We use it in Finance applications in my work - security requirements and hacking attempts are through the roof, and OpenBSD is a pretty easy sell when it comes to not losing insane amounts of money.
Microsoft/google/meta really like OpenBSD, they throw large sums of cash at it and I think it's partly because of the licensing. [1] Windows itself takes a lot of security enhancements out of OpenBSD even before Linux catches on, and I also think OpenSSH with a permissive license has been a big factor in them including it in Windows now.
Is it really "large sums of cash," when Microsoft's donating under $50k, Facebook's donating less than $100k, and the grand total is under $600k? That's maybe a single senior developer at one of the three companies you cited, and far less than any of those companies are spending on the GPL-licensed GNU/Linux during a given year.
Also, you surely couldn't be using OpenBSD for performance-critical applications; I love OpenBSD, but it's incredibly slow, which makes it a complete nonstarter for most applications in that space.
Good point. Microsoft probably spends a lot more than 600K on Linux kernel developers alone to implement several of their features including Hyper-V.
One of the reasons I know it is slower is due to security.
With the security mitigations OpenBSD chose to simply disable SMT. It is a less performant, but much simpler solution than the software mitigations that Linux and Windows implement.
OpenBSD developers do not need high performance, so naturally OpenBSD and its components are usually just not optimized for performance.
One famous case: About 15 years ago, someone made a patchset called HPN-SSH [1] for OpenSSH because:
> SSH implements a multiplexed connection protocol so a single TCP/IP connection can host multiple SSH sessions at the same time. This means that SSH also has to implement a flow control mechanism in order to make sure that the network connection isn't overwhelmed. Much like TCP/IP, it uses a receive buffer to indicate how much data the sender should be sending at any one point. The developers of OpenSSH had initially set this buffer size to 64KiloBytes.
This capped scp/sftp bandwidth on a 10ms link to about 50Mbps. At that time no OpenBSD developers would like to work on this because... they don't have >10Mbps NICs (or link? I don't remember) so they never feel the problem.
Of course the thing eventually got fixed, but much later.
I'm 99% sure that google supports openbsd because that also includes libressl, openbgp, and other solutions in addition to openbsd - it's a "generally good for the internet" scenario.
Maybe so, but the bigger question is whether or not the financial contributions that these behemoth companies make matches the value that they receive.
At least they give something back. As another example, Sony took FreeBSD, added some proprietary bits on top (like their own graphical API), turning it into the PlayStation operating system family. They've made billions of dollars on that (saving countless millions by not having to develop an OS from scratch), and gave bupkis in return. Try finding them in any of donors lists. Last time I mentioned that I was downvoted to hell because apparently it's wrong to ask giant corporations to support the foundation they're building on top of, and I'm a communist for doing that.
Perhaps it should reflect the value they receive, they're there to make a profit. It might be better to ask whether they would receive even greater value if they put in more, and I believe they would, but perhaps they've done the maths and think differently.
In my experience I think the biggest bottleneck that I've found is filesystem performance. FFS (Fast File System) is pretty freakin slow, and you should really consider redundancy options in case one of the drives fails because its tolerance for recovery from failure isn't the best. It definitely isn't the most optimal or sometimes even viable solution for when you need performance on the filesystem to be high.
Given these things though chances are a lot lower that someone finds something filesystem-level which constitutes a way to hide malicious code or whatever (For example NTFS and hiding malware in Alternative Data Streams [1] or messing around with timestamps [2], or local privilege escalation in Linux's filesystem layer being a big vector for attack lately [3] - Hell even WSL mounting /mnt/c/ as chmod 777 which can wreck some real havok in something as basic as a few lines of python or ruby like stealing your browser session cookies [4] or just wrecking your windows install by deleting system32 like a bad prank from a decade ago [5])
Microsoft historically funded OpenBSD because they drew on OpenBSD source for their UNIX userland in products like MS SFU. They were all too happy to fund the development of /bin/sh and /bin/ls.
They absolutely do not have any interest in any "security" matters in OpenBSD -- Microsoft Windows and Microsoft .NET are decades ahead of OpenBSD in terms of security.
