools to pick from.

And I think that is what’s starting to happen more and more anyway. I even would say that the frameworks we see today are a symptom of it. The set of tools is growing and instead of being multitools like they used to be a decade ago (therefor also not working well with others) they nowadays seem more to be like tool belts, with many already available tools in them.

Or to say it in more technical terms. Frameworks nowadays (compared to a decade or so ago) are less like huge libraries forcing you into a corsett, but more software or library distributions with blueprints and maybe manuals on how things can be done.

No one is saying you need all these fancy new build tools and package managers for brochure-ware sites. But they are extremely handy when building actual applications

Except that I see people say that all the time. I see them say it at work. I see them say it on social media. I see them say it at conferences. There’s always some reason why that fancy new tool is needed for the static site they are working on. They need it so they can use LESS or SASS for the CSS. They need it so that they can use react to build the html statically before they serve it… (Yes. I’ve really heard someone say that.). They need it because that one metrics javascript tracking library is only available from npm and they can just use that other build tool to ensure it’s in the right place.

This post resonates with people because while they understand that it should be the way you say it is. They can see people saying clearly silly things with a whole lot of unreasonable excitement everywhere they look. It’s so prevalent that when they see someone in web-dev saying something so eminently reasonable they can’t help but stand up and applaud. It’s not a problem with the technologies themselves. It’s more of a problem with the way the culture looks to the people observing it.

“Lennart explains that he thinks BSD support is holding back a lot of Free Software development”

I can think of something else which is holding back a lot of Free Software development.

Poettering’s approach to software development seems to make it clear that he doesn’t see any value in the continued existence of the BSDs. I think that they are an important part of the larger open *Nix world/ecosystem and that Linux benefits from their existence so long as there remains some degree of compatibility. I will say that I think the BSDs’ use of a permissive rather than reciprocal licence I think had been bad for them in the long run.

To each its own poison. But I like void because

• It is a rolling distro, if you are into that kind of stuff.
• It has packages for openbsd programs variants e.g. netcat, ksh and doas.
• the default network setup uses dhcpcd hooks and wpa_supplicant, so you can avoid networkmanager
• it has a muslc variant, but many packages are not available for that
• $ fortune -o void

The tools for package cross compile and image building are pretty awesome too.

Void has good support for ZFS, which I appreciate (unlike say Arch where there’s only unofficial support and where the integration is far from ideal). Void also has an option to use musl libc rather than glibc.

Void has great build system. It builds packages using user namespaces (or chroot on older kernels) so builds are isolated and can run without higher privileges. Build system is also quite hackable and I heard that it’s easy to add new packages.

Things I find enjoyable about Void:

• Rolling release makes upgrades less harrowing (you catch small problems quickly and early)
• High quality packages compared to other minimalist Linux distros
• Truly minimalist. The fish shell package uses Python for a few things but does not have an explicit Python dependency. The system doesn’t even come with a crond (which is fine, the few scripts I have running that need one I just put in a script with a sleep).
• Has a well maintained musl-libc version. I’m running musl void on a media PC right now, and when I have nothing running but X, the entire system uses ~120MB of RAM (which is fantastic because the system isn’t too powerful).

That said, my go-to is FreeBSD (haven’t gotten a chance to try OpenBSD yet, but it’s high on my list).

I’d use void, but I prefer rc.d a lot. It’s why I like FreeBSD. It’s so great to use daemon_option= to do stuff like having a firewall for client only, to easily run multiple uwsgi applications, multiple instances, with different, of tor (for relays, doesn’t really make sense for client), use the dnscrypt_proxy_resolver to set the resolver, set general flags, etc.

For so many services all one needs to do is to set a couple of basic options and it’s just nice to have that in a central point where it makes sense. It’s so much easier to see how configuration relates if it’s at one single point. I know it doesn’t make sense for all things, but when I have a server, running a few services working together it’s perfect. Also somehow for the desktop it feels nicer, because it can be used a bit like how GUI system management tools are used.

In Linux land one has Alpine, but I am not sure how well it works on a desktop. Void and Alpine have a lot in common, even though Alpine seems more targeted at server and is used a lot for containers.

For advantages: If you like runit, LibreSSL and simplicity you might like it more than Debian.

However I am using FreeBSD these days, because I’d consider it closer to Linux in other areas, than OpenBSD. These days there is nothing that prevents me from switching to OpenBSD or DragonFly though. So it’s about choosing which advantages/disadvantages you choose. OpenBSD is simpler, DragonFly is faster and has recent Intel drivers, etc.

For security: On the desktop I think other than me doing something stupid, the by far biggest attack vector is a bug in the browser or other desktop client application, and I think neither OS will safe me from that on its own. Now that’s not to say it’s meaningless or that mitigations don’t work or that it’s the same on servers, but it’s more that this is my threat model for the system and use case.

Why? Note: That’s the official channel, not some third party rip.