flvbox.org/Goodbye OpenBSD

🏠 flvbox.org

1. Goodbye OpenBSD

1.1. Personal point of view [updated 2024-09-28]

I've been using OpenBSD since version 6 as a desktop. I like S.Francesco da Assisi style clean desktop, no overbloated tools at all, the keyboard is my input device of choice. Give me an xterm and UNIX tools, and I’ll be happy. I used OpenBSD as my daily driver on my primary desktop for years, but today I lost my patience trying to install a Python module. On Windows or Fedora when I need for a Python module 10/10 times I do: pip install desired-module. The same situation in OpenBSD lead to install: cmake, gcc, fortran, rust waiting 45 mins for building times, when you can build, otherwise further work is needed in order to understand and fix libraries dependencies. Boring. In 2024 I expect to use a package manager in order to install software, the era of I recompile my kernel is over. Other desktop things:

  • old versions of all program languages from Python to Java
  • Vscode / Vscodium not available due electron
  • all big piece of code from Firefox to Pycharm are slower in execution then FreeBSD or Linux counterpart
  • must change machine every time we need Netflix or a decent remote meeting
  • I want use my CPU and my GPU already, and all my hardware MUST be recognized by the OS
  • Wifi support (not interfaces but drivers) is poor, speed of connections is slow

The main frustration is: I love OpenBSD, is good to have only one sound subsystem, is good to have a minimal attack surface, but I can't enjoy the good things on a desktop. I repeat I'm not a desktop-oriented fanatic, but OpenBSD is just too limited in that regard.

desktop.png

Figure 1: my Desktop all-in-one setup (Fedora)

My server flvbox.org will continue to run OpenBSD, I love OpenBSD as network/infrastructure server; on my private desktop machines, I'll only keep a virtual clone of flvbox.org, and for all the rest: wipe out.

Welcome, Fedora Linux!

2. Facts about OpenBSD

2.1. Advantages of OpenBSD

2.1.1. Security Focus

  • OpenBSD is renowned for its strong security model, being one of the most secure operating systems available.
  • Many security technologies originated from OpenBSD, such as:
    • OpenSSH, the default tool for secure remote access in most Unix-like systems.
    • PF (Packet Filter), a powerful and flexible firewall.
    • Proactive security features like WX, ASLR (Address Space Layout Randomization), and pledge/unveil, designed to limit application behavior and mitigate vulnerabilities.

2.1.2. Code Simplicity and Cleanliness

  • OpenBSD emphasizes clean, readable, and well-audited code.
  • The codebase is smaller and easier to audit than other systems, reducing the attack surface and simplifying maintenance.

2.1.3. Built-in Tools

  • OpenBSD includes a wide array of built-in, high-quality tools such as:

    • OpenSMTPD (secure mail server).
    • OpenNTPD (secure NTP service).
    • OpenBGPD (BGP routing daemon).

    These tools are secure, minimalistic, and integrated tightly into the system.

2.1.4. Stability and Reliability

  • The focus on correctness and auditing ensures that OpenBSD is highly stable and reliable.
  • It’s favored in production environments where uptime and security are more important than cutting-edge features.

2.1.5. Minimalism

  • OpenBSD’s philosophy of minimalism extends to both its base system and default configuration.
  • Less software is installed by default, reducing complexity and potential vulnerabilities.
  • This "less is more" approach makes OpenBSD an ideal choice for small, secure, and efficient systems.

2.1.6. Consistent and Predictable Releases

  • OpenBSD follows a strict release schedule, with a new version every six months.
  • This predictable cadence allows users to plan their upgrades without worrying about unexpected or unstable changes.

2.1.7. Free and Open Source

  • OpenBSD is entirely free and open source, with a commitment to providing source code for all included components.
  • The project also places emphasis on free documentation, making it easier for users to understand the system.

2.1.8. Strong Community Values

  • The OpenBSD project has strong community values around code quality, security, and open-source ideals.
  • Contributions are highly scrutinized, ensuring high standards for any changes made to the system.

2.1.9. Cross-Platform Compatibility

  • While not as versatile as Linux, OpenBSD supports many hardware platforms, including:
    • x86 and x86-64.
    • ARM, PowerPC, and others.
  • This makes it a good choice for both embedded systems and traditional server architectures.

2.2. Technical Limitations of OpenBSD

2.2.1. Limited Hardware Support

  • OpenBSD’s hardware support is more restricted compared to major operating systems like Linux or FreeBSD.
  • It may struggle with modern or less common hardware, especially GPUs, Wi-Fi cards, and storage controllers.
  • This is mainly due to a focus on security and the slower development process for drivers.

2.2.2. Performance Limitations

  • OpenBSD is not optimized for high performance.
  • While known for security and correctness, it lags behind Linux and FreeBSD in handling high-performance workloads.
  • Multicore scaling, intensive I/O operations, and heavy network traffic are areas where OpenBSD falls short.

2.2.3. Lack of Popular Software

  • OpenBSD often uses its own niche alternatives to widely used software:
    • Instead of sudo, it uses doas.
    • Instead of Apache or Nginx, it uses OpenHTTPD.
  • These alternatives are secure and minimalistic, but they may lack features and widespread adoption, limiting usability.

2.2.4. Limited Virtualization Support

  • OpenBSD has limited support for virtualization.
  • While it can run as a guest in hypervisors like KVM, Proxmox, or Xen, its native virtualization tools (such as `vmm`) are underdeveloped compared to other systems.
  • This makes OpenBSD less suitable for advanced virtualization setups or enterprise environments.
  • 1 virtual machine = 1 cpu. No smp or multithreaded cpu's.

2.2.5. Desktop Environment Challenges

  • OpenBSD is not well-suited as a desktop operating system for general users.
  • It lacks comprehensive support for desktop environments, modern GPU drivers, and multimedia functionalities.
  • It's mostly preferred by advanced users who are comfortable with minimalistic setups.

2.2.6. Slower Development Pace

  • OpenBSD’s development cycle focuses on security and correctness, which results in a slower release cycle compared to Linux distributions.
  • New features and hardware support are often delayed as security takes precedence over performance and innovation.

Author: Flavio Ferretti

Created: 2024-10-16 Wed 13:28

Validate