> OpenBSD doesn't support Bluetooth, but you can see this as a security feature
> You may think OpenBSD slow performance could hit your productivity
> Maybe your favorite software is proprietary and will not be provided for OpenBSD, then your provider is entirely at fault...
Sales really isn't for everyone....lol
Also I haven't heard great things about their mailing list. Maybe this has changed, but they're in no shape to replace commercial quality technical support.
To be fair, those bullets are prefaced with "Of course, as a good salesperson, I would have to avoid some topics because this would make the customer lose interest into OpenBSD"
FWIW the comments about the mailing list are mostly euphemisms for Theo being perceived as an aggressive individual. While he is highly opinionated, he is so for strongly ideological reasons that have mostly benefited, rather than hurt, OpenBSD given its niche.
>I see so many more cryptic comments about their mailing list than actual description.
It's just not a very friendly list, or at least it wasn't in days of yore when OpenBSD was relevant.
You have to realize that a lot of BSD enthusiasts are people who have let "being a *BSD user" subsume their whole identity and there's a lot of "Linux is for noobs"-style elitism.
> You have to realize that a lot of BSD enthusiasts are people who have let "being a *BSD user" subsume their whole identity and there's a lot of "Linux is for noobs"-style elitism.
As someone using Debian, Ubuntu, OpenBSD, and other OSs regularly, what I'm experiencing is perhaps less "elitism" on the BSD side, and more of: "hey, we're also here, it would be nice if you could consider us sometimes". The BSDs traditionally have different ways of doing some things, which are equally as valid, but e.g. OpenSSH considers the needs of Linux users, and provides sandboxing through seccomp[1] (which NB is quite an achievement to get right, contrast with pledge[2]).
Meanwhile e.g. on the systemd or GNOME side of things, projects tend to act not only as if Linux was the only platform in existence, but almost as if any alternative or adjacent technologies had no right to co-exist either: e.g. when GNOME told SDL2 developers to link against GTK to draw native window borders under Wayland[3]; or as systemd continues to swallow every traditionally discrete UNIX service, such as cron or syslog, and tries to shove DBus into the kernel. This is a stance that I'd expect from Apple (who are shipping an opinionated but highly polished and desirable product), not an open source community, where value emerges from collaboration.
Of course there are plenty acts of both generosity and jackassery in all of these communities, however the picture you're trying to paint is a bit unfair.
> [...] an open source community, where value emerges from collaboration.
Poettering hates everything that he hasn't touched. This is well-known and why anyone that cares about Linux and what it stands for should not use any OS that is infected by his projects.
Re: relevance, I'm referring specifically to OpenBSD the OS. It has no real use case. It's a research OS at best. The performance is abysmal and "code correctness" or "cohesion" is worth its weight in gold from a practical standpoint, which is to say very little.
OpenBSD fans like to make a lot of hay about its vaunted security posture but in real-world use cases I have no doubt that properly configured and up to date FreeBSD, Linux or even Windows Server is just as secure as OpenBSD.
There are just vanishingly few reasons to use OpenBSD today.
No real use case? I'm running it on multiple daily-driver machines as my personal computing OS. It works, and well. It's stable, reliable and everything works as expected and works as comprehensively-documented. I think there's more reason every day to use OpenBSD vs. all the other OSes you just mentioned. I've never seen such strict adherence to project goals/values than with this OS, and the resulting quality and correlating user experience is evident.
We'll have to agree to disagree on the UX part. I find the UX to be very poor compared to Fedora, for example. There's nothing OpenBSD does better than its competitors by enough of a degree to make up for its warts; it's not significantly more stable or reliable than FreeBSD or Debian.
The documentation does tend to be pretty good, but... honestly? I just don't find that to be a compelling reason to choose an operating system.
hmmm.. I haven't used Fedora so I can't speak to the comparison, but I just found OpenBSD so straightforward and "plain", not particularly unusual in how it actually functions. It kinda feels like a cleanly designed UNIX variant and the onboarding is so well-documented I just found it so easy to get started.
I do feel quality documentation makes a huge difference. Navigating the broken-links craziness of FreeBSD documentation was just such a frustrating experience. And even on a "first-class-supported" system at the time, they omitted a KEY (IMO) piece of information that resulted in me being unable to even run the OS until I did hours of research on OpenFirmware and realized the missing piece in the process. I could see from online discussions that most people had completely given up on FreeBSD at the same point I reached.
Ah well, for me, I don't notice any "warts" of any sort with OpenBSD, so whatever problems other people have just don't affect me or aren't relevant to my use case(s). Such is the case for any OS, I think ppl should use what works for them. No use discounting an OS completely just because it doesn't work for your purposes :)
It can seem unfriendly but what it really is, is not very tolerant of people who have made no effort to solve their problems, or even provide relevant information.
It’s probably one of the reasons why it’s so irrelevant.
Whereas openbsd people kept that attitude, the gnu+linux people went above and beyond to help newbies. Help not only in fixing their stuff, but also in growing and learning.
And I don’t buy the “secure by default” marketing stunt. At best you’d have to put that in the context of an OS that does a limited number of things, and does them poorly (questionable ux, poor performances). Gnu+linux is secure enough, particularly so if you compare that with the incredible amount of things it can do.
The other thing is that OpenBSD devs (well, leadership at least, from what I can tell) don't care who thinks they are "irrelevant." Popularity, number of users, etc. is not a goal. They develop the OS for themselves, and if others find it useful, they are welcome to use it.
A lot of people seem very irrationally angry at OpenBSD. Not sure why.
My experience is limited, but I really liked it. Didn't end up sticking with it for very familiar reasons - lack of http3, third party shitware that it's sometimes convenient to have for work, hardware support. But as a pure OS I thought it was miles above linux. Things fit together so well. And the docs! First time I'd ever read man pages so good that I took notes.
In an alternate reality, where Linux was an obscure OS and OpenBSD got all the love from third party vendors, driver writers, etc - the world would be a better place.
I have had good experiences with OpenBSD, but I will say that every interaction I've had with Theo has left a bad taste in my mouth, so sometimes I might seem angry...
I do enjoy using OpenBSD from time to time but it’s clearly an OS developed first and foremost for OBSD devs. This is a fine state of affairs but it’s hard thinking of a good application for it beyond tinkering.
I wrote about it up thread but without a file system I can rely on using it on a router, web server and mail server - do people really bother running mail servers nowadays? - are disqualified. I don't even think it's a "well if you have good backups that doesn't matter" (cattle, not pets etc.) it doesn't have ZFS/btrfs style snapshotting which is massive step back in how I think of backups. The release cadence, upgrade cycle and speed also leave me scratching my head for actual production.
I did enjoy running it on my Lemote as a curiosity, but that port is dead now...my favourite part was the variety of arches it officially supported.
Again, as I stated in my comment, it's made for OpenBSD devs and that's fine - I hope they continue developing.
Poorly written, if I may be honest.
Having attended cookouts with Theo, and also contributed to their system.
I'd say "OpenSSH BSD", if I had to sell it.
Hide any of the mailing lists from potential customers.
Fixate on well known supported hardware. Use what the devs use.
If one must use the mailing lists, you never EVER ask a question.
Instead state a contrary fact, and await the answers.
The distro is Theo, simply put.
So you get a regular release where most things just work.*
But you must know what you plan to run it on, and exactly which chipsets are in use. The man pages on drivers for OpenBSD are superb for listing all known hardware that is compatible.
And if software, or hardware X is not supported, go do it, or get supported software/hardware instead.
Unfortunately, there were periods in the past where it did not sell well.
"The bad news is that OpenBSD for the past 2 years has turned a loss of approximately $20K USD ($40K total). I don't think I need to explain in many words what that is doing to our beloved OS, and worse, our main systems architect. This is starting to seriously impede the development of OpenBSD and OpenSSH...
"What I want to point out what a lot of people don't seem to realize is that OpenSSH development is paid from the same pool of money as OpenBSD. OpenSSH is in use by millions around the world however the revenue stream just simply isn't there."
As a follow up, I'd suggest taking a livecd of OpenBSD to a place that sells laptops. Test boot it, verify it works, and purchase it. I've done this before, although your mileage may vary.
Recently had an OpenBSD VM experience disk corruption so badly it rendered itself unbootable (and the UFS fsck made the problem worse). The corruption happened as a result of an improper shutdown of the hypervisor due to HW failure. (All the Windows and Linux VMs recovered gracefully.) The only fix was to reinstall the entire base OS from the DVD (the rest of the data was still on the disk; the system was simply unbootable). I can't say I've ever had Linux become unbootable due to ext{2,3,4} corruption in probably 20 years. With OBSD I wouldn't even think about filing a bug report for something like this because I don't have desire to get flamed on mailing lists. My critique here is the standard Linux filesystems like ext4 have reached or exceeded NTFS levels of maturity and stability while I cannot say the same about the BSDs. (Though you can enjoy the same experience with XFS unless things have changed...)
Yes I think the state of UFS in OpenBSD is the biggest sore point for me. If I can’t rely on a basic building block of the OS what can I really use it for?
I will say FreeBSD is stellar with ZFS and XFS is very very stable these days - even btrfs functions as a decent ext4 replacement.
AFAIK this is not how you actually sell tech products. You have to learn about what a customer does and what problems they're having. You cater your pitch to what you learn about their needs.
If you just launch into a scripted speech rattling off features, I don't think you'll have much success. Are they having problems with GPL-licensed code? Why not FreeBSD, then? Maybe they have special security or compliance needs. Does OpenBSD solve those needs in a way that nothing else does?
I can immediately both agree and disagree with their first point, Learn once.
I recently upgraded to a new router hw, which meant scrapping my old OpenBSD 6 and jumping straight to OpenBSD 7.1. One of the tasks was actually to renew all my old rules that had been hanging around from much older releases.
While doing this I noticed my old rules referenced lo as the loopback IF, but it's clearly called lo0.
Anyways, that was just one tiny detail. But I must say the rules did work out of box with 7.1, nat, port forwardings and openings all worked. All I did was set skip on lo so maybe it didn't matter so much. And maybe I can reference lo* with lo? Not sure.
Either way the handbook is what backs up point 1. Sure when you search for an issue in OpenBSD your search results are miniscule compared to Linux, but on the other hand there are no out of date guides or documentation sites, it's all in the handbook. The final say so for all things OpenBSD. That is definitely a strength. But I don't think you can say that OpenBSD is completely immutable.
I would sell it first by instilling the fear. We live in a dangerous world and all operating systems are vulnerable, but only OpenBSD is the safest choice.
Juniper has been moving out of FreeBSD for quite a while. See the link for some datail https://www.juniper.net/documentation/us/en/software/junos/o...
So GPL is not a problem for Juniper after all.
But even before that RE-S-2X00x6 cards were running FreeBSD on top of Linux KVM.
So no, network hardware vendors are not choosing BSD, not at all.
I use it for servers because of the stability. For me, that's the key differentiating factor. I set a server up and it will keep running indefinitely, with easy sysupgrade, syspatch, and updates. I haven't had that same experience with Linux servers. Rock solid foundation with ease of use and administration is great.
If you run any (Debian-derived) system for more than 5 years, you will run into plenty of these issues. They're always subtly different (the thing that breaks is not the same), but it will absolutely break somehow.
I once read that either FreeBSD or OpenBSD was the "bad one". I forget which it was, but given that BSD is the Linux of Linux, I don't really think about it.
Why exceptionally expensive ? 1vCPU 1GB 50GB, 1 dedicated ipv4, 1 ipv6 /64, costs $60 a year, or 5$ a month, where for example at Vultr it's 6$ a month for the same thing except half the disk capacity.
But it's a project for supporting the development of OpenBSD's hypervisor technology, not a production platform anyway.
He's also ignoring that the operator of the platform is only interested in OpenBSD, whereas on Vultr OpenBSD's ability to run could disappear at a moments notice.
If they remove the ability to work with a custom ISO they would be putting themselves at a severe competitive disadvantage to literally every other competent VPS provider on the market. Doubt they have that in their strategy, I feel it's important myself to be able to partition how I see fit for example.
OpenBSD is awesome, but what about the future? After the coming nuclear war the developers will be gone and all that will survive is the last stable sitting in a lucky AWS bunker. For a while, humans will use it for everything, but soon enough the AI beings that started the war will poke a million holes in it and we will all be enslaved. What we NEED is an AI that recognizes exploits, formulates a mitigation, and automatically adds it to OpenBSD. For humanity. Then I’ll buy a license
See your message probably came from the future AI through a micro wormhole, just to keep us off guard. OpenBSD needs to become an adaptive defense system and it needs a catalog of exploits to hit back, ideally generated by AI locally
I'm pretty sure OpenBSD is (relatively) slow regardless of hyperthreading,
Agree about NTFS-3g, it's next to useless. I've read somewhere that some optimizations are not enabled on OpenBSD.
Still, I like it and use it on my laptop and servers.
I'm 100% in line with the first point of TFA : learning OpenBSD is a good investment, you feel that you steadily build up an coherent understanding of the system.
I've been there too, although with NetBSD. Lack of proper virtualization and containerization subsystems eventually became a serious issue and I eventually moved back to Alpine.
Net/OpenBSD still mostly caters to the needs of hobbyists, I seldom see them in production (besides maybe network appliances).
NetBSD has nvmm. Qemu is quite fast as as result. I run many distros ontop of it.
Plus Xen. My laptop has been running Xen with pv instances for app isolation. Never as fancy as Qubes though.
It was a fair amount of work but I was able to get it running. Fixing the clock drift was by far the hardest part -- I had to install a custom kernel module. Getting networking inside the VM was pretty difficult as well.
Email me at aaronm04{at}iforgotmy.name if you want help.
The nice thing with Dockerfiles and the Docker registry is how quickly I get a reproducible, stateless, isolated environment for any large, proprietary or foreign app I may need, without resorting to a VM or polluting my system. All it takes is an Ubuntu or CentOS base, pull the apps and its dependencies, throw it away when I'm done while keeping a lean Alpine system underneath.
Jails would require me to set things from scratch each time I need a new app, even for a short while. It's just impractical.
I'm considering Nix as a potential alternative, but it doesn't work on the BSDs yet. If you know a way to run "modern workloads" in a KISS, convenient, Unix-y way, please let me know.
It's pretty sweet in a server or for networking/edge network stuff, but I've never really bothered to use it as my desktop daily driver and it's all because of what you mentioned. Props to those who have the patience and will to do this though.
Can't discord's web version share a screen? If not, why?
If the only issue with bt is sound, there are some usb dongles that are recognized as a sound card and do the bluetooth part outside of the OS. You have to trust the manufacturer though. If there are other requirements such as file sharing, they usually can be done easily another way.
I am not sure who and why would anyone using openbsd want to mount an ntfs filesystem on a regular basis to do large transfers.
> Can't discord's web version share a screen? If not, why?
IIRC the Discord webapp didn't have an option to share the screen. I only tried Firefox not Chrome.
> If the only issue with bt is sound, there are some usb dongles that are recognized as a sound card and do the bluetooth part outside of the OS. You have to trust the manufacturer though. If there are other requirements such as file sharing, they usually can be done easily another way.
True. I only have 2 USB ports on this laptop though, so it would have been an annoyance.
> I am not sure who and why would anyone using openbsd want to mount an ntfs filesystem on a regular basis to do large transfers.
My use case was copying video files to an NTFS flash drive. I'm not sure how common a problem it is for desktop/laptop users.
Microsoft/google/meta really like OpenBSD, they throw large sums of cash at it and I think it's partly because of the licensing. [1] Windows itself takes a lot of security enhancements out of OpenBSD even before Linux catches on, and I also think OpenSSH with a permissive license has been a big factor in them including it in Windows now.
[1] https://www.openbsdfoundation.org/contributors.